Deployments of HSPA UTRAN with part of the RNC functionality, including user plane and signaling protection,
moved to HSPA NodeBs present the same threat environment as encountered by E-UTRAN eNBs. To help counter the
threats towards the base stations, E UTRAN has introduced a key hierarchy and a key-refresh mechanism, making
security breaches of the keys used on the air-interface much less severe. With the current key management in UTRAN it is impossible to achieve the same level of protection as in E-UTRAN.
The introduction of a key hierarchy in UTRAN gives an increased protection level and achieves additional benefits by yielding more secure interworking between UTRAN and E-UTRAN. It also implies a simpler handling in the sense that key management becomes more aligned in the two systems.
The objective of this work item is to study potential solutions for introducing an "E-UTRAN-like" key hierarchy in
UTRAN, to improve the security level in UTRAN in the presence of the new deployment scenarios and to ensure that a
security breach in UTRAN will not propagate into E-UTRAN. The study covers the technical feasibility and
consequences. The impacts of such potential solution on UTRAN of earlier releases are identified. Interworking with earlier releases of UTRAN, GERAN and E-UTRAN is also studied.
The UTRAN key hierarchy is assumed to be built on top of (R99+) UMTS AKA, without requiring any changes to the
authentication protocol or USIM. Therefore, it could in principle be used also in GERAN as long as USIMs are used
and the SGSN, MSC/VLR, and ME are updated. However, the benefit of introducing the key hierarchy in GPRS is
smaller than for the circuit switched part, as the traffic protection already terminates in the core network. Solution details for GERAN are not discussed further.