top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration

Facebook Login
Site Registration

LTE security , ciphering activation time

+2 votes

you may wonder why this Q now.
Because coming from 3G RAN side and moving to 4G Core side, I am not upto date with LTE RRC.
Now trying to understand the 5G RAN security.
Before that wanted to fill the LTE RAN security procedure GAP.

Correct me if I am wrong, I know ciphering and integrity is moved to PDCP from RRC in LTE.
Then my Q is, why is there no "Ciphering Activation time " in the RRC Connection Reconfig (for security mode command) in LTE ?

Basically in 3G, RRC suspends the RLC to get the sequence numbers . And puts these SNs (may add some offset, so the SNs used to send SMC are not included) in the Security mode
command in the IE, "Ciphering Activation time"
How does this happen in LTE ?


posted Aug 24, 2018 by Pdk

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
Best answer


There is no specific activation time for ciphering in LTE, it simple mutual understanding that once UE receives NAS_security mode command then UE responds with security_mode_complete with ciphered message (This is mutual understanding that MME should decrypt).

Same way once AS_security_mode_command received at UE side UE will respond with security_mode_complete with ciphered.

So there is no need of activation timer here, because once the security mode command comes UE will respond with ciphered message. if UE doesn't support the algorithm the UE respond with security_mode_reject.

answer Aug 28, 2018 by Jaganathan
Thanks a lot.
But not sure why is there such a concept in 3G ? Is it because in 3G, RLC does the ciphering and doesnot know exactly which SN ends the SMC (RLC does segmentation and concatenation also)?
But in LTE, PDCP does the ciphering and entire SMC contained in one PDCP SDU /PDU ?
Yes, even i think the same.
Thanks a lot for the clarification . Helped me a lot :)
Similar Questions
+1 vote

During X2-handover, In PDCP how to forward prepared packets which are not yet got ACK from UE and packets getting from SGW ?

Because why I getting this doubt is, Packets which are not got ACK all are prepared one means assigned PDCP SN but packets getting from SGW are SDU's means not assigned PDCP SN for those (we sent SN status info to Target eNB when handover triggered).how to differentiate these packets at target eNB which one is PDU and which one is SDU.

+8 votes

I have basic understanding of RRC Re-establishment procedure at RRC level. But i am looking for actions performed by lower layer like PDCP, RLC etc wrt DATA Plane and signalling.

+1 vote

After reading security protocol of LTE, I am wondering both AS integrity and ciphering are in PDCP by using PDCP SN.

But in WCDMA, RRC integrity is RRC layer, and RRC ciphering are in RLC as user plane data..
1) Why design as this in LTE?
2) LTE RRC seems have no RRC sequence number?

Contact Us
+91 9880187415
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Karnataka INDIA.