Chapter 8

EPS Protection for Signalling and User Data

Protecting communication over the air and inside the network is important so that confidentiality of information can be assured and attacks on the communication channels can be more easily mitigated. Evolved Packet System (EPS) has two layers of security for signalling: the first layer is between User Equipment (UE) and the base stations, and the second layer is between UE and the core network (see Chapter 6). The user plane data packets are protected between UE and base stations and further in the network in hop-by-hop manner. In this chapter, we describe in detail how the communication between UE and network and inside the network is protected.

Long Term Evolution (LTE) has separate signalling and user planes. The signalling plane is further divided into signalling between UE and base stations (i.e. Access Stratum, AS) and between UE and core network (i.e. Non-Access Stratum, NAS). Signalling protection consists of ciphering and integrity protection with replay protection; for the user plane (data) on the air interface only ciphering is provided, as explained in Sections 8.1–8.3, with the exception of the Un air interface between a relay node and a Donor evolved NodeB (eNB), as explained in Section 7.3.2 and Chapter 14. We describe also how core network interface protection mechanisms are used within EPS (in Section 8.4), how certificate enrolment to the base stations is handled (in Section 8.5) and how emergency calls are ...