Cisco Cisco Packet Data Interworking Function (PDIF)
SGSN Changes in Release 16
▀ SGSN Enhancements for 16.0
▄ Release Change Reference, StarOS Release 16
536
CSCum56967 - Security Issue - Encryption on SGSN level
Feature Changes
Failure Action for Random IOV-UI Negotiation Failure
Previous Behavior: The SGSN falls back to un-encrypted mode whenever the XID negotiation for Random IOV-UI
between the MS and the SGSN fails. This is irrespective of any ciphering algorithm configured.
between the MS and the SGSN fails. This is irrespective of any ciphering algorithm configured.
In order to preserve the connection, the SGSN falls back to default encryption parameters whenever it fails to decipher
an encrypted frame that is sent by the MS.
an encrypted frame that is sent by the MS.
As a result of the above behavior, the MS users could be exposed to passive interception attacks, channel hijacking, or
denial of service attacks.
denial of service attacks.
New Behavior: In accordance with the 3GPP specification, once the encryption has been started, neither the MS nor
the network shall go to an un-ciphered session. Thus, the SGSN’s default behavior to fallback to default IOV-UI is now
changed to always reject the call.
the network shall go to an un-ciphered session. Thus, the SGSN’s default behavior to fallback to default IOV-UI is now
changed to always reject the call.
In some situations of XID negotiation failure, the SGSN will respond as outlined in either CSCun09183 or
CSCun13033.
CSCun13033.
Command Changes
llc random-value-in-iov-ui
New configuration options,
negotiation-failure-action { fallback-to-default-iovui | reject }
,
enable the operator to specify the desired failure action to be performed whenever the random IOV-UI negotiation fails.
The operator has the option to either
The operator has the option to either
(a) reject the call whenever the deciphering fails due to the random IOV-UI negotiation failure (thus avoiding a
security breach), or
(b) to fall back to the default IOV-UI.
configure
context context_name
gprs-service service_name
llc random-value-in-iov-ui [ negotiation-failure-action { fallback-to-default-
iovui | reject } ]
iovui | reject } ]
default llc random-value-in-iov-ui
end
Notes:
default
resets the SGSN configuration so that all calls are rejected whenever the deciphering fails due to
failure of the XID negotiation for random IOV-UI.
reject
returns the SGSN to the default configuration to reject all calls when random IOV-UI negotiation fails.