5g, Mobile Network

3GPP SAE/LTE Security
Anand R. Prasad
<anand@bq.jp.nec.com>
NEC Corporation
NIKSUN WWSMC, 26 July, 2011, Princeton, NJ, USA
MIM11-0043
Disclaimer: This presentation gives views/opinion of the speaker
and not necessarily that of NEC Corporation.
NEC Corporation 2009 Page 2 NEC Confidential
Outline
Background on how this thing came into being:
Next Generation Mobile Networks (NGMN) and
Third Generation Partnership Project (3GPP)
Brief overview of Evolved packet system (EPS), i.e., SAE/LTE
Security in EPS:
Requirements
Security per network elements and protocol layers
Key hierarchy
Authentication and key agreement
Mobility
Today and Tomorrow including current security activities in
Global ICT Standardisation Forum for India (GISFI)
For abbreviations check Slide 34
Next Generation Mobile Networks
(NGMN) and 3GPP
9.6 kbps
14.4 kbps
14.4 kbps
57.6 kbps
14 kbps
171 kbps
384 kbps
1.3 Mbps
144 kbps
2 Mbps
1 Mbps
21 Mbps
1 Mbps
12 Mbps
11 Mbps
42 Mbps
50 Mbps
100 Mbps
100 Mbps
1 Gbps
1993 Phase 1
1996 Rel. 96
1997 Rel. 97
1998 Rel. 98
2000 Rel.3
2002 Rel. 5
2004 Rel. 6
2007 Rel. 7
2009 Rel.8 Future
NGMN
Time-line of standard development towards NGMN
Broadband IP based
Cellular network
and WiMAX
Towards NGMN
Next Generation Mobile Network (NGMN):
A project by mobile operators with the
objective to establish recommendations,
requirements and scenario for future
mobile broadband networks
Service
Layer
Service
Control
e.g. IMS
PS core of NGMN
Enablers
Other
networks
like WiFi
NGMN
Access
Network
Other External
Networks e.g.
PSTN, PLMN,
Internet
CS core network
UTRAN
GERAN
NGMN Architecture
SAE (or EPC)
LTE (or E-UTRAN)
User Equipment (UE)
Subscriber Identity
Module (SIM)
Internet
3GPP Basic Architecture
Mobile Equipment (ME)
PCG PCG PCG PCG (Project Coordination Group) (Project Coordination Group) (Project Coordination Group) (Project Coordination Group)
RAN Plenary (Radio RAN Plenary (Radio RAN Plenary (Radio RAN Plenary (Radio
Access Network Access Network Access Network Access Network) )) )
SA Plenary ( SA Plenary ( SA Plenary ( SA Plenary (Service & Service & Service & Service &
Systems Aspect Systems Aspect Systems Aspect Systems Aspect) )) )
CT Plenary (Core CT Plenary (Core CT Plenary (Core CT Plenary (Core
Network & Terminal Network & Terminal Network & Terminal Network & Terminal) )) )
RAN WG1 RAN WG1 RAN WG1 RAN WG1
(Layer 1) (Layer 1) (Layer 1) (Layer 1)
(L (L (L (Layer ayer ayer ayer 2 22 2/3 /3 /3 /3) )) )
( (( (RAN to wired RAN to wired RAN to wired RAN to wired) )) )
(Performance) (Performance) (Performance) (Performance)
(UE conformance test) (UE conformance test) (UE conformance test) (UE conformance test)
SA WG1 SA WG1 SA WG1 SA WG1
(Requirement) (Requirement) (Requirement) (Requirement)
(Architecture) (Architecture) (Architecture) (Architecture)
(Security) (Security) (Security) (Security)
(Codec) (Codec) (Codec) (Codec)
SA WG5 (Management) SA WG5 (Management) SA WG5 (Management) SA WG5 (Management)
CT WG1 CT WG1 CT WG1 CT WG1
( (( (UE/Core NW UE/Core NW UE/Core NW UE/Core NW Layer 3) Layer 3) Layer 3) Layer 3)
(Interwo (Interwo (Interwo (Interwor rr rking king king king external external external external) )) )
(Core NW protocol) (Core NW protocol) (Core NW protocol) (Core NW protocol)
(Open Service Access) (Open Service Access) (Open Service Access) (Open Service Access)
CT WG6 (SIM) CT WG6 (SIM) CT WG6 (SIM) CT WG6 (SIM)
3GPP Overview
ARIB
Japan
ATIS
USA
CCSA
China
ETSI
Europe
TTA
Korea
TTC
Japan
PCG
TSG ITU
3GPP
Organizational
Partners
This is how it works
Third Generation Partnership Project
(3GPP) develops specification standardized
by organizational partners (OPs)
OPs follow their government / regulatory
mandate
OPs participate in the project coordination
group (PCG)
Individual members are member of at least
one of the OPs and provide input to the
technical specification group (TSG)
Result of TSG is a TR or TS that forms
standars by OPs
3GPP also takes input from ITU and uses its
guideline
Resulting specification from 3GPP TSG is
taken to ITU by individual members as
specification
Evolved Packet System (EPS)
Overview and Security
EPS is also know as System Architecture Evolution (SAE) /
Long Term Evolution (LTE)
SAE is also known as Evolved Packet Core (EPC)
LTE is also known as Evolved UTRAN
HSS (AuC,HLR,
EIR,DNS)
SGSN
eNodeB
MME
SGW
MME
ME
USIM
Uu
S1-U
S10
S11
S4
S5 SGi
PDN -
Operator IP
services
(IMS etc.)
