Comparison of LTE Security and UMTS Security


LTE has inherited most of the Security architecture from UMTS, some enhancements have also been made. While there are lot of places to find the overview of the LTE Security architecture, a side-by-side comparison with UMTS will be helpful for peopple coming from UMTS background.


Security Elements

Authentication and Key AgreementUMTS
  • based on UMTS-AKA
  • key derivation from the UMTS Authentication Quintuplet(RAND, CK, IK, RES, AUTN)
LTE
  • based on EPS-AKA
  • key derivation from the UMTS Authentication Quintuplet(RAND, CK, IK, RES, AUTN)
  • Key Derivation Functions use HMAC-SHA-256
  • K(ASME) computed from CK, IK, and AUTN, which is used for Integrity and Encryption keys
IntegrityUMTS
  • Integrity protection mandatory for only few RRC messages.
  • Integrity Protection Algorithm
    • UIA1: Kasumi
LTE
  • Integrity Protection mandatory for all messages after (and including) Security Mode Command
  • Integrity Protection Algorithm
    • 128-EIA 1: based on SNOW 3G
    • 128-EIA 2: based on AES-128
EncryptionUMTS
  • Encryption Algorithm
    • UEA0: no encryption.
    • UEA1: Kasumi.
LTE
  • Encrption done independently at two levels
    • NAS - for EMM and ESM messgaes
    • PDCP-SRB(1 and 2) and DRB (1 .. 11)
  • two SECURITY MODE COMMANDS for two sets of keys
    • {K(NAS-enc), K(NAS-integrity)}  
    • {K(RRC-enc), K(RRC-integrity)}
  • Encryption Algorithm
    • 128-EEA 0: No Encrption
    • 128-EEA 1: based on SNOW 3G
    • 128-EEA 2: based on AES-128