The invention relates to a method of ciphering data transmission in a radio system that comprises at least one transceiver communicating with other transceivers on a radio connection including one or more parallel radio bearers or logical channels.
Ciphering is today used in many data transmission systems to prevent the data transmitted from falling into the hands of an unauthorized user. The ciphering has grown in significance in the past few years, particularly as wireless telecommunication has become more common.
The ciphering can be performed, for example, by encrypting the information to be transmitted in a transmitter, and by decrypting the information in a receiver. The encryption means that the information to be transmitted, for example a bit stream, is multiplied by a certain number of encryption bit patterns, whereby it is difficult to find out what the original bit stream was if the encryption bit pattern used is unknown.
The prior art teaches many different ciphering methods. Such methods are described, for example, in FI 962 352 and WO 95/01684.
In a digital GSM system, for example, ciphering is performed on the radio path: a ciphered bit stream to be transmitted onto the radio path is formed by XORing data bits with ciphering bits, the ciphering bits being formed by an algorithm known per se (the A5 algorithm), using a cipher key Kc. The A5 algorithm encrypts the information transmitted on the traffic channel and the DCCH control channel.
The cipher key Kc is set when the network has authenticated the terminal but the traffic on the channel has not yet been ciphered. In the GSM system the terminal is identified on the basis of the International Mobile Subscriber Identity IMSI, which is stored in the terminal, or the Temporary Mobile Subscriber Identity TMSI, which is formed on the basis of the subscriber identity. A subscriber identification key Ki is also stored in the terminal. A terminal identification key is also known to the system.
In order that the ciphering would be reliable, information on the cipher key Kc must be kept secret. The cipher key is therefore transmitted from the network to the terminal indirectly. A Random Access Number RAND is formed in the network, and the number is then transmitted to the terminal via the base station system. The cipher key Kc is formed by a known algorithm (the A5 algorithm) from the random access number RAND and the subscriber identification key Ki. The cipher key Kc is computed in the same way both in the terminal and in the network part of the system.
In the beginning, data transmission on a connection between the terminal and the base station is thus not ciphered. The ciphering does not start until the base station system sends the terminal a cipher mode command. When the terminal has received the command, it starts to cipher data to be sent and to decipher received data. Correspondingly, the base station system starts to decipher the received data after sending the cipher mode command and to cipher sent data after reception and successful decoding of the first ciphered message from the terminal. In the GSM system the cipher mode command comprises a command to start ciphering, and information on the algorithm to be used.
The problem in the known methods is that they have been designed for the present systems, wherefore they are inflexible and not suited for the ciphering of data transmission in new systems, where several parallel services for one mobile station are possible. In the GSM, for example, the ciphering of both signalling and an actual traffic channel are interconnected, and the ciphering properties cannot be adjusted separately.
It is an object of the invention to provide a method and a system implementing the method, solving the above problems. This is achieved with a method of ciphering data transmission in a radio system that comprises at least one transceiver communicating with other transceivers on a radio connection including one or more parallel radio bearers, ciphering being performed on said bearers using selected ciphering method parameters. According to the method of invention, on each parallel radio bearer, different ciphering method parameters are used.
The invention also relates to a cellular radio system comprising, in each cell, at least one base station that communicates with terminals located in its coverage area, the system comprising a base station controller that controls the operation of one or more base stations, said base station controller and the base stations controlled by it forming a base station system, and at least some of the terminals in the system being arranged to communicate simultaneously on one or more radio bearers, and said terminals being arranged to use ciphering on the radio bearer. In the system of the invention the base station system and the terminals are arranged to use different ciphering method parameters on each simultaneously used radio bearer.
The preferred embodiments of the invention are claimed in the dependent claims.
Several advantages are achieved with the method and system of the invention. In the solution of the present invention, ciphering and its properties can be flexibly controlled although several parallel bearers are used, either simultaneously (multiplexing into one L1 frame) or on the time division principle. When several data blocks are ciphered in parallel by the XOR method (as in GSM/GPRS), it is important that different data blocks (e.g. data from different bearers) are ciphered using different input parameters for the ciphering algorithm. If this is not done, it is possible for a hacker listening to the transmission and knowing the structure of sent data (e.g. signalling data) to get a XOR from the original data and determine information of the data, even the original data itself, by XORing the data blocks ciphered with the same ciphering parameters. Another advantage of the invention is that the invention can be flexibly applied to radio systems using GSM/GPRS core network. No changes are needed in the GSM A interface, but only in the software of the terminals and the base station system. The present invention enhances user security in new radio systems.