![]() ![]() Diameter: Update Location Request MME to HSS It indicates this is completed by sending the UplinkNASTransport, Security mode complete.Īt this stage the authentication of the subscriber is done, and a default bearer must be established. S1AP: UplinkNASTransport, Security mode complete eNB to MMEĪfter the UE / Subscriber has derived the Ciphering Key (CK) and Integrity Key (IK) from the sent crypto variables earlier, it can put them into place as required by the NAS Security algorithms sent in the Security mode command request. The MME and the UE/Subscriber are able to derive the Ciphering Key (CK) and Integrity Key (IK) from the sent crypto variables earlier, and now both know them. The DownlinkNASTransport, Security mode command is then sent by the MME to the UE to activate the ciphering and integrity protection required by the network, as set in the NAS Security Algorithms section ![]() S1AP: DownlinkNASTransport, Security mode command MME to eNB I have written more about this procedure here. If the two match then the subscriber is authenticated. The MME compares the RES sent Subscriber / UE’s USIM against the one sent by the MME in the Authentication-Information Answer (the XRES – Expected RES). The subscriber authenticates the network based on the sent values, and if the USIM is happy that the network identity has been verified, it generates a RES (response) value which is sent in the UplinkNASTransport, Authentication response. S1AP: UplinkNASTransport, Authentication response eNB to MME The Subscriber / UE’s USIM looks at the AUTN value and RAND to authenticate the network, and then calculates it’s response (RES) from the RAND value to provide a RES to send back to the network. Now the MME has the Authentication vectors for that UE / Subscriber it sends back a DownlinkNASTransport, Authentication response, with the NAS section populated with the RAND and AUTN values generated by the HSS in the Authentication-Information Answer. S1AP: DownlinkNASTransport, Authentication request MME to eNB Diameter: Authentication Information Response HSS to MMEĪssuming the subscriber exists in the HSS, a Authentication-Information Answer will be sent back from the HSS via Diameter to the MME, containing the authentication vectors to send to the UE / subscriber. I’ve gone on and on about LTE UE/Subscriber authentication, so I won’t go into the details as to how this mechanism works, but the MME will send a Authentication-Information Request via Diameter to the HSS with the Username set to the Subscriber’s IMSI. The MME does not have a subscriber database or information on the Crypto side of things, instead this functionality is offloaded to the HSS. Diameter: Authentication Information Request MME to HSS If this is a new subscriber to the network, the IMSI is sent as the subscriber identity, however wherever possible sending the IMSI is avoided, so if the subscriber has connected to the network recently, the M-TMSI is used instead of the IMSI, and the MME has a record of which M-TMSI to IMSI mapping it’s allocated. The NAS part of this request contains key information about our UE and it’s capabilities, most importantly it includes the IMSI or TMSI of the subscriber, but also includes important information such as SRVCC support, different bands and RAN technologies it supports, codecs, but most importantly, the identity of the subscriber. The TAI, EUTRAN-CGI and GUMME-ID sections all contain information about the serving network, such the tracking area code, cell global identifier and global MME ID to make up the GUTI. S1AP: initiating Message, Attach Request, PDN Connectivity Request eNB to MMEĪfter a UE establishes a connection with a cell, the first step involved in the attach process is for the UE / subscriber to identify themselves and the network to authenticate them. To make life a bit easier I’ve put different signalling messages in different coloured headings: We won’t touch on the air interface / Uu side of things, just the EPC side of the signaling. There’s a lot of layers of signalling in the LTE / EUTRAN attach procedure, but let’s take a look at the UE attach procedure from the Network Perspective. ![]()
0 Comments
Leave a Reply. |