INDEXHABOUTHcopyright © samir amberkar

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20

2.1

3.1
3.2
3.3
3.4
3.5




another knowledge site

3GPP Modem
Simulator

Test Your
Knowledge

another knowledge site

LTE NAS Security - 2
Handover from E-UTRAN to UTRAN/GERAN

Ref: [33.401:9.2.1, 10.3.1], [23.401:5.5.2.1], [36.300:19.2.2.5.6], [36.331]

Below diagram depicts change from E-UTRAN to UTRAN. The same procedure is applicable to change to GERAN; GPRS security context is mapped after mapping EPS context to UMTS one.

     UE E-UTRAN
Before HO, NAS security is considered to be activated. During HO procedure [23.401:5.5.2.1], network maps LTE context to UMTS one. NAS DL Count and KASME arr used to generate CK' and IK'.
Network - while sending HO Command to UE - also includes 4 LSBs of NAS DL Count in nas-securityParamFromEUTRA [24.301:9.9.2.6].

new-left4.JPG eRRC Mobility From EUTRA Command
(RRC HO to UTRAN command, NAS DL Count)

UE generates mapped UMTS security context (Fig 1.5.2).
LTE-mapping-arrow-703689.png
EPS NAS

eKSI=KSIASME/y
KKSME
UL NAS count
DL NAS count
UE security capability
KNASint/Enc algo id
KNASenc/Int algo id

 mapped UMTS

KSI=y
CK'
IK'
selected Ciphering algo


Further UTRAN procedure is outside the scope of this article.
















Copyright © Samir Amberkar Page 4 of 8


I II III IV V VI VII VIII