Integrity and Ciphering

Hello,

eNB sends an integrity protected Security Mode Command, containing information on algorithm to be used for Access Stratum integrity protection and ciphering UE calculates keys, checks MAC (Message Authentication Code) of Security Mode Command and if correct, sends back an integrity protected and ciphered Security Mode Complete message.

If Security Mode Command integrity protection fails (or there is any other activation failure), the UE sends back a Security Mode Failure message.

As a result of the RRC security activation procedure, the AS applies three different security keys:

• One for the integrity protection of RRC signalling (KRRCint),

• One for the encryption of RRC signalling (KRRCenc)

• One for the encryption of user data (KUPenc).

1. Ciphering

Ciphering, also known as encryption, ensures that intruders cannot read the data and signalling messages that the mobile and network exchange. Ciphering can be applied to both U-Plane Data and C-Plane Data (RRC/NAS Message). The type of EEA being used is determined by Network and informed to UE via Security Mode Command. NAS EEA is carried by NAS:Security Mode Command and RRC EEA is carried by RRC:Security Mode Command. Currently there are three different types of EEA we can use as shown in the following table.

2. Integrity

Integrity protection ensures that the intruder cannot replay or modify signalling messages that the mobile and network exchange. It protects the system against problems such as man-in-middle attacks, in which an intruder intercepts a sequence of signalling messages and modifies and re transmits them, in an attempt to take control of the mobile. This algorithm applies only to C-Plane data (NAS message). You can take this as a kind of special encryption algorithm which is used only for NAS message. Like EEA, this is also determined by the Network and informed to UE by EMM:Security Mode Command and RRC:Security Mode Command message. Currently there are two different types of EIA we can use as shown in the following table.

Thanks

Hello friend!

   The SECURITY MODE COMMAND message is used to command the UE for the activation of AS security. E-UTRAN always initiates this procedure prior to the establishment of Signalling Radio Bearer2 (SRB2) and Data Radio Bearers (DRBs).
   AS security comprises of the integrity protection of RRC signalling (SRBs) as well as the ciphering of RRC signalling (SRBs) and user plane data (DRBs). The integrity protection algorithm is common for signalling radio bearers SRB1 and SRB2. The ciphering algorithm is common for all radio bearers (i.e. SRB1, SRB2 andDRBs). Neither integrity protection nor ciphering applies for SRB0.
   The eNodeB sends integrity protected SECURITY MODE COMMAND message to the UE. The UE shall derive KeNB and KRRCint which is associated with integrity protection algorithm indicated in the SECURITY MODE COMMAND. Then, UE verifies the Integrity of the received SECURITY MODE COMMAND by checking the Message Authentication Code (MAC) in the SECURITY MODE COMMAND message. If the SECURITY MODE COMMANDmessage fails the integrity protection check, then the UE sends SECURITY MODE FAILURE to the eNodeB.
   If the SECURITY MODE COMMAND passes the integrity protection check, then the UE shall derive the encryption keys KRRCenc key and the KUPenc keys associated with the ciphering algorithm indicated in theSECURITY MODE COMMAND.
   The UE shall apply integrity protection using the indicated algorithm (EIA) and the integrity key, KRRCintimmediately, i.e. integrity protection shall be applied to all subsequent messages received and sent by the UE, including the SECURITY MODE COMPLETE message.
    The UE shall apply ciphering using the indicated algorithm (EEA), KRRCenc key and the KUPenc key after completing the procedure, i.e. ciphering shall be applied to all subsequent messages received and sent by the UE, except for the SECURITY MODE COMPLETE message which is sent un-ciphered.


Thanks!