Professional Documents
Culture Documents
3GPP
LTE Security Architecture
LTE security architecture defines the security mechanism for both NAS layer
and AS layer. No HO related security is covered in this document.
NAS security
Carried out for NAS messages and belongs to the scope of UE and MME.
In this case NAS message communication between UE and MME are
Integrity protected and Ciphered with extra NAS security header.
AS security
Carried out for RRC and user plane data and belongs to the scope of UE and
eNB.
PDCP layer in UE and eNB side is responsible for the ciphering and
integrity protection.
RRC messages are integrity protected and ciphered but U-Plane data is only
ciphered.
Different Security algorithms
(integrity/ciphering)
Integrity
Ciphering
Generated Keys
When MME receives Attach Request from an UE to get the initial access to the
network, MME send the authentication data request to AuC/HSS. After derivation
of RAND, XRES, CK, IK, AUTN Authentication center combines them in to
authentication vector (AV = RAND || XRES || CK || IK || AUTN) and sends it to
MME with authentication data response.
Derived Keys
These keys are derived using the key derivation function (KDF) = HMAC-SHA-
256 (Key, S) where
Key = CK||IK
S = FC(0x10) || SN Id || Length of SN id || SQN AK || length of
SQN AK
KASME = HMAC-SHA-256 (Key, S)
Step-1
Step-2
Step-4
Step-5
Step-6
After receiving NAS security mode command from UE, MME Sends the
KeNB to eNB with S1AP Initial Context Setup Request (Security key)
Step-7
After getting keNB eNB will calculate Krrc-int, Krrc-enc, Kup-enc from that
as described above.
Then it will send RRC Security mode Command with AS integrity algo and
AS ciphering algo.
Step-8
After receiving RRC security mode command UE will calculate Krrc-int,
Krrc-enc, Kup-enc as described above.
UE will send RRC security mode complete to eNB
After all the above steps All the NAS and AS messages will be integrity protected
and ciphered except user data which will be only ciphered.
Further Studies
LTE Security is very well described in LTE Security book by Günther Horn, Dan
Forsberg, Wolf-Dietrich Moeller and Valtteri Niemi. This is a handy book with all
the details related to security aspects of LTE.
Post your questions and suggestions in the comments section below for a healthy
discussion on LTE Security.
Posted in 3GPP
45 COMMENTS
1. S.Kar
8 years ago Permalink
I did not see any major changes in comparison to UTran security. It would
be good to have a side by side comparison. Very nice article and helpful
though. It refreshed my knowledge.
2. dhayanithi
8 years ago Permalink
If the Network Type equals E-UTRAN then the “separation bit” in the AMF
field of AUTN shall be set to 1 to indicate to the UE that the authentication
vector is only usable for AKA in an EPS context, if the “separation bit” is
set to 0, the vector is usable in a non-EPS context only (e.g. GSM, UMTS).
For authentication vectors with the “separation bit” set to 1, the secret keys
CK and IK generated during AKA shall never leave the HSS
3. Prasanna Sahu
8 years ago Permalink
Hi Dhayanithi,
This key generation is based on LTE only if you will see the flow. May be it
is bit similar to UMTS. Let me clarify your points.
LTE uses spec 3gpp 29.272 in S6a interface between MME and HSS, where
as traditional Diameter follows the RFC 3588.
1. when MME gets any attach request from UE it finds out the UE capability
and based on that it makes sure that this UE supports E-UTRAN or
UTRAN/GERAN and then MME generates Authentication
Data/Information request (Diameter spec 3gpp 29272.940) from MME to
HSS(HE) carries following parameters
a. IMSI (as per rfc 3588 : User-name)
b. Supported features (as per rfc 3588 : Supported-features)
c. Requested E-UTRAN Authentication Info (included if UE Supports E-
UTRAN)
d. Requested UTRAN/GERAN Authentication Info(Included if UE Supports
UTRAN/GERAN)
e. Visited PLMN ID
If parameter (c) is included then HSS will set the “seperation bit” to 1 and if
(d) is included then HSS will set the “separation bit” to 0. now i think it is
clear that how HE is distinguish between E-UTRAN or UTRAN based UEs.
