|
|
|
|
|
|
Idle mode RAT change from UTRAN/GERAN to E-UTRAN
Below diagram depicts change from UTRAN/GERAN to E-UTRAN (SGSN and UE will both have UMTS security context even while in GERAN). Ref: [33.401:9.1.2, 10.2.2], [23.401:5.3.3, 4.3.5.6], [24.301:5.5.3.2], [23.003:2.8.2.2].
|
|
|
|
if
TIN=GUTI or RAT related P-TMSI
|
Current EPS NAS
eKSI
KKSME/KSGSN
UL NAS count
DL NAS count
UE security capability
KNASint/Enc algo id
KNASenc/Int algo id
|
|
Current EPS context could be native or mapped. TAU is integrity protected with this context.
else
TIN=P-TMSI
|
UMTS
KSI
CK
IK
Ciphering algo
Integrity algo
|
|
|
partial EPS NAS
eKSI=no key available
UL NAS count=0
DL NAS count=0
UE security capability
|
|
|
UE includes CKSN/KSI, P-TMSI signature, and a 32 bit random number NONCEUE in TAU request. P-TMSI signature helps to authenticate the UE on UMTS CN. eKSI set to "no key available".
|
| |
|
Tracking Area Update Request
(eKSI, CKSN, P-TMSI signature, NONCEUE)
|  | |
If TAU is integrity protected and MME has eKSI context, integrity would be checked. If integrity is successful, MME may trigger security mode procedure to change security algoritms. In case of integrity failure, MME triggers authentication and security procedures.
Otherwise, MME maps EPS NAS security context from UMTS security context and trigger security mode procedure for activation of mapped security context. NONCEMME is sent to UE along with replayed NONCEUE as part of SMC procedure. This is needed for UE to generate mapped security context (refer Fig 1.5.3).
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
