What kind of Security is present in UMTS networks?
UMTS security consists of two components, Ciphering and Integrity protection.
Are these mandatory or optional?
Ciphering is optional and Integrity Protection is Mandatory.
How many algorithms have been defined for Ciphering and Integrity Protection?
Ciphering has two algorithms UEA0 and UEA1 where as Integrity protection has one algorithm UIA1. More algorithms will be defined at a later stage.
I have heard that if no Ciphering is enabled, the network still treats it as Ciphering is active?
The Ciphering alorithm UEA0 is the same as no ciphering. RANAP standard specifies that:
"The Permitted Encryption Algorithms IE within the Encryption Information IE may contain "no encryption" within an element of its list in order to allow the RNC not to cipher the respective connection. This can be done either by not starting ciphering or by using the UEA0 algorithm. In the absence of the Encryption Information group IE in SECURITY MODE COMMAND message, the RNC shall not start ciphering."
As specified, no ciphering can be interpreted as ciphering with UEA0 algorithm. It is more convinient for the network to treat no ciphering as UEA0 but its upto the designers of the call processing software in RNC.
Is UEA0 or UEA1 mandatory?
Earlier it was said that UEA0 is mandatory (http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_23_Victoria/Docs/PDF/S3-020305.pdf) but in the latest RRC specs it says that both UEA0 and UEA1 are mandatory.
Which entity in UE or RNC performs Ciphering and Integrity Protection?
Integrity Protection is performed in RRC whereas Ciphering is done in RLC for AM and UM Radio bearers and MAC for TM radio bearers.
Can different Ciphering algorithms be used for different domains?
RRC specification (25.331) does not restrict this. However RANAP specification (25.413) says that the Ciphering algorithm should be the same for both the domains. The exact text for section 8.18.2 is as follows:
Upon reception of the SECURITY MODE COMMAND message, the UTRAN shall internally select appropriate algorithms, taking into account the UE/UTRAN capabilities. If a signalling connection already exists towards the other core network domain and integrity has been started, the same ciphering and integrity alternatives as being used for that core network domain shall be selected. If a signalling connection already exists towards the other core network domain and the Security Mode Control procedure is ongoing on that core network domain, the same ciphering and integrity alternative shall be selected for the two domains. This means in particular for encryption that if "no encryption" or no Encryption Information IE has been received from the first core network domain and integrity has been started but ciphering has not been started, ciphering shall also not be started for the second core network domain.
How ciphering is done for different modes of RLC and Why TM mode ciphering is pushed to MAC layer?
Contributed by Senthil Kumar
The ciphering function in UMTS is present in MAC or RLC in the UE and UTRAN The parameters to the ciphering algorithm includes, a counter called COUNT-C, the ciphering Key CK, the RB id and the direction(uplink or downlink).
The UM and AM RLC mode ciphering uses the RLC sequence number(SN) which is in the header,since it keeps on changing for every RLC PDU.
COUNT-C is a 32 bit counter derived from RLC Hyper Frame Number(HFN)
RLC UM COUNT-C = RLC HFN(25 bits) + RLC SN(7 bits)
RLC AM COUNT-C = RLC HFN(20 bits) + RLC SN(12 bits)
The HFN is incremented once the RLC SN wraps around.
Since for TM RLC, header is not present and hence there is no SN to be used as
variable changing parameter. So the TM RLC ciphering is pushed to MAC layer where the CFN is used as a variable changing parameter.
RLC TM COUNT-C = MAC HFN(25 bits) + CFN(7 bits)
The HFN is incremented when the CFN wraps around.
For all the three modes of RLC, the HFN value is initialized to a START value(usually zero) at RRC connection establishment.
CK is 128 bits long and there is a separate CK for CS and PS domain.
RB id is 4 bits long and parameter direction is one bit long.
Can you provide a list of documents for further reading on this topic?
Please refer to Security Primer for the references.