eNodeB
ePDG
SWp
S2a
S2b
X2
S3 S6a
S8 for Inter-
PLMN
UE
UTRAN
S6d/Gr
PCRF
GXc Gx Rx
GERAN
S12
E-UTRAN
EPC
S1-MME
Trusted 3GPP
access, e.g.
cdma2000
Un-trusted
3GPP access,
e.g. WiFi
PDNGW or PGW
X2, S1-U, S2a, Rx etc. are reference points between network elements. Protocols are defined for each reference point.
Solid lines between network elements are mainly for user plane traffic as defined by 3GPP while dashed lines are mainly for control plane.
Highlighted network elements are newly introduced network elements in SAE/LTE (EPS). Explanation of network elements related to security are given here.
Iu
Gb
Network Overview
evolved NodeB
(eNodeB) takes over
RNC and NodeB
function of UMTS
End-point for Access
Stratum (Radio
resource control and
User Plane)
Mobility Management Entity (MME) takes
care of mobility within EPS and inter-RAT
Performs authentication
End-point for Non-Access Stratum (NAS)
Selects gateways for UE
AS (RRC & UP)
NAS
Basic Requirements
Continued usage of current USIM, i.e., there should not be any
change in USIM for accessing EPS network. The USIM that is
used in UMTS networks should be thus reusable.
Security should be at least of the same level or better than that
compared to UMTS.
eNodeB
MME
SGW
UE
Uu
S1-U
S11
S1-MME
MSIN & IMEI(SV) should be
confidentiality protected
IMEI(SV) should be sent only
after NAS security is activated
Mutual authentication between UE and
network
Optional confidentiality
Mandatory integrity protection for RRC
and NAS and optional for UP (algorithms
are SNOW 3G and AES)
eNodeB
X2
Integrity, confidentiality and
replay-protection based on
operator decision
Mutual authentication
between network elements
Sensitive part of boot-up in secure environment
Uses authorized data/software
Ensure data/software change attempts are authorized
Ciphering /deciphering of control and user plane done
in secure environment
Keys stored in secure environment
Secure environment integrity ensured
Sensitive data of secure environment not exposed
Confidentiality and integrity
protection of software transfer
between eNB and O&M
O&M
Security Requirements
eNodeB
MME
SGW
UE
Uu
S1-U
S11
E-UTRAN
EPC
S1-MME
End-point (UE is other end-point)
for integrity and confidentiality
protection of RRC and
confidentiality protection of UP
Manages AS keys
Initiates UE AS security
End-point (UE is other end-point) for
integrity protection and
confidentiality protection of NAS
Manages NAS keys and participates
in AS key handling
Verifies UE authorization to access
service and network
Gets AVs from HSS
Initiates UE NAS security
Confidentiality is optional and integrity protection is mandatory and uses SNOW 3G or AES (ZUC was
added recently)
S6a
HSS (AuC,HLR,
EIR,DNS)
Performs UE authentication
Generates AVs
Network Elements and Security Functions
NAS
RRC
PDCP
RLC/MAC/L1
Application / IP
Performs integrity
protection of RRC and
confidentiality of RRC
and UP
Has the role of AS (RRC
and UP) key handling
and security activation
in PDCP
Performs NAS key
handling and integrity
and confidentiality
protection of NAS
Protocol Layers and Security Functions
Key Hierarchy
K
Pre-shared secret between the AuC and the USIM
Used for Authentication and Key Agreement (AKA)
CK, IK
Kasme
Confidentiality and integrity keys resulting from AKA
Passed to HSS from AuC and ME from USIM
Generated by HSS and passed to MME
Concatenation of CK and IK
KNASenc KNASint
KeNB
KRRCenc KRRCSint KUenc
NAS keys: stays in MME for NAS
confidentiality (encryption) and
integrity protection
KeNB is passed to eNB from MME
AS keys: Derived from keNB for RRC
confidentiality (encryption), RRC integrity
protection and U-plane confidentiality
