8.5 Security in testing
34.123-33GPPPart 3: Abstract test suite (ATS)TSUser Equipment (UE) conformance specification
The security functions at the SS side are implemented in RLC and MAC layers. When the AM or UM RLC entities and a MAC(d) entity are created, the TTCN will download a security context for each CN domain used. The two ASPs CMAC_SecurityMode_Config_REQ and CRLC_SecurityMode_Config_REQ configure the SS security contexts and associate the contexts to the created entities. The SS shall support one activate security contexts and one context pending activation for each CN domain.
A security context at the SS consists of the security parameter START, 20 bits long and a pair of integrity key and a ciphering key, each 128 bits long. All these security parameters belong to a CS or a PS domain. The SS shall have the ability to store these values till the new values are downloaded and activated. STARTcs is used for initialization of all counters-C and counters-I (32 bits long each) of all DL and UL radio bearers for ciphering and integrity protection in the CS domain. The same is for STARTps in the PS domain. The TTCN downloads the new START value whenever it is received from the UE. In the case of a succeeded authentication procedure, the START value is reset to zero by the TTCN.
Once the START is downloaded the SS will, according to the activation time, initialize the 20 most significant bits of the RRC HFN (for integrity protection), the RLC HFN (for ciphering) and the MAC-d HFN (for ciphering) to the START value of the corresponding service domain; the remaining bits are initialized to 0.
Upon the concerned RLC entities and the MAC(d) entity release in the SS, the associated security contexts are no longer used and shall be removed as well. The RLC and the MAC(d) entities are addressed by the TTCN with the cell id = -1.
8.5.1 Authentication
A GMM or MM authentication test step makes use of a number of TSOs to generate an authentication vector:
AV := {RAND, XRES, CK, IK, AUTN}
If the UE has valid authentication parameters (CKSN/KSI), for the respective domain, use of the Authentication procedure after an INITIAL DIRECT TRANSFER message is optional. Authentication in this case will be left to the test case implementation and need not be specified in the prose. However, in the case where the UE does not have valid authentication parameters the Authentication procedure shall be performed.
8.5.2 Ciphering
The ciphering in the SS is activated through the ASP CRLC_Ciphering_Activate_REQ for the AM or UM mode and through CMAC_Ciphering_Activate_REQ for the TM mode.
A PIXIT parameter px_CipheringOnOff indicates whether all the tests are performed under ciphering activated or not. If ciphering should be off at the test execution, the ciphering algorithm in IE ciphering ModeInfo is set to uea0 (no encryption). The UE under test is informed about the SS ciphering capability via IE cipheringAlgorithmCap set to uea0.
Unless specified otherwise in the test prose, px_CipheringOnOff shall be set to on in FDD mode and off in LCR TDD mode.
Table 8.5.2 gives the mapping of the RB id and the bearer value used in the ciphering calculation at the SS side.
Table 8.5.2: Mapping between RB identity in ASP and BEARER value in the ciphering calculation
|
RB identity (TTCN constant) |
Direction |
RLC mode |
BEARER value |
Type |
Comments |
|---|---|---|---|---|---|
|
-1 (tsc_RB_BCCH) |
downlink |
TM |
N/A |
No ciphering applicable |
|
|
-2 (tsc_RB_PCCH) |
downlink |
TM |
N/A |
No ciphering applicable |
|
|
-3 (tsc_RB_BCCH_FACH) |
downlink |
TM |
N/A |
No ciphering applicable |
|
|
-4 (tsc_RB_2ndPCCH ) |
downlink |
TM |
N/A |
No ciphering applicable |
|
|
-5 (tsc_RB_2ndCCCH ) |
uplink |
TM |
N/A |
No ciphering applicable |
|
|
-6 (tsc_RB_MTCH_RLC_TR) |
downlink |
TM |
N/A |
RAB |
For RLC MTCH test, no ciphering applicable |
|
-8 (tsc_RB_MCCH_RLC_TR) |
downlink |
TM |
N/A |
No ciphering applicable |
|
|
-10 (tsc_RB_UM_7_RLC) |
downlink |
TM |
N/A |
RAB |
For UM RLC tests using 7 bit Lis, no ciphering used |
|
-10 (tsc_RB_UM_7_RLC) |
uplink |
TM |
N/A |
RAB |
For UM RLC tests using 7 bit LIs, no ciphering used |
|
-11 (tsc_RB_UM_15_RLC) |
downlink |
TM |
N/A |
RAB |
For UM RLC tests using 15 bit LIs, no ciphering used |
|
-11 (tsc_RB_UM_15_RLC) |
uplink |
TM |
N/A |
RAB |
For UM RLC tests using 15 bit LIs, no ciphering used |
|
-12 (tsc_RB_AM_7_RLC) |
downlink |
TM |
N/A |
RAB |
For AM RLC tests using 15 bit LIs, no ciphering used |
|
-12 (tsc_RB_AM_7_RLC) |
uplink |
TM |
N/A |
RAB |
For AM RLC tests using 7 bit LIs, no ciphering used |
|
-13 (tsc_RB_AM_15_RLC) |
downlink |
TM |
N/A |
RAB |
For AM RLC tests using 15 bit LIs, no ciphering used |
|
-13 (tsc_RB_AM_15_RLC) |
uplink |
TM |
N/A |
RAB |
For AM RLC tests using 15 bit LIs, no ciphering used |
|
