Add to collection(s) Add to saved
  1. No category

C23-20030402-008R1(QCOM-encryption-authentication

1
2
TSG-C SWG2.3
3
4
5
6
7
8
9
10
Title:
Some Encryption/Authentication bugs
File:
C23-20030402-008R1 (QCOM-encryption-authentication-bugs)
Abstract:
This contribution describes some encryption/authentication
discrepancies in the signaling specification.
11
12
13
Source:
Duncan Ho
QUALCOMM Incorporated
858-845-3214
dho@qualcomm.com
14
15
16
17
18
Date:
April 2, 2003
Recommendation:
Review and approve for inclusion into appropriate addendums.
19
20
21
22
23
Notice
©2003 QUALCOMM Incorporated. All rights reserved.
QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to
incorporate text or other copyrightable material contained in the contribution and any modifications
thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name
any Organizational Partner’s standards publication even though it may include portions of the
contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole
or in part such contributions or the resulting Organizational Partner’s standards publication.
Qualcomm Incorporated is also willing to grant licenses under such contributor copyrights to third
parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an
Organizational Partner’s standard, which incorporates this contribution.
This document has been prepared by Qualcomm Incorporated to assist the development of
specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be
construed as a binding proposal on Qualcomm Incorporated. Qualcomm Incorporated specifically
reserves the right to amend or modify the material contained herein and nothing herein shall be
construed as conferring or offering licenses or rights with respect to any intellectual property of
Qualcomm Incorporated other than provided in the copyright statement above.
1
1
2
3
Discrepancy
#1
(Editorial):
Globally,
replace
SIG_INTEGRITY-SUP_INCL
by
SIG_INTEGRITY_SUP_INCL. Editor could search for “TY-“ Matchcase to locate all the
occurrences. They are in section 2.7.1.3.2.{1, 4, 5, 12, 13, 36, 41}.
4
5
6
7
8
Discrepancy #2 (Editorial): In Enhanced Origination Message, NEW_SINFO_INCL should
be UI_ENCYPT_INFO_INCL. Editor could search for “SINFO” for all the occurrences in this
section. This is just a name change suggestion. Nothing technical. <NOTE TO EDITORS:
Please ignore this one since it is still open>
11
1.1.1.1.1.1 Discrepancy #3 (Technical): The decryption procedures should refer to
SDU_KEY_ID provided by the LAC Layer because SDU_KEY_ID is what is received in
the message.
12
2.3.12.4.1.3 Signaling Encryption/Decryption Procedures
9
10
15
In order to perform signaling encryption, message integrity, or both, on f/r-csch or f/rdsch, both the mobile station and the base station shall each maintain the following 32-bit
counters:
16
•
TX_EXT_SSEQ[i][j] (the 32-bit crypto-sync for encryption and message integrity. i = 0
and 1, j = ‘00’ to ‘11’)
•
RX_EXT _SEQ[i][j] (the 32-bit crypto-sync for decryption and message integrity. i = 0
and 1, j = ‘00’ to ‘11’)
13
14
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[...]
The receiver shall perform the following procedures upon reception of an encrypted
signaling message with an 8-bit SDU_SSEQ field or a 32-bit EXT_SSEQ passed by the LAC
Layer (e.g., if SDU_ENCRYPT_MODE indicated by LAC Layer is not equal to ‘000’):
1. If the Layer 3 PDU uses unassured mode, let i = 0 and N = 8; otherwise, let i = 1 and N =
4. Let V be the 8 least significant bits of RX_EXT_SSEQ[i][SDU_KEY_ID]. Perform the
duplicate detection procedures in accordance with 2.3.12.4.1.5 using N and V, before
proceeding further.
2. If SDU_SSEQ is supplied by the LAC Layer, the mobile station shall construct
EXT_SSEQ as follows:
If (SDU_SSEQ - V) mod 256 < 128:
EXT_SSEQ = (RX_EXT_SSEQ[i][SDU_KEY_ID] + (SDU_SSEQ - V) mod 256) mod
31
32
232
33
Else:
EXT_SSEQ = (RX_EXT_SSEQ[i][SDU_KEY_ID] - (V - SDU_SSEQ) mod 256) mod
34
35
36
37
232
3. Remove the LAC Layer padding, at the end of the Layer 3 PDU, if any, such that the
Layer 3 PDU is octet aligned.
2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
4. Decrypt the concatenated Layer 3 PDU and the 8-bit Layer 3 CRC using EXT_SSEQ and
the encryption algorithm specified by SDU_ENCRYPT_MODE, in accordance with
2.3.12.4.3.
5. Compute an 8-bit CRC as specified in 2.3.12.4.1.4 over the un-encrypted Layer 3 PDU
(excluding the received 8-bit CRC).
6. Compare the value of the computed CRC with the decrypted 8-bit CRC. If the two CRCs
are equal, the decryption is defined to be successful; otherwise the decryption is defined
to be unsuccessful.
7. If the decryption was unsuccessful, the message shall be discarded; otherwise, if
SDU_SSEQ is supplied by the LAC Layer and ((SDU_SSEQ - V) mod 256) < 128, the
receiver shall set RX_EXT_SEQ[i] to EXT_SSEQ constructed in step 2 above.
