Professional Documents
Culture Documents
Table of Contents
Table of Contents
Chapter 6 Data Integrity Protection and Encryption.................................................................6-1
6.1 Introduction....................................................................................................................... 6-1
6.1.1 Definition................................................................................................................ 6-1
6.1.2 Purposes................................................................................................................ 6-1
6.1.3 Terms and Abbreviations........................................................................................6-1
6.2 Availability......................................................................................................................... 6-4
6.2.1 Network Elements Involved....................................................................................6-4
6.2.2 Software Releases.................................................................................................6-4
6.2.3 Miscellaneous......................................................................................................... 6-5
6.3 Impact............................................................................................................................... 6-5
6.3.1 On System Performance........................................................................................ 6-5
6.3.2 On Other Features.................................................................................................. 6-5
6.4 Restrictions....................................................................................................................... 6-5
6.5 Technical Description........................................................................................................ 6-5
6.5.1 Data Integrity Protection and Encryption Configuration Model...............................6-5
6.5.2 System Architecture................................................................................................6-6
6.5.3 Algorithms of Data Integrity Protection and Encryption...........................................6-6
6.6 Capabilities..................................................................................................................... 6-12
6.7 Implementation............................................................................................................... 6-12
6.7.1 Enabling Data Integrity Protection and Encryption...............................................6-13
6.7.2 Reconfiguring Parameters....................................................................................6-13
6.7.3 Disabling Data Integrity Protection and Encryption...............................................6-14
6.8 Maintenance Information................................................................................................. 6-14
6.8.1 Alarms.................................................................................................................. 6-14
6.8.2 Counters............................................................................................................... 6-14
6.9 References...................................................................................................................... 6-15
List of Figures
List of Figures
Figure 6-1 Data Integrity Protection and Encryption configuration model.............................6-5
Figure 6-2 Integrity protection and encryption procedures....................................................6-6
Figure 6-3 Encryption and decryption of user and signaling data.........................................6-9
Figure 6-4 Derivation of MAC-I or XMAC-I from a signaling message................................6-10
Figure 6-5 Summary of UMTS access security...................................................................6-11
List of Tables
List of Tables
Table 6-1 NEs required for data integrity protection and encryption......................................6-4
Table 6-2 RAN products and related versions.......................................................................6-4
Table 6-3 Algorithms for integrity protection and encryption..................................................6-6
Table 6-4 Parameters of integrity protection and encryption algorithms................................6-8
Table 6-5 Commands for the reconfiguration on the RNC side...........................................6-13
Table 6-6 Data integrity protection and encryption counters................................................6-14
6.1.2 Purposes
The purposes of this feature are as follows:
To protect the data and networks from illegal interception and changing
Description
Quintet, UMTS
authentication vector
Term
Description
Triplet, GSM
authentication vector
Data integrity
UMTS security
context
GSM security
context
Authentication vector
R98-
R99+
R99 + ME capable
of UMTS AKA
R99 + ME incapable
of UMTS AKA
interface
II. Symbols
This chapter uses the following symbols:
code (MAC)
f 8: encryption algorithm
f 9: integrity algorithm
III. Abbreviations
Abbreviation
Full Spelling
AKA
AUTN
Authentication Token
BSS
BTS
CK
Cipher Key
CKSN
CS
Circuit Switched
HE
Home Environment
HLR
IK
Integrity Key
IMSI
KSI
LAI
MAC
MS
Mobile Station
MSC
PS
Packet Switched
RAND
Random Number
RNC
SGSN
SQN
Sequence number
Abbreviation
Full Spelling
SN
Serving Network
UE
User Equipment
UEA
UIA
UMTS
USIM
UTRAN
Uu
VLR
XRES
Expected Response
6.2 Availability
6.2.1 Network Elements Involved
Table 1.1 describes the NEs involved with data integrity protection and encryption.
Table 1.1 NEs required for data integrity protection and encryption
UE
NodeB
RNC
MSC
MGW
SGSN
GGSN
HLR
Server
Note:
: not required
: required
Note:
This chapter describes only the availability of the NodeB and the RNC.
Version
RNC
BSC6800
NodeB
DBS3800
BTS3812A
BTS3812E
6.2.3 Miscellaneous
This feature requires UE and network to support the encryption and integrity
algorithms.
6.3 Impact
6.3.1 On System Performance
None.
6.4 Restrictions
None
RNC
RadioClass
GlobalParaClass
UIA.Class
UEA .Class
Encryption algorithm
UE
Encrypt Procedure
Signaling and Data
Description
UMTS Integrity
Algorithm (UIA)
UMTS Encryption
Algorithm (UEA)
algorithms:
UEA0: no encryption
Parameter name
Encryption algorithm
Parameter ID
ENCRYPTIONALGO
GUI range
UEA0, UEA1
Default value
Optional / Mandatory
Optional
MML command
SET UEA
Description:
The encryption algorithm supported by RNC. Both UEA0 and UEA1 can be
selected at one time.
Parameter name
Parameter ID
INTEGRITYPROTECTALGO
GUI range
UIA1
Default value
UIA1
Optional / Mandatory
Optional
MML command
SET UIA
Description:
The integrity protection algorithm supported by RNC. Only UIA1 is supported
currently.