-14 tsc_RB_DCCH_FACH_MAC) |
downlink |
TM |
N/A |
SRB3 |
MAC testing no ciphering used |
|
-14 (tsc_RB_DCCH_FACH_MAC) |
uplink |
TM |
N/A |
SRB3 |
MAC testing no ciphering used |
|
-15 (tsc_RB_DCCH_DCH_MAC) |
downlink |
TM |
N/A |
SRB3 |
MAC testing no ciphering used |
|
-15 (tsc_RB_DCCH_FACH_MAC) |
uplink |
TM |
N/A |
SRB3 |
MAC testing no ciphering used |
|
-16 (tsc_RB3_DCCH_RRC) |
uplink |
AM |
2 |
SRB3 |
|
|
-18 (tsc_RB_CCCH_FACH_MAC) |
downlink |
TM |
N/A |
SRB0 |
No ciphering applicable |
|
-19 (tsc_RB_BCCH_FACH_RAB) |
downlink |
TM |
N/A |
SRB |
No ciphering applicable |
|
-20 (tsc_RB_DTCH_E_DCH_MAC) |
uplink |
TM |
N/A |
RAB |
MAC testing no ciphering used |
|
-21 (tsc_RB_DTCH_E_DCH_MAC1) |
uplink |
TM |
N/A |
RAB |
MAC testing no ciphering used |
|
-22 (tsc_RB_DTCH_E_DCH_MAC2) |
uplink |
TM |
N/A |
RAB |
MAC testing no ciphering used |
|
-25 (tsc_RB_MAC_HS) |
downlink |
TM |
N/A |
RAB |
MAC/RLC testing no ciphering used |
|
-25 (tsc_RB_MAC_HS) |
uplink |
TM |
N/A |
RAB |
MAC/RLC testing no ciphering used |
|
-26 (tsc_RB_MAC_ehs_26) |
downlink |
TM |
N/A |
RAB |
MACehs testing no ciphering used |
|
-26 (tsc_RB_MAC_ehs_26) |
Uplink |
TM |
N/A |
RAB |
MACehs testing no ciphering used |
|
-27 (tsc_RB_MAC_ehs_27) |
downlink |
TM |
N/A |
RAB |
MACehs testing no ciphering used |
|
-27 (tsc_RB_MAC_ehs_27) |
downlink |
TM |
N/A |
RAB |
MACehs testing no ciphering used |
|
0 (tsc_RB0) |
uplink |
TM |
N/A |
SRB0 |
No ciphering applicable |
|
0 (tsc_RB0) |
downlink |
UM |
N/A |
SRB0 |
No ciphering applicable |
|
1 (tsc_RB1) |
uplink |
UM |
0 |
SRB1 |
|
|
1 (tsc_RB1) |
downlink |
UM |
0 |
SRB1 |
|
|
2 (tsc_RB2) |
uplink |
AM |
1 |
SRB2 |
|
|
2 (tsc_RB2) |
downlink |
AM |
1 |
SRB2 |
|
|
3 (tsc_RB3) |
uplink |
AM |
2 |
SRB3 |
|
|
3 (tsc_RB3) |
downlink |
AM |
2 |
SRB3 |
|
|
4 (tsc_RB4) |
uplink |
AM |
3 |
SRB4 |
|
|
4 (tsc_RB4) |
downlink |
AM |
3 |
SRB4 |
|
|
5 (tsc_RB5) |
uplink |
TM |
4 |
SRB |
DCCH |
|
5 (tsc_RB5) |
downlink |
TM |
4 |
SRB |
DCCH |
|
6 |
uplink |
5 |
Not used currently |
||
|
6 |
downlink |
5 |
Not used currently |
||
|
7 |
uplink |
6 |
Not used currently |
||
|
7 |
downlink |
6 |
Not used currently |
||
|
8 |
uplink |
7 |
Not used currently |
||
|
8 (tsc_RB_MCCH) |
downlink |
UM |
7 |
No ciphering applicable |
|
|
9 |
uplink |
8 |
Not used currently |
||
|
9 (tsc_RB_MSCH) |
downlink |
8 |
No ciphering applicable |
||
|
10 (tsc_RB10) |
uplink |
TM |
9 |
RAB#1-1 |
or RAB1 |
|
10 (tsc_RB10) |
downlink |
TM |
9 |
RAB#1-1 |
or RAB1 |
|
11 (tsc_RB11) |
uplink |
TM |
10 |
RAB#1-2 |
or RAB2 |
|
11 (tsc_RB11) |
downlink |
TM |
10 |
RAB#1-2 |
or RAB2 |
|
12 (tsc_RB12) |
uplink |
TM |
11 |
RAB#1-3 |
|
|
12 (tsc_RB12) |
downlink |
TM |
11 |
RAB#1-3 |
|
|
13 (tsc_RB13) |
uplink |
TM |
12 |
RAB#2 |
|
|
13 (tsc_RB13) |
downlink |
TM |
12 |
RAB#2 |
|
|
14 |
uplink |
13 |
Not used currently |
||
|
14 (tsc_MTCH1) |
downlink |
UM |
13 |
No ciphering |
|
|
15 |
uplink |
14 |
Not used currently |
||
|
15 (tsc_MTCH2) |
downlink |
UM |
14 |
No ciphering |
|
|
16 |
uplink |
15 |
Not used currently |
||
|
16 (tsc_MTCH3) |
downlink |
UM |
15 |
No ciphering |
|
|
17 (tsc_RB17) |
uplink |
AM |
16 |
RAB#2 |
|
|
17 (tsc_RB17) |
downlink |
AM |
16 |
RAB#2 |
|
|
20 (tsc_RB20) |
uplink |
AM |
19 |
RAB#1 |
|
|
20 (tsc_RB20) |
downlink |
AM |
19 |
RAB#1 |
|
|
21 (tsc_RB21) |
uplink |
UM |
20 |
RAB#2 |
|
|
21 (tsc_RB21) |
downlink |
UM |
20 |
RAB#2 |
|
|
22 (tsc_RB22) |
uplink |
AM |
21 |
RAB#2 |
|
|
22 (tsc_RB22) |
downlink |
AM |
21 |
RAB#2 |
|
|
23 (tsc_RB23) |
uplink |
AM |
22 |
RAB#2 |
|
|
23 (tsc_RB23) |
downlink |
AM |
22 |
RAB#2 |
|
|
24 (tsc_RB24) |
uplink |
AM |
23 |
RAB#2 |
|
|
24 (tsc_RB24) |
downlink |
AM |
23 |
RAB#2 |
|
|
25 (tsc_RB25) |
uplink |
AM |
24 |
RAB#1 |
|
|
25 (tsc_RB25) |
downlink |
AM |
24 |
RAB#1 |
|
|
26 (tsc_RB26) |
uplink |
UM |
25 |
RAB#1 |
MAC testing no ciphering used |
|
26 (tsc_RB26) |
downlink |
UM |
25 |
RAB#1 |
MAC testing no ciphering used |
|
27 (tsc_RB27) |
uplink |
UM |
26 |
RAB#2 |
MAC testing no ciphering used |
|
27 (tsc_RB27) |
downlink |
UM |
26 |
RAB#2 |
MAC testing no ciphering used |
|
28 (tsc_RB28) |
uplink |
AM |
27 |
RAB#3 |
MAC testing no ciphering used |
|
28 (tsc_RB28) |
downlink |
AM |
27 |
RAB#3 |
MAC testing no ciphering used |
|
29 |
uplink |
28 |
Not used yet currently |
||
|
29 (tsc_RB29) |
downlink |
AM |
28 |
SRB0 |
No ciphering applicable |
|
30 |
uplink |
29 |
Not used yet currently |
||
|
30 (tsc_RB30) |
downlink |
UM |
N/A |
CTCH FACH no ciphering used |
|
|
31 |
uplink |
30 |
Not used yet currently |
||
|
31 (tsc_RB31) |
downlink |
UM |
N/A |
CTCH FACH no ciphering used |
|
|
32 |
uplink |
31 |
Not used yet currently |
||
|
32 |
downlink |
31 |
Not used yet currently |
8.5.3 Integrity
The integrity protection in the SS is activated through the ASP CRLC_Integrity_Activate_REQ for all SRB.
