Non-Access Stratum Data via MME

Description

Non-Access Stratum Data via MME (NASDVM) is a feature defined in 3GPP, primarily within the security specification TS 33.401. It is a method for transporting a limited amount of application layer data between a User Equipment (UE) and a network application server by encapsulating the data within existing Non-Access Stratum (NAS) signaling messages. The key entity facilitating this transfer is the Mobility Management Entity (MME) in the Evolved Packet Core (EPC). Instead of establishing a traditional Packet Data Network (PDN) connection with a dedicated bearer and user plane resources, the data is piggybacked on control plane signaling, specifically within NAS Transport messages. This makes it highly efficient for sporadic, small data transmissions typical of many Internet of Things (IoT) and Machine-Type Communication (MTC) applications.

The operational flow involves the UE and the MME utilizing the EPS NAS Security Context, which is already established during the attach procedure via EPS AKA. When an application on the UE needs to send data, it provides the data to the NAS layer. The NAS layer encapsulates this data within a NAS message (e.g., an Uplink NAS Transport message). This entire NAS message, including the encapsulated application data, is then integrity protected and ciphered using the NAS security keys (KNASint, KNASenc) just like any other NAS signaling message. The message is sent via the Access Stratum (RRC over LTE) to the eNB, which forwards it to the MME via the S1-AP interface. The MME, after verifying the integrity and deciphering the message, extracts the application data.

The MME then acts as a relay or application server gateway. It must determine the destination for this application data. This is typically configured based on the UE's subscription or the specific service request. The MME forwards the extracted data payload to the appropriate Application Server (AS) over a secure interface, such as using Diameter or Service Capability Exposure Function (SCEF) based protocols. The reverse path works similarly: the AS sends data to the MME, which encapsulates it within a Downlink NAS Transport message, secures it using the NAS security context for that UE, and delivers it via the S1 and RRC interfaces. This entire process occurs without activating a user plane bearer for the UE, keeping the UE in a power-efficient idle state for longer periods.

NASDVM is a cornerstone of the Control Plane CIoT EPS Optimization, a set of features designed for IoT devices. Its integration with the NAS layer provides inherent security benefits. The data benefits from the same strong, end-to-end (UE-to-MME) cryptographic protection as critical mobility management signaling. This eliminates the need for the application to implement its own transport-layer security (like TLS) for this small data, saving processing power and signaling overhead on the constrained device. However, it is designed for infrequent, small data packets, as frequent use would negate the power-saving advantages and overload the control plane signaling network.

Purpose & Motivation

NASDVM was created to address a fundamental challenge in connecting massive numbers of low-cost, low-power IoT devices to cellular networks: the signaling and power overhead of establishing traditional data connections. Before optimizations like NASDVM, an IoT sensor needing to send a few bytes of data (e.g., a temperature reading) had to perform a full service request procedure. This involves transitioning from idle to connected state, establishing at least one data radio bearer and an S1-U bearer, and performing all the associated RRC and S1-AP signaling. After sending the data, the connection would be torn down. This process consumes significant battery power on the device and generates substantial signaling load on the network for a minuscule amount of payload data.

The motivation for NASDVM stemmed from the 3GPP's work on Machine-Type Communications (MTC) and Cellular IoT (CIoT) starting in Release 12 and fully specified in Release 13. The goal was to define network optimizations that could support millions of such devices efficiently. NASDVM, as part of the Control Plane CIoT EPS Optimization, solves this by repurposing the always-necessary NAS signaling path. Since a device must attach to the network and maintain a NAS security context for mobility management anyway, this existing secure channel is leveraged to carry the application data. This eliminates the need for the separate, resource-intensive user plane setup.

This approach directly addresses the limitations of previous architectures for sporadic data transmission. It reduces device power consumption by minimizing the time the device's radio needs to be active in a high-power connected state. It reduces latency for small data transfers, as the data can be sent immediately within an existing signaling procedure. Furthermore, it alleviates signaling congestion on the RAN and core network interfaces by avoiding the setup and teardown of bearers for each small data packet. In essence, NASDVM was created to make cellular networks viable and efficient for a new class of constrained devices, enabling the IoT vision on a massive scale without overhauling the core security and mobility foundations of LTE.

Key Features

• Transports application data within integrity-protected and ciphered NAS signaling messages
• Eliminates need for user plane bearer establishment for small data transfers
• Leverages existing EPS NAS security context (KNASint, KNASenc) for protection
• Enables efficient communication for power-constrained IoT/Cellular IoT devices
• Implemented as part of Control Plane CIoT EPS Optimization
• MME acts as a secure relay between the UE and the application server

Evolution Across Releases

Defining Specifications