Tuesday, January 10, 2012

Security keys involved in handover from UTRAN to EUTRAN


3GPP TS 33401, Section 9.2.2

1. Source RNC->SGSN: Relocation Request

2. SGSN->MME : FW relocation Request(UE Security capabilities, MM context(CK, IK, KSI)) At MME: If MME does not receive UE EPS security capabilities from SGSN, MME shall assume that the following default security alg supported by the UE.

a. EEA0, 128-EEA1 and 128-EEA2 – NAS, RRC and UP ciphering.

b. 128-EIA1 and 128-EIA2 – NAS and RRC integrity.

If UE security capability present, MME select NAS security alg which have the highest priority from its configured list and are also present in UE EPS security capabilities.

Derivation of keys -

KSISGSN = KSI; (KSI - received from SGSN)

K`ASME = KDF (CK, IK, NONCEMME); ( NONCEMME - generated by MME; CK, IK – received from SGSN)

NAS keys & KeNB - derived from K`ASME.

3. MME->eNB: S1 HO Request(NAS security transparent container IE, KeNB, UE Security capabilities)

NAS security transparent container IE contains - KSISGSN, NONCEMME & selected NAS security alg. In addition, S1 HO request msg includes KeNB, UE EPS security capabilities (derived in step 2).

4. eNB->MME: S1 HO Request Ack (RRC Connection Reconfiguration)

At eNB:

eNB selects AS alg which have the highest priority from its configured list and is also present in the UE EPS security capabilities(received from MME).

eNB creates transparent container (RRC Connection Reconfiguration) – includes selected AS security alg, NAS transparent container IE(received from the MME).

5. MME->SGSN: FW Relocation Resp (RRC Conn Reconfig)

6. SGSN-> src RNC: Relocation command (RRC Conn Reconfig)

7. Source RNC->UE: UTRAN HO Cmd (incls RRC Conn Reconfig) integrity protected and optionally ciphered TS 33.102

At UE:

K`ASME = KDF (CK, IK, NONCE); (NONCE – received from MME; KSISGSN received from MME; CK, IK - present in UE).

NAS keys - derived from K`ASME.

RRC and UP keys - derived from KeNB which is in turn derived from K`ASME.

8. UE->eNB: HO complete=RRC Conn Recfg Compl

9. eNB->MME: HO Notify

10. MME->SGSN: FW Relocation Complete

11. SGSN->MME: FW Relocation Complete Ack

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)