Security mode command issue (MAC is null)

[Henrique]

Hi Ben,

I have made some tests with openLTE and I am facing an issue related to the security mode command. I have tried to attach one ZTE MF880 dongle to openLTE, which is running with USRP B210 HW. The UE sent a security mode reject after received the security mode command. I suspect that this behavior is related to the MAC of security mode command which is show as 0x00000000 in pcap file. Have you ever faced this issue? Could you give me a tip about this problem?

Notes:
I set the OP variable in liblte_security.cc with the value used by my SIM card.
openLTE informs me: user authentication successful (many times)
* logs and pcap file: https://drive.google.com/file/d/0B1oI8-bD4zaPajBTcUw3cXZwNDg/view?usp=sharing

Best regards,
Henrique Duarte

[przemobe]

Hi Henrique,

I checked debug file you provided and MAC in SMC looks good (I mean it is not 0):
ie.:
10/06/2015 14:42:10.953382 info mme LTE_fdd_enb_mme.cc 1702 Sending Security Mode Command for RNTI=63, RB=SRB1 37ECA5EB6B00075D020002E0E0C1

DLT: 147, Payload: nas-eps (Non-Access-Stratum (NAS)PDU)
Non-Access-Stratum (NAS)PDU
    0011 .... = Security header type: Integrity protected with new EPS security context (3)
    .... 0111 = Protocol discriminator: EPS mobility management messages (0x07)
    Message authentication code: 0xeca5eb6b
    Sequence number: 0
    0000 .... = Security header type: Plain NAS message, not security protected (0)
    .... 0111 = Protocol discriminator: EPS mobility management messages (0x07)
    NAS EPS Mobility Management Message Type: Security mode command (0x5d)
    NAS security algorithms - Selected NAS security algorithms
        0... .... = Spare bit(s): 0x00
        .000 .... = Type of ciphering algorithm: EPS encryption algorithm EEA0 (null ciphering algorithm) (0)
        .... 0... = Spare bit(s): 0x00
        .... .010 = Type of integrity protection algorithm: EPS integrity algorithm 128-EIA2 (2)
    0000 .... = Spare half octet: 0
    .... 0... = Type of security context flag (TSC): Native security context (for KSIasme)
    .... .000 = NAS key set identifier:  (0) ASME
    UE security capability - Replayed UE security capabilities
        Length: 2
        1... .... = EEA0: Supported
        .1.. .... = 128-EEA1: Supported
        ..1. .... = 128-EEA2: Supported
        ...0 .... = 128-EEA3: Not Supported
        .... 0... = EEA4: Not Supported
        .... .0.. = EEA5: Not Supported
        .... ..0. = EEA6: Not Supported
        .... ...0 = EEA7: Not Supported
        1... .... = EIA0: Supported
        .1.. .... = 128-EIA1: Supported
        ..1. .... = 128-EIA2: Supported
        ...0 .... = 128-EIA3: Not Supported
        .... 0... = EIA4: Not Supported
        .... .0.. = EIA5: Not Supported
        .... ..0. = EIA6: Not Supported
        .... ...0 = EIA7: Not Supported
    IMEISV request
        1100 .... = Element ID: 0xc-
        .... 0... = Spare bit(s): 0x00
        .... .001 = IMEISV request: IMEISV requested (1)

10/06/2015 14:42:11.193528 info mme LTE_fdd_enb_mme.cc 203 Received NAS message for RNTI=63 and RB=SRB1 075F18

DLT: 147, Payload: nas-eps (Non-Access-Stratum (NAS)PDU)
Non-Access-Stratum (NAS)PDU
    0000 .... = Security header type: Plain NAS message, not security protected (0)
    .... 0111 = Protocol discriminator: EPS mobility management messages (0x07)
    NAS EPS Mobility Management Message Type: Security mode reject (0x5f)
    EMM cause
        Cause: Security mode rejected, unspecified (24)

My tips are:
1) Check if OP is provided properly. OP is used to generate OPc. OPc is used for further key generation. Sometimes you have given OPc that is programed on the card (not OP).
2) Check if UE see the same MNC/MCC that is configured. MNC+MCC is used for key generation.

Regards,
Przemek

[Sravya Keerthana]

Hi,
I am trying to attach one dongle to OAI LTE branch, which is running with USRP B210 HW using nextEPC. The UE sent a security mode reject after received the security mode command. The NAS key set identifier is set to 0 in security mode command message. And it was able to attach with the other EPC, where the NAS key set identifier value is 1. What can be the issue ?

regards,
Sravya