This is a static archive of our old Q&A Site. Please post any new questions and answers at

How to decipher the integrity protected NAS message?? Does anyone provides the solution


Hi All,

In LTE network, NAS messages are intigrity protected. How to decipher them? Does wireshark has the solution for this? If no is there any solution or application for this in the market?

Thanks in Advance


asked 22 Dec '11, 20:49

prithvi's gravatar image

accept rate: 0%

edited 22 Dec '11, 20:49

The PDCP payload (RRC) that will carry NAS can be both ciphered (i.e. you can't read it without deciphering it) and integrity protected (i.e. there is a 4 byte MAC digest to prove that it is genuine). Do you mean this, or is there a separate mechanism for just the NAS messages?

I have looked at verifying that the integrity protection is correct. After sending ETSI an email asking if it was OK to implement this based upon their standard code (there is a large administration fee payable...), I got no reply.

In any case, getting all of the inputs right (for ciphering and/or integrity) would be hard to configure or work out correctly.

(23 Dec '11, 15:43) MartinM

I am asking about the encryption & integrity at the node level. This will between eNodeB & MME.

(16 Jan '12, 03:40) prithvi

No one has implemented that functionality and I suspect that it is not easy to do so. You would also have to know the keys of both parties and have the initial exchange of keying material in the traces. I think the UEs key resides on the SIM so you would have to extract that some how.

(17 Jan '12, 09:51) Anders ♦

If we can capture S6a interface then using Authentication triplets try to match the S1 Call. Only for these matched calls we can get the keys from S6a interface & do the decipher

(31 May '17, 03:17) prithvi