LTE Security Principles and Key derivation
This tutorial section on LTE basics covers following sub topics:
Main page features terminologies Frame TDD FDD Channel types PHY stack throughput VoLTE CA cell search network entry Timers PSS vs SSS Security LTE Bands EARFCN Hotspot router
This page covers LTE security principles. It also covers LTE security key derivation and security termination points.
As we know security is very important aspect of wired as well as wireless network.
It provides trust to the users/customers of the network service providers.
The typical services are voice and/or data used by the users.
Different systems employ sucurity in different ways.
As we know LTE network consists of various system elements connected
using various interfaces. The network elements are UE, eNB, MME, HSS and AuC.
Following to be considered in order to provide LTE security.
Nodes should be able to exchange signalling data and user data securely.
Following vulnerable positions should be made secure in the LTE system.
• Protection at the LTE network access interfaces as mentioned.
• Protection on the wireline network.
• Secured access to mobile stations by the user domain.
• Enable application domain security for applications and messages.
• Provide provision to the user configure the security feature. This helps user know whether the security is supported or not by the network service provider.
Fig.1 mentions authentication and key aggrement message flow between UE, eNB, MME and AuC. As shown authentication is initiated by the serving MME. An authentication request message is sent to the UE with authentication parameters e.g. RAND, AUTN and KSIASME(or eKSI referred as NAS Key Set Identifier). The KSIASME is allocated by the MME and uniquely identifies the KASME. It is stored in the UE and serving MME together with the GUTI(if available).
Following fig.2 depicts hierarchy of security keys used in LTE EPS. The keys used for NAS and AS protection in LTE depend on the algorithms. The various LTE security keys are K, (CK,IK), KASME, KeNB, KeNB*, NH, KNASint, KNASenc, KUPenc, KRRCint and KRRCenc.
LTE Security Keys-K, (CK,IK), KASME, KeNB, KeNB*, NH, KNASint, KNASenc, KUPenc, KRRCint and KRRCenc
|LTE Security Key||Function||Length or Size||Derived From||Basic Description|
|K||Master Base Key for GSM/UMTS/EPS||128||-||Secret key stored permanently in USIM and AuC|
|(CK,IK)||Cipher key and Integrity Key||128||'K' Key||Pair of Keys derived in AuC and USIM during AKA run.|
|KASME||MME (ASME) Base / Intermediate Key||256||CK,IK||Intermediate key derived in HSS/UE from (CK,IK) using AKA.|
|KeNB||eNB Base Key||256||KASME , KeNB*||Intermediate Key derived in MME/UE from KASME when UE transits to ECM CONNECTED STATE or by UE and target eNB from KeNB* during handover|
|KeNB*||eNB handover transition Key||256||KeNB(H) , NH(V)||Intermediate Key derived in source eNB and UE during handover when performing horizontal ( KeNB) or vertical Key(NH) derivation. Used at target eNB to derive KeNB|
|NH||Next Hop||256||KeNB||Intermediate key derived in MME and UE used to provide forward security and forwarded to eNB via S1-MME interface.|
|KNASint||Integrity key for NAS signalling||256 (128 LSB)||KASME||Integrity key for protection of NAS data derived in MME/UE|
|KNASenc||Encryption Key for NAS signalling||256(128 LSB)||KASME||Encryption key for protection of NAS data derived in MME and UE|
|KUPenc||Encryption key for user plane (DRB)||256(128 LSB)||KeNB||Encryption key for protection of user plane data derived in eNB and UE|
|KRRCint||Integrity key for RRC signalling(SRB)||256(128 LSB)||KeNB||Integrity key for protection of RRC data derived in eNB and UE|
|KRRCenc||Encryption key for RRC||256(128 LSB)||KeNB||Encryption key for protection of RRC data derived in eNB and UE|
All EPS security keys are 256 bits in length. The ciphering and integrity keys for AS and NAS algorithms use only the 128 LSB(Least Significant Bits) of the derived keys. For more detailed information on key derivation and key hierarchy refer 3GPP 33.401 document. For KDF(Key Derivation Function) specification refer 3GPP 33.220 document.
LTE Security termination points
Following table-2 summarizes LTE security termination points.
|NAS Signalling||Required and terminated in MME entity||Required and terminated in MME entity|
|U-plane data||Required and terminated in eNB entity||Not needed|
|RRC Signalling(AS)||Required and terminated in eNB entity||Required and terminated in eNB entity|
|MAC Signalling(AS)||Not needed||Not needed|
As mentioned in the table, integrity protection for U-plane is not needed and thus is not supported between UE and serving gateway OR for the transport of user plane data between eNB and Serving gateway on S1 interface.