Just was going through the 5g security spec for Access Stratum. As far as I understand, the Control Plane integrity and ciphering is mandatory. While User plane integrity and ciphering is optional.
Can some 5g AS experts confirm, my understanding please?
The 5g security architecture related spec of 33.501v15.0.1 says that
In Section 126.96.36.199.3 State transition from RRCINACTIVE to RRCCONNECTED to a new gNB
"The UE shall further derive KRRCint,
KRRCenc, KUPenc (optionally), and KUPint (optionally) from the newly derived KgNB"
From this it looks like KUPenc (optionally), and KUPint (optionally). i.e it is configurable by user.