Abstract image of a woman sitting on books and studying on a laptop

Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)

son6971, profile picture
son6971

The document discusses the process of initial attachment for unknown user equipment (UE) in a mobile network. It describes five cases of initial attachment based on whether the UE is known or unknown to the network, and whether the UE identifies itself with an International Mobile Subscriber Identity (IMSI) or Globally Unique Temporary Identity (GUTI). The cases involve different combinations of UE identification, authentication, security setup and location update steps performed by the Mobility Management Entity (MME).

TechnologyBusiness
1 of 10
1
2
3
4
5
6
7
8
9
10
Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) www.netmanias.com www.nmcgroups.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Initial Attach for Unknown UE (Part 1) Case of Initial Attach August 27, 2012 (Last Updated: September 3, 2012) NMC Consulting Group www.netmanias.com www.nmcgroups.com
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 2 Preliminary: Criteria for Classification of Initial Attach  Operation Step for Initial Attach  Criteria for Classification of Initial Attach Step Function Description Step 1 UE ID Acquisition Network needs a UE ID (IMSI or GUTI) to identify and authenticate subscriber • IMSI is acquired from UE and GUTI is acquired from UE or old MME Mandatory Step 2 Authentication Acquiring a IMSI, EPS –AKA procedure is performed to authenticate the user [1] • HSS creates authentication vector(s) and delivers the AV(s) to MME • MME on behalf of HSS performs mutual authentication with UE Mandatory • If UE ID is a IMSI • If UE ID is a Old GUTI and integrity check fails Step 3 NAS Security Setup UE and MME derive NAS Security Keys (KNASint, KNASenc) to safely deliver NAS messages [2] Step 4 Location Update HSS updates MME where the user is registered, and the MME downloads the subscription information of the user from the HSS Mandatory • If MME has changed since the last detach • If MME has no valid subscription context • If UE provides a IMSI • If MME has no valid UE context Step 5 EPS Session Establishment A EPS Session and a Default EPS Bearer are established Mandatory UE Attach Request (UE ID) MME that UE has detached lastly (Old MME) MME that UE is trying to attach to since the last detach (New MME) UE Context? UE Context? MME1 MME2 HSS Detach UE (i) With which UE ID? § IMSI or § Old GUTI UE (ii) To which MME? § New MME = Old MME or § New MME ≠ Old MME (iii) Whether UE Context exists anywhere in Network (MMEs)? § Yes or (Known UE from the MME viewpoint) § No (Unknown UE from the MME viewpoint) Network (MMEs) Criteria
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 3 Case of Initial Attach: Unknown UE (1/2) Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Identity Request Identity Response (IMSI) Attach Request Attach Case 2 Attach Case 1 Attach Case 3 UE IMSI New MME - Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME = Old MME 2. Unknown UE (Old GUTI) Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Unknown UE (Old GUTI) Old MME - MMEChanged AttachwithGUTIAttachwithIMSI MMEUnchanged Unknown UE (MME viewpoint) 1. Unknown UE (IMSI)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 4 Case of Initial Attach: Unknown UE (2/2) Unknown UE: No UE Context Exists Anywhere in Network (MMEs) § Attach Case 1: UE with IMSI 1) UE sends a Attach Request message to a MME identifying itself with IMSI (UE ID = IMSI). The message is not integrity protected 2) The MME acquires the IMSI, therefore performs Authentication and NAS Security Setup 3) MME performs location update to HSS, i.e. MME informs HSS of registration of a UE and downloads the subscription information of the user from HSS § Attach Case 2: UE with GUTI, MME Unchanged (New MME = Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) checks the Old GUTI which includes a MME ID and recognizes that the Old GUTI has been allocated by itself (Old MME). But the MME fails to find the UE Context of the Old GUTI 3) The MME sends an Identity Request message to the UE to request the IMSI 4) The UE sends IMSI to the MME by responding with an Identity Response (IMSI) message 5) Now the MME performs Authentication, NAS Security Setup and Location Update as “step 2) & 3) of Attach Case 1” § Attach Case 3: UE with GUTI, MME Changed (New MME ≠ Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) recognizes that the Old GUTI has been allocated by another MME (Old MME) 3) The New MME requests UE Context to the Old MME by sending an Identification Request (Old GUTI, Complete Attach Request message) message 4) The Old MME fails to find the UE Context of the Old GUTI 5) The Old MME notifies the New MME that there’s no UE Context by sending an Identification Response (error cause) message 6) The New MME gets the IMSI of the UE by sending an Identity Request message to the UE, and then performs Authentication, NAS Security Setup and Location Update as “step 3) ~ 5) of Attach Case 2”
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 5 Case of Initial Attach: Known UE (1/2) Authentication (IMSI) NAS Security Setup In case of NAS Integrity Check Failure, MME performs... Attach Case 4 Attach Case 5 Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME 1. New MME = Old MME 2. Known UE (Old GUTI) IMSI Old GUTI KASME KSIASME UE-AMBR ... AttachwithGUTI MMEUnchanged Known UE (MME viewpoint) Identity Request Identity Response (IMSI) Authentication (IMSI) NAS Security Setup Location Update (IMSI, New MME) MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME i) Case of NAS Integrity Check Failure Location Update (IMSI, New MME) MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (IMSI, UE MM Context) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME IMSI Old GUTI KASME KSIASME UE-AMBR ... ii) Case of NAS Integrity Check Success - MMEChanged
