108
6.7
ETSI EN 300 392-7 V2.3.1 (2006-06)
Encryption control
The following clauses apply for class 2 and class 3 cells.
6.7.1 6.7.1.1
Data to be encrypted Downlink control channel requirements
The following control messages shall not be encrypted on the downlink, as they may be used by MSs prior to establishment of encryption parameters: •
cell synchronization messages sent to the MAC via the TMB-SAP (SYNC, SYSINFO); and
•
the ACCESS DEFINE PDU is not encrypted as it has no associated TM-SDU.
6.7.1.2
Encryption of MAC header elements
When encryption is enabled some of the MAC header shall be considered by the encryption unit as belonging to the TM-SDU. The following rules apply when the encryption is on: •
in the MAC-RESOURCE PDU (see EN 300 392-2 [2], clause 21.4.3.1) all information following the channel allocation flag shall be encrypted. The channel allocation flag shall not be included in the data to be encrypted;
•
in the downlink MAC-END PDU (see EN 300 392-2 [2], clause 21.4.3.3) all information following the channel allocation flag shall be encrypted. The channel allocation flag shall not be included in the data to be encrypted.
The encryption process shall be accomplished in the same manner as is used to encrypt TM-SDUs, i.e. the modulo 2 addition of a key stream, where the key stream shall be generated as a function of frame numbering and cipher key relevant to the addressed party or parties. The KSG shall be initialized as described in clause 6.3.2.1.
6.7.1.3
Traffic channel encryption control
Traffic channels may be transporting speech or data. The information shall be encrypted prior to channel encoding. Traffic slots do not incorporate a separate MAC header in the same way as control (signalling) slots. Instead, the entire slot is used for traffic data. Therefore on a traffic slot, the SDU that is encrypted is the entire content of the transmitted slot. The initial use of encryption on the U-PLANE shall maintain the use of encryption of the C-PLANE signalling message which contains the channel allocation element. The MAC-RESOURCE PDU indicates the encryption state of the PDU and when the PDU contains a channel allocation element the encryption state of the assigned channel shall follow the state of MAC RESOURCE PDU (see EN 300 392-2 [2], clause 21.4.3.1) and the "Encryption mode element" as defined in clause 6.5.1. Encryption of control and traffic (speech/data) channels shall be switched on and off only by the SwMI. For the duration of the channel allocation the encryption state shall not change, however change of parameters within the encryption state may be allowed. In the case that U-PLANE mode is "encrypted" the MS shall send all signalling encrypted (sent with one of stealing, Fast Associated Control Channel (FACCH), Slow Associated Control Channel (SACCH)). In the case where U-PLANE mode of an assigned channel for a call is "clear" the MS shall send all signalling related to that call in clear (sent with one of stealing, FACCH, SACCH) and other signalling may be encrypted. U-PLANE signalling (using STCH) is encrypted starting from the first bit of TM-SDU (see EN 300 392-2 [2], clause 21.4.5). In this case the MAC header does not contain the encryption flag, hence encryption parameters shall be the same as for the traffic.
ETSI