Page 287 - From GMS to LTE
P. 287

Long Term Evolution (LTE) and LTE-Advanced Pro  273

               Network 3:
                 Time until DRX is enabled: 200 ms;
               ●
                 DRX short cycle time: none;
               ●
                 DRX long cycle time: 80 ms;
               ●
                 On‐duration: 4 ms;
               ●
                 Time alignment: 1.92 seconds;
               ●
                 Time until idle: 30 seconds.
               ●
                Network 3 is provisioned quite differently. While it also enters DRX mode in a  fraction
               of a second, the DRX cycle time is much shorter than in networks 1 and 2. Equally, the
               on‐duration is much shorter. And finally, the time alignment can be considered lost
               after only 1.92 seconds, which means power saving is much higher than in the two
               examples above. After no data transmission for 30 seconds, the network sets the
                 connection to RRC idle.
               Network 4:
                 No DRX configured;
               ●
                 Time until idle: 5 seconds.
               ●
                And finally, networks that have no DRX configured at all are also common. Instead,
               the networks go from RRC connected to RRC idle state of the air interface after an
               inactivity period of only 5 seconds. In other words, a new air interface connection and
               a new context in the MME and S‐GW has to be created for every web page that is
               loaded. From a signaling point of view and also from a core network point of view this
               setting is far from ideal.




               4.8   LTE Security Architecture

               The LTE security architecture is similar to the mechanisms already used in UMTS and
               discussed in Section 3.9. The architecture is based on a secret key which is stored on the
               SIM card of the subscriber and in the HSS in the network. The same key is used for
               GSM, UMTS and LTE. It is therefore possible to efficiently move the security context
               between network nodes when the user roams between different RATs.
                During the initial contact with the LTE network, that is, during the attach procedure
               described earlier, security procedures are invoked between the UE, the MME and the
               HSS. During this process, the UE authenticates to the network and the network authen-
               ticates to the UE. This prevents man‐in‐the‐middle attacks. The authentication algo-
               rithms required for the process are stored and executed in the SIM card and in the HSS.
               This way, the secret key remains in a protected environment and cannot be read by
               potential attackers eavesdropping on the message exchange on an interface between the
               SIM and the mobile device or the HSS and the MME. SIM cards must be capable of
               performing UMTS authentication. Consequently, old GSM‐only SIM cards cannot be
               used for authentication in LTE and the attach procedure is rejected with such SIM
               cards. If a GSM‐only SIM card is used in an LTE‐capable device that then tries to access
               an LTE network, the MME at first queries the HSS for authentication and ciphering
               keys. As the HSS is receiving the request from an LTE network node, it rejects the
               request as the subscriber’s HSS entry contains only GSM authentication information.
   282   283   284   285   286   287   288   289   290   291   292