3GPP SA3 status Valtteri Niemi, SA3 Chairman Nokia Research Center Lausanne, Switzerland

advertisement
ITU-T security workshop
Geneva, Switzerland, 9-10 February 2009
3GPP SA3 status
Valtteri Niemi, SA3 Chairman
Nokia Research Center
Lausanne, Switzerland
1
Outline
•
•
•
•
Some history and background
SAE/LTE security: some highlights
Home (e)NodeB security
Other work items
2
Some history and
background
3
Some history (1/2)
• For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new
specifications, e.g.
– TS 33.102 “3G security; Security architecture”
– 5 specifications (out of these 19) originated by ETSI SAGE,
e.g. TS 35.202 “KASUMI specification”
• For Release 4 (frozen 2001), SA3 was kept busy with GERAN
security while ETSI SAGE originated again 5 new
specifications, e.g.
– TS 35.205-208 for MILENAGE algorithm set
• Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.:
– TS 33.203 “IMS security”
– TS 33.210 “Network domain security: IP layer”
4
Some history (2/2)
• Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.:
– TS 33.246 “Security of MBMS”
– TS 33.220-222 “Generic Authentication Architecture”
• Release 7 (frozen 2007): SA3 added 13 new specifications
– ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl.
SNOW 3G spec) (TS 35.215-218, TR 35.919)
• Release 8 (frozen 2008): SA3 has added 5 new specifications,
e.g.:
– TS 33.401 “SAE: Security architecture”
– TS 33.402 “SAE: Security with non-3GPP accesses”
– (1-2 more TR’s maybe still be included in Rel-8)
5
SAE/LTE security (Rel-8):
some highlights
6
SAE/LTE: What and why?
SAE = System Architecture Evolution
LTE = Long Term Evolution (of radio networks)
• LTE offers higher data rates, up to 100 Mb/sec
• SAE offers optimized (flat) IP-based architecture
• Technical terms:
– E-UTRAN = Evolved UTRAN (LTE radio network)
– EPC = Evolved Packet Core (SAE core network)
– EPS = Evolved Packet System ( = RAN + EPC )
7
Implications on security
•
•
•
Flat architecture:
– All radio access protocols terminate in one node: eNB
– IP protocols also visible in eNB
Security implications due to
– Architectural design decisions
– Interworking with legacy and non-3GPP networks
– Allowing eNB placement in untrusted locations
– New business environments with less trusted networks
involved
– Trying to keep security breaches as local as possible
As a result (when compared to UTRAN/GERAN):
– Extended Authentication and Key Agreement
– More complex key hierarchy
– More complex interworking security
– Additional security for eNB (compared to NB/BTS/RNC)
8
Home (e) Node B security
9
Home (e)NB architecture
UE
HeNB
insecure link
SGW
Operator’s core
network
OAM
Figure from draft TR 33.820
One of the key concepts: Closed Subscriber
Group
10
Threats
• Compromise of HeNB credentials
– e.g. cloning of credentials
• Physical attacks on HeNB
– e.g. physical tampering
• Configuration attacks on HeNB
– e.g. fraudulent software updates
• Protocol attacks on HeNB
– e.g. man-in-the-middle attacks
• Attacks against the core network
– e.g. Denial of service
• Attacks against user data and identity privacy
– e.g. by eavesdropping
• Attacks against radio resources and management
11
Other features in past
releases of 3GPP
12
IMS (SIP) security (Rel-5)
IMS home
authentication &
key agreement
network domain security
security
mechanism
agreement
IMS visited
integrity protection
PS domain
R99 access security
13
Release 6 highlights
14
WLAN interworking in
3GPP
• WLAN access zone can be
connected to cellular core network
• Shared subscriber database &
charging & authentication (WLAN
Direct IP access)
• Shared services (WLAN 3GPP IP
Access)
• Service continuity is the next step
15
MBMS Security Architecture
(node layout)
Content
Server
Mobile Operator Network
BM-SC
BSF
Content
Server
Internet
BGW
BM-SC can reside in home or visited network
BGW: Bearer Gateway (first hop IP-router)
BM-SC: Broadcast/Multicast Service Center
BSF: Bootstrapping Server Function
16
Generic Authentication
Architecture (GAA)
• GAA consists of three parts (Rel-6):
• TS 33.220 Generic Bootstrapping
Architecture (GBA) offers generic
authentication capability for various
applications based on shared
secret. Subscriber authentication in
GBA is based on HTTP Digest AKA
[RFC 3310].
• TS 33.221 Support of subscriber
certificates: PKI Portal issues
subscriber certificates for UEs and
delivers an operator CA certificates.
The issuing procedure is secured
by using shared keys from GBA.
• TS 33.222 Access to Network
Application Function using HTTPS
is also based on GBA.
HSS
GAA
GBA
Certificates
AP
UE
NE
Figure from 3GPP TR 33.919
17
Release 7 & 8 highlights
18
Release 7 & 8: security
enhancements
• Key establishment for secure UICC-terminal channel (TS
33.110)
– Applies, e.g. for secure UICC-terminal channel specified
by ETSI SCP
– Built on top of GBA
• Key establishment between UICC hosting device and a
remote device (TS 33.259)
• Liberty-3GPP security interworking
• GBA push (TS 33.223, Rel-8)
– Applies to several OMA specified features (e.g. BCAST)
• Network domain security: Authentication Framework (TS
33.310) enhanced for TLS support
• Withdrawal of A5/2 algorithm
19
Work in progress: Rel-9
20
Rel-9 work items
• SAE/LTE: emergence call security
• Media security
– End-to-end and end-to-middle protection of media
independently of access technology
• Protection against unsolicited communications in
IMS
• Remote management of USIM/ISIM for machineto-machine communications
• Security of Earthquake and Tsunami Warning
System
21
For more information:
www.3gpp.org
22
Download