Deployments of HSPA UTRAN with part of the RNC functionality, including user plane and signaling protection, moved to HSPA NodeBs present the same threat environment as encountered by E-UTRAN eNBs. To help counter the threats towards the base stations, E UTRAN has introduced a key hierarchy and a key-refresh mechanism, making security breaches of the keys used on the air-interface much less severe. With the current key management in UTRAN it is impossible to achieve the same level of protection as in E-UTRAN. The introduction of a key hierarchy in UTRAN gives an increased protection level and achieves additional benefits by yielding more secure interworking between UTRAN and E-UTRAN. It also implies a simpler handling in the sense that key management becomes more aligned in the two systems.

The objective of this work item is to study potential solutions for introducing an "E-UTRAN-like" key hierarchy in UTRAN, to improve the security level in UTRAN in the presence of the new deployment scenarios and to ensure that a security breach in UTRAN will not propagate into E-UTRAN. The study covers the technical feasibility and consequences. The impacts of such potential solution on UTRAN of earlier releases are identified. Interworking with earlier releases of UTRAN, GERAN and E-UTRAN is also studied. The UTRAN key hierarchy is assumed to be built on top of (R99+) UMTS AKA, without requiring any changes to the authentication protocol or USIM. Therefore, it could in principle be used also in GERAN as long as USIMs are used and the SGSN, MSC/VLR, and ME are updated. However, the benefit of introducing the key hierarchy in GPRS is smaller than for the circuit switched part, as the traffic protection already terminates in the core network. Solution details for GERAN are not discussed further. The study covers both PS and CS part of UTRAN.

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

• References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.