[Proposal] Adding support for Ciphering algorithm in 5G SA for NAS Data #11160
Labels
type: proposal
Proposals and design documents
Comments
|
This is currently abandoned and must be considered stale, however it is important and should be scheduled for the release after 1.9.0. |
|
Moved to "Blocked" because work on 1.9.2 has not started. However, this has not been approved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Adding support for Ciphering algorithm in 5G SA for NAS data
Overview
Current Magma 5G supports all the mandatory integrity algorithms like IA1 and IA2 but on the Encryption front it supports only the mandatory EA0 which is Null-Encryption. TS 33.501 covers mandatory and higly desirable ciphering algorithms {EA0, EA1, EA2} to be supported. This proposal intendes to add support for ciphering algorithms {EEA1 and EEA2}.
Solution
The way it will be realized is to extend the current capabilities of magma which will be exchanged and agreed upon during the Security Mode Procedures. Based on the configuration flow the uplink Nas data will be decrypted and downlink Nas data will be encrypted. Decryption might also be followed by integrity protection procedure based on the configuration.
Any packet after Security Mode Completion will be accepted based on agreed capabilities.
Call Flow
Key Generation
Elements impacted mainly will be MME module
128-NEA1 Algorithm
128-NEA1 :Its based on the Snow 3G stream cipher. Snow 3G is a 32-bit word-oriented stream cipher supporting 128-bit keys, which was also part of the 3G standard. The 3GPP standard supports the encryption (128-NEA1) or authentication (128-NIA1) of blocks of data from 1 to 20’000 bits
EEA1(key=16b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=50b'MonPantalonS'EstDecousu', bitlen=1149)
b'\xc4\xce\xf2\x98\xf0\x92G\x14T\xdc\x9e\xa6LN\x89\xc3\xb9\xff\xce\xb7\x02\xeei=\xe1ZQ\xe7\xf5\xff\x13\xb6\x94\x8f\x1a<w\xc0'W\xe8\xd0\xcc-\x8c\t\x10\xa4\x0eT!&\x11\\xd1v\x96\xb99l\x0eX\xffaR\xb2\x1d\xe0\x8a\x11\x06\xb9;b\xda\xeb@\xe0#o\xba\x17\x14\xa2j\x8d\xcf\x9a\x84ahTi["u'2\xb5t\x90\x16}\x80\xeb\x9f\xe52\xb3\xdb7\xa1H9\xc0W\x8cA\xd3\xcf0\x04\r\xecv\xea5\xe8\xaar\xf3$\xf9}\x12\xab,W\L\x0f\x9e\x0f8'
EEA1(key=16*b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=_, bitlen=1149)
b"MonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPah"
128-NEA2 Algorithm
128-NEA2 :Its based on the AES block cipher. AES is probably the block cipher that has been the most analyzed in the history of cryptography.
EEA2(key=16b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=50b'MonPantalonS'EstDecousu', bitlen=1149)
b'-y\xf1\xee\xb7\xe4\x0c\xf2\xdfz`\xb04"\x8c\xda\xc8B!n\x863V"\xaei\x91\x1b\xc5\xfc\x1dx\xb9l\xe8\x99q\q\x88\x91\xc8f\r\x05\xdf\x94S\x97\xc0\x96\xb75\x00@\xfea\x840\xdb\xa3\x88\x15\x03\x9e\xa4\x98\xa5\x82\xb649\xcez5\xd3\x01\x93\x97\x1dpx\xacW\xe9\xb9.mE3\xb9\xc1\xb8\xbd\x06\x8bI\x7f\xf6\x90A\xd3P\xc9\xbe\xbaE\xa8\xbe\xc2GDQ\x17l\xf7\xac\x0f\x96E\xd0}\x8dw\x80k\x8f\n\xeeW\x94\xfa\xa9/\xc2\x02so\xf4yV\xcad\xf0'
EEA2(key=16*b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=_, bitlen=1149)
b"MonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPah"
The text was updated successfully, but these errors were encountered: