INDEXHABOUTHcopyright © samir amberkar

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20

2.1

3.1
3.2
3.3
3.4
3.5




another knowledge site

3GPP Modem
Simulator


Test Your
Knowledge


another knowledge site

1.1

LTE NAS Security

Ciphering/Integrity verification

Both sender and receiver calculates MAC as shown below. Integrity verification is said to be successful when receiver is able to match received MAC with computed MAC (called XMAC). Ref: [33.401:B.2].

click for better view
click for better view

Fig 1.4.2 - Integrity

Fig 1.4.3 - Ciphering

For NAS, Keys are KNASint, KNASenc, Bearer ID=0x00, and Count is NAS DL/UL Count. Length affects only the length of Key stream - which is bit by bit added to unciphered/ciphered stream to result into ciphered/unciphered stream respectively.


NAS Count

NAS Count (one each for UL and DL) consists of leftmost octet of value 0x00, 16 bit Overflow counter, and 8 bit Sequence number. The sequence number start from zero with a new security context activation and is incremented by one for every security protected (re)transmission. In case 8 bit sequence number crosses its maximum value, overflow counter would be incremented by one and sequence number reset to zero. Sequence number is sent as part security header of security protected message. Ref: [33.401:8.1.1], [24.301:4.4.3].


Security protected NAS message

Security protected NAS message is prefixed with an additional security header (6 octets) as shown below:


Protocol Discriminator (4)
Security header type (4)
(integrity protected ?, ciphered ?)
MAC (32)
Sequence number (8)
NAS message

Fig 1.4.4




Copyright © Samir Amberkar Page 4 of 6


I II III IV V VI