The evolved packed system (EPS) is a standardized cellular telecommunication standard, standardized within the Third Generation Partnership Project (3GPP). EPS is a part the long-term evolution (LTE) of third-generation cellular systems designed to meet demands for higher user bit rates. Within the EPS, Access Stratum (AS) traffic is protected by cryptographic means. In particular the user plane is confidentiality protected and the Radio Resource Control (RRC) signaling is both confidentiality and integrity protected. The keys used for providing encryption are derived from a cryptographic key called K_eNB.
At handovers of mobile station, also referred to as User Equipment (UE), from one base station the K_eNB of an originating source base station is transformed in the source evolved Node B (eNB), i.e. the base station into a transformed key called K_eNB* before it is delivered to the target eNB. Presently, the target eNB transforms the K_eNB* together with a user target eNB Cell Radio Network Temporary Identifier (C-RNTI). Hereby it is possible to provide continued encryption between the UE and the target base station using the transformed cryptographic key.
Furthermore it has been decided that not only the intended target cell should be prepared to accept a particular mobile station but also other base stations shall be able to do so. The underlying reason is to help recover from radio link failure, and in particular failed handovers. To facilitate acceptance by other base stations besides the target base station, the source base station eNB sends key information and a Terminal Identity Token (TeIT) to the set of “to-be-prepared” base stations. Typically the source base station eNB sends key information and a Terminal Identity Token (TeIT) to base stations located close to the target base station and/or close to the source base station. However, if the same security token is shared by all eNBs in the to-be-prepared set, any one of those could masquerade as the mobile station, at least until AS protection is enabled.
A problem within the existing proposed standard is that the same transformed key K_eNB* should not be used by all base stations as this would allow all base stations in the to-be-prepared set to generate the K_eNB finally used by the base station after hand over, see the contribution to SA3, Td S3a070975. One proposed solution is that the system generates initial data which is used in transformation of K_eNB for a given base station eNB in the to-be-prepared set of base stations. This initial data is then forwarded together with the corresponding base station key K_eNB* to the base station eNB. Also, the document “Key refresh in SAE/LTE, S3-070234”, XP-002445697 describes a method where data is sent over the air-interface to generate input when generating a new base station key.
However, there exists a constant demand to reduce complexity and enhance security in existing telecommunication systems. Hence there exists a need for an improved method for providing secure communication in a cellular radio system.