top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Clarification on security mode procedure in LTE

+3 votes
1,030 views

I have couple of question regarding security procedure in case of NAS and AS Security procedure.
1> In case of NAS security procedure, MME sends Security mode command to UE with with only integrity protected, and UE sends Security mode complete after integrity verification to eNB with both integrity protected and ciphered too, as MME shared the ciphered algo with UE in command message.

But in case of AS security procedure, eNB sends security mode command with integrity protected and UE reply with only integrity protected Security mode complete message though eNB shared ciphering algo with UE.

Why in case of AS Security mode complete message it is only integrity protected and not ciphered but in case NAS security Complete message is both ciphered and integrity protected ? Any special requirement/reason for it ?

2> In case of NAS, after security is established every NAS message goes through Ciphering first and then Integrity protection added but in case AS security RRC messages why it is first integrity protection and than ciphered ?

What is the reason behind different order of integrity protection and ciphering in case of NAS and AS ?

posted Sep 21, 2016 by Sachidananda Sahu

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

I did not find any reference material by which I can give you answer. But based on my understanding of LTE, following is my input.
Since one eNodeB can be shared with multiple MME so UE want to make sure that when he responds to MME with the NAS security mode complete message, it is decoded by correct MME which can be achieved by ciphering.

However, in radio side UE has radio connection with one cell or Pcell, he knows which is the receiver of security mode complete message. That could be the reason of doing so.

answer Sep 21, 2016 by Harshita
"he knows which is the receiver of security mode complete message. That could be the reason of doing so. "
If we apply to this principle then all further RRC message also will go with out ciphering, so i guess some other reason exists.
commented Sep 22, 2016 by Sachidananda Sahu
Since I did not find any reference to give clarification on your question. I am not sure. Looking for others to respond.
commented Sep 23, 2016 by Harshita
When UE is sending SMC Complete ENB knows to which it has to send(I mean Exact MME) How come will have multiple recevicer's (MME) ?
commented Sep 25, 2016 by Manohar Venkat.ch
Similar Questions
+4 votes
Why Identity Request Need to be perform by MME after successful Authentication and Security Mode Complete...?

I saw a scenario where an Identity is requested by MME after successful Authentication and Security mode complete.. As a Response to this message UE is Sending IMEI? what is the need of checking IMEI number after successful authentication? If IMEI is in block list then ongoing Attach procedure is going to be Terminate...? Identity Request intention is mainly to check the IMEI belongs to any one of Black, while or Green list then why cannt MME check for this before Security Mode?

0 votes
Is nas security mandatory procedure while doing attach ?

Is nas security mandatory procedure while doing attach ?

+3 votes
TAU procedure in Connected mode and Idle

What UE is supposed to do when it move from a Tracking Area to another Tracking Area ?

...