I hope I understood your query correctly, please comment if I am wrong -
Lets first understand what is Integrity Protection -
Integrity protection means, Receiver can verify that received message is the same as that Sender/Transmitter sends.
Lets see what ciphering means -
Ciphering means: Transmitter/sender encrypts the data with a key and that key knows to only Receiver. It can be done by;
And in short we can say for C-Plane (i.e. DCCH data): Integrity protection applied and for U-plane: Integrity protection and ciphering is applied.
Now lets see how SECURITY MODE procedure works to see the complete flow
The eNodeB sends integrity protected SECURITY MODE COMMAND message to the UE. The UE shall derive KeNB and KRRCint which is associated with integrity protection algorithm indicated in the SECURITY MODE COMMAND. Then, UE verifies the Integrity of the received SECURITY MODE COMMAND by checking the Message Authentication Code (MAC) in the SECURITY MODE COMMAND message. If the SECURITY MODE COMMAND message fails the integrity protection check, then the UE sends SECURITY MODE FAILURE to the eNodeB.
If the SECURITY MODE COMMAND passes the integrity protection check, then the UE shall derive the encryption keys KRRCenc key and the KUPenc keys associated with the ciphering algorithm indicated in the SECURITY MODE COMMAND. The UE shall apply integrity protection using the indicated algorithm (EIA) and the integrity key, KRRCint immediately, i.e. integrity protection shall be applied to all subsequent messages received and sent by the UE, including the SECURITY MODE COMPLETE message. The UE shall apply ciphering using the indicated algorithm (EEA), KRRCenc key and the KUPenc key after completing the procedure, i.e. ciphering shall be applied to all subsequent messages received and sent by the UE, except for the SECURITY MODE COMPLETE message which is sent un-ciphered.
