Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | Korea Communication Market Data | List of Contributors | Become a Contributor |    
 
 
Section 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung   Korean Vendors
 
Real World Private 5G Cases   4 Deployment Models On-Premise Cases 5G Core Control Plane Sharing Cases

5G Core Sharing Cases

   
 
Private 5G Deployment   • Private 5G Frequency Allocation Status in Korea  South Korean government's regulations on private 5G and KT's strategy for entering the market
Cases in Korea   Private 5G Operators |   SK Networks Service (SI) Sejong Telecom (Wire-line Carrier) KT MOS (Affiliate of KT) • Newgens (SI) • NAVER Cloud more >>  
    Enterprise DIY |   Korea Hydro & Nuclear Power (Power Plant) Korea Electric Power Corporation (Energy) • Republic of Korea Navy more >>
 
CHANNELS     HFR Private 5G Solution (my5G)       my5G Solution Components       my5G Key Features        my5G Resources        my5G News          
 
banner
banner
LTE Security II: NAS and AS Security
August 05, 2013 | By Netmanias (tech@netmanias.com)
Online viewer:
Comments (31)
38
SUMMARY
Once LTE authentication is completed, UE and MME share the same KASME. This document describes NAS and AS security setup procedures in which NAS and AS security keys are generated based on KASME, and how control messages and user packets are securely delivered thereafter. Then, it discusses security contexts to be stored in EPS entities as a result of the NAS and AS security setup, followed by a summary of the security keys used in LTE.
Page 1 of 5

 

     

Table of Contents  

1. Introduction
2. NAS Security
3. AS Security
4. Security Context

5. Closing and References  

 

 

1. Introduction

 

In LTE Security I[1], Part I of the LTE Security technical document, we have discussed LTE authentication based on EPS AKA procedure and learned a UE and an MME get to share the KASME when authenticated.

 

In this document, we will explain NAS and AS security setup procedures to be performed based on KASME, and how data are transmitted in user and control planes after the security setup procedures.

 

Chapter 2 herein will explain NAS security setup procedure and how NAS messages are sent and received after the procedure.

Chapter 3 will cover AS security setup procedure and how RRC messages and IP packets are transmitted thereafter.

Chapter 4 will provide a description of EPS security contexts and security data to be set in EPS entities (UE, eNB, MME and HSS).

Finally, Chapter 5 will summarize all the security keys covered in the LTE Security technical document (LTE Security I and II).

 

Before we move on to security setup procedures, we will look in the protocol stacks where NAS and AS security are actually applied to. Figure 1 shows the protocol stacks related to NAS and AS security setup. 

 

 

Figure 1. Protocol stacks for security setup

 

NAS Security: The purpose of NAS security is to securely deliver NAS signaling messages between a UE and an MME in the control plane using NAS security keys. The NAS security keys are derived from KASME and new keys are generated every time EPS AKA is performed (every time a new KASME is generated). After the NAS security setup is completed, the UE and the MME get to share a NAS encryption key (KNASenc) and a NAS integrity key (KNASint), which are used in encryption and integrity protection, respectively, of NAS messages before transmitting.

 

AS Security: The purpose of AS security is to securely deliver RRC messages between a UE and an eNB in the control plane and IP packets in the user plane using AS security keys. The AS security keys are derived from KeNB and new keys are generated every time a new radio link is established (that is, when RRC state moves from idle to connected)1. After the AS security setup is completed, the UE and the eNB get to share an RRC integrity key (KRRCint), RRC encryption key (KRRCenc) and user plane encryption key (KUPenc). Encryption and integrity protection using these keys are performed at the PDCP layer. KRRCint and KRRCenc are used to securely deliver RRC messages in the control plane through an SRB (Signaling Radio Bearer) over radio links. The RRC messages are integrity protected using KRRCint and encrypted using KRRCenc at the PDCP layer before being sent. KUPenc is used to securely deliver IP packets in the user plane through a DRB (Data Radio Bearer) over radio links. The IP packets are encrypted using KUPenc at the PDCP layer before being sent.

 

 

 

Page 1 of 5
Sitansu Baral 2014-08-05 18:25:16

It is a nice document on LTE Security

Eric 2014-08-14 15:49:22

I have two questions:

1. SQN, how to get this paremeters in UE side? Is it sent by MME?

2. "When RRC messages are being sent, they are encrypted first and then integrity protected before being sent."—— Can you confirm again? From 36.323, you can find the encrypted should be do first.

Netmanias 2014-10-14 23:04:00

Hi Eric, 


1) As gecuili said (thank you for the answer, gecuili!), SQN is concealed in AUTN in the form of (SQN)XOR(AK) (Please see TR, LTE Security I). When UE receives Authentication Request (RAND, AUTN, KSI_ASME) messages from MME, it computes AK and then derives SQN by performing bitwise XOR between AUTN and AK. (Please refer to the Figure 7 and 9 in 3GPP TS 33.102.)
SQNs are generated by HSS/AuC, and delivered to UE via MME.


