Chapter 9

Security in Intra-LTE State Transitions and Mobility

This chapter describes security for state transitions and mobility inside Long Term Evolution (LTE). These include registering to the network, moving to ECM–CONNECTED state (EPS Connection Management), intra-LTE handovers, moving to idle state, idle state mobility and de-registering from the network.

The two layers of LTE security and the key management requirements are reflected in the security of state transitions and mobility scenarios. The first layer security between the user equipment (UE) and the base stations, called the Access Stratum (AS) security layer, is set up only when user plane (UP) data needs to be exchanged, but the second layer of security between UE and the core network, called the Non-Access Stratum (NAS) security layer, is set up all the time when the UE is registered to the network. An Evolved Packet System (EPS) NAS security context of type native (see Section 7.4) remains stored in the UE and the Mobility Management Entity (MME) while the UE is not registered to the network and is used when the UE re-registers to the network.

The second layer (NAS) is used to bootstrap the first layer (AS) security when the UE needs to send or receive data. The first layer security is refreshed with the help of the second layer security between the UE and the core network. Running EPS Authentication and Key Agreement (AKA) and a Security Mode Command procedure refreshes the second layer security itself that ...