LTE Security


A concise, updated guide to the 3GPP LTE Security Standardization specifications

A welcome Revised Edition of the successful LTE Security addressing the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but which needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. The authors explain in detail the security mechanisms ...

See more details below
Hardcover (Revised Edition)
$112.73 price
(Save 9%)$125.00 List Price
Other sellers (Hardcover)
  • All (8) from $98.93   
  • New (7) from $98.93   
  • Used (1) from $112.72   


A concise, updated guide to the 3GPP LTE Security Standardization specifications

A welcome Revised Edition of the successful LTE Security addressing the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but which needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. The authors explain in detail the security mechanisms employed to meet these requirements. The specifications generated by standardization bodies only inform about how to implement the system (and this only to the extent required for interoperability), but almost never inform readers about why things are done the way they are. Furthermore, specifications tend to be readable only for a small group of experts and lack the context of the broader picture. The book fills this gap by providing first hand information from insiders who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP, and can therefore explain the rationale for design decisions in this area.

  • A concise, fully updated guide to the 3GPP LTE Security Standardization specifications
  • Describes the essential elements of LTE and SAE Security, written by leading experts who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP
  • Explains the rationale behind the standards specifications giving readers a broader understanding of the context to these specifications
  • Includes new chapters covering 3GPP work on system enhancements for MTC, plus application layer security in ETSI TC M2M and embedded smart card in ETSI SCP; Security for Machine-type Communication, Relay Node Security, and Future Challenges, including Voice over LTE, MTC, Home base stations, LIPA/SIPTO, and New Cryptographic Algorithms

Essential reading for System engineers, developers and people in technical sales working in the area of LTE and LTE security, communication engineers and software developers in mobile communication field.

Read More Show Less

Product Details

  • ISBN-13: 9781118355589
  • Publisher: Wiley
  • Publication date: 12/26/2012
  • Series: NSN/Nokia Series
  • Edition description: Revised Edition
  • Edition number: 2
  • Pages: 366
  • Sales rank: 1,187,049
  • Product dimensions: 6.80 (w) x 9.90 (h) x 0.90 (d)

Meet the Author

Dan Forsberg received a M.Sc. degree in Computer Science (software engineering and telecommunications software) from the Helsinki University of Technology, Finland, in March 2000. He was a core member and developer of The Dynamics - HUT Mobile IP software. He worked in Nokia Research Center in Helsinki from 2000 to 2009. At Nokia Dan was involved in and led many research projects focused on mobility and security for future mobile devices. He was active in IETF and authored some Internet-Drafts and one standards track RFC in the area of user to network interfaces (EAP, AAA, PANA). In recent years, the main focus of his work has been on the SAE/LTE security standardization in the 3GPP security group (SA3). Dan led the SAE/LTE security standardization in Nokia from around 2005 to 2009. He was also nominated as one of the Nokia top inventors in 2007-2008. Dan began his PhD studies while working at Nokia and has published several scientific papers in the area of "improving and distributing session key management for mobile networks". He joined Helsinki University of Technology in 2009 to finalize his PhD studies. Dan is also a skilled software engineer, a Unix and network administration expert and established his own company in 2010 for consulting on security and software development.

Günther Horn received a PhD (Dr.rer.nat.) degree in Mathematics from the University of Tübingen, Germany, in 1985. He served as an Assistant Professor of Mathematics at the University of California at Irvine in 1985. He joined the Corporate Technology Labs of Siemens AG in Munich in 1986. In 2007, he joined Nokia Siemens Networks. He has been engaged in research on and standardization of new telecommunications systems, including security in mobile networks, fraud control, and mobile applications security. He has been active in many collaborative research projects sponsored by the European Union. In recent years, the focus of his work has been on the standardization of 3G security and SAE/LTE security in the 3GPP security group (SA3), of which he has been a member since it started in 1999. Before this, he contributed to ETSI SMG. He has published on communications security in conference proceedings, journals, and books.

Wolf-Dietrich Moeller studied Physics and Electrical Engineering in Berlin, Glasgow and Munich. With his research work on semiconductor device technology at Technische Universität München (TUM) he received his Dr.-Ing. degree in 1977. In the same year he joined the Corporate Technology Labs of Siemens AG in Munich. After leading a research group on microprocessor architectures and VLSI chip design from 1983 until 1993, in recent years his main subject has been research in security for mobile communications, device integrity and security hardware. He has been active in European and German collaborative research projects, and contributes to the standardisation of mobile security in 3GPP. Since 2007 he has worked at Nokia Siemens Networks Research and Technology Labs in research, standardisation and systems engineering for fixed and mobile networks. Recently he contributed to the book Selected Topics in Communication Networks and Distributed Systems (forthcoming).

