# 陳毅 - 讀書會 - 21/07/21
:::info
- [x] 閱讀 Netmanias-06-LTE Security II-NAS and AS Security
:::
## Intro
![](https://i.imgur.com/mhduEgI.png)
### NAS Security
The purpose of NAS security is to securely deliver NAS signaling messages between a UE and
an MME in the control plane.
:::success
The NAS security keys are derived from $K_{ASME}$ and
new keys are generated every time EPS AKA is performed.
- $K_{NASenc}$ : 加密
- $K_{NASint}$ : 完整性
:::
### AS Security
The purpose of AS security is to securely deliver:
1. RRC messages between a UE and an eNB in
the control plane
2. IP packets in the user plane
:::success
The AS security keys are derived from $K_{eNB}$ and new keys are generated every time a new radio link is established (that is, when RRC state
moves from idle to connected).
- $K_{RRCint}$ : RRC message 與 SRB (Signaling Radio Bearer) 的完整性保護
- $K_{RRCenc}$ : RRC message 與 SRB 的加密
- $K_{UPenc}$ : User-Plane 的資料加密
:::
## NAS Security
### NAS Security Setup
![](https://i.imgur.com/8KkIoCa.png)
需特別補充的步驟:
2. [MME] Deriving NAS security keys
![](https://i.imgur.com/N5YJAqA.png)
3. [MME] Generating NAS-MAC for integrity protection
> NAS-MAC: Message
Authentication Code for NAS for Integrity
![](https://i.imgur.com/2zK4jVY.png)
7. [UE] Verifying the integrity of the Security Mode Command message
![](https://i.imgur.com/IKbmqWc.png)
### Delivering a Security Mode Complete message
![](https://i.imgur.com/fD3wnFD.png)
8. [UE] Encrypting the message using the selected encryption algorithm (EEA1)
![](https://i.imgur.com/7r1KrIU.png)
9. [UE] Generating NAS-MAC for integrity protection
![](https://i.imgur.com/iLSRu4q.png)
### After NAS Security Setup
![](https://i.imgur.com/9ruQqNS.png)
- When NAS messages are being sent, they are encrypted first and then integrity protected before being sent.
- When received, however, the NAS messages are integrity verified first and then decrypted.
![](https://i.imgur.com/SmHDoVH.png)
## AS Security
### AS Security Setup
![](https://i.imgur.com/dbAfOC0.png)
需特別補充的步驟:
5. [eNB] Generating MAC-I for integrity protection
![](https://i.imgur.com/tIQ1Ynz.png)
![](https://i.imgur.com/xyWxucq.png)
需特別補充的步驟:
- 無
### Delivering a Security Mode Complete message
![](https://i.imgur.com/d1HSu6j.png)
### After AS Security Setup
![](https://i.imgur.com/vJKIn7H.png)
- When RRC messages are being sent, they are integrity protected first and then encrypted before being sent.
- When received, however, RRC messages are decrypted first and then integrity verified.
- User packets are encrypted but not integrity protected. The user packets encrypted by a sender using the encryption key (KUPenc) are decrypted by the receiver using the same encryption key (KUPenc) to get the original user packets.
![](https://i.imgur.com/fvZfjGb.png)
:::success
**我的觀察:slightly_smiling_face:**
- RRC 只能由 UE 發起,所以在圖中僅有單向傳輸,與 NAS Security 有些微差異。
- User Data 不做完整性檢查的原因,我認為是基於成本考量。
:::
## Security Context
Data relating to security that has been set in the EPS entities during these procedures is called an EPS security context, which can be either a NAS security context or an As security context.
![](https://i.imgur.com/1jxKaj8.png)
A partial native EPS NAS security context is transformed into a full native after the SMC procedure is completed.
### 資料的關係表
![](https://i.imgur.com/O6xRDh4.png)