2. As per your CK, IK will never leave HSS during AKA. it is not correct, as
described in the blog HSS will combine AUTN, IK, CK, RAND and will
form AV and it will send this AV to MME with “Authentication Information
answer.
Structure of Authentication Information answer is as below
a. Result (error code)
b. Supported Features (o)
c. Authentication Info(This IE shall contain the Authentication Vectors.)
This means HSS will revert back to Auth information request with the
generated AV.
If you have any question or concerns please let me know so that we can
discuss it here and clarify it
4. raju
8 years ago Permalink
#excerpt
8.3 Analysis of the role of OP and OPc
The 128-bit value OP is the Operator Variant Algorithm Configuration
Field, which the Task Force was asked to include to provide separation
between the functionality of the algorithms when used by different
operators.
It should be difficult for someone who has discovered even a large number
of (OPc, K) pairs to deduce OP. That means that the OPc associated with
any other value of K will be unknown, which may make it (slightly) harder
to mount some kinds of cryptanalytic and forgery attacks.
It is more likely that OP can be kept secret if OP is not stored on the USIM,
as it then only takes one USIM to be reverse engineered for OP to be
discovered and published. Hence the task force recommends that OPc is
calculated off USIM.
5. Prasanna Sahu
8 years ago Permalink
Hi Raju, Thanks for your comment. 35.205(For UMTS network but still
used by LTE) is specifically for Milenage algorithm for authentication and
key generation.
LTE uses two types of algorithm for authentication and key generation
1. Test :-For Test algorithm the OP is not required, so if current LTE
operator is supporting Test algorithm for authentication and key generation
then OP is not required and in this case USIM doesn’t contain OP.
2. Milenage :-For milenage OP is mandatory. So if operator is using
Milenage algorithm for authentication and key generation then OP need to
be fabricated in USIM.
That’s the reason May be I have written it optional, But I should have
written it conditional instead of optional. If you have any concerns please let
me know.
1) The error code is failure only in case if HSS is not able to retrieve the
requested IMSI right. Is there any other failure sequence?
2) In case MME and SGSN is combined then the AIR will contain both
request for E-UTRAN and UTRAN/GERAN. so what is AMF in this case?
4) In the Key Generation Algo there is a parameter OP. Can you brief on it ?
(no of bits, where exactly it is feed as input? )
5) What is the signifiance of More AV’s Request from MME to HSS and
HSS sending More AV’s?
6) How the SQN is managed as there are three ways to handle it?
7. dhayanithi
8 years ago Permalink
8. Prasanna Sahu
8 years ago Permalink
Hi Dayanithi,
Please go through my comments below.
1) The error code is failure only in case if HSS is not able to retrieve the
requested IMSI right. Is there any other failure sequence?
Ans>>If HSS will not get the information about IMSI it will generate Auth
failure for sure, about further failure sequences I am also not clear. I have
very less knowledge on S6a interface. If you want I can get help from my
colleagues those who are working on that and let you know.
2) In case MME and SGSN is combined then the AIR will contain both
request for E-UTRAN and UTRAN/GERAN. so what is AMF in this case?
ANS:-Simultaneously UE can’t Access UTRAN and E-Utran, It will depend
on the UE capability, If the UE is only 3G based UE then it will
communicate with NodeB–>RNC–>SGSN–for security–>HSS. and if the
UE is dual mode(LTE/UTRAN) then it will depend on UE to select network
based open the NW availability(if LTE NW is available then it will
communicate with eNB–>MME–for security–>HSS). But simultaneously it
is not possible for UE to register with MME and SGSN.
9. Jitendra Sahu
8 years ago Permalink
11. wpoon
8 years ago Permalink
12. st0cktrader
7 years ago Permalink
Hi, what would happen if UE does not include security mode complete in
the NAS? It looks like the attach still completes.
13. sibananda
7 years ago Permalink
its nice one
14. m
7 years ago Permalink
Hi, you say the AMF is configured in the USIM but I can’t find that
anywhere in the 3GPP specs on USIMs. Can you explain where the AMF is
configured in the USIM?
Thanks!
Hi Prasanna,
I am working in dvelopment of HSS in which we are using HMAC-RSA-
256 algo as a part of the procedure to generate KASME key. Now my doubt
is once generated this key, do we have any test set to verify whether the
generated key is correct or not. Please help.
