Why there is two types of security in LTE

Question

There in AS security and NAS security procedure in LTE unlike 3g.I want to know the reason behind the additional AS security procedure in LTE.

Comments

Could not understand your question, can you please describe in detail...

---

Hi Salil, she is asking why two level of securities have been implemented. Here two level means 1) security between UE and ENodeB. 2) security between UE and MME.

---

Thanks @Soni, got it now. But as far as I remember the same was the case in UMTS (may be later specs) also.

But in LTE the reason for AS security is to protect the wireless interface which is obvious, now additional security cover for the NAS message is for providing the support of RAN operator (handles the access network) and Network operator which can be two separate entities and S1(U/C) can be insecure interface (there could be more reason for this).

---

check this should be helpful to understand the complete security overview. http://www.slideshare.net/aliirfan04/lte-security-overview

---

I think its not two rather three one is AS i.e. UE<-->eNodeB another is NAS ie UE<-->MME and the third one is MME<-->HSS.

Answer 1

As with respect to security they want to secure
1> Core network communication (UE - MME)
2> Network(Access ) Edge communication (UE-ENODEB)

So MME takes the Key from HSS and generates the authentication vectors and send them to UE and ENODEB But he directly not share the KASME generated by the UE.

The derived key will be used for security(Both AS and NAS) purpose.

Another scenario :-

When UE is in IDLE mode no context at ENodeB also , So using NAS Security only they communicate messages till UE comes to connected mode.