H.4 Protection of GMM messages

3GPP43.020Release 16Security related network functionsTS

Integrity protection and encryption of GMM messages for CIoT enhanced GPRS is described in TS 24.008 [11] clause 4.7.1.2a, and shall follow the same principle as with protection (integrity protection and encryption) of corresponding LTE EMM messages as described in TS 24.301 [19].

The GMM messages for CIoT enhanced GPRS which are not corresponding to any existing LTE EMM messages in TS 24.301 [19], shall be integrity protected and encrypted in the following way:

The GMM AUTHENTICATION AND CIPHERING REQUEST message and the GMM AUTHENTICATION AND CIPHERING RESPONSE message shall be integrity protected with the new security context and shall not be encrypted.

The GMM AUTHENTICATION AND CIPHERING FAILURE message and the GMM AUTHENTICATION AND CIPHERING REJECT message shall be integrity protected if the sending eSGSN or the sending CIoT UE has a valid security context. For the receiving eSGSN or receiving CIoT UE, the processing of the received GMM message when the check of the MAC fails or when the receiving part has no valid security context should follow exactly the description as specified for the UE in clause 4.4.4.2 and as specified for the MME in clause 4.4.4.3 in LTE in TS 24.301 [19]. The GMM AUTHENTICATION AND CIPHERING FAILURE message shall not be encrypted. The GMM AUTHENTICATION AND CIPHERING REJECT message shall be encrypted if sending eSGSN has a valid security context and encryption has been activated.