Regards,
Chandra Prakash
16. rajeev
6 years ago Permalink
Dear ones,
i am implimenting the integrity algorithm (128-eea2 aes) for PDCP protocol
At UE side ,Do you know any links that provides good info about this ,any
implimentation available…
17. prasanna
5 years ago Permalink
Yes, You are right. AMF is not configured in USIM. It is configured in HSS
and transfered to UE with AUTN.
18. Janardhan
5 years ago Permalink
Hi,
Does MME send Authentication Request (for re-authentication) with
integrity protected only ?
Thanks
Janardhan.
Kasme derivation:
as in 33.220, P0 is a static ASCII-encoded string.” For example if
P0=SNID=0x32F121. Would the P0 hex representation part of S look like
0x333246313231?
20. bhavana
5 years ago Permalink
Hi Can you please give a call flow for security when UE moves from 3G to
4G
I will try to add some security call flow procedures for handover scenarios
22. Prathvi
4 years ago Permalink
Thank you for the blog, it was a big help to understand the LTE network.
Hi, when the MME will send an AIR to the HSS with UTRAN/GERAN will
be present, is there a way to enforce the HSS to send triplets for EAP-SIM
authentication?
Thanks
24. Elizabeth
4 years ago Permalink
25. Margery
3 years ago Permalink
26. ilham
3 years ago Permalink
27. dhayanithi
3 years ago Permalink
#include “SNOW_3G.h”
/* LFSR */
/* FSM */
u32 FSM_R1 = 0x00;
u32 FSM_R2 = 0x00;
u32 FSM_R3 = 0x00;
/* Rijndael S-box SR */
u8 SR[256] = {
0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,0x30,0x01,0x67,0x2B,0xFE,
0xD7,0xAB,0x76,
0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,0xAD,0xD4,0xA2,0xAF,0x9
C,0xA4,0x72,0xC0,
0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,0x34,0xA5,0xE5,0xF1,0x71,
0xD8,0x31,0x15,
0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,0x07,0x12,0x80,0xE2,0xEB,0
x27,0xB2,0x75,
0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,0x52,0x3B,0xD6,0xB3,0x29
,0xE3,0x2F,0x84,
0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,0x6A,0xCB,0xBE,0x39,0x4
A,0x4C,0x58,0xCF,
0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,0x45,0xF9,0x02,0x7F,0x50,
0x3C,0x9F,0xA8,
0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,0xBC,0xB6,0xDA,0x21,0x10,
0xFF,0xF3,0xD2,
0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,0xC4,0xA7,0x7E,0x3D,0x64
,0x5D,0x19,0x73,
0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,0x46,0xEE,0xB8,0x14,0xDE,
0x5E,0x0B,0xDB,
0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,0xC2,0xD3,0xAC,0x62,0x91,
0x95,0xE4,0x79,
0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,0x6C,0x56,0xF4,0xEA,0x65
,0x7A,0xAE,0x08,
0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,0xE8,0xDD,0x74,0x1F,0x4
B,0xBD,0x8B,0x8A,
0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,0x61,0x35,0x57,0xB9,0x86,0
xC1,0x1D,0x9E,
0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,0x9B,0x1E,0x87,0xE9,0xCE,
0x55,0x28,0xDF,
0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,0x41,0x99,0x2D,0x0F,0xB0,
0x54,0xBB,0x16
};
/* S-box SQ */
u8 SQ[256] = {
0x25,0x24,0x73,0x67,0xD7,0xAE,0x5C,0x30,0xA4,0xEE,0x6E,0xCB,0x7D
,0xB5,0x82,0xDB,
0xE4,0x8E,0x48,0x49,0x4F,0x5D,0x6A,0x78,0x70,0x88,0xE8,0x5F,0x5E,0
x84,0x65,0xE2,
0xD8,0xE9,0xCC,0xED,0x40,0x2F,0x11,0x28,0x57,0xD2,0xAC,0xE3,0x4
A,0x15,0x1B,0xB9,
0xB2,0x80,0x85,0xA6,0x2E,0x02,0x47,0x29,0x07,0x4B,0x0E,0xC1,0x51,0
xAA,0x89,0xD4,
0xCA,0x01,0x46,0xB3,0xEF,0xDD,0x44,0x7B,0xC2,0x7F,0xBE,0xC3,0x9
F,0x20,0x4C,0x64,
0x83,0xA2,0x68,0x42,0x13,0xB4,0x41,0xCD,0xBA,0xC6,0xBB,0x6D,0x4
D,0x71,0x21,0xF4,
0x8D,0xB0,0xE5,0x93,0xFE,0x8F,0xE6,0xCF,0x43,0x45,0x31,0x22,0x37,0
x36,0x96,0xFA,
0xBC,0x0F,0x08,0x52,0x1D,0x55,0x1A,0xC5,0x4E,0x23,0x69,0x7A,0x92,
0xFF,0x5B,0x5A,
0xEB,0x9A,0x1C,0xA9,0xD1,0x7E,0x0D,0xFC,0x50,0x8A,0xB6,0x62,0xF
5,0x0A,0xF8,0xDC,
0x03,0x3C,0x0C,0x39,0xF1,0xB8,0xF3,0x3D,0xF2,0xD5,0x97,0x66,0x81,
0x32,0xA0,0x00,
0x06,0xCE,0xF6,0xEA,0xB7,0x17,0xF7,0x8C,0x79,0xD6,0xA7,0xBF,0x8
B,0x3F,0x1F,0x53,
0x63,0x75,0x35,0x2C,0x60,0xFD,0x27,0xD3,0x94,0xA5,0x7C,0xA1,0x05,
0x58,0x2D,0xBD,
0xD9,0xC7,0xAF,0x6B,0x54,0x0B,0xE0,0x38,0x04,0xC8,0x9D,0xE7,0x14
,0xB1,0x87,0x9C,
0xDF,0x6F,0xF9,0xDA,0x2A,0xC4,0x59,0x16,0x74,0x91,0xAB,0x26,0x61
,0x76,0x34,0x2B,
0xAD,0x99,0xFB,0x72,0xEC,0x33,0x12,0xDE,0x98,0x3B,0xC0,0x9B,0x3
E,0x18,0x10,0x3A,
0x56,0xE1,0x77,0xC9,0x1E,0x9E,0x95,0xA3,0x90,0x19,0xA8,0x6C,0x09,
0xD0,0xF0,0x86
};
/* MULx.*/
u8 MULx(u8 V, u8 c)
{
if ( V & 0x80 )
return ( (V << 1) ^ c);
else
return ( V << 1);
}
/* MULxPOW*/
u8 MULxPOW(u8 V, u8 i, u8 c)
{
if ( i == 0)
return V;
else
return MULx( MULxPOW( V, i-1, c ), c);
}
/* The function MUL alpha*/
u32 MULalpha(u8 c)
{
return ( ( ((u32)MULxPOW(c, 23, 0xa9)) << 24 ) |
( ((u32)MULxPOW(c, 245, 0xa9)) << 16 ) |
