Chapter 11
LTE/SAE Security
11.1 Introduction
This chapter presents the security-related functionality of LTE and SAE. It also provides an overview of the aspects that should be taken into account when planning and operating a secure network.
The LTE/SAE network is based on IP, which means that it is vulnerable to the same threats as any other packet network. The main aim of the LTE/SAE operator is to reduce the opportunities for the misuse of the network.
Since the early days of the 3GPP 3G system, security has been identified as an essential part of the whole service. The first Release 99 specifications included 19 new specifications by the SA3 working group, including the main definitions found in TS 33.102 (3G Security—Security Architecture). Ever since, 3GPP has produced advanced specifications for security, taking into account the IP domain, as mobile networks are developing towards IMS and all-IP concepts.
3GPP SA3 has created new specifications for LTE/SAE protection under TS 33.401 (Security Architecture of SAE) [1] and TS 33.402 (Security of SAE with Non-3GPP access) [2]. The LTE system provides confidentiality and integrity protection for signaling between the LTE-UE and the MME. Confidentiality protection refers to the ciphering of the signaling messages. Integrity protection ensures that the signaling message content is not altered during transmission.
All the LTE traffic is secured using the Packet Data Convergence Protocol (PDCP) in the radio ...