MAC-I (MessageAuthenticationCode) is calculated by the SS. If the integrity protection is not yet started, the "integrity protection info" IE is omitted in TTCN. If integrity protection is started the TTCN includes the "integrity protection info" IE with all bits set to "0". The SS takes care of all the necessary initialization and calculation on SRBs.
Once integrity is started, the SS initializes and calculates a correct Message Authentication Code, overrides the initial value all bits "0" and inserts a corresponding RRC message sequence number into the IntegrityCheckInfo for all DL DCCH messages. In UL, the SS shall check the received MessageAuthenticationCode. If it is wrong, the ASP CRLC_Integrity_Failure_IND will report having received an UL message with integrity error. If it is correct SS forwards the received messages to the TTCN.
In addition, CRLC_MAC_I_Mode_REQ can be used to force the SS generate wrong DL MAC-I on a specific SRB for the integrity error handling test.
8.5.4 Test security scenarios
Five basic test scenarios are presented in the present document. The corresponding core spec references are found in 3GPP TS 25.331 [21], clauses 8.1.12, 8.2.2.2, 8.5.10.1, 8.5.10.2, 8.6.3.4, 8.6.3.5, 8.6.4.3 and 8.6.4.8.
Start security;
RB setup;
AM RB reconfiguration;
Security modification;
SRNS relocation;
Modification of RLC size of AM RB during RB reconfiguration;
Cell/URA update;
InterRAt HO to UTRAN.
As Default, the 1st three basic scenarios can be subdivided into:
Start integrity without ciphering start;
Start integrity and ciphering at the same time.
Regarding the simultaneous SRNS relocation, the security scenarios at the relocation are split into:
No security configuration modification;
Modification of integrity (FRESH) without ciphering configuration change;
Modification integrity FRESH and ciphering algorithm;
A security modification pending at the SRNS relocation.
This clause shows the procedures how the security ASP applied to the SS configurations at the different security test scenarios.
8.5.4.1 Start security function
CIPHERING_STATUS = NotStarted for the CN domain concerned.
8.5.4.1.1 Start integrity protection without start of ciphering
INTEGRITY_PROTECTION Status = NotStarted.
SECURITY MODE COMMAND with "Integrity protection mode info" IE containing integrityProtectionModeCommand = Start, no "Ciphering mode info" IE
1 Before sending SECURITY MODE COMMAND (SMC)
CRLC_SecurityMode_Config_REQ
startValue = value most recently received or 0 (new key)
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_SetRRC_MessageSN_REQ (SN=0)
— Downlink RRC message sequence number set to 0
CRLC_Integrity_Activate_REQ (CN domain concerned)
integrityProtectionModeCommand = startIntegrityProtection (FRESH)
integrityProtectionAlgorithm = selected value
— downlink integrity protection starts immediately
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = 0 (RB2 only)
2 Send SECURITY MODE COMMAND
3 After receiving SECURITY MODE COMPLETE
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = value in "Uplink integrity protection activation time" (except RB2) received from SECURITY MODE COMPLETE
8.5.4.1.2 Start both integrity protection and ciphering
INTEGRITY_PROTECTION Status = NotStarted.
SECURITY MODE COMMAND with "Integrity protection mode info" IE containing integrityProtectionModeCommand = Start, and "Ciphering mode info" IE containing cipheringModeCommand = Start/Restart (algorithm UEA0 or UEA1)
1 Before sending SECURITY MODE COMMAND message
CRLC_SecurityMode_Config_REQ
startValue = value most recently received or 0 ( new key)
cipheringKey = value maintained by TTCN
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_SequenceNumber_REQ
— Get current RLC SN of all SRB for calculating suitable down link activation time
CRLC_Suspend_REQ
— Suspend all signalling radio bearers except RB2. Optionally an SS may start immediate suspension of processing of data PDUs in the UL. The UL control PDUs and Piggybacked Status may optionally processed.