( ((u32)MULxPOW(c, 48, 0xa9)) << 8 ) |
( ((u32)MULxPOW(c, 239, 0xa9)) ) ) ;
}
u32 DIValpha(u8 c)
{
return ( ( ((u32)MULxPOW(c, 16, 0xa9)) << 24 ) |
( ((u32)MULxPOW(c, 39, 0xa9)) << 16 ) |
( ((u32)MULxPOW(c, 6, 0xa9)) <> 24) & 0xff) ];
u8 srw1 = SR[ (u8)((w >> 16) & 0xff) ];
u8 srw2 = SR[ (u8)((w >> 8) & 0xff) ];
u8 srw3 = SR[ (u8)((w) & 0xff) ];
r0 = ( ( MULx( srw0 , 0x1b) ) ^
( srw1 ) ^
( srw2 ) ^
( (MULx( srw3, 0x1b)) ^ srw3 )
);
r1 = ( ( ( MULx( srw0 , 0x1b) ) ^ srw0 ) ^
( MULx(srw1, 0x1b) ) ^
( srw2 ) ^
( srw3 )
);
r2 = ( ( srw0 ) ^
( ( MULx( srw1 , 0x1b) ) ^ srw1 ) ^
( MULx(srw2, 0x1b) ) ^
( srw3 )
);
r3 = ( ( srw0 ) ^
( srw1 ) ^
( ( MULx( srw2 , 0x1b) ) ^ srw2 ) ^
( MULx( srw3, 0x1b) )
);
return ( ( ((u32)r0) << 24 ) | ( ((u32)r1) << 16 ) | ( ((u32)r2) <> 24) & 0xff)
];
u8 sqw1 = SQ[ (u8)((w >> 16) & 0xff) ];
u8 sqw2 = SQ[ (u8)((w >> 8) & 0xff) ];
u8 sqw3 = SQ[ (u8)((w) & 0xff) ];
r0 = ( ( MULx( sqw0 , 0x69) ) ^
( sqw1 ) ^
( sqw2 ) ^
( (MULx( sqw3, 0x69)) ^ sqw3 )
);
r1 = ( ( ( MULx( sqw0 , 0x69) ) ^ sqw0 ) ^
( MULx(sqw1, 0x69) ) ^
( sqw2 ) ^
( sqw3 )
);
r2 = ( ( sqw0 ) ^
( ( MULx( sqw1 , 0x69) ) ^ sqw1 ) ^
( MULx(sqw2, 0x69) ) ^
( sqw3 )
);
r3 = ( ( sqw0 ) ^
( sqw1 ) ^
( ( MULx( sqw2 , 0x69) ) ^ sqw2 ) ^
( MULx( sqw3, 0x69) )
);
return ( ( ((u32)r0) << 24 ) | ( ((u32)r1) << 16 ) | ( ((u32)r2) << 8 ) |
( ((u32)r3) ) );
}
void ClockLFSRInitializationMode(u32 F)
{
u32 v = ( ( (LFSR_S0 <>24) & 0xff) ) ) ^
( LFSR_S2 ) ^
( (LFSR_S11 >> 8) & 0x00ffffff ) ^
( DIValpha( (u8)( ( LFSR_S11) & 0xff ) ) ) ^
(F)
);
LFSR_S0 = LFSR_S1;
LFSR_S1 = LFSR_S2;
LFSR_S2 = LFSR_S3;
LFSR_S3 = LFSR_S4;
LFSR_S4 = LFSR_S5;
LFSR_S5 = LFSR_S6;
LFSR_S6 = LFSR_S7;
LFSR_S7 = LFSR_S8;
LFSR_S8 = LFSR_S9;
LFSR_S9 = LFSR_S10;
LFSR_S10 = LFSR_S11;
LFSR_S11 = LFSR_S12;
LFSR_S12 = LFSR_S13;
LFSR_S13 = LFSR_S14;
LFSR_S14 = LFSR_S15;
LFSR_S15 = v;
}
void ClockLFSRKeyStreamMode()
{
u32 v = ( ( (LFSR_S0 <>24) & 0xff) ) ) ^
( LFSR_S2 ) ^
( (LFSR_S11 >> 8) & 0x00ffffff ) ^
( DIValpha( (u8)( ( LFSR_S11) & 0xff ) ) )
);
LFSR_S0 = LFSR_S1;
LFSR_S1 = LFSR_S2;
LFSR_S2 = LFSR_S3;
LFSR_S3 = LFSR_S4;
LFSR_S4 = LFSR_S5;
LFSR_S5 = LFSR_S6;
LFSR_S6 = LFSR_S7;
LFSR_S7 = LFSR_S8;
LFSR_S8 = LFSR_S9;
LFSR_S9 = LFSR_S10;
LFSR_S10 = LFSR_S11;
LFSR_S11 = LFSR_S12;
LFSR_S12 = LFSR_S13;
LFSR_S13 = LFSR_S14;
LFSR_S14 = LFSR_S15;
LFSR_S15 = v;
}
/* Clocking FSM*/
u32 ClockFSM()
{
