Feature Deployment and Testing Guide

Ciphering Feature
Feature ID: ZWF21-01-005

Version: V3.11.10

ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2012 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Revision No. Revision Date Revision Reason

R1.0 2012-08-09 First edition

Serial Number: SJ-20120802112720-006

Publishing Date: 2012-08-09 (R1.0)

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Contents
Chapter 1 Functional Description ............................................................. 1-1
Chapter 2 Preparations .............................................................................. 2-1
Chapter 3 Data Configuration.................................................................... 3-1
Chapter 4 Testing ....................................................................................... 4-1
4.1 Test Purpose...................................................................................................... 4-1
4.2 Steps for Test..................................................................................................... 4-1
4.3 Expected Results ............................................................................................... 4-2

Chapter 5 Counter List............................................................................... 5-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 II

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 1
Functional Description
When the Uu interface broadcasts data, the function can be used to encrypt the service
data and signaling data of the user and protect the security of the communication between
the RNC and the UE. The ZTE RAN supports the encryption algorithms UEA0 and UEA1:
UEA0 means that the data from the Uu interface are not encrypted; UEA1 is based on the
encryption algorithm f8 of the KASUMI algorithm and supports encryption and decryption.
Whether the encryption protection function should be enabled and which encryption
algorithm is to be applied can be configured in the CN. Through the security mode
command process of the RAN Application Part (RANAP), a message with key of the
encryption algorithm is sent to the RNC, requesting the RNC to enable the encryption. The
RNC selects an encryption algorithm according to its encryption capability, the encryption
capability of the UE, and priority of encryption algorithms available to the UE, and then
starts the encryption process through the security mode command process of the RRC.
When the encryption function is enabled, the RNC or the UE encrypts the data to be
transmitted in compliance with the f8 algorithm, with the encryption key and variables
varying with the data volume. The receiver decrypts the data using the same algorithm.
Encryption is implemented in the RLC layer (AM or UM mode) or MAC layer (TM mode).
Downlink direct transfer: The RNC receives the DIRECT TRANSFER message from the
CN, forwards the information in the DIRECT TRANSFER message to the UE, and transmits
the DOWNLINK DIRECT TRANSFER message to the UE.

The security mode control flow specifies the algorithms and parameters of the encryption
and integrity protection between the UE and the RNC. The CN sends the security mode
control message to the RNC to specify the algorithms and parameters of integrity check
and encryption. If the RNC finishes the process at the radio interface, the RNC sends the
SECURITY MODE COMPLETE message to the CN. Figure 1-1 shows the process of RAN
resource allocation.

1-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

Feature Deployment and Testing Guide Feature ID: ZWF21-01-005

Figure 1-1 Security Mode Control Flow

As shown in the above figure, the RNC receives the SECURITY MODE COMMAND
message from the CN. The message contains the Integrity Protection Information
and Encryption Information, or the Integrity Protection Information only. The Integrity
Protection Information contains two parts: integrity protection algorithm and integrity
protection key commended by CN. The integrity protection currently supports two
algorithms: UIA1 and UIA2. The Encryption Information also contains two parts:
encryption algorithm and encryption key commended by CN. There are three types of
encryption algorithm: no encryption, UEA1 and UEA2.

Thereinto, UEA1 and UIA1 is the security algorithm in 3GPP phase 1, and UEA2, UIA2
are introduced in 3GPP R7. Compared with the security algorithms of phase 1, UEA2
and UIA2 support higher rate and efficiency, better security performance. ZTE UTRAN
supports all of these security algorithms.
The control procedure of security mode is as following:
l When RNC receive SECURITY MODE COMMAND message from CN, RNC selects
security algorithms according to:
Encryption algorithm selection:
1. The RNC judges whether it supports the encryption algorithm configured in the
CN. If not, the RNC returns the SECURITY MODE REJECT message to CN. The
encryption algorithm (EncryAlg) and integrity protection algorithm (IntegrityAlg)
supported by the RNC can be configured in the OMCR.
2. If there’s intersection between the encryption algorithms supported by CN and
RNC, RNC selects the algorithms supported by RNC and CN, and holds the
priority queue of the algorithms commended by CN.
3. RNC judges whether the UE supports the algorithm. If the RNC lacks the
capability of the UE, it queries the capability of the UE. For details, refer to the
section “Querying the UE Capability”.

1-2

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 1 Functional Description

4. RNC judges if this is the first encryption algorithm selection of the UE in this RNC:
à If it is the first time, RNC selects the first algorithm that UE supports from the
encryption algorithm intersection supported by CN and RNC. If the selection
result is UEA0 or there’s no intersection in CN, RNC and UE, RNC select “on
encryption”.
à If it isn’t the first time, RNC selects the encryption algorithm used for the UE.
Integrity protection algorithm selection
1. The RNC judges whether it supports the integrity protection algorithm configured
in the CN. If not, the RNC returns the SECURITY MODE REJECT message
to CN. The encryption algorithm (EncryAlg) and integrity protection algorithm
(IntegrityAlg) supported by the RNC can be configured in the OMCR.
2. If there’s intersection between the algorithms supported by CN and RNC, RNC
selects the algorithms supported by RNC and CN, and holds the priority queue of
the algorithms commended by CN.
3. RNC judges whether the UE supports the algorithm. If the RNC lacks the capa-
bility of the UE, it queries the capability of the UE. For details, refer to the section
“Querying the UE Capability”.
4. RNC judges whether the UE set up connection in other domain.