2) Figure 12 is an error. When RRC messages are being sent, they are integrity protected first and then encrypted before being sent. We have corrected the error and updated this web post and pdf files. We are sorry for the error, and thank you for noticing us about that. 


gecuili 2014-10-14 17:18:54

Hi, Eric

1.SQN is concealed in AUTN according to section 6.3.3 in 33.102. Also Figure 9 illustrates this well.

 

jyothis 2014-10-16 14:46:06

Hi,

 

AUTN is having sqn of 6 bytes. Nas count is of 3 byte (MSb being 0) only of which sqn is 1 byte. Also, with authentication, 33.401 says to reset the count. 

I have 1 more question. which all part of nas msg is ciphered, does it include pd , security header and sqn of security protected msg ?

Netmanias 2014-10-16 17:31:07

Hi jyothis, 


"Plain NAS message" is ciphered. Then the ciphered NAS message and the NAS sequence number are integrity protected. Please refer to 4.4.4.1 and figure 9.1.2 in 3GPP TS 24.301.

(and/or you can see the the figure in 2.2. After NAS Security Setup on this post), 


- 4.4.4.1 
"When both ciphering and integrity protection are activated, the NAS message is first encrypted and then the encrypted NAS message and the NAS sequence number are integrity protected by calculating the MAC."


- Figure 9.1.2 (added some terms in blue by Netmanias)


jyothis 2014-10-17 14:59:24

Thanks,

Quick & great explanation.

What about the SN & AUTN part:

"AUTN is having sqn of 6 bytes. Nas count is of 3 byte (MSb being 0) only of which sqn is 1 byte. Also, with authentication, 33.401 says to reset the count."

jyothis 2014-10-21 14:25:54

I mean, the quote i made from 33.401, indicate that nas sn is not the one from AUTN, right ?

Josh 2014-09-04 04:10:42

This is excellent work. 

peeyoosh 2014-10-06 21:31:33

Hi,

Thanks for sharing such a nice info on LTE authentication and Security procedures. I have one doubt.

In NAS security, while handling Security mode command, Integrity is not known to UE, then does it try hit and trial method and genertate the IK and then X NAS MAC? in above example, UE striaghtly using ALGO-2 for integrity what if multiple Integrity algo supported by UE?

gecuili 2014-10-14 17:31:04

Hi,

"

 [MME] Selecting security algorithms

The MME selects ciphering and integrity algorithm to be applied to NAS messages based on UE Network Capability information included in the received Attach Request message from the UE. Figure 2 shows an example of selecting EEA1 for an encryption algorithm and EIA1 for an integrity algorithm, i.e., SNOW 3G algorithm (see LTE Security I [1]).

"

This will guarante the integrity algorithm which MME selected is exist in UE. If UE supports multiple algo, they may select the most priority one.

knokej 2014-11-18 03:03:45

Very nice write-up.  Some questions:

1) Does all this occur using SRB1?

2) Is all this preceded by an "Authentication Complete" message from the UE?

3) Does all this occur before S1 bearers are set up and before an "Attach Complete" is sent to the UE?

4) How does UE distinguish between AS and NAS versions of the Security Mode command?  Are they different message types in RRC?

 

Thanks.

vikas singh rawa 2014-12-10 16:09:42

Hello Team,

 

Good document, have a observation to share as below:-

In the figure Figure 2. NAS security setup: Delivery of a Security Mode Command message, isn't there a printing mistake for the step 3 and 7 for the alogorithm chosen at the MME and UE side for the generation for the Key ?

 

Thanks.

vikas singh rawa 2014-12-10 16:28:17

Hello Team,


Have aquery here,

Figure 5. NAS security setup: Delivery of a Security Mode Complete message, if the message itself has been encrypted already then how the UE comes to know that this is the security mode complete message cause the message is an important parameter for the generation of  the MAC vlaue in the uplink direction.


Thanks.

Shweta 2015-01-10 13:55:14

Hello, Well explained. But I have a query. Why is SMC complete message in NAS security procedure is both integrity protected and ciphered while SMC complete message in AS security procedure is only integrity protected and not ciphered. Thanks.

Shu 2015-03-14 01:42:34

Hello, A really good tutorial.  May I ask,

  1. after a UE is successfully authenticated and registers into a LTE network, how often does the network possibly re-authenticate the UE, even though there is no inter-RAT or inter-MME handover?  
  2. If there is a re-authentication after a successful registration, should the re-authentication happen when the UE is in its RRC_IDLE or it have to happen in RRC_CONNECTED?  

Thank you very much,

Shu 

Datong 2015-07-23 12:39:49

hi all,

one question:

NAS: The Security Mode Complete message is ciphered and integrity protected for transmission

AS: the Security Mode Complete message is delivered as integrity protected

Why the AS Security Mode Complete message is not ciphered as the NAS?

i have been confusing on this a long time.

