In this article, we’ll see the mechanisms put in place to ensure the integrity of data.
The principle is simple: with each data frame, we add a code of several bytes of information. This code is calculated thanks to mathematical functions called Cryptographic Hash Functions and which have a few special properties.
Knowing the output of the function, one cannot reconstruct the input data. Moreover, the size of the output data is always the same and does not depend on the size of the input data.
The code added to each frame is called a message authentication code, MAC. Be careful! In networks, we also use the abbreviation MAC for Medium Access Control. The authentication MAC has nothing to do with the MAC layer or the computer!
On the radio link, the sender adds this little MAC to the useful data in each frame. The size of the MAC chosen for the LTE network is 32 bits. The receiver, on its part, recalculates the MAC from data and compares this code to the MAC contained in the frame. If the two are the same, the receiver has the guarantee that no one has modified the data and that they come from the true sender. This is integrity control.
Integrity control is used for signaling messages, because they are critical. Let’s take the example of a cell change order sent to the terminal, the handover command. If it is modified, the terminal could be sent to a wrong cell and no longer work correctly or even cause disturbance in the network.
The designers of the 4G networks decided to not activate integrity control for user data.
These data are not created by the network. If it’s necessary, it’s preferable to activate integrity end-to-end, that is, in the terminal application and on the application server.
The receiver and the sender have the same hash function. They have the same key Kint they negotiated during the authentication phase and which is generated in part on the random number and the secret key.
Like the ciphering algorithm, the MAC sequence must be different each time, including when the same message is transmitted twice.
We have also a packet counter incremented with each new transmission, the direction and the bearer identity.
Certain signaling messages are exchanged between the terminal and the eNodeB. Other messages pass through the eNodeB, but are exchanged between the terminal and the MME.
The integrity mechanisms are implemented in the mobile terminal, the eNodeB and the MME.
There are three standardized algorithms to ensure integrity that follow the same logic as the ciphering algorithms: NULL for the test phase, SNOW 3G for compatibility with 3G, and AES.
Let’s see how ciphering and integrity control are combined.
For a given session, we have one constant encryption key and one constant integrity key. Starting with the packet, the sender first ciphers it and then adds the calculated MAC code.
The receiver does the opposite: verify the correspondence of the MAC code, then decipher it.
To summarize, integrity control is provided for signaling messages in 4G networks. A short authentication code called MAC is added to each message.
This code is computed by both the sender and the receiver with an integrity key generated with the secret key and the rand used for the authentication. Integrity is considered as guaranteed if both codes are the same.