à If the UE has connection in other domain, RNC selects the integrity algorithm
that is used for the UE in that domain.
à f the UE has no connection in other domain, RNC selects the first algorithm
that UE supports from the encryption algorithm intersection supported by CN
and RNC.
l If the RNC and the UE support the encryption algorithm and integrity protection
algorithm configured in the CN, the RNC suspends the SRB entities except RB0
and RB2.After the RNC sends a SECURITY MODE COMMAND message to the
UE through SRB2, it then provides integrity protection for the downlink data carried
through SRB2.
l After the UE receives an encryption command, if processing fails, it returns the
SECURITY COMMAND FAILURE message to the RNC. After the RNC receives
the failure message, it recovers the suspended SRBs and sends the SECURITY
COMMAND REJECT message to the CN.
l After the UE receives the encryption command, if processing succeeds, it returns the
SECURITY COMMAND COMPLETE message to the RNC. After the RNC receives
the SECURITY COMMAND COMPLETE message, it recovers the suspended SRBs
and implements integrity protection and encryption for all uplink and downlink signaling
of all SRBs. The RNC returns the SECURITY COMMAND COMPLETE message to
the CN.
After the security mode is terminated, the encryption and integrity protection for the SRB
are also terminated accordingly. The RNC implements encryption and integrity protection
for the signaling data carried in the SRBs.

1-3

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

Feature Deployment and Testing Guide Feature ID: ZWF21-01-005

The UE stores the encryption parameter and encryption algorithm obtained during the
safety mode process. After the data radio bearer (DRB) is set up, the UE encrypts the
DRBs using the encryption parameters of the CS domain or PS domain.

1-4

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 2
Preparations
License
N/A

Hardware Requirement
NE Requirement

RNC √

NodeB √

Software Requirement
NE Involved Version Requirement

UE YES UMTS FDD Number: 2

Category: Any
Release: R99

Node B YES V4.11.10.14 None

RNC YES V3.11.10.11 ZTE equipment

MSCS YES ZTE equipment

MGW YES ZTE equipment

SGSN NO ZTE equipment

GGSN NO

HLR NO

Topology
Topology is shown in Figure 2-1.

2-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

Feature Deployment and Testing Guide Feature ID: ZWF21-01-005

Figure 2-1 Topology

2-2

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 3
Data Configuration
SGSN/GGSN - ZTE
N/A

MSC/MGW - ZTE
N/A

HLR - ZTE
N/A

RNC
Parameters setting in RNC

Figure 3-1 Cell Ability and Cell Reselection: Support HSUPA, HSDPA and DCH

View > Configuration Management > RNC Managed Element > RNC Radio Resource
Management > UTRAN Cell > UTRAN Cell xx > Cell Ability and Cell Reselection

Node B
N/A

3-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

Feature Deployment and Testing Guide Feature ID: ZWF21-01-005

This page intentionally left blank.

3-2

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 4
Testing
Table of Contents
Test Purpose ..............................................................................................................4-1
Steps for Test .............................................................................................................4-1
Expected Results .......................................................................................................4-2

4.1 Test Purpose

The purpose of this test case is to verify if the procedure of ciphering is normal.
Related documents:

ZTE UMTS Connection Management Feature Guide.doc

4.2 Steps for Test

1. UE1 makes a voice call to UE2 in cell1. The call procedure is normal. After
RRC connection is set up, CN sends the “DirectTransferMsg” to RNC to request
authentication mode.

2. RNC then sends the authentication request information to UE. Once accepting
authentication request, UE response to RNC the “AUTHENTICATION RESPONSE
Message” in the “uplinkDirectTransfer” message.

3. RNC receives the “SecurityModeCommandMsg” from CN. The message contains

the encryption information. The picture below shows that the CN permits 2 types of
encryption algorithm: UEA1 and no encryption.

4-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

Feature Deployment and Testing Guide Feature ID: ZWF21-01-005

4. When RNC receive “SecurityModeCommandMsg” message from CN, it selects

security algorithms according to its encryption algorithm selection. Since RNC
supports UEA1 algorithm by configuration, it sends “securityModeCommand”
message to UE to inform its ciphering mode information.

UE then sends “securityModeComplete” message to RNC to ensure the security mode

is complete.

5. RNC informs CN that the procedure of security mode is success. The

“SecurityModeCompleteMsg” sent from RNC to CN shows that the encryption
algorithm finally chosen is UEA1.

4.3 Expected Results

After UE2 picks up UE1’s incoming call, the AMR voice call is established successfully.
The ciphering procedure is success. The ciphering method is correctly selected.

4-2

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential

 Chapter 5
Counter List
Counter No. Description

C310080001 Number of attempted RRC connection

establishment, Originating Conversational Call

C310080008 Number of attempted RRC connection

establishment, Terminating Conversational Call

C310080170 Number of successful RRC connection access,

MO Conversational Call

C310080177 Number of successful RRC connection access,

MT Conversational Call

C310090254 Number of attempted RAB assignment setup in

cell for CS domain, AMR 12.2K

C310100713 Number of successful RAB assignment setup in

cell for CS domain, AMR 12.2K

C310180968 Number of attempted DCH RB establishment in

cell for CS domain, AMR 12.2K

C310231231 Number of RNC initiate RAB release by Iu release

request for CS domain, AMR 12.2

5-1

SJ-20120802112720-006|2012-08-09 (R1.0) ZTE Proprietary and Confidential