Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 35.201  Word version:  16.0.0

Top   Top   None   None   None
0f…   3__$

...
0f  ForewordWord‑p. 4
This Technical Specification has been produced by the 3rd Generation Partnership Project (3GPP).
The 3GPP Confidentiality and Integrity Algorithms f8 & f9 have been developed through the collaborative efforts of the European Telecommunications Standards Institute (ETSI), the Association of Radio Industries and Businesses (ARIB), the Telecommunications Technology Association (TTA), the T1 Committee.
The f8 & f9 Algorithms Specifications may be used only for the development and operation of 3G Mobile Communications and services. Every Beneficiary must sign a Restricted Usage Undertaking with the Custodian and demonstrate that he fulfills the approval criteria specified in the Restricted Usage Undertaking.
Furthermore, Mitsubishi Electric Corporation holds essential patents on the Algorithms. The Beneficiary must get a separate IPR License Agreement from Mitsubishi Electronic Corporation Japan.
For details of licensing procedures, contact ETSI, ARIB, TTA or T1.
Up
0i  Introduction
This specification has been prepared by the 3GPP Task Force, and gives a detailed specification of the 3GPP confidentiality algorithm f8, and the 3GPP integrity algorithm f9.
This document is the first of four, which between them form the entire specification of the 3GPP Confidentiality and Integrity Algorithms:
  • 3GPP TS 35.201: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification".
  • 3GPP TS 35.202: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification".
  • 3GPP TS 35.203: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors' Test Data".
  • 3GPP TS 35.204: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data".
The normative part of the specification of the f8 (confidentiality) and f9 (integrity) algorithms is in the main body of this document. The annexes to this document are purely informative. Annex 1 contains illustrations of functional elements of the algorithm, while Annex 2 contains an implementation program listing of the cryptographic algorithm specified in the main body of this document, written in the programming language C.
The normative part of the specification of the block cipher (KASUMI) on which they are based is in the main body of Document 2. The annexes of that document, and Documents 3 and 4 above, are purely informative.
Up
0  ScopeWord‑p. 6
This specification gives a detailed specification of the 3GPP confidentiality algorithm f8, and the 3GPP integrity algorithm f9.
1  Outline of the normative partWord‑p. 8
Section 1 introduces the algorithms and describes the notation used in the subsequent sections.
Section 3 specifies the confidentiality algorithm f8.
Section 4 specifies the integrity algorithm f9.
1.1  References
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TS 33.102  version 3.2.0: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture".
[2]
TS 33.105  version 3.1.0: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Cryptographic Algorithm Requirements".
[3]
TS 35.201   "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification".
[4]
TS 35.202   "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification".
[5]
TS 35.203   "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors' Test Data".
[6]
TS 35.204   "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data".
[7]
ISO/IEC 9797-1:1999: "Information technology - Security techniques - Message Authentication Codes (MACs)".
Up
2  Introductory informationWord‑p. 9
2.1  Introduction
Within the security architecture of the 3GPP system there are two standardised algorithms: A confidentiality algorithm f8, and an integrity algorithm f9. These algorithms are fully specified here. Each of these algorithms is based on the KASUMI algorithm that is specified in a companion document [4]. KASUMI is a block cipher that produces a 64-bit output from a 64-bit input under the control of a 128-bit key.
The confidentiality algorithm f8 is a stream cipher that is used to encrypt/decrypt blocks of data under a confidentiality key CK. The block of data may be between 1 and 20000 bits long. The algorithm uses KASUMI in a form of output-feedback mode as a keystream generator.
The integrity algorithm f9 computes a 32-bit MAC (Message Authentication Code) of a given input message using an integrity key IK. The approach adopted uses KASUMI in a form of CBC-MAC mode.
Up
2.2  Notation
2.2.1  Radix
We use the prefix 0x to indicate hexadecimal numbers.
2.2.2  Conventions
We use the assignment operator '=', as used in several programming languages. When we write
  • <variable> = <expression>
we mean that <variable> assumes the value that <expression> had before the assignment took place. For instance,
    x = x + y + 3
means
    (new value of x) becomes (old value of x) + (old value of y) + 3.
2.2.3  Bit/Byte ordering
All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of sub-strings, the left most (most significant) sub-string is numbered 0, the next most significant is numbered 1 and so on through to the least significant.
For example an n-bit MESSAGE is subdivided into 64-bit substrings MB0, MB1… MBi so if we have a message:
  • 0x0123456789ABCDEFFEDCBA987654321086545381AB594FC28786404C50A37…
we have:
  • MB0 = 0x0123456789ABCDEF
  • MB1 = 0xFEDCBA9876543210
  • MB2 = 0x86545381AB594FC2
  • MB3 = 0x8786404C50A37…
In binary this would be:
  • 000000010010001101000101011001111000100110101011110011011110111111111110…
with
  • MB0 = 0000000100100011010001010110011110001001101010111100110111101111
  • MB1 = 1111111011011100101110101001100001110110010101000011001000010000
  • MB2 = 1000011001010100010100111000000110101011010110010100111111000010
  • MB3 = 1000011110000110010000000100110001010000101000110111…
Up
2.2.4  List of SymbolsWord‑p. 10
=
The assignment operator.
The bitwise exclusive-OR operation.
||
The concatenation of the two operands.
KASUMI[x]k
The output of the KASUMI algorithm applied to input value x
using the key k.
X[i]
The ith bit of the variable X. (X = X[0] || X[1] || X[2] || ….. ).
Yi
The ith block of the variable Y. (Y = Y0 || Y1 || Y2 || …. ).
2.3  List of Variables
A, B
are 64-bit registers that are used within the f8 and f9 functions to hold intermediate values.
BEARER
a 5-bit input to the f8 function.
BLKCNT
a 64-bit counter used in the f8 function.
BLOCKS
an integer variable indicating the number of successive applications of KASUMI that need to be performed, for both the f8 and f9 functions.
CK
a 128-bit confidentiality key.
COUNT
a 32-bit time variant input to both the f8 and f9 functions.
DIRECTION
a 1-bit input to both the f8 and f9 functions indicating the direction of transmission (uplink or downlink).
FRESH
a 32-bit random input to the f9 function.
IBS
the input bit stream to the f8 function.
IK
a 128-bit integrity key.
KM
a 128-bit constant that is used to modify a key. This is used in both the f8 and f9 functions. (It takes a different value in each function).
KS[i]
is the ith bit of keystream produced by the keystream generator.
KSBi
is the ith block of keystream produced by the keystream generator. Each block of keystream comprises 64 bits.
LENGTH
is an input to the f8 and f9 functions. It specifies the number of bits in the input bitstream.
MAC-I
is the 32-bit message authentication code (MAC) produced by the integrity function f9.
MESSAGE
is the input bitstream of LENGTH bits that is to be processed by the f9 function.
OBS
the output bit streams from the f8 function.
PS
is the input padded string processed by the f9 function.
REGISTER
is a 64-bit value that is used within the f8 function.
Up

Up   Top