NR SA ECC
The purpose of this tutorial is to show you how to configure ECC and test. ECC stands for Eliptic Curve Cryptography. It is the algorithm being used for SUPI <--> SUCI conversion. To improve security, it is not recommended to exchange UE IDs (e.g, IMSI) in plain text over the air. It is recommended to be encrypted before it is sent over the air. ECC is the algorithm that is used to convert the non-encrypted UE ID(SUPI) to encrypted UE ID(SUCI) and back and forth. Overall signaling flow for UE ID exchange is as illustrated below. In short, UE encrypt the SUPI into SUCI and send it to network via RegistrationRequest (or IdentityResponse when requested by Network) and it is get decrypted by UDM on corenetwork.
Table of Contents
- NR SA ECC
Test Setup
Test setup for this tutorial is as shown below.
Key Configuration Parameters
Followings are important configuration parameters for this tutorial. You may click on the items for the descriptions from Amarisoft documents.
- enb configuration
- ecc_params
- A
- home_nw_private_key
- home_nw_key_id
- B
- home_nw_private_key
- home_nw_key_id
- ue configuration
- ecc_params
- scheme
- home_nw_public_key
- home_nw_public_key_id
- routing_indicator
Test 1 : ECIES scheme profile A
This test is to test ECIES scheme profile A
Configuration
I used the mme-ims-ecc.cfg on gNB which is copied and modified from mme-ims.cfg (NOTE : only mme.cfg is changed for this tutorial and all other configurations are default files)
I used the ue-nr-sa-ecc.cfg on gNB which is copied and modified from ue-nr-sa.cfg
The mme configuration mme-ims-ecc.cfg is configured as follows. You just put pairs of home_nw_private_key and home_nw_key_id for the parameter A and B. You can put as many key, id pairs as you want to allow. (
In ue-nr-sa-ecc.cfg , the configuration is done as follows. You need to specify any public key information (home_nw_public_key_id and home_nw_public_key) that matches any of the private key specified in the callbox. (
Perform the Test
Check if the cell is configured as intended.
Power on UE on UE sim.
Confirm that the UE completes the attach and check the throughput.
Log Analysis
First when using ECC, UE is supposed to configure the proper ECC parameters in SUCI IE if Registration Request.
The ECC information (included in SUCI) is transferred to core network via N12 interface (the interface between AMF and AUSF).
The AUSF verifies the information with UDM over N13 interface (the interface between AUSF and UDM).
If the key is verified successfully, AUSF issues Status 200 with corresponding authentication key so that AMF trigger Authentication Request.
RRC / NAS Signaling
RegistraionRequest (SA)
: This is the RegistrationRequest sent by UE that should be decoded by Network (
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x41 (Registration request)
5GS registration type:
Follow-on request bit = 1
Value = 1 (initial registration)
ngKSI:
TSC = 0
NAS key set identifier = 7
5GS mobile identity:
SUCI
SUPI format = 0 (IMSI)
MCC = 001
MNC = 01
Routing indicator = 0
Protection sheme id = 1 (ECIES scheme profile A)
Home network public key identifier = 2
ECC ephemeral public key = 0x1dce5f7e5a1b9138e919e5fd0c1676be79bef2695b5a8933802705aa09d85f7d
Ciphertext = 0x11affc0551
MAC tag = 0x7e12cb821b2d980a
UE security capability:
0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)