Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | Korea Communication Market Data | List of Contributors | Become a Contributor |    
 
 
Section 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung   Korean Vendors
 
CHANNELS     HFR    |  Mobile Fronthaul Solution  |  Carrier Ethernet Solution  | Resources        
CHANNELS     ZARAM    |  XGSPON 10G SFP+ ONT  |  Use cases  | Evolution of FTTH Access Network    

 

LTE Security I: Concept and Authentication
July 31, 2013 | By Netmanias (tech@netmanias.com)
Online viewer:
Comments (20)
41
Page 2 of 4

 

     

Table of Contents  

1. Introduction
2. LTE Security Concept 
3. LTE Authentication Procedure
4. Closing and References
  

 

 

2. LTE Security Concept

 

2.1 Scope and Concept of LTE Security 

 

Figure 1 below shows the scope and overall concept of the LTE Security documents. The scope of these documents will include the following three areas:

 

  LTE Authentication: performs mutual authentication between a UE and a network.

  NAS Security: performs integrity protection/verification and ciphering (encryption/decryption) of NAS signaling between a UE and an MME.

  AS Security

•  performs integrity protection/verification and ciphering of RRC signaling between a UE and an eNB.

•  performs ciphering of user traffic between a UE and an eNB.

 

 

Figure 1. Scope and concept of LTE security

 

LTE Authentication 

 

In mobile communication networks, authentication refers to the process of determining whether a user is an authorized subscriber to the network that he/she is trying to access. Among various authentication procedures available in such networks, EPS AKA (Authentication and Key Agreement) procedure is used in LTE networks for mutual authentication between users and networks.

 

The EPS AKA procedure consists of two steps. First, an HSS (Home Subscriber Server) generates EPS authentication vector(s) (RAND, AUTN, XRES, KASME) and delivers them to an MME. Then in the second step, the MME selects one of the authentication vectors and uses it for mutual authentication with a UE and shares the same authentication key (KASME) each other. Mutual authentication is the process in which a network and a user authenticate each other. In LTE networks, since the ID of the user's serving network is required when generating authentication vectors, authentication of the network by the user is performed in addition to authentication of the user by the network.

 

ASME (Access Security Management Entity) is an entity that receives top-level key(s), from an HSS, to be used in an access network. In EPS, an MME serves as ASME and KASME is used as the top-level key to be used in the access network. The MME, on behalf of an HSS, conducts mutual authentication with a UE using KASME. Once mutually authenticated, the UE and MME get to share the same KASME as an authentication key.

 

To avoid any possible eavesdropping or manipulation of data across radio links, KASME is not delivered to the UE via E-UTRAN. Instead, the MME delivers part of authentication vector to the UE, which uses it to authenticate the network and generates KASME as the HSS does.

 

NAS Security

 

NAS security, designed to securely deliver signaling messages between UEs and MMEs over radio links, performs integrity check (i.e., integrity protection/verification) and ciphering of NAS signaling messages. Different keys are used for integrity check and for ciphering. While integrity check is a mandatory function, ciphering is an optional function. NAS security keys, such as integrity key (KNASint) and ciphering key (KNASenc), are derived by UEs and MMEs from KASME.

 

AS Security

 

AS security is purposed to ensure secure delivery of data between a UE and an eNB over radio links. It conducts both integrity check and ciphering of RRC signaling messages in control plane, and only ciphering of IP packets in user plane. Different keys are used for integrity check/ciphering of RRC signaling messages and ciphering of IP packets. Integrity check is mandatory, but ciphering is optional.

 

AS security keys, such as KRRCint, KRRCenc and KUPenc, are derived from KeNB by a UE and an eNB. KRRCint and KRRCenc are used for integrity check and ciphering of control plane data (i.e., RRC signaling messages), and KUPenc is used for ciphering of user plane data (i.e., IP packets). Integrity check and ciphering are performed at the PDCP (Packet Data Convergence Protocol) layer.

 

A UE can derive KeNB from KASME. However, since KASME is not transferred to an eNB, an MME instead generates KeNB from KASME and forwards it to the eNB.

 

2.2 Overview of LTE Security Procedure

 

Figure 2 shows the overview of LTE security procedure.  displays LTE authentication procedure while  and  demonstrate security setup procedures for NAS and AS respectively. A brief description of each procedure will be given below first. Then, a detailed explanation on the LTE authentication procedures and NAS and AS security setup procedures will be given in Chapter III hereof and again in Part II, LTE Security II, that follows.

