Page 272 - From GMS to LTE
P. 272
258 From GSM to LTE-Advanced Pro and 5G
In the next step, the mobile device returns an RRC Connection Setup Complete mes-
sage to the eNode‐B. In the RRC part of the message, the mobile device informs the
eNode‐B to which MME it was last connected. In LTE, an eNode‐B can communicate
with more than a single MME for load balancing and redundancy reasons. If no infor-
mation about the previous MME is given, the eNode‐B selects one on its own.
The RRC Connection Setup Complete message also contains an embedded NAS
message, the actual Attach Request message, which the eNode‐B transparently forwards
to the MME it has selected. Part of the message is the Globally Unique Temporary
Identity, or GUTI for short, which is linked to the subscriber’s IMSI (International
Mobile Subscriber Identity). The GUTI is similar to the Packet TMSI in UMTS and is a
temporary identifier that the device was assigned when it was previously connected to
the network. This enables the MME to locate the subscriber’s record in its cache or
to find the MME to which the device was previously connected to so that it can inform
the old MME that the device has changed its location and to retrieve the user’s sub-
scription profile.
The signaling connection is then used for mutual authentication between the network
and the mobile device. As in UMTS, mutual authentication ensures that the network
can be sure about the identity of the device and that the device can validate that it is
communicating to a network that has properly obtained the authentication information
from the HSS. This effectively prevents a man‐in‐the‐middle attack. After the authenti-
cation procedure, the MME then sends a Security Mode Command message to activate
integrity checking and, optionally, encryption of all messages between the MME and
the mobile device. Integrity checking ensures that signaling messages between a mobile
device and the MME cannot be modified by an attacker. A Security Command Complete
message completes the transaction, and all further signaling messages are sent with an
integrity checksum and are optionally encrypted.
Once the subscriber is authenticated, the MME confirms the successful authentica-
tion to the HSS by sending an Update Location Request message to the HSS, which
responds with an update location acknowledge.
To also protect user data packets and signaling messages that are exchanged between
the mobile device and the eNode‐B requires an additional Security Mode Command/
Complete procedure. This procedure is not performed with the MME but directly
between the mobile device and the eNode‐B.
As further shown in Figure 4.18, the eNode‐B then asks the mobile device to provide
a list of its supported air interface functionalities with a UE capability inquiry. The
mobile device responds to the message with a UE Capability Information message
which contains information such as the supported radio technologies (GSM, UMTS,
CDMA, etc.), frequency band support of each technology, RoHC header compression
support (e.g. for VoIP) and information on optional feature support. This information
helps the eNode‐B later on to select the best air interface parameters for the device and
also helps to select the interband and interradio technology measurements that it
should configure so that the device can detect other networks for a handover when it
leaves the LTE coverage area. This information is also forwarded to the MME.
Session Creation
Once the MME has received the Update Location Acknowledge message from the
HSS, it starts the session establishment process in the core network that results in the
