I have couple of question regarding security procedure in case of NAS and AS Security procedure.
1> In case of NAS security procedure, MME sends Security mode command to UE with with only integrity protected, and UE sends Security mode complete after integrity verification to eNB with both integrity protected and ciphered too, as MME shared the ciphered algo with UE in command message.
But in case of AS security procedure, eNB sends security mode command with integrity protected and UE reply with only integrity protected Security mode complete message though eNB shared ciphering algo with UE.
Why in case of AS Security mode complete message it is only integrity protected and not ciphered but in case NAS security Complete message is both ciphered and integrity protected ? Any special requirement/reason for it ?
2> In case of NAS, after security is established every NAS message goes through Ciphering first and then Integrity protection added but in case AS security RRC messages why it is first integrity protection and than ciphered ?
What is the reason behind different order of integrity protection and ciphering in case of NAS and AS ?