The present invention relates to the field of radiocommunications, and in particular to the ciphering techniques used in cellular networks.
The invention finds application in particular in third-generation cellular networks of the UMTS type (“Universal Mobile Telecommunication System”) using code division multiple access (CDMA) techniques.
The invention is described hereinbelow in its application to a UMTS network, of which FIG. 1 shows the architecture.
The switches of the mobile service 10, belonging to a core network (CN), are linked on the one hand to one or more fixed networks 11 and on the other hand, by means of a so-called Iu interface, to control equipment 12 or RNCs (“Radio Network Controllers”). Each RNC 12 is linked to one or more base stations 13 by means of a so-called Iub interface. The base stations 13, distributed over the territory covered by the network, are capable of communicating by radio with the mobile terminals 14, 14a, 14b called UE (“User Equipment”). The base stations can be grouped together to form nodes called “node B”. Certain RNCs 12 may furthermore communicate with one another by means of a so-called Iur interface. The RNCs and the base stations form an access network called UTRAN (“UMTS Terrestrial Radio Access Network”).
The UTRAN comprises elements of layers 1 and 2 of the OSI model with a view to providing the links required on the radio interface (called Uu), and a stage 15A for controlling the radio resources (RRC, “Radio Resource Control”) belonging to layer 3, as described in the technical specification 3G TS 25.301, “Radio Interface Protocol”, version 3.4.0, published in March 2000 by the 3GPP (3rd Generation Partnership Project). Seen from the higher layers, the UTRAN acts simply as a relay between the UE and the CN.
FIG. 2 shows the RRC stages 15A, 15B and the stages of the lower layers which belong to the UTRAN and to UE. On each side, layer 2 is subdivided into a radio link control (RLC) stage 16A, 16B and a medium access control (MAC) stage 17A, 17B. Layer 1 comprises a coding and multiplexing stage 18A, 18B. A radio stage 19A, 19B caters for the transmission of the radio signals from trains of symbols provided by the stage 18A, 18B, and the reception of the signals in the other direction.
There are various ways of adapting the architecture of protocols according to FIG. 2 to the hardware architecture of the UTRAN according to FIG. 1, and in general various organizations can be adopted depending on the types of channels (see section 11.2 of the technical specification 3G TS 25.401, “UTRAN Overall Description”, version 3.1.0, published in January 2000 by the 3GPP). The RRC, RLC and MAC stages are located in the RNC 12. Layer 1 is located for example in node B. A part of this layer may however be located in the RNC 12.
When several RNCs are involved in a communication with UE, there is generally a so-called serving RNC called SRNC where the modules pertaining to layer 2 (RLC and MAC) are located, and at least one drift RNC called DRNC to which is linked a base station with which the UE is in a radio link. Appropriate protocols cater for the exchanges between these RNCs over the Iur interface, for example ATM (“Asynchronous Transfer Mode”) and AAL2 (“ATM Adaptation Layer No. 2”). These same protocols can also be employed over the Iub interface for the exchanges between a node B and its RNC.
Layers 1 and 2 are each controlled by the RRC sublayer, whose characteristics are described in the technical specification 3G TS 25.331, “RRC Protocol Specification”, version 3.1.0, published in October 1999 by the 3GPP. The RRC stage 15A, 15B supervises the radio interface. Moreover, it processes streams to be transmitted to the remote station according to a “control plan”, as opposed to the “user plan” which corresponds to the processing of the user data arising from layer 3.
The RLC sublayer is described in the technical specification 3G TS 25.322, “RLC Protocol Specification”, version 3.2.0, published in March 2000 by the 3GPP. In the transmit direction, the RLC stage 16A, 16B receives, according to the respective logical channels, data streams consisting of service data units (RLC-SDU) arising from layer 3. An RLC module of the stage 16A, 16B is associated with each logical channel so as in particular to perform a segmentation of the RLC-SDU units of the stream into protocol data units (RLC-PDU) addressed to the MAC sublayer and comprising an optional RLC header. In the receive direction, an RLC module conversely performs a reassembling of the RLC-SDU units of the logical channel from the data units received from the MAC sublayer.
The RLC stage 16A, 16B can have several modes of operation as a function in particular of the type of logical channel. Subsequently in the present description, consideration will be given to the transparent mode of the RLC sublayer, which is suitable for a logical channel relating to a communication in circuit mode. In this transparent mode, the RLC module performs the segmentation and reassembling operations when they are necessary, and it does not introduce any header into the RLC-PDU units.
