Unanswered Questions Into Message Authentication Code Revealed
Once the encryption of NAS messages has been began between the AMF and the UE, the receiver shall discard the unciphered NAS messages which shall have been ciphered in accordance to the rules described on this specification. The enter parameters to the NAS ciphering algorithm are the BEARER ID, Path bit, NAS Depend, NAS encryption key and the size of the key stream to be generated by the encryption algorithm. The technique additional includes obtaining a first security key used for integrity safety of messages delivered from the home PLMN to the digital device. Integrity protection is never utilized directly to 5GSM messages, but to the 5GMM message wherein the 5GSM message is included. When a 5GSM message is piggybacked in a 5GMM message, there is just one Sequence number IE and one Message authentication code IE for the 5GMM message piggybacking the 5GSM message. Ciphering is rarely applied instantly to 5GSM messages, however to the 5GMM message by which the 5GSM message is included. As soon as the secure exchange of NAS messages has been established for the NAS signalling connection, the receiving 5GMM entity in the AMF shall not course of any NAS signalling messages until they’ve been efficiently integrity checked by the NAS.
The UE shall start the ciphering and deciphering of NAS messages when the secure alternate of NAS messages has been established for an N1 NAS signalling connection. The AMF shall start ciphering and deciphering of NAS messages as described in subclause 4.4.2.5. From this time onward, except for the Safety MODE COMMAND message, the AMF shall send all NAS messages ciphered until the N1 NAS signalling connection is launched, or the UE performs inter-system change to S1 mode. From this time onward, until explicitly defined, the UE shall send all NAS messages ciphered until the N1 NAS signalling connection is launched, or the UE performs inter-system change to S1 mode. The processing of the Security MODE COMMAND message that has not successfully passed the integrity test is specified in subclause 5.4.2.5. If any NAS signalling message is received as not integrity protected although the safe alternate of NAS messages has been established by the network, then the NAS shall discard this message.
Once the secure alternate of NAS messages has been established, the receiving 5GMM entity in the UE shall not course of any NAS signalling messages unless they’ve been efficiently integrity checked by the NAS. For the network, integrity protected signalling is necessary for the 5GMM NAS messages as soon as a secure change of 5GS NAS messages has been established for the NAS signalling connection. Note 1: The REGISTRATION REQUEST message is sent by the UE with out integrity safety, if the registration process is initiated due to an inter-system change in 5GMM-IDLE mode and no present 5G NAS safety context is obtainable in the UE. Word 3: These messages are processed by the AMF even when the MAC that fails the integrity examine or cannot be verified, as in sure conditions they are often despatched by the UE protected with a 5G NAS security context that’s no longer out there in the network. If a REGISTRATION REQUEST message for preliminary registration fails the integrity examine and it is not a registration request for emergency services, the AMF shall authenticate the subscriber earlier than processing the registration request any additional. If a REGISTRATION REQUEST message for mobility and periodic registration replace fails the integrity verify and the UE offered EPS NAS message container IE which was successfully verified by the source MME, the AMF might create a mapped 5G NAS security context and initiate a security mode management procedure to take the new mapped 5G NAS security context into use; otherwise if the UE has solely a non-emergency PDU session established, the AMF shall initiate a major authentication and key agreement process to create a new native 5G NAS security context.
When applying preliminary NAS message safety to the REGISTRATION REQUEST or SERVICE REQUEST message as described in subclause 4.4.6, the length of the key stream is about to the length of the entire plain NAS message that is included in the NAS message container IE, i.e. the worth half of the NAS message container IE, that’s to be ciphered. 4.4.6 Safety of preliminary NAS signalling messages Phrase-p. The 5GS helps protection of initial NAS messages as specified in TS 33.501. The safety of preliminary NAS messages applies to the REGISTRATION REQUEST, SERVICE REQUEST and Management Aircraft SERVICE REQUEST message, and is achieved as follows: 1. If the UE does not have a legitimate 5G NAS security context, the UE sends a REGISTRATION REQUEST message including cleartext IEs only. For the case when the UE has an emergency PDU session and integrity examine fails, the AMF may skip the authentication procedure even if no 5G NAS security context is on the market and proceed directly to the execution of the security mode management procedure as specified in subclause 5.4.2. Additionally, the AMF shall embrace the Additional 5G safety info IE with the RINMR bit set to “Retransmission of the preliminary NAS message requested” in the Safety MODE COMMAND message as specified in subclause 5.4.2.2. After profitable completion of the service request process, the network shall perform a native launch of all non-emergency PDU sessions.
If you have any kind of questions pertaining to where and the best ways to use CP1E-N60DT-A, you could contact us at our webpage.