2.6.11 Common Procedures for Extended Encryption and Message Integrity
This section describes the common procedures for the messages used for extended encryption and message integrity.
2.6.11.1 Registration Accepted Order
The mobile station shall perform the following procedures in the order listed below.
• If ORDQr is equal to ‘00000101’, the mobile station shall set ROAM_INDIs to ROAM_INDIr and should display the roaming condition.
• If ORDQr is equal to ‘00000111’, the mobile station shall perform the following:
Set ROAM_INDIs to ROAM_INDIr and the mobile station should display the roaming condition.
Set C_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEr.
If ENC_KEY_SIZEr is included, the mobile station shall set ENC_KEY_SIZEs to ENC_KEY_SIZEr.
If MSG_INTEGRITY_SUPs is equal to ‘0’ and C_SIG_ENCRYPT_MODEr is not equal to ‘000’, the mobile station shall perform the following:
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Registration Message.
+ Form a 128-bit pattern by concatenating the CMEAKEY with a copy of itself (the most recently generated CMEAKEY is associated with the AUTHR of the Registration Message).
+ Set ENC_KEY[KEY_ID] to the 128-bit pattern.
+ Set INT_KEY[KEY_ID] to the 128-bit pattern.
If MSG_INTEGRITY_SUPs is equal to ‘1, the mobile station shall perform the following:
If CHANGE_KEYSr is equal to ‘0’, the mobile station shall set RESTORE_KEY to ‘0’.
If CHANGE_KEYSr is equal to ‘1’, the mobile station shall perform the following:
Set KEY_ID to SDU_KEY_ID provided by the LAC Layer (see [4]).
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Registration Message.
If KEY_ID is equal to ‘00’ or ‘01’, the mobile station shall perform the following:
-
Form a 128-bit pattern by concatenating the CMEAKEY with a copy of itself (the most recently generated CMEAKEY associated with the AUTHR of the Registration Message).
-
Set ENC_KEY[KEY_ID] to the 128-bit pattern.
-
Set INT_KEY[KEY_ID] to the 128-bit pattern.
-
Set LAST_2G_KEY_IDs to KEY_ID.
If KEY_ID is equal to ‘10’ or ‘11’, the mobile station shall perform the following:
-
Set ENC_KEY[KEY_ID] to the CK generated by AKA.
-
Set INT_KEY[KEY_ID] to the IK generated by AKA.
-
Set LAST_3G_KEY_IDs to KEY_ID.
-
If the mobile station supports R-UIM, then the mobile shall set USE_UAKs to USE_UAKr; otherwise, the mobile station shall perform the following:
Set USE_UAKs to ‘0’.
If USE_UAKr is equal to ‘1’, then the mobile station shall send a Mobile Station Reject Order with ORDQ equal to ‘00010100’ (UAK not supported).
-
Set RESTORE_KEY to ‘0’.
-
Send a Security Mode Completion Order.
-
Disable the key setup timer if it is running.
Set INTEGRITY_MODEs to the SDU_INTEGRITY_ALGO provided by the LAC Layer (see [4]).
If ENC_KEY_SIZEr is included and not set to reserved value and if current key strength is greater than the desired key strength specified by ENC_KEY_SIZEr according to table 3.7.4.5-2, mobile station shall perform the key strength reduction algorithm procedures to reduce the key strength of ENC_KEY[KEY_ID] according to ENC_KEY_SIZEr as described in 2.3.12.5.4. The current key strength is 64 bit if KEY_ID is equal to ‘00’ or ‘01’ and is 128 bit if KEY_ID is equal to ‘10’ or ‘11’.
2.6.11.2 Extended Channel Assignment Message
The mobile station shall perform the following procedures in the order listed below.
• If P_REV_IN_USEs is less than 10, or MSG_INTEGRITY_SUPs is equal to ‘0’, the mobile station shall perform the following:
If ENC_KEY_SIZEr is included, the mobile station shall set ENC_KEY_SIZEs to ENC_KEY_SIZEr.