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (algorithm)
rb_DL_CiphActivationTimeInfo = calculated activation time
incHFN = NotInc
CRLC_SetRRC_MessageSN_REQ (SN=0)
— Downlink RRC message sequence number set to 0
CRLC_Integrity_Activate_REQ (CN domain concerned)
integrityProtectionModeCommand = startIntegrityProtection (FRESH)
integrityProtectionAlgorithm = selected value
(downlink integrity protection starts immediate)
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = 0 (RB2 only)
CRLC_ProhibitRLC_Ack_REQ
mode = prohibit (RB3 only)
— An SS supporting suspension of UL data PDUs may provide a dummy CRLC_ProhibitRLC_Ack_CNF
2 Send SECURITY MODE COMMAND
3 After receiving SECURITY MODE COMPLETE
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = value received in SECURITY MODE COMPLETE
incHFN = NotInc
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = value in "Uplink integrity protection activation time" (except RB2) received from SECURITY MODE COMPLETE
CRLC_ProhibitRLC_Ack_REQ
mode = continue (RB3 only)
— An SS supporting suspension of UL data PDUs may provide a dummy CRLC_ProhibitRLC_Ack_CNF
CRLC_Resume_REQ
— If the SS implemented the optional suspension of UL data PDUs, then the processing in the UL of data PDUs shall be resumed. Any suspended UL control PDUs and Piggybacked Status shall be preceded or resumed.
8.5.4.1.3 Void
8.5.4.2 RB setup
INTEGRITY_PROTECTION Status = Started.
Condition: "RAB information for setup" IE included in RADIO BEARER SETUP
8.5.4.2.1 AM / UM RB
1 Sending the RADIO BEARER SETUP message.
2 Configuring the RB.
3 After receiving RADIO BEARER SETUP COMPLETE.
8.5.4.2.1.1 Ciphering not started
CIPHERING_STATUS = NotStarted for the CN domain concerned
CRLC_SecurityMode_Config_REQ
startValue = value most recently received
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = NULL (no ciphering)
rb_DL_CiphActivationTimeInfo = 0 (from the first block)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = 0 (from the first block)
incHFN = NotInc
8.5.4.2.1.2 Ciphering started
CIPHERING_STATUS = Started for the CN domain concerned
CRLC_SecurityMode_Config_REQ
startValue = value most recently received
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (algorithm)
rb_DL_CiphActivationTimeInfo = 0 (from the first block)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = 0 (from the first block)
incHFN = NotInc
8.5.4.2.2 TM RB
Enter Cell_DCH,
no TM RB established before,
"COUNT-C activation time" IE included in RADIO BEARER SETUP COMPLETE message.
8.5.4.2.2.1 Ciphering not started
CIPHERING_STATUS = NotStarted for the CN domain concerned,
1 Send the RADIO BEARER SETUP message
2 Configuring the RB
3 After receiving RADIO BEARER SETUP COMPLETE
CMAC_SecurityMode_Config_REQ
startValue = value most recently received
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = NotInc
cipheringModeCommand = NULL (no ciphering)
activationTimeForDPCH = value in "COUNT-C activation time"
8.5.4.2.2.2 Ciphering started
CIPHERING_STATUS = Started for the CN domain concerned,
1 Sending RADIO BEARER SETUP
2 Configuring the RB
CMAC_SecurityMode_Config_REQ
startValue = value most recently received
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = NotInc
cipheringModeCommand = Start/Restart (algorithm)
activationTimeForDPCH = value in "Activation time" of the RB
3 After receiving RADIO BEARER SETUP COMPLETE message
CMAC_SecurityMode_Config_REQ
startValue = value received in response message
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = IncPerCFN_Cycle
cipheringModeCommand = Start/Restart (algorithm)
activationTimeForDPCH = value in "COUNT-C activation time"
8.5.4.3 RB Reconfiguration for AM RAB modification of RLC size
CIPHERING_STATUS = Started for the CN domain concerned,
"RB mapping info" IE, changing AM RB RLC size, is included in
CELL UPDATE CONFIRM,
RADIO REARER RECONFIGURATION,
RADIO BEARER RELEASE
8.5.4.3.1 "RB mapping info" in CELL UPDATE CONFIRM
After sending the CELL UPDATE CONFIRM message, re-establish the RB and re-configure the RB with new RLC size and re-initialize COUNT-C for the RB:
CRLC_Config_REQ
Release the concerned RB
CRLC_Config_REQ
Setup the concerned RB (new RLC size)
CRLC_SecurityMode_Config_REQ
startValue = value received in the CELL UPDATE message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now
incHFN = NotInc
8.5.4.3.2 "RB mapping info" in RB RECONFIGURATION / RELEASE
After receiving the reconfiguration complete message, re-establish the RB and re-configure the RB with new RLC size and re-initialize COUNT-C for the RB:
CRLC_Config_REQ
Release the concerned RB
CRLC_Config_REQ
Setup the concerned RB (new RLC size)
CRLC_SecurityMode_Config_REQ
startValue = value received in the reconfiguration complete message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now
incHFN = NotInc
8.5.4.4 Security modification
Updating security keys is the scenario in this clause.
INTEGRITY_PROTECTION STATUS = Started
SECURITY MODE COMMAND contains "Ciphering mode info" IE and/or "Integrity protection mode info" IE
8.5.4.4.1 Integrity started, ciphering not started
CIPHERING_STATUS = NotStarted for the CN domain concerned
SECURITY MODE COMMAND with "Integrity protection mode info" IE containing integrityProtectionModeCommand = modify, but "Ciphering mode info" IE absent the same CN domain as in the previous SMC to start integrity protection.
1 Before sending SECURITY MODE COMMAND message
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_RRC_MessageSN_REQ
— Get current RRC Message SN for calculation of DL activation time
CRLC_Integrity_Activate_REQ (CN domain concerned)
integrityProtectionModeCommand = modify
dl_IntegrityProtActivationInfo = now (SRB2), calculated value or a pending activation time set by previous security mode control procedure (SRB2 other than SRB2)
CRLC_Integrity_Activate_REQ (CN domain concerned, RB2)
ul_IntegrityProtActivationInfo = now
2 Sending SECURITY MODE COMMAND message
3 After receiving SECURITY MODE COMPLETE
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = value in "Uplink integrity protection activation time" (except RB2)
8.5.4.4.2 Integrity and ciphering started
CIPHERING_STATUS = Started for the CN domain concerned
SECURITY MODE COMMAND contains
"Integrity protection mode info" IE with integrityProtectionModeCommand = modify,
"Ciphering mode info" IE with cipheringModeCommand = Start/Restart.