Name
Description
Integrity
key
CK
Cipher
key
As shown in Figure 1.1, the UMTS encryption mechanism is based on the stream
cipher concept. To be more specific, plain text data is added bit by bit to pseudorandom mask data generated by CK and other parameters. The benefit of such
encryption mechanism is that the generation of the pseudo-random mask data is
independent of the plain text data. Therefore, the final encryption process is fast. The
decryption on the receiving side is the same, because adding the pseudo-random
mask bits twice has the same result as adding zeros once.
COUNT - C/32
BEARER/5
CK/128
COUNT - C/32
DIRECTION/1
LENGTH
BEARER/5
CK/128
f8
DIRECTION/1
KEYSTREAM
BLOCK(MASK)
f8
KEYSTREAM
BLOCK(MASK)
CIPHERTEXT
BLOCK
PLAINTEXT
BLOCK
LENGTH
PLAINTEXT
BLOCK
Receiver
RNC or UE
Sender
UE or RNC
Since the pseudo-random mask data does not depend on the plain text, there has to
be another parameter that changes every time when a new mask is generated.
Otherwise, two different plain texts, say P1 and P2, would be protected by the same
mask. When P1 is added to P2 bit by bit, the encrypted counterpart of P1 is added to
that of P2 at the same time. The resultant bit strings of these two processes are
exactly the same because two identical masks cancel each other in the bit-by-bit
addition. In this case, any attacker can get the bit-by-bit sum of P1 and P2 and wiretap
the encrypted messages on the radio interface.
If two bit strings of meaningful data are added to P1 and P2 bit by bit, the resultant bit
string will reveal them totally. This interrupts the encryption of messages P1 and P2.
COUNT -I/32
DIRECTION/1
MESSAGE
IK/128
COUNT -I/32
FRESH/32
MESSAGE
IK/128
f9
DIRECTION/1
MAC I/32
FRESH/32
f9
XMAC I/32
Sender
UE or RNC
Receiver
RNC or UE
K SQN AuC
AKA Algorithms
HLR/AUC
Authentication Vectors
VLR
SGSN
CKcs,I Kcs
CKps,I Kps
RES
RAND,AUTN
RNC
Secure
communication
CKcs,I Kcs
ME
CKps,I Kps
K SQN USIM
AKA
Algorithms
USIM
If the network and UE do not share any version of UIA algorithm, the connection
will be released.
If the network and UE share at least one version of UIA algorithm, the network
will choose one of the mutually acceptable versions for the connection.
The network compares the information with UE, including integrity protection
capabilities, preference, and special requirements that are signed on CN and
indicated by UE. Then the network acts according to the following rules:
If the network and UE do not share any version of UEA algorithm, and the CN
does not indicate that unencrypted connection can be set up, then no
unencrypted connection can be set up, and the connection will be released.
If the network and UE do not share any version of UEA algorithm in use, and UE
(home environment of UE) and CN allow an unencrypted connection, the
unencrypted connection will be used.
If the network and UE share at least one UEA algorithm, the network will choose
one of the mutually acceptable versions for the connection.
Neither the mode nor the algorithm of integrity protection and encryption can be
changed when UE is connected to another CN. The CS and PS domains share the
same preferences and special requirements for setting the encryption and integrity
modes, for example, the preference of the algorithms.
If there are RABs connecting UE to both CS and PS domains, the user data for CS
domain is always encrypted by the CK received from the CS domain, and that for PS
domain by the CK received from the PS domain. However, the signaling data shall
always be encrypted by the latest CK received from the PS or CS domain.
6.6 Capabilities
None.
6.7 Implementation
Huawei WCDMA network supports integrity protection algorithm UIA1, as well as the
encryption algorithms UEA0 and UEA1. According to related protocols, the CS and
PS domains of CN must use the same algorithm. Therefore, RNC must choose at
least one integrity protection algorithm and one encryption algorithm, and ensure that
there is intersection of the chosen algorithms between CN and RNC.
The default settings are as follows:
supports
Command
LST UEA
SET UEA
RNC supports
About the integrity
LST UIA
SET UIA
III. Examples
//Set the encryption algorithms to UEA0 and UEA1.
SET UEA: ENCRYPTIONALGO=UEA0-1&UEA1-1;
//Set the integrity protection algorithm to UIA1.
SET UIA: INTEGRITYPROTECTALGO=UIA1-1;
6.8.2 Counters
The counters related with data integrity protection and encryption belong to RNC ->
SM.RNC, where RNC is measurement object type, and SM.RNC is measurement
unit. Table 1.1 lists the counters.
Table 1.1 Data integrity protection and encryption counters
Item
Description
VS.IU.Att.SecMode
VS.IU.SuccSecMode
VS.IU.RejSecMd.Rnl
VS.IU.RejSecMd.Tnl
VS.IU.RejSecMd.NAS
VS.IU.RejSecMd.Opt
VS.IU.RejSecMd.Unsp
Item
Description
VS.Uu.Att.SecMode
VS.Uu.Succ.SecMode
6.9 References