In a Long Term Evolution (LTE) network, User Equipment (UE) communicates with enhanced Node B (eNodeB) network entities. The eNodeBs are controlled by Mobility Management Entities (MME). When a UE attaches to the LTE network, the UE and associated MME undergo an Authentication and Key Agreement (AKA) process, which authenticates the UE and network to each other. The AKA process also generates keys for ciphering traffic between the UE and the network. When the AKA process is complete, most of the message traffic exchanged between the UE and the network is ciphered before transmission. The ciphered traffic cannot be read unless the receiving party has the key that the sending party used to cipher the messages.
Additional problems arise when UE handover occurs between eNodeBs. The keys needed to decipher messages for a UE attached to a first eNodeB can be used when the UE is handed over to another eNodeB. However, when S1-based or X2-based handover occur, network monitoring equipment will unlikely see a new AKA procedure for the UE handover. Accordingly, monitoring system must identify the proper security context for the handed over UE to decipher traffic through the new eNodeB. The algorithms available on 3G networks for correlation of keys for monitoring purposes cannot be used on LTE/SAE networks due to differences in technology. The LTE network structure is completely different from 3G networks, including different interfaces and different type of data. Accordingly, algorithms already in place for other networks cannot be used in solving the problem of tracking keys for use in handover.