1 Before sending SECURITY MODE COMMAND message
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cipheringKey = new key
cn_DomainIdentity = CS or PS
if TM RB exist
CMAC_SecurityMode_Config_REQ
startValue = 0 ( new key)
cipheringKey = new key
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_SequenceNumber_REQ
— Get current RLC SN for calculating suitable down link activation time
CRLC_Suspend_REQ
— Optionally an SS may start immediate suspension of processing of data PDUs in the UL. The UL control PDUs and Piggybacked Status may optionally be processed.
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = calculated activation time
incHFN = NotInc
CRLC_RRC_MessageSN_REQ
— Get current RRC message SN for calculating suitable DL activation time
CRLC_Integrity_Activate_REQ (CN domain concerned)
integrityProtectionModeCommand = modify
dl_IntegrityProtActivationInfo = now (SRB2), calculated value or a pending activation time set by previous security mode control procedure (SRB other than SRB2)
CRLC_Integrity_Activate_REQ (CN domain concerned,RB2)
ul_IntegrityProtActivationInfo = now
if TM RB exist
CPHY_Frame_Number_REQ
–Get current CFN for calculating suitable activation time for TM RB
CMAC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (existing algorithm)
activationTimeForDPCH = calculated activation time
incHFN = IncPerCFN_Cycle
CRLC_ProhibitRLC_Ack_REQ
mode = prohibit (RB3 only)
— An SS supporting suspension of UL data PDUs may provide a dummy CRLC_ProhibitRLC_Ack_CNF
2 Sending SECURITY MODE COMMAND message
3 After receiving SECURITY MODE COMPLETE
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = value received in SECURITY MODE COMPLETE
incHFN = NotInc
CRLC_Integrity_Activate_REQ (CN domain concerned, except RB2)
ul_IntegProtActivationInfo = value in "Uplink integrity protection activation time"
CRLC_ProhibitRLC_Ack_REQ
mode = continue (RB3 only)
— An SS supporting suspension of UL data PDUs may provide a dummy CRLC_ProhibitRLC_Ack_CNF
CRLC_Resume_REQ
— If the SS implemented the optional suspension of UL data PDUs, then the processing in the UL of data PDUs shall be resumed. Any suspended UL control PDUs and Piggybacked Status shall be preceded or resumed.
8.5.4.5 SRNS relocation
Simultaneous SRNS relocation will take place
either "Downlink count synchronization info" IE is received in
CELL UPDATE CONFIRM,
PHYSICAL CHANNEL RECONFIGURATION,
RADIO BEARER SETUP,
RADIO BEARER RELEASE,
TRANSPORT CHANNEL RECONFIGURATION,
URA UPDATE CONFIRM,
UTRAN MOBILITY INFROMATION,
or "new U-RNTI" IE is received in
RADIO BEARER RECONFIGURATION.
INTEGRITY_PROTECTION Status = Started
8.5.4.5.1 Void
8.5.4.5.2 Presence of "Integrity protection mode info" but absence of "Ciphering mode info"
SRNS relocation related messages listed contains "Integrity protection mode info" but does not have "Ciphering mode info" IE.
SRNS relocation related message with "Integrity protection mode info" IE containing integrityProtectionModeCommand = Start, but no "Ciphering mode info" IE (no ciphering configuration change).
8.5.4.5.2.1 No security configuration pending
No security configuration pending triggered by previous SECURITY MODE COMMAND.
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = OMIT (no COUNT-I re-initialization)
integrityKey = OMIT or value maintained by TTCN (no key change)
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ (CN domain concerned)
integrityProtectionModeCommand = Start (FRESH)
integrityProtectionAlgorithm = selected value
— downlink integrity protection starts immediately
CRLC_Integrity_Activate_REQ (CN domain concerned)
ul_IntegProtActivationInfo = value (now)
2 Sending one of the SRNS relocation related messages
3 Re-establishing RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
newHFN = MAX(HFN of DL COUNT-C of RB2, HFN of UL COUNT-C of RB2) + 1
CRLC_Config_REQ
— Release RB2
CRLC_Config_REQ
— Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = newHFN
cn_DomainIdentity = CS or PS concerned
CRLC_Ciphering_Activate_REQ (CN domain concerned)
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receiving the response message
5 Re-establishing all RBs and SRBs (except SRB2) and re-initialize COUNT-C for all RBs and SRBs (except SRB2)
CRLC_Config_REQ
— Release all RBs and all SRBs (except SRB2)
CRLC_Config_REQ
— Setup all RB’s and all SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (except SRB2)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now (except SRB2)
incHFN = NotInc
8.5.4.5.2.2 Pending security configuration (new keys)
A pending security configuration is triggered by the previous SECURITY MODE COMMAND (new Key).
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
2 Send one of the SRNS relocation related messages
3 Re-establish RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
HFN = MAX(HFN of DL/UL COUNT-C of RB2) + 1
CRLC_Config_REQ
Release RB2
CRLC_Config_REQ
Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = HFN calculated above
cipheringKey = new key
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receive the response message
5 Re-establish all RBs and SRBs (except RB2) and re-initialize COUNT-C for all RBs and SRBs (except RB2)
CRLC_Config_REQ
Release all RB’s and SRB’s (except RB2)
CRLC_Config_REQ
Setup all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = new key
cipheringKey = new key
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate _REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
6 Re-initialize COUNT-I for all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
8.5.4.5.2.3 Pending security configuration (no new keys)
A pending security configuration is triggered by the previous SECURITY MODE COMMAND (no new keys).
