The Hyper Frame Number (HFN) in Packet Data Convergence Protocol (PDCP) is a crucial overflow counter mechanism that extends the sequence number space, enabling robust and efficient data transmission in modern cellular networks like LTE and 5G.
Understanding HFN in PDCP
The HFN, or Hyper Frame Number, serves as a high-order counter that works in conjunction with the shorter PDCP Sequence Number (SN). Its primary purpose is to limit the actual number of PDCP SN bits that needs to be sent over the air interface in the PDCP Protocol Data Units (PDUs). This mechanism is fundamental for managing the unique identification of data packets over extended periods.
For this mechanism to function correctly, the HFN needs to be synchronized between the transmitter (e.g., gNB) and the receiver (e.g., User Equipment or UE).
The Problem HFN Solves: Sequence Number Wrap-around
PDCP Sequence Numbers (SNs) are typically limited in length (e.g., 5, 7, or 12 bits in LTE/5G). This short length is chosen to reduce overhead on the radio interface. However, a limited SN space means the numbers will eventually "wrap around" or restart from zero after reaching their maximum value (e.g., 2^N - 1).
Without an additional mechanism, this wrap-around can lead to several issues:
- Ambiguity: The receiver might confuse a new packet with an old one if both have the same SN after a wrap-around.
- Security Vulnerabilities: Cryptographic algorithms for integrity protection and ciphering rely on unique input values. A repeating SN could compromise security by allowing replay attacks or weak key stream generation.
- Packet Reordering Issues: It becomes difficult for the receiver to correctly reorder packets or detect duplicates across multiple wrap-arounds.
The HFN resolves these challenges by providing an extended context for the short PDCP SN.
How HFN Works as an Overflow Counter
The HFN acts as an implicit counter that increments whenever the PDCP SN wraps around. While the short PDCP SN is explicitly transmitted in the PDCP PDU header, the HFN itself is not typically transmitted over the air for every packet. Instead, both the transmitter and receiver maintain their respective HFN counters, which are expected to increment in a synchronized manner.
The effective "full" sequence number, often referred to as the COUNT value, is derived by combining the HFN and the PDCP SN. This COUNT value is a much larger, unique number used internally by the PDCP layer for critical functions like:
- Ciphering: Ensuring each PDCP PDU is encrypted with a unique key stream.
- Integrity Protection: Guaranteeing the authenticity and integrity of data.
- Reordering and Duplicate Detection: Accurately managing packet delivery.
Example of HFN Increment
Consider a scenario with a 12-bit PDCP SN, which can range from 0 to 4095.
| PDCP SN Sent | HFN (Maintained Internally) | Conceptual COUNT Value (HFN || SN) |
| :----------- | :-------------------------- | :--------------------------------- |
| ... | N | ... |
| 4094 | N | N_4094 |
| 4095 | N | N_4095 |
| 0 | N+1 (HFN increments) | (N+1)_0000 |
| 1 | N+1 | (N+1)_0001 |
| ... | N+1 | ... |
As shown, when the PDCP SN reaches its maximum value (4095) and wraps back to 0, the HFN maintained by both the transmitter and receiver increments. This ensures that the combined COUNT value remains unique, even though the transmitted SN has repeated.
HFN's Role in Security and Data Integrity
The combined COUNT value (HFN || SN) is a crucial input parameter for the security algorithms applied at the PDCP layer, specifically for integrity protection and ciphering.
- Unique Key Stream: For ciphering, the COUNT value, along with other parameters like the bearer identity and direction, is fed into the encryption algorithm to generate a unique key stream for each PDCP PDU. This prevents an attacker from replaying old encrypted packets or deriving patterns.
- Message Integrity Code (MIC): Similarly, for integrity protection, the COUNT value contributes to the calculation of the Message Integrity Code, ensuring that the packet's content and its sequence are verifiable.
Synchronization and Management of HFN
Maintaining HFN synchronization between the UE and the network is paramount. If the HFNs are out of sync, the receiver will fail to correctly decipher or integrity-check incoming PDCP PDUs, leading to data loss and communication disruption.
- Initial Synchronization: HFNs are typically synchronized during RRC (Radio Resource Control) connection setup or during PDCP re-establishment procedures (e.g., handover, security key updates). The network explicitly signals the initial HFN value.
- Implicit Updates: After initial synchronization, HFNs are updated implicitly by both sides incrementing their respective counters based on the received/transmitted PDCP SNs and the known SN wrap-around point.
- PDCP Re-establishment: If a loss of synchronization is detected (e.g., due to prolonged radio link failure), the PDCP layer often undergoes a re-establishment process, which includes resynchronizing the HFN.
Practical Implications and Benefits
The HFN mechanism offers significant advantages:
- Reduced Overhead: By allowing the use of short PDCP SNs over the air, HFN helps reduce the signaling overhead on the radio interface, improving spectral efficiency.
- Enhanced Security: It is fundamental for robust security in 3GPP systems, providing the necessary uniqueness for cryptographic functions and preventing replay attacks. Learn more about 3GPP security here.
- Reliable Data Delivery: HFN enables the network and UE to manage millions of packets sequentially, aiding in accurate reordering, duplicate detection, and robust data delivery even in high-throughput and long-duration connections.
- Support for Long Sessions: It effectively extends the sequence number space, allowing for very long data transfer sessions without exhausting the unique packet identifiers.
In essence, HFN is an elegant solution that balances the need for efficient radio resource utilization with the critical requirements for security, reliability, and robust data handling in cellular communication.