u32 F = ( ( LFSR_S15 + FSM_R1 ) & 0xffffffff ) ^ FSM_R2 ;
u32 r = ( FSM_R2 + ( FSM_R3 ^ LFSR_S5 ) ) & 0xffffffff ;
FSM_R3 = S2(FSM_R2);
FSM_R2 = S1(FSM_R1);
FSM_R1 = r;
return F;
}
/* Initialization*/
void Initialize(u32 k[4], u32 IV[4])
{
u8 i=0;
u32 F = 0x0;
LFSR_S15 = k[3] ^ IV[0];
LFSR_S14 = k[2];
LFSR_S13 = k[1];
LFSR_S12 = k[0] ^ IV[1];
LFSR_S11 = k[3] ^ 0xffffffff;
LFSR_S10 = k[2] ^ 0xffffffff ^ IV[2];
LFSR_S9 = k[1] ^ 0xffffffff ^ IV[3];
LFSR_S8 = k[0] ^ 0xffffffff;
LFSR_S7 = k[3];
LFSR_S6 = k[2];
LFSR_S5 = k[1];
LFSR_S4 = k[0];
LFSR_S3 = k[3] ^ 0xffffffff;
LFSR_S2 = k[2] ^ 0xffffffff;
LFSR_S1 = k[1] ^ 0xffffffff;
LFSR_S0 = k[0] ^ 0xffffffff;
FSM_R1 = 0x0;
FSM_R2 = 0x0;
FSM_R3 = 0x0;
for(i=0;i<32;i++)
{
F = ClockFSM();
ClockLFSRInitializationMode(F);
}
}
/* Generation of Keystream*/
/*———————————————————————–
* end of SNOW_3G.c
*———————————————————————–*/
/*———————————————————
* f8.c
*———————————————————*/
/*
#include "f8.h"
#include
#include
#include
*/
/* f8*/
void f8(u8 *key, u32 count, u32 bearer, u32 dir, u8 *data, u32 length)
{
u32 K[4],IV[4];
int n = ( length + 31 ) / 32;
int i=0;
int lastbits = (8-(length%8)) % 8;
u32 *KS;
/*Initialisation*/
/* Load the confidentiality key for SNOW 3G initialization as in section
3.4. */
for (i=0; i<4; i++)
K[3-i] = (key[4*i] << 24) ^ (key[4*i+1] << 16)
^ (key[4*i+2] << 8) ^ (key[4*i+3]);
/* Exclusive-OR the input data with keystream to generate the output bit
stream */
for (i=0; i> 24) & 0xff;
data[4*i+1] ^= (u8) (KS[i] >> 16) & 0xff;
data[4*i+2] ^= (u8) (KS[i] >> 8) & 0xff;
data[4*i+3] ^= (u8) (KS[i] ) & 0xff;
}
free(KS);
/*———————————————————
* f9.c
*———————————————————*/
/* MUL64x */
u64 MUL64x(u64 V, u64 c)
{
if ( V & 0x8000000000000000 )
return (V << 1) ^ c;
else
return V << 1;
}
/* MUL64xPOW */
u64 MUL64xPOW(u64 V, u8 i, u64 c)
{
if ( i == 0)
return V;
else
return MUL64x( MUL64xPOW(V,i-1,c) , c);
}
/* MUL64 */
u64 MUL64(u64 V, u64 P, u64 c)
{
u64 result = 0;
int i = 0;
/* mask8bit */
u8 mask8bit(int n)
{
return 0xFF ^ ((1<<(8-n)) – 1);
}
/* f9 */
u8* f9( u8* key, u32 count, u32 fresh, u32 dir, u8 *data, u64 length)
{
u32 K[4],IV[4], z[5];
u32 i=0, D;
static u8 MAC_I[4] = {0,0,0,0}; /* static memory for the result */
u64 EVAL;
u64 V;
u64 P;
u64 Q;
u64 c;
u64 M_D_2;
int rem_bits = 0;
/* Run SNOW 3G to produce 5 keystream words z_1, z_2, z_3, z_4 and z_5.