If D_SIG_ENCRYPT_MODEr is included, the mobile station shall perform the following:
+ If D_SIG_ENCRYPT_MODEr is equal to ‘000’, the mobile station shall set D_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEs; otherwise, the mobile station shall perform the following:
Set D_SIG_ENCRYPT_MODEs to D_SIG_ENCRYPT_MODEr
Form a 128-bit pattern by concatenating the CMEAKEY with a copy of itself (the most recently generated CMEAKEY associated with the AUTHR of the Origination Message or Page Response Message) and set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Origination Message or Page Response Message43.
Set ENC_KEY[KEY_ID] to the 128-bit pattern.
Set INT_KEY[KEY_ID] to the 128-bit pattern.
-
If C_SIG_ENCRYPT_MODEr is included, the mobile station shall set C_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEr.
• If P_REV_IN_USEs is equal to or greater than 10 and MSG_INTEGRITY_SUPs is equal to ‘1’, the mobile station shall perform the following:
If the LAC Layer indicates that the message does not contain a valid MACI, the mobile station shall set D_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEs; otherwise, the mobile station shall perform the following:
+ Set D_SIG_ENCRYPT_MODEs to D_SIG_ENCRYPT_MODEr.
If C_SIG_ENCRYPT_MODE is included, the mobile station shall set C_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEr.
If ENC_KEY_SIZEr is included, the mobile station shall set ENC_KEY_SIZEs to ENC_KEY_SIZEr.
If MSG_INTEGRITY_INFOr is set to ‘1’, the mobile station shall perform the following:
If CHANGE_KEYSr is equal to ‘0’, the mobile station shall set RESTORE_KEY to ‘0’.
If CHANGE_KEYSr is equal to ‘1’, the mobile station shall perform the following:
-
Set KEY_ID to SDU_KEY_ID provided by the LAC Layer (see [4]).
-
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Origination Message or Page Response Message.
-
If KEY_ID is equal to ‘00’ or ‘01’, the mobile station shall perform the following:
Form a 128-bit pattern by concatenating the CMEAKEY with a copy of itself (the most recently generated CMEAKEY associated with the AUTHR of the Origination Message or Page Response Message).
Set ENC_KEY[KEY_ID] to the 128-bit pattern.
Set INT_KEY[KEY_ID] to the 128-bit pattern.
Set LAST_2G_KEY_IDs to KEY_ID.
-
If KEY_ID is equal to ‘10’ or ‘11’, the mobile station shall perform the following:
Set ENC_KEY[KEY_ID] to the CK generated by AKA.
Set INT_KEY[KEY_ID] to the IK generated by AKA.
Set LAST_3G_KEY_IDs to KEY_ID
If the mobile station supports R-UIM, then the mobile shall set USE_UAKs to USE_UAKr; otherwise, the mobile station shall perform the following:
Set USE_UAKs to ‘0’.
If USE_UAKr is equal to ‘1’, then the mobile station shall send a Mobile Station Reject Order with ORDQ equal to ‘00010100’ (UAK not supported).
-
Set RESTORE_KEY to ‘0’.
-
Send a Security Mode Completion Order.
-
Disable the key setup timer if it is running.
Set INTEGRITY_MODEs to the SDU_INTEGRITY_ALGO delivered by the LAC Layer.
• If ENC_KEY_SIZEr is included and not set to reserved value and if current key strength is greater than the desired key strength specified by ENC_KEY_SIZEr according to table 3.7.4.5-2, mobile station shall perform the key strength reduction algorithm procedures to reduce the key strength of ENC_KEY[KEY_ID] according to ENC_KEY_SIZEr as described in 2.3.12.5.4. The current key strength is 64 bit if KEY_ID is equal to ‘00’ or ‘01’ and is 128 bit if KEY_ID is equal to ‘10’ or ‘11’.
2.6.11.3 General Handoff Direction Message and Universal Handoff Direction Message
The mobile station shall perform the following procedures in the order listed below at the action time of the message.
• If D_SIG_ENCRYPT_MODEr is included, the mobile station shall set D_SIG_ENCRYPT_MODEs to D_SIG_ENCRYPT_MODEr.
