LTE NAS: Security Mode Complete

Ø     If the SECURITY MODE COMMAND message can be acceptable to the UE, then the UE shall send a SECURITY MODE COMPLETE message to the network
Ø     If the MME requests IMEISV in the SECURITY MODE COMMAND message then the UE shall include its IMEISV in the SECURITY MODE COMPLETE message
Ø     The SECURITY MODE COMPLETE message shall be integrity protected with the selected NAS integrity algorithm and the EPS NAS integrity key based on the KASME/K'ASME
Ø     Also, the UE shall cipher the SECURITY MODE COMPLETE message with the selected NAS ciphering algorithm and the EPS NAS ciphering key based on the KASME/K'ASME 
Ø     After sending SECURITY MODE COMPLETE message, the UE shall cipher and integrity protect all the subsequent NAS messages with the selected NAS ciphering and integrity algorithms respectively
Ø     After receiving SECURITY MODE COMPLETE message, the MME shall integrity protect and encipher all signalling messages with the selected NAS integrity and ciphering algorithms respectively
Reference: 3GPP TS 24.301
Example: SECURITY MODE COMPLETE


Posted by KP
Labels: , , ,

2 comments:

  1. AnonymousOctober 20, 2017 at 8:04 AM

    Can the eNB request IMEISV within an Identity Request message prior to the security mode?

    ReplyDelete
  2. KPJanuary 17, 2018 at 12:19 PM

    The MME may include "IMEISV request" IE in the SECURITY MODE COMMAND message to request the UE to send its IMEISV with the corresponding SECURITY MODE COMPLETE message.

    So I don't think that there is a need for this to be part of Identity procedure. Do you have any experience of this?

    ReplyDelete

Subscribe to: Post Comments (Atom)