*/
Initialize(K, IV);
GenerateKeystream(5, z);
V = EVAL ^ M_D_2;
EVAL = MUL64(V,P,c);
/* for D-1 */
EVAL ^= length;
/* Multiply by Q */
EVAL = MUL64(EVAL,Q,c);
return MAC_I;
}
/*———————————————————
* SNOW_3G.h
*———————————————————*/
#include
#include
#include
typedef unsigned char u8;
typedef unsigned int u32;
typedef unsigned long long u64;
/* Initialization*/
void Initialize(u32 k[4], u32 IV[4]);
/* Generation of Keystream*/
void GenerateKeystream(u32 n, u32 *z);
/* f8*/
void f8( u8 *key, u32 count, u32 bearer, u32 dir, \
u8 *data, u32 length );
/* f9*/
u8* f9( u8* key, u32 count, u32 fresh, u32 dir, \
u8 *data, u64 length);
28. santosh
3 years ago Permalink
29. dom
2 years ago Permalink
Hi everyone,
cheers,
Hi,I check your new stuff named “LTE Security Architecture | 3GLTEInfo”
like every week.Your writing style is awesome, keep up the good work! And
you can look our website about free anonymous proxies.
Hi Dom,
Yes, you can use your proprietary algorithm instead of Milanage. but in this
case you have to make sure both USIM and HSS are running your
authentication algorithm. As authentication is happening between USIM and
HSS, OpenBTS_UMTS framework will affect the process. you proprietary
algorithm should work.
if you are modifying Millanage for your use then you have to do it in USIM
and HSS both. then only it will work.
Thanks
Prasanna Sahu
32. dom
2 years ago Permalink
Any site that can make all this clear would be helpful.
33. Veerendra
2 years ago Permalink
Thanks,
veerendra
Hi Veerendra,
In Your case you haven’t specified NAS or RRC security Mode Reject. I
guess it might be NAS Security mode reject from UE to eNB!!!
I presume, Authentication procedure before security procedure is successful.
In this case there might be 2 causes for Reject.
1. selected Encryption and Integrity algorithm is not matching with UE
supported capability.
2. KSI in auth request is not matching with Security Mode Command.
Thanks
Prasanna
Hi Dom,
Sorry I missed your last comment, so late in responding to your question.
Yes you can write your algorithm to the USIM card. but most of the SIM
cards available in market from Operators is locked and write protected. You
can buy a new blank SIM card from http://www.gemalto.com/. and use their
SW to write your algorithm, UE Key, OP, AMF… Etc.
Thanks
Prasanna
36. Veerendra
2 years ago Permalink
Hi Prasanna,
Thanks,
Veerendra.
Hi Veerendra,
Again the things comes down to root cause mentioned in point no-1, if both
UE and MME are using same integrity algorithm, and MME intimates UE,
which algorithm to use (In Security mode command) then there is no way
KNAS-Int with mismatch between MME and UE, conditions is
Authentication procedure happened between MME and UE successfully(is
Authentication procedure successful for you?).
Thanks
Prasanna
38. Veerendra
2 years ago Permalink
Hi Prasanna,
Thanks,
Veerendra.
39. prasanna sahu
2 years ago Permalink
Hi Veerendra,
After Auth is successful, What is the Integrity Algo you are receiving from
NW in Security mode command ?
selectedNasSecurityAlgorithm {
integrityAlgorithm epsIntegrityAlgorithm-EIA0,
cipheringAlgorithm epsCipheringAlgorithm-EEA0
If you are receiving EIA1 for integrity algo then it is Snow3G algorithm
reference is as below.
Only thing is compared during Security mode procedure is, MAC generated
using KNAS-int at MME side, sent over to UE in security mode command.
if both the side will be using different algorithms, then this MAC will not
match, and this could lead to your problem.
Thanks
40. vamse
2 years ago Permalink
Hi, I am getting in NAS Security Mode Reject message with cause
“UnSpecified”. Can any one please give me some idea on why it so?
41. vamse
2 years ago Permalink
Hi Prasanna,
Thanks
Vamse
Is there any tool by which SQN UE can be calculated using the AUTS value
received in the Resync Info in AIR request from MME ? This is regarding
the Re synchronisation Process between UE and HSS.
43. Rakesh
11 months ago Permalink
HI Prasanna
Why we are using two security mode commands in LTE and only one
security command in UMTS
Thanks
Rakesh
Can anyone tell me how the UE security key or long term key or permanent
secret key “K” generated ?
based on K, other keys are generated but where is this K generated?
what I know about this is , it is denoted by 128 bits, and stored in USIM and
AuC. but how it is generated and where it is generated is not known to me.
Kindly let me know if you have any answer for this.
LEAVE A REPLY
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Post Comment