In LTE-Rel-13 and LTE-Rel-14, security aspects of radio resource control (“RRC”) connectivity are discussed and standardized in 3GPP. RRC messaging may be used to perform a number of connectivity functions including RRC establishment, re-establishment, resume, and reconfiguration between a UE and an eNB. In LTE, certain security features such as integrity protection and ciphering are performed by PDCP. In UMTS, integrity protection of the Control Plane (CP) is performed by RRC itself, whereas ciphering is performed by the RLC layer. The assumption in LTE for RRC messages is that the RRC messages would be both integrity protected and ciphered unless an exception was required and acceptable.
The transmission of RRC messages may be communicated using signaling radio bearers (SRBs). There are several types of SRBs, including SRB0, SRB1, and SRB2. SRB0 is used for RRC messages using the common control channel (“CCCH”), while SRB1 and SRB2 use the dedicated control channel (“DCCH”). SRB0 typically does not include integrity protection or ciphering, while signaling messages over SRB1 typically include both integrity protection and ciphering. Moreover, SRB2 is typically configured after security activation has occurred. RRC connectivity also addresses the availability of data radio bearers (“DRBs”). While SRBs are used to transfer RRC signaling messages, DRBs carry User Plane content over the air interface. Depending on the services used by a UE, a number of DRBs can be established.
The security procedures for RRC messaging may depend on the type of RRC messaging being used between the UE and eNB. For example, narrow band internet of things (“NB-IoT”) is a Rel-13 feature supporting two alternative ways of transporting data. NB-IoT is optimized for small infrequent data from a very large number of devices. When data is transported over the U-plane, the RRC connection can be suspended to be resumed at a later time to reduce signaling due to state transitions. As another example, if a radio link failure or handover failure occurs between the UE and eNB, the UE may initiate a RRC connection re-establishment procedure to re-establish the SRB1 operation and reactivate the security algorithms used by the UE and eNB.
A number of technical issues arise when a UE and eNB exchange RRC messaging.