Access Stratum Security Activation Procedure?

Question

What are the basic steps need to be followed to activate this procedure and how does it effect after a
successful establishment.

Answer 1

Once eNodeB receives Initial Context Setup Request message from the MME, eNodeB enable Access stratum security with the UE. To do so, eNodeB executes Initial Security Activation Procedure.

As part of Initial security activation procedure, eNodeB sends Security Mode Command message to UE with the selected security algorithms (one for integrity and another for ciphering). Security mode command message is just integrity projected not ciphered.

When UE receives the Security Mode Command message from the eNodeB, it generates the KrrcInt, KrrcEnc, KUpenc keys based on the algorithms sent by eNodeB. Once it is done, eNodeB sends Security mode complete message to eNodeB. Security mode complete message is integrity protected as well as ciphered.

For the key derivation related information, please refer 33.401.

Comments

ciphering shall be applied to all subsequent messages received and sent
 by the UE, except for the SecurityModeComplete message which is sent unciphered;in above answer it is said security mode complete msg is ciphered but in spec it is mentioned unciphered

---

Yes, securityModeComplete is unciphered but integrity protected. Upcoming messages are ciphered and integrity protected.