06-Data Integrity Protection and Encryption

RAN Feature Description
Table of Contents
Table of Contents
Chapter 6 Data Integrity Protection and Encryption.................................................................6-1
6.1 Introduction....................................................................................................................... 6-1
6.1.1 Definition................................................................................................................ 6-1
6.1.2 Purposes................................................................................................................ 6-1
6.1.3 Terms and Abbreviations........................................................................................6-1
6.2 Availability......................................................................................................................... 6-4
6.2.1 Network Elements Involved....................................................................................6-4
6.2.2 Software Releases.................................................................................................6-4
6.2.3 Miscellaneous......................................................................................................... 6-5
6.3 Impact............................................................................................................................... 6-5
6.3.1 On System Performance........................................................................................ 6-5
6.3.2 On Other Features.................................................................................................. 6-5
6.4 Restrictions....................................................................................................................... 6-5
6.5 Technical Description........................................................................................................ 6-5
6.5.1 Data Integrity Protection and Encryption Configuration Model...............................6-5
6.5.2 System Architecture................................................................................................6-6
6.5.3 Algorithms of Data Integrity Protection and Encryption...........................................6-6
6.6 Capabilities..................................................................................................................... 6-12
6.7 Implementation............................................................................................................... 6-12
6.7.1 Enabling Data Integrity Protection and Encryption...............................................6-13
6.7.2 Reconfiguring Parameters....................................................................................6-13
6.7.3 Disabling Data Integrity Protection and Encryption...............................................6-14
6.8 Maintenance Information................................................................................................. 6-14
6.8.1 Alarms.................................................................................................................. 6-14
6.8.2 Counters............................................................................................................... 6-14
6.9 References...................................................................................................................... 6-15
Huawei Technologies Proprietary

i
List of Figures
List of Figures
Figure 6-1 Data Integrity Protection and Encryption configuration model.............................6-5
Figure 6-2 Integrity protection and encryption procedures....................................................6-6
Figure 6-3 Encryption and decryption of user and signaling data.........................................6-9
Figure 6-4 Derivation of MAC-I or XMAC-I from a signaling message................................6-10
Figure 6-5 Summary of UMTS access security...................................................................6-11

ii
List of Tables
List of Tables
Table 6-1 NEs required for data integrity protection and encryption......................................6-4
Table 6-2 RAN products and related versions.......................................................................6-4
Table 6-3 Algorithms for integrity protection and encryption..................................................6-6
Table 6-4 Parameters of integrity protection and encryption algorithms................................6-8
Table 6-5 Commands for the reconfiguration on the RNC side...........................................6-13
Table 6-6 Data integrity protection and encryption counters................................................6-14

iii
Chapter 6 Data Integrity Protection and Encryption
Chapter 6 Data Integrity Protection and

Encryption
6.1 Introduction
6.1.1 Definition
To protect user data from illegal interception and networks from illegal access, the
WCDMA system introduces data integrity protection and encryption.
The data integrity protection function enables receiving entity (UE or RNC) to verify if
the signaling data is illegally changed.
The WCDMA system uses longer cipher keys, as well as more robust encryption and
data integrity algorithms for security of user data and networks.
6.1.2 Purposes
The purposes of this feature are as follows:
To enhance network and user data security
To protect the data and networks from illegal interception and changing
To prevent the imitation behavior
6.1.3 Terms and Abbreviations

I. Terms
Term
Description
Quintet, UMTS
Temporary protocol of authentication and key, which
authentication vector
enables UMTS AKA function for a certain user in a

VLR/SGSN. A quintet consists of five elements:
Random Number (RAND)
Expected Response (XRES)
Cipher Key (CK)
Integrity Key (IK)
Authentication Token (AUTN)

1
Term
Description
Triplet, GSM
Temporary protocol data of authentication and key ,which
authentication vector
enables GSM AKA function for a particular user in a

VLR/SGSN. A triplet consists of three elements:
Random Number (RAND)
Signed Response (SRES)
Ciphering Key (Kc)
Data integrity
No signaling data is changed in an unauthorized manner.
UMTS security
A state established between a UE and a serving network
context
domain as a result of the execution of UMTS AKA. In this

state, both sides store UMTS security context data. The
data consists of at least UMTS CK, IK and key set identifier
(KSI). When CK or IK is converted into Kc to work in a
GSM BSS, both sides remain in the UMTS security context
state.
GSM security
A state established between a UE and a serving network
context
domain as a result of the execution of GSM AKA. In this

state, both ends store GSM security context data. The data
consists at least of GSM cipher Kc and cipher key
sequence number (CKSN).
Authentication vector
Either a quintet or a triplet
R98-
A network node or ME that conforms to R97 or R98

specifications
R99+
A network node or ME that conforms to specifications of

R99 or later releases
R99 + ME capable
Either an R99 + UMTS only ME, an R99 + GSM/UMTS ME,
of UMTS AKA
or an R99 + GSM only ME that supports USIM-ME

interface
R99 + ME incapable
An R99 + GSM only ME that does not support USIM-ME
of UMTS AKA
interface
II. Symbols
This chapter uses the following symbols:

2
f 1: message authentication function used to calculate message authentication
code (MAC)
f 8: encryption algorithm
f 9: integrity algorithm
III. Abbreviations
Abbreviation
Full Spelling
AKA
Authentication and Key Agreement
AUTN
Authentication Token
BSS
Base Station System
BTS
Base Transceiver Station
CK
Cipher Key
CKSN
Cipher Key Sequence Number
CS
Circuit Switched
HE
Home Environment
HLR
Home Location Register
IK
Integrity Key
IMSI
International Mobile Subscriber Identity
KSI
Key Set Identifier
LAI
Location Area Identity
MAC
Message Authentication Code included in AUTN, computed using

f1
MS
Mobile Station
MSC
Mobile Services Switching Center
PS
Packet Switched
RAND
Random Number
RNC
Radio Network Controller
SGSN
Serving GPRS Support Node
SQN
Sequence number

3
Abbreviation
Full Spelling
SN
Serving Network
UE
User Equipment
UEA
UMTS Encryption Algorithm
UIA
UMTS Integrity Algorithm
UMTS
Universal Mobile Telecommunications System
USIM
User Services Identity Module
UTRAN
Universal Terrestrial Radio Access Network
Uu
Radio interface between UTRAN and UE
VLR
Visitor Location Register
XRES
Expected Response
6.2 Availability
6.2.1 Network Elements Involved
Table 1.1 describes the NEs involved with data integrity protection and encryption.
Table 1.1 NEs required for data integrity protection and encryption
UE
NodeB
RNC
MSC
MGW
SGSN
GGSN
HLR
Server
Note:
: not required
: required
Note:
This chapter describes only the availability of the NodeB and the RNC.

4
6.2.2 Software Releases

Table 1.1 describes the versions of RAN products that support data integrity
protection and encryption.
Table 1.1 RAN products and related versions
Product
Version
RNC
BSC6800
V100R002 and later releases
NodeB
DBS3800
BTS3812A
BTS3812E
6.2.3 Miscellaneous
This feature requires UE and network to support the encryption and integrity
algorithms.
6.3 Impact
6.3.1 On System Performance
None.
6.3.2 On Other Features

None.
6.4 Restrictions
None
6.5 Technical Description

6.5.1 Data Integrity Protection and Encryption Configuration Model
The configuration model for Data Integrity Protection and Encryption is as show in
Figure 1.1.

5
RNC
RadioClass
GlobalParaClass
UIA.Class
UEA .Class
Integrity protection algorithm
Encryption algorithm
Figure 1.1 Data Integrity Protection and Encryption configuration model
6.5.2 System Architecture

As shown in Figure 1.1, encryption and integrity protection are implemented on Uu
interface. The object of integrity protection is signaling, and that of encryption can
either be signaling or data.
Integrity Procedure
Signaling
RNC
UE
Encrypt Procedure
Signaling and Data
Figure 1.1 Integrity protection and encryption procedures
6.5.3 Algorithms of Data Integrity Protection and Encryption

I. Algorithm Introduction
Table 1.1 describes the algorithms for integrity protection and encryption.
Table 1.1 Algorithms for integrity protection and encryption
Algorithm
Description
UMTS Integrity
According to protocols, currently RNC supports only UIA1,
Algorithm (UIA)
namely, the f9 integrity protection.
UMTS Encryption
According to protocols, RNC supports only two encryption
Algorithm (UEA)
algorithms:
UEA0: no encryption
UEA1: f8 encryption algorithm

6
Parameter name
Encryption algorithm
Parameter ID
ENCRYPTIONALGO
GUI range
UEA0, UEA1
Physical range& unit
Default value
Optional / Mandatory
Optional
MML command
SET UEA
Description:
The encryption algorithm supported by RNC. Both UEA0 and UEA1 can be
selected at one time.
Parameter name
Integrity protection algorithm
Parameter ID
INTEGRITYPROTECTALGO
GUI range
UIA1
Physical range& unit
Default value
UIA1
Optional / Mandatory
Optional
MML command
SET UIA
Description:
The integrity protection algorithm supported by RNC. Only UIA1 is supported
currently.
Configuration Rule and Restriction:

UE is required to support the encryption and integrity algorithms.
Table 1.2 describes the parameters of the algorithms.

