INDEXHABOUTHcopyright © samir amberkar

1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20

2.1

3.1
3.2
3.3
3.4
3.5




another knowledge site

3GPP Modem
Simulator

Test Your
Knowledge

another knowledge site

LTE NAS Security - 2
Handover from UTRAN/GERAN to E-UTRAN

Ref: [33.401:9.2.2, 10.3.2], [23.401:5.5.2.2], [36.300:19.2.2.5.6], [36.331], [24.301]

Below diagram depicts handover from E-UTRAN to UTRAN. The same procedure is applicable for handover to GERAN; GPRS security context is mapped after mapping EPS context to UMTS one.

     UE UTRAN
During HO procedure [23.401:5.5.2.2], MME generates K'ASME based on CK, IK, and (random 32 bit) NONCEMME.
Network while sending HO Command to UE also includes NAS Security context parameters (Ciphering algorithm, Integrity algorithm, eKSI) and NONCEMME in nas-securityParamToEUTRA [24.301:9.9.2.7] in RRC Reconfiguration Request.

new-left4.JPG RRC Handover From UTRAN Command
(RRC Reconfiguration Request)

UE generates mapped EPS NAS security context (Fig 1.5.3).
LTE-mapping-arrow-703689.png
UMTS

KSI=y
CK'
IK'

 mapped EPS NAS

eKSI=KSISGSN/y
KSGSN
UL NAS count=0
DL NAS count=0
UE security capability
KNASint/Enc algo id
KNASenc/Int algo id



Following handover, UE is required to do Traking Area Update (based on criteria listed in [23.401:5.3.3.0] "Triggers for TAU"). During TAU, MME may trigger NAS Security Mode procedure if change in security algorithms is needed.




This concludes brief discussion on LTE NAS security during inter RAT scenarios. More details can be found in references listed on next page.





Copyright © Samir Amberkar Page 7 of 8


I II III IV V VI VII VIII