Security Management:
- Authentication
- User Identity Confidentiality
- Encryption
- Data Integrity
- IMEI Check
Authentication
An authentication and Non-Access Stratum (NAS) security procedure is used to ensure the security of data transmitted when data integrity is not protected or integrity check fails for the Attach Request message due to the lack of UE context on the network.
The MME obtains authentication quadruplets from the HSS for UE authentication. Each EPS authentication quadruplet can be used to authenticate the UE.
The EPS Authentication and Key Agreement (EPS AKA) is an authentication and key negotiation procedure that is used on the E-UTRAN. EPS AKA provides basic key information for User Plane (UP), Radio Resource Control (RRC), and Non-Access-Stratum (NAS) encrypted keys, and RRC and NAS integrity protection keys.
User Identity Confidentiality
- Explicit GUTI Reallocation
The MME may initiate a GUTI reallocation procedure to reallocate a new GUTI
and/or a new TAI list to the UE at any time after a signaling connection is
established between UE and MME. The GUTI and/or the TAI list may also
be reallocated during an attach or tracking area update (TAU) procedure.
- Identification
A subscriber identification procedure will be performed by the serving network
if the subscriber cannot be identified using a temporary identity (GUTI). In particular,
the procedure should be performed when the serving network cannot retrieve
the IMSI using the GUTI.
Encryption
The MME uses the NAS Security Mode Command (SMC) procedure to establish a NAS security association between the UE and MME, in order to protect further NAS signaling messages. This procedure is also used to make changes in the security association, for example, to change the security algorithm.
Data Integrity
There are two different levels of the security associations between the UE and the network.
RRC and UP security associations are between the UE and E-UTRAN. An RRC security association protects the integrity of RRC signaling between the UE and E-UTRAN. A UP security association provides the user-plane encryption function between the UE and E-UTRAN.
A NAS security association is between the UE and the MME. It provides integrity protection for NAS signaling.
IMEI Check
The IMEI check procedure permits the operator(s) of the MME and/or the HSS and/or the P-GW to check mobile equipment’s identity (for example, to check whether mobile equipment is stolen or whether the mobile equipment is faulty).