【正文】 IdleNative(Native) KSIasme。EPSNative.，當(dāng) UE切換到回 LTE時，MappedAKA過程，并且通過 NASinpoweroff. in the ME volatile Memory USIM ME NVMEMEMM capable in USIMNo EMM capable in USIMFullFullStored.orismappedpartialnativeinvalidandAKA? IfIKEPSstoredalreadyUSIMCKcouldkeysearlierAKA.tosecurity contextwereissecurity contextforIdle? Therefore,aintonecessitateauthenticationUSIMEMMAKA過程中產(chǎn)生的 CK,IK不能存貯于 USIM中存貯 UMTS若 USIM不支持 EMMFiles，當(dāng) USIM卡換 ME時，則必須要執(zhí)行 EPSAVAV(3)XRESAUTNKasme CK IK KcEPSAKA)HSSAMF RANDSQN Kf1 f2 f3 f4 f5MACXRESCK IK AKAMFSQN SQN(+)AKAMFMACMAC認(rèn)證向量四元組認(rèn)證令牌認(rèn)證算法認(rèn)證配置RAND AUTNSNIdKasmeHSS27EPSdomainsEPSsameinUMTSsameIK,)? Kasme的產(chǎn)生與 SNAKA。UTRAN/GERAN?EUTRANidle Mobility Thenotidlehandoverexistingsecurity context.也就是說 NASsecurityfromshallUEselectedeKSIandNONCEmmeofcontextThisintegrityciphered)keyindicatedin? ThetheNASmessage.thatcapabilitiesMMEstoredtowereanthethealgorithmintegrityKASMEeKSI.creatingforinUEreceivedsamesentRequestK39。IKnonces? IfUEintegritywithsendsmodeMMEprotectedmodeincludeMMEthemessage.? TheandprotectionSecuritytheindicatedSecuritydownlinkMMEshallthepletedecipheringwithaftersecurityMME UENAS (UE , Selected NAS Algoritm, eKSI, IMEISV Request, NONCEue, NONCEmme, NASMAC)NAS ( IMEISV, NASMAC )Start . (de)CipheringStart UL deCipheringStart DLCipheringStart .Nonce? IfnotindicatedinorwasMMEnew(thatcurrentthisshallNONCEmmethetheaASMEIK,wereKSItheAnnexinformationderiveASME.amandUENONCEUE,themand.downlinkmappedbevaluenewisandmappedcase,ensureisthethealsofromtheAnnexASmessageUEselectedmessageprotectedkeycurrentsecurityfromshallwithalgorithmASmessagekeycurrentUPatstartASmessage.uplinktheafterverificationsecurity? RRCcipheringUEsendingmodeand(decryption)shallandthemandSMC與 NASSMC后才繼續(xù) InterMME源 ENBSMC，但在 HOAcknowledge中使用 OldASHO? NAS同時在 S10接口上傳輸兩套 .主要內(nèi)容? EPS 安全綜述? EPS AKA與 ? EPS MM程與 HO過程中的安全? EPS KDF? EPS EEA1/2/3與 EIA/1/2/3算法EPS MM程與 HO過程中的安全? LTE內(nèi)的狀態(tài)遷移時的安全上下文的處理? LTE內(nèi) TAU過程。EMMDEREGISTERED? Ifhavenativeasecurity context,makeEPSone.? UEdeletepartialhold.NCFNCPCMCFEMMDEREGISTEREDEMMREGISTEREDCFEUSIM MEUSIM MECFToPowerSubscriptionTAURequestMME.If there is no . in MME, AKA is runned.CF AttachandMME.If there is no . in MME, AKA is runned.AttachRunsECMIDLEFromUEKenb)Kenb?f(Kasme)NCC?0Count?0當(dāng) MME改變且 PLMNID發(fā)生改變時，必須要執(zhí)行，否則根據(jù) MME的 Policy來決定NASIpAlg),僅僅用于 (extended) Service Request消息或 TAU With Active Flag消息From?對于 FullNativeSetupContext0?S1APRequestf(CK||IK,GUTI,GUTI,)ContextUEEPSListNAS()FromRAU? NASTokenCOUNT|0x0004)? CK’|IK’f(Kasme,0x1B|ULRAI,PTMSIRequest(PTMSI,old)ContextPTMSIMMPDPCount值 ,驗證通過后，計算出 CK’,IK’通過 Kasme及 ULRAURNC.