The following are some of the principles of 3GPP E-UTRAN security based on 3GPP Release 8 specifications:
- The keys used for NAS and AS protection shall be dependent on the algorithm with which they are used.
- The eNB keys are cryptographically separated from the
EPCkeys used for NAS protection (making it impossible to use the eNB key to figure out an EPCkey).
- The AS (
RRCand UP) and NAS keys are derived in the EPC/UE from key material that was generated by a NAS ( EPC/UE) level AKA procedure (KASME) and identified with a key identifier (KSIASME).
- The eNB key (KeNB) is sent from the
EPCto the eNB when the UE is entering ECM-CONNECTED state (i.e. during RRCconnection or S1 context setup).
- Separate AS and NAS level security mode command procedures are used.
- Keys stored inside eNBs shall never leave a secure environment within the eNB (except when done in accordance with this or other 3GPP specifications), and user plane data ciphering/deciphering shall take place inside the secure environment where the related keys are stored.
- Key material for the eNB keys is sent between the eNBs during ECM-CONNECTED intra-E-UTRAN mobility.
The HE sends an authentication response back to the
From KASME, the NAS keys, (and indirectly) KeNB keys and NH are derived. The KASME is never transported to an entity outside of the
From the KeNB, the eNB and UE can derive the UP and