Tsg sa wg3 #7, The Hague, 26-27 October, 1999 S3-99384

Download 102.73 Kb.

Date	06.08.2021
Size	102.73 Kb.
	#89912

^{TSG SA WG3 #7, The Hague, 26-27 October, 1999} S3-99384

DRAFT 3G CHANGE REQUEST

Please see embedded help file at the bottom of this
page for instructions on how to fill in this form correctly.

TS 33.105

004

Current Version:

V3.1.0

3G specification number 

CR number as allocated by 3G support team

For submission to TSG

SA#6

for approval

(only one box should

list TSG meeting no. here 

for information

be marked with an X)

Form: 3G CR cover sheet, version 1.0 The latest version of this form is available from: ftp://ftp.3gpp.org/Information/3GCRF-xx.rtf

Proposed change affects:

USIM

UTRAN

Core Network

(at least one should be marked with an X)

Source:

TSG SA WG3

Date:

99-10-27

Subject:

Time variant parameter for synchronisation of ciphering

3G Work item:

Security

Category:

F Correction

A Corresponds to a correction in a 2G specification

(only one category

B Addition of feature

shall be marked

C Functional modification of feature

with an X)

D Editorial modification

Reason for
change:

On the algorithms for both data confidentiality and data integrity, one of input parameters is COUNT, a time variant parameter for synchronisation. Due to progress in TSG S3, it is better to use a time variant parameter separately in order to improve security. A time variant parameter used for ciphering is renamed COUNT-C.

Clauses affected:

3.3, 5.2.1, 5.2.7.2

Other specs

Other 3G core specifications

List of CRs:

affected:

Other 2G core specifications

List of CRs:

MS test specifications

List of CRs:

BSS test specifications

List of CRs:

O&M specifications

List of CRs:

Other
comments:

3.3 Abbreviations

For the purposes of the present document, the following abbreviations apply:

3GPP 3rd Generation Partnership Project

AK Anonymity key

AuC Authentication Centre

AUTN Authentication token

CK Cipher key

COUNT-C Time variant parameter for synchronisation of ciphering

COUNT-I Time variant parameter for synchronisation of data integrity

EMUI Encrypted Mobile User Identity

GK User group key

IK Integrity key

IMUI International Mobile User Identity

IPR Intellectual Property Right

MAC Medium access control (sublayer of Layer 2 in RAN)

MAC Message authentication code

MAC-A MAC used for authentication and key agreement

MAC-I MAC used for data integrity of signalling messages

PDU Protocol data unit

RAND Random challenge

RES User response

RLC Radio link control (sublayer of Layer 2 in RAN)

RNC Radio network controller

SEQ_UIC Sequence for user identity confidentiality

SDU Signalling data unit

SQN Sequence number

UE User equipment

USIM User Services Identity Module

XMAC-A Expected MAC used for authentication and key agreement

XMAC-I Expected MAC used for data integrity of signalling messages

XRES Expected user response

5.2 Data confidentiality

5.2.1 Overview

The mechanism for data confidentiality of user data and signalling data that is described in 6.4 of [1] requires the following cryptographic function:

f8 UMTS encryption algorithm.

Figure 2 illustrates the use of f8 to encrypt plaintext by applying a keystream using a bitwise XOR operation. The plaintext may be recovered by generating the same keystream using the same input parameters and applying it to the ciphertext using a bitwise XOR operation.

Figure 2: Ciphering user and signalling data transmitted over the radio access link

The input parameters to the algorithm are the Cipher Key (CK), a time dependent input (COUNT-C), the bearer identity (BEARER), the direction of transmission (DIRECTION) and the length of the keystream required (LENGTH). Based on these input parameters the algorithm generates the output keystream block (KEYSTREAM) which is used to encrypt the input plaintext block (PLAINTEXT) to produce the output ciphertext block (CIPHERTEXT).

The input parameter LENGTH shall affect only the length of the KEYSTREAM BLOCK, not the actual bits in it.

5.2.7.2 COUNT-C

COUNT-C: a time dependent input.

COUNT-C[0], COUNT-C[1], …, COUNT-C[31]

The length of the COUNT-C parameter is 32 bits. It is assumed that sychronisation of the keystream will be based on the use of a physical layer (Layer 1) frame counter combined with a hyperframe counter introduced to avoid re-use of the keystream. This allows the keystream to be synchronised every 10ms physical layer frame. The exact structure of the COUNT-C parameter cannot be specified at present. However, it is assumed to be a 32 bit counter.

page of

Directory: tsg sa
tsg sa -> Sa wg2 Temporary Document Page 3GPP TSG sa wg2 Meeting #79 td s2-10xxxx

Download 102.73 Kb.

Share with your friends: