The use of ciphering to transmit at least some of the information conveyed over the air interfaces in wireless communication networks is well known. For example, networks based on the Global System for Mobile communications (GSM) support a number of different encryption techniques, known as “A5/1”, “A5/3” and “A5/4”, to cipher data at Layer 1 on the radio interface. Such operations are described in the Third Generation Partnership Project (3GPP) Technical Specification identified as TS 43.020 V9.1.0 (2009-12-18), which is incorporated by reference herein. Among the various encryption techniques, A5/1 encryption is the most commonly used encryption technique for GSM, and support for A5/1 has been mandatory for all GSM mobile devices since GSM Release-1999.
However, it was realized that certain aspects of overall GSM network operation resulted in security risks arising from the transmission of ciphered text. For example, according to the GSM specifications, certain information was transmitted as ciphered text and also as unciphered or “clear” text.
The document 3GPP GERAN#47 (GP-101243, GP-101242) identifies a particular instance of this problem. In this regard, it may be helpful to note that GSM base stations continuously forward information about their current system configuration and other information needed by wireless devices before such devices are allowed to access the network. These various items of information are organized into six different system information (SI) words containing specific parameters. For example, Type 1 to Type 4 SI words are transmitted within the BCCH (broadcast control channel). Type 5 and Type 6 SI words are only transmitted during an established individual radio link in the downlink direction in a multiplexed service channel—i.e., the Slow Associated Control Channel (SACCH).
As regards the security problem identified in 3GPP GERAN#47 (GP-101243, GP-101242), it is noted that certain SI is sent in ciphered form on the SACCH and that the encryption key used for ciphering on the SACCH is the same key used for encrypting data on the associated traffic channel carrying voice or data to a network user. The same SI is sent as clear text on a broadcast channel, and thus can be received by any GSM receiver within range of the transmission.
Consequently, an eavesdropper could receive the ciphered transmission on the SACCH and receive the unciphered transmission on the broadcast channel. Having both transmissions and knowing that the system information in the ciphered transmission was identical to that in the unciphered transmission, the eavesdropper could work backward mathematically to derive the encryption key used for ciphering. The encryption key would then allow the eavesdropper to intercept and decrypt user traffic being sent on the given traffic channel.
Various parties proposed solutions to the above security problem. See, for example, U.S. Pat. No. 8,165,618 and U.S. Patent Pub. 2012/0213373 A1. However, the solution adopted for Release 10 of the 3GPP specifications is based on “selective” ciphering. The Third Generation Partnership Project (3GPP) Technical Specification (TS) detailing the selective ciphering solution is TS 44.018 V11.1.0 (2012-05), which is incorporated herein by reference.
In particular, Section 3.4.7a of 3GPP TS 44.018 stipulates that a GSM network may implement selective ciphering. If selective ciphering is implemented, the network will not cipher a SACCH data block—e.g., a block of data comprising a SACCH signaling message—if the SACCH data block contains any of the following Radio Resource (RR) messages: SI Type 5, SI Type 5bis, SI Type 5ter, SI Type 6, SI Type 14, Measurement Information, or an Extended Measurement Order. Conversely, the network will cipher the SACCH data block if it contains service access point identifier (SAPI) value 3 data (indicating Short Messaging Service or SMS data)—see 3GPP TS 44.006. Optionally, the SACCH data block is not ciphered if it carries a CP-ACK message—see 3GPP TS 24.011—which is used to acknowledge reception of a CP-DATA message.
Unfortunately, the receiving mobile station or other wireless device does not know in advance which type of SACCH data block is being received. Consequently, the wireless device does not know whether the received SACCH data block is ciphered or unciphered. 3GPP TS 44.018 proposes a solution for resolving such ambiguity at the user. The wireless device initially assumes that the received SACCH data block is deciphered, and then repeats decoding without deciphering if the initial decoding fails. However, this solution consumes significant processing resources, which increases power consumption and leaves less time for other tasks, such as making signal quality measurements, repeated message combining, etc.