Showing: 1 - 1 of 1 RESULTS

Following is the over protocal sequence being exchanged between UE and Network. Actually understanding all the details of these steps would be the goal of your whole LTE career.

The only information it carries are. Of course the most important information is "BandWidth". According to The MIB uses a fixed schedule with a periodicity of 40 ms and repetitions made within 40 ms. SIB 1. The important information on SIB 1 is. Especially at initial test case development, you have to be very careful about item v. And as a result, UE would not recognize the cell and show "No Service" message. The SystemInformationBlockType1 uses a fixed schedule with a periodicity of 80 ms and repetitions made within 80 ms.

For the detailed RV assignment for each transmission, refer to SIB 2. The important information on SIB2 is. I would say SIB2 is the most important SIB in LTE and you will look into this SIB most frequently when you are implementing protocol stack and troubleshooting, since it defines the characteristics of the most physical channels.

lte security sharetechnote

Sometimes only one parameter mismatch of SIB2 between Network and UE can make difference between success and failure of the whole registration process. Following is one example of SIB2. I think this two steps can be best summerized by the following diagram.

Interim Comments. You need to understand all the details of TS Of course it would be impossible to understand all those details within a day.

You may have to go back and forth between The HEX arrays you would see on your device and network would be different from what you see here.

But overall structure should be similar to this. So if you make any mistake in this message, Network or UE will fail to decode messages that comes after this message. Especially you have to be very careful about PhysicalConfigDedicated part. You have to check all the detailed parameter and make it sure that UE properly decoded those information and properly configure itself according to the contents.

What does this mean? Following two sections of This step would be one of very important steps during the initial registration process mainly because UE send a lot of it's capability information especailly NAS layer capability information to the core network. As you see this step carries two important NAS message as follows.

lte security sharetechnote

NAS : Attach Request : The most important information carried by this message would be UE capability in terms of ciphering and integrity. If you don't do proper following step especially at Attach accept step based on the information on this, UE will fail to registration. Even bigger problem is that the failure mode of registration varies depending UE protocol stack implementation. So in many case it is very hard to find the root cause of the problem.

From this you can figure out what kind of packet service UE support or want to get supported. If you don't properly handle this information, it will also result in registration failure and the failure mode would vary depending on UE implementation. If you decode the ESM message container contents part, you will get the following contents.Table of Contents.

Introduction 2. LTE Authentication Procedure 4. LTE Authentication Procedure. Figure 3. LTE authentication procedure. Each of them has a value of 1 bit that is presented as on supported or off not supported e.

lte security sharetechnote

Table 1 lists some of UE network capability information, specifically ciphering and integrity protection algorithms defined in [3]. Table 1. Null ciphering algorithm. EIA0 4. Null integrity protection algorithm.

Message parameters used for this purpose are as follows:. KDF is a one-way has function. By far the best description I have found - I am blown over backwards - just the information I needed - thank you.

Please let me know what should be sent by MME in Securitymode comand, will it send any error message. At present, I have started with NS3, i want to is ns3 is good simulator for simulating LTE authentication protocols or some other tool is better than this. Great explanation. All rights reserved. English Korean About Us. Samsung Cloud Native 5G Core. Download PDF File. What algorithm is used for the KDF?

Thanks in advance. Excellent document. Hi, Excellent document and can easily understandable. Please explain. Thanks, Vemula Geeta. Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.

Related Contents. Continue to download. Password confirmation. Technical Documents.In any wireless communication device, we have to go through two large group of testing. One for testing transmission path and the other for testing recieve path. For a wireless communication device to work properly, it should meet following hardware requirement.

If any of these condition deviate too much from the specification, the device cannot communicate with the other party or let some other device to communicate. In terms of measurement equipment, item i and ii belong to "power measurement", item iii is related to "Modulation Analysis" and item iv falls into "Frequency Error measurement". Anyway if you have any equipment that can perform the following three measurement for your communication technology, you can do the most critical part of transmission path.

Now let's think about the recieve path measurement. What would be the most important reciever characteristics for the communication device? In terms of measurement logic, item i and ii are the same. Equipment sends a pattern of the known signal and let the reciever decode it and compare the original signal from the equipment and the decoded signal by reciever and how much different they are.

The more different they are, the poorer reciever quality it is. Before we go forward to LTE measurement, pick any technology you are already familiar with and make a list of measurement on your test plan and try to map those items with the measurement principles I described above.

Once you are familiar with this mapping, you will understand LTE measurement items more easily. First thing I have done is to make a list of measurement items from 3GPP Here goes the Transmitter measurement items first. You see a lot of "Power Measurement" and some of "Modulation Analysis". Why do we have so many different power measurement and so many different Modulation Analysis. How do they differ from each other? This is the question you have to find answers on your own.

What is 5G? - CNBC Explains

The answer itself is described in 3GPP The first step would be to read "Test Purpose", "Initial Condition", "Test Procedure" section of each test case as often as possible and try at least to be familiar to each test case. Here goes the reciever measurement items. I have read the test case purpose, "Initial Condition", "Test Procedure" over and over. As I try to get more into details, the first obstacles that blocks me is a lot of complicated tables describing the test condition.

So I decided to see some of the signal patterns described in the specification on spectrum analyzer so that I can get some intuitive idea of the overall RF characteristics of each condition. If you see the column Uplink Configuration - RB allocation. You will see various cases of resource block allocation for the same Ch BW. Theoretically, it can be located in anywhere in the band, but RF conformance specifies only three locations as a test point which is Low range, Mid range, High range.

