Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TS 55.241
Specification of the
GIA4 Encryption Algorithms for GPRS –
GIA4 Specification

V17.0.0 (PDF)  2022/03  13 p.
V16.0.0  2020/06  13 p.
V15.0.1  2018/06  12 p.
V14.0.1  2018/06  12 p.
V13.0.1  2018/06  12 p.
Rapporteur:
Mr. Evans, Tim P.
VODAFONE Group Plc

Content for  TS 55.241  Word version:  17.0.0

Here   Top

 

0  IntroductionWord‑p. 4

This specification has been prepared by the 3GPP Task Force, and gives a detailed specification of the 3GPP integrity algorithm GIA4.
This document is the first of three, which between them form the entire specification of the 3GPP Integrity Algorithm GIA4:
  • 3GPP TS 55.241: "Specification of the GIA4 encryption algorithms for GPRS; GIA4 specification".
  • 3GPP TS 55.242: "Specification of the GIA4 encryption algorithms for GPRS; Implementers' test data".
  • 3GPP TS 55.243: "Specification of the GIA4 encryption algorithms for GPRS; Design conformance test data".
Up

1  ScopeWord‑p. 5

The present document defines the technical details of the 3GPP integrity algorithm GIA4.

2  ReferencesWord‑p. 5

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
[2]
TS 35.202: "3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification".
Up

3  Definitions, symbols and abbreviationsWord‑p. 5

3.1  DefinitionsWord‑p. 5

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
(none)

3.2  SymbolsWord‑p. 5

For the purposes of the present document, the following symbols apply:
=
The assignment operator.
The bitwise exclusive-OR operation.
||
The concatenation of the two operands.
KASUMI[x]k
The output of the KASUMI algorithm [2] applied to input value x
using the key k.
X[i]
The ith bit of the variable X. (X = X[0] || X[1] || X[2] || …).
Yi
The ith block of the variable Y. (Y = Y0 || Y1 || Y2 || …).

3.3  AbbreviationsWord‑p. 6

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
CBC-MAC
Cipher Block Chaining Message Authentication Code
MAC
Message Authentication Code

4  Introductory informationWord‑p. 6

4.1  IntroductionWord‑p. 6

The integrity algorithm GIA4 computes a 32-bit MAC (Message Authentication Code) of a given input message using integrity key KI128. The approach adopted uses KASUMI TS 35.202 in a form of CBC-MAC mode.

4.2  NotationWord‑p. 6

4.2.1  RadixWord‑p. 6

The prefix "0x" indicates hexadecimal numbers.

4.2.2  ConventionsWord‑p. 6

The assignment operator "=", as used in several programming languages.
<variable> = <expression>
means that <variable> assumes the value that <expression> had before the assignment took place. For instance,
x = x + y + 3
means
(new value of x) becomes (old value of x) + (old value of y) + 3.

4.2.3  Bit/byte orderingWord‑p. 6

All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. Where a variable is broken down into a number of sub-strings, the left most (most significant) sub-string is numbered 0, the next most significant is numbered 1 and so on through to the least significant.
For example an n-bit MESSAGE is subdivided into 64-bit substrings MB0, MB1… MBi so if the message is:
0x0123456789ABCDEFFEDCBA987654321086545381AB594FC28786404C50A37…
then:
MB0 = 0x0123456789ABCDEF
MB1 = 0xFEDCBA9876543210
MB2 = 0x86545381AB594FC2
MB3 = 0x8786404C50A37…
In binary this would be:
000000010010001101000101011001111000100110101011110011011110111111111110…
with
MB0 = 0000000100100011010001010110011110001001101010111100110111101111
MB1 = 1111111011011100101110101001100001110110010101000011001000010000
MB2 = 1000011001010100010100111000000110101011010110010100111111000010
MB3 = 1000011110000110010000000100110001010000101000110111…
Up

4.3  List of variablesWord‑p. 7

A, B
are 64-bit registers that are used within the function to hold intermediate values.
BLOCKS
an integer variable indicating the number of successive applications of KASUMI that need to be performed.
CONSTANT-F
a 32-bit parameter which is constant for any given FRAMETYPE input.
DIRECTION
a 1-bit input indicating the direction of transmission (uplink or downlink).
FRAMETYPE
an 8-bit input to the function indicating the type of frame to be protected.
INPUT-I
a 32-bit time variant input to the function.
KI128
the 128-bit integrity key.
KM
a 128-bit constant that is used to modify a key.
M
an input to the function which specifies the number of octets of message to be MAC'd (1-65536).
MAC
the 32-bit message authentication code (MAC) produced by the function.
MESSAGE
the input octet stream of length M octets that is to be processed by the function.
PS
is the input padded string processed by the function.
Up

5  Integrity algorithm GIA4Word‑p. 7

5.1  IntroductionWord‑p. 7

The integrity algorithm GIA4 computes a Message Authentication Code (MAC) on an input message under an integrity key IK128. The input message may be between 1 and 65536 octets long.
For ease of implementation the algorithm is based on the same block cipher (KASUMI) as is used by the confidentiality algorithm GEA4.

5.2  Inputs and outputsWord‑p. 7

The inputs to the algorithm are given in Table 5.2.1, the output in Table 5.2.2:
Parameter Size (bits) Comment
INPUT-I32Frame dependent input INPUT-I[0]…INPUT-I[31]
MThe length of MESSAGE in octets (1-65536)
MESSAGE8MInput octet stream MESSAGE{0}….MESSAGE{M-1}
DIRECTION1Direction of transmission DIRECTION[0]
FRAMETYPE8Input value signifying the type of frame to be protected
KI128128Integrity key KI128[0]…KI128[127]
Parameter Size (bits) Comment
MAC32Message authentication code MAC[0]…MAC[31]
Up

5.3  Components and architectureWord‑p. 8

This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.

5.4  InitialisationWord‑p. 8

This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.

5.5  CalculationWord‑p. 8

This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.

A  Components and architecture of the GIA4 algorithmWord‑p. 9

This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.

B  Simulation program listingWord‑p. 10

This clause only available under licence.
See http://www.etsi.org/about/what-we-do/security-algorithms-and-codes/cellular-algorithm-licences.

$  Change HistoryWord‑p. 11


Up   Top