The present invention relates to inter-node handover in a communication network, and particularly relates to secure, synchronized handovers between nodes. Within the scope of 3GPP E-UTRAN (Long Term Evolution or “LTE”) standardization, solutions for inter-eNB/cell handover have been agreed. As an example of inter-node handover, see FIG. 1. As used herein, E-UTRAN denotes the cellular radio system developed/standardized by 3GPP, and “eNB” denotes a E-UTRAN radio base station node (could serve multiple E-UTRAN cells).
The handover solution allows for lossless and in-order delivery of both uplink and downlink packets. For user plane data it has been agreed to use selective packet forwarding. This means that the user plane protocol machine needs to be relocated from the source eNB to the target eNB, meaning that the Packet Data Convergence Protocol (PDCP) sequence numbers are maintained during the handover procedure. Selective forwarding makes it possible for the receiving entity to receive duplicated and out of order packets and still be able to provide in order delivery.
The PDCP sequence numbers are also used as an input to the user plane ciphering process. Each user plane flow (radio bearer) in each direction (uplink/downlink) has its own PDCP sequence number machine. Further, in addition to the PDCP sequence number which is included in every uplink/downlink packet sent over the radio interface, there is also defined an overflow sequence number, or hyper frame number (HFN).
The HFN is also used as input to the ciphering algorithm but it is not sent over the radio interface. The HFN is incremented every time the packet data transmission sequence number (PDCP sequence number) rolls over (e.g. between 255->0). The HFN sequence number is also unique for every Radio Bearer (RB) in both uplink and downlink. The HFN is implicitly incremented both in the UE and eNB every time the PDCP sequence number rolls over (overflow event).
It has been concluded that the ciphering key used in the target cell should be different from the ciphering key used in the source cell, thus avoiding completely the security risk that the same ciphering key and sequence number is used in both the source and target cell. However, to date it has not been determined in 3GPP what should be done with the HFN during handover. Because the ciphering key is changed at the handover, from a security point of view it is acceptable to re-use in the target cell the old HFN values that were in use in the source cell.
However, no good solution has been proposed for managing the HFN numbers during the handover. One possible solution is to set the HFN to zero or some fixed value in the target cell. One problem with this approach is that if, at the time of handover (HO), the PDCP sequence number for a given one of the radio bearers being handed over is very close to the value where the HFN should be incremented, there is a risk that the mobile station (also referred to as user equipment or “UE”) and the target eNB (base station) would get de-synchronized.
As one example, consider that the mobile station after entering the target cell receives packets with sequence numbers (SNs) pertaining to just after the HFN increment point, but in the source cell the mobile station had only received packets before the HFN increment point. In this circumstance, the mobile station has no way of knowing whether the HFN was incremented in the source cell (but there was packet loss hiding the event from the mobile station in the source cell) or should have been incremented in the target cell (but there was packet loss hiding the event from the mobile station in the target cell). Because of this ambiguity, the mobile station behavior cannot be specified. For the two cases, different HFN values need to be assumed by the mobile station for the affected downlink radio bearer, but mobile station cannot determine which HFN value should be used.
Another approach to the synchronization problem relies on synchronizing the PDCP sequence number between the UE and the target eNB. It is technically possible to send explicit signaling between the UE and the eNB in the target cell to inform the other entity of the next expected PDPC sequence for each radio bearer being handed over. Doing so allows the other entity to know when the HFN is incremented. One disadvantage of this solution is that it increases the required signaling and introduces longer service interruption, because it is not be possible to send any user plane data during the synchronization step.
Another solution is to synchronize the HFN values between the source and target eNB and continue in the target cell with the same HFN as in source. It is technically possible to send explicit signaling between the source and target eNB so that the target eNB is aware of the uplink and downlink HFNs. This signaling may only take place after the last packet was sent/received in the source eNB. Otherwise, there is a risk that the HFN values will be out of date in the target eNB. One disadvantage to this solution is that it increases the required signaling between the eNBs and it could introduce delays or cause de-synchronization if the message from the source eNB to the target eNB is lost or delayed.