How does LTE Security works?

 The following are some of the principles of 3GPP E-UTRAN security based on 3GPP Release 8 specifications:

  • The keys used for NAS and AS protection shall be dependent on the algorithm with which they are used.
  • The eNB keys are cryptographically separated from the EPC keys used for NAS protection (making it impossible to use the eNB key to figure out an EPC key).
  •  The AS (RRC and UP) and NAS keys are derived in the EPC/UE from key material that was generated by a NAS (EPC/UE) level AKA procedure (KASME) and identified with a key identifier (KSIASME).
  • The eNB key (KeNB) is sent from the EPC to the eNB when the UE is entering ECM-CONNECTED state (i.e. during RRC connection or S1 context setup).

See LTE Security Principles for more details.