INDEXHABOUTHcopyright © samir amberkar

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20

2.1

3.1
3.2
3.3
3.4
3.5




another knowledge site

3GPP Modem
Simulator


Test Your
Knowledge


another knowledge site

1.1

LTE NAS Security

  UE MME

Authentication Response
(RES)
Network validates RES and triggers Security Mode procedure. If UE has current security context (taken from USIM or NVM), it would protect this message with the same.


Security Mode Command
(KSIASME/y, selected integrity/ciphering algoritm)
This message is integrity protected. The intent of SMC is to complete the security context and activate the same. With algorithm selection done, UE derives KNASenc and KNASint with input as KASME, algo type, and algo id. Non-current security context is updated, making it full native context.


eKSI=no key available
Capability
(void context)

partial native current

eKSI=KSIASME/y
UL count=0
DL count=0
Capability
KASME
KNASenc/Enc algo ID
KNASint/Int algo ID


full native non-current

UE does integrity verification of SMC message. If verification is sucessful, UE promotes non-current security context to current one. The security context is also stored in USIM under EFEPSNSC or NVM (except KNASenc and KNASint, instead selected algorithm IDs are stored).


eKSI=KSIASME/y
UL count=0
DL count=0
Capability
KASME
KNASenc/Enc algo ID
KNASint/Int algo ID

full native current

It then sends integrity protected and ciphered Security Mode Complete message to network as an acknowledgement of successful security activation.



Copyright © Samir Amberkar Page 3 of 6


I II III IV V VI