Ask Your Question
0

NAS-PDU confusion

asked 2023-02-21 05:16:08 +0000

kamran gravatar image

Hi, I am analyzing a pcap file on 5g packets. Under the NAS-PDU (IN the initial registration request message), it shows both Security Protected NAS 5Gs Message Plain NAS 5Gs Message

I am a little confused.. Is the message encrypted or integrity protected? Or is it not?

Non-Access-Stratum 5GS (NAS)PDU

Security protected NAS 5GS message
    Extended protocol discriminator: 5G mobility management messages (126)
    0000 .... = Spare Half Octet: 0
    .... 0001 = Security header type: Integrity protected (1)
    Message authentication code: 0xd0b61b32
    Sequence number: 111
Plain NAS 5GS Message
    Extended protocol discriminator: 5G mobility management messages (126)
    0000 .... = Spare Half Octet: 0
    .... 0000 = Security header type: Plain NAS message, not security protected (0)
    Message type: Registration request (0x41)
    5GS registration type
    NAS key set identifier
        0... .... = Type of security context flag (TSC): Native security context (for KSIAMF)
        .001 .... = NAS key set identifier: 1
    5GS mobile identity
        Length: 11
        1... .... = Spare: 1
        .1.. .... = Spare: 1
        ..1. .... = Spare: 1
        ...1 .... = Spare: 1
        .... 0... = Spare: 0
        .... .010 = Type of identity: 5G-GUTI (2)
        Mobile Country Code (MCC): United States (310)
        Mobile Network Code (MNC): Unknown (999)
        AMF Region ID: 1
        0000 0000 10.. .... = AMF Set ID: 2
        ..00 0011 = AMF Pointer: 3
        5G-TMSI: 16777303 (0x01000057)
    UE security capability
        Element ID: 0x2e
        Length: 2
        1... .... = 5G-EA0: Supported
        .1.. .... = 128-5G-EA1: Supported
        ..1. .... = 128-5G-EA2: Supported
        ...1 .... = 128-5G-EA3: Supported
        .... 0... = 5G-EA4: Not supported
        .... .0.. = 5G-EA5: Not supported
        .... ..0. = 5G-EA6: Not supported
        .... ...0 = 5G-EA7: Not supported
        0... .... = 5G-IA0: Not supported
        .1.. .... = 128-5G-IA1: Supported
        ..1. .... = 128-5G-IA2: Supported
        ...1 .... = 128-5G-IA3: Supported
        .... 0... = 5G-IA4: Not supported
        .... .0.. = 5G-IA5: Not supported
        .... ..0. = 5G-IA6: Not supported
        .... ...0 = 5G-IA7: Not supported
    NAS message container
        Element ID: 0x71
        Length: 48
        Non-Access-Stratum 5GS (NAS)PDU
            **

Plain NAS 5GS Message

Thank you

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-03-06 19:24:13 +0000

Pascal Quantin gravatar image

Hi,

this is the expected PDU content when the UE as a valid security context available. See 3GPP 24.501 for details.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-02-21 05:16:08 +0000

Seen: 515 times

Last updated: Mar 06 '23

Related questions

Decoding NAS-5GS with 5G-EA0

Issue with decoding NGAP messages

tshark how to enable nas-5gs EEA0 decrypt

Will there be an NAS-5GS over UDP dissector?

NAS over NGAP ciphered - can it be deciphered?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2