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = OMIT (no COUNT-I re-initialization)
integrityKey = OMIT or value maintained by TTCN (no key change) cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
SS_IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
2 Send one of the SRNS relocation related messages
3 Re-establish RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
HFN = MAX(HFN of DL/UL COUNT-C of RB2) + 1
CRLC_Config_REQ
Release RB2
CRLC_Config_REQ
Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = HFN calculated above
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receive the response message
5 Re-establish all RBs and SRBs (except RB2) and re-initialize COUNT-C for all RBs and SRBs (except RB2)
CRLC_Config_REQ
Release all RB’s and SRB’s (except RB2)
CRLC_Config_REQ
Setup all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
6 Re-initialize COUNT-I for all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
8.5.4.5.3 Presence of "Integrity protection mode info" and "Ciphering mode info" IE
CIPHERING_STATUS = Started for the CN domain concerned,
SRNS relocation related message with "Integrity protection mode info" IE containing integrityProtectionModeCommand = Start, and "Ciphering mode info" IE containing cipheringModeCommand = Start/Restart (change ciphering algorithm, no "Radio bearer downlink ciphering activation time info")
8.5.4.5.3.1 No security configuration pending
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = OMIT (no COUNT-I re-initialization)
integrityKey = OMIT or value maintained by TTCN (no key change)
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
SS_IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
2 Send one of the SRNS relocation related messages
3 Re-establish RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
HFN = MAX(HFN of DL/UL COUNT-C of RB2) + 1
CRLC_Config_REQ
Release RB2
CRLC_Config_REQ
Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = HFN calculated above
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receive the response message
5 Re-establish all RBs and SRBs (except RB2) and re-initialize COUNT-C for all RBs and SRBs (except RB2)
CRLC_Config_REQ
Release all RB’s and SRB’s (except RB2)
CRLC_Config_REQ
Setup all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
cipheringModeCommand = Start/Restart (new algorithm)
rb_DL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
8.5.4.5.3.2 Pending security configuration (new keys)
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
SS_IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
2 Send one of the SRNS relocation related messages
3 Re-establish RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
HFN = MAX(HFN of DL/UL COUNT-C of RB2) + 1
CRLC_Config_REQ
Release RB2
CRLC_Config_REQ
Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = HFN calculated above
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
cipheringModeCommand = NULL (no ciphering status change)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receive the response message
5 Re-establish all RBs and SRBs (except RB2) and re-initialize COUNT-C for all RBs and SRBs (except RB2)
CRLC_Config_REQ
Release all RB’s and SRB’s (except RB2)
CRLC_Config_REQ
Setup all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = 0
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate _REQ
cipheringModeCommand = Start/Restart (new algorithm)
rb_DL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CiphActivationTimeInfo = now (except RB2)
incHFN = NotInc
6 Re-initialize COUNT-I for all RBs and SRBs (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = 0 (new key)
integrityKey = new key
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
8.5.4.5.3.3 Pending security configuration (no new key)
1 Before sending one of the SRNS relocation related messages
CRLC_SecurityMode_Config_REQ
startValue = OMIT (no COUNT-I re-initialization)
integrityKey = OMIT or value maintained by TTCN (no key change)
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
SS_IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
2 Send one of the SRNS relocation related messages
3 Re-establish RB2 and re-initialize COUNT-C for RB2
CRLC_SequenceNumber_REQ
CRLC_SequenceNumber_CNF
HFN = MAX(HFN of DL/UL COUNT-C of RB2) + 1
CRLC_Config_REQ
Release RB2
CRLC_Config_REQ
Setup RB2
CRLC_SecurityMode_Config_REQ
startValue = HFN calculated above
n_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ
if CIPHERING_STATUS= NotStarted
cipheringModeCommand = NULL (no ciphering)
if CIPHERING_STATUS = Started
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2 only)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ
rb_UL_CipheringActivationTimeInfo = now (RB2 only)
incHFN = NotInc
4 Receive the response message
5 Re-establish all RBs and SRBs (except RB2) and re-initialize COUNT-C for all RBs and SRBs (except RB2)
CRLC_Config_REQ
Release all RB’s and SRB’s (except RB2)
CRLC_Config_REQ
Setup all RB’s and SRB’s (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate _REQ
cipheringModeCommand = Start/Restart (new algorithm)
rb_DL_CiphActivationTimeInfo = now (except RB2)
CRLC_Ciphering_Activate _REQ
rb_UL_CiphActivationTimeInfo = now (except RB2)
6 Re-initialize COUNT-I for all RBs and SRBs (except RB2)
CRLC_SecurityMode_Config_REQ
startValue = value received in the response message
integrityKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Integrity_Activate_REQ
IntegrityProtectionModeCommand = Start (FRESH)
IntegrityProtectionAlgorithm = selected value (downlink integrity protection starts immediately)
CRLC_Integrity_Activate_REQ
ul_IntegProtActivationInfo = value (now)
8.5.4.6 CELL/URA update
8.5.4.6.1 RLC re-establish (RB2, RB3, RB4)
"RLC re-establish (RB2, RB3, RB4)" in CELL UPDATE CONFIRM message is set to TRUE CIPHERING_STATUS = Started for the CN domain concerned
1. After sending CELL UPDATE CONFIRM message, re-establish the RB2, RB3 and RB4 (if established)
CRLC_SecurityMode_Config_REQ
startValue = value received from CELL UPDATE message
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB2, RB3, RB4)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB2, RB3, RB4)
incHFN = NotInc
8.5.4.6.2 RLC re-establish (RAB)
"RLC re-establish (RB5 and upwards)" in CELL UPDATE CONFIRM message is set to TRUE CIPHERING_STATUS = Started for the CN domain concerned
1. After sending CELL UPDATE CONFIRM message, re-establish the RAB
CRLC_SecurityMode_Config_REQ
startValue = value received from CELL UPDATE message
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (existing algorithm)
rb_DL_CiphActivationTimeInfo = now (RB5 and upwards)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB5 and upwards)
incHFN = NotInc
8.5.4.7 Inter RAT handover to UTRAN
8.5.4.7.1 ciphering has not been activated
ciphering has not been started in the radio access technology from which inter RAT handover is performed. TM mode radio bearer will be established in the UTRAN.
