How does LTE Security works?
The following are some of the principles of 3GPP E-UTRAN security based on 3GPP Release 8 specifications:
- The keys used for NAS and AS protection shall be dependent on the algorithm with which they are used.
- The eNB keys are cryptographically separated from the EPC keys used for NAS protection (making it impossible to use the eNB key to figure out an EPC key).
- The AS (RRC and UP) and NAS keys are derived in the EPC/UE from key material that was generated by a NAS (EPC/UE) level AKA procedure (KASME) and identified with a key identifier (KSIASME).
- The eNB key (KeNB) is sent from the EPC to the eNB when the UE is entering ECM-CONNECTED state (i.e. during RRC connection or S1 context setup).
See LTE Security Principles for more details.