A LTE network is divided into two parts. First part is Access Stratum and Second is called Non-access stratum. Following is the list of nodes which are involved while implementing security.
NAS Level: MME, HSS, UE-NAS layer.
AS Level: ENODEB, UE-AS layer.
I would like to mention security related steps of an attach procedure.
Once MME receives attach request message from UE, It inquiries with HSS to get authentication and security related parameters. As soon as UE gets authenticated, MME enable NAS security for UE using the security mode procedure . For more details of security mode procedure refer 3GPP 24.301.
After establishment of bearers and NAS security is enabled for an UE, MME sends Initial Context Setup Request to eNodeB for an UE to establish data radio bearers. This "Initial Context Setup Request" message carries as-security related parameters. eNodeB uses those parameter to generate security keys. For more details of Initial Context Procedure refer 3GPP 36.413 spec.
As part of enabling AS-security, eNodeB executes RRC level "Security Mode" Procedure. As part of this procedure, eNodeB sends "Security mode command" and UE responds with "Security mode complete". For more details refer 3GPP 36.331.
I understand this is a big topic and not everything is explained so if you have any specific question, please ask.