1. Field of the Invention
The present invention relates to a method and related communication device for a wireless communication system and more particularly, to a method of handling a security key change for a wireless communication system and related communication device.
2. Description of the Prior Art
The third generation (3G) mobile communications system has adopted a Wideband Code Division Multiple Access (WCDMA) wireless air interface access method for a cellular network. WCDMA can provide high frequency spectrum utilization, universal coverage, and high quality, high speed multimedia data transmission. The WCDMA method also meets all kinds of QoS (Quality of Service) requirements simultaneously, providing diverse flexible two-way transmission services and better communication quality to reduce transmission interruption rates.
In order to protect user data and signaling information from being intercepted by unauthorized devices, the prior art 3G mobile communications system can trigger ciphering or integrity protection (IP) through a Security Mode Control (SMC) procedure and make sure that data transmission is more secure. The ciphering procedure calculates keystream data through a ciphering algorithm, then the transmitter encrypts plain-text data with the keystream data to generate cipher-text data, and the receiver can decipher the received cipher-text data with keystream data the same as the keystream data used in the transmitter, so as to obtain the plain-text data.
Regarding security of data transfer, the 3rd Generation Partnership Project, 3GPP develops a security architecture specification to provide an Authentication and Key Agreement (AKA) for use between the UE and the core network (CN). With Authentication and Key Agreement, the UE and the CN can authenticate each other and ensure data security and ciphering. That is, a new key set will be allocated to the UE after the AKA is run in a mobile management (MM) layer.
Please refer to FIG. 1, which is a schematic diagram of a key hierarchy for a long term evolution (LTE) in wireless communication system. Based on different security levels, the UE includes a permanent key K, a ciphering key (CK), an integrity key (IK), a base key KASME, a non-access stratum encryption key K(NAS, enc), a non-access stratum integrity K(NAS, int) and a base station level key KeNB. The permanent key K exists in universal subscriber identity module (USIM). CK and IK are used for ciphering and integrity protection in universal mobile telecommunication system (UMTS). The KASME is used between the UE and an access security management entity (ASME). As for a non-access stratum (NAS), K(NAS, enc) and K(NAS, int) are used for encryption and integrity protection of non-access stratum message, respectively. A user plane (UP) key KeNB-UP-enc and radio resource control (RRC) keys KeNB-RRC-int and KeNB-RRC-enc are derived from the KeNB and used for encryption for user plane data, integrity for RRC messages, and encryption for the RRC messages, respectively. The derivative relationship of keys between each level is illustrated in FIG. 1. For example, the KeNB can be derived from the KASME via a particular algorithm and so on. When the UE is operated in a radio resource control connected (RRC_CONNECTED) mode or a LTE_ACTIVE mode, the UE and the eNB derive the UP and RRC keys (i.e. KeNB-UP-enc,KeNB-RRC-int and KeNB-RRC-enc) from the KeNB. When the UE enters an RRC_IDLE or LTE_IDLE mode, the KeNB, KeNB-UP-enc, KeNB-RRC-int, and KeNB-RRC-enc are deleted from the eNB. In addition, as a result of an AKA run in the UE, each key shown in FIG. 1 must be refreshed when a key change is performed following the AKA run.
When the UE is operated in the RRC_CONNECTED or LTE_ACTIVE mode, the four requirements regarding the change of keys in the eNB are described as follows in order to ensure data security:
(1) If the sequence numbers that have a length of finite bits and used for the UP or RRC ciphering/integrity protection are about to wrap around, the respective keys shall be changed.
(2) If a UE has been in LTE_ACTIVE for a long period of time, the keys for UP and RRC ciphering/integrity protection shall be changed, even though the sequence numbers are not close to wrapping-around.
(3) Lifetime of KASME shall be restricted.
(4) If the UE has performed an inter-RAT handover from UTRAN/GERAN to LTE, all keys shall be updated within seconds.
However, in cases of (1) and (2), the AKA is unnecessary to run to get new keys. Changes of eNB-local UP and RRC keys are sufficient. This can, for example, be achieved by deriving new UP and RRC keys from the existing KeNB in the eNB itself, or by deriving a new KeNB from the existing KASME. In cases of (3) and (4), the whole key hierarchy based on KASME must be updated based on a new AKA run.
According to the related specifications, the approach for activating the key change in a RRC_CONNECTED or LTE_ACTIVE mode has not been decided yet. One approach could be an intra-cell handover procedure. Regarding the intra-cell handover procedure, the network performs a handover to the same cell which the UE is already in. Only the AS (Access Stratum) keys are refreshed by the intra-cell handover in similarity with an inter-cell handover. The new AS keys are derived from the previous AS keys.
When the UE is operated in the RRC_CONNECTED or LTE_ACTIVE mode, there are two types of key changes to consider: the key change with the AKA run and the key change without the AKA run. It is not clear in the prior art how the key change should be performed.