What are the differences between 4G and 5G when it comes to ciphering, integrity control and key hierarchy? That's what we will look at in this video. As with authentication, the general principles in 5G are the same as in 4G. For ciphering we have an encryption key that is calculated from the RAND random number, which we used for authentication. And we will calculate a specific encryption sequence for each transmission from this encryption key. For integrity it's the same, an integrity key is calculated from RAND and for each packet, using a counter as input, we have a mechanism that allows us to calculate a "Message Authentication Code" or MAC, which is added to each packet or each message. What is the scope of ciphering? Ciphering is done for NAS exchanges between the UE and the AMF as well as for radio transmissions, whether it's in the user plane for user data or in the control plane for the RRC messages. The encryption key that is used can be on 128 bits with the possibility of going up to 256 bits. We have four encryption algorithms. The first being no ciphering, used for testing, with the last being the Zu Chongzhi algorithm, which was specified in Rel 11 for 4G. Likewise, for integrity, the calculation of the MAC, which is coded on 32 bits is done for NAS signaling messages between the UE and the AMF as well as for RRC signaling messages between the UE and the gNB. A new development in 5G is that we can also carry out an integrity check on the user data. The algorithms are the same as for ciphering. As with 4G, a system of calculating child keys from the parent keys is used. The long term key of course does not change and is never transmitted outside the entity that stores it. I mean, it remains in the USIM card and in the ARPF. A parent key will be generated by the ARPF, and from a parent key, a child key and a grandchild key will be deduced and so on. Suppose we have a network function that has a key that we will call the parent key. Function B must provide to function A a child key. Function A provides a piece of information that is specific to it or a context element that I have called E. From the parent key and E we will compute a child key that is sent to A. The UE must be able to do the same computation. In other words, the piece of information should be known to the UE. Intermediate keys must not be stored. So, here, B must empty the parent key from its memory... unless there is an absolute necessity to keep it! The key hierarchy key is similar to what we have in 4G. Here we have the long-term key K, which is stored in the ARPF. From a random number and this key K, the ARPF computes a key called CK for ciphering and a key K called IK for integrity. The visiting network indicates its identity and the ARPF calculates K_AUSF key and provides its to the AUSF, which in addition includes a SeQuence Number, so as to avoid having two identical keys if by chance the same RAND were drawn randomly. The K_AUSF key is used by the AUSF, also taking the identity of the visited network and K_SEAF key is deduced from it and sent to the SEAF. This is a grandchild key. From this grandchild key, we calculate great grandchild key using the SUPI (the identity of the UE) and inserting an ABBA counter, ABBA standing for anti bidding done between architectures. It's currently at zero for 5G. If there is a 6G, 7G or if there are evolutions in the security mechanisms, we will set this counter to 1, 2, 3 and so on in order to avoid bidding down attacks by changing the architecture generation. The great grandchild key is K_AMF. It's computed by the SEAF and provided to the AMF. Since it's the same entity, it stays internal. And again, we are going to create a child key using a NAS message counter and an identifier: it will be one value if we are using the key in a 3GPP architecture and another value if it's for a WIFI access point. The AMF calculates K_gNB and provides it to the gNB in the event of the user moving from a source base station to a target base station, in other words, if a handover occurs: it makes more sense to recompute the keys from the parent key. We will again derive a great great great grandchild key for that. The target gNB of the handover indicates its physical identity and the frequency number it uses, and that will allow the gNB to calculate the KgNB* key and then to transfer it. The UE (Sim card and terminal) makes the same calculation of a child key, grandchild key and so on. We will not get back into that here. The UE can manage to calculate K_gNB key and if there is a handover, it's able to deduce the K_gNB*. The ciphering and integrity keys are more precisely the following. From K_AMF, we will compute a key called K_NASEnc for ciphering of NAS messages and K_NASInt integrity key, to ensure integrity. The gNB and the UE also compute KRRCEnc for ciphering and KRRCInt for the integrity control of the RRC messages and the gNB and the UE will also compute a key for ciphering of user data, I mean, in the user plane and, new development in 5G, for integrity in the user plane. To sum up, in 5G we have the same general principles as 4G, namely ciphering and integrity protection with a key hierarchy, but no key prefetching is allowed, and, in addition, there is a possibility of integrity checks in the user plane. >> [MUSIC]
