top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Is NAS security particularly deployed with integrity protection, even if ciphering is an option ?

+2 votes
568 views
Is NAS security particularly deployed with integrity protection, even if ciphering is an option ?
posted May 22, 2014 by Mohammad

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

2 Answers

+1 vote

I think, In deployment every operator would like to provide protection to its subscribers data/signalling.
At least NAS messages should integrity protected , ciphering may be optional for signalling message.
Data packets may be ciphered but integrity is not required.

answer May 22, 2014 by Ganesh Kumar
+1 vote

50 percent Yes.

NAS security mode command is only Integrity Protected where as NAS security mode complete is Integrity Protected and Ciphered, with activated security context.

So after this message Ciphering is applied to all NAS message except EMM attach request, Tracking Area Update request and of-course NAS security mode command message.

UE <-->MME<-->HSS: Authentication takes place:

If UE context does not present in anywhere in the network and Attach Request which is not Integrity protected OR Integrity Check Fails then and then only Integrity Protection and Ciphering are mandatory otherwise it is optional.

As for Emergency call, MME should not do Authentication process, and for that MME is configured to support UN-Authenticated UE's. So when UE send Attach request with attach type as "emergency call" then MME skips authentication and security and continue with attach procedure.

Source: http://www.linkedin.com/groups/What-exactly-does-Integrity-Protection-1180727.S.174817649

answer May 23, 2014 by Hiteshwar Thakur
Similar Questions
+2 votes

In LTE, if a NAS packet is going to be sent, the encryption is followed by integrity protection in NAS layer, but in RRC/PDCP layer, When RRC messages are being sent, they are integrity protected first and then encrypted before being sent, unlike NAS messages were. Why the integrity and encryption protection order is different in NAS and AS layer?

+1 vote

For confirmation purpose only, I want to know the use of integrity protection. As per my understanding integrity protection is only needed to verify Security-Mode-Command/Security-Mode-Complete messages? Because all subsequent messages are encrypted and any "man in the middle attack" will result in decryption failure at the other end.

Is my understanding correct?

+1 vote

Is it necessary to implement both integrity and ciphering together for a message ? or for certain cases only integrity or only ciphering required ?

+4 votes

Why do we need it and name the algorithm(s) used in it ?
If possible then explain me algorithm also..

...