Low range means that the signal start from the left most side of the channel, Mid means the signal is located at the center of the channel, High range means the signal is at the right most side of the channel. Following sample signals are from a vector signal generator which generate a very good quality signal and the power is also very low, so you see only the signal part without any carrier leakage or in-band image.

But in reality, you will see the carrier leakage and in-band image signal in most of the case. Even though we have new technology every couple of years and LTE is new to many people, RF test and measurement technology have a lot in common with other wireless communication technology.

One of the biggest challenges in LTE measurement for UE development or test engineer would be that there are too many sub tests with too many different parameter settings. As far as I remember, following is allmost all that I did for C2K.

But the items listed above is more than what I experienced in C2K. For conformance, I think we may have to go through all of these items. But since C2K is very mature technology now, in the RF part developmental stage we wouldn't go through all of these items. In an extreme case that I heard of was "just measure total power, if there is no problem with it. Just in terms of list, it doesn't look like much difference from C2K. But practically the engineer would meet various characteristics which may look quite different from C2K.This is called by many different names.

There would be other names coming out until the industry standard is finalized and adopted widely in the area. I will call this as eSIM throughout this page since 'e' can imply many different things e. Why eSIM? Then how come this kind of concept is getting more and more frequently talked about as of Aug In short, Anyway there seem to be many reasons for moving towards eSIM cards.

Is it going to be used only for M2M device? Read following articles. How to program provision the SIM? Now the question is how you can load information profile into each eSIM card within the device? The simplest idea is to implement a special programming port directly connected to the eSIM and electrically load the information into it, but the ideal final goal would be to load the information profile over the air this is called 'Remote Provisioning'.

Since this remote provisioning should be applicable to devices from various vendors and applicable to different network operators, there should be some international standard and very detailed procedures protocols should be defined. For now, GSMA is leading this activity. I just a couple of items below the dotted line.

Probably the most of the readers including myself are not very familiar with each of these entities for now Aug and inter-relations of each of these entities are also quite complicated. Most of the people would be interested or involved in only a couple of path shown here. I will just keep updating the descriptions of possible path combinations interactions among these entities as I learn along.

Probably this can be a kind of minimum functional flow. Some examples of the input data are as follows. This is the point that I am personally most interested in You may be more interested in other parts.In this section, I will go through a typical protocol sequence of LTE packet call. This will be the backbone structure for all other call processing. Followings are the topics to be explained in this page. Understanding a complete a call processing steps means understanding everything about the technology.

So putting all the details of the call processing in this one page is impossible. Following is the over protocal sequence being exchanged between UE and Network. Actually understanding all the details of these steps would be the goal of your whole LTE career.

Basic State Machine. Following diagram shows a possible state machine that a UE would go through. Most of other transition will be described in "Handover" page. Of course, there would be a small variations but overall concept would be almost same. Following would be two major variations. The example test sequence in this case shows the second case. Big Picture First. But I think there are a couple of big pictures that may help almost anybody working in full protocol stack.

First big picture I would like to introduce is the channel mapping as shown below. Just try to pick any RRC messages and try to follow the arrow for the message. Following is a sequence diagram showing not only the message but also basic configurations of each layer. More detailed description of each layer in the context of full protocol stack will be explained in " Full Stack " section.

Just read through this sequence whenever you have time until you can duplicate the sequence without looking into this again. This can be a good framework for your study and good guide for troubleshooting. RACH Response.

RRC Connection Request. RRC Connection Setup. RRC : dlInformationTransfer.That is, they are all go through the 4 step message transaction Msg1, Msg2, Msg3, Msg4. However, you would have noticed this procedure got more and more complicated if you look one step deeper into it.

Followings are the topics that will be covered in this page. I will put further description some time later when I have time. Time Domain Structure. Each preamble format is made up of two portions : CP and Sequence. The Sequence part is made up of 5 sub blocks. All of the 5 subblock is made up of identical symbols. As you see in the following illustration, the length of Sequence part of Preamble format 0 and 1 are same. The difference lies in the length of CP. You can see this new aspects of physical layer in RACH preamble signal design as well Higher layer sequence i.

A lot of new parameters defining the physical layer aspect of PRACH are introduced and followings are the list of those parameters. PHY Parameter. Fraction for calculating starting subcarrier index for the range of NPRACH subcarriers reserved for indication of UE support for multi-tone msg3 transmission. Following is the ASN definition of each of the parameters listed above. Baseband Signal Generation. Time and Frequency Domain Resource Allocation.

NPRACH preamble is transmitted within Khz range which is made up of 48 subcarriers with the subcarrier spacing of 3. Basically NPRACH preamble is transmitted in repetition and at each repetition it hops to a different subcarriers according to rules illustrated below. According to Higher Layer Signaling Parameters. Reference :.If you have something about which you have no idea of what they are talking about, you would ask somebody else for explanation.

BBB for the detailed explanation". So you download and open the specification AA. BBB and start reading. Does this help? In most case, NO. If you read the spec AA. BBB and it also says in similar way as your expert did, meaning "giving you a minimum description and saying 'refer to spec BB.

CCC" and if you gets into the spec BB. This would be the first frustration when you try to understand based on the 3GPP specification. Is there any easy solution for this? Honestly and unfortunately, NO. But one thing that may help you in long term would be to understand relationships among multiple specifications.

Pick a specific area where you are specially interested in and make a list of additional specification and define the relationship among those specification. I have a couple of examples here. Specification Formation Flow. Specifications for Big Picture. RRC : TS TDoc List. Network Architecture. TS Overview of Conformance Test Suite Implementation. Channel Encoding Procedure. RACH Procedure.

Read this first. Paging Procedure. CCE Index Calcuation. DCI Format. Transport Block Size and Throughput Calculation. TR