8. If the base station can not decrypt an Origination Message or the LAC Layer
indicates that the MACI is not valid in an Origination Message, the base station
should send a Base Station Reject Order (ORDQ = ‘00000000’). If the base station
can not decrypt any other message or the LAC Layer indicates that the MACI is not
valid for other message, the base station should send a Base Station Reject Order
(ORDQ = ‘00000001’).
18
19
Discrepancy #4 (Technical): Some L3 messages shall not be encrypted.
20
2.3.12.4.1.1 Extended Encryption for Signaling on f/r-csch
24
To turn f/r-csch signaling encryption on or off, the base station sends a Registration
Accepted Order or Security Mode Command Message on f-csch, with the
C_SIG_ENCRYPT_MODE field set to one of the values specified in Table 3.7.4.5-1. The value
of C_SIG_ENCRYPT_MODEr is then stored in C_SIG_ENCRYPT_MODEs.
25
If C_SIG_ENCRYPT_MODEs is not equal to ‘000’ and ENC_KEY[KEY_ID] is not equal to
21
22
23
27
NULL, all f/r-csch signaling messages shall be encrypted based on the value of
C_SIG_ENCRYPT_MODEs using the procedures specified in 2.3.12.4.1.3; except for the
28
exceptions listed below in the rest of this section.
26
29
30
31
32
33
34
35
36
37
38
39
40
41
On the f-csch, General Page Message, Universal Page Message, Registration Request Order,
Authentication Challenge Message, Registration Accepted Order, Mobile Station Reject Order,
and Authentication Request Message shall be sent un-encrypted. Channel Assignment
Message, Extended Channel Assignment Message, and Security Mode Command Message
may be sent un-encrypted. All overhead messages and all signaling messages with a
broadcast address type shall be sent un-encrypted.
On the r-csch, Registration Message, Page Response Message, Reconnect Message (if sent
in response to a General Page Message or a Universal Page Message), Authentication
Challenge Response Message, Security Mode Request Message, Authentication Response
Message, and Authentication Resynchronization Message shall be sent un-encrypted. When
sending an Origination Message, if all of the following conditions are true, the mobile
station shall not include the dialed digits in the Origination Message, and the mobile station
shall include the dialed digits in the Origination Continuation Message:
3
1
•
The base station supports extended encryption;
2
•
C_SIG_ENCRYPT_MODEs is equal to ‘000’ or ENC_KEY[KEY_ID] is equal to NULL;
3
•
C_SIG_ENCRYPT_REQ is set to ‘1’ or D_SIG_ENCRYPT_REQ is set to ‘1’ in the
Origination Message;
•
The mobile station does not recognize that this is an emergency call.
4
5
6
7
8
9
10
11
2.3.12.4.1.2 Extended Encryption for Signaling on f/r-dsch
The initial mode of extended encryption for f/r-dsch signaling messages is established by
sending a Channel Assignment Message or Extended Channel Assignment Message with the
ENCRYPT_MODE field set to ‘11’1 and the D_SIG_ENCRYPT_MODE field set to one of the
values specified in Table 3.7.4.5-1. The value of D_SIG_ENCRYPT_MODE r is then stored in
D_SIG_ENCRYPT_MODEs.
16
To turn f/r-dsch signaling encryption on or off after channel assignment, the base station
sends a General Handoff Direction Message or Universal Handoff Direction Message with the
ENCRYPT_MODE field and the D_SIG_ENCRYPT_MODE field set accordingly. Alternatively,
the base station may send a Security Mode Command Message on f-dsch with the
D_SIG_ENCRYPT_MODE field set accordingly.
17
If D_SIG_ENCRYPT_MODEs is not equal to ‘000’ and ENC_KEY[KEY_ID] is not equal to
12
13
14
15
19
NULL, all f/r-dsch signaling messages shall be encrypted based on the value of
D_SIG_ENCRYPT_MODEs using the procedures specified in 2.3.12.4.1.3, except for the
20
exceptions listed below in the rest of this section.
18
21
22
23
24
25
26
On the f-dsch, the Security Mode Command Message may be sent un-encrypted. The Base
Station Reject Order, Authentication Challenge Message and Authentication Request Message
shall be sent un-encrypted.
On the r-dsch, the Security Mode Request Message, Authentication Challenge Response
Message, Authentication Response Message, and Authentication Resynchronization Message
shall be sent un-encrypted.
1 If ENCRYPT_MODE is set to a value other than ‘11’, see section 2.3.12.2.1.
4
Related documents
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
Generic encryption
Generic encryption
Test 2
Test 2
Public Key
Public Key
Chapter 13
Chapter 13
International Studies Learning Center3 Problem
International Studies Learning Center3 Problem
Significant Figures and Conversions
Significant Figures and Conversions
Digital Signatures - Academic Computing Committee
Digital Signatures - Academic Computing Committee
Asymmetric-Key (Public-Key) Algorithms
Asymmetric-Key (Public-Key) Algorithms
Download