8.5.10 Integrity protection

25.3313GPPProtocol specificationRadio Resource Control (RRC)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

If the "Status" in the variable INTEGRITY_ PROTECTION_INFO has the value "Started" then the UE shall:

1> perform integrity protection (and integrity checking) on all RRC messages, with the following exceptions:

ETWS PRIMARY NOTIFICATION WITH SECURITY

HANDOVER TO UTRAN COMPLETE

MBMS ACCESS INFORMATION

MBMS COMMON P-T-M RB INFORMATION

MBMS CURRENT CELL P-T-M RB INFORMATION

MBMS GENERAL INFORMATION

MBMS MODIFIED SERVICES INFORMATION (MCCH only)

MBMS NEIGHBOURING CELL P-T-M RB INFORMATION

MBMS SCHEDULING INFORMATION

MBMS UNMODIFIED SERVICES INFORMATION

PAGING TYPE 1

PUSCH CAPACITY REQUEST

PHYSICAL SHARED CHANNEL ALLOCATION

RRC Connection Request

RRC Connection Setup

RRC Connection Setup Complete

RRC Connection Reject

RRC CONNECTION RELEASE (CCCH only)

SYSTEM INFORMATION

SYSTEM INFORMATION CHANGE INDICATION

TRANSPORT FORMAT COMBINATION CONTROL (TM DCCH only)

If the "Status" in the variable INTEGRITY_ PROTECTION_INFO has the value "Not started" then integrity protection (and integrity checking) shall not be performed on any RRC message.

For each signalling radio bearer, the UE shall use two RRC hyper frame numbers:

– "Uplink RRC HFN";

– "Downlink RRC HFN".

and two message sequence numbers:

– "Uplink RRC Message sequence number";

– "Downlink RRC Message sequence number".

The above information is stored in the variable INTEGRITY_PROTECTION_INFO per signalling radio bearer (RB0- RB4).

Upon the first activation of integrity protection for an RRC connection, UE and UTRAN initialise the "Uplink RRC Message sequence number" and "Downlink RRC Message sequence number" for all signalling radio bearers as specified in subclauses 8.6.3.5 and 8.5.10.1.

The RRC message sequence number (RRC SN) is incremented for every integrity protected RRC message.

If the IE "Integrity Protection Mode Info" is present in a received message, the UE shall:

1> perform the actions in subclause 8.6.3.5 before proceeding with the integrity check of the received message.

8.5.10.1 Integrity protection in downlink

If the UE receives an RRC message on signalling radio bearer with RB identity n, the "Status" in the variable INTEGRITY_ PROTECTION_INFO has the value "Started" and the IE ‘Integrity check info’ is present the UE shall:

1> check the value of the IE "RRC message sequence number" included in the IE "Integrity check info";

2> if the "Downlink RRC Message sequence number" is not present in the variable INTEGRITY_PROTECTION_INFO:

3> initialise the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received message.

2> if the "Downlink RRC Message sequence number" is present in the variable INTEGRITY_PROTECTION_INFO:

3> if the RRC message sequence number is lower than the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:

4> increment "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with one.

NOTE: The actions above imply that also for the case the "Downlink RRC HFN" is re-initialised by a security mode control procedure, this "Downlink RRC HFN" value is incremented by one before it is applied for the integrity protection of any received message if the conditions above are fulfilled.

3> if the RRC message sequence number is equal to the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:

4> discard the message.

1> calculate an expected message authentication code in accordance with subclause 8.5.10.3;

1> compare the expected message authentication code with the value of the received IE "message authentication code" contained in the IE "Integrity check info";

2> if the expected message authentication code and the received message authentication code are the same, the integrity check is successful:

3> update the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received RRC message.

2> if the calculated expected message authentication code and the received message authentication code differ:

3> act as if the message was not received.

If the UE receives an RRC message on signalling radio bearer with identity 0, 1, or 2, the "Status" in the variable INTEGRITY_ PROTECTION_INFO has the value "Started" and the IE ‘Integrity check info’ is not present the UE shall:

1> discard the message.

If the UE receives an RRC message on signalling radio bearer with identity 3 or 4, the "Status" in the variable INTEGRITY_PROTECTION_INFO has the value "Started" and the IE ‘Integrity check info’ is not present:

1> if a security mode command procedure has not been successfully completed during the current RRC connection for the CN domain indicated by IE "CN Domain Identity" in the received message:

2> the UE shall forward the message to upper layer.

1> else:

2> the UE shall discard the message.

UTRAN may transmit several copies of the same message in the downlink to increase the probability of proper reception of the message by the UE. In such a case, the RRC SN for these repeated messages should be the same.

8.5.10.2 Integrity protection in uplink

Prior to sending an RRC message using the signalling radio bearer with radio bearer identity n, and the "Status" in the variable INTEGRITY_ PROTECTION_INFO has the value "Started" the UE shall:

1> increment "Uplink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with 1, even if the message is a retransmission of a previously transmitted message.

1> if the "Uplink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO equals zero:

2> increment "Uplink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO by one.

NOTE 1: The actions above imply that also for the case the "Uplink RRC HFN" is re-initialised by a security mode control procedure, this "Uplink RRC HFN" is incremented before it is applied in the integrity protection of any transmitted message if the conditions above are fulfilled.

NOTE 2: For SRB0, this is also valid in case the Message Sequence Number has been increased by N302 +2 resulting in an MSN which equals 0 (i.e.: SRB0 UL activation time equals 0). Then the uplink RRC HFN is incremented by 1 after it is re-initialized and before it is applied in the integrity protection of any transmitted message.

1> calculate the message authentication code in accordance with subclause 8.5.10.3;

1> replace the "Message authentication code" in the IE "Integrity check info" in the message with the calculated message authentication code;

1> replace the "RRC Message sequence number" in the IE "Integrity check info" in the message with contents set to the new value of the "Uplink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO.

In the response message for the procedure ordering the security reconfiguration, the UE indicates the activation time, for each signalling radio bearer. When the new integrity configuration is to be applied in uplink, UTRAN should start to apply the new integrity protection configuration according to the activation time for each signalling radio bearer (except for the signalling radio bearer which is used to send the message that is reconfiguring the security configuration where the new configuration is to be applied starting from and including reception of the response message).

8.5.10.3 Calculation of message authentication code

The UE shall calculate the message authentication code in accordance with [40]. The input parameter MESSAGE [40] for the integrity algorithm shall be constructed by:

1> setting the "Message authentication code" in the IE "Integrity check info" in the message to the value of the IE "RB identity" for the signalling radio bearer;

1> setting the "RRC Message sequence number" in the IE "Integrity check info" in the message to zero;

1> encoding the message;

1> appending RRC padding (if any) as a bit string to the encoded bit string as the least significant bits.

For usage on an RRC message transmitted or received on the radio bearer with identity n, the UE shall:

1> construct the input parameter COUNT-I [40] by appending the following IEs from the IE "Signalling radio bearer specific integrity protection information" for radio bearer n in the variable INTEGRITY_PROTECTION_INFO:

2> for uplink:

3> "Uplink RRC HFN", as the MSB, and "Uplink RRC Message sequence number", as LSB.

2> for downlink:

3> "Downlink RRC HFN", as the MSB, and the IE "RRC message sequence number" included in the IE "Integrity check info", as LSB.