Valtteri Niemi received a PhD degree in Mathematics from the University of Turku, Finland in 1989. After serving in various positions at University of Turku, he became an Associate Professor in Mathematics at the University of Vaasa, Finland, during 1993-97. He joined Nokia Research Center (NRC), Helsinki in 1997 where he has contributed in several roles for Nokia research in the wireless security area, including cryptological aspects. In 2008, he moved to the new NRC laboratory in Lausanne, Switzerland, where his main focus is on privacy-enhancing technologies. He was nominated as a Nokia Fellow in January 2009. He has participated to the 3GPP SA3 (security) standardization group from the beginning. During 2003-2009 he was the chairman of the group.
Before 3GPP, Niemi took part in ETSI SMG 10 for GSM security work. He has published more than 40 scientific articles and he is a co-author of three books.

Read More Show Less

Table of Contents

Preface xiii

Foreword to the First Edition xv

Acknowledgements xix

Copyright Acknowledgements xix

1 Overview of the Book 1

2 Background 5

2.1 Evolution of Cellular Systems 5

2.1.1 Third-Generation Network Architecture 6

2.1.2 Important Elements of the 3G Architecture 7

2.1.3 Functions and Protocols in the 3GPP System 8

2.1.4 The EPS System 9

2.2 Basic Security Concepts 10

2.2.1 Information Security 10

2.2.2 Design Principles 11

2.2.3 Communication Security Features 12

2.3 Basic Cryptographic Concepts 13

2.3.1 Cryptographic Functions 14

2.3.2 Securing Systems with Cryptographic Methods 16

2.3.3 Symmetric Encryption Methods 17

2.3.4 Hash Functions 18

2.3.5 Public-Key Cryptography and PKI 19

2.3.6 Cryptanalysis 20

2.4 Introduction to LTE Standardization 21

2.4.1 Working Procedures in 3GPP 22

2.5 Notes on Terminology and Specification Language 26

2.5.1 Terminology 26

2.5.2 Specification Language 27

3 GSM Security 29

3.1 Principles of GSM Security 29

3.2 The Role of the SIM 30

3.3 Mechanisms of GSM Security 31

3.3.1 Subscriber Authentication in GSM 32

3.3.2 GSM Encryption 32

3.3.3 GPRS Encryption 33

3.3.4 Subscriber Identity Confidentiality 34

3.4 GSM Cryptographic Algorithms 34

4 Third-Generation Security (UMTS) 37

4.1 Principles of Third-Generation (3G) Security 37

4.1.1 Elements of GSM Security Carried over to 3G 37

4.1.2 Weaknesses in GSM Security 38

4.1.3 Higher Level Objectives 39

4.2 Third-Generation Security Mechanisms 40

4.2.1 Authentication and Key Agreement 40

4.2.2 Ciphering Mechanism 45

4.2.3 Integrity Protection Mechanism 46

4.2.4 Identity Confidentiality Mechanism 48

4.3 Third-Generation Cryptographic Algorithms 49

4.3.1 KASUMI 50

4.3.2 UEA1 and UIA1 51

4.3.3 SNOW3G, UEA2 and UIA2 51

4.3.4 MILENAGE 54

4.3.5 Hash Functions 54

4.4 Interworking between GSM and 3G Security 55

4.4.1 Interworking Scenarios 55

4.4.2 Cases with SIM 56

4.4.3 Cases with USIM 57

4.4.4 Handovers between GSM and 3G 58

4.5 Network Domain Security 59

4.5.1 Generic Security Domain Framework 59

4.5.2 Security Mechanisms for NDS 62

4.5.3 Application of NDS 64

4.6 Architectures with RNCs in Exposed Locations 65

5 3G–WLAN Interworking 67

5.1 Principles of 3G–WLAN Interworking 67

5.1.1 The General Idea 67

5.1.2 The EAP Framework 69

5.1.3 Overview of EAP-AKA 72

5.2 Security Mechanisms of 3G–WLAN Interworking 75

5.2.1 Reference Model for 3G–WLAN Interworking 75

5.2.2 Security Mechanisms of WLAN Direct IP Access 76

5.2.3 Security Mechanisms of WLAN 3GPP IP Access 78

5.3 Cryptographic Algorithms for 3G–WLAN Interworking 81

6 EPS Security Architecture 83

6.1 Overview and Relevant Specifications 83

6.1.1 Need for Security Standardization 85

6.1.2 Relevant Nonsecurity Specifications 87

6.1.3 Security Specifications for EPS 88

6.2 Requirements and Features of EPS Security 89

6.2.1 Threats against EPS 90

6.2.2 EPS Security Features 91

6.2.3 How the Features Meet the Requirements 95

