Difference between security mode procedure and AS Security setup?

257 views

What is the difference between security mode procedure after authentication and AS Security setup during initial context setup after attach accept?

posted Mar 25, 2015 by Srinivas Sambari

Share this question

Facebook Share Button

Twitter Share Button

LinkedIn Share Button

1 Answer

Best answer

LTE provides two level of security for an UE . First, LTE network establishes/completes NAS level security using Security mode procedure. Once NAS level i.e. between MME and UE security is established, MME initiates "Initial Context Setup Procedure" towards eNodeB for an UE. This S1-AP "Initial Context Setup Request" message contains security related parameter likes "UE Security Capabilities (encryption and integrity algorithms)" and "Security Key (Kenb)" . Once eNodeB receives these parameters, it generates AS security keys (RRCint, RRCenc, UP-enc) and establishes security context with UE using RRC "security mode procedure" .

References:
3GPP TS 24.301 for NAS-security mode procedure
3GPP TS 36.331 for AS-security mode procedure
3GPP TS 33.401 for security keys derivation.

answer Mar 25, 2015 by Vimal Kumar Mishra

Similar Questions

+4 votes

Why Identity Request Need to be perform by MME after successful Authentication and Security Mode Complete...?

I saw a scenario where an Identity is requested by MME after successful Authentication and Security mode complete.. As a Response to this message UE is Sending IMEI? what is the need of checking IMEI number after successful authentication? If IMEI is in block list then ongoing Attach procedure is going to be Terminate...? Identity Request intention is mainly to check the IMEI belongs to any one of Black, while or Green list then why cannt MME check for this before Security Mode?

+3 votes

TAU procedure in Connected mode and Idle

What UE is supposed to do when it move from a Tracking Area to another Tracking Area ?

0 votes

When NAS security mode fails, which procedure should we follow?

0 votes

LTE: What are actions taken at source eNodeB or MME in case of partial resource allocation as part of HO procedure?

When target eNodeB is not able to allocate resource for all the bearers which comes as part of Handover Request message, it sends handover request ack with partial success since "E-RABs Failed to Setup List" is present in HOReqAck message.
What MME or source eNodeB does in that case ? Does any action taken by MME for the E-RABs which failed to setup at target eNodeB or some other actions taken ?

...