7
Table 1.2 Parameters of integrity protection and encryption algorithms

Parameter
IK
Name
Description
Integrity
IK is composed of 128 bits.
key
It is used to establish CS connection (IKCS) between CS

domain and UE, or PS connection (IKPS) between PS
domain and UE, or using the latest IK received from either
IKCS or IKPS for integrity protection. For UMTS subscribers,
IK is established during the implementation of UMTS AKA
and stored in the USIM card with a copy in ME.
IK can be sent:
From the USIM card to ME upon request of ME
From the HLR/AuC to the VLR/SGSN and stored in the

VLR/SGSN as part of a quintet
From the VLR/SGSN to the RNC in the (RANAP)

security mode command message
CK
Cipher
CK is 128 bits long.
key
It is used to establish CS connection (CKCS) between CS

domain and UE, or PS connection (CK PS) between PS
service domain and UE. Signaling Radio Barrier (SRB) CK
refers to the latest CK received from either CKCS or CKPS.
For UMTS subscribers, CK is established during the
implementation of UMTS AKA. It is stored in the USIM card
with a copy in ME.
CK can be sent:
From the USIM card to ME upon request of ME
From the HLR/AuC to the VLR/SGSN and stored in the

VLR/SGSN as part of the quintet
From the VLR/SGSN to the RNC in the (RANAP)

security mode command message.
II. UTRAN Encryption of Signaling and Data

Authentication allows safe communications between UE and network. CN and UE
share a CK after a successful authentication
Encryption and decryption are implemented in UE and the RNC (L2). Therefore, it
needs the CN sends the CK to the RNC in a RANAP security mode command
message, and then RNC sends the CK to UE in a RRC security mode command
message to initiate the encryption.
8
As shown in Figure 1.1, the UMTS encryption mechanism is based on the stream
cipher concept. To be more specific, plain text data is added bit by bit to pseudorandom mask data generated by CK and other parameters. The benefit of such
encryption mechanism is that the generation of the pseudo-random mask data is
independent of the plain text data. Therefore, the final encryption process is fast. The
decryption on the receiving side is the same, because adding the pseudo-random
mask bits twice has the same result as adding zeros once.
COUNT - C/32
BEARER/5
CK/128
COUNT - C/32
DIRECTION/1
LENGTH
BEARER/5
CK/128
f8
DIRECTION/1
KEYSTREAM
BLOCK(MASK)
f8
KEYSTREAM
BLOCK(MASK)
CIPHERTEXT
BLOCK
PLAINTEXT
BLOCK
LENGTH
PLAINTEXT
BLOCK
Receiver
RNC or UE
Sender
UE or RNC
Figure 1.1 Encryption and decryption of user and signaling data

The algorithm involves following parameters:
Cipher Key (CK)
Cipher sequence number (COUNT-C)
Direction bit (DIRECTION)
Length indication (LENGTH)
Radio bearer identifier (BEARER)
Since the pseudo-random mask data does not depend on the plain text, there has to
be another parameter that changes every time when a new mask is generated.
Otherwise, two different plain texts, say P1 and P2, would be protected by the same
mask. When P1 is added to P2 bit by bit, the encrypted counterpart of P1 is added to
that of P2 at the same time. The resultant bit strings of these two processes are
exactly the same because two identical masks cancel each other in the bit-by-bit
addition. In this case, any attacker can get the bit-by-bit sum of P1 and P2 and wiretap
the encrypted messages on the radio interface.
If two bit strings of meaningful data are added to P1 and P2 bit by bit, the resultant bit
string will reveal them totally. This interrupts the encryption of messages P1 and P2.