(Allowed).(Selected)ISR激活的情形ISR沒有激活，或一般的情形FromTAU? K’asmeRequest(nativeRequest(mappedLVTAI,OldPTMSIMM)若 UE還有 CurrentRequest消息必須包含 nGUTI,eKSI,并用此 .,否則此消息無 .，且沒有 nGUTI,)若前面通過了 .，則使用原來的 EPSeNBNASNASMappedflyeNBCOUNTsbesameandKenb– IntraCellNASofafterortheNASfromonebyandifferentactiveactivated.RefreshKenbKrrcencKrrcintKupencReKeyingKasmeKnasencKnasintKenbKrrcencKrrcintKupenc=)?f(Kasme,0x11|ULforchainingf(Kenb,ChainingPhysicalEUTRAChannelIffromKeNBtothefromtheto? OnkeyistheitsituseinhandoversderivationKeNBtoandbeforeintoKeNBeNB– Kenb*= f(Kenb, 0x13|PCI|0x0002|EARFCNDL|0x0002)從 SourceRAN(eNB)S2Tto,in the HO Command IntraLTENCC)InterRAT:eNBHandoverSwitchorIRAT_HOUERRC:(Selectedto(rNCC)? If0x13|PCI|0x0002|EARFCNDL|0x0002)? IfNH*=)Kenb*=f(NH)Kenb = f(Kasme,0x11|UL NAS Count|0x0004 )NH0 = f(Kasme,0x12|Kenb|len(Kenb)=0x0020=32 )NH* = f(Kasme,0x12|NH |len(NH) )Kenb*f(KenbIntracell,NCC)產(chǎn)生新的 Kenb*=f(NH/Kenb）RRCCMP消息進(jìn)行 .X2,TC(HOSwitchRequest,NCC)產(chǎn)生新的 Kenb*=f(NH）產(chǎn)生新的 Kenb*=f(NH） RRC但是TC中的 RRC消息還是明文的處理的。Handover過程中的特殊情形SeNB TeNB MMEHandoverKenb*,NCC)HandoverCommandRequest(UEAck(NCC,NH)RRCConnectionNCC+1,NH=f(NH,Kasme0)Kenb*應(yīng)用未用的 NH來計算，否則 ,使用當(dāng)前的 Kenb來計算。Handover過程中的安全處理SeNB TeNB MMEHandoverRequestTCAck(T2SNotify產(chǎn)生新的 Kenb*=f(NH）使用新的 Kenb*來檢查 CP及 消息，然后 Kenb*成為新的 KenbNCC+1,NH=f(NH,Kasme)HandoverCMD(RRCNAS,UE根據(jù) NCC從 Kenb計算出 Kenb*，然后 成為新Kenb,并以此 Kenb及選擇的算法對 HOTC(HandoverPreparationInformation))NAS ,CompleteHandoverCMD(RRCConnectionReconfigT2C))?若 MME發(fā)生了改變，舊的 MME也會將以前使用的 Kasme及 eKSI傳遞給新的 MME。EPS AKA and NAS 若 MME發(fā)生了改變，則 MME再次執(zhí)行 NAS ，整個 Key的 Rekey若 MME沒有發(fā)生改變，則 MME則要進(jìn)入整個 AS Key的 ReKey過程64Forward security? InKeNBsecuritypropertyeNBaabepredictthatbetweenandspecifically,theeNBputebeUEtoisoror必須是 Replace。UTRAN?LTE的場景? UE有多個 UMTSKey與 Kenb及選擇安全算法。? UE有多個 UMTS.– Idle：使用 FN MME產(chǎn)生 K’asme，并產(chǎn)生 NASRequest還是用 KSIsgsn來保護(hù)，但 UE有 NativeRequest，則也認(rèn)為共享 NativeSMC等過程。EPS? 注意： UMTS UMTS。UTRANNAS=KSI,AVsRNCeNBHandoverForwardS2TPermittedSetup))SelectedSetupC.RAB(handovertoUTRANCommand(HandoverSelectedEUTRASelectedUTRANCompleteAcknowledgeRelocationUE與目標(biāo) RNC在物理層上同步上.FromHOK’asme=0x0004),UE SGSN MMEeNBRNCRelocation ForwardS2TUES2TResponse(SetupTC,計算出K’asme=再計算出 Kenb,Knasenc,KnasintHandoverFromUTRANCommandEUTRA(RRCConnectionReconfigComplete HandoverNotificationForwardf(CK||IK,0x18然后，計算出 Kenb，根據(jù) NASHandoverCMD(RRCConnectionReconfigCMD(RRCConnectionReconfigtothetoisUEenable the UE to create a mapped EPS security contextcontextintersystem160