8.8 Ciphering Configuration

3GPP43.318Generic Access Network (GAN)Release 17Stage 2TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The message flow for ciphering configuration is shown in figure 19.

Figure 19: Ciphering Configuration

1. The CN sends BSSMAP "Cipher Mode Command" message to GANC. This message contains the cipher key Kc, and the encryption algorithms that the GANC may use.

2. The GANC sends GA-CSR CIPHERING MODE COMMAND to the MS. This message indicate whether stream ciphering shall be started or not (after handover to GERAN) and if so, which algorithm to use, and a random number. The mobile station stores the information for possible future use after a handover to GERAN. The message also indicates whether the MS shall include IMEISV in the GA-CSR CIPHERING MODE COMPLETE message.

3. The MS computes a MAC based on the random number, the MS IMSI and the key Kc. The MS then sends GA‑CSR CIPHERING MODE COMPLETE message to signal its selected algorithm, the computed MAC, and the IMEISV, if indicated so in the GA-CSR CIPHERING MODE COMMAND.

4. This GANC verifies the MAC. If the GANC verifies MAC to be correct it sends Cipher Mode Complete message to the CN.

NOTE: The MAC proves that the identity that is authenticated to the GANC is the same as the identity authenticated to the core network. The configuration option of not enabling ciphering in the network will therefore open up the network to more security threats than in GERAN.