Quartz 4

PDCP header-ciphering

4 min read

What is PDCP?

PDCP (Packet Data Convergence Protocol) is the topmost sublayer of Layer 2 in the LTE radio stack, sitting between the IP world (above) and the RLC layer (below). Think of it as a security checkpoint and efficiency optimizer: Every packet you send or receive on LTE passes through PDCP before anything else in the radio stack touches it.

Its governing 3GPP standard is TS 36.323.

Core Functions of PDCP

PDCP performs four main jobs:

  • Header Compression (ROHC): Strips the bulky IP/UDP/RTP headers (≥20 bytes) down to 1–4 byte tokens to save precious radio bandwidth — applies to U-Plane (user data) only
  • Ciphering (Encryption): Scrambles data so nobody can eavesdrop — applies to both C-Plane and U-Plane
  • Integrity Protection: Adds a 4-byte authentication tag (MAC-I) to verify the message wasn’t tampered with - applies to C-Plane (signaling/RRC) only
  • Sequence Numbering: Assigns a PDCP SN to each packet to detect duplicates and ensure in-order delivery

The PDCP Header Structure

The header is compact by design. Its layout differs depending on the type of radio bearer carrying the data.

SRB (Signaling Radio Bearer) — Control Plane
| R | R | R | SN (5 bits) | ... DATA ... | MAC-I (32 bits) |
  • The header is just 1 byte (3 reserved bits + 5-bit SN)
  • MAC-I (Message Authentication Code for Integrity) is appended at the end — 4 bytes
  • This structure is used for RRC messages (connection setup, reconfiguration, etc.)
DRB (Data Radio Bearer) — User Plane
| D/C | R | R | R | SN (7 or 12 bits) | ... DATA ... |
  • The first bit is D/C (Data/Control): 1 = data PDU, 0 = PDCP control PDU
  • No MAC-I field — integrity protection doesn’t apply to user data
  • SN length options: 7-bit (short), 12-bit (default), 15-bit, or 18-bit depending on configuration

Note

Key concept - PDU vs SDU: An SDU (Service Data Unit) is the raw data received from the layer above. A PDU (Protocol Data Unit) is what PDCP hands to the layer below - It’s the SDU wrapped with a PDCP header (and possibly MAC-I).

The COUNT Value — Heart of Security

Before you can understand ciphering, you must understand the COUNT value. It’s a 32-bit number that acts as a synchronized counter between the UE (your phone) and the eNB (base station). COUNT is assembled from two parts:

  • PDCP SN — the sequence number from the header (5, 7, 12 bits, etc.)
  • HFN (Hyper Frame Number) — fills the remaining bits (e.g., 32 − 12 = 20 bits for HFN when SN is 12 bits)

Every time the SN rolls over (wraps back to 0), the HFN increments by 1. This ensures COUNT never repeats for the lifetime of a key.

Ciphering (Confidentiality)

Ciphering in LTE is a stream cipher approach: it generates a keystream and XORs it with the plaintext data.

Inputs to the cipher function (EEA):

  • COUNT (32-bit)
  • BEARER — Radio bearer ID (5 bits)
  • DIRECTION — 0 for uplink, 1 for downlink
  • LENGTH — number of bits to encrypt
  • KEY — 128-bit cipher key (KUPenc for user plane, KRRCenc for RRC signaling)

The three available algorithms are negotiated between UE and network:

AlgorithmIDBased OnMandatory?
EEA0Null (no encryption)Yes (for emergencies)
128-EEA1SNOW 3G stream cipherYes
128-EEA2AES in CTR modeYes
128-EEA3ZUC stream cipherOptional

How EEA2 (AES-CTR) works conceptually: The COUNT, BEARER, and DIRECTION are used to build a counter block. AES encrypts that counter block to produce a keystream block. The plaintext is XORed with the keystream to produce ciphertext. Decryption uses the exact same operation — XOR is its own inverse.

Integrity Protection

Integrity protection ensures that a signaling message (RRC/NAS) was not altered in transit and truly came from the expected sender. It produces a 32-bit MAC-I tag appended to the PDCP PDU.

Inputs to the integrity function (EIA): COUNT, BEARER, DIRECTION, KEY (KRRCint), and the full MESSAGE

The sender computes MAC-I and appends it. The receiver independently computes XMAC-I from the same inputs and checks if XMAC-I == MAC-I. If they don’t match, the message is discarded.

Note

Important order: Integrity runs first (generating MAC-I), then ciphering encrypts both the data and the MAC-I together. This is the opposite of IPsec.

Integrity algorithms available:

AlgorithmBased On
EIA0Null (emergency only)
128-EIA1SNOW 3G
128-EIA2AES-CMAC

The Full Transmit Flow (Summary)

For a control plane RRC message, PDCP processing in order is:

  1. Assign PDCP SN → build COUNT
  2. (Header compression — skipped for C-plane)
  3. Compute MAC-I using integrity algorithm (EIA)
  4. Cipher the data + MAC-I using encryption algorithm (EEA)
  5. Prepend PDCP header (SN bits)
  6. Send PDU down to RLC

For a user plane IP packet:

  1. Assign PDCP SN → build COUNT
  2. ROHC header compression
  3. Cipher the compressed data
  4. Prepend PDCP header (D/C bit + SN)
  5. Send to RLC

Graph View

Backlinks