Protection of 5G RRC messages

There are certain messages that 3GPP has defined that can be sent prior to Access stratum security activation and some messages which should not be sent without integrity protection or unciphered after AS security activation

Below are the list of messages that should never be sent unprotected by gNB or UE

  • CounterCheck
  • CounterCheckResponse
  • DLInformationTransferMRDC
  • FailureInformation
  • LocationMeasurementIndication
  • MCGFailureInformation
  • MeasurementReport
  • MobilityFromNRCommand
  • RRCReestablishment [Integrity protection applied, but no ciphering.]
  • RRCReestablishmentComplete
  • RRCReestablishmentRequest
  • RRCResume
  • RRCResumeComplete
  • RRCResumeRequest
  • RRCResumeRequest1
  • SCGFailureInformation
  • SCGFailureInformationEUTRA
  • SecurityModeComplete
  • UEInformationRequest
  • UEInformationResponse
  • ULInformationTransferMRDC
5G RRC messages that should never be sent unprotected by gNB or UE
5G RRC messages that should never be sent unprotected by gNB or UE

Measurement configuration may be sent prior to AS security activation. But: In order to protect the privacy of UEs, Measurement Report is only sent from the UE after successful AS security activation.

Below RRC messages can be sent unprotected i.e they can be sent prior to Access stratum security activation

  • MIB
  • SIB1
  • SystemInformation
  • Paging
  • RRCReconfiguration *
  • RRCReconfigurationComplete *
  • RRCReject
  • RRCRelease
  • RRCSetup
  • RRCSetupComplete
  • RRCSetupRequest
  • RRCSystemInfoRequest
  • SecurityModeCommand
  • SecurityModeFailure
  • UECapabilityEnquiry
  • UECapabilityInformation
  • ULDedicatedMessageSegment
  • ULInformationTransfer
5g RRC messages can be sent unprotected i.e they can be sent prior to Access stratum security activation
5g RRC messages can be sent unprotected i.e they can be sent prior to Access stratum security activation
  • RRCReconfiguration message shall not be sent unprotected before AS security activation if it is used to perform handover or to establish SRB2 and DRBs.

Messages that can be sent without integrity protection after AS security activation

  • MIB
  • SIB13
  • SystemInformation
  • Paging
  • RRCReject
  • RRCSetup
  • RRCSystemInfoRequest

Messages that can be sent unciphered after AS security activation

  • MIB
  • SIB1
  • SystemInformation
  • Paging
  • RRCReestablishment
  • RRCReestablishmentRequest
  • RRCReject
  • RRCResumeRequest
  • RRCResumeRequest1
  • RRCSetup
  • RRCSystemInfoRequest
  • SecurityModeComplete

Message can never be sent after AS security activation

  • RRCSetupComplete
  • RRCSetupRequest
  • SecurityModeCommand
  • SecurityModeFailure

Reference : Annex B (informative): RRC Information : 3GPP TS 38.331

Further reading