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 6 Case of Initial Attach: Known UE (2/2) Known UE: UE Context Exists Anywhere in Network (MMEs) § Attach Case 4: UE with GUTI, MME Unchanged (New MME = Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) checks the Old GUTI which includes a MME ID and recognizes that the Old GUTI has been allocated by itself (Old MME). The MME finds the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) of the Old GUTI 3) The MME verifies the integrity of the Attach Request message by NAS-MAC i) If the integrity verification fails, then the MME should perform Authentication and NAS Security Setup ii) If the integrity verification successes, then the MME can omit Authentication and NAS Security Setup § Attach Case 5: UE with GUTI, MME Changed (New MME ≠ Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) recognizes that the Old GUTI has been allocated by another MME (Old MME) 3) The New MME requests UE Context to the Old MME by sending an Identification Request (Old GUTI, Complete Attach Request) message 4) The Old MME finds the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) of the Old GUTI 5) The Old MME verifies the integrity of the received Attach Request message by NAS-MAC 6) The Old MME transfers the result of the integrity verification to the New MME by sending an Identification Response message i) If the integrity check fails, then the Old MME responds with an error cause ii) If the integrity check successes, then the Old MME responds with the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 7 Simplified Call Flows of Initial Attach Cases (1/3) Attach Case 2 Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME = New MME 2. Unknown UE (Old GUTI) MME Performs... Authentication Location Update NAS Security Setup UE ID Acquisition Attach Request (IMSI) Authentication (IMSI) Location Update (New MME) EPS Session Establishment Identification Request to Old MME (GUTI) Attach Request (GUTI) Attach Request (GUTI) Attach Request (GUTI) Attach Request (GUTI) Identification Request to Old MME (GUTI) Authentication (IMSI) Authentication (IMSI) Location Update (New MME) Location Update (New MME) Location Update (New MME) & Cancel Location (Old MME) EPS Session Establishment EPS Session Establishment EPS Session Establishment EPS Session Establishment Identity Request to UE (IMSI) Attach Case 1 NAS Security Setup NAS Security Setup NAS Security Setup UE ID Acquisition UE ID Acquisition UE ID Acquisition UE ID Acquisition Attach Case 2 Attach Case 3 Attach Case 4 Attach Case 5 Attach with IMSI MME Unchanged Unknown UE (MME viewpoint) Attach with GUTI Known UE (MME viewpoint) MME Changed MME Unchanged MME Changed Attach RequestUE IMSI New MME - Authentication Location Update NAS Security Setup MME Performs... Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME 1. Old MME = New MME 2. Known UE (GUTI) IMSI Old GUTI KASME KSIASME UE-AMBR ... Identification Request (Old GUTI, complete Attach Request message) Identification Response (IMSI, UE MM Context) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME ≠ New MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME IMSI Old GUTI KASME KSIASME UE-AMBR ... Location Update (IMSI, New MME) MME Performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME != New MME 2. Unknown UE (GUTI) Old MME - MME Performs... Authentication Location Update NAS Security Setup Authentication (IMSI) Authentication (IMSI) NAS Security Setup NAS Security Setup Location Update (New MME) Identity Request to UE (IMSI)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 8 Simplified Call Flows of Initial Attach Cases (2/3) Initial Attach with IMSI § Attach Case 1: Unknown UE UE sends a Attach Request (IMSI) message to a MME 1) The MME acquires IMSI from UE (Attach Request message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment Initial Attach with GUTI § Attach Case 2: Unknown UE, MME Unchanged UE sends a Attach Request (Old GUTI) message to a MME The MME has no the GUTI, so requests IMSI to the UE 1) The MME acquires IMSI from UE (Identity Response message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment § Attach Case 3: Unknown UE, MME Changed UE sends a Attach Request (Old GUTI) message to a MME The MME (New MME) didn’t allocate the GUTI, requests UE Context to Old MME but fails, so requests IMSI to the UE 1) The MME acquires IMSI from UE (Identity Response message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (Old GUTI) [MME] No UE Context [UE MME] Identity Request (UE ID = IMSI) [UE  MME] Identity Response (IMSI) EPS Entity Procedure for UE ID Acquisition [UE  New MME] Attach Request (Old GUTI) [New MME  Old MME] Identification Request (Old GUTI) [Old MME] No UE Context [New MME Old MME] Identification Response (error cause) [UE  New MME] Identity Request (UE ID = IMSI) [UE  New MME] Identity Response (IMSI) EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (IMSI)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 9 Simplified Call Flows of Initial Attach Cases (3/3) § Attach Case 4: Known UE, MME Unchanged UE sends a Attach Request (Old GUTI) message to a MME The MME has the GUTI and UE Context 1) The MME acquires a valid Old GUTI and UE Context from UE (Attach Request message) 2) Then the MME performs EPS Session/Default EPS Bearer Establishment § Attach Case 5: Known UE, MME Changed UE sends a Attach Request (Old GUTI) message to a MME The MME (New MME) didn’t allocate the GUTI, requests UE Context to Old MME and receives the UE Context from the Old MME 1) The MME acquires a valid Old GUTI from the Old MME (Identification Response message) 2) Then the MME performs Location Update and EPS Session/Default EPS Bearer Establishment EPS Entity Procedure for UE ID Acquisition [UE  New MME] Attach Request (Old GUTI) [New MME  Old MME] Identification Request (Old GUTI) [Old MME] UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) [New MME Old MME] Identification Response (UE Context) EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (Old GUTI) [MME] UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 10 References and Abbreviations [1] Netmanias Technical Document, “LTE Security I: LTE Security Concept and LTE Authentication”, August 2012, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [2] Netmanias Technical Document, “LTE Security II: NAS and AS Security LTE Security Concept and LTE Authentication”, August 2012, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [3] 3GPP TS 23.401, “GPRS Enhancements for E-UTRAN Access”. [4] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010. [ AKA ASME AV EPS GUTI HSS IMSI LTE MME NAS NAS-MAC UE : Authentication and Key Agreement : Access Security Management Entity : Authentication Vector : Evolved Packet System : Globally Unique Temporary Identifier : Home Subscriber Server : International Mobile Subscriber Identity : Long Term Evolution : Mobility Management Entity : Non Access Stratum : Message Authentication Code for NAS for Integrity : User Equipment Abbreviations

