Introduction to AS security:
AS security is required to send the RRC messages securely between UE and eNB by using AS Security Keys.
AS security keys are derived from keNB and new keys will be generated every time a new radio link is established.
After the AS security setup is completed, the UE and the eNB get to share an RRC integrity key (KRRCint), RRC encryption key (KRRCenc) and user plane encryption key (KUPenc).
The messages exchanged between Initial security activation are:
1. SecurityModeCommand
2. SecurityModeComplete
3. SecurityModeFailure
1. SecurityModeCommand
The SecurityModeCommand message is used to command the activation of AS security.
Signalling radio bearer: SRB1
RLC-SAP: AM
Logical channel: DCCH
Direction: E-UTRAN to UE
This procedure is initiated before establishment of SRB2 and DRB’s.
Once the “SecurityModeCommand” is received by UE, it will:
* derive the KeNB key
* derive the KRRCint key associated with the integrityProtAlgorithm indicated in the SecurityModeCommand message
* if the SecurityModeCommand message passes the integrity protection check, it will derive the KRRCenc key and the KUPenc key associated with the cipheringAlgorithm indicated in the
The UE shall apply ciphering using the indicated algorithm (EEA), KRRCenc key and the KUPenc key after completing the procedure.
2. SecurityModeComplete
The SecurityModeComplete message is used to confirm the successful completion of a security mode command.
Signalling radio bearer: SRB1
RLC-SAP: AM
Logical channel: DCCH
Direction: UE to E-UTRAN
UE will send “SecurityModeComplete” message un-ciphered. Once the “SecurityModeComplete” is sent to eNB, then it will cipher the messages.
3. SecurityModeFailure
The SecurityModeFailure message is used to indicate an unsuccessful completion of a security mode command.
Signalling radio bearer: SRB1
RLC-SAP: AM
Logical channel: DCCH
Direction: UE to E-UTRAN
After this message, UE will neither applies integrity protection nor ciphering.
Reference: 3GPP TS 36.331 and 3GPP TS 33.401