9
III. UMTS Intergrity Protection of Signalling

The purpose of integrity protection is to authenticate individual signaling messages.
Independent authentications ensure correct identification of the communicating
parties.
Integrity protection is implemented at the RRC layer of the radio interface by the UE
and RNC. The IK is generated during AKA, and sent to RNC with CK in the security
mode command message.
Figure 1.1 shows how to authenticate the data integrity of a signaling message with
integrity algorithm f9.
COUNT -I/32
DIRECTION/1
MESSAGE
IK/128
COUNT -I/32
FRESH/32
MESSAGE
IK/128
f9
DIRECTION/1
MAC I/32
FRESH/32
f9
XMAC I/32
Sender
UE or RNC
Receiver
RNC or UE
Figure 1.1 Derivation of MAC-I or XMAC-I from a signaling message

This algorithm involves the following parameters:
Integrity Key (IK)
Integrity sequence number (COUNT-I)
A random value generated at the network side (FRESH)
Direction bit (DIRECTION)
Signaling data (MESSAGE)
Based on these input parameters, UE uses integrity algorithm f9 to calculate MAC-I,

that is, the message authentication code for data integrity. The MAC-I is then
appended to the message when it is sent over the radio access link. The receiver
calculates XMAC-I by the same algorithm and verifies the data integrity by comparing
the XMAC-I with the received MAC-I.

10
IV. Summary of Access Security
K SQN AuC
AKA Algorithms
HLR/AUC
Authentication Vectors
VLR
SGSN
CKcs,I Kcs
CKps,I Kps
Encryption and Integrity

Protection Algorithms
RES
RAND,AUTN
RNC
Secure
communication
Encryption and Integrity

Protection Algorithms
CKcs,I Kcs
ME
CKps,I Kps
K SQN USIM
AKA
Algorithms
USIM
Figure 1.1 Summary of UMTS access security

As a summary of this section, Figure 1.1 shows the most important access security
mechanisms and the relationship between them. For clarity, the figure does not show
all the parameters.

11
V. Negotiation of Encryption and Integrity Mode

Before connecting to the network, UE sends an MS/USIM Classmark message to
confirm its encryption and integrity algorithms. This message needs no integrity
protection because RNC receives and stores the message without using IK. The
latest generated IK is used to protect the data integrity of the message during the
setup of the security mode.
The network compares the information with UE, including integrity protection
capabilities, preference, and special requirements that are signed on CN and
indicated by UE. Then, the network acts according to the following rules:
If the network and UE do not share any version of UIA algorithm, the connection
will be released.
If the network and UE share at least one version of UIA algorithm, the network
will choose one of the mutually acceptable versions for the connection.
The network compares the information with UE, including integrity protection
capabilities, preference, and special requirements that are signed on CN and
indicated by UE. Then the network acts according to the following rules:
If the network and UE do not share any version of UEA algorithm, and the CN
does not indicate that unencrypted connection can be set up, then no
unencrypted connection can be set up, and the connection will be released.
If the network and UE do not share any version of UEA algorithm in use, and UE
(home environment of UE) and CN allow an unencrypted connection, the
unencrypted connection will be used.
If the network and UE share at least one UEA algorithm, the network will choose
one of the mutually acceptable versions for the connection.
Neither the mode nor the algorithm of integrity protection and encryption can be
changed when UE is connected to another CN. The CS and PS domains share the
same preferences and special requirements for setting the encryption and integrity
modes, for example, the preference of the algorithms.
If there are RABs connecting UE to both CS and PS domains, the user data for CS
domain is always encrypted by the CK received from the CS domain, and that for PS
domain by the CK received from the PS domain. However, the signaling data shall
always be encrypted by the latest CK received from the PS or CS domain.
6.6 Capabilities
None.

12
6.7 Implementation
Huawei WCDMA network supports integrity protection algorithm UIA1, as well as the
encryption algorithms UEA0 and UEA1. According to related protocols, the CS and
PS domains of CN must use the same algorithm. Therefore, RNC must choose at
least one integrity protection algorithm and one encryption algorithm, and ensure that
there is intersection of the chosen algorithms between CN and RNC.
The default settings are as follows:
Integrity protection algorithm: UIA1
Encryption algorithm: UEA0 and UEA1
6.7.1 Enabling Data Integrity Protection and Encryption

This feature does not need extra hardware or initialization. It takes effect
automatically.
For the network planning or optimization, the data can be adjusted on the RNC LMT
as required.
6.7.2 Reconfiguring Parameters

I. Parameter Reconfiguration on the RNC Side
Table 1.1 describes the commands used for the reconfiguration on the RNC side.
Table 1.1 Commands for the reconfiguration on the RNC side
Function
About the encryption
To query the encryption algorithm that
algorithm that the RNC
the RNC supports
supports
To set the encryption algorithm that the
Command
LST UEA
SET UEA
RNC supports
About the integrity
To query the integrity protection algorithm
protection algorithm that
that the RNC supports
the RNC supports
To set the integrity protection algorithm

that the RNC supports
II. Parameter Reconfiguration on the NodeB Side

None.