More Related Content

PDF
Netmanias.2012.08.22 [en] lte security i-security concept and authentication
son6971
 
PDF
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Ehab Sameh
 
PDF
Security In LTE Access Network
Sukhvinder Singh Malik
 
PDF
Netmanias.2013.08.05 lte security i-concept and authentication.eng
son6971
 
PDF
IPsec for IMS
Hossein Yavari
 
PDF
IPSec VPN Tutorial Part1
Abdallah Abuouf
 
PDF
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
 
PPT
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
Zachariah Pabi
 
Netmanias.2012.08.22 [en] lte security i-security concept and authentication
son6971
 
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Ehab Sameh
 
Security In LTE Access Network
Sukhvinder Singh Malik
 
Netmanias.2013.08.05 lte security i-concept and authentication.eng
son6971
 
IPsec for IMS
Hossein Yavari
 
IPSec VPN Tutorial Part1
Abdallah Abuouf
 
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
Zachariah Pabi
 

What's hot (16)

PDF
Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Mary McEvoy Carroll
 
PPT
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
PDF
CCNAv5 - S4: Chapter3 Point to-point Connections
Vuz Dở Hơi
 
PDF
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
 
PDF
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET Journal
 
PDF
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
PDF
Y36146148
IJERA Editor
 
PPTX
Ccna v5-S1-Chapter 5
Hamza Malik
 
PPSX
WPA2
Mshari Alabdulkarim
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
 
