7 Ciphering
3GPP43.051GSM/EDGE Overall descriptionRelease 17Stage 2TS
The ciphering architecture is specified in 3GPP TS 33.102 and is identical to that of UTRAN (f8). The ciphering principle with input parameters to the algorithm is illustrated in figure 17.
Figure 17: Ciphering Principle
Ciphering shall be applied after contention resolution has been performed provided the MS is under coverage of its serving BSS. It is FFS how it is performed when the controlling RAN node is not the serving RAN node.
7.1 Location of ciphering in the GERAN protocol architecture
The ciphering function is performed either in the RLC sub-layer or in the MAC sub-layer, according to the following rules:
– In case of non-transparent RLC mode (acknowledged or unacknowledged), ciphering is performed in the RLC sub-layer for layer 2 user data blocks only. Layer 2 signalling is ciphered in the MAC sub-layer.
– In case of transparent RLC mode, ciphering is performed in the MAC sub-layer.
According to this model, ciphering when applied is performed in the BSS and the MS, and the context needed for ciphering (input parameters) is only known in BSS and the MS.
7.2 Inputs to the ciphering algorithm
7.2.1 Ciphering Key
The ciphering key is 128 bit long.
The ciphering key is established between the MS and BSS during the authentication phase. In the two-key solution, the CS-domain user-plane bearers are ciphered with the most recent cipher key agreed between the user and the MSC (CK-CS). The PS-domain user-plane bearers are ciphered with the most recent cipher key agreed between the user and the SGSN (CK-PS).
The signalling radio bearers are used for transfer of signalling data for services delivered by both CS and PS service domains. These signalling radio bearers are ciphered using the CK of the service domain for which the most recent security mode negotiation took place. This may require that the cipher key of an (already ciphered) ongoing signalling connection has to be changed, when a new connection is established with another service domain, or when a security mode negotiation follows a re-authentication during an ongoing connection.
To ensure performing the right ciphering function at the RLC and MAC layers, three conditions must be met:
– A user-plane Radio Bearer is either from CS-domain or PS-domain, but not from both.
– RRC maps a given user-plane Radio Bearer to a given domain in order to derive the correct key to utilise for each RB.
– The RLC and MAC layers receive the Radio Bearer IDs and CKs they should use from RRC.
7.2.2 Bearer
This parameter indicates the radio bearer identity (when available), which shall be unique within a RRC connection. It is used as input parameter to the ciphering algorithm to ensure that the same ciphering mask is not applied to two or more parallel Radio Bearers having the same ciphering key and count. Each Radio Bearer is ciphered independently.
In case no radio bearer identity is available (layer 2 signalling), the data id shall be equal to a unique value.
To ensure that the same ciphering mask is not applied to layer 2 signalling (no RBid available) and layer 2 user data (RBid available), RBid indicator is used in the count parameter to inform whether RBid is available or not.
7.2.3 Direction
This parameter indicates the direction of transmission (uplink/downlink).
7.2.4 Length
This parameter indicates the length of the mask to be generated by the algorithm (this length is equal to that of the data to be ciphered). It is not an input to the mask generator.
7.2.5 Parameter Settings
The following tables defines how to set the input parameters to the ciphering algorithm that applies to layer 2 user data blocks and layer 2 signalling respectively:
Table 4: Input parameters for user data blocks
|
Input parameters |
Size (bits) |
Non-transparent RLC Mode |
Transparent RLC Mode |
|
Count |
32 |
RLC Sequence Number: a) 7 bits or b) 11 bits a) 0…127 or b) 0…2047 |
Slot number: 3 bits 0…7 |
|
RBid indicator: 1 bit 1 (RBid available) |
|||
|
HFN: 24 or 20 bits a) 0…16777215 or b) 0…1048575 |
TDMA Frame Number: 17 bits (see note 1) |
||
|
HFN: 11 bits 0…2047 |
|||
|
Direction |
1 |
1 bit 0 (Uplink) or 1 (Downlink) |
|
|
Bearer |
5 |
Radio Bearer Identifier (RBid) 0…31 |
|
|
Length |
16 |
Length of the input data to be ciphered: the fields included in the input parameters shall not be ciphered. 0…65535 |
Full block size |
|
NOTE 1: The construction of the 17-bit TDMA Frame Number is described in 3GPP TS 44.160. |
|||
Table 5: Input Parameters for layer 2 signalling
|
Input parameters |
Size (bits) |
Non-transparent RLC mode |
|
Count |
32 |
Slot number: 3 bits 0…7 |
|
RBid indicator: 1 bit 0 (RBid not available) |
||
|
TDMA Frame Number: 17 bits (see note 1 in table 4) |
||
|
HFN: 11 bits 0…2047 |
||
|
Direction |
1 |
1 bit 0 (Uplink) or 1 (Downlink) |
|
Bearer |
5 |
"00000" |
|
Length |
L |
Full block size |