H.1 Introduction

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

H.1.1 General

The provisions in the present Annex apply to procedures between an MS and an SGSN whenever the MS capability contains at least one non-NULL integrity algorithm.

In particular, the provisions in the present Annex apply to MSs supporting EC-GSM-IoT according to TS 43.064 [20].

Integrity protection has been specified in the present Annex for both the acknowledged (i.e. I-frames) and unacknowledged (i.e. UI-frames) mode of operations. In stage 3 specification, integrity protection of acknowledged mode is not supported in this release.

H.1.2 Considerations on bidding down attacks

An MS conforming to the provisions in the present Annex shall reject connections to legacy SGSNs that do not provide the enhanced security features described in the present Annex.

NOTE: The reason for this requirement is that an MS cannot know whether it receives a reply without signalling integrity protection from a genuine legacy SGSN or from a false SGSN that intercepted the request from the MS. Consequently, the MS would be susceptible to bidding down attacks during the Attach procedure that could nullify the security gains offered by the provisions in the present Annex.