+86-755-89202795

PTCRB 3G/4G/5G wireless cellular encryption and algorithm integrity test

Time:2022-09-26 Views:1151
In 2G/3G/4G/5G and other wireless cellular system products, during the communication process, the link data will be encrypted to ensure the security of communication and the integrity of data after it reaches the terminal. The algorithm can also monitor the missing data bits according to the check bits.

As a conformance test, the test standards used in PTCRB 3G/4G/5G wireless cellular encryption and algorithm integrity tests are:
3GPP TS 33.501 5.11,
3GPP TS 34.123-1,
3GPP TS 34.123-3,
3GPP TS 36.523-1 etc.

In terms of algorithm, some of them can be selected for conduction test according to the customer‘s situation. The test process needs to be controlled with AT commands. In terms of algorithm, the test content includes:
3G algorithm tests include UEA0,UEA1,UEA2,UIA0,UIA1,UIA2.
4G algorithm tests include EEA0,EIA0,EEA1,EEA2,EIA1,EIA2,EIA3,EEA3(ZUC).
5G algorithm test includes NEA0,128-NEA1,128-NEA2,128-NEA3,NIA0,128-NIA1,128-NIA2,128-NIA3.

Taking the integrity protection test as an example, the purpose is to confirm that the UE discards any RRC message containing error message authentication code or RRC message serial number or not containing IE ‘integrity check info‘ after the integrity protection is activated, and the consistency content of 3GPP 
As follows:
1> check the value of the IE "RRC message sequence number" included in the IE "Integrity check info";
2> if the "Downlink RRC Message sequence number" is not present in the variable INTEGRITY_PROTECTION_INFO:
3> initialise the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received message.
2> if the "Downlink RRC Message sequence number" is present in the variable INTEGRITY_PROTECTION_INFO:
3> if the RRC message sequence number is lower than the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:
4> increment "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with one.
3> if the RRC message sequence number is equal to the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO:
4> discard the message.
1> calculate an expected message authentication code in accordance with subclause 8.5.10.3 of TS 25.331;
1> compare the expected message authentication code with the value of the received IE "message authentication code" contained in the IE "Integrity check info";
2> if the expected message authentication code and the received message authentication code are the same, the integrity check is successful:
3> update the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO with the value of the IE "RRC message sequence number" included in the IE "Integrity check info" of the received RRC message.
2> if the calculated expected message authentication code and the received message authentication code differ:
3> if the IE "RRC message sequence number" included in the IE "Integrity check info" is lower than the "Downlink RRC Message sequence number" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO (in this case the "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO was incremented by one, as stated above):
4> decrement "Downlink RRC HFN" for signalling radio bearer RBn in the variable INTEGRITY_PROTECTION_INFO by one.
3> discard the message.

3GPP test procedure:
The UE is in CELL_DCH state, radio access bearer and integrity protection is already activated in generic setup procedure. The SS transmits UE CAPABILITY ENQUIRY message on the downlink DCCH using RLC-UM mode on SRB1. The UE shall respond to with a UE CAPABILITY INFORMATION message on the uplink DCCH using RLC-AM. The SS then sends UE CAPABILITY INFORMATION CONFIRM message to the UE. This procedure is used to initialise the downlink RRC message sequence number in the UE.

SS transmits RRC CONNECTION RELEASE message which does not include the IE "Integrity Check Info" on downlink DCCH. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.
Then SS transmits RRC CONNECTION RELEASE message which includes wrong message authentication code on downlink DCCH. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.
Then SS transmits RRC CONNECTION RELEASE message which includes IE"RRC Message sequence number" as set to the same sequence number as the number in previous received RRC message. The UE shall discard this message and shall not respond using RRC CONNECTION RELEASE COMPLETE message.

Then SS transmits RRC CONNECTION RELEASE message which includes correct RRC Message sequence number and message authentication code. The UE shall transmit RRC CONNECTION RELEASE COMPLETE message on uplink DCCH and enter the idle state.

The above example shows a lot of test processes. The actual equipment is well debugged, and the test speed on the system is quite fast.
If this type of project is sold in the North American or South American market, and a separate request for this kind of test is made, according to the technical experience of the Deeplight standard, Mexican customers are the most important customer group, because Mexican telecom operators require equipment manufacturers to provide such tests.

The test of ‘IMEI SVN‘ is often encountered in synchronization. This is generally provided by the manufacturer to identify each approved commercial software version. The network can request IMEI SV acquisition from any Phase 2 or higher device. A typical IMEISVN consists of TAC NNXXXXXX+ Serial No ZZZZZZ+ SVN SS.
SVN should be incremented with version when device software is modified, 2-digit SVN assignment is by reporting authority, SVN ‘99‘is reserved for future use.

For the above 3G, 4G, 5G algorithm and integrity tests, Deeplight has assisted many equipment manufacturing companies to complete projects, welcome to consult us for this project test!