H.9 Protected negotiation of IOV values
3GPP43.020Release 17Security related network functionsTS
H.9.1 Protected IOV container
The protected IOV container is composed by the follow three components:
– The new IOV values (as specified in TS 44.064 [20], see e.g. clause 8.9.2).
– The value of IOV_updates counter that was used in the calculation of MAC-IOV.
– The MAC-IOV value calculated over the new IOV values and the value of IOV_updates counter.
After a successful authentication, both the MS and the eSGSN shall store a local counter "IOV_updates" showing the number of IOV_updates since the previous authentication. The initial value of the counter is 0, and it is incremented by 1 every time the eSGSN updates the IOV values, regardless whether it updates IOV-UI only, i-IOV-UI only, or both IOV-UI and i-IOV-UI. In the first protected IOV container, the IOV_ updates counter shall be 1. The IOV_ updates counter in the MS side represents the number of successful IOV_updates, and may have smaller value than the IOV_ updates counter maintained in the eSGSN.
The MAC-IOV is calculated with the following inputs:
– The integrity protection algorithm shall be the same GIA algorithm that is already used at the MS for integrity protection at LLC layer; if there is no integrity algorithm in place at the MS at LLC layer, then the integrity algorithm shall be the same GIA algorithm that was just negotiated at GMM layer;
– The integrity key shall be the same integrity key Ki128 that is already used for integrity protection at LLC layer;
– All Input-I bits shall be set to the value of the IOV_updates counter;
– MESSAGE shall be set to the value part(s) of the new IOV value(s) (see TS 44.064 [20], clause 6.4.1.6); if more than one IOV value is included in the protected IOV container, the value parts shall be concatenated in the same order of sequence as included in the LLC XID command message;
– DIRECTION bit shall be set to 1;
– The FRAMETYPE (needed for the CONSTANT-F calculation) is set to 254;
The MAC-IOV shall be the 32 least significant bits of the output of the used integrity algorithm.
H.9.2 LLC XID procedure with protected IOV container
The following description in this clause is only applicable to the LLC XID procedure in LLC layer protocol when constructing and verifying the protected IOV container. The eSGSN shall always send the IOV values in the protected IOV container to the MS. Protection is provided only towards the MS in the LLC XID command, and the LLC XID response from the MS towards the eSGSN includes no protection. The procedure is demonstrated in figure H.9.2-1.
Figure H.9.2-1: LLC XID procedure with protected IOV container
The eSGSN shall construct and include the protected IOV container in the LLC XID command message to the MS. The protected IOV container is to be used for integrity protection and replay protection of the new IOV values. The MAC-IOV is a message authentication code that protects the integrity of the IOV values carried in the LLC XID command message. The IOV_updates provides replay protection to the IOV values. The IOV values may include IOV-UI only, i-IOV-UI only, or both IOV-UI and i-IOV-UI.
The LLC layer in the MS checks and verifies the MAC-IOV received in LLC XID command message. The MS shall confirm that the IOV_updates value received in the LLC XID command is greater than the local IOV_updates counter maintained in the MS. If the IOV_updates value in the received message is acceptable, and the verification of the MAC-IOV is successful then the MS replaces its local value of the IOV_updates counter with the new one that was received in the LLC XID command message, and replies with a LLC XID response message sent without replay and integrity protection.
If the MS receives a LLC XID command message updating the IOV parameters without a MAC-IOV parameter, or the received IOV_updates value is smaller or equal to the local IOV-updates counter maintained in the MS, then the MS shall silently discard the message.
If the verification of the MAC-IOV received in the LLC XID message is not successful in the MS, then the MS shall silently discard the message.
The LLC XID response to the LLC XID comman carrying the protected IOV container includes no protection.
Annex I (informative):
Change history
|
Change history |
||||||||
|---|---|---|---|---|---|---|---|---|
|
Date |
TSG # |
TSG Doc. |
CR |
Rev |
Subject/Comment |
Cat |
Old |
New |
|
Nov 2000 |
– |
– |
– |
– |
Transferred to 3GPP as 3GPP TS 43.020 version 4.0.0 (Release 4) |