6.3 Design Decisions for EPS Security 97

6.4 Platform Security for Base Stations 103

6.4.1 General Security Considerations 103

6.4.2 Specification of Platform Security 103

6.4.3 Exposed Position and Threats 103

6.4.4 Security Requirements 104

7 EPS Authentication and Key Agreement 109

7.1 Identification 109

7.1.1 User Identity Confidentiality 110

7.1.2 Terminal Identity Confidentiality 111

7.2 The EPS Authentication and Key Agreement Procedure 112

7.2.1 Goals and Prerequisites of EPS AKA 112

7.2.2 Distribution of EPS Authentication Vectors from HSS to MME 114

7.2.3 Mutual Authentication and Establishment of a Shared Key between the Serving Network and the UE 118

7.2.4 Distribution of Authentication Data inside and between Serving Networks 122

7.3 Key Hierarchy 123

7.3.1 Key Derivations 124

7.3.2 Purpose of the Keys in the Hierarchy 125

7.3.3 Cryptographic Key Separation 127

7.3.4 Key Renewal 128

7.4 Security Contexts 129

7.4.1 EPS Security Context 129

7.4.2 EPS NAS Security Context 130

7.4.3 UE Security Capabilities 130

7.4.4 EPS AS Security Context 130

7.4.5 Native versus Mapped Contexts 130

7.4.6 Current versus Non-current Contexts 131

7.4.7 Key Identification 131

7.4.8 EPS Security Context Storage 131

7.4.9 EPS Security Context Transfer 132

8 EPS Protection for Signalling and User Data 133

8.1 Security Algorithms Negotiation 133

8.1.1 Mobility Management Entities 134

8.1.2 Base Stations 135

8.2 NAS Signalling Protection 136

8.2.1 NAS Security Mode Command Procedure 136

8.2.2 NAS Signalling Protection 137

8.3 AS Signalling and User Data Protection 138

8.3.1 AS Security Mode Command Procedure 138

8.3.2 RRC Signalling and User Plane Protection 138

8.3.3 RRC Connection Re-establishment 140

8.4 Security on Network Interfaces 141

8.4.1 Application of NDS to EPS 141

8.4.2 Security for Network Interfaces of Base Stations 142

8.5 Certificate Enrolment for Base Stations 143

8.5.1 Enrolment Scenario 143

8.5.2 Enrolment Principles 144

8.5.3 Enrolment Architecture 147

8.5.4 CMPv2 Protocol and Certificate Profiles 148

8.5.5 CMPv2 Transport 149

8.5.6 Example Enrolment Procedure 150

8.6 Emergency Call Handling 151

8.6.1 Emergency Calls with NAS and AS Security Contexts in Place 153

8.6.2 Emergency Calls without NAS and AS Security Contexts 153

8.6.3 Continuation of the Emergency Call When Authentication Fails 154

9 Security in Intra-LTE State Transitions and Mobility 155

9.1 Transitions to and from Registered State 156

9.1.1 Registration 156

9.1.2 Deregistration 156

9.2 Transitions between Idle and Connected States 157

9.2.1 Connection Initiation 158

9.2.2 Back to Idle State 158

9.3 Idle State Mobility 158

9.4 Handover 161

9.4.1 Handover Key Management Requirements Background 161

9.4.2 Handover Keying Mechanisms Background 162

9.4.3 LTE Key Handling in Handover 166

9.4.4 Multiple Target Cell Preparations 168

9.5 Key Change on the Fly 169

9.5.1 KeNB Rekeying 169

9.5.2 KeNB Refresh 169

9.5.3 NAS Key Rekeying 170

9.6 Periodic Local Authentication Procedure 170

9.7 Concurrent Run of Security Procedures 171

10 EPS Cryptographic Algorithms 175

10.1 Null Algorithms 176

10.2 Ciphering Algorithms 177

10.3 Integrity Algorithms 180

10.4 Key Derivation Algorithms 180

11 Interworking Security between EPS and Other Systems 183

11.1 Interworking with GSM and 3G Networks 183

11.1.1 Routing Area Update Procedure in UTRAN or GERAN 186

11.1.2 Tracking Area Update Procedure in EPS 187

11.1.3 Handover from EPS to 3G or GSM 190

11.1.4 Handover from 3G or GSM to EPS 191

11.2 Interworking with Non-3GPP Networks 193

11.2.1 Principles of Interworking with Non-3GPP Networks 193

11.2.2 Authentication and Key Agreement for Trusted Access 201

11.2.3 Authentication and Key Agreement for Untrusted Access 205

11.2.4 Security for Mobile IP Signalling 208

11.2.5 Mobility between 3GPP and Non-3GPP Access Networks 211

12 Security for Voice over LTE 215

12.1 Methods for Providing Voice over LTE 215

12.1.1 IMS over LTE 216

12.1.2 Circuit Switched Fallback (CSFB) 218

12.1.3 Single Radio Voice Call Continuity (SRVCC) 218

12.2 Security Mechanisms for Voice over LTE 220

12.2.1 Security for IMS over LTE 220

12.2.2 Security for Circuit Switched Fallback 228

12.2.3 Security for Single Radio Voice Call Continuity 228

12.3 Rich Communication Suite and Voice over LTE 230

13 Security for Home Base Station Deployment 233

13.1 Security Architecture, Threats and Requirements 234

13.1.1 Scenario 234

13.1.2 Threats and Risks 237

13.1.3 Requirements 239

13.1.4 Security Architecture 240

13.2 Security Features 241

13.2.1 Authentication 241

13.2.2 Local Security 243

13.2.3 Communications Security 244

13.2.4 Location Verification and Time Synchronization 244

13.3 Security Procedures Internal to the Home Base Station 244

13.3.1 Secure Boot and Device Integrity Check 245

13.3.2 Removal of Hosting Party Module 245

13.3.3 Loss of Backhaul Link 245

13.3.4 Secure Time Base 246

13.3.5 Handling of Internal Transient Data 246

13.4 Security Procedures between Home Base Station and Security Gateway 247

13.4.1 Device Integrity Validation 247

13.4.2 Device Authentication 247

13.4.3 IKEv2 and Certificate Profiling 250

13.4.4 Certificate Processing 253

13.4.5 Combined Device-Hosting Party Authentication 255

13.4.6 Authorization and Access Control 256

13.4.7 IPsec Tunnel Establishment 258

13.4.8 Verification of HeNB Identity and CSG Access 258

13.4.9 Time Synchronization 260

13.5 Security Aspects of Home Base Station Management 261

13.5.1 Management Architecture 261

13.5.2 Management and Provisioning during Manufacturing 264

13.5.3 Preparation for Operator-Specific Deployment 266

13.5.4 Relationships between HeNB Manufacturer and Operator 267

13.5.5 Security Management in Operator Network 267

13.5.6 Protection of Management Traffic 268

13.5.7 Software Download 270

13.5.8 Location Verification 272

13.6 Closed Subscriber Groups and Emergency Call Handling 275

13.6.1 UE Access Control to HeNBs 275

13.6.2 Emergency Calls 276

13.7 Support for Subscriber Mobility 277

13.7.1 Mobility Scenarios 277

13.7.2 Direct Interfaces between HeNBs 278

14 Relay Node Security 281

14.1 Overview of Relay Node Architecture 281

14.1.1 Basic Relay Node Architecture 281

14.1.2 Phases for Start-Up of Relay Nodes 283

14.2 Security Solution 284

14.2.1 Security Concepts 284

14.2.2 Security Procedures 288

14.2.3 Security on the Un Interface 290

14.2.4 USIM and Secure Channel Aspects 290

14.2.5 Enrolment Procedures 291

14.2.6 Handling of Subscription and Certificates 291

15 Security for Machine-Type Communications 293

15.1 Security for MTC at the Application Level 294

15.1.1 MTC Security Framework 295

15.1.2 Security (Kmr) Bootstrapping Options 298

15.1.3 Connection (Kmc) and Application-Level Security Association (Kma) Establishment Procedures 301

15.2 Security for MTC at the 3GPP Network Level 301

15.2.1 3GPP System Improvements for MTC 301

15.2.2 Security Related to 3GPP System Improvements for MTC 303

15.3 Security for MTC at the Credential Management Level 306

15.3.1 Trusted Platform in the Device 307

15.3.2 Embedded UICC 307

15.3.3 Remote Management of Credentials 308

16 Future Challenges 309

16.1 Near-Term Outlook 309

16.1.1 Security for Relay Node Architectures 309

16.1.2 Security for Interworking of 3GPP Networks and Fixed Broadband Networks 310

16.1.3 Security for Voice over LTE 310

16.1.4 Security for Machine-Type Communication 311

16.1.5 Security for Home Base Stations 311

16.1.6 New Cryptographic Algorithms 312

16.1.7 Public Warning System 313

16.1.8 Proximity Services 314

16.2 Far-Term Outlook 314

Abbreviations 319

References 327

Index 337

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)