top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Why we need Two types of Security modes (NAS,AS) in LTE

+1 vote
2,603 views
Why we need Two types of Security modes (NAS,AS) in LTE
posted Oct 9, 2015 by Mallikharjuna Reddy

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

4 Answers

+1 vote

NAS Security is between MME and UE whereas AS security is UE and eNodeB both serves the different purpose.

There are two ways to do this, i.e. Integrity and Ciphering.
For C-Plane: Integrity protection applied.
For U-plane: Integrity protection and ciphering.

In general term Integrity protection means, Receiver can verify that received message is the same as that Sender/Transmitter sends. Where as Ciphering/encryption means Transmitter/sender encrypts the data with a key and that key knows to only Receiver and no middleman can understand the data even if it gets it.

Let me know if have any comment...

answer Oct 9, 2015 by Salil Agrawal
+1 vote

Adding in above answer.
Integrity and ciphering are applied to c-plane and u-plane as below

For C-plane: Integrity protection and ciphering.
For U-Plane: ciphering applied.

answer Oct 10, 2015 by Veer Pal Singh Yadav
+1 vote

As NAS signalling is between the UE and MME which is through eNodeB. As eNodeB is not in the operator's location there are chances that message can be tampered between eNodeB and MME. So in order to protect NAS messages we provide ciphering and integrity protection to those messsges by NAS security(which is between UE and MME).

And AS security by its name is access stratum security. The air medium is vulnerable. So we provide this security for messages which is between UE and eNodeB.

answer Dec 23, 2015 by Praveen
0 votes

I agree with Veer Pal , integrity protection is not applied to U plane data and ciphering is applied for both Control plane and user plane.Note that it is important to have NAS messages also encrypted or ciphered for example in case of RRC connction request and RRC signalling messages.

answer Dec 23, 2015 by Ashutosh Kaushik
Similar Questions
+1 vote

I went through the specification and not found the exact answer for the NAS Key Set Identifier.
Three bits are used for that but the is the meaning of all bit combination, I don't know.

+1 vote

I was looking into NAS header. First four bits are used for security header type. Few values I understood but one value I could not understand which was 1100 saying "security header for service request message". I could not understand why such thing is defined only for service request message not for the other messages ?

...