13
LST UIA
SET UIA
III. Examples
//Set the encryption algorithms to UEA0 and UEA1.
SET UEA: ENCRYPTIONALGO=UEA0-1&UEA1-1;
//Set the integrity protection algorithm to UIA1.
SET UIA: INTEGRITYPROTECTALGO=UIA1-1;
6.7.3 Disabling Data Integrity Protection and Encryption

Data integrity protection and encryption can be set and reconfigured, but not disabled.
6.8 Maintenance Information

6.8.1 Alarms
None.
6.8.2 Counters
The counters related with data integrity protection and encryption belong to RNC ->
SM.RNC, where RNC is measurement object type, and SM.RNC is measurement
unit. Table 1.1 lists the counters.
Table 1.1 Data integrity protection and encryption counters
Item
Description
VS.IU.Att.SecMode
Number of SECURITY MODE COMMAND Messages

Received by RNC from CN
VS.IU.SuccSecMode
Number of SECURITY MODE COMPLETE Messages

Sent from RNC to CN
VS.IU.RejSecMd.Rnl
Number of SECURITY MODE REJECT Messages Sent

from RNC to CN due to Radio Network Layer Cause
VS.IU.RejSecMd.Tnl

from RNC to CN due to Transport Layer Cause
VS.IU.RejSecMd.NAS

from RNC to CN due to NAS Cause
VS.IU.RejSecMd.Opt

from RNC to CN due to Network Optimization
VS.IU.RejSecMd.Unsp

from RNC to CN due to Unspecified Failure

14
Item
Description
VS.Uu.Att.SecMode
Number of SECURITY MODE COMMAND Messages

Sent from RNC to UE
VS.Uu.Succ.SecMode
Number of SECURITY MODE COMPLETE Messages

Received by RNC from UE
6.9 References
3GPP TS 33.102 "3rd Generation Partnership Project; Technical Specification

Group Services and System Aspects; 3G Security; Security Architecture"
3GPP TS 31.111 "USIM Application Toolkit (USAT)"

15

06-Data Integrity Protection and Encryption

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

06-Data Integrity Protection and Encryption

Uploaded by

Copyright:

Available Formats

RAN Feature Description

Huawei Technologies Proprietary

RAN Feature Description

Huawei Technologies Proprietary

RAN Feature Description

Huawei Technologies Proprietary

RAN Feature Description

Chapter 6 Data Integrity Protection and Encryption

Chapter 6 Data Integrity Protection and

To enhance network and user data security

To prevent the imitation behavior

6.1.3 Terms and Abbreviations

Temporary protocol of authentication and key, which

enables UMTS AKA function for a certain user in a

Random Number (RAND)

Expected Response (XRES)

Cipher Key (CK)

Integrity Key (IK)

Authentication Token (AUTN)

Huawei Technologies Proprietary

RAN Feature Description

Chapter 6 Data Integrity Protection and Encryption

Temporary protocol data of authentication and key ,which

enables GSM AKA function for a particular user in a

Random Number (RAND)

Signed Response (SRES)

Ciphering Key (Kc)

No signaling data is changed in an unauthorized manner.

A state established between a UE and a serving network

domain as a result of the execution of UMTS AKA. In this

A state established between a UE and a serving network

domain as a result of the execution of GSM AKA. In this

Either a quintet or a triplet

A network node or ME that conforms to R97 or R98

A network node or ME that conforms to specifications of

Either an R99 + UMTS only ME, an R99 + GSM/UMTS ME,

or an R99 + GSM only ME that supports USIM-ME

An R99 + GSM only ME that does not support USIM-ME

Huawei Technologies Proprietary

RAN Feature Description

Chapter 6 Data Integrity Protection and Encryption

f 1: message authentication function used to calculate message authentication

Authentication and Key Agreement

Base Station System

Base Transceiver Station

Cipher Key Sequence Number

Home Location Register

International Mobile Subscriber Identity

Key Set Identifier

Location Area Identity

Message Authentication Code included in AUTN, computed using

Mobile Services Switching Center

Radio Network Controller

Serving GPRS Support Node

Huawei Technologies Proprietary

RAN Feature Description

Chapter 6 Data Integrity Protection and Encryption

UMTS Encryption Algorithm

UMTS Integrity Algorithm

Universal Mobile Telecommunications System

User Services Identity Module

Universal Terrestrial Radio Access Network

Radio interface between UTRAN and UE

Visitor Location Register