8.1.12 Integrity Protection
34.123-13GPPPart 1: Protocol conformance specificationRelease 15TSUser Equipment (UE) conformance specification
8.1.12.1 Definition
8.1.12.2 Conformance requirement
If the UE receives an RRC message on signalling radio bearer with RB identity n, the "Status" in the variable INTEGRITY_PROTECTION_INFO has the value "Started" and the IE ‘Integrity check info’ is present the UE shall:
1> check the value of the IE "RRC message sequence number" included in the IE "Integrity check info";
2> if the "Downlink RRC Message sequence number" is not present in the variable INTEGRITY_PROTECTION_INFO:
3> initialise the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received message.
2> if the "Downlink RRC Message sequence number" is present in the variable INTEGRITY_PROTECTION_INFO:
3> if the RRC message sequence number is lower than the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:
4> increment "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with one.
3> if the RRC message sequence number is equal to the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:
4> discard the message.
1> calculate an expected message authentication code in accordance with subclause 8.5.10.3 of TS 25.331;
1> compare the expected message authentication code with the value of the received IE "message authentication code" contained in the IE "Integrity check info";
2> if the expected message authentication code and the received message authentication code are the same, the integrity check is successful:
3> update the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received RRC message.
2> if the calculated expected message authentication code and the received message authentication code differ:
3> if the IE "RRC message sequence number" included in the IE "Integrity check info" is lower than the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO (in this case the "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO was incremented by one, as stated above):
4> decrement "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO by one.
3> discard the message.
If the UE receives an RRC message on signalling radio bearer with identity n, the "Status" in the variable INTEGRITY_PROTECTION_INFO has the value "Started" and the IE ‘Integrity check info’ is not present the UE shall:
1> discard the message.
Reference
3GPP TS 25.331 clause 8.5.10.
8.1.12.3 Test purpose
To confirm that the UE discards any RRC messages that include wrong message authentication code, or RRC message sequence number, or do not include the IE "Integrity Check Info" after integrity protection is activated.
8.1.12.4 Method of test
Initial Condition
System Simulator: 1cell.
UE: CS-DCCH+DTCH_DCH (state 6-9) or PS_DCCH+DTCH_DCH (state 6-10) as specified in clause 7.4 of TS 34.108, depending on the CN domain(s) supported by the UE after integrity protection is activated on all SRBs.
Test Procedure
The UE is in CELL_DCH state, radio access bearer and integrity protection is already activated in generic setup procedure. The SS transmits UE CAPABILITY ENQUIRY message on the downlink DCCH using RLC-UM mode on SRB1. The UE shall respond to with a UE CAPABILITY INFORMATION message on the uplink DCCH using RLC-AM. The SS then sends UE CAPABILITY INFORMATION CONFIRM message to the UE. This procedure is used to initialise the downlink RRC message sequence number in the UE.
SS transmits RRC CONNECTION RELEASE message which does not include the IE "Integrity Check Info" on downlink DCCH. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.
Then SS transmits RRC CONNECTION RELEASE message which includes wrong message authentication code on downlink DCCH. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.
Then SS transmits RRC CONNECTION RELEASE message which includes IE"RRC Message sequence number" as set to the same sequence number as the number in previous received RRC message. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.
Then SS transmits RRC CONNECTION RELEASE message which includes correct RRC Message sequence number and message authentication code. The UE shall transmit RRC CONNECTION RELEASE COMPLETE message on uplink DCCH and enter the idle state.
Expected sequence
|
Step |
Direction |
Message |
Comment |
|
|
UE |
SS |
|||
|
0 |
The UE is in CELL_DCH state. |
|||
|
0a |
|
UE CAPABILITY ENQUIRY |
The SS shall send this message to ensure correct initialisation of RRC message sequence number on downlink DCCH using RLC-UM |
|
|
0b |
|
UE CAPABILITY INFORMATION |
The UE shall send this message on the uplink DCCH using RLC-AM |
|
|
0c |
|
UE CAPABILITY INFORMATION CONFIRM |
||
|
1 |
|
RRC CONNECTION RELEASE |
See specific message content |
|
|
2 |
During 5s after step 1, confirm that UE does not transmit RRC CONNECTION RELEASE COMPLETE message. If RRC CONNECTION RELEASE COMPLETE message is received, the test is ended as fail. |
|||
|
3 |
|
RRC CONNECTION RELEASE |
See specific message content |
|
|
4 |
During 5s after step 3, confirm that UE does not transmit RRC CONNECTION RELEASE COMPLETE message. If RRC CONNECTION RELEASE COMPLETE message is received, the test is end as fail. |
|||
|
5 |
Void |
|||
|
6 |
Void |
|||
|
7 |
Void |
|||
|
8 |
|
RRC CONNECTION RELEASE |
See specific message content |
|
|
9 |
During 5s after step 8, confirm that UE does not transmit RRC CONNECTION RELEASE COMPLETE message. If RRC CONNECTION RELEASE COMPLETE message is received, the test is end as fail. |
|||
|
10 |
|
RRC CONNECTION RELEASE |
Use default message content. |
|
|
11 |
|
RRC CONNECTION RELEASE COMPLETE |
SS waits for the arrival of N308 + 1 such messages using unacknowledged mode. |
|
|
12 |
|
CALL C.1 |
If the test result of C.1 indicates that UE is in Idle state, the test passes, otherwise it fails. |
|
Specific Message Content
RRC CONNECTION RELEASE (Step 1)
Use the same message type found in clause 9 of TS 34.108, with the following exception:
|
Information Element |
Value/remark |
|
Integrity check info |
Not Present |
RRC CONNECTION RELEASE (Step 3)
Use the same message type found in clause 9 of TS 34.108, with the following exception:
|
Information Element |
Value/remark |
|
Integrity check info |
|
|
– Message authentication code |
SS calculates the value of MAC-I for this message and set different value from the calculated result to this IE. The first/ leftmost bit of the bit string contains the most significant bit of the MAC-I. |
|
– RRC Message sequence number |
SS provides the value of this IE, from its internal counter value. |
RRC CONNECTION RELEASE (Step 8)
Use the same message type found in clause 9 of TS 34.108, with the following exception:
|
Information Element |
Value/remark |
|
Integrity check info |
|
|
– Message authentication code |
SS calculates the value of MAC-I for this message and set the result to this IE. The first/ leftmost bit of the bit string contains the most significant bit of the MAC-I. |
|
– RRC Message sequence number |
SS provides the value of this IE equal to the value for the last message accepted by the UE on this radio bearer. |
8.1.12.5 Test requirement
After step 1 the UE shall not transmit RRC CONNECTION RELEASE COMPLETE message on the uplink DCCH.
After step 3 the UE shall not transmit RRC CONNECTION RELEASE COMPLETE message on the uplink DCCH.
After step 8 the UE shall not transmit RRC CONNECTION RELEASE COMPLETE message on the uplink DCCH.
After step 10 the UE shall transmit RRC CONNECTION RELEASE COMPLETE message on the uplink DCCH.