 

 

Figure 2. Overview of LTE security procedure

 

 LTE Authentication

 

When a user requests for access to a LTE network, mutual authentication between the user and the network is conducted using EPS AKA procedure. An MME, upon receipt of such request, identifies the user using his/her IMSI and requests authentication vector(s) (AVs) from an HSS1. The HSS then generates AV(s) using EPS AKA algorithm, AV={RAND, XRES, AUTNHSS, KASME}, and forwards them to the MME.

 

After storing the AVs, the MME selects one of them and uses it to perform mutual authentication with the UE2. The MME forwards RAND and AUTNHSS to the UE, which then computes RES, AUTNUE and KASME using EPS AKA algorithm. The UE now compares its own AUTNUE and AUTNHSS received from the MME for network authentication. Once authenticated, RES is forwarded to the MME, which then compares the XRES received from the HSS and the RES received from the UE for user authentication. If the UE and network have authenticated each other, they share the same key KASME (KASME is not transferred between UE and MME, though).

 

 NAS Security

 

Once the UE and MME have authenticated each other and the same key KASME is shared, NAS security setup procedure begins. In this procedure, NAS security keys to be used when delivering NAS signaling messages are derived from KASME for secure delivery of these messages. This procedure consists of a round trip of NAS signaling messages (Security Mode Command and Security Mode Complete message), and begins when the MME delivers a Security Mode Command message to the UE.

 

First, the MME selects NAS security algorithms (Alg-ID: Algorithm ID) and uses them to create an integrity key (KNASint ) and a ciphering key (KNASenc) from KASME. Then, it applies KNASint  to the Security Mode Command message to generate an NAS message authentication code (NAS-MAC, Message Authentication Code for NAS for Integrity). The MME then delivers the Security Mode Command message including the selected NAS security algorithms and the NAS-MAC to the UE. As the UE does not know the selected encryption algorithm yet, this message is integrity protected only but not ciphered.

 

Upon receiving the Security Mode Command message, the UE verifies the integrity thereof by using the NAS integrity algorithm selected by the MME and uses NAS integrity/ciphering algorithm to generate NAS security keys (KNASint and KNASenc) from KASME. Then it ciphers the Security Command Complete message with KNASenc and generates a message authentication code, NAS-MAC with KNASint to the ciphered message. Now it forwards the ciphered and integrity protected message to the MME with the NAS-MAC included.

 

Once the MME successfully verifies the integrity of the received Security Mode Complete message and has them decrypted using the NAS security keys (KNASint and KNASenc), the NAS security setup procedure is completed.

 

Once the NAS security is set up, NAS signaling messages between the UE and the MME are ciphered and integrity protected by the NAS security keys and then securely delivered over radio links. 

 

 AS Security

 

After NAS security setup is finished, AS security setup procedure between a UE and an eNB begins. In this procedure, AS security keys to be used when delivering RRC signaling messages and IP packets are derived from KeNB for secure delivery of these data. This procedure consists of a round trip of RRC signaling messages (Security Mode Command and Security Mode Complete message), and begins when an eNB delivers Security Mode Command message to the UE.

 

First, the MME calculates KeNB from KASME and delivers it to the eNB, which uses it to perform the AS security setup procedure. The eNB selects AS security algorithms (Alg-ID: Algorithm ID) and uses them to create an integrity key (KRRCint) and a ciphering key (KRRCenc), from KeNB. to be used for RRC signaling messages, and a ciphering key (KUPenc) to be used in the user plane. Then, it applies KRRCint to the Security Mode Command message to generate a message authentication code (MAC-I, Message Authentication Code for Integrity). The eNB now delivers the Security Mode Command message including the selected AS security algorithms and the MAC-I to the UE.

 

Upon receiving the Security Mode Command message from the eNB, the UE verifies the integrity thereof by using the AS integrity algorithm selected by the eNB and uses AS integrity/ciphering algorithm to generate AS security keys (KRRCint, KRRCenc and KUPenc). Then it generates a message authentication code, MAC-I, with the RRC integrity key to the Security Command Complete message, and then forwards the message including the MAC-I to the eNB.

 

When the eNB successfully verifies the integrity of the received Security Mode Complete message by using the AS integrity key, the AS security setup procedure is completed.