The MAC sublayer is described in the technical specification 3G TS 25.321, “MAC Protocol Specification”, version 3.3.0, published in March 2000 by the 3GPP. It transposes one or more logical channels onto one or more transport channels TrCH. In the transmit direction, the MAC stage 17A, 17B can multiplex one or more logical channels in one and the same transport channel. On such a transport channel, the MAC stage 17A, 17B delivers successive transport blocks TrBk each consisting of an optional MAC header and an RLC-PDU unit arising from an associated logical channel.
For each TrCH, the RRC sublayer provides the MAC sublayer with a set of transport formats (TFS, “Transport Format Set”). A transport format comprises a transmission time interval (TTI) equal to 10, 20, 40 or 80 ms, a transport block size, a transport block set size and parameters defining the protection scheme to be applied in the TrCH by layer 1 for detecting and correcting transmission errors. Depending on the current bit rate on the logical channel or channels associated with the TrCH, the MAC stage 17A, 17B selects a transport format from the TFS assigned by the RRC sublayer, and it delivers in each TTI a set of transport blocks complying with the selected format, whilst indicating this format to layer 1.
Layer 1 can multiplex several TrCHs on a given physical channel. In this case, the RRC sublayer assigns a set of combinations of transport formats (TFCS, “Transport Format Combination Set”) to the physical channel, and the MAC sublayer dynamically selects a combination of transport formats from this TFCS set, thereby defining the transport formats to be used in the various multiplexed TrCHs.
UMTS uses the spread spectrum CDMA technique, that is to say the symbols transmitted are multiplied by spreading codes consisting of samples called “chips” whose rate (3.84 Mchip/s in the case of UMTS) is greater than that of the symbols transmitted. The spreading codes distinguish various physical channels (PhCH) which are superimposed on the same transmission resource consisting of a carrier frequency. The auto- and cross-correlation properties of the spreading codes enable the receiver to separate the PhCHs and to extract the symbols intended therefor. For UMTS in FDD mode (“Frequency Division Duplex”) on the downlink, a scrambling code is allocated to each base station, and various physical channels used by this base station are distinguished by mutually orthogonal channel codes (channelization codes). The base station can also use several mutually orthogonal scrambling codes. On the uplink, the base station uses the scrambling code to separate the transmitting UEs, and possibly the channel code to separate the physical channels arising from one and the same UE. For each PhCH, the overall spreading code is the product of the channel code and the scrambling code. The spreading factor (equal to the ratio of the chip rate to the symbol rate) is a power of 2 lying between 4 and 512. This factor is chosen as a function of the bit rate of symbols to be transmitted on the PhCH.
The various physical channels are organized in 10 ms frames which follow one another on the carrier frequency used by the base station. Each frame is subdivided into 15 time slots of 666 μs. Each slot can carry the superimposed contributions of one or more physical channels, comprising common channels and DPCH (“Dedicated Physical CHannel”) dedicated channels. Each DPCH conveys with the data a transport format combination indicator TFCI arising from the MAC sublayer, enabling the destination MAC module to retrieve the structure of the TrBks.
For one and the same communication, it is possible to establish several DPCHs corresponding to different channel codes, whose spreading factors may be equal or different. This situation is encountered in particular when a DPCH is not sufficient to provide the transmission bit rate required by the application. Furthermore, this same communication can use one or more transport channels. The coding and the multiplexing of the information symbol streams arising from the TrCHs on the PhCHs are described in detail in the technical specification 3G TS 25.212, “Multiplexing and channel coding (FDD)”, version 3.0.0, published in October 1999 by the 3GPP.
As regards each logical channel for which the processing module of the RLC sublayer operates in transparent mode, the MAC stage 17A, 17B caters moreover for ciphering of the information transmitted and deciphering of the information received. On the corresponding transport channel, the TrBks relating to this logical channel each consist of an RLC-PDU unit ciphered according to a mechanism described in chapter 8 of the aforesaid 3G TS 25.301 specification.
FIG. 3 illustrates the ciphering module 20 of the MAC stage 17A, 17B of the RNC or of the UE, used for a logical channel. An ciphering algorithm 21 is executed so as to generate a binary mask which is combined with the information bits of the RLC-PDU unit received in transparent mode from the RLC, by an exclusive OU operation (gate 22). An identical module is useable for deciphering. The algorithm 21 calculates the mask on the basis of the following parameters:                CK: secret ciphering key of M=32 bits, defined in a prior phase of authentication between the core network and the UE;        CSN: ciphering sequence number composed of M=32 bits;        BEARER: logical channel identifier, serving to generate different masks for the various logical channels;        DIRECTION: bit indicating the direction of transmission (uplink or downlink), serving to generate different masks in both directions;        LENGTH: length of the mask in number of bits, given by the RRC stage as a function of the transport format.        
