Along with rapid development of smart terminals, there are constantly growing demands of users for the rates and capacities of data services, and thus a traditional single-layer network of coverage by a macro base station (macro eNB) has failed to accommodate the demands of the users. In view of this, this problem has been addressed in the Third-Generation Partnership Project (3GPP) by hierarchical networking so that some low-power base stations (in the forms of femto/pico/relay node or the like) are deployed in an environment with small coverage including a hotspot area, an indoor environment at home, an office environment or the like for the purpose of cell splitting to enable an operator to provide a user with a service at a higher data rate and a lower cost.
However there may be some negative effect accompanying an increase in capacity of the network due to hierarchical networking, where a cell of a low-power base station has such a small coverage area that a moving User Equipment (UE) is handed over too frequently, thus adding a risk of interrupted communication of the UE during the handover.
FIG. 1 illustrates the network architecture of an Evolved Universal Terrestrial Radio Access Network (E-UTRAN), where the E-UTRAN is composed of evolved base stations (eNBs). An eNB functions as an access network and communicates with the UE via an air interface. There are both a control plane connection and a user plane connection between the UE and the eNB. For each UE attached to the network, there is a Mobility Management Entity (MME) serving the UE, and the MME and the eNB are connected with an S1-MME interface. The S1-MME interface provides the UE with a service including the functions of mobility management and bearer management to the control plane.
A Serving Gateway (S-GW) and the eNB are connected with an S1-U interface, and for each UE attached to the network, there is an S-GW serving the UE. The S1-U interface provides the UE with a service to the user plane, and user plane data of the UE is transmitted between the S-GW and the eNB over a bearer of the S1-U interface.
In the existing hierarchical network as illustrated in FIG. 2, the macro base station provides basic coverage, and a low-power small base station (a local eNB) provides hotspot coverage, where there is a data/signaling interface (which may be a wired or wireless interface) between the local eNB and the macro eNB, and the UE can operate under the macro eNB or the local eNB. Since a cell controlled by the local eNB has a small coverage area and there are a small number of UEs served by the local eNB, the UE connected with the local eNB tends to be provided with a better quality of service, e.g., a higher traffic rate, a higher-quality link, etc. Thus when the UE connected with the macro eNB approaches the cell controlled by the local eNB, the UE can be handed over to the local eNB to be served by the local eNB; and when the UE moves away from the cell controlled by the local eNB, the UE needs to be handed over to a cell by the macro eNB to maintain the wireless connection.
In order to lower the risk of dropped call, there is proposed a network architecture in which the user plane can be separated from the control plane, where the network architecture involves a scenario with hierarchical network deployment of local and macro eNBs.
FIG. 2 illustrates the network architecture in which the user plane can be separated from the control plane. In this way, when the UE is located in the area covered by only the cell of the macro eNB, both the control plane connection and the user plane connection of the UE are active at the macro eNB; and when the UE moves to the area covered by both the cell of the macro eNB cell and the cell of the local eNB, (all or a part of) the user plane bearer connection of the UE is handed over to the local eNB for a higher traffic rate; and the control plane connection is still maintained at the macro eNB to thereby prevent a dropped call of the UE due to a failure in the control plane connection handover.
In the event that the user plane of the UE is separated from the control plane, the UE is connected with both of the eNBs concurrently.
In the event that user plane is separated from the control plane, FIG. 3 and FIG. 4 illustrate protocol stacks between the UE and the network. The user plane eNB of the UE (e.g., the local eNB, when a part of the user plane bearer of the UE is active at the local eNB, the macro eNB is also provided with the user plane protocol stack) provides the UE with the function of transmitting user plane data but without any peer Radio Resource Control (RRC) layer provided for the UE so that no RRC control can be performed on the UE; and the control plane eNB of the UE (e.g., the macro eNB) provides the UE with the function of transmitting a control plane message, and in order to carry and process an RRC message, the macro eNB needs to be provided with a peer user plane protocol stack for the UE. Since a Non-Access Stratum (NAS) message needs to be carried in an RRC message, the serving MME of the UE is connected with the control plane eNB of the UE.
In the existing protocol, an RRC connection is composed of three Signaling Radio Bearers (SRBs), which are an SRB0, an SRB1 and an SRB2, where no processing at the Packet Data Convergence Protocol (PDCP) layer is necessary for the SRB0. At the user plane, a plurality of Data Radio Bearers (DRBs) can be set up between the UE and the eNB. PDCP entities correspond to the DRBs/SRB1/SRB2, and each DRB, the SRB1 and the SRB2 correspond respectively to a set of PDCP entities. Thus there may be a plurality of sets of PDCP entities for the UE.
Security of the air interface between the UE and the eNB is protected at the PDCP layer. An RRC message is encrypted and integrity protected at the PDCP layer, and a user data packet transmitted over a DRB is encrypted for protection. The UE and the eNB negotiate in the RRC message about a security algorithm of the air interface and calculate a key for the air interface and then configure the Packet Data Convergence Protocol (PDCP) layer with the key for use.
Each data packet is assigned with a sequence number, denoted as a count value, at the PDCP layer. The UE and the eNB maintain an uplink count value and a downlink count value respectively for each PDCP entity. The count values increase gradually as the data packets are transmitted until they reach their maximums wrap around to zero.
For security protection, the count values at the PDCP layers are one of input parameters, where each count value is used only once. The count values are introduced to thereby ensure that each data packet is encrypted or integrity protected using different security parameters so as to lower the possibility of cracking information contents by an intruder. The eNB and UE will change the key by handover when the counts reach their maximums. At present the length of the counts is 32 bits.
For the architecture where there are only user plane functions on the local eNB, the local eNB can not update the key for the air interface but the key will be updated by the macro eNB. Neither can the macro eNB be aware real time information about the count values at the PDCP layer on the local eNB nor can the local eNB be aware of information about the PDCP count values corresponding to the SRBs or a part of the DRBs (if any) on the macro eNB.
Since the key update process is typically performed by the macro eNB, when some PDCP count value of some UE reaches a preset value, the key update flow is initiated to update the key. However since the macro eNB can not be aware of real time information about the count values at the PDCP layer on the local eNB, such a situation may occur that PDCP count value of some DRB on the local eNB has wrapped around whereas the original user plane key is still being used between the UE and the local eNB so that the same set of security parameters have been used twice, thus increasing the possibility of cracking communication information of the UE by the intruder and degrading the security performance of the network.