Adding support for Ciphering algorithm 5G SA for NAS data

[panyogesh]

Proposal: Adding support for Ciphering algorithm 5G SA for NAS data

Elevator Pitch:

Current Magma 5G supports all the mandatory integrity algorithms like IA1 and IA2 but on the Encryption front it supports only the mandatory EA0 which is Null-Encryption. TS 33.501 covers mandatory and highly desirable ciphering algorithms {EA0, EA1, EA2} to be supported. This proposal intends to add support for ciphering algorithms {EEA1 and EEA2}.

As part of this proposal the plan is to enhance security aspects of Magma 5G core and design an implementation to support 128-EEA1, 128-EEA2 as recommended by section 5.5.1 ("Signaling data confidentiality") in TS 33.501.

Total ask

Support of enhanced security algorithm for 5G NAS Layer project is will be delivered in the time frame of 4 Milestones.

Contact Information

Yogesh Pandey (yogesh@wavelabs.ai)

Project Details

The way it will be realized is to extend the current capabilities of magma which will be exchanged and agreed upon during the Security Mode Procedures. Based on the configuration flow the uplink Nas data will be decrypted and downlink Nas data will be encrypted. Decryption might also be followed by integrity protection procedure based on the configuration. Any packet after Security Mode Completion will be accepted based on agreed capabilities.

The sequence for key generation & call flow is covered is shown as below :

128-EEA1 Algorithm

128-EEA1 :Its based on the Snow 3G stream cipher. Snow 3G is a 32-bit word-oriented stream cipher supporting 128-bit keys, which was also part of the 3G standard. The 3GPP standard supports the encryption (128-EEA1) or authentication (128-NIA1) of blocks of data from 1 to 20’000 bits

Encryption

EEA1(key=16b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=50b'MonPantalonS\'EstDecousu', bitlen=1149) b'\xc4\xce\xf2\x98\xf0\x92G\x14T\xdc\x9e\xa6LN\x89\xc3\xb9\xff\xce\xb7\x02\xeei=\xe1ZQ\xe7\xf5\xff\x13\xb6\x94\x8f\x1a<w\xc0\'W\xe8\xd0\xcc-\x8c\t\x10\xa4\x0eT!&\x11\\xd1v\x96\xb99l\x0eX\xffaR\xb2\x1d\xe0\x8a\x11\x06\xb9;b\xda\xeb@\xe0#o\xba\x17\x14\xa2j\x8d\xcf\x9a\x84ahTi["u\'2\xb5t\x90\x16}\x80\xeb\x9f\xe52\xb3\xdb7\xa1H9\xc0W\x8cA\xd3\xcf0\x04\r\xecv\xea5\xe8\xaar\xf3$\xf9}\x12\xab,W\L\x0f\x9e\x0f8'

Decryption

EEA1(key=16*b'\xc1', count=0x9955ab, bearer=0x16, dir=1, datain=, bitlen=1149) b"MonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPah"

128-EEA2 Algorithm

128-EEA2 :Its based on the AES block cipher. AES is probably the block cipher that has been the most analyzed in the history of cryptography.

Encryption

EEA2(key=16b'\xc1', count=0x9955ab, bearer=0x16, dir=1, data_in=50b'MonPantalonS\'EstDecousu', bitlen=1149) b'-y\xf1\xee\xb7\xe4\x0c\xf2\xdfz`\xb04"\x8c\xda\xc8B!n\x863V"\xaei\x91\x1b\xc5\xfc\x1dx\xb9l\xe8\x99q\q\x88\x91\xc8f\r\x05\xdf\x94S\x97\xc0\x96\xb75\x00@\xfea\x840\xdb\xa3\x88\x15\x03\x9e\xa4\x98\xa5\x82\xb649\xcez5\xd3\x01\x93\x97\x1dpx\xacW\xe9\xb9.mE3\xb9\xc1\xb8\xbd\x06\x8bI\x7f\xf6\x90A\xd3P\xc9\xbe\xbaE\xa8\xbe\xc2GDQ\x17l\xf7\xac\x0f\x96E\xd0}\x8dw\x80k\x8f\n\xeeW\x94\xfa\xa9/\xc2\x02so\xf4yV\xcad\xf0'

