Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

090911_KW-LTESecurity-VzW-01

advertisement 
LTE Security
Agenda
•
•
•
•
•
Intro
…
…
…
…
Intro
• …
The LTE System
• Radio Side (LTE – Long Term
Evolution/Evolved UTRAN EUTRAN)
– Improvements in spectral
efficiency, user throughput,
latency
– Simplification of the radio
network
– Efficient support of packet based
services: Multicast,
VoIP, etc.
• Network Side (SAE – System
Architecture Evolution/Evolved
Packet Core - EPC)
– Improvement in latency, capacity,
throughput, idle to active
transitions
– Simplification of the core
network
– Optimization for IP traffic and
services
– Simplified support and handover
to non-3GPP access technologies
Overview of 3GPP LTE/SAE System
eNodeB
UE
S1-MME
MME
HSS
PCRF
X2
eNodeB
S-GW
S1-U
Evolved UTRAN(E-UTRAN)
PDN-GW
S5
Evolved Packet Core (EPC)
• UE = User Equipment
• MME = Mobility Management Entity, termination point in network for
ciphering/integrity protection for NAS signaling, handles the security key
management, authenticating users
• S-GW = Serving Gateway
• PDN-GW = PDN Gateway
• PCRF = Policy Charging Rule Function
Evolved Packet Core GW
Capabilities
• Serving GW functions include:
– Local Mobility Anchor point for inter-eNodeB handover
(i.e. GTP termination)
– PMIP or GTP support towards PDN Gateway
– Per flow QoS Policy Enforcement
– Lawful Interception
– Traffic Accounting
• Both can be combined if there is a full mesh
between base stations and GWs
Serving
GW
MAC
Security
IP Tunnel
OFDMA
– Policy Enforcement (QoS, charging, mobility)
– Per-user based packet filtering
– Mobility anchoring for intra- and inter-3GPP mobility
(requires GTP and MIP HA)
– Charging Support
– Lawful Interception
IP Tunnel
Layer 3
• PDN GW functions include:
PDN GW
Evolving Security Architecture
Radio Controller
Handset Authentication
GSM
Ciphering
Handset Authentication + Ciphering
GPRS
Mutual Authentication
3G
Ciphering + Signalling integrity
Mutual Authentication
SAE/LTE
Ciphering + Radio
signalling
integrity
Optional IPSec
Core Signalling integrity
Core Network
SAE/LTE Security
• Security implications:
–
–
–
–
Flat architecture
Interworking with legacy and non-3GPP networks
eNB placement in untrusted locations
Keep security breaches local
• Result:
–
–
–
–
Extended Authentication and Key Agreement
More complex key hierarchy
More complex interworking security
Additional security for (home)eNB
LTE/SAE architecture
ME
USIM
AN
HE
SN
=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
• (I) Network access security: secure access to services, protect against
attacks on (radio) access links
• (II) Network domain security: enable nodes to securely exchange signaling
data & user data (between AN/SN and within AN, protect against attacks
wireline network
• (III) User domain security: secure access to mobile stations
• (IV) Application domain security: enable applications in the user and in the
provider domain to securely exchange messages
Non-3GPP Access
ME
USIM
AN
HE
SN
•
•
•
•
•
(I) Network access security
(II) Network domain security
(III) Non-3GPP domain security
(IV) Application domain security
(V) User domain security
=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
Network access security
•
•
•
•
•
User identity (and location) confidentiality
Entity authentication
Confidentiality
Data integrity
Mobile equipment identification
The use of a SIM
• Subscription Identification Module
– SIM holds secret key Ki, Home network holds another
– Used as Identity & Security key
– IMSI is used as user identity
• Benefits
– Easy to get authentication from home network while in visited
network without having to handle Ki
Source: ETRI
Network Access Protection
• Authentication and key agreement
– UMTS AKA re-used for SAE
– SIM access to LTE explicitly excluded
• Signaling protection
– For core network (NAS) signaling, integrity and confidentiality
protection terminates in MME (Mobile Management Entity)
– For radio network (RRC) signaling, integrity and confidentiality
protection terminates in eNodeB
• User plane protection
– Encryption terminates in eNodeB
• Network domain security for network internal interfaces
Authentication and Key Agreement
• HSS generates authN data and provides it to MME
• Challenge-response authN and key agreement
between MME and UE
Confidentiality and Integrity of
Signaling
• RRC signaling between UE and E-UTRAN
• NAS signaling between UE and MME
• S1 interface signaling (optional) protection not UEspecific
User Plane Confidentiality
• S1-U (optional) protection not UE-specific,
based on IPsec
• Integrity not protected
Key Hierarchy in LTE/SAE
• Cryptographic network separation
– Authentication vectors specific to serving network
Handovers without MME
• Handovers possible between eNB’s
(performance)
• If keys are passed unmodified, compromised
eNB compromises other eNB
– One-way function before passing over
– MME is involved after HO for further key passing
Home eNodeB security threats
•
•
•
•
•
•
•
Compromise HeNB credentials
Physical attack HeNB
Configuration attack
MitM attacks etc.