• If ENC_KEY_SIZEr is included, the mobile station shall set ENC_KEY_SIZEs to ENC_KEY_SIZEr.
• If REGISTER_IN_IDLEr is included, the mobile station shall set REGISTER_IN_IDLEs to REGISTER_IN_IDLEr.
• If MSG_INTEGRITY_SUPr is included, the mobile station shall set MSG_INTEGRITY_SUPs to MSG_INTEGRITY_SUPr.
• If GEN_2G_KEYr is included and is set to ‘1’, the mobile station shall perform the following in the order listed below:
-
Perform the CDMA_3G_2G_Conversion procedure as defined in [44] for 3G to 2G one-way roaming to generate a new CMEAKEY from CK.
-
Set TX_EXT_SSEQ[0][‘00’] to TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][‘00’] to TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][‘00’] to RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][‘00’] to RX_EXT_SSEQ[1][KEY_ID].
-
Form a 128-bit pattern by concatenating the resultant CMEAKEY with a copy of itself.
-
Store the 128-bit pattern in ENC_KEY[‘00’] and INT_KEY[‘00’].
-
Set KEY_ID and LAST_2G_KEY_IDs to ‘00’.
• If ENC_KEY_SIZEr is included and not set to reserved value and if current key strength is greater than the desired key strength specified by ENC_KEY_SIZEr according to table 3.7.4.5-2, mobile station shall perform the key strength reduction algorithm procedures to reduce the key strength of ENC_KEY[KEY_ID] according to ENC_KEY_SIZEr as described in 2.3.12.5.4. The current key strength is 64 bit if KEY_ID is equal to ‘00’ or ‘01’ and is 128 bit if KEY_ID is equal to ‘10’ or ‘11’.
2.6.11.4 Security Mode Command Message on f-csch
The mobile station shall perform the following procedures in the order listed below.
• Set C_SIG_ENCRYPT_MODEs to C_SIG_ENCRYPT_MODEr.
• If ENC_KEY_SIZEr is included, the mobile station shall set ENC_KEY_SIZEs to ENC_KEY_SIZEr.
• If MSG_INTEGRITY_SUPs is equal to ‘0’, C_SIG_ENCRYPT_MODEr is not equal to ‘000’ and the mobile sent a Security Mode Request Message with the NEW_SSEQ_H_INCL field equal to ‘1’ prior to receiving this message when C_SIG_ENCRYPT_MODEs was not equal to ‘000’, the mobile station shall perform the following:
-
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Security Mode Request Message.
• If MSG_INTEGRITY_SUPs is equal to ‘1’ and MSG_INTEGRITY_INFOr is equal to ‘1’, the mobile station shall perform the following:
If CHANGE_KEYSr is equal to ‘0’, the mobile station shall set RESTORE_KEY to ‘0’.
If CHANGE_KEYSr is equal to ‘1’, the mobile station shall perform the following:
+ Set KEY_ID to SDU_KEY_ID provided by the LAC Layer (see [4]).
+ If KEY_ID is equal to ‘00’ or ‘01’, the mobile station shall perform the following:
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Security Mode Request Message.
Form a 128-bit pattern by concatenating the CMEAKEY with a copy of itself (the most recently generated CMEAKEY associated with the AUTHR of the Registration Message, Origination Message, Page Response Message or the CMEAKEY associated with the AUTHU generated during Unique Challenge-Response procedure as described in 2.3.12.1.4).
Set ENC_KEY[KEY_ID] to the 128-bit pattern.
Set INT_KEY[KEY_ID] to the 128-bit pattern.
Set LAST_2G_KEY_IDs to KEY_ID.
+ If KEY_ID is equal to ‘10’ or ‘11’, the mobile station shall perform the following:
Set TX_EXT_SSEQ[0][KEY_ID], TX_EXT_SSEQ[1][KEY_ID], RX_EXT_SSEQ[0][KEY_ID], and RX_EXT_SSEQ[1][KEY_ID] to 1 + 256 NEW_SSEQ_H included in the Authentication Response Message, or Security Mode Request Message.
Set ENC_KEY[KEY_ID] to the CK generated by AKA.
Set INT_KEY[KEY_ID] to the IK generated by AKA.
