22.5.10 NB-IoT / EPS NAS integrity and encryption / SNOW 3G

36.523-13GPPEvolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Packet Core (EPC)Part 1: Protocol conformance specificationRelease 17TSUser Equipment (UE) conformance specification

22.5.10.1 Test Purpose (TP)

(1)

with { UE having successfully completed EPS authentication and key agreement (AKA) procedure }

ensure that {

when { UE in NB-S1 modereceives an integrity protected and ciphering SECURITY MODE COMMAND message instructing to start integrity protection and ciphering algorithm with SNOW 3G }

then { UE transmits an integrity protected with SNOW 3G and ciphering SECURITY MODE COMPLETE and starts applying the NAS Integrity protection and NAS ciphering in both UL and DL }

}

22.5.10.2 Conformance requirements

References: The conformance requirements covered in the current TC are specified in: TS 24.301 clause 4.4.4.1, 4.4.4.2, 5.4.3.1, 5.4.3.2 and 5.4.3.3. Unless otherwise stated these are Rel-13 requirements.

[TS 24.301, clause 4.4.4.1]

For the UE, integrity protected signalling is mandatory for the NAS messages once a valid EPS security context exists and has been taken into use. For the network, integrity protected signalling is mandatory for the NAS messages once a secure exchange of NAS messages has been established for the NAS signalling connection. Integrity protection of all NAS signalling messages is the responsibility of the NAS. It is the network which activates integrity protection.

[TS 24.301, clause 4.4.4.2]

Once the secure exchange of NAS messages has been established, the receiving EMM or ESM entity in the UE shall not process any NAS signalling messages unless they have been successfully integrity checked by the NAS. If NAS signalling messages, having not successfully passed the integrity check, are received, then the NAS in the UE shall discard that message. The processing of the SECURITY MODE COMMAND message that has not successfully passed the integrity check is specified in subclause 5.4.3.5. If any NAS signalling message is received as not integrity protected even though the secure exchange of NAS messages has been established by the network, then the NAS shall discard this message.

[TS 24.301, clause 5.4.3.1]

The purpose of the NAS security mode control procedure is to take an EPS security context into use, and initialise and start NAS signalling security between the UE and the MME with the corresponding EPS NAS keys and EPS security algorithms.

[TS 24.301, clause 5.4.3.2]

The MME initiates the NAS security mode control procedure by sending a SECURITY MODE COMMAND message to the UE and starting timer T3460 (see example in figure 5.4.3.2.1).

The MME shall reset the downlink NAS COUNT counter and use it to integrity protect the initial SECURITY MODE COMMAND message if the security mode control procedure is initiated:

– to take into use the EPS security context created after a successful execution of the EPS authentication procedure;

– upon receipt of TRACKING AREA UPDATE REQUEST message including a GPRS ciphering key sequence number IE, if the MME wishes to create a mapped EPS security context (i.e. the type of security context flag is set to "mapped security context" in the NAS key set identifier IE included in the SECURITY MODE COMMAND message).

The MME shall send the SECURITY MODE COMMAND message unciphered, but shall integrity protect the message with the NAS integrity key based on KASME or mapped K’ASME indicated by the eKSI included in the message. The MME shall set the security header type of the message to "integrity protected with new EPS security context".

The MME shall include the replayed security capabilities of the UE (including the security capabilities with regard to NAS, RRC and UP (user plane) ciphering as well as NAS and RRC integrity, and other possible target network security capabilities, i.e. UTRAN/GERAN if the UE included them in the message to network), the replayed nonceUE when creating a mapped EPS security context and if the UE included it in the message to the network, the selected NAS ciphering and integrity algorithms and the Key Set Identifier (eKSI).

Additionally, the MME may request the UE to include its IMEISV in the SECURITY MODE COMPLETE message.

NOTE: The AS and NAS security capabilities will be the same, i.e. if the UE supports one algorithm for NAS it is also be supported for AS.

[TS 24.301, clause 5.4.3.3]

Upon receipt of the SECURITY MODE COMMAND message, the UE shall check whether the security mode command can be accepted or not. This is done by performing the integrity check of the message and by checking that the received UE security capabilities and the received nonceUE have not been altered compared to what the UE provided in the initial layer 3 message that triggered this procedure.