 

thanks a lot,

wenhao

keerthana 2019-11-13 04:38:45

The UE shall apply integrity protection using the indicated algorithm (EIA) and the integrity key, KRRCint immediately, i.e. integrity protection shall be applied to all subsequent messages received and sent by the UE, including the SECURITY MODE COMPLETE message.

 

            The UE shall apply ciphering using the indicated algorithm (EEA), KRRCenc key and the KUPenc key after completing the procedure, i.e. ciphering shall be applied to all subsequent messages received and sent by the UE, except for the SECURITY MODE COMPLETE message which is sent un-ciphered.

debasish 2015-09-30 17:12:12

Any one please please tell me why authentication is delayed in case of connected mode TAU only...Why not in idle mode TAU??

bhupender jain 2015-10-21 20:52:20

Hi All,

 

From UE perspective, NAS message is first ciphered & then integrity protected.

& in AS, message is first integrity protected & then ciphered.

Why there is such difference between AS & NAS? Please explain as I am not able to get the required information from other sources.

santosh 2016-12-29 18:07:18

HI...

THE PAPER IS TOO GOOD...

IS THERE ANY IMPLEMANTATION CODE THAT YOU CAN PROVIDE SO THAT WE CAN PRACTICE PRACTICALLY???

wrangler 2017-08-28 23:15:56

The order of ciphering and integrity checking and verification is different across E-UTRAN and EPC. While in E-UTRAN Integrity checking and verification is followed by Ciphering, in EPC Ciphering is followed by Integrity Checking and Verification.
Can anyone comment as to why 3GPP followed a different strategy for EPC and E-UTRAN?

JouMan Lin 2017-10-12 09:46:24

Hi, 

Thanks for the detailed information to introduce the security system.

It's very useful.

 

I'd like to ask the same question as wrangler.

Why the order of integrity and encryption is different in NAS and AS layer? When sending a packet, in NAS, the encryption is performed first, then the integrity protection. But in AS layer, the protection order is reverse.

Wahidullah 2017-12-31 15:27:17

Useful :)

 

bandan.ars@gmail.com 2018-08-20 14:24:15

Can somebody explain how the NAS count wrap around works and how it should be handled? Both Downlink and Upliink

shailesh.y1987@gmail.com 2019-10-17 15:46:39

what all are AS messages are defined in lte call flow?

soqu36 2019-11-13 16:04:25

Very nice file!!!

I want to kown what tools do you have to make these nice figures? Thanks a lot!

vk444 2020-01-09 14:18:49

Hi, 

does the sequence number in NAS message needs to be incremented for retransmissions also?

 

aboudi_f@yahoo.com 2020-02-17 10:32:26

Hi Guys,

im having a problem regarding the security mode complete, After eNodeB sends the Security Mode Command, the eNodeb sends the RRC_CONN_REFCG, the EnodeB doesnt recieve any security mode complete from the Ue, after 461ms, the MME Sends S1AP_Context_REL_CMD. Can any body help , what can be going on so that the Ue is not responding the security Mode command? I have no interference nor poor UL coverage.

 

Thanks,

 

Abdul

Nikita 2020-05-21 17:34:45

If the plain NAS message contains registration accept then does all the message should be encrypted(including the message type) or only perticular IEs will be encrypted?

Manikandan 2020-08-26 01:06:22

Hi I have  a questions, 

which KDF is used to derive Knasenc and Knasint, how to decipher the signalling messages in NAS security layer?

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
Related Contents
08/05/2013
Netmanias Technical Documents
07/31/2013
Netmanias Technical Documents
 
 
 
 

[HFR Private 5G: my5G]

 

Details >>

 

 

 

     
         
     

 

     
     

Subscribe FREE >>

Currently, 55,000+ subscribed to Netmanias.

  • You can get Netmanias Newsletter

  • You can view all netmanias' contents

  • You can download all netmanias'

    contents in pdf file

     
     

 

     
         
     

 

 

 

View All (181)
5G (9) 6G (1) Backbone (2) Backhaul (3) Blockchain (1) CDN (1) Carrier Ethernet (3) Charging (1) Cloud Native (1) Core (1) DHCP (4) ECM (2) EMM (16) EPS (2) Google (1) HLS (1) HTTP Adaptive Streaming (3) Handover (5) IPTV (4) Initial Attach (2) IoT (2) Korea (1) LTE (39) LTE Identification (2) LTE-A (1) MPLS (2) Mobility (2) NAT (7) Netflix (1) Network Architecture (3) Network Protocol (20) New Radio (1) OTT (1) PCRF (3) Private 5G (1) QoS (3) RCS (3) SDF (2) SDN/NFV (3) SK Telecom (2) Samsung (3) Security (5) Sk Telecom (1) Transparent Cache (1) Video Streaming (4) VoLTE (2) Wi-Fi (1) YouTube (2)
Password confirmation
Please enter your registered comment password.
Password