ITU-T security workshop Geneva, Switzerland, 9-10 February 2009 3GPP SA3 status Valtteri Niemi, SA3 Chairman Nokia Research Center Lausanne, Switzerland 1 Outline • • • • Some history and background SAE/LTE security: some highlights Home (e)NodeB security Other work items 2 Some history and background 3 Some history (1/2) • For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new specifications, e.g. – TS 33.102 “3G security; Security architecture” – 5 specifications (out of these 19) originated by ETSI SAGE, e.g. TS 35.202 “KASUMI specification” • For Release 4 (frozen 2001), SA3 was kept busy with GERAN security while ETSI SAGE originated again 5 new specifications, e.g. – TS 35.205-208 for MILENAGE algorithm set • Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.: – TS 33.203 “IMS security” – TS 33.210 “Network domain security: IP layer” 4 Some history (2/2) • Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.: – TS 33.246 “Security of MBMS” – TS 33.220-222 “Generic Authentication Architecture” • Release 7 (frozen 2007): SA3 added 13 new specifications – ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl. SNOW 3G spec) (TS 35.215-218, TR 35.919) • Release 8 (frozen 2008): SA3 has added 5 new specifications, e.g.: – TS 33.401 “SAE: Security architecture” – TS 33.402 “SAE: Security with non-3GPP accesses” – (1-2 more TR’s maybe still be included in Rel-8) 5 SAE/LTE security (Rel-8): some highlights 6 SAE/LTE: What and why? SAE = System Architecture Evolution LTE = Long Term Evolution (of radio networks) • LTE offers higher data rates, up to 100 Mb/sec • SAE offers optimized (flat) IP-based architecture • Technical terms: – E-UTRAN = Evolved UTRAN (LTE radio network) – EPC = Evolved Packet Core (SAE core network) – EPS = Evolved Packet System ( = RAN + EPC ) 7 Implications on security • • • Flat architecture: – All radio access protocols terminate in one node: eNB – IP protocols also visible in eNB Security implications due to – Architectural design decisions – Interworking with legacy and non-3GPP networks – Allowing eNB placement in untrusted locations – New business environments with less trusted networks involved – Trying to keep security breaches as local as possible As a result (when compared to UTRAN/GERAN): – Extended Authentication and Key Agreement – More complex key hierarchy – More complex interworking security – Additional security for eNB (compared to NB/BTS/RNC) 8 Home (e) Node B security 9 Home (e)NB architecture UE HeNB insecure link SGW Operator’s core network OAM Figure from draft TR 33.820 One of the key concepts: Closed Subscriber Group 10 Threats • Compromise of HeNB credentials – e.g. cloning of credentials • Physical attacks on HeNB – e.g. physical tampering • Configuration attacks on HeNB – e.g. fraudulent software updates • Protocol attacks on HeNB – e.g. man-in-the-middle attacks • Attacks against the core network – e.g. Denial of service • Attacks against user data and identity privacy – e.g. by eavesdropping • Attacks against radio resources and management 11 Other features in past releases of 3GPP 12 IMS (SIP) security (Rel-5) IMS home authentication & key agreement network domain security security mechanism agreement IMS visited integrity protection PS domain R99 access security 13 Release 6 highlights 14 WLAN interworking in 3GPP • WLAN access zone can be connected to cellular core network • Shared subscriber database & charging & authentication (WLAN Direct IP access) • Shared services (WLAN 3GPP IP Access) • Service continuity is the next step 15 MBMS Security Architecture (node layout) Content Server Mobile Operator Network BM-SC BSF Content Server Internet BGW BM-SC can reside in home or visited network BGW: Bearer Gateway (first hop IP-router) BM-SC: Broadcast/Multicast Service Center BSF: Bootstrapping Server Function 16 Generic Authentication Architecture (GAA) • GAA consists of three parts (Rel-6): • TS 33.220 Generic Bootstrapping Architecture (GBA) offers generic authentication capability for various applications based on shared secret. Subscriber authentication in GBA is based on HTTP Digest AKA [RFC 3310]. • TS 33.221 Support of subscriber certificates: PKI Portal issues subscriber certificates for UEs and delivers an operator CA certificates. The issuing procedure is secured by using shared keys from GBA. • TS 33.222 Access to Network Application Function using HTTPS is also based on GBA. HSS GAA GBA Certificates AP UE NE Figure from 3GPP TR 33.919 17 Release 7 & 8 highlights 18 Release 7 & 8: security enhancements • Key establishment for secure UICC-terminal channel (TS 33.110) – Applies, e.g. for secure UICC-terminal channel specified by ETSI SCP – Built on top of GBA • Key establishment between UICC hosting device and a remote device (TS 33.259) • Liberty-3GPP security interworking • GBA push (TS 33.223, Rel-8) – Applies to several OMA specified features (e.g. BCAST) • Network domain security: Authentication Framework (TS 33.310) enhanced for TLS support • Withdrawal of A5/2 algorithm 19 Work in progress: Rel-9 20 Rel-9 work items • SAE/LTE: emergence call security • Media security – End-to-end and end-to-middle protection of media independently of access technology • Protection against unsolicited communications in IMS • Remote management of USIM/ISIM for machineto-machine communications • Security of Earthquake and Tsunami Warning System 21 For more information: www.3gpp.org 22