PDF
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
Vuz Dở Hơi
 
PPT
Cisco CCNA module 1
Anjar Septiawan
 
PPTX
CCNA RS_ITN - Chapter 3
Irsandi Hasan
 
PDF
ccna1 v5 cap2
lvstarodub
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
PPTX
CCNA 2 Routing and Switching v5.0 Chapter 8
Nil Menon
 
Secure from go: Stoke Guide to Securing LTE Networks from Day 1
Mary McEvoy Carroll
 
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
CCNAv5 - S4: Chapter3 Point to-point Connections
Vuz Dở Hơi
 
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
 
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET Journal
 
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
 
Y36146148
IJERA Editor
 
Ccna v5-S1-Chapter 5
Hamza Malik
 
WPA2
Mshari Alabdulkarim
 
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
 
CCNAv5 - S4: Chapter 1 Hierarchical Network Design
Vuz Dở Hơi
 
Cisco CCNA module 1
Anjar Septiawan
 
CCNA RS_ITN - Chapter 3
Irsandi Hasan
 
ccna1 v5 cap2
lvstarodub
 
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
CCNA 2 Routing and Switching v5.0 Chapter 8
Nil Menon
 
Ad

Viewers also liked (20)

PDF
Lte attach-messaging
Praveen Kumar
 
PDF
AIRCOM LTE Webinar 1 - Network Architecture
AIRCOM International
 
PDF
Simplified Call Flow Signaling: Registration - The Attach Procedure
3G4G
 
PDF
Lte protocol-stack-mac-rlc-pdcp
Prashant Sengar
 
PDF
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
PPTX
PDN Overview
Allen Rodgers
 
DOC
c1 & c2 values
Virender Aswal
 
PDF
LTE EPC Technology Essentials
Hussien Mahmoud
 
PPTX
20121129 lte basic procedures (2)
Debasish Sahoo
 
PDF
LTE Redirection attacks: Zhang Shan
Darren Pauli
 
PPTX
EPS presentation
Anirudh Yadav
 
PDF
LTE Architecture and LTE Attach
aliirfan04
 
PDF
S1ap lte-attach-eps-bearer-setup
Prashant Sengar
 
PDF
ANSYS RedHawk-CPA: New Paradigm for Faster Chip-Package Convergence
Ansys
 
PDF
LTE Air Interface
Abdulrahman Fady
 
PDF
Anirudh resume 2_19
Anirudh Yadav
 
PDF
3 gpp lte-rlc
Prashant Sengar
 
PDF
Lte rrc-connection-setup-messaging
Prashant Sengar
 
PDF
LTE Key Technologies
Abdulrahman Fady
 
PPTX
TRACK C: PDN (Power Delivery Network)/ Ronen Stilkol
chiportal
 
Lte attach-messaging
Praveen Kumar
 
AIRCOM LTE Webinar 1 - Network Architecture
AIRCOM International
 
Simplified Call Flow Signaling: Registration - The Attach Procedure
3G4G
 
Lte protocol-stack-mac-rlc-pdcp
Prashant Sengar
 
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
PDN Overview
Allen Rodgers
 
c1 & c2 values
Virender Aswal
 
LTE EPC Technology Essentials
Hussien Mahmoud
 
20121129 lte basic procedures (2)
Debasish Sahoo
 
LTE Redirection attacks: Zhang Shan
Darren Pauli
 
EPS presentation
Anirudh Yadav
 
LTE Architecture and LTE Attach
aliirfan04
 
S1ap lte-attach-eps-bearer-setup
Prashant Sengar
 
ANSYS RedHawk-CPA: New Paradigm for Faster Chip-Package Convergence
Ansys
 
LTE Air Interface
Abdulrahman Fady
 
Anirudh resume 2_19
Anirudh Yadav
 
3 gpp lte-rlc
Prashant Sengar
 
Lte rrc-connection-setup-messaging
Prashant Sengar
 
LTE Key Technologies
Abdulrahman Fady
 
TRACK C: PDN (Power Delivery Network)/ Ronen Stilkol
chiportal
 
Ad

Similar to Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1) (6)

TXT
Lte testing
Varun Katial
 
PDF
Test
son6971
 
PDF
Test 1
son6971
 
PDF
Seps aka a secure evolved packet system authentication and key agreement sch...
csandit
 
