Patent Application
20180324160
This disclosure relates to a radio access node in a communication network and a method of operating the same, and in particular relates to a radio access node that supports a plurality of cells.
A trend in today's networks is for the operator to add more frequencies and reduce the size of cells to increase the capacity of mobile broadband. This leads to an increase in UE (User Equipment) reconfigurations and mobility actions. Examples of reconfigurations are when UEs are connected to multiple cells simultaneously, and the eNB (the node with which the UEs communicate over the air interface, and that controls a set of cells) may then enable and disable connectivity with the UE through the set of cells it controls.
The ability to quickly move or resume a UE session between cells becomes increasingly more important in order to fit the traffic patterns associated with short data bursts. A recent addition to the Long Term Evolution (LTE) standards is support for Multi Frequency Band Indicators (MFBI). MFBI has been introduced due to the fact that many LTE bands are partly or fully overlapping. MFBI provides the possibility that one cell can belong to multiple bands, even though it is only serving one physical frequency. Since the Evolved Absolute Radio Frequency Channel Number (EARFCN) of a cell is unique per band, this means that the EARFCN of the cell may differ, depending on which band the UE uses. MFBI has mainly been introduced to reduce the cost to the UEs. By only supporting a limited set of bands, the amount of conformance testing required can be significantly reduced.
The present disclosure relates to security when a UE connects to an eNB through one of a number of cells. In particular, the present disclosure relates to a problem during handover between cells that arises, for example, due to the way in which security of handovers in LTE is tied to the EARFCN. Outlines of security in LTE and handovers in LTE are presented below, however this disclosure should not be interpreted as only applying to LTE.
The communication between the UE and the eNB is encrypted and partially integrity protected. The integrity and encryption keys are derived from a common root key called the KeNB which is shared between the UE and the eNB. The KeNB can be said to be used to protect traffic, and this should be understood as meaning that the KeNB is used to derive encryption and integrity keys that are used to encrypt and integrity protect traffic. Thus the integrity protection and encryption keys are derived from the KeNB and an identifier for which integrity or encryption algorithm the key should be used with. The KeNB is unique to the UE-eNB pair. That is, the same KeNB is never used to protect the traffic between the UE and two different eNBs, and, likewise, the same KeNB is not used to protect traffic between two different UEs and the network. The rationale behind this design is to prevent an attacker that has gained access to or knowledge of a KeNB that is used between a UE and a first eNB to have any use for that KeNB when attempting to break encryption or integrity on traffic between the UE and a physically different eNB.
To ensure that the KeNB is unique per UE-eNB pair, KeNB is changed during handover between two eNBs. For simplicity, KeNB is actually changed on all intra-LTE handovers (e.g. handover between cells), even when the source eNB and target eNB is the same node.
The uniqueness of the UE-KeNB pair during handover is achieved by the fact that the UE and source eNB derive a new KeNB (denoted KeNB*) from the current KeNB, the Physical Cell Identifier (PCI) of the target primary cell (PCell) and the target physical cell downlink frequency. This is specified in clause 7.2.8 of 3GPP TS 33.401 “3GPP System Architecture Evolution (SAE); Security architecture”, version 12.14.0 (2015-03).
More specifically, the input to the key derivation function (KDF) to derive KeNB* is:
A handover between two eNBs without core network involvement, a so-called X2 handover, is described below with reference to
Five problems that relate to the KeNB being bound to the Physical Cell Identifier (PCI) and EARFCN-DL of the primary cell (PCell) are outlined below.
The first of the problems is the prevention of the ability to quickly move or resume a UE session between cells. This is becoming increasingly important in order to fit with traffic patterns associated with short data bursts. The traffic bursts may be sent from the UE to the eNB over one of many cells controlled by the eNB. However, since the encryption is tied to the primary cell (via the use of the EARFCN-DL of the primary cell and the PCI in the derivation of the key KeNB), each time the UE reconnects in another cell a key renegotiation must be performed before traffic can resume. This is where the first problem lies: re-negotiation of the KeNB consumes considerable processor cycles and memory, and it implies that the encryption key also is modified leading to some already ciphered packets having to be buffered, deciphered using the old encryption key and then re-ciphered using the new encryption key. This adds delay that reduces the end-user experience. Moreover, it complicates the implementation of the eNB, leading to increased risk for implementation errors and increased cost for code maintenance. It should be noted that even though no handover is performed, the EARFCN-DL may have changed due to the fact that the UE connects in a different PCell for the same eNB.
Secondly, as discussed above, MFBI provides the possibility that one cell can belong to multiple bands, even though it is only serving one physical frequency. Since the EARFCN of a cell is unique per band, this means that the EARFCN-DL of the cell may differ, depending on which band the UE uses. Consequently, if an eNB wants to enable and/or disable bearers on different frequencies an intra-eNB or intra-cell handover is required according to current standards, and hence the buffering and re-encryption issues remain.
Thirdly, the EARFCN-DL binding to KeNB prevents multi-connectivity being used in a flexible way, e.g. switching freely between PCells without having to suspend all sessions and negotiate a new encryption key. Currently SCells can be reconfigured without suspending the user plane traffic, but when the PCell changes then all user plane traffic must be suspended (even for cells that have good connectivity).
An example is shown in
In existing LTE systems the simultaneous use of multiple carriers is allowed (which is known as carrier aggregation, CA, or multicarrier), but the PCI and EARFCN-DL binding does not cause a problem here. Multicarrier means that a UE can be connected to more than one cell at the same time and use the combined bandwidth to schedule the UE. The UE must have one primary cell but can have several secondary cells. The Physical cell ID of the PCell is used as the input parameter for the KeNB generation, and the EARFCN-DL is taken from the frequency of the PCell as well.
The fourth problem is illustrated with reference to
During reconfiguration of a PCell all data sessions are suspended, regardless of cell quality or bandwidth, due to the KeNB renegotiation. Depending on which cells are selected as the PCell for the UE 8, up to three different KeNB renegotiations could occur when moving from point C to point A. During this time packets are buffered in the eNB 9, re-encrypted and sent out once the KeNB renegotiation is complete. This adds delay to the ongoing data session.
The fifth problem is an additional problem that MFBI has introduced and results from the fact that carrier aggregation is only supported between a limited set of bands (also to reduce UE cost). Since the standard has defined that the UE should initially be configured with the EARFCN-DL of the primary band (if supported by the UE), it may prove that carrier aggregation between that band (of the PCell) and a potential SCell is not supported, but where one of the additional bands of the PCell can be combined with the potential SCell.
In order to provide the possibility of carrier aggregation, the EARFCN-DL of the PCell has to be changed. That is achieved by performing a procedure called intra-cell handover, and is the same mechanism that is used for key-change-on-the-fly to update the KeNB and hence implicitly the encryption key. In terms of signalling this intra-cell handover looks like a handover, but no change of PCell has actually been made.
This, however, introduces the same problem as for normal handovers, where the data session has to be suspended during the intra-cell handover procedure and already ciphered data has to be de-ciphered and re-ciphered again, once the intra-cell handover is completed.
The five problems above are specific to the way security is handled in LTE, although some of the problems may also be evident in other types of communication networks. However, the need to optimise security processing is common to many different types of network.
Therefore there is a need for improvements in the way in which security is handled when a handover occurs between cells supported by the same eNB.
According to a first aspect, there is provided a method of operating a first radio access node in a communication network. The first radio access node supports a plurality of cells that are divided into one or more groups of cells, where at least a first group of cells comprises more than one cell. The method comprises determining a first base key for a communication device that is to connect to the first radio access node via a first cell in a first group of cells; wherein the first base key is determined from an identifier for the first group of cells; using the first base key to determine a first encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell; and in the event that the communication device is to connect to the first radio access node via a second cell in the first group of cells, using the first encryption key to encrypt communications between the communication device and the first radio access node via the second cell.
According to a second aspect, there is provided a first radio access node for use in a communication network. The first radio access node supports a plurality of cells that are divided into one or more groups of cells, where at least a first group of cells comprises more than one cell. The first radio access node is adapted or configured to (or comprises one or more modules configured to) determine a first base key for a communication device that is to connect to the first radio access node via a first cell in a first group of cells; wherein the first base key is determined from an identifier for the first group of cells; use the first base key to determine a first encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell; use the first encryption key to encrypt communications between the communication device and the first radio access node in the event that the communication device is to connect to the first radio access node via a second cell in the first group of cells.
According to a third aspect, there is provided a first radio access node for use in a communication network. The first radio access node comprises a processor and a memory, said memory containing instructions executable by said processor whereby said first radio access node is operative to perform the method according to the first aspect set out above.
According to a fourth aspect, there is provided a method of operating a communication device. The method comprises determining a first base key for a first cell in a first group of cells from an identifier for the first group of cells, the first group of cells being supported by a first radio access node; using the first base key to determine a first encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell; and, in the event that the communication device is to connect to a second cell in the first group of cells, using the first encryption key to encrypt communications between the communication device and the first radio access node via the second cell.
According to a fifth aspect, there is provided a communication device. The communication device is adapted or configured to (or comprises one or more modules configured to) determine a first base key for a first cell in a first group of cells from an identifier for the first group of cells, wherein the first group of cells are supported by a first radio access node; use the first base key to determine a first encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell; and use the first encryption key to encrypt communications between the communication device and the first radio access node in the event that the communication device is to connect to a second cell in the first group of cells.
According to a sixth aspect, there is provided a communication device. The communication device comprises a processor and a memory, said memory containing instructions executable by said processor whereby said communication device is operative to perform the method according to the fourth aspect set out above.
According to a seventh aspect, there is provided a method of operating a node in a communication network. The method comprises determining a first base key for use by a first radio access node and a communication device that is to connect to the first radio access node via a first cell in a first group of cells, wherein the first radio access node supports a plurality of cells that are divided into one or more groups of cells, where at least the first group of cells comprises more than one cell, and wherein the first base key is determined from an identifier for the first group of cells.
According to an eighth aspect, there is provided a node for use in a communication network. The node is adapted or configured to (or comprises one or more modules configured to) determine a first base key for use by a first radio access node and a communication device that is to connect to the first radio access node via a first cell in a first group of cells, wherein the first radio access node supports a plurality of cells that are divided into one or more groups of cells, where at least a first group of cells comprises more than one cell, and wherein the first base key is determined from an identifier for the first group of cells.
According to a ninth aspect, there is provided a node for use in a communication network. The node comprises a processor and a memory, said memory containing instructions executable by said processor whereby said node is operative to perform the method according to the seventh aspect set out above.
According to a tenth aspect, there is provided a computer program product comprising a non-transitory computer readable medium having computer readable code embodied therein. The computer readable code is configured such that, on execution by a suitable computer or processor, the computer or processor is caused to perform any of the method aspects set out above.
Particular embodiments may incorporate one or more of the aspects provided above and elements of certain aspects may be combined.
Certain embodiments of the techniques introduced in this document are described below with reference to the following figures, in which:
The following sets forth specific details, such as particular embodiments for purposes of explanation and not limitation. But it will be appreciated by one skilled in the art that other embodiments may be employed apart from these specific details. In some instances, detailed descriptions of well-known methods, nodes, interfaces, circuits, and devices are omitted so as not obscure the description with unnecessary detail. Those skilled in the art will appreciate that the functions described may be implemented in one or more nodes using hardware circuitry (e.g., analog and/or discrete logic gates interconnected to perform a specialized function, ASICs, PLAs, etc.) and/or using software programs and data in conjunction with one or more digital microprocessors or general purpose computers. Nodes that communicate using the air interface also have suitable radio communications circuitry. Moreover, where appropriate the technology can additionally be considered to be embodied entirely within any form of computer-readable memory, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analog) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
In terms of computer implementation, a computer is generally understood to comprise one or more processors, one or more processing units, one or more processing modules or one or more controllers, and the terms computer, processor, processing unit, processing module and controller may be employed interchangeably. When provided by a computer, processor, processing unit, processing module or controller, the functions may be provided by a single dedicated computer, processor, processing unit, processing module or controller, by a single shared computer, processor, processing unit, processing module or controller, or by a plurality of individual computers, processors, processing units, processing modules or controllers, some of which may be shared or distributed. Moreover, these terms also refer to other hardware capable of performing such functions and/or executing software, such as the example hardware recited above.
Although in the description below the term user equipment (UE) is used, it should be understood by the skilled in the art that “UE” is a non-limiting term comprising any mobile device, communication device, wireless communication device, terminal device or node equipped with a radio interface allowing for at least one of: transmitting signals in uplink (UL) and receiving and/or measuring signals in downlink (DL). A UE herein may comprise a UE (in its general sense) capable of operating or at least performing measurements in one or more frequencies, carrier frequencies, component carriers or frequency bands. It may be a “UE” operating in single- or multi-radio access technology (RAT) or multi-standard mode. As well as “UE”, the general terms “terminal device”, “communication device” and “wireless communication device” are used in the following description, and it will be appreciated that such a device may or may not be ‘mobile’ in the sense that it is carried by a user. Instead, the term “terminal device” (and the alternative general terms set out above) encompasses any device that is capable of communicating with communication networks that operate according to one or more mobile communication standards, such as the Global System for Mobile communications, GSM, UMTS, Long-Term Evolution, LTE, etc. A UE may comprise a Universal Subscription Identity Module (USIM) on a smart-card or implemented directly in the UE, e.g., as software or as an integrated circuit. The operations described herein may be partly or fully implemented in the USIM or outside of the USIM.
One or more cells are associated with a base station, where a base station comprises in a general sense any network node transmitting radio signals in the downlink and/or receiving radio signals in the uplink. Some example base stations, or terms used for describing base stations, are eNodeB, eNB, NodeB, macro/micro/pico/femto radio base station, home eNodeB (also known as femto base station), relay, repeater, sensor, transmitting-only radio nodes or receiving-only radio nodes. A base station may operate or at least perform measurements in one or more frequencies, carrier frequencies or frequency bands and may be capable of carrier aggregation. It may also be a single-radio access technology (RAT), multi-RAT, or multi-standard node, e.g., using the same or different base band modules for different RATs.
Unless otherwise indicated herein, the signalling described is either via direct links or logical links (e.g. via higher layer protocols and/or via one or more network nodes).
It will be appreciated that only the components of the UE 42, radio access node 40 and core network node 36, 38 discussed in the context of the embodiments presented herein are illustrated in
Although the embodiments of the present disclosure will mainly be described in the context of LTE, it will be appreciated by those skilled in the art that the problems and solutions described herein are equally applicable to other types of wireless access networks and user equipments (UEs) implementing other access technologies and standards, and thus LTE (and the other LTE specific terminology used herein) should only be seen as examples of the technologies to which the techniques can be applied.
As noted above, there are several problems with the current handling of security in an LTE communication network, particularly relating to handling of security during the handover procedure between cells supported by the same radio base station (eNB). The techniques provided below therefore provide improvements in the way in which security is handled when a handover occurs between cells supported by the same eNB. In particular the techniques described herein provide a simple and fast way to allow a UE to enable and disable connectivity to an eNB through multiple cells (including PCells) that may have different EARFCN-DL, without having to reconfigure the encryption too frequently, for example in a deployment scenario where PDCP is centralized or when several eNBs are allocated in the same hardware equipment. Currently such an action requires re-keying and hence causes significant processing delays and the need to storage packets in a buffer.
As part of the techniques described herein, for an eNB that supports a plurality of cells, the cells are grouped into one or more groups. These groups are referred to herein as “security areas”, although this name should not be seen as limiting. Each group can comprise more than one cell, and it is possible for all of the cells of an eNB to be in the same group. At least a first group of cells comprises more than one cell, and in some embodiments, each group comprises at least two cells. Each of the security areas (groups) is given a respective identifier that is referred to herein as a “security area identifier”. Thus, a “security area identifier” may be shared by two or more physical cells or beams.
The particular cells that belong to the same security area may be determined, e.g., based on whether the encryption of the traffic for the collection of cells is performed within the same secure environment. For example, an eNB may have a distributed architecture, where the encryption is performed in physically different hardware, and the main gain of changing KeNB at a handover is, as pointed out above, to protect keys that are used in different physical eNBs (or physically different entities performing the functions of a distributed eNB implementation).
Within a security area, the techniques described herein provide that an Access Stratum (AS)-base key, for example KeNB and encryption keys derived from it, for a particular communication device/terminal device (UE) can be reused by the UE in each of the cells of the security area (group). Put another way, the eNB 40, within a given security area, uses the same KeNB, and encryption key derived from it, for a specific UE (and likewise the UE uses the same KeNB, and encryption keys derived from it, for the different cells in the security area). It will be appreciated that if the same integrity or encryption algorithm is used and the KeNB remains the same, then the encryption key and integrity key will also remain the same. This reuse of the keys enables the UE to move (e.g., handover) between cells in a group without the eNB 40 or UE 42 having to reconfigure the AS-base key, KeNB, or an associated encryption key, and hence the eNB can seamlessly activate and deactivate cells for a UE inside the security area in a very fast and flexible way. If the UE moves (e.g., hands-over) to a cell that is in a different security area (e.g. a cell of the same eNB that is in a different group, or a cell that is supported by a different eNB), then a new AS-base key (denoted KeNB*) is derived by the relevant eNB 40 and the UE 42, along with a new encryption key, for use by the UE in that other security area. It will be appreciated that the UE and the eNB may share more than one KeNB at any given time.
The following description indicates how to keep the KeNB the same at different events relating to cell-change, and it will be understood by those skilled in the art that keeping the KeNB the same will mean that the encryption key and integrity key will also remain the same provided that the same encryption/integrity protection algorithms are used.
It will be appreciated that with the above techniques the UE can reconnect to any cell within a particular security area and resume the current configuration, which comprises continuing to use the same KeNB and encryption key. This reduces the setup delay considerably, thereby improving the end user experience and performance.
An exemplary grouping of cells into two groups for an eNB 40 is shown in
It will be appreciated that although Cells 1-6 are shown as generally covering a respective geographical area, it is possible that two or more of the cells could substantially spatially overlap (for example if they use different frequencies).
The eNB 40 can inform the UE about which security area a certain cell belongs to, and the identifier for the security area. This information can be communicated to the UE in one of a number of ways, for example in system control information (e.g., in a System Information Block, SIB) or in dedicated UE signalling (e.g., Radio Resource Control (RRC), Radio Link Control (RLC), or Medium Access Control (MAC) signalling).
In some embodiments, the security configuration is, for all practical purposes, made distinct to the security area by making the AS-base key dependent on the security area itself. In particular, the AS-base key can be made dependent on the security area by deriving the AS-base key using the security area identifier as an input to the key-generation function. The AS-base key can be generated from different types of existing key material. For example, it can be generated from a previous AS-base key (e.g., a KeNB, and the new AS-base key would then correspond to the KeNB*). It could also be generated from an NH value or KASME, as described above. The AS-base key can be derived from such previous keys using a Key Derivation Function (KDF), for example, HMAC-SHA256.
In conventional LTE, an eNB may prepare a number of potential target cells for handover. During the preparation, the eNB will provide the potential target cells with keying material to be used with the UE in case the UE is handed over to that particular target cell. To avoid an eNB of a potential target cell that is not selected for handover getting the keying material (e.g. KeNB*) that is used between the actual target cell and the UE, the source eNB individually calculates the keying material for each potential target cell. Specifically, the source eNB includes the PCI and EARFCN-DL for the target cell in the key material calculation.
In contrast, by using the security area identifier in the derivation of the AS-base key, the result is that two or more prepared target cells that belong to different security areas will get different KeNB*s. This ensures that if an attacker that gets hold of the KeNB* of one of the prepared target cells, this will not jeopardise the security of the KeNB*s of the other prepared target cells.
It is noted that this does not make the security model weaker. Even though there is a handover between two cells (within a security area), they are both controlled by the same eNB and hence an attacker that breaks into that eNB would, in the current security model in LTE, get the single KeNB used for both cells. With the techniques described herein, the attacker would get both keys.
An example of generating a KeNB* according to the above principle in the context of LTE is: AS-base key=KDF(KeNB, S), where KDF is as defined in 3GPP TS 33.401 referenced above, KeNB is the currently active KeNB, and S is the set of parameters FC, P0, L0 encoded as defined in 3GPP TS 33.401, where FC is a functional code, P0 is an encoding of the security area identifier and L0 is the length of the encoding of the security area identifier in octets. It will be appreciated by those skilled in the art that other parameters can be included in the key derivation function call. Other derivation functions are also possible. The security area identifier may be encoded as an integer, a bit-string, an ASCII string or other representation. The important part is that the same security area identifier is not used for two security areas that can be simultaneously prepared for handover of a UE, as described above.
The security area identifier is used to generate the AS-base key instead of a cell identity (e.g. the PCI) and frequency (e.g. the EARFCN-DL). By generating the AS-base key without using the PCI and EARFCN-DL of the PCell, the base key is not forced to be updated for each change in the PCell. It will be appreciated that in some embodiments the security area identifier might not be the only input to the AS-base key generation function, and it is possible for the AS-base key to be derived using other parameters in addition to the security area identifier.
The eNB 40 may establish a connection to the UE via one or more cells and release these connections using the same KeNB (or at least the same encryption key) each time.
As noted above, an eNB 40 can be understood (and implemented) as a number of distributed functions, and the location of the security handling (i.e. PDCP and RRC) in the radio access network can decide how big the security areas can be without breaking any security principles.
An exemplary method of operating a radio access node (e.g. an eNB in an LTE network) 40 according to the techniques described herein is shown in
In a first step, step 901, the first radio access node 40 determines a first base key, referred to as a first AS-base key (e.g. a KeNB) below for a communication device 42 that is to connect to the first radio access node 40 via a first cell in the first group of cells (e.g. via Cell 1 in security area 80 in
Next, in step 903, the first radio access node 40 uses the first AS-base key to determine a first encryption key that is to be used to encrypt communications between the communication device 42 and the first radio access node 40 via the first cell. The first encryption key can be used to encrypt communications, e.g. user plane data or control plane data, between the communication device 42 and the radio access node 40. It will be appreciated that respective encryption keys can be derived from the first AS-base key for encrypting each of user plane data and control plane data.
In step 905, which can be performed during a handover procedure to a second cell, it is determined whether the second cell that is in the first group of cells (e.g. one of Cells 2-4 in security area 80 in
If it is determined that the communication device 42 is to connect to a second cell that is in the first group of cells, then rather than determine a new base key (e.g. KeNB*) and hence also a new encryption key as in a conventional system, the radio access node 40 uses the first encryption key to encrypt communications between the communication device 42 and the radio access node 40 via the second cell (step 907).
However, if at step 905 it is determined that the communication device 42 is to connect to a second cell that is not in the first group of cells then the first radio access node 40 (that is supporting the first cell) determines a second (AS-)base key for the communication device 42 for use with the second cell (step 909). In particular, the first radio access node 40 can determine the second base key from an identifier for the group of cells that the second cell is part of (e.g. from the identifier for security area 82 in
Although not shown in
If the first radio access node 40 supports both the first cell and the second cell, then after step 909 the radio access node 40 uses the second base key to determine a second encryption key that is to be used to encrypt communications between the communication device 42 and the first radio access node 40 via the second cell (step 911).
If the second cell is supported by a second radio access node, the second base key determined in step 909 is sent by the first radio access node to the second radio access node (i.e. step 911 as shown in
In some embodiments, the first radio access node can send an indication of the identifier for the first group of cells to the communication device 42 (so that the communication device 42 can also determine the first base key).
When the communication device 42 connects to the first radio access node via a first cell (e.g. Cell 1 in security area 80 in
Next, in step 1003, the communication device 42 uses the first AS-base key to determine a first encryption key that is to be used to encrypt communications between the communication device 42 and the first radio access node 40 via the first cell. The first encryption key can be used to encrypt communications, e.g. user plane data or control plane data, between the communication device 42 and the first radio access node 40 via the first cell. It will be appreciated that respective encryption keys can be derived from the first AS-base key for encrypting each of user plane data and control plane data.
In step 1005, which can be performed during a handover procedure to a second cell, it is determined whether the second cell is in the first group of cells (e.g. one of Cells 2-4 in security area 80 in
If it is determined that the communication device 42 is to connect to a second cell that is in the first group of cells, then rather than determine a new AS-base key (e.g. KeNB*) and hence also a new encryption key as in a conventional system, the communication device 42 uses the first encryption key to encrypt communications between the communication device 42 and the first radio access node 40 via the second cell (step 1007).
However, if at step 1005 it is determined that the communication device 42 is to connect to a second cell that is not in the first group of cells, then the communication device 42 determines a second AS-base key to use with that cell (step 1009). In particular, the communication device 42 can determine the second AS-base key from an identifier for the group of cells that the second cell is part of (e.g. from the identifier for security area 82 in
The communication device 42 then uses the second AS-base key to determine a second encryption key that is to be used to encrypt communications via the second cell (step 1011). This second encryption key can then be used to encrypt communications via the second cell.
In some embodiments the communication device 42 can receive an indication of the identifier for the first group of cells from the first radio access node 40. In alternative embodiments, the communication device 42 can receive an indication of the identifier for the first group of cells from a node other than the first radio access node 40.
An exemplary method of operating a network node according to another embodiment of the techniques described herein is shown in
Thus, in step 1101, for a communication device 42 that is to connect to a first radio access node 40 via a first cell in a group of cells supported by the first radio access node 40, the network node determines a first base key for use by the first radio access node and the communication device. The first base key is determined from an identifier for the first group of cells. The base key is to be used for determining an encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell.
Although not shown in
Embodiments of the techniques described herein can provide a number of advantages. For example the techniques can provide the ability to combine several cells into a secure area within which the UE can securely move, switch or reconnect between the cells with minimum delay and low signalling cost. The techniques can also improve PDCP performance at packet forwarding (reduces processor requirements and buffering) since the same encryption key is used in the target and source cells. The techniques enable multi-connectivity in a more flexible way (UE and eNB can swap between PCell and SCell without key reconfiguration). MFBI can be enhanced, where the EARFCN-DL of the PCell can be changed without requiring key reconfiguration. It is possible to reconnect fast even if the PCell is not the same as before. Support for centralised PDCP nodes can be improved since no re-keying is required at intra security area handover. The need to stall and synchronise component carriers other than the one that is actually being reconfigured is removed (this improves multi-connectivity handover where each component carrier could be configured individually). The techniques enable the possibility of using the already configured encryption in UE to send small data packets without having to go from IDLE to CONNECTED mode, still with the same level of security as CONNECTED. The network can be configured during cell planning so that the KeNB is only changed when the risk level is too high. For example, there is no need to change the KeNB for security purposes when performing a handover between two cells belonging to the same physical eNB. The techniques enable a simpler architecture that allows for a better split of user and control plane. Overall the techniques simplify key handling for the UE and RAN and reduces core network signalling at reconnect within the same security area.
Modifications and other variants of the described embodiment(s) will come to mind to one skilled in the art having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the embodiment(s) is/are not to be limited to the specific examples disclosed and that modifications and other variants are intended to be included within the scope of this disclosure. Although specific terms may be employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Various embodiments are set out in the following statements:
1. A method of operating a first radio access node in a communication network, the first radio access node supporting a plurality of cells that are divided into one or more groups of cells, each group comprising more than one cell, the method comprising:
2. A method as defined in statement 1, wherein the method further comprises the step of:
3. A method as defined in statement 2, wherein if it is determined that the communication device is to connect to a second cell that is not in the first group of cells, the method further comprises the steps of:
4. A method as defined in statement 3, wherein the method further comprises the steps of:
5. A method as defined in any of statements 1-4, wherein the method further comprises the step of:
6. A method as defined in any of statements 1-5, wherein the first base key is an Access Stratum, AS, base key, KeNB.
7. A method as defined in any of statements 1-6, wherein the first radio access node is an eNB in a Long Term Evolution, LTE, network.
8. A first radio access node for use in a communication network, the first radio access node supporting a plurality of cells that are divided into one or more groups of cells, each group comprising more than one cell, the first radio access node being adapted to:
9. A method of operating a communication device, the method comprising:
10. A method as defined in statement 9, wherein the method further comprises the step of:
11. A method as defined in statement 10, wherein if it is determined that the communication device is to connect to a second cell that is not in the first group of cells, the method further comprises the steps of:
12. A method as defined in any of statements 9-11, wherein the method further comprises the step of:
13. A method as defined in any of statements 9-12, wherein the first base key is an Access Stratum, AS, base key, KeNB.
14. A method as defined in any of statements 9-13, wherein the first radio access node is an eNB in a Long Term Evolution, LTE, network.
15. A communication device, the communication device being adapted to:
16. A method of operating a node in a communication network, the method comprising:
17. A method as defined in statement 16, wherein the first base key is for determining a first encryption key that is to be used to encrypt communications between the communication device and the first radio access node via the first cell.
18. A method as defined in statement 16 or 17, wherein the method further comprises the step of:
19. A method as defined in statement 16, 17 or 18, wherein the node is a node in a core network part of the communication network, or a node in a radio access part of the communication network.
20. A node for use in a communication network, the node being adapted to:
21. A computer program product comprising a non-transitory computer readable medium having computer readable code embodied therein, the computer readable code being configured such that, on execution by a suitable computer or processor, the computer or processor is caused to perform the method of any of statements 1-7, 9-14 and 16-19.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/SE2016/050880 | 9/20/2016 | WO | 00 |
| Number | Date | Country | |
|---|---|---|---|
| 62239062 | Oct 2015 | US |