1. Sending HANDOVER TO UTRAN COMMAND in a RAT different from UTRAN
2. After receiving HANDOVER TO UTRAN COMPLETE message
CMAC_SecurityMode_Config_REQ
startValue = value received in HANDOVER TO UTRAN COMPLETE message
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = NotInc
cipheringModeCommand = NULL
activationTimeForDPCH = now
CRLC_SecurityMode_Config_REQ
startValue = value received in HANDOVER TO UTRAN COMPLETE
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = NULL
rb_DL_CiphActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = Inc CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = Inc
8.5.4.7.2 ciphering has been activated
ciphering has been started in the radio access technology from which inter RAT handover is performed. TM mode radio bearer will be established in the UTRAN.
1. Before sending HANDOVER TO UTRAN COMMAND
CRLC_SecurityMode_Config_REQ
startValue = "START" value included in the IE "UE security information" in the variable "INTER_RAT_HANDOVER_INFO_TRANSFERRED"
cipheringKey = value generated in authentication procedure in GRAN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (algorithm in HANDOVER TO UTRAN COMMAND)
rb_DL_CiphActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = NotInc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = NotInc
CMAC_SecurityMode_Config_REQ
startValue = "START" value included in the IE "UE security information" in the variable "INTER_RAT_HANDOVER_INFO_TRANSFERRED"
cipheringKey = value generated in authentication procedure in GRAN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = NotInc
cipheringModeCommand = Start/Restart (algorithm in HANDOVER TO UTRAN COMMAND)
activationTimeForDPCH = now
2. Sending HANDOVER TO UTRAN COMMAND in a RAT different from UTRAN
3. After receiving HANDOVER TO UTRAN COMPLETE message
CMAC_SecurityMode_Config_REQ
startValue = value received in the response message
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (algorithm) in HANDOVER TO UTRAN COMMAND)
activationTimeForDPCH = value in "COUNT-C activation time"
incHFN = IncByOne_IncPerCFN_Cycle
CRLC_SecurityMode_Config_REQ
startValue = value received in HANDOVER TO UTRAN COMPLETE
cipheringKey = value generated in authentication procedure in GRAN
cn_DomainIdentity = CS or PS
CRLC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (algorithm in HANDOVER TO UTRAN COMMAND)
rb_DL_CiphActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = Inc
CRLC_Ciphering_Activate_REQ (CN domain concerned)
rb_UL_CipheringActivationTimeInfo = now (RB1, RB2, RB3, RB4)
incHFN = Inc
8.5.4.8 Hard handover
Ciphering is activated for any TM radio bearer;
"Downlink DPCH info for all RL" in a message performing timing re-initialized hard handover or;
"Downlink DPCH info for all RL" in a message other than RADIO BEARER SETUP transferring UE to Cell_DCH from non-Cell_DCH state.
1. Before sending the message
CMAC_SecurityMode_Config_REQ
startValue = value most recently received
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
incHFN = NotInc
cipheringModeCommand = Start/Restart (existing algorithm)
activationTimeForDPCH = now
2. Send the message for hard HO
3. After receiving the response message
CMAC_SecurityMode_Config_REQ
startValue = value received in the response message
cipheringKey = value maintained by TTCN
cn_DomainIdentity = CS or PS
CMAC_Ciphering_Activate_REQ (CN domain concerned)
cipheringModeCommand = Start/Restart (existing algorithm)
activationTimeForDPCH = value in "COUNT-C activation time"
incHFN = IncByOne_IncPerCFN_Cycle
8.5.5 Test USIM configurations
The default test USIM is defined in 3GPP TS 34.108 [3]. This clause specifies a number of specific test USIM configurations which are used for the concerned test cases.
8.5.5.1 Test USIM for Idle mode tests
The PLMN 1-12 identities used below have been defined in 3GPP TS 34.123-1 [1], table 6.2. Clause numbers refer to 3GPP TS 34.123-1 [1].
Test USIM is configured as bellow for PLMN selection of RPLMN, HPLMN, UPLMN and OPLMN in tc_6_1_1_1, tc_6_1_1_4, and tc_6_1_1_14.
Table 8.5.5.1.1
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFPLMNwAcT |
1st |
PLMN 3 |
UTRAN |
|
2nd |
PLMN 4 |
UTRAN |
|
|
EFOPLMNwAcT |
1st |
PLMN 5 |
UTRAN |
|
2nd |
PLMN 6 |
UTRAN |
|
|
EFFPLMN |
PLMN 3 |
||
Test USIM is configured as bellow for PLMN selection of other PLMN with access technology combinations in tc_6_1_1_2.
Table 8.5.5.1.2
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFFPLMN |
PLMN 10 |
||
Test USIM is configured as bellow for manual PLMN selection independent of RF level and preferred PLMN in TC_6_1_1_3.
Table 8.5.5.1.3
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFPLMNwAcT |
1st |
PLMN 3 |
UTRAN |
The test USIM is configured as bellow in tc_6_1_1_8.
Table 8.5.5.1.4
|
USIM field |
Priority |
PLMN |
|
EFPLMNwAcT |
1st |
PLMN 7 |
|
EFOPLMNwAcT |
1st |
PLMN 5 |
|
2nd |
PLMN 6 |
|
|
EFFPLMN |
PLMN 7 |
|
Test USIM is configured as bellow for manual PLMN selection in tc_6_1_1_9.
Table 8.5.5.1.5
|
USIM field |
Priority |
PLMN |
|
EFPLMNwAcT |
1st |
PLMN 3 |
|
EFOPLMNwAcT |
1st |
PLMN 4 |
|
2nd |
PLMN 5 |
|
|
EFFPLMN |
PLMN 5 |
|
Test USIM is configured as bellow for manual PLMN selection in tc_6_1_1_10.
