EPS User-Plane Integrity Protection

Description

EPS User-Plane Integrity Protection (EPS-UPIP) is a security enhancement defined in 3GPP specifications TS 24.301 (NAS) and TS 24.501, introduced to provide integrity protection for user-plane (UP) data packets in EPS networks. Prior to its introduction, EPS primarily relied on encryption (ciphering) for UP confidentiality, but integrity protection was typically only applied to control-plane signaling (NAS and RRC). EPS-UPIP extends integrity safeguards to the actual user data traversing the radio access between the UE and the eNodeB, ensuring data has not been altered, replayed, or injected by an attacker.

The feature operates by having the UE and the network apply an integrity algorithm to user-plane data packets, generating an integrity tag (or MAC) that is appended to or associated with the data. This process occurs at the Packet Data Convergence Protocol (PDCP) layer for the radio interface. The integrity key used is derived from the existing EPS security key hierarchy. Specifically, it utilizes keys derived from K_eNB, which itself originates from K_ASME. The activation of UP integrity protection is negotiated during the security mode command procedure between the UE and the network, based on network policies and UE capabilities.

Architecturally, EPS-UPIP involves the UE, the eNodeB, and the MME. The MME determines whether to activate the feature based on subscription data, local policy, and the UE's security capabilities indicated during attachment. The actual integrity protection and verification are performed by the PDCP entities in the UE and the eNodeB. The introduction of this feature required updates to the PDCP protocol and the security mode control procedures to support the negotiation and activation of integrity algorithms for the user plane. It represents a significant shift towards aligning EPS security with the more comprehensive 'always-on' integrity protection model pioneered in 5G (NR) systems.

Purpose & Motivation

EPS-UPIP was introduced in 3GPP Release 17 to address the growing security threats to user data in mobile networks, particularly the risk of active attacks on the radio interface. Prior to Release 17, EPS user-plane security focused almost exclusively on encryption (confidentiality), leaving data vulnerable to malicious tampering, injection, or replay attacks that could corrupt data streams or inject malicious content without detection. The motivation came from the increased sensitivity of services (e.g., industrial IoT, financial transactions, remote operations) and the desire to elevate 4G security to be more consistent with 5G principles.

Its creation was driven by lessons from 5G design, where user-plane integrity protection is a default and fundamental part of the security architecture. EPS-UPIP allows operators to enhance the security posture of their existing EPS deployments, especially for critical IoT and enterprise services, without requiring a full migration to 5G. It solves the problem of data authenticity and integrity for the vast installed base of LTE devices and networks, closing a known security gap. The feature is part of the broader 'EPS security enhancements' work item aimed at backward-porting key 5G security features to the EPS architecture.

Key Features

• Provides integrity protection for user-plane data packets over the LTE-Uu radio interface
• Operates at the PDCP layer using integrity algorithms (e.g., 128-NIA)
• Uses integrity keys derived from the existing EPS key hierarchy (K_eNB)
• Activation is negotiated via Security Mode Command procedures based on network policy
• Protects against data tampering, injection, and replay attacks on the user plane
• Aligns EPS security closer to 5G standards, enabling consistent security for mixed deployments

Evolution Across Releases

Defining Specifications