9.3 Security header type and EPS bearer identity
24.3013GPPNon-Access-Stratum (NAS) protocol for Evolved Packet System (EPS)Release 18Stage 3TS
9.3.1 Security header type
Bits 5 to 8 of the first octet of every EPS Mobility Management (EMM) message contain the Security header type IE. This IE includes control information related to the security protection of a NAS message. The total size of the Security header type IE is 4 bits.
The Security header type IE can take the values shown in table 9.3.1.
Table 9.3.1: Security header type
|
Security header type (octet 1) |
||||
|
8 |
7 |
6 |
5 |
|
|
0 |
0 |
0 |
0 |
Plain NAS message, not security protected |
|
Security protected NAS message: |
||||
|
0 |
0 |
0 |
1 |
Integrity protected |
|
0 |
0 |
1 |
0 |
Integrity protected and ciphered |
|
0 |
0 |
1 |
1 |
Integrity protected with new EPS security context (NOTE 1) |
|
0 |
1 |
0 |
0 |
Integrity protected and ciphered with new EPS security context (NOTE 2) |
|
0 |
1 |
0 |
1 |
Integrity protected and partially ciphered NAS message (NOTE 4) |
|
Non-standard L3 message: |
||||
|
1 |
1 |
0 |
0 |
Security header for the SERVICE REQUEST message |
|
1 |
1 |
0 |
1 |
These values are not used in this version of the protocol. |
|
to |
If received they shall be interpreted as ‘1100’. (NOTE 3) |
|||
|
1 |
1 |
1 |
1 |
|
|
All other values are reserved. |
||||
|
NOTE 1: This codepoint may be used only for a SECURITY MODE COMMAND message. NOTE 2: This codepoint may be used only for a SECURITY MODE COMPLETE message. NOTE 3: When bits 7 and 8 are set to ’11’, bits 5 and 6 can be used for future extensions of the SERVICE REQUEST message. NOTE 4: This codepoint may be used only for a CONTROL PLANE SERVICE REQUEST message. |
||||
An EMM message received with the security header type encoded as 0000 shall be treated as not security protected, plain NAS message. A protocol entity sending a not security protected EMM message shall send the message as plain NAS message and encode the security header type as 0000.
9.3.2 EPS bearer identity
Bits 5 to 8 of the first octet of every EPS Session Management (ESM) message contain the EPS bearer identity. The EPS bearer identity and its use to identify a message flow are defined in 3GPP TS 24.007 [12].
If the UE or the MME or both do not support signalling for a maximum number of 15 EPS bearer contexts, the MME shall select the EPS bearer identity from the value range 5 to 15, or select the value 0 when it needs to indicate that no EPS bearer identity is assigned.
NOTE: When assigning EPS bearer identities from the range 1 to 4, the MME can take into account that these EPS bearer contexts will be subject to local deactivation if the UE performs inter-system change to A/Gb mode or Iu mode or if it performs a change to an MME not supporting signalling for a maximum number of 15 EPS bearer contexts.