Integrity protection is a scheme that guards the signaling traffic in the air interface against unauthorized attacks. The integrity protection proces is started (and restarted) by the security mode procedure. The same procedure is also used for ciphering control.
To restart or reconfigure the integrity protection, the UTRAN sends a security mode command message on the downlink DCCH in AM RLC using the present integrity protection configuration.
Integrity protection is performed on all RRC messages except:
- HANDOVER TO UTRAN COMPLETE
- PAGING TYPE 1
- PUSCH CAPACITY REQUEST
- PHYSICAL SHARED CHANNEL ALLOCATTION
- RRC CONNECTION REQUEST
- RRC CONNECTION SETUP
- RRC CONNECTION SETUP COMPLETE
- RRC CONNECTION REJECT
- RRC CONNECTION RELEASE
- SYSTEM INFORMATION
- SYSTEM INFORMATION CHANGE INDICATION
- TRANSPORT FORMAT COMBINATION CONTROL
For the CCCH and for each signaling RB, two integrity-protection hyperframe numbers are used (both 28 bits):
1. Uplink HFN
2. Downlink HFN
And two message sequence numbers are used (both 4 bits);
1. Uplink RRC message sequence number
2. Downlink RRC message sequence number
By combining these numbers, we get two 32-bit integrity sequence numbers, COUNT-I, one for uplink, and one for downlink, for each signaling radio bearer (RB 0 - 4). Once a UE receives a downlink signaling message, it calculates a message authentication code (MAC) based on the stored COUNT-I information and the received message. The calculated MAC must match with the received MAC, otherwise the message has tampered with and must be discarded. Same applies for uplink messages.