DoS attacks etc.
User data and privacy attacks
Radio Resources and management attacks
Home ENodeB security measures
•
•
•
•
•
•
Mutual AuthN HeNB and home network
Secure tunnel for backhaul
Trusted environment inside HeNB
Access Control
OAM security mechanisms
Hosting Party authentication (Hosting party
Module)
Network Domain Security
• Enable nodes to securely exchange signaling data &
user data
– between Access Network and Serving Network and within
Access Network
• Protect against attacks on wireline network
• No security in 2G core network
• Now security is needed:
–
–
–
–
IP used for signaling and user traffic
Open and easily accessible protocols
New service providers (content, data service, HLR)
Network elements can be remote (eNB)
Security Domains
• Managed by single administrative authority
• Border between security domains protected
by Security Gateway (SEG)
Security Gateway
• Handle communication over Za interface (SEG-SEG)
– AuthN/integrity mandatory, encryption recommended using IKEv1 or
IKEv2 for negotiating, establishing and maintaining secure ESP tunnel
• Handle communication over (optional) Zb interface (SEG- NE
or NE-NE)
– Implement ESP tunnel and IKEv1 or IKEv2
– ESP with AuthN, integrity, optional encryption
• All traffic flows through SEG before leaving or entering
security domain
• Secure storage of long-term keys used for IKEv1 and IKEv2
• Hop-by-hop security (chained tunnels or hub-and-spoke)
Security for Network Elements
• Services
–
–
–
–
•
•
•
•
Data integrity
Data origin authentication
Anti-replay
Confidentiality (optional)
Using IPsec ESP (Encapsulation Security Payload)
Between SEGs: tunnel mode
Key management: IKEv1 or IKEv2
Security associations from NE only to SEG or NE’s in
own domain
Trust validation with IPsec
Trust validation for TLS
User domain security
• Secure access to mobile stations
• Few slides
Application domain security
• The set of security features that enable
applications in the user and in the provider
domain to securely exchange messages.
• Secure messaging between the USIM and the
network (TS 22.048)
• Slides about IMS, SIP
IMS Security
• Security/AuthN mechnism
– Mutual AuthN using UMTS AKA
– Typically implemented on UICC (ISIM application)
– UMTS AKA integrated into HTTP digest (RFC3310)
– NASS-IMS bundled AuthN
– SIP Digest based AuthN
– Access security with TLS
Interworking with legacy network
• Few slides about CDMA-3GPP interworking
References
• Principles, objectives and requirements
– TS 33.120 Security principles and objectives
– TS 21.133 Security threats and requirements
• Architecture, mechanisms and algorithms
– TS 33.102 Security architecture
– TS 33.103 Integration guidelines
– TS 33.105 Cryptographic algorithm requirements
– TS 35.20x Access network algorithm specifications
References
• TS 33.210 v8.3.0: Network Domain Security: IP-layer
(http://www.3gpp.org/ftp/Specs/archive/33_series/33.210/)
• TS 33.310 V9.0.0: Network Domain Security: Authentication Framework
http://www.3gpp.org/ftp/Specs/archive/33_series/33.310/
• TS 33.401 V9.0.0: SAE security architecture
http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/
• TS 33.402 V9.0.0: SAE security aspects of non 3GPP access
http://www.3gpp.org/ftp/Specs/archive/33_series/33.402/
• TR 33.820 V8.1.0: Security of H(e)NB
http://www.3gpp.org/ftp/Specs/archive/33_series/33.820/33820-810.zip
• 3GPP TS 33.102 V8.3.0: Security architecture
http://www.3gpp.org/ftp/Specs/archive/33_series/33.102/33102-830.zip
Credits
• Valterri Niemi (3GPP SA3 chair)
Backup
UMTS Authentication and Key
Agreement (AKA)
• Procedure to authenticate the user and
establish pair of cipher and integrity between
VLR/SGSN and USIM
Source: ETRI
X2 Routing and Handover
Source
ENB
SGW
Target
ENB
30 ms
Interruption
Time
Out of Order
Packets
Expect out of order packets around handover
Interworking with UTRAN/GERAN
• UE registered in both SGSN and MME
• Keys may be mapped
Related documents
3GPP SA3 status Valtteri Niemi, SA3 Chairman Nokia Research Center Lausanne, Switzerland
3GPP SA3 status Valtteri Niemi, SA3 Chairman Nokia Research Center Lausanne, Switzerland
Chapter 11 HW
Chapter 11 HW
Document
Document
Davis
Davis
Document
Document
LTE modeling
LTE modeling
Network Architecture and Protocols
Network Architecture and Protocols
2 References
2 References
32432-a10
32432-a10
The LTE Network Architecture
The LTE Network Architecture
HeNB-GW Administration Guide, StarOS Release 16 Last Updated April 30, 2014
HeNB-GW Administration Guide, StarOS Release 16 Last Updated April 30, 2014
Study or Work Item Proposal
Study or Work Item Proposal
Download
advertisement