rrc security procedure overview
TRANSCRIPT
08/20/13 Security Procedure Overview 1
UMTS Security Procedure Overview
08/20/13 Security Procedure Overview2
Introduction
Security Procedure Authentication procedure (NAS procedure. The
successful outcome will be used for IP and ciphering)
Integrity protection Ciphering
Related RRC message, procedure Basic configuration primitive to L1, RLC and
MM What to look in the RTA log and MDI trace
08/20/13 Security Procedure Overview3
Authentication
Mutual operation between UE and NW Authentication key K is shared between USIM of the
user and the Authentication Centre (AuC). 128 bit Never transferred from UE to NW or vice versa
Authentication procedure also derives the keys for encryption (ciphering): CK, and integrity checking: IK
08/20/13 Security Procedure Overview4
Authentication
08/20/13 Security Procedure Overview5
Integrity Protection check
Security feature is provided with respect to integrity of data on the network access link: verify the signalling data has not been modified in an unauthorised way
Only applies to messages transmitted on SRBs (SRB0 – SRB 4). TM SRBx is NOT integrity protected.
RRC layer is responsible for integrity protection check at UE and NW side.
MM layer supervises the integrity protection procedure by only accepting very limited NAS message if the integrity protection is NOT started at layer 3 level.
08/20/13 Security Procedure Overview6
Integrity Protection Parameters
Integrity protection calculation parameters COUNT-I : The integrity sequence number (32
bits). IK: The integrity key (128 bits) FRESH: 32 bit DIRECTION: 1 bit MESSAGE Algorithm: UIA1, UIA2 (new algorithm supported in
R7)
08/20/13 Security Procedure Overview7
Integrity Protection Parameters
COUNT_I:
One COUNT_I value per up-link on each of the SRB (0-4) and one COUNT_I value per down-link on each of the SRB.
The RRC HFN is initialised by START, the remaining bits of the RRC HFN are initialised to 0.
RRC HFN (28 bits)
RRC SN (4 bits)
COUNT_I
08/20/13 Security Procedure Overview8
Integrity Protection check
Integrity protection in RRC messageUL/DL-CCCH/DCCH-Message ::= SEQUENCE {
integrityCheckInfo IntegrityCheckInfo OPTIONAL,
message xx-xxxx-MessageType} IntegrityCheckInfo ::= SEQUENCE {
messageAuthenticationCode B_32
rrc-MessageSequenceNumber B_4}
08/20/13 Security Procedure Overview9
Ciphering
Security feature is provided with respect to confidentiality of data on the network access link
Applies on the data transmission on all RBs other than SRB0
RRC is responsible for ciphering configuration to RLC and L1
AM/UM ciphering done by RLC
TM data ciphering done by MAC (e.g.: P2P call)
TM voice ciphering is done by DSP (e.g.: AMR call)
08/20/13 Security Procedure Overview10
Ciphering Parameters
Ciphering calculation parameters
COUNT-C : ciphering sequence number (32 bits)
CK: cipher key (128 bits)
BEARER: (rb_id – 1) (5 bits)
DIRECTION: 1 bit
Length indicator: 16 bits
Algorithm: UEA0 (transparent ciphering), UEA1, UEA2 (new algorithm introduced in R7)
08/20/13 Security Procedure Overview11
Ciphering Parameters
COUNT_C:
COUNT_C structure is different based on the RB entity RLC mode.
AM, UM RLC entities: One COUNT_C value per up-link on each of the RB and one COUNT_C value per down-link on each of the RB.
TM RLC entities: radio bearers of the same CN domain COUNT-C is the same, and COUNT-C is also the same for uplink and downlink.
08/20/13 Security Procedure Overview12
START value
START value:
20 bits
CN domain based: STARTcs and STARTps
START values are stored in USIM
START value reflects how long the security key set (CK and IK) has been used for that particular CN domain
START value is calculated and updated by UE
If SECURITY MODE COMMAND triggers a new key to be used, START value for that CN domain will be reset to ZERO
At the end of rrc connection, if START exceed THRESHOLD value in USIM, UE shall remove keys (CK, IK) for the correspond cn domain
08/20/13 Security Procedure Overview13
START value
START value: UE sends the START value to NW in following
messages: RRC CONNECTION SETUP COMPLETE, CELL UPDATE
(both cn domain) Corresponding CN domain START value in INITIAL DIRECT
TRANSFER message Corresponding CN domain START value in RADIO BEARER
SETUP COMPLETE message when RAB is established Both CN domain START value in any of the
RECONFIGURATION COMPLETE message if reconfiguration triggers a time re-initialized HHO when
ciphering is started with existing TM entities Reconfiguration/Cell update confirm moves UE from FACH to
DCH state with TM ciphering is started with existing TM entities.