PDF
SEPS-AKA: A SECURE EVOLVED PACKET SYSTEM AUTHENTICATION AND KEY AGREEMENT SCH...
cscpconf
 
PPTX
3-LTE Signaling Procedure EMERSON EDUARDO RODRIGUES.pptx
EMERSON EDUARDO RODRIGUES
 
Lte testing
Varun Katial
 
Test
son6971
 
Test 1
son6971
 
Seps aka a secure evolved packet system authentication and key agreement sch...
csandit
 
SEPS-AKA: A SECURE EVOLVED PACKET SYSTEM AUTHENTICATION AND KEY AGREEMENT SCH...
cscpconf
 
3-LTE Signaling Procedure EMERSON EDUARDO RODRIGUES.pptx
EMERSON EDUARDO RODRIGUES
 

Recently uploaded (20)

DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Configure Apache Mutual Authentication
Antonino Piraino
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
What is a Computer? Input Devices /output devices
GulJan8
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 

Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)

  • 1. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) www.netmanias.com www.nmcgroups.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Initial Attach for Unknown UE (Part 1) Case of Initial Attach August 27, 2012 (Last Updated: September 3, 2012) NMC Consulting Group www.netmanias.com www.nmcgroups.com
  • 2. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 2 Preliminary: Criteria for Classification of Initial Attach  Operation Step for Initial Attach  Criteria for Classification of Initial Attach Step Function Description Step 1 UE ID Acquisition Network needs a UE ID (IMSI or GUTI) to identify and authenticate subscriber • IMSI is acquired from UE and GUTI is acquired from UE or old MME Mandatory Step 2 Authentication Acquiring a IMSI, EPS –AKA procedure is performed to authenticate the user [1] • HSS creates authentication vector(s) and delivers the AV(s) to MME • MME on behalf of HSS performs mutual authentication with UE Mandatory • If UE ID is a IMSI • If UE ID is a Old GUTI and integrity check fails Step 3 NAS Security Setup UE and MME derive NAS Security Keys (KNASint, KNASenc) to safely deliver NAS messages [2] Step 4 Location Update HSS updates MME where the user is registered, and the MME downloads the subscription information of the user from the HSS Mandatory • If MME has changed since the last detach • If MME has no valid subscription context • If UE provides a IMSI • If MME has no valid UE context Step 5 EPS Session Establishment A EPS Session and a Default EPS Bearer are established Mandatory UE Attach Request (UE ID) MME that UE has detached lastly (Old MME) MME that UE is trying to attach to since the last detach (New MME) UE Context? UE Context? MME1 MME2 HSS Detach UE (i) With which UE ID? § IMSI or § Old GUTI UE (ii) To which MME? § New MME = Old MME or § New MME ≠ Old MME (iii) Whether UE Context exists anywhere in Network (MMEs)? § Yes or (Known UE from the MME viewpoint) § No (Unknown UE from the MME viewpoint) Network (MMEs) Criteria
  • 3. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 3 Case of Initial Attach: Unknown UE (1/2) Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Identity Request Identity Response (IMSI) Attach Request Attach Case 2 Attach Case 1 Attach Case 3 UE IMSI New MME - Authentication (IMSI) Location Update (IMSI, New MME) NAS Security Setup MME performs... Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME = Old MME 2. Unknown UE (Old GUTI) Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Unknown UE (Old GUTI) Old MME - MMEChanged AttachwithGUTIAttachwithIMSI MMEUnchanged Unknown UE (MME viewpoint) 1. Unknown UE (IMSI)
  • 4. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 4 Case of Initial Attach: Unknown UE (2/2) Unknown UE: No UE Context Exists Anywhere in Network (MMEs) § Attach Case 1: UE with IMSI 1) UE sends a Attach Request message to a MME identifying itself with IMSI (UE ID = IMSI). The message is not integrity protected 2) The MME acquires the IMSI, therefore performs Authentication and NAS Security Setup 3) MME performs location update to HSS, i.e. MME informs HSS of registration of a UE and downloads the subscription information of the user from HSS § Attach Case 2: UE with GUTI, MME Unchanged (New MME = Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) checks the Old GUTI which includes a MME ID and recognizes that the Old GUTI has been allocated by itself (Old MME). But the MME fails to find the UE Context of the Old GUTI 3) The MME sends an Identity Request message to the UE to request the IMSI 4) The UE sends IMSI to the MME by responding with an Identity Response (IMSI) message 5) Now the MME performs Authentication, NAS Security Setup and Location Update as “step 2) & 3) of Attach Case 1” § Attach Case 3: UE with GUTI, MME Changed (New MME ≠ Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) recognizes that the Old GUTI has been allocated by another MME (Old MME) 3) The New MME requests UE Context to the Old MME by sending an Identification Request (Old GUTI, Complete Attach Request message) message 4) The Old MME fails to find the UE Context of the Old GUTI 5) The Old MME notifies the New MME that there’s no UE Context by sending an Identification Response (error cause) message 6) The New MME gets the IMSI of the UE by sending an Identity Request message to the UE, and then performs Authentication, NAS Security Setup and Location Update as “step 3) ~ 5) of Attach Case 2”
  • 5. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 5 Case of Initial Attach: Known UE (1/2) Authentication (IMSI) NAS Security Setup In case of NAS Integrity Check Failure, MME performs... Attach Case 4 Attach Case 5 Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME 1. New MME = Old MME 2. Known UE (Old GUTI) IMSI Old GUTI KASME KSIASME UE-AMBR ... AttachwithGUTI MMEUnchanged Known UE (MME viewpoint) Identity Request Identity Response (IMSI) Authentication (IMSI) NAS Security Setup Location Update (IMSI, New MME) MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME i) Case of NAS Integrity Check Failure Location Update (IMSI, New MME) MME performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (IMSI, UE MM Context) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. New MME ≠ Old MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME IMSI Old GUTI KASME KSIASME UE-AMBR ... ii) Case of NAS Integrity Check Success - MMEChanged
  • 6. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 6 Case of Initial Attach: Known UE (2/2) Known UE: UE Context Exists Anywhere in Network (MMEs) § Attach Case 4: UE with GUTI, MME Unchanged (New MME = Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) checks the Old GUTI which includes a MME ID and recognizes that the Old GUTI has been allocated by itself (Old MME). The MME finds the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) of the Old GUTI 3) The MME verifies the integrity of the Attach Request message by NAS-MAC i) If the integrity verification fails, then the MME should perform Authentication and NAS Security Setup ii) If the integrity verification successes, then the MME can omit Authentication and NAS Security Setup § Attach Case 5: UE with GUTI, MME Changed (New MME ≠ Old MME) 1) UE sends a Attach Request message to a MME identifying itself with Old GUTI (UE ID = Old GUTI). The message is integrity protected using NAS integrity key, KNASint (i.e. with NAS-MAC) 2) The MME (New MME) recognizes that the Old GUTI has been allocated by another MME (Old MME) 3) The New MME requests UE Context to the Old MME by sending an Identification Request (Old GUTI, Complete Attach Request) message 4) The Old MME finds the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) of the Old GUTI 5) The Old MME verifies the integrity of the received Attach Request message by NAS-MAC 6) The Old MME transfers the result of the integrity verification to the New MME by sending an Identification Response message i) If the integrity check fails, then the Old MME responds with an error cause ii) If the integrity check successes, then the Old MME responds with the UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR)
  • 7. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 7 Simplified Call Flows of Initial Attach Cases (1/3) Attach Case 2 Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME = New MME 2. Unknown UE (Old GUTI) MME Performs... Authentication Location Update NAS Security Setup UE ID Acquisition Attach Request (IMSI) Authentication (IMSI) Location Update (New MME) EPS Session Establishment Identification Request to Old MME (GUTI) Attach Request (GUTI) Attach Request (GUTI) Attach Request (GUTI) Attach Request (GUTI) Identification Request to Old MME (GUTI) Authentication (IMSI) Authentication (IMSI) Location Update (New MME) Location Update (New MME) Location Update (New MME) & Cancel Location (Old MME) EPS Session Establishment EPS Session Establishment EPS Session Establishment EPS Session Establishment Identity Request to UE (IMSI) Attach Case 1 NAS Security Setup NAS Security Setup NAS Security Setup UE ID Acquisition UE ID Acquisition UE ID Acquisition UE ID Acquisition Attach Case 2 Attach Case 3 Attach Case 4 Attach Case 5 Attach with IMSI MME Unchanged Unknown UE (MME viewpoint) Attach with GUTI Known UE (MME viewpoint) MME Changed MME Unchanged MME Changed Attach RequestUE IMSI New MME - Authentication Location Update NAS Security Setup MME Performs... Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME 1. Old MME = New MME 2. Known UE (GUTI) IMSI Old GUTI KASME KSIASME UE-AMBR ... Identification Request (Old GUTI, complete Attach Request message) Identification Response (IMSI, UE MM Context) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME ≠ New MME 2. Known UE (Old GUTI) Old MME IMSI Old GUTI KASME KSIASME UE-AMBR ...New MME IMSI Old GUTI KASME KSIASME UE-AMBR ... Location Update (IMSI, New MME) MME Performs... Identification Request (Old GUTI, complete Attach Request message) Identification Response (error cause) Identity Request Identity Response (IMSI) Attach RequestUE IMSI Old GUTI KSIASME NAS-MAC NAS seq. no New MME - 1. Old MME != New MME 2. Unknown UE (GUTI) Old MME - MME Performs... Authentication Location Update NAS Security Setup Authentication (IMSI) Authentication (IMSI) NAS Security Setup NAS Security Setup Location Update (New MME) Identity Request to UE (IMSI)
  • 8. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 8 Simplified Call Flows of Initial Attach Cases (2/3) Initial Attach with IMSI § Attach Case 1: Unknown UE UE sends a Attach Request (IMSI) message to a MME 1) The MME acquires IMSI from UE (Attach Request message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment Initial Attach with GUTI § Attach Case 2: Unknown UE, MME Unchanged UE sends a Attach Request (Old GUTI) message to a MME The MME has no the GUTI, so requests IMSI to the UE 1) The MME acquires IMSI from UE (Identity Response message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment § Attach Case 3: Unknown UE, MME Changed UE sends a Attach Request (Old GUTI) message to a MME The MME (New MME) didn’t allocate the GUTI, requests UE Context to Old MME but fails, so requests IMSI to the UE 1) The MME acquires IMSI from UE (Identity Response message) 2) Then, the MME performs Authentication, NAS Security Setup, Location Update and EPS Session/Default EPS Bearer Establishment EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (Old GUTI) [MME] No UE Context [UE MME] Identity Request (UE ID = IMSI) [UE  MME] Identity Response (IMSI) EPS Entity Procedure for UE ID Acquisition [UE  New MME] Attach Request (Old GUTI) [New MME  Old MME] Identification Request (Old GUTI) [Old MME] No UE Context [New MME Old MME] Identification Response (error cause) [UE  New MME] Identity Request (UE ID = IMSI) [UE  New MME] Identity Response (IMSI) EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (IMSI)
  • 9. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 9 Simplified Call Flows of Initial Attach Cases (3/3) § Attach Case 4: Known UE, MME Unchanged UE sends a Attach Request (Old GUTI) message to a MME The MME has the GUTI and UE Context 1) The MME acquires a valid Old GUTI and UE Context from UE (Attach Request message) 2) Then the MME performs EPS Session/Default EPS Bearer Establishment § Attach Case 5: Known UE, MME Changed UE sends a Attach Request (Old GUTI) message to a MME The MME (New MME) didn’t allocate the GUTI, requests UE Context to Old MME and receives the UE Context from the Old MME 1) The MME acquires a valid Old GUTI from the Old MME (Identification Response message) 2) Then the MME performs Location Update and EPS Session/Default EPS Bearer Establishment EPS Entity Procedure for UE ID Acquisition [UE  New MME] Attach Request (Old GUTI) [New MME  Old MME] Identification Request (Old GUTI) [Old MME] UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR) [New MME Old MME] Identification Response (UE Context) EPS Entity Procedure for UE ID Acquisition [UE  MME] Attach Request (Old GUTI) [MME] UE Context (IMSI, Old GUTI, NAS Security Context, UE-AMBR)
  • 10. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: Initial Attach for Unknown UE (Part 1) 10 References and Abbreviations [1] Netmanias Technical Document, “LTE Security I: LTE Security Concept and LTE Authentication”, August 2012, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [2] Netmanias Technical Document, “LTE Security II: NAS and AS Security LTE Security Concept and LTE Authentication”, August 2012, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [3] 3GPP TS 23.401, “GPRS Enhancements for E-UTRAN Access”. [4] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010. [ AKA ASME AV EPS GUTI HSS IMSI LTE MME NAS NAS-MAC UE : Authentication and Key Agreement : Access Security Management Entity : Authentication Vector : Evolved Packet System : Globally Unique Temporary Identifier : Home Subscriber Server : International Mobile Subscriber Identity : Long Term Evolution : Mobility Management Entity : Non Access Stratum : Message Authentication Code for NAS for Integrity : User Equipment Abbreviations