diff --git a/lib/include/srslte/interfaces/enb_interfaces.h b/lib/include/srslte/interfaces/enb_interfaces.h
index ae8264d33..be68e053e 100644
--- a/lib/include/srslte/interfaces/enb_interfaces.h
+++ b/lib/include/srslte/interfaces/enb_interfaces.h
@@ -203,6 +203,8 @@ public:
                                uint8_t *k_up_enc_,
                                srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
                                srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
+  virtual void enable_integrity(uint16_t rnti, uint32_t lcid) = 0;
+  virtual void enable_encryption(uint16_t rnti, uint32_t lcid) = 0;
 };
 
 // PDCP interface for RLC
diff --git a/srsenb/hdr/upper/pdcp.h b/srsenb/hdr/upper/pdcp.h
index dce3af419..a07003fc9 100644
--- a/srsenb/hdr/upper/pdcp.h
+++ b/srsenb/hdr/upper/pdcp.h
@@ -60,7 +60,8 @@ public:
                        uint8_t *k_up_enc_,
                        srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
                        srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_);
-  
+  void enable_integrity(uint16_t rnti, uint32_t lcid);
+  void enable_encryption(uint16_t rnti, uint32_t lcid);
 private: 
   
   class user_interface_rlc : public srsue::rlc_interface_pdcp
diff --git a/srsenb/hdr/upper/rrc.h b/srsenb/hdr/upper/rrc.h
index a8892593a..21c702647 100644
--- a/srsenb/hdr/upper/rrc.h
+++ b/srsenb/hdr/upper/rrc.h
@@ -337,7 +337,8 @@ private:
                           uint8_t *k_up_int,
                           srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
                           srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo);
-
+  void enable_integrity(uint16_t rnti, uint32_t lcid);
+  void enable_encryption(uint16_t rnti, uint32_t lcid);
   srslte::byte_buffer_pool* pool;
   srslte::byte_buffer_t     byte_buf_paging;
 
diff --git a/srsenb/src/upper/pdcp.cc b/srsenb/src/upper/pdcp.cc
index 9c7a69b28..e24195baa 100644
--- a/srsenb/src/upper/pdcp.cc
+++ b/srsenb/src/upper/pdcp.cc
@@ -117,12 +117,24 @@ void pdcp::config_security(uint16_t rnti, uint32_t lcid, uint8_t* k_rrc_enc_, ui
   pthread_rwlock_rdlock(&rwlock);
   if (users.count(rnti)) {
     users[rnti].pdcp->config_security(lcid, k_rrc_enc_, k_rrc_int_, k_up_enc_, cipher_algo_, integ_algo_);
-    users[rnti].pdcp->enable_integrity(lcid);
-    users[rnti].pdcp->enable_encryption(lcid);
   }
   pthread_rwlock_unlock(&rwlock);
 }
 
+void pdcp::enable_integrity(uint16_t rnti, uint32_t lcid)
+{
+  pthread_rwlock_rdlock(&rwlock);
+  users[rnti].pdcp->enable_integrity(lcid);
+  pthread_rwlock_unlock(&rwlock);
+}
+
+void pdcp::enable_encryption(uint16_t rnti, uint32_t lcid)
+{
+  pthread_rwlock_rdlock(&rwlock);
+  users[rnti].pdcp->enable_encryption(lcid);
+  pthread_rwlock_unlock(&rwlock);
+}
+
 void pdcp::write_pdu(uint16_t rnti, uint32_t lcid, srslte::byte_buffer_t* sdu)
 {
   pthread_rwlock_rdlock(&rwlock);
diff --git a/srsenb/src/upper/rrc.cc b/srsenb/src/upper/rrc.cc
index 903771f4d..1da5f654f 100644
--- a/srsenb/src/upper/rrc.cc
+++ b/srsenb/src/upper/rrc.cc
@@ -807,6 +807,16 @@ void rrc::configure_security(uint16_t rnti,
   pdcp->config_security(rnti, lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
 }
 
+void rrc::enable_integrity(uint16_t rnti, uint32_t lcid)
+{
+  pdcp->enable_integrity(rnti, lcid);
+}
+
+void rrc::enable_encryption(uint16_t rnti, uint32_t lcid)
+{
+  pdcp->enable_encryption(rnti, lcid);
+}
+
 /*******************************************************************************
   RRC thread
 *******************************************************************************/
@@ -1156,6 +1166,7 @@ void rrc::ue::handle_rrc_reconf_complete(rrc_conn_recfg_complete_s* msg, srslte:
 void rrc::ue::handle_security_mode_complete(security_mode_complete_s* msg)
 {
   parent->rrc_log->info("SecurityModeComplete transaction ID: %d\n", msg->rrc_transaction_id);
+  parent->enable_encryption(rnti, RB_ID_SRB1);
 }
 
 void rrc::ue::handle_security_mode_failure(security_mode_fail_s* msg)
@@ -1219,6 +1230,8 @@ void rrc::ue::set_security_key(uint8_t* key, uint32_t length)
                              k_up_enc,  k_up_int,
                              cipher_algo, integ_algo);
 
+  parent->enable_integrity(rnti, RB_ID_SRB1);
+
   parent->rrc_log->info_hex(k_rrc_enc, 32, "RRC Encryption Key (k_rrc_enc)");
   parent->rrc_log->info_hex(k_rrc_int, 32, "RRC Integrity Key (k_rrc_int)");
   parent->rrc_log->info_hex(k_up_enc, 32, "RRC Encryption Key (k_rrc_enc)");
@@ -1750,6 +1763,9 @@ void rrc::ue::send_connection_reconf(srslte::byte_buffer_t *pdu)
   pdcp_cnfg.is_control = true;
   pdcp_cnfg.is_data = false;
   parent->pdcp->add_bearer(rnti, 2, pdcp_cnfg);
+  parent->pdcp->config_security(rnti, 2, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
+  parent->pdcp->enable_integrity(rnti, 2);
+  parent->pdcp->enable_encryption(rnti, 2);
 
   // Configure DRB1 in RLC
   parent->rlc->add_bearer(rnti, 3, &conn_reconf->rr_cfg_ded.drb_to_add_mod_list[0].rlc_cfg);
@@ -1764,7 +1780,9 @@ void rrc::ue::send_connection_reconf(srslte::byte_buffer_t *pdu)
     }
   }
   parent->pdcp->add_bearer(rnti, 3, pdcp_cnfg);
-
+  parent->pdcp->config_security(rnti, 3, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
+  parent->pdcp->enable_integrity(rnti, 3);
+  parent->pdcp->enable_encryption(rnti, 3);
   // DRB1 has already been configured in GTPU through bearer setup
 
   // Add NAS Attach accept