陳毅 - 讀書會 - 21/07/21

# 陳毅 - 讀書會 - 21/07/21 :::info - [x] 閱讀 Netmanias-06-LTE Security II-NAS and AS Security ::: ## Intro ![](https://i.imgur.com/mhduEgI.png) ### NAS Security The purpose of NAS security is to securely deliver NAS signaling messages between a UE and an MME in the control plane. :::success The NAS security keys are derived from $K_{ASME}$ and new keys are generated every time EPS AKA is performed. - $K_{NASenc}$ : 加密 - $K_{NASint}$ : 完整性 ::: ### AS Security The purpose of AS security is to securely deliver: 1. RRC messages between a UE and an eNB in the control plane 2. IP packets in the user plane :::success The AS security keys are derived from $K_{eNB}$ and new keys are generated every time a new radio link is established (that is, when RRC state moves from idle to connected). - $K_{RRCint}$ : RRC message 與 SRB (Signaling Radio Bearer) 的完整性保護 - $K_{RRCenc}$ : RRC message 與 SRB 的加密 - $K_{UPenc}$ : User-Plane 的資料加密 ::: ## NAS Security ### NAS Security Setup ![](https://i.imgur.com/8KkIoCa.png) 需特別補充的步驟: 2. [MME] Deriving NAS security keys ![](https://i.imgur.com/N5YJAqA.png) 3. [MME] Generating NAS-MAC for integrity protection > NAS-MAC: Message Authentication Code for NAS for Integrity ![](https://i.imgur.com/2zK4jVY.png) 7. [UE] Verifying the integrity of the Security Mode Command message ![](https://i.imgur.com/IKbmqWc.png) ### Delivering a Security Mode Complete message ![](https://i.imgur.com/fD3wnFD.png) 8. [UE] Encrypting the message using the selected encryption algorithm (EEA1) ![](https://i.imgur.com/7r1KrIU.png) 9. [UE] Generating NAS-MAC for integrity protection ![](https://i.imgur.com/iLSRu4q.png) ### After NAS Security Setup ![](https://i.imgur.com/9ruQqNS.png) - When NAS messages are being sent, they are encrypted first and then integrity protected before being sent. - When received, however, the NAS messages are integrity verified first and then decrypted. ![](https://i.imgur.com/SmHDoVH.png) ## AS Security ### AS Security Setup ![](https://i.imgur.com/dbAfOC0.png) 需特別補充的步驟: 5. [eNB] Generating MAC-I for integrity protection ![](https://i.imgur.com/tIQ1Ynz.png) ![](https://i.imgur.com/xyWxucq.png) 需特別補充的步驟: - 無 ### Delivering a Security Mode Complete message ![](https://i.imgur.com/d1HSu6j.png) ### After AS Security Setup ![](https://i.imgur.com/vJKIn7H.png) - When RRC messages are being sent, they are integrity protected first and then encrypted before being sent. - When received, however, RRC messages are decrypted first and then integrity verified. - User packets are encrypted but not integrity protected. The user packets encrypted by a sender using the encryption key (KUPenc) are decrypted by the receiver using the same encryption key (KUPenc) to get the original user packets. ![](https://i.imgur.com/fvZfjGb.png) :::success **我的觀察:slightly_smiling_face:** - RRC 只能由 UE 發起，所以在圖中僅有單向傳輸，與 NAS Security 有些微差異。 - User Data 不做完整性檢查的原因，我認為是基於成本考量。 ::: ## Security Context Data relating to security that has been set in the EPS entities during these procedures is called an EPS security context, which can be either a NAS security context or an As security context. ![](https://i.imgur.com/1jxKaj8.png) A partial native EPS NAS security context is transformed into a full native after the SMC procedure is completed. ### 資料的關係表 ![](https://i.imgur.com/O6xRDh4.png)