Table 8.5.5.1.6
|
USIM field |
Priority |
PLMN |
|
EFPLMNwAcT |
1st |
PLMN 2 |
|
EFOPLMNwAcT |
1st |
PLMN 5 |
|
EFFPLMN |
1st |
PLMN 4 |
The test USIM is configured as bellow in tc_6_1_1_11.
Table 8.5.5.1.7
|
USIM field |
Priority |
PLMN |
|
EFOPLMNwAcT |
1st |
PLMN 2 |
|
2nd |
PLMN 3 |
|
|
3rd |
PLMN 4 |
|
|
EFFPLMN |
PLMN 2 |
|
Test USIMs are configured as bellow for manual PLMN selection in tc_6_1_1_12. Three test USIMs are needed for the test.
Table 8.5.5.1.8: USIM A
|
USIM field |
Priority |
PLMN |
|
EFEHPLMN |
1st |
PLMN 4 |
|
2nd |
PLMN 2 |
|
|
3rd |
PLMN 1 |
|
|
EFUST |
Service n°71 Equivalent HPLMN and Service n°73 Equivalent HPLMN Presentation Indication available |
|
|
EFEHPLMNPI |
’02’ – Display all the available EHPLMNs |
|
Table 8.5.5.1.9: USIM B
|
USIM field |
Priority |
PLMN |
|
EFEHPLMN |
1st |
PLMN 2 |
|
2nd |
PLMN 3 |
|
|
3rd |
PLMN 1 |
|
|
EFUST |
Service n°71 Equivalent HPLMN and Service n°73 Equivalent HPLMN Presentation Indication available |
|
|
EFEHPLMNPI |
’01’ – Display the highest-priority available EHPLMN only |
|
Table 8.5.5.1.10: USIM C
|
USIM field |
Priority |
PLMN |
|
EFEHPLMN |
1st |
PLMN 3 |
|
2nd |
PLMN 4 |
|
|
3rd |
PLMN 1 |
|
|
EFUST |
Service n°71 Equivalent HPLMN available |
|
|
EFEHPLMNPI |
Not present |
|
Test USIMs are configured as bellow for manual PLMN selection in tc_6_1_1_13. Two test USIMs are needed for the test.
Table 8.5.5.1.11: USIM A
|
USIM field |
LRPLMNSI |
|
EFLRPLMNSI |
01 |
Table 8.5.5.1.12: USIM B
|
USIM field |
LRPLMNSI |
|
EFLRPLMNSI |
00 |
Table 8.5.5.1.13: Parameters common for USIM A & USIM B
|
USIM field |
Priority |
PLMN |
|
EFEHPLMN |
1st |
PLMN 5 |
|
EFEHPLMN |
2nd |
PLMN 4 |
The test USIM is configured as bellow in tc_6_1_1_15. Two test USIMs are needed for the test.
Table 8.5.5.1.14: USIM A
|
USIM field |
Priority |
PLMN |
|
EFEHPLMN |
1st |
PLMN 5 |
|
EFEHPLMN |
2nd |
PLMN 4 |
Test USIM is configured as below for emergency calls in tc_6_1_2_6.
Table 8.5.5.1.15
|
USIM field |
Priority |
PLMN |
|
EFFPLMN |
PLMN 3 |
|
The test USIM is configured in tc_6_1_2_9a with "Type A" EFACC.
The test USIM is configured in tc_6_1_2_9b with "Type B" EFACC.
Test USIMs are configured as bellow for Selection of the correct PLMN and associated RAT in tc_6_2_1_1. Two test USIMs are needed for the test.
Table 8.5.5.1.16: USIM A
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFHPLMNwAcT |
1st |
PLMN1 |
GSM |
|
EFHPLMNwAcT |
2nd |
PLMN1 |
UTRAN |
Table 8.5.5.1.17: USIM B
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
GSM |
Test USIMs are configured as bellow for Selection of RAT for HPLMN in tc_6_2_1_2. Two test USIMs are needed for the test.
Table 8.5.5.1.18: USIM A
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFLOCI |
PLMN 1 |
||
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
GSM |
Table 8.5.5.1.19: USIM B
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFLOCI |
PLMN 1 |
||
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
Test USIMs are configured as bellow for Selection of RAT for HPLMN in tc_6_2_1_6. Two test USIMs are needed for the test.
Table 8.5.5.1.20: USIM A
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
GSM |
|
|
EFPLMNwAcT |
1st |
PLMN3 |
UTRAN |
Table 8.5.5.1.21: USIM B
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
||
|
EFPLMNwAcT |
1st |
PLMN3 |
UTRAN |
Test USIM for Selection of RAT for UPLMN or OPLMN in tc_6_2_1_3, tc_6_2_1_4, tc_6_2_1_7, tc_6_2_1_8 and for Selection of Other PLMN with access technology combinations"; Automatic mode in tc_6_2_1_9.
Table 8.5.5.1.22
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFHPLMNwAcT |
1st |
PLMN2 |
UTRAN |
|
2nd |
PLMN2 |
GSM |
|
|
EFPLMNwAcT |
1st |
PLMN 3 |
UTRAN |
|
2nd |
PLMN 4 |
GSM |
|
|
EFOPLMNwAcT |
1st |
PLMN 5 |
UTRAN |
|
2nd |
PLMN 6 |
GSM |
Test USIM are configured as bellow for manual selection of other PLMN with access technology combinations in tc_6_2_1_5.
Table 8.5.5.1.23
|
USIM field |
Priority |
PLMN |
Access Technology Identifier |
|
EFLOCI |
PLMN 7 |
||
|
EFFPLMN |
PLMN 8 |
||
|
PLMN 9 |
|||
Test USIM for cell reselection if cell becomes barred or for cell reselection timings requires that the USIM does not contain any preferred RAT. This specific test USIM applies to tc_6_2_2_1, tc_6_2_2_2 and tc_6_2_2_3.