The algorithm 21 combines the M-bit number CSN with the key CK with the aim of precluding the same mask from being used to encipher different blocks. This number CSN is incremented at the rate of the 10 ms radio frames. FIG. 3 thus shows the 32-bit counter 23 which delivers the parameter CSN. This counter increments the number CSN by a quantity N with each new block of the logical channel, N being the number of frames per TTI on the transport channel bearing this logical channel (N=1, 2, 4 or 8). The counter is therefore incremented by 1 every 10 ms, by 2 every 20 ms, by 4 every 40 ms or by 8 every 80 ms. On initializing the ciphered communication, the RRC stage provides an initial value CSN0 of the number CSN and a start command for the counter 23 (START). These operations are performed both in the RNC where the MAC task is executed and in the UE.
A problem considered in the present invention is that of the transferring of the CSN counters upon a shift of the MAC module catering for the ciphering function in the network infrastructure. Such a movement takes place in the context of a transfer procedure involving a change of radio access resource (handover). The transfer procedure can thus give rise to a change of SRNC, thereby requiring the CSN counter of the new SRNC to be synchronized with that of the previous SRNC (and of the UE), whereas the Iu and/or Iur interfaces available to the RNCs for communicating with one another are asynchronous. It is also possible to envisage cases where the movement of the MAC module would take place inside one and the same RNC, if the latter uses different circuits to manage the access resources employed before and after the transfer.
Various possible scenarios for the transfer procedure are described in the technical specification 3G TR 25.832, “Manifestations of Handover and SRNS Relocation”, version 3.0.0, published in October 1999 by the 3GPP. One distinguishes between on the one hand soft handover (SHO) which uses a macrodiversity mode and which may possibly be followed by a change of SRNC called “relocation” and on the other hand hard handover (HHO) which corresponds for example to a change of carrier frequency (with or without change of RNC) and/or to a handoff between two RNCs (of one and the same access network or of different access networks) which cannot communicate with one another via an Iur interface. An HHO can take place inside a UTRAN if several carrier frequencies are allotted to its operator or if Iur interfaces are not provided between all the RNCs of this UTRAN. An HHO can also take place between two separate access networks, for example between two UTRANs or between a UTRAN and a system of a different kind based on a similar functional architecture making it possible in particular to use the same ciphering procedures, such as a system of the GERAN type (“GSM/EDGE Radio Access Network”).
In FDD mode, the UMTS supports a macrodiversity technique, which consists in making provision for UE to be able to communicate simultaneously with separate base stations in such a way that, in the downlink, the UE receives the same information several times and, in the uplink, the radio signal transmitted by the UE is picked up by the base stations so as to form different estimates which are subsequently combined in the UTRAN.
The macrodiversity affords a gain in reception which improves the performance of the system by virtue of the combining of different observations of one and the same item of information. It also makes it possible to carry out soft intercell transfers (SHO), when the UE moves.
In macrodiversity mode, the routing of the transport channels for multiple transmission from the UTRAN or UE and the combining of these transport channels in reception are operations which are incumbent on a selection and combining module belonging to layer 1. This module is at the interface with the MAC sublayer, and it is located in the RNC serving the UE. If the base stations involved depend on different RNCs communicating through the Iur interface, one of these RNCs plays the role of SRNC and the other that of DRNC.
When an SHO is completed, the radio link between the UE and the original base station is broken. It may then happen that no base station within whose range the UE is located is within the dependency of the SRNC.
The UTRAN may very well continue to support the communication in this way. However, this is not optimal since it is possible to dispense with the exchanges occurring on the Iur interface and to free the previous SRNC, by contriving matters so that the DRNC becomes the new SRNC for the communication in progress. This is the subject of the relocation procedure (“SRNS Relocation”, see section 7.2.3.2 of the aforesaid 3G TS 25.401 specification), triggered on the initiative of the previous SRNC.
This relocation procedure comprises the transferring of the RLC and MAC instances (as well as of the selection and recombination module of layer 1 if the macrodiversity is maintained) from the previous SRNC to the previous DRNC.
A problem posed by this is the transferring of the CSN counter employed by the ciphering algorithm in the transparent RLC mode. Specifically, this counter must remain synchronous with that situated in the MAC layer on the UE side, whereas the links between the RNCs (through the Iu interface and the core network or through the Iur interface) are in principle asynchronous.