If the type of security context flag is set to "native security context" and if the KSI matches a valid native EPS security context held in the UE while the UE has a mapped EPS security context as the current security context, the UE shall take the native EPS security context into use.

If the SECURITY MODE COMMAND message can be accepted, the UE shall take the EPS security context indicated in the message into use. The UE shall in addition reset the uplink NAS COUNT counter if:

– the SECURITY MODE COMMAND message is received in order to take an EPS security context into use created after a successful execution of the EPS authentication procedure;

– the SECURITY MODE COMMAND message received includes the type of security context flag set to "mapped security context" in the NAS key set identifier IE the eKSI does not match the current EPS security context, if it is a mapped EPS security context.

If the SECURITY MODE COMMAND message can be accepted, the UE shall send a SECURITY MODE COMPLETE message integrity protected with the selected NAS integrity algorithm and the EPS NAS integrity key based on the KASME or mapped K’ASME if the type of security context flag is set to "mapped security context" indicated by the eKSI. When the SECURITY MODE COMMAND message includes the type of security context flag set to "mapped security context" in the NAS key set identifier IE, the nonceMME and the nonceUE, then the UE shall either:

– generate K’ASME from both the nonceMME and the nonceUE as indicated in 3GPP TS 33.401 [19];or

– check whether the SECURITY MODE COMMAND message indicates the eKSI of the current EPS security context, if it is a mapped EPS security context, in order not to re-generate the K’ASME.

Furthermore, if the SECURITY MODE COMMAND message can be accepted, the UE shall cipher the SECURITY MODE COMPLETE message with the selected NAS ciphering algorithm and the EPS NAS ciphering key based on the KASME or mapped K’ASME indicated by the eKSI. The UE shall set the security header type of the message to "integrity protected and ciphered with new EPS security context".

From this time onward the UE shall cipher and integrity protect all NAS signalling messages with the selected NAS ciphering and NAS integrity algorithms.

If the MME indicated in the SECURITY MODE COMMAND message that the IMEISV is requested, the UE shall include its IMEISV in the SECURITY MODE COMPLETE message.

22.5.10.3 Test description

22.5.10.3.1 Pre-test conditions

System Simulator:

– Ncell 1.

UE:

None.

Preamble:

– The UE is in state Switched OFF (state 1-NB) according to TS 36.508 [18].

22.5.10.3.2 Test procedure sequence

Table 22.5.10.3.2-1: Main behaviour

St

Procedure

Message Sequence

TP

Verdict

U – S

Message

1

The UE is switched on.

2-6

Steps 2-6 of the generic procedure for UE registration specified in TS 36.508 [subclause 8.1.5.2.3] are performed.

7

The SS transmits a NAS SECURITY MODE COMMAND message to activate NAS security. (type of integrity protection algorithm SNOW 3G)

<–

SECURITY MODE COMMAND

8

Check: Does the UE transmit a SECURITY MODE COMPLETE message ciphered and starts applying ciphering and the NAS Integrity protection in both UL and DL?

–>

SECURITY MODE COMPLETE

1

P

9-17

Steps 9a1-15 of the generic procedure for UE registration specified in TS 36.508 [subclause 8.1.5.2.3] are performed.

18

The SS transmits an IDENTITY REQUEST message with Integrity protected and ciphered

<-

IDENTITY REQUEST

19

Check: Does the UE transmit an IDENTITY RESPONSE message with Integrity Protected and ciphered?

->

IDENTITY RESPONSE

1

P

20

The SS transmits an IDENTITY REQUEST message (not Integrity protected and ciphered)

<-

IDENTITY REQUEST

21

Check: Does the UE transmit an IDENTITY RESPONSE message within the next 5 seconds?

->

IDENTITY RESPONSE

1

F

22.5.10.3.3 Specific message contents

Table 22.5.10.3.3-1: SECURITY MODE COMMAND (Step 7)

Derivation path: 36.508 table 4.7.2-19

Information Element

Value/Remark

Comment

Condition

Selected NAS security algorithms

Type of integrity protection algorithm

001

EPS integrity algorithm 128-EIA1 (SNOW 3G)

Type of ciphering algorithm

001

EPS encryption algorithm 128-EEA1 (SNOW3G)