INDEXHABOUTHcopyright © samir amberkar

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20

2.1

3.1
3.2
3.3
3.4
3.5




another knowledge site

3GPP Modem
Simulator


Test Your
Knowledge


another knowledge site

1.1



Article on
LTE NAS Security
by
Samir Amberkar
(published on 27-May-2012)


Abstract: This article explains 3GPP Release 8 LTE NAS Security. Reader is expected to have overall knowledge of LTE protocol architecture and EMM procedures. You may refer introductory articles on LTE here.


As noted in Initial Attach article, MME may trigger security activation with Security Mode procedure after UE has been authenticated. Security activation imply activation of integrity protection and ciphering or encryption of NAS signaling messages. In this article, we would look at overall LTE NAS security procedure. Inter-system change (UTRAN/GERAN to/from E-UTRAN) is not considered in this article.

Once security is activated, all NAS messages are integrity protected and ciphered. Ciphering is optional (no ciphering is indicated by selection of EEA0 ciphering algorithm by MME).


  UE MME

Plain NAS message
(e.g. Attach req, Authentication req)

NAS Security activation
(Security Mode procedure)

Security protected NAS message
(e.g. Attach Accept, TAU Accept)




EPS NAS Security Context

EPS Security Context is defined as below. Mapped context (and KSGSN) relate to inter-system change.


eKSI
KKSME/KSGSN
UL NAS count
DL NAS count
UE security capability
KNASint/selected integrity algo
KNASenc/selected ciphering algo

mapped/full native/partial native current/non-current

Fig 1.4.1


Copyright © Samir Amberkar Page 1 of 6


I II III IV V VI