NR SA ECC

 

The purpose of this tutorial is to show you how to configure ECC and test. ECC stands for Eliptic Curve Cryptography.  It is the algorithm being used for SUPI <--> SUCI conversion. To improve security, it is not recommended to exchange UE IDs (e.g, IMSI) in plain text over the air. It is recommended to be encrypted before it is sent over the air. ECC is the algorithm that is used to convert the non-encrypted UE ID(SUPI) to encrypted UE ID(SUCI) and back and forth. Overall signaling flow for UE ID exchange is as illustrated below. In short, UE encrypt the SUPI into SUCI and send it to network via RegistrationRequest (or IdentityResponse when requested by Network) and it is get decrypted by UDM on corenetwork.

 

NOTE : SUPI stands for Subscription Permanent Identifier, SUCI stands for Subscription Concealed Information

NOTE : The details of the encryption and decryption process is described in 33.501. Refer to Figure C.3.2-1: Encryption based on ECIES at UE and Figure C.3.3-1: Decryption based on ECIES at home network in 33.501 for the overall algorithm.

 

 

Table of Contents

• NR SA ECC
• Test Setup
• Key Configuration Parameters
• Test 1 :  ECIES scheme profile A 
• Configuration
• Perform the Test
• Log Analysis
• RRC / NAS Signaling
• RegistraionRequest (SA)

 

 

Test Setup

 

Test setup for this tutorial is as shown below.

 

 

 

Key Configuration Parameters

 

Followings are important configuration parameters for this tutorial. You may click on the items for the descriptions from Amarisoft documents.

• enb configuration
• ecc_params
• A
• home_nw_private_key
• home_nw_key_id
• B
• home_nw_private_key
• home_nw_key_id

• ue configuration
• ecc_params
• scheme
• home_nw_public_key
• home_nw_public_key_id
• routing_indicator

 

 

 

Test 1 :  ECIES scheme profile A 

 

This test is to test ECIES scheme profile A

 

 

Configuration

 

I used the mme-ims-ecc.cfg on gNB which is copied and modified from mme-ims.cfg (NOTE : only mme.cfg is changed for this tutorial and all other configurations are default files)

 

I used the ue-nr-sa-ecc.cfg on gNB which is copied and modified from ue-nr-sa.cfg

 

 

The mme configuration  mme-ims-ecc.cfg  is configured as follows.

In ue-nr-sa-ecc.cfg , the configuration is done as follows.

 

 

 

Perform the Test

 

Check if the cell is configured as intended.

Power on UE on UE sim.

Confirm that the UE completes the attach and check the throughput.

 

 

 

Log Analysis

sample log-r20230215(n78)   

 

 

 

RRC / NAS Signaling

 

RegistraionRequest (SA)

: This is the RegistrationRequest sent by UE that should be decoded by Network (NOTE : You would see some IEs that has a specific assigned value here, but consider it as just an example value. Those values should vary depending on test requirement)

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x41 (Registration request)

5GS registration type:

  Follow-on request bit = 1

  Value = 1 (initial registration)

ngKSI:

  TSC = 0

  NAS key set identifier = 7

5GS mobile identity:

  SUCI

    SUPI format = 0 (IMSI)

    MCC = 001

    MNC = 01

    Routing indicator = 0

    Protection sheme id = 1 (ECIES scheme profile A)

    Home network public key identifier = 2

    ECC ephemeral public key = 0x1dce5f7e5a1b9138e919e5fd0c1676be79bef2695b5a8933802705aa09d85f7d

    Ciphertext = 0x11affc0551

    MAC tag = 0x7e12cb821b2d980a

UE security capability:

  0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

  0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)