– |
9.0.0 |
4.0.0 |
|
July 2002 |
SA#16 |
– |
– |
– |
– |
4.0.0 |
5.0.0 |
|
|
Sept 2004 |
SP-25 |
SP-040615 |
0001 |
– |
Introducing VGCS/VBS ciphering (Creation of Rel-6 version) |
B |
5.0.0 |
6.0.0 |
|
Sept 2004 |
– |
– |
– |
– |
General editorial changes and Annex G created from clause F.7 (MCC) |
– |
5.0.0 |
6.0.0 |
|
Dec 2004 |
SP-26 |
SP-040862 |
0002 |
2 |
Clarifications to VGCS/VBS ciphering mechanism |
F |
6.0.0 |
6.1.0 |
|
Dec 2004 |
SP-26 |
SP-040862 |
0002 |
2 |
Clarifying the support of algorithms within mobile stations |
C |
6.0.0 |
6.1.0 |
|
2005-09 |
SP-29 |
SP-050567 |
0004 |
– |
Correction of USIM based ciphering on dedicated channels |
F |
6.1.0 |
6.2.0 |
|
2005-09 |
SP-29 |
SP-050566 |
0005 |
– |
Correction on service specific group keys |
F |
6.1.0 |
6.2.0 |
|
2005-09 |
SP-29 |
SP-050550 |
0006 |
– |
Clarify ciphering for A5 algorithms that do not produce bit after bit output. |
F |
6.1.0 |
6.2.0 |
|
2006-03 |
SP-31 |
SP-060050 |
0009 |
– |
Correction of a reference |
F |
6.2.0 |
6.3.0 |
|
2006-06 |
SP-32 |
SP-060377 |
0012 |
– |
Correction and clarification of requirements relating to A5 algorithm support |
F |
6.3.0 |
6.4.0 |
|
2007-06 |
SP-36 |
– |
– |
– |
Update to Rel-7 version (MCC) |
– |
6.4.0 |
7.0.0 |
|
2007-09 |
SP-37 |
SP-070592 |
0016 |
1 |
Miscellaneous corrections to the specification of the A5 algorithm in the 8-PSK case |
F |
7.0.0 |
7.1.0 |
|
2007-12 |
SP-38 |
SP-070784 |
0022 |
– |
Allowing new A5 algorithms to be introduced in future releases |
A |
7.2.0 |
7.3.0 |
|
2008-07 |
— |
— |
— |
– |
Correction of history |
– |
7.3.0 |
7.3.1 |
|
2008-12 |
SP-42 |
— |
— |
— |
Upgrade to Release 8 |
– |
7.3.1 |
8.0.0 |
|
2009-09 |
SP-45 |
SP-090635 |
0025 |
1 |
Introduction of A5/4 and GEA4 |
B |
8.0.0 |
9.0.0 |
|
2009-09 |
SP-46 |
SP-090821 |
0026 |
1 |
algorithm selection for GSM subscriber in 128-bit encryption |
F |
9.0.0 |
9.1.0 |
|
2011-03 |
– |
– |
– |
– |
Update to Rel-10 version (MCC) |
— |
9.1.0 |
10.0.0 |
|
2011-06 |
SP-52 |
SP-110268 |
0028 |
– |
A5/3 and A5/4 support in GSM |
B |
10.0.0 |
11.0.0 |
|
2013-03 |
SP-59 |
SP-130037 |
0029 |
– |
Warning regarding GEA1 support in mobile stations |
F |
11.0.0 |
11.1.0 |
|
2013-03 |
SP-59 |
SP-130037 |
0030 |
– |
Prohibiting GEA1 in mobile stations |
C |
11.1.0 |
12.0.0 |
|
2014-06 |
SP-64 |
SP-140311 |
0031 |
2 |
Kc128 derivation at intra GERAN mobility |
A |
12.0.0 |
12.1.0 |
|
2016-01 |
– |
– |
– |
– |
Update to Rel-13 version (MCC) |
12.1.0 |
13.0.0 |
|
|
2016-03 |
SP-71 |
SP-160054 |
0036 |
1 |
Access security related functions for enhanced General Packet Radio Service in relation to Cellular Internet of Things |
B |
13.0.0 |
13.1.0 |
|
Change history |
|||||||
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2016-06 |
SA#72 |
SP-160388 |
0037 |
– |
F |
Change the name of the feature to EC-GSM-IoT |
13.2.0 |
|
2016-06 |
SA#72 |
SP-160388 |
0038 |
1 |
F |
Clarification on optional inclusion of user plane integrity indication in MS network capability |
13.2.0 |
|
2016-06 |
SA#72 |
SP-160388 |
0040 |
1 |
F |
Adding procedural details for ciphering and integrity mode negotiation |
13.2.0 |
|
2016-06 |
SA#72 |
SP-160388 |
0041 |
1 |
F |
Adding details for new cellular algorithms GIA4, GEA5 and GIA5 |
13.2.0 |
|
2016-06 |
SA#72 |
SP-160388 |
0042 |
– |
F |
The definition of MAC-GMM in GMM Authentication and Ciphering Request and GMM Authentication and Ciphering Response |
13.2.0 |
|
2016-06 |
SA#72 |
SP-160388 |
0044 |
– |
F |
Allocation of FC value to derivation of Ki128 and other changes |
13.2.0 |
|
2016-06 |
SA#73 |
SP-160581 |
0048 |
1 |
F |
Corrections to EASE |
13.3.0 |
|
2016-06 |
SA#73 |
SP-160581 |
0049 |
1 |
F |
Secure delivery of IOV-values to the MS in enhanced GPRS |
13.3.0 |
|
2016-06 |
SA#73 |
SP-160580 |
0047 |
1 |
B |
GSM secuirty improvements |
14.0.0 |
|
2016-12 |
SA#74 |
SP-160783 |
0053 |
1 |
A |
Clarification related to the LLC acknowledge mode |
14.1.0 |
|
2017-03 |
SA#75 |
SP-170105 |
0055 |
– |
A |
Correction of protected IOV container |
14.2.0 |
|
2017-06 |
SA#76 |
SP-170432 |
0056 |
1 |
A |
Adding references to GIA4, GEA5/GIA5 and stage 3 GMM specifications, and removing corresponding editor’s notes. |
14.3.0 |
|
2018-06 |
– |
– |
– |
– |
– |
Update to Rel-15 version (MCC) |
15.0.0 |
|
2020-07 |
– |
– |
– |
– |
– |
Update to Rel-16 version (MCC) |
16.0.0 |
|
2021-06 |
SA#92e |
SP-210448 |
0058 |
1 |
A |
Removal of GEA2 due to security concerns |
16.1.0 |
|
2022-03 |
– |
– |
– |
– |
– |
Update to Rel-17 version (MCC) |
17.0.0 |