top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Can anybody give example of Security Mode Command NAS LTE protocol for null integrity algo?

+2 votes
1,765 views
Can anybody give example of Security Mode Command NAS LTE protocol for null integrity algo?
posted Dec 4, 2014 by Aleks Asvaldov

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Not sure if you are looking for this - 

NAS_LTE:EMM,Security mode command
Security mode command ::= DIVISION
  +-Security header type ::= V
  | +-Security header type ::= CHOICE [Plain NAS message, not security protected]
  +-EPS mobility management protocol discriminator ::= V
  | +-Protocol discriminator ::= PD [7]
  +-Security mode command message identity ::= V
  | +-Message type ::= MSG [5D]
  +-Selected NAS security algorithms ::= V
  | +-Octet1 ::= DIVISION
  |   +-spare ::= FIX [0]
  |   +-Type of ciphering algorithm ::= CHOICE [EPS encryption algorithm EEA0(ciphering not used)]
  |   +-spare ::= FIX [0]
  |   +-Type of integrity protection algorithm ::= CHOICE [Reserved 0]
  +-Spare half octet ::= V
  | +-Spare half octet ::= FIX [0]
  +-NAS key set identifier ::= V
  | +-TSC ::= CHOICE [native security context (for KSI ASME)]
  | +-NAS key set identifier ::= CHOICE [possible values for the NAS key set identifier 0]
  +-Replayed UE security capabilities ::= LV
  | +-Octet1 ::= DIVISION
  | | +-Length of UE security capability contents ::= LEN (0..255) [5]

   +-c1 ::= CHOICE [securityModeCommand]
      +-securityModeCommand ::= SEQUENCE
        +-rrc-TransactionIdentifier ::= INTEGER (0..3) [0]
        +-criticalExtensions ::= CHOICE [c1]
          +-c1 ::= CHOICE [securityModeCommand-r8]
            +-securityModeCommand-r8 ::= SEQUENCE [0]
              +-securityConfigSMC ::= SEQUENCE
              | +-securityAlgorithmConfig ::= SEQUENCE
              |   +-cipheringAlgorithm ::= ENUMERATED [eea0]
              |   +-integrityProtAlgorithm ::= ENUMERATED [spare1]
              +-nonCriticalExtension ::= SEQUENCE OPTIONAL:Omit

Currently there are two different types of EIA we can use as shown in the following table.

Identifier   Type           Description
0000         128-EIA0       Null Integrity algorithm
0001         128-EIA1       SNOW 3G
0010         128-EIA2       AES
answer Dec 4, 2014 by Salil Agrawal
By the standard 24.301, UE ignores message without enabled integrity, but what is contained in field Security header type, message authentication code, sequence number and etc. for EIA0
commented Dec 4, 2014 by Aleks Asvaldov
Which section i.e. section of 24.301??
commented Dec 4, 2014 by Salil Agrawal
Section 4.4.4.2
commented Dec 4, 2014 by Aleks Asvaldov
Its clearly written that few messages can be sent without security protection. Just pasting the note -
"These messages are accepted by the UE without integrity protection, as in certain situations they are sent by the network before security can be activated."

NAS sequence number must be missing in this case as specs are clear that this will not be verified (though could not find the reference). The same should be applicable to other related parameters?
commented Dec 4, 2014 by Salil Agrawal
I tried to send to UE Security Mode command without security header as plain NAS message, UE ignores it. But when i send with security header "Integrity protected with new EPS security context" and MAC and se number filled NULL, UE responses "Security mode rejected, unspecified"
commented Dec 4, 2014 by Aleks Asvaldov
I am getting confused :(, check this thread https://www.linkedin.com/groups/What-exactly-does-Integrity-Protection-1180727.S.174817649

Let me read the specs again, give me some time?
commented Dec 4, 2014 by Salil Agrawal
@Salil: But same spec (same section) is saying that only those listed message (which does not cover the security mode command) integrity protection can be null and all other message it should be present else UE will reject it.

Looks sometime bond can also make mistake in reading :)
commented Dec 5, 2014 by Pardeep Kohli
Thanks Pardeep for pointing out, my bad.
@Aleks: Sorry for miscommunication, Pardeep point seems to be right.
commented Dec 6, 2014 by Salil Agrawal
Similar Questions
+4 votes
LTE : NAS security mode command , how to form a final message M that is given as input to AES_CMAC function.?

For NAS security mode command ,input giving to CMAC (integrity check) function at both UE and MME side are same but still im getting intgrity check failed ,for exp:
1) KEY = \xef\x6b\xee\xda\x7f\x66\xc5\x67\x34\xa6\x1b\xcf\x1e\x8f\x12\x87.
2) COUNT = 0.
3) BEARER ID =0.
4) DIRECTION =1.
5) mesage = \x07\x5d\x22\x00\x02\xe0\xe0.
6)sequence no. = 0x00.
please can you explain me with this example ,what will be the final message(message forming) M.

+1 vote
LTE : I came to know that integrity and ciphering order for RRC and NAS level are reverse to each other ?

I am bit confused why the different order are used for integrity and ciphering of RRC and NAS message ?
What if the same order (ciphering and then integrity) is used for RRC message ?

+2 votes
In LTE, why the integrity and encryption protection order is different in NAS and AS layer?

In LTE, if a NAS packet is going to be sent, the encryption is followed by integrity protection in NAS layer, but in RRC/PDCP layer, When RRC messages are being sent, they are integrity protected first and then encrypted before being sent, unlike NAS messages were. Why the integrity and encryption protection order is different in NAS and AS layer?

...