---
# System prepended metadata

title: 陳毅 - 讀書會 - 21/07/21

---

# 陳毅 - 讀書會 - 21/07/21

:::info
- [x] 閱讀 Netmanias-06-LTE Security II-NAS and AS Security
:::

## Intro
![](https://i.imgur.com/mhduEgI.png)
### NAS Security

The purpose of NAS security is to securely deliver NAS signaling messages between a UE and
an MME in the control plane.
:::success
The NAS security keys are derived from $K_{ASME}$ and
new keys are generated every time EPS AKA is performed.
- $K_{NASenc}$ : 加密
- $K_{NASint}$ : 完整性
:::
### AS Security

The purpose of AS security is to securely deliver:
1. RRC messages between a UE and an eNB in
the control plane 
2. IP packets in the user plane

:::success
The AS security keys are derived from $K_{eNB}$ and new keys are generated every time a new radio link is established (that is, when RRC state
moves from idle to connected).
- $K_{RRCint}$ : RRC message 與 SRB (Signaling Radio Bearer) 的完整性保護
- $K_{RRCenc}$ : RRC message 與 SRB 的加密
- $K_{UPenc}$ : User-Plane 的資料加密
:::
## NAS Security

### NAS Security Setup

![](https://i.imgur.com/8KkIoCa.png)
需特別補充的步驟:
2. [MME] Deriving NAS security keys
![](https://i.imgur.com/N5YJAqA.png)
3. [MME] Generating NAS-MAC for integrity protection
> NAS-MAC: Message
Authentication Code for NAS for Integrity

![](https://i.imgur.com/2zK4jVY.png)
7. [UE] Verifying the integrity of the Security Mode Command message
![](https://i.imgur.com/IKbmqWc.png)

### Delivering a Security Mode Complete message

![](https://i.imgur.com/fD3wnFD.png)
8. [UE] Encrypting the message using the selected encryption algorithm (EEA1)
![](https://i.imgur.com/7r1KrIU.png)

9. [UE] Generating NAS-MAC for integrity protection
![](https://i.imgur.com/iLSRu4q.png)


### After NAS Security Setup

![](https://i.imgur.com/9ruQqNS.png)

- When NAS messages are being sent, they are encrypted first and then integrity protected before being sent.
- When received, however, the NAS messages are integrity verified first and then decrypted.

![](https://i.imgur.com/SmHDoVH.png)


## AS Security

### AS Security Setup

![](https://i.imgur.com/dbAfOC0.png)


需特別補充的步驟:

5. [eNB] Generating MAC-I for integrity protection
![](https://i.imgur.com/tIQ1Ynz.png)

![](https://i.imgur.com/xyWxucq.png)

需特別補充的步驟:
- 無

### Delivering a Security Mode Complete message

![](https://i.imgur.com/d1HSu6j.png)


### After AS Security Setup
![](https://i.imgur.com/vJKIn7H.png)
- When RRC messages are being sent, they are integrity  protected first and then encrypted before being sent.
- When received, however, RRC messages are decrypted first  and then integrity verified.
- User packets are encrypted but not integrity protected. The user packets encrypted by a sender using the encryption key (KUPenc) are decrypted by the receiver using the same encryption key (KUPenc) to get the original user packets.

![](https://i.imgur.com/fvZfjGb.png)

:::success
**我的觀察:slightly_smiling_face:**
- RRC 只能由 UE 發起，所以在圖中僅有單向傳輸，與 NAS Security 有些微差異。
- User Data 不做完整性檢查的原因，我認為是基於成本考量。
:::

## Security Context

Data relating to security that has been set in the EPS entities during these procedures is called an EPS security context, which can be either a NAS security context or an As security context.

![](https://i.imgur.com/1jxKaj8.png)

A partial native EPS NAS security context is transformed into a full native after the SMC procedure is completed.

### 資料的關係表

![](https://i.imgur.com/O6xRDh4.png)