The 32-bit number CSN can be broken down into a connection frame number CFN corresponding to the P least significant bits (LSB) of CSN and into a HyperFrame Number HFN corresponding to the 32-P most significant bits (MSB) (P=8 according to chapter 8 of the aforesaid 3G TS 25.301 specification).
The RNC supervising each cell served by a base station 13 updates for this cell a system frame number SFN, coded on Q=12 bits, which is incremented with each new 10 ms radio frame. This number SFN is broadcast by the base station over its common control channels.
An UE measures the time offset between the signals which it picks up from the cells neighboring its current cell and its own clock. Before the triggering of an SHO to a target cell, the UE provides its SRNC with the offset which it has measured in respect of this target cell, which corresponds to the offset, within a span of 2P×10 ms (i.e. 2.56 s), between the SFN counter of the target cell, obtained on the common channel, and its own CFN counter. This offset is determined, on the basis of detecting synchronization patterns, with a temporal precision substantially finer than 10 ms, for example of the order of the symbol time. It serves to temporally clamp the transmission of the new base station, to which it is addressed through the Iur interface, so that in macrodiversity mode, the information items received by the UE from the various stations are not too offset with respect to one another, which would require an excessive amount of memory to be able to combine the observations.
Owing to the provision of this offset, the DRNC knows a priori the P least significant bits of the CSN counter to be employed for ciphering and deciphering. However, this does not provide the most significant bits (HFN). The current 3GPP specifications provide for the relocation procedure to comprise the sending by the SRNC of a message “Relocation_Required” over the Iu interface, in which the HFN number is inserted so that the DRNC can synchronize its ciphering sequence counter. On receipt of this message, the core network instigates the task which will lead to the routing of the communication to the DRNC, and retransmits the HFN to the latter transparently.
These arrangements do not solve the aforesaid problem since between the moment at which the SRNC transmits the value of HFN and that at which the DRNC receives it, the HFN in force on the UE side has been able to be incremented. This occurs each time the HFN takes more than 2.56 s to be received by the DRNC, this being difficult to avoid with certainty given the queues which may be encountered by the messages in the asynchronous core network and the times for processing the “Relocation_Required” message by the switches 10. Errors may also arise if the HFN takes less time to arrive at the DRNC: if it is transmitted at a moment where CFN is equal to 255 for example, it is very likely to be received by the DRNC after incrementation of the HFN value at the UE.
The above problem is encountered, with even greater acuteness, in the HHOs which are executed without using the macrodiversity mode.
In an HHO, there is generally a double broadcasting phase during which the same item of downlink information is transmitted simultaneously on both access resources. This enables the UE to receive the information intended for it without interruption as soon as it switches to the second access resource. Hence, the RNC in charge of the target cell must rapidly become aware of the ciphering sequence counter CSN relating to the UE when an HHO is to be executed. Moreover, the RNC of the target cell, if it is different from the previous SRNC, generally has no prior awareness of the CFN counter since there is no macrodiversity. The value sent by the previous SRNC must therefore cover as far as the least significant bits of CSN so that it will very likely be obsolete when it is received by the RNC of the target cell, given the routing times through the asynchronous network. This drawback is difficult to eliminate in the absence of synchronization of the base stations, which synchronization is not necessary for the operation of a UMTS network and is not utilized by the standard.
It should be noted that in the non-transparent modes of the RLC sublayer, the problem considered above does not arise. These non-transparent modes are intended for packet transmissions, for which there is generally no harm in momentarily interrupting the transmission during a handover or during a relocation procedure so as to ensure, for example by an acknowledgement mechanism, that the correct counter value has been received. Moreover, it is the RLC sublayer which caters for the ciphering/deciphering function in the non-transparent mode, by using a sequence number of the header of each RLC-PDU unit to encipher the data contained in this RLC-PDU unit. This sequence number is transmitted unencrypted, so that the ciphering counters need not be synchronized at the two ends.
In the second-generation GSM systems (“Global System for Mobile communication”) using Time Division Multiple Access (TDMA) techniques, the ciphering is effective only over the air interface. The incrementation of the ciphering key is based on the synchronization with respect to the TDMA hyperframes, which is achieved in an unambiguous manner on either side of the radio link in the framework of the time multiplexing scheme. Therefore, the above problem does not arise either.
WO98/09458 discloses a radio access system derived from GSM, in which the ciphering of the communications is carried out only over the air interface. A constraint of this system is that it requires synchronization of the base stations on the scale of the TDMA multiframes. Moreover, the synchronization of the ciphering counters is lost when the exchanges between the base stations take a time greater than the relatively short duration of a multiframe (120 ms).
An object of the present invention is to afford a solution to the abovementioned problem of synchronizing ciphering counters.