 

After the AS security is set up, RRC signaling messages between the UE and the eNB are ciphered and integrity protected by the AS security keys, and user IP packets are encrypted and then securely delivered over radio links.

 

 

Page 2 of 4
HI 2014-11-18 16:01:18

Hi,

 

Good Document.

blue 2014-12-29 18:01:29

Hi.

 

Why in the picture 2 NW sent ATTACH ACCEPT before AS Security Mode Command, from our log i saw opposite result.

 

00:01:07.735 LTE RRC OTA Packet  --  DL_DCCH / SecurityModeCommand       /*AS SecurityModeCommand form NW */

00:01:08.241 LTE NAS EMM Plain OTA Incoming Message  --  Attach accept Msg/*Attach accept form NW */

 

Thank you.

garima singh 2016-12-01 19:49:56

Sir

  will you tell me on which tool you have did LTE simulation

bjm 2015-04-21 21:51:00

What algorithm is used for the KDF? Is it selectable/configurable?

garima singh 2016-12-01 19:48:25

anybody can tell me whaich simulator  i should use for security setup in LTE..............

Kiran 2015-07-16 14:14:27

Thanks for sharing very useful info

pratit khare 2015-09-07 07:16:54

Hi...plz explain me why ciphering is optional in AS security?

satyasunil.sunkara@tatatel.co.in.com 2016-02-22 17:09:27

Excellent basic stuff...that great,.

jaime 2016-05-18 06:44:17

Great document

jaime 2016-05-19 23:46:30

Hi Would you know what happens in the case  of IWF as in 3G  Serving Network is not used thus how is KASAME going to be derived if there is no SN-ID ??  

 

Thanks in advance 

 

Jack Lin 2016-09-26 01:32:36

Excellent!

JackLin 2018-11-29 11:24:17

2

John Dalgas 2016-12-06 21:00:17

Excellent document.

Very accessably written, focusing on the important matters, and beautifully depicted by sequence diagrams combined with algorithm box diagrams, together showing exactly the creation and flow of information.

By far the best description I have found - I am blown over backwards - just the information I needed - thank you.

kemanzhuo 2017-09-02 21:04:40

excellent, very useful info.

sudhakar 2017-10-07 14:39:20

Hi, Excellent document and can easily understandable 

debasis 2017-10-28 18:58:09

nice document

Samir Mohanty 2018-08-03 18:35:43

Hello ,

I am testing my MME(SUT),

-Precondtion: EEA1 Disabled in MME.

-While my UE is Sending EEA1 in Attach Request to MME and MME is sending Same EEA1 in Securitymode comand which is disabled in MME.

 

Please let me know what should be sent by MME in Securitymode comand, will it send any error message.

one EEA1 is disabled or others(EEA0,EEA2....) will be send insted of EEA1.

garima singh 2019-01-03 02:34:15

PLZ WHICH TOOL TO SIMULATE LTE SECURITY

Zakir Hussain 2018-10-11 02:23:10

Hi All,

How Ue gets SN ID for generating Kasme at Ue side?

Please explain.

vemula geeta 2019-02-07 13:17:25

Hello Sir,

 kindly let me know which tool to use to simulate LTE authentication protocols. At present, I have started with NS3, i want to is ns3 is good simulator for simulating LTE authentication protocols or some other tool is better than this.

Thanks,

Vemula Geeta

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
Related Contents
08/05/2013
Netmanias Technical Documents
08/05/2013
Netmanias Technical Documents
View All (171)
5G (6) Backbone (2) Backhaul (3) Blockchain (1) CDN (1) Carrier Ethernet (3) Charging (1) DHCP (4) ECM (2) EMM (16) EPS (2) Google (1) HLS (1) HTTP Adaptive Streaming (3) Handover (5) IPTV (4) Initial Attach (2) IoT (2) Korea (1) LTE (39) LTE Identification (2) LTE-A (1) MPLS (2) Mobility (2) NAT (7) Netflix (1) Network Architecture (3) Network Protocol (20) New Radio (1) OTT (1) PCRF (3) QoS (3) RCS (3) SDF (2) SDN/NFV (2) SK Telecom (1) Samsung (2) Security (5) Sk Telecom (1) Transparent Cache (1) Video Streaming (4) VoLTE (2) Wi-Fi (1) YouTube (2)
Password confirmation
Please enter your registered comment password.
Password