AM RLC data PDU size is changed due to the reconfiguration/CUC procedure
08/20/13 Security Procedure Overview14
Security Mode Command
Security Mode Command (SMC) Initialisation of Integrity Protection for
certain CN domain Integrity Protection modification in case of
new keys Start Ciphering for certain CN domainShall always integrity protected
08/20/13 Security Procedure Overview15
Security Mode Command IE
Integrity Protection Mode InfoCommand : START / MODITYAlgorithm: UIA1 DL Integrity Protection Activation Time ( if
command is MODIFY) Init Number ( FRESH) ( if command is
START)
08/20/13 Security Procedure Overview16
Security Parameter IE
Ciphering Mode InfoCommand : START Algorithm: UEA0/ UEA1Radio bearer downlink ciphering activation
time info (for AM/UM RLC entity)
08/20/13 Security Procedure Overview17
Security Mode Command IE
ue-SystemSpecificSecurityCap Optional IE Only present if the security related capability has
been sent to NW through RRC CONNECTION SETUP COMPLETE or INTER_RAT HANDOVER INFO
NW suppose to repeat UE security capability If security capability doesn’t match, UE will release
the RRC connection
08/20/13 Security Procedure Overview18
Security Mode Command IE
CN-Domain idSecurity procedure is CN domain based.
08/20/13 Security Procedure Overview19
Security Mode Command procedure related primitives
Security Mode Command (SMC) Configuration to RLC and L1 (Needed only when CIPHERING MODE INFO is included in the message) RLCRR_UTRA_CIPH_CONF_REQ RLCRR_UTRA_CIPH_CONF_CNF RRPH_UTRA_CIPH_CONF_REQ RLCRR_UTRA_RESUME_REQ (end of the SMC procedure
if ciphering is enabled) Security Mode command (SMC) configuration to MM
RRMM_SYNC_IND RRMM_PS_SEC_COMPLETE_IND
08/20/13 Security Procedure Overview20
Security Mode Command procedure sequence
08/20/13 Security Procedure Overview21
Procedure impact security configuration
SRNS relocation impacts IP or ciphering configuration. SRNS relocation happens when NW changes UE’s serving
RNC (the RNC connects UE to the core nw) During SRNS relocation:
the fresh value used for integrity protection will be changed (fresh value is random value generated at serving RNC end )
The algorithm of the ciphering and Integrity protection can be potentially changed.
AM/UM entity will be re-established. SRNS relocation indication:
dl-CounterSynchronisationInfo is present in the configuration message For R99 RADO BEARER RECONFIGURATION message: U-
RNTI is present
08/20/13 Security Procedure Overview22
Other primitives can include security parameter
RLCRR_UTRA_CONFIG_REQ, RLCRR_UTRA_EVENT_REQ
RRPH_UTRA_DCH_CONF_REQ, RRPH_UTRA_DCH_CONF_CNF, RRPH_UTRA_DCH_SYNC_IND includes the ciphering configuration parameter
RRMM_CLEAR_KEY_INFO_IND
08/20/13 Security Procedure Overview23
Examples from LOGs
Security Mode Command procedure Two domain connection initialization
Radio Bearer Setup procedureTime Re-initialized Hard handover
combine with SRNS relocation with voice call ciphering enabled
08/20/13 Security Procedure Overview24
MDI logging
Ciphering configuration from MCU to DSP in case of voice call ciphering: MCU_DSP_L1_WCDMA_CIPHER_KEYUEA - UMTS Encryption AlgorithmACTIVATION_CFNCOUNT_CCK
…
08/20/13 Security Procedure Overview25
Simulation Tool
IP_ciph Simulation on integrity protection calculation Simulation on ciphering Used for log analysis
Identify GEM function properly (GEM is the HW perform the IP and ciphering related configuration)
Guessing the possible parameter used by NW side to identify the issue.
Download link: http://compass.mot.com/go/232935691
08/20/13 Security Procedure Overview26
Spec Reference
3GPP TS 33.102 3GPP TS 25.331
Section 8.1.12 --- security mode command procedure
Section 8.5.9 --- START value calculation Section 8.5.10 --- integrity protection Section 8.6.4.3---integrity protection mode info IE
handling Section 8.6.3.4 --- ciphering mode info IE handling