LTE NAS: Security Mode Command

Ø    The purpose of the NAS security mode control procedure is to take an EPS security context into use, and initialize and start NAS signalling security between the UE and the MME. The MME starts this procedure by sending SECURITY MODE COMMAND message
Ø     The MME may send a SECURITY MODE COMMAND in order to change the NAS security algorithms for a current EPS security context already in use
Ø      The MME shall send the SECURITY MODE COMMAND message unciphered, but shall integrity protect the message with the NAS integrity key based on KASME or mapped K'ASME indicated by the eKSI included in the message
Ø    The MME shall set the security header type of the message to "integrity protected with new EPS security context" since this message is only integrity protected but not ciphered
Ø     The MME shall include the replayed security capabilities of the UE (including the security capabilities with regard to NAS, RRC and UP (user plane) ciphering etc...)
Ø      The MME shall include the replayed nonceUE if the UE included it in initial L3 message to the network
Ø       Also, the MME shall send the selected NAS ciphering and integrity algorithms and the NAS Key Set Identifier (eKSI) in the SECURITY MODE COMMAND message
Ø        The MME shall include both the nonceMME and the nonceUE when creating a mapped EPS security context during inter-system change from A/Gb mode to S1 mode or Iu mode to S1 mode in EMM-IDLE mode
Ø        Additionally, the MME may request the UE to send its IMEISV in the SECURITY MODE COMPLETE message
Ø        The UE shall derive KNASenc and KNASint keys from the key KASME/K'ASME and the received EPS encryption and integrity algorithms (respectively)
Reference: 3GPP TS 24.301
Example: SECURITY MODE COMMAND

18 comments:

  1. Is it mandatory to have NAS Security Mode Procedure as per spec?

    ReplyDelete
    Replies
    1. Hi,

      The NAS security is mandatory as per 3GPP. Please refer to 24.301. Also the security termination points are provided in the TS 36.300 table 14.2-1

      Delete
  2. 2 questions:

    Q1. Does eKSI indicate which key in the KASME-list should be used?

    Q2. Which is then the NAS COUNT values (for down/uplink) that UE should use?

    Thanks.

    ReplyDelete
  3. Hi,

    eKSI indicates the key KASME. the eKSI may be either of type KSI-ASME or of type KSI-SGSN for native and mapped security contexts respectively. Please refer to section 4.4.3 in 24.301 for different cases of NAS COUNT handling

    Thanks

    ReplyDelete
  4. HI,
    Which part of the Security Mode Command example show the eKSI value and how to derive the KASME from the eKSI value?

    Thank you

    ReplyDelete
  5. Why is that there are two "Security header type" in the message.
    Will the second one ever have a non zero value ?

    This question is not only regarding SMC, for any security protected message.

    ReplyDelete
  6. Looks like all security protected NAS messages are structured like this. See 8.2.23 of 24.301. After first security header, MAC, sequence number and then NAS message. NAS message for security mode command (8.2.20) by structure contains a security header.
    I think that before security mode command, all plan NAS messages use this security header.Once security is established, the first security header type needs to be used.

    I also think that the second security header will never be a non ZERO value

    ReplyDelete
  7. Can not we merge NAS identity request and authentication request into one?

    ReplyDelete
  8. Can anybody give example of Security Mode Command NAS LTE protocol for null integrity algo?

    ReplyDelete
  9. Why there is separate NAS Security procedure in LTE while it is not in WCDMA?

    ReplyDelete
  10. Why there is separate NAS Security procedure in LTE while it is not in WCDMA?

    ReplyDelete
    Replies
    1. check here: https://www.quora.com/Why-are-there-2-levels-of-security-at-access-stratum-as-well-as-at-non-access-stratum-in-LTE-as-compared-to-3G-Legacy-systems-which-have-only-AS-level-security

      Delete
  11. at what condition mme does not need to establish nas security i.e. not sending SECURITY MODE COMMAND message to ue

    ReplyDelete
    Replies
    1. For example, if the serving network policy allows unauthenticated IMS Emergency Sessions. Refer to 33.401 section 15.2.2

      Delete
  12. What could be the possible values for Security Header Type in Security Mode complete message, I tried (4) "Integrity protected with new EPS security context" its working fine. Is that correct behaviour or not ?

    ReplyDelete
  13. what is the difference if KSI is 0 instead of 1

    ReplyDelete
  14. Hi sir,
    Can you tell me e.g of NAS key set identifier msg comes in to the picture in phone. And what is the use of that msg. What it shows ?

    ReplyDelete
  15. I was recently asked a question in an interview: Why is NAS security setup before AS security? Anyone knows the answers?

    ReplyDelete