Set LAST_3G_KEY_IDs to KEY_ID.
If the mobile station supports R-UIM, then the mobile station shall set USE_UAKs to USE_UAKr; otherwise, the mobile station shall perform the following:
à Set USE_UAKs to ‘0’.
à If USE_UAKr is equal to ‘1’, then the mobile station shall send a Mobile Station Reject Order with ORDQ equal to ‘00010100’ (UAK not supported).
+ Set RESTORE_KEY to ‘0’.
+ Perform the key strength reduction algorithm procedures to reduce the key strength of ENC_KEY[KEY_ID] according to ENC_KEY_SIZEr as described in 2.3.12.5.3.
+ Send a Security Mode Completion Order.
+ Disable the key setup timer if it is running.
-
Set INTEGRITY_MODEs to the SDU_INTEGRITY_ALGO delivered by the LAC Layer.
• If ENC_KEY_SIZEr is included and not set to reserved value and if current key strength is greater than the desired key strength specified by ENC_KEY_SIZEr according to table 3.7.4.5-2, mobile station shall perform the key strength reduction algorithm procedures to reduce the key strength of ENC_KEY[KEY_ID] according to ENC_KEY_SIZEr as described in 2.3.12.5.4. The current key strength is 64 bit if KEY_ID is equal to ‘00’ or ‘01’ and is 128 bit if KEY_ID is equal to ‘10’ or ‘11’.
2.6.11.5 Base Station Reject Order on f-csch and f-dsch.
The mobile station shall perform the following procedures in the order listed below.
• If ORDQr is equal to ‘00000000’ or if ORDQr is equal to ‘00000010’, REJECT_REASONr = ‘0011’, and REJECTED_L3_MSG_TYPEr indicates the rejected message is an Origination Message, the mobile station shall set ENC_KEY[i] and INT_KEY[i] to NULL, where i ranges from ‘00’ to ‘11’. The mobile station shall set C_SIG_ENCRYPT_MODEs to ‘000’. The mobile station shall re-originate by sending a new Origination Message.
• If ORDQr is equal to ‘00000001’ or if ORDQr is equal to ‘00000010’ and REJECTED_L3_MSG_TYPEr indicates the rejected message is not an Origination Message, the mobile station shall send a Security Mode Request Message. If MSG_INTEGRITY_SUPs is equal to ‘0’, the mobile station shall select a 24-bit number and include this number in the NEW_SSEQ_H field in the Security Mode Request Message; otherwise, the mobile station shall select a 24-bit number and deliver this number to the LAC Layer along with the Security Mode Request Message. If the mobile receives two Base Station Reject Orders without successfully decrypting any encrypted message or without successfully validating the MACI of any message between the two orders, the mobile station shall set REG_SECURITY_RESYNC to YES and enter the System Determination Substate with an encryption/message integrity failure indication.
2.6.11.6 Mobile Station processing when decryption or MACI check failed
Whenever the mobile station cannot decrypt an encrypted message or validate the MACI of a message that requires MACI validation, the mobile station may send an un-encrypted Mobile Station Reject Order indicating the failure condition to the base station.
If the failure to decrypt or to validate MACI persists, the mobile station may attempt to resynchronize the crypto-sync with the base station by sending a Security Mode Request Message to the base station as follows:
• If MSG_INTEGRITY_SUPs is equal to ‘0’, the mobile station shall select a 24-bit number and include this number in the NEW_SSEQ_H44 field in the Security Mode Request Message; otherwise, the mobile station shall select a 24-bit number and deliver this number to the LAC Layer along with the Security Mode Request Message.
The mobile station shall set REG_SECURITY_RESYNC to YES and enter the System Determination Substate with an encryption/message integrity failure indication if either of the following conditions are true:
• The mobile station chooses not to perform resynchronization procedure as described above.
• The mobile station still cannot decrypt message or validate the MACI of message from the base station after successfully receiving and processing Security Mode Command Message in response to Security Mode Request Message sent by mobile station in resynchronization procedure as specified in 2.6.11.4 or 2.6.4.1.14.
Share with your friends: |