AuC & USIM
HSS & ME
MME & ME
eNB & ME
Location of the keys
Key separation
depending on
purpose
Uu
S1-U
S1
1
(3) AKA and start integrity and
ciphering by security mode command
(SMC)
UE eNB MME HSS SGW PGW
(2) Attach request
(1)
(4)
(5)
IP address
allocation
(6)
Set up keys
Activate security
Radio level access and control channel are
setup
With random access the UE gets radio
access to eNB
RRC messages are not security protected
NAS message from UE piggy backed in RRC
message
NAS message may or may not be security
protected
UE needs registration to the network
All UE and radio details are sent
ME identity can be checked by the
network
Can be security protected
HSS is informed at which
MME the UE is located
Create path to PDNGW
PDNGW assigns the IP
address
Leads to completion of attach and
setting of session
RRC message maybe sent without
protection
EPS Terminal Start-up and Security
USIM
HSS (with
AuC)
MME
1. USIM identification
2. Authentication data request
3. Authentication data
response with authentication
vector (AV)
4. Authentication request
5. Check whether AUTN part of AV
sent to UE is acceptable
(Authenticate network). Generate
keys and RES.
6. Authentication response
{RES}
7. RES = XRES?
(Authenticate UE)
Authentication and Key Agreement (AKA)
Network and UE are
authenticated to each other.
The top-level-key (Kasme)
is created
SMC: NAS Algorithm Selection
eNB MME UE
NAS integrity
protection start
NAS Security Mode Command (eKSI, UE sec capabilities,
ENEA, ENIA, [IMEI request,] [NONCEue, NONCEmme,]NAS-MAC)
NAS Security Mode Complete ([IMEI,] NAS-MAC)
Configured with list of NAS
confidentiality and integrity algorithms
that can be used and with priority
Choose highest
priority algorithms
Verify NAS SMC integrity. If succesful,
start ciphering/
deciphering and integrity protection and
send NAS Security Mode Complete.
NAS de-ciphering
/ciphering start
Integrity protected with the new
algorithm if there was change in
algorithm
Algorithm is chosen for NAS and NAS
keys are generated. NAS security starts.
SMC: AS Algorithm Selection
eNB MME UE
UE AS security context setup
UE capabilities., eKSI
RRC/UP integrity
protection start
AS Security Mode Command RRC-Integrity protected
(Integrity algo, ciphering algo, MAC-I)
AS Security Mode Complete (MAC-I)
Configured with list of AS
confidentiality and integrity algorithms
that can be used and with priority
Choose highest
priority algorithms
Verify AS SMC integrity.
If succesful, start RRC/UP integrity
protection, downlink deciphering, and
send AS Security Mode Complete.
RRC/UP ciphering
start
RRC/UP de-
ciphering start
RRC/UP ciphering
start
UE security capabilities is sent to MME during
connection establishment together with START
value. This is informed back to UE integrity
protected. UE responds back with the same thing
again integrity protected. All in NAS.
Algorithm is chosen for AS &
AS keys are generated. AS
security starts.
SGSN
MME MME
eNodeB eNodeB
eNodeB
NodeB NodeB
RNC
Cell 1 Cell 2
eNodeB
Intra-eNodeB
Inter-MME
Inter-RAT
Inter-eNodeB / X2
Inter-eNodeB/S1
EPS
UMTS
S1-MME S1-MME S1-MME S1-MME
X2
S10 S3
Mobility in EPS
Secure Handover in Evolved Packet System (EPS)
BS
BS
CN device
BS
BS
CN device
Provide security
material before
handover Not
good
Serving
bad guy
Target
Serving
bad guy
Target
Serving
bad guy
Target
Security material
given by core
network Good
EPS
Core Network (CN)
Provide security
material during
handover Not
good
Provide security
material after
handover
Good
Security material
given by BS
Not good
Provides forward and
backward security
Key changed at each
handover
Algorithm can be changed
at each handover
NCC=1
NCC=3
NCC=2
Horizