1. Field of the Invention
The invention generally relates to telecommunications. In particular, the invention relates to changing a security algorithm during handover which security algorithm is used in a Radio Access Network.
2. Description of the Related Art
Typically only one security algorithm—if even that—is used today to secure telecommunications traffic over a Radio Access Network. For example, present implementations of Third Generation Partnership Project (3GPP) mobile telecommunications networks typically implement one security algorithm for such a purpose. It is to be understood that, in the present context, “security” comprises at least one of ciphering and integrity protection.
However, it is expected that future embodiments of mobile telecommunications networks will implement at least two security algorithms to secure telecommunications traffic over a Radio Access Network work. Thus, for example, if one security algorithm is compromised by an intruder, the compromised security algorithm can be replaced with another one. An example of such a mobile telecommunications network technology that supports multiple security algorithms is LTE (Long Term Evolution) enhanced 3GPP mobile telecommunications network technology.
Yet, at the same time, a single network element might support only a portion of available multiple security algorithms. For example, a mobile station might support a first security algorithm and a second security algorithm, while a present base station might support (or e.g. simply prefer) only the second security algorithm. In such a case, if the mobile station was previously communicating with a prior base station using the first security algorithm, the mobile station will have to switch over to using the second security algorithm when it starts to communicate with the present base station (due to e.g. being handed over from the prior base station to the present base station).
Presently, this switching over or changing of security algorithms is implemented via algorithm negotiations performed between a mobile station and a base station. Such prior art negotiations have significant drawbacks, however. For example, messages used in these negotiations are typically not secured. Rather, a mobile station and a base station exchange plaintext messages first about which security algorithms each one supports, and then about which one of the security algorithms will be selected for use in communication between the mobile station and the base station. Such prior art security algorithm negotiations are both inefficient and unsecured.