top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

What are the principles of 3GPP for E-UTRAN security ?

+2 votes
375 views
What are the principles of 3GPP for E-UTRAN security ?
posted Mar 5, 2014 by Bhani Bhosle

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

The following are some of the principles of 3GPP E-UTRAN security based on specifications:

• The keys used for NAS and AS protection shall be dependent on the algorithm with which they are used.

• The eNB keys are cryptographically separated from the EPC keys used for NAS protection (making it impossible to use the eNB key to figure out an EPC key).

• The AS (RRC and UP) and NAS keys are derived in the EPC/UE from key material that was generated by a NAS (EPC/UE) level AKA procedure (KASME) and identified with a key identifier (KSIASME).

• The eNB key (KeNB) is sent from the EPC to the eNB when the UE is entering ECM-CONNECTED state (i.e. during RRC connection or S1 context setup).

• Separate AS and NAS level security mode command procedures are used.

• Keys stored inside eNBs shall never leave a secure environment within the eNB (except when done in accordance with this or other 3GPP specifications), and user plane data ciphering/deciphering shall take place inside the secure environment where the related keys are stored.

• Key material for the eNB keys is sent between the eNBs during ECM-CONNECTED intra-E-UTRAN mobility.

genrate a key

The figure above depicts simplified key derivation

The MME invokes the AKA procedures by requesting authentication vectors to the HE (Home environment) if no unused EPS authentication vectors have been stored.

The HE sends an authentication response back to the MME that contains a fresh authentication vector, including a base-key named KASME. Thus, as a result of an AKA run, the EPC and the UE share KASME.
From KASME, the NAS keys, (and indirectly) KeNB keys and NH are derived. The KASME is never transported to an entity outside of the EPC, but KeNB and NH are transported to the eNB from the EPC when the UE transitions to ECM-CONNECTED.

From the KeNB, the eNB and UE can derive the UP and RRC keys.

answer Mar 5, 2014 by Hiteshwar Thakur
...