Decryption

EEA2(key=16*b'\xc1', count=0x9955ab, bearer=0x16, dir=1, datain=, bitlen=1149) b"MonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPantalonS'EstDecousuMonPah"

Ciphering Inputs and outputs

The input parameters to the ciphering algorithm are a 128-bit cipher key named KEY, a 32-bit COUNT, a 5-bit bearer identity BEARER, the 1-bit direction of the transmission i.e. DIRECTION, and the length of the keystream required i.e. LENGTH. The DIRECTION bit shall be 0 for uplink and 1 for downlink.

Summarizing the approach

• Enabling the selection of Encrpytion algorithms in configuration files during start up along (EA0, EA1, EA2 etc.)
• Ensuring the capabilities are exchanged and agreed upon in security mode procedures.
• Add support for deriving the Knas_encryption key from Kamf
• Add decryption support for decrypting uplink messages
• Add encryption support for encrypting downlink messages

Delivery Approach

Feature will be delivered in 4 milestones. Each milestone will have the following 5 process gates

1. Design
2. Development & Unit Testing
3. Code review
4. Integration testing
5. Resolve Integration & existing regression issues

System test will be covered as part of Milestone 4.

Milestone1 - Enabling and Selection of Encryption Algorithms

Tasks to be handled:

• Enabling the selection of encryption algorithms based on priority.
• Checking the security capabilities compatibility during the registration procedure
• Derive Knas_encryption key from KAMF

Milestone2 - Packet processing of Encrypted Nas messages for EA1

Tasks to be handled:

• Decrypting of all the encrypted NAS packets post registration based on EA1.
• Sending encrypted packets for any downling message.
• Adding pipeline for packet decryption followed by integrity protection combination
• Unit Testing on all packets including PduSession related, Failure packets, Paging Service Request Packets etc.
• Basic sanity test cases on simulator

Milestone3 - Packet processing of Encrypted Nas messages for EA2

Tasks to be handled:

• Decrypting of all the encrypted NAS packets post registration based on EA2.
• Sending encrypted packets for any downlin kmessage.
• Adding pipeline for packet decryption followed by integrity protection combination
• Unit Testing on all packets including PduSession related, Failure packets, Paging Service Request Packets etc.
• Basic sanity test cases on simulator

Milestone4 - Automation, Regression and Scale test for the feature

Tasks to be handled:

• Automating the testcases for EA1 encryption for all the packet types falling under the category with and without integrity protection
• Automating the testcases for EA2 encryption for all the packet types falling under the category with and without integrity protection
• Regression test covering all the feature set
• Scaling tests

Test Plan

Following is the set of tests or scenarios to verify support of ciphering algorithms EA1 & EA2.

• Execute registration procedure in integration test, regression test environments.
• Ensuring all the packets post SMC are decrypted properly and the response if required is send accordingly.
• Coverage of paging scenarios, service request and IPv6 cases will also be done.

Feature Roadmap

Feature will be delivered in 4 Milestones. Each milestone duration is 30 calendar days.

---

Milestone	Deliverable Summary
MS1	Encryption configuration. Exchange & Selection logic. Key derivation. Unit & integraton test
MS2	Supporting EEA1 encryption. Unit testing for all packets. Integration and automation tests
MS3	Supporting EEA2 encryption. Unit testing for all packets. Integration and automation tests
MS4	Systems testing with IPv6, Suci Extension, negetive scenarios and bug fixing

[panyogesh]

As part of process raised a github issue : https://github.com/magma/magma/issues/11160

[wendallkaters]

Thank you for submitting this proposal. The MCF grant program is devoted to “kickstarting” sustainable, Magma-powered commercial products and businesses. The MCF Governing Board will prioritize proposals that are directly linked to deals or a sales pipeline. While the technical and feature work is clearly defined, we are unable to prioritize this proposal without clear revenue opportunities.