8
EPS Protection for Signalling and User Data
Protecting communication over the air and inside the network is important so that confidentiality of information can be assured and attacks on the communication channels can be more easily mitigated. EPS has two layers of security for signalling: the first layer is between UE and the base stations, and the second layer is between UE and the core network (see Chapter 6). The user plane data packets are protected between UE and base stations and further in the network in hop-by-hop manner. In this chapter, we describe in detail how the communication between UE and network and inside the network is protected.
LTE has separate signalling and user planes. The signalling plane is further divided into signalling between UE and base stations (i.e. Access Stratum, AS) and between UE and core network (i.e. Non-Access Stratum, NAS). Signalling protection consists of ciphering and integrity protection with replay protection; for the user plane (data) only ciphering is provided, as explained in sections 8.1–8.3. We describe also how core network interface protection mechanisms are used within EPS (in section 8.4), how certificate enrolment to the base stations is handled (in section 8.5), and how emergency calls are handled (in section 8.6).
8.1 Security Algorithms Negotiation
Before the communication can be protected, both UE and the network need to agree on what security algorithms to use. EPS supports multiple algorithms and includes two mandatory ...