How LTE Security Implementation through encryption
Implement security through encryption (both control plane (RRC) data and user plane data) and integrity protection (for control plane (RRC) data only), it is the responsibility PDCP layer. A PDCP Data PDU counter (known as the “COUNT” into the specifications of LTE) is used as an input to algorithms security. value COUNT is incremented for each PDCP PDU data during a RRC connection, has a length of 32 bits, for to allow an acceptable time for the RRC connection.
When an RRC connection, the count is maintained by both the UE and the eNodeB counting each transmitted / received PDCP data PDU. To ensure robustness against packet loss, each protected PDCP PDU data includes a PDCP sequence number (SN) which corresponds to the least significant bits of the count. Thus, if one or more packets are lost, the correct count value of a new packet may be determined using the PDCP SN. This means that the count value is associated with the next highest count to which the least significant bits correspond to the value of the PDCP SN.
Loss of synchronization of the count value between the user equipment and the eNodeB can then occur if a number of packets corresponding to the maximum SN is lost consecutively. In principle, the probability of this type of synchronization loss occurring can be minimized by increasing the length of the SN, even in the measurement of the transmission of the count value in each set of PDCP data PDU. However, this will cause a strong overload, and therefore only the least significant bits are used as the SN, SN of the actual length is dependent on the configuration and the type of PDU.
This use of a meter is designed to protect against a type of attack known as a replay attack where the attacker tries to intercept a package that was previously calculated using the COUNT provides protection against attacks targeting model derivation and encryption key used by comparing successive models. Due to the use COUNT value, even if the same packet is transmitted twice cipher model will be completely uncorrelated between the two transmissions, thus preventing possible security breaches.
The integrity protection is performed by adding a field known as the “Message Authentication Code for Integrity” (MAC-I) for each RRC message. This code is based on access layer (AS) derived keys, the message ID, radio bearer in the direction (uplink or downlink ie) and COUNT value.
If the integrity check fails, the message is discarded and integrity verification failure is indicated for the RRC layer, so re RRC connection procedure can be performed. Encryption is accomplished by performing a XOR operation with the message and encryption stream, which is generated by the encryption algorithm on the basis of the derived keys AS, the radio bearer identity direction (i.e., uplink or downlink), and the value COUNT.
Encryption can be applied to PDCP Data PDU. PDCP Control PDU (such as ROHC feedback or reports on the state of PPPC) are neither encrypted nor integrity protected. Except for identical retransmissions same COUNT value is not allowed to be used several times for key security. ENodeB is responsible to prevent re-count the same combination of radio bearer identity based key and algorithm AS . To avoid such reuse, eNodeB can, for example, use different radio radio bearer identity successively bearing units, trigger a cell or trigger a state transition of the UE connected to idle and back again connected.