LTE Security Principles
The following are some of the principles of 3GPP E-UTRAN security based on 3GPP Release 8 specifications:
- The keys used for NAS and AS protection shall be dependent on the algorithm with which they are used.
- The eNB keys are cryptographically separated from the EPC keys used for NAS protection (making it impossible to use the eNB key to figure out an EPC key).
- The AS (RRC and UP) and NAS keys are derived in the EPC/UE from key material that was generated by a NAS (EPC/UE) level AKA procedure (KASME) and identified with a key identifier (KSIASME).
- The eNB key (KeNB) is sent from the EPC to the eNB when the UE is entering ECM-CONNECTED state (i.e. during RRC connection or S1 context setup).
- Separate AS and NAS level security mode command procedures are used.
- Keys stored inside eNBs shall never leave a secure environment within the eNB (except when done in accordance with this or other 3GPP specifications), and user plane data ciphering/deciphering shall take place inside the secure environment where the related keys are stored.
- Key material for the eNB keys is sent between the eNBs during ECM-CONNECTED intra-E-UTRAN mobility.
The figure above depicts simplified key derivation.
The MME invokes the AKA procedures by requesting authentication vectors to the HE (Home environment) if no unused EPS authentication vectors have been stored.
The HE sends an authentication response back to the MME that contains a fresh authentication vector, including a base-key named KASME. Thus, as a result of an AKA run, the EPC and the UE share KASME.
From KASME, the NAS keys, (and indirectly) KeNB keys and NH are derived. The KASME is never transported to an entity outside of the EPC, but KeNB and NH are transported to the eNB from the EPC when the UE transitions to ECM-CONNECTED.
From the KeNB, the eNB and UE can derive the UP and RRC keys.