top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

LTE : NAS security mode command , how to form a final message M that is given as input to AES_CMAC function.?

+4 votes

For NAS security mode command ,input giving to CMAC (integrity check) function at both UE and MME side are same but still im getting intgrity check failed ,for exp:
1) KEY = \xef\x6b\xee\xda\x7f\x66\xc5\x67\x34\xa6\x1b\xcf\x1e\x8f\x12\x87.
2) COUNT = 0.
3) BEARER ID =0.
5) mesage = \x07\x5d\x22\x00\x02\xe0\xe0.
6)sequence no. = 0x00.
please can you explain me with this example ,what will be the final message(message forming) M.

posted Apr 9, 2014 by Bheemappa G

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+5 votes

This is the most complicated part. Even i did some digging to find out the appropriate solution. I hope if it will help you. You can take care of these conditions and might you will not get the integrity fail error again.

Some Important points for creating Security Mode Command (EMM):

  • Before you include eKSI in the message, The MME shall set the security header type of the message to "integrity protected with new EPS security context".
    : since this message is only integrity protected but not ciphered. It is "Security protected NAS message".

  • The MME shall include the replayed security capabilities of the UE (including the security capabilities with regard to NAS, RRC and UP (user plane), ciphering as well as NAS, RRC integrity, and other possible target network security capabilities i.e. UTRAN/GERAN if UE included them in the message to network).

  • The MME shall include the replayed nonceUE if the UE included it in initial L3 message to the network

  • The MME shall include both the nonceMME and the nonceUE when creating a mapped EPS security context during inter-system change from A/Gb mode to S1 mode or Iu mode to S1 mode in EMM-IDLE mode.

  • Additionally, the MME may request the UE to send its IMEISV in the SECURITY MODE COMPLETE message

  • The UE shall derive KNASenc and KNASint keys from the key KASME/K'ASME and the received EPS encryption and integrity algorithms (respectively).

NAS Security Mode Command.PNG

answer Apr 9, 2014 by Hiteshwar Thakur
Hello, friend! How would be shown security mode command for null integrity algorithm?
Its very old thread, better ask a fresh question??