LTE security | Security in LTE networks

This page covers LTE security principles used for authentication and integrity protection in LTE. It also covers LTE security key (k-eNB) derivation and security termination points.

As we know security is very important aspect of wired as well as wireless network. It provides trust to the users/customers of the network service providers. The typical services are voice and/or data used by the users. Different systems employ sucurity in different ways. As we know LTE network consists of various system elements connected using various interfaces. The network elements are UE, eNB, MME, HSS and AuC. Following to be considered in order to provide LTE security. Nodes should be able to exchange signalling data and user data securely. Following vulnerable positions should be made secure in the LTE system.

•  Protection at the LTE network access interfaces as mentioned.
•  Protection on the wireline network.
•  Secured access to mobile stations by the user domain.
•  Enable application domain security for applications and messages.
•  Provide provision to the user configure the security feature. This helps user know whether the security is supported or not by the network service provider.

LTE authentication and key aggrement

Fig.1 mentions authentication and key aggrement message flow between UE, eNB, MME and AuC. As shown authentication is initiated by the serving MME. An authentication request message is sent to the UE with authentication parameters e.g. RAND, AUTN and KSIASME(or eKSI referred as NAS Key Set Identifier). The KSIASME is allocated by the MME and uniquely identifies the KASME. It is stored in the UE and serving MME together with the GUTI(if available).

LTE security key hierarchy

Following fig.2 depicts hierarchy of security keys used in LTE EPS. The keys used for NAS and AS protection in LTE depend on the algorithms. The various LTE security keys are K, (CK,IK), KASME, KeNB, KeNB*, NH, KNASint, KNASenc, KUPenc, KRRCint and KRRCenc.

LTE Security Keys-K, (CK,IK), KASME, KeNB, KeNB*, NH, KNASint, KNASenc, KUPenc, KRRCint and KRRCenc

LTE Security Key Function Length or Size Derived From Basic Description
K Master Base Key for GSM/UMTS/EPS 128 - Secret key stored permanently in USIM and AuC
(CK,IK) Cipher key and Integrity Key 128 'K' Key Pair of Keys derived in AuC and USIM during AKA run.
KASME MME (ASME) Base / Intermediate Key 256 CK,IK Intermediate key derived in HSS/UE from (CK,IK) using AKA.
K-eNB eNB Base Key 256 KASME , KeNB* Intermediate Key derived in MME/UE from KASME when UE transits to ECM CONNECTED STATE or by UE and target eNB from KeNB* during handover
KeNB* eNB handover transition Key 256 KeNB(H) , NH(V) Intermediate Key derived in source eNB and UE during handover when performing horizontal ( KeNB) or vertical Key(NH) derivation. Used at target eNB to derive KeNB
NH Next Hop 256 KeNB Intermediate key derived in MME and UE used to provide forward security and forwarded to eNB via S1-MME interface.
KNASint Integrity key for NAS signalling 256 (128 LSB) KASME Integrity key for protection of NAS data derived in MME/UE
KNASenc Encryption Key for NAS signalling 256(128 LSB) KASME Encryption key for protection of NAS data derived in MME and UE
KUPenc Encryption key for user plane (DRB) 256(128 LSB) KeNB Encryption key for protection of user plane data derived in eNB and UE
KRRCint Integrity key for RRC signalling(SRB) 256(128 LSB) KeNB Integrity key for protection of RRC data derived in eNB and UE
KRRCenc Encryption key for RRC 256(128 LSB) KeNB Encryption key for protection of RRC data derived in eNB and UE

All LTE security keys (EPS) are 256 bits in length. The ciphering and integrity keys for AS and NAS algorithms use only the 128 LSB(Least Significant Bits) of the derived keys. For more detailed information on key derivation and key hierarchy refer 3GPP 33.401 document. For KDF(Key Derivation Function) specification refer 3GPP 33.220 document.

LTE Security termination points

Following table-2 summarizes LTE security termination points.

Termination Ciphering Integrity Protection
NAS Signalling Required and terminated in MME entity Required and terminated in MME entity
U-plane data Required and terminated in eNB entity Not needed
RRC Signalling(AS) Required and terminated in eNB entity Required and terminated in eNB entity
MAC Signalling(AS) Not needed Not needed

As mentioned in the table, integrity protection for U-plane is not needed and thus is not supported between UE and serving gateway OR for the transport of user plane data between eNB and Serving gateway on S1 interface.

LTE tutorial related links

This tutorial on LTE covers LTE basics and following sub topics on LTE:
Main page  features  terminologies  Frame  TDD FDD  Channel types  PHY  stack  throughput  VoLTE  CA   cell search  network entry  Timers  PSS vs SSS  Security   LTE Bands  EARFCN  Hotspot  router 

Wireless System Security Related Links

3G Security   LTE Security   GSM Security   Zigbee Security   Z-wave Security   Web App. Security  

Cellular Telecommunications Tutorials -
RF Wireless World

WLAN  802.11ac  802.11ad  wimax  Zigbee  z-wave  GSM  LTE  UMTS  Bluetooth  UWB  IoT  satellite  Antenna  RADAR