State Transitions and Mobility
A UE transitioning between RRC_IDLE to RRC_CONNECTED must have its RRC and UP protection keys generation while NAS and higher layer protection keys are assumed to be already available in the MME. Higher layer keys may have been established in the MME as a result of an AKA run, or as a result of transfer from another MME during handover or idle mode mobility.
When transitioning between RRC_CONNECTED to RRC_IDLE, eNBs delete all the keys they store such that the state for IDLE mode has be maintained only at in the MME. The eNB will also not be storing any state information about the corresponding UE. Specifically, both the eNB and the UE will delete NH, KeNB, KRRCenc, KRRCint, KUPenc and related NCC, but the MME and the UE will maintain the KASME, KNASint and KNASenc.
Figure 14.4 Key Handling during Handover. Reproduced by permission of © 2010 3GPP. Further use is strictly prohibited.
During mobility, the key hierarchy does not allow explicit RRC and UP key updates, but RRC and UP keys are derived based on algorithm identifiers and KeNB which results with new RRC and UP keys at every handover. Figure 14.4 shows the model for key handling during handover. The handling proceeds as follows.
Whenever an initial AS security context needs to be established between UE and eNB, MME and the UE shall derivate a KeNB a NH, both of which are derived from the KASME. The UE and the eNB use the KeNB to secure the communication between each other. On handovers, the basis for the KeNB that will be used between the UE and the target eNB, called KeNB*, is derived from either the currently active KeNB or from the NH parameter. The former derivation is called a horizontal key derivation, while the latter is called a vertical key derivation. On handovers with vertical key derivation the NH is further bound to the target PCI and its frequency (EARFCN-DL) before it is taken into use as the KeNB in the target Enb. On handovers with horizontal key derivation the currently active KeNB is further bound to the target PCT and its frequency before it is taken into use as the KeNB in the target eNB.