NR U-plane Integrity

This tutorial is mainly for showing how to enable U-plane integrity in NR and how to verify the functionality. U-Plane Integrity (User Plane Integrity) is a new / strengthened security feature added to 5G/NR.

Since the integrity protection feature can require significant resources and not all devices may be able to support it at the maximum data rate, 5G systems allow for negotiation of appropriate data rates for integrity protection. For instance, if a device indicates that it can only support 64 kbps for integrity protected traffic, the network will only activate integrity protection for user plane connections that do not exceed that 64-kbps limit

The support of the integrity protection feature is mandatory for both UE and gNB but the use is optional and under the control of operators.

Table of Contents

• NR U-plane Integrity
• Introduction
• Summary of the Tutorial
• Test Setup
• Key Configuration Parameters
• Configuration
• Perform the test
• Log Analysis

Introduction

5G New Radio (NR) introduces several advanced security mechanisms to address the evolving threat landscape and stringent data protection requirements of modern wireless systems. Among these, User Plane Integrity (U-plane integrity) stands out as a pivotal enhancement that ensures the authenticity and integrity of user data transmitted over the radio interface. Unlike legacy systems where integrity protection was primarily applied to control plane signaling, 5G NR extends this protection to the user plane, enabling safeguarding of subscriber data against tampering and unauthorized alterations during transmission. U-plane integrity operates by appending cryptographic integrity check values to user plane packets, allowing both the network (gNB) and user equipment (UE) to verify data authenticity in real time. Architecturally, this mechanism is embedded within the radio protocol stack, specifically interfacing with the Packet Data Convergence Protocol (PDCP) sublayer, and is negotiated and activated based on device capabilities and operator policies. The feature’s significance lies in its ability to provide an additional layer of trust and security for sensitive applications, such as financial transactions, remote healthcare, and industrial automation, where data integrity is paramount. However, due to the computational overhead associated with cryptographic operations, not all devices may support the highest throughput levels for integrity-protected traffic; thus, 5G systems include mechanisms for capability negotiation and dynamic adaptation. This tutorial provides a step-by-step guide on enabling U-plane integrity in NR networks and demonstrates methods for verifying its operational effectiveness, empowering engineers and security professionals to deploy and validate this critical feature within their 5G ecosystems.

• Context and Background
  • 5G NR represents a significant evolution in mobile communications, introducing new security features such as User Plane Integrity to address the demands of high-speed, secure data transmission.
  • Traditional mobile systems focused integrity protection on control plane signaling; 5G NR extends this to the user plane, enhancing end-to-end security.
  • U-plane integrity is implemented at the PDCP layer and relies on cryptographic algorithms negotiated between the UE and gNB.
• Relevance and Importance
  • Ensures that user data remains unaltered and authentic during transmission over the radio interface, protecting against man-in-the-middle and replay attacks.
  • Essential for applications requiring high levels of data trust, such as IoT, autonomous vehicles, and mission-critical communications.
  • Compliance with regulatory and industry standards for data integrity in wireless communications.
• Tutorial Objectives
  • Guide participants through the process of enabling U-plane integrity on 5G NR devices and networks.
  • Demonstrate practical methods for verifying the functionality and effectiveness of U-plane integrity protection.
  • Provide insights into capability negotiation and system limitations based on device and network configurations.
• Learner Outcomes
  • Understand the principles and architecture behind U-plane integrity in 5G NR.
  • Gain hands-on experience in configuring and validating integrity protection features in real-world 5G environments.
  • Develop the ability to troubleshoot common issues and interpret system behavior related to U-plane integrity.
• Prerequisite Knowledge
  • Familiarity with 5G NR architecture and protocol stack, especially PDCP layer operations.
  • Understanding of basic cryptographic concepts and security mechanisms in wireless networks.
  • Experience with 5G testing tools, network configuration, or protocol analysis is advantageous.

Summary of the Tutorial

This tutorial describes the procedure to test user-plane integrity protection configuration and operation in an NR/LTE test environment using a callbox and UE.

• Test Setup:
  • The SIM card provided with the system is used without modification.
  • Guidance for changing configurations is available in the referenced Configuration Guide.
  • Physical setup involves connecting the UE to the callbox as illustrated in the provided diagram.
• Key Configuration Parameters:
  • Ensure critical parameters such as integrity_protection, apn_aggregate_max_bitrate_dl, and apn_aggregate_max_bitrate_ul are properly set for the test.
• Configuration Steps:
  • Use the default gnb-sa.cfg configuration for the gNB without modification, except for updating the log options as shown in the tutorial.
  • For the MME, use mme-ims-integrity.cfg, which is derived and modified from mme-ims.cfg.
  • Update the relevant configuration files to reflect the UE's bitrate capability, ensuring values are appropriate for the device under test.
  • Visual confirmation of configuration changes is provided through screenshots for reference.
• Test Execution Procedure:
  • Verify cell configuration to ensure compatibility with UE capabilities.
  • Power on the UE and confirm successful registration to the network.
  • Confirm that the UE is assigned an IMS PDN.
  • Initiate a ping from the callbox to the UE; verify successful communication as an indicator of proper configuration and connectivity.
• Log Analysis Methodology:
  • Analyze protocol logs to confirm UE support for user-plane integrity, specifically by checking the 'Integrity protection maximum data rate' information element in the PDU session establishment request.
  • Observe MME (core network) decision-making regarding the application of user-plane integrity protection.
  • Verify that the decision to apply integrity protection is communicated to the UE via the PDCP configuration in the RRC Reconfiguration procedure.

The tutorial emphasizes following the configuration and verification steps closely, checking both network and UE behavior, and confirming via logs that integrity protection mechanisms are functioning as intended.

Test Setup

Test setup for this tutorial is as shown below.  

• SIM Card used in this tutorial is the one delivered with the system as it is.
• If you want to change the configuration, The tutorial Configuration Guide would help

Key Configuration Parameters

Followings are important configuration parameters for this tutorial. You may click on the items for the descriptions from Amarisoft documents.

• integrity_protection
• apn_aggregate_max_bitrate_dl
• apn_aggregate_max_bitrate_ul

Configuration

I used the gnb-sa.cfg without any change.

I used mme-ims-integrity.cfg for mme which is copied and modified from mme-ims.cfg.

In gnb-sa.cfg file, I changed the log option as shown below without chaning any other part.

In mme-ims-integrity.cfg , I added the following configuration. Before you set this, you would need to know of UE capability about the bitrate and put appropriate values here

Perform the test

Check basic cell configuration and make it sure that it is configured as per your UE capability.

Power On UE and make it sure that UE get registerred.

Make it sure that UE is assigned with IMS pdn.

Try ping from Callbox to UE and see if the ping goes through.

Log Analysis

First check if the UE support Uplane intetrity. You can check this out with 'Integrity protection maximum data rate' IE in PDU session Establishment Request message.

MME (Core Network) will determine whether it will apply the uplane integrity or not.

The decision (i.e, the decision to apply the integrityProtection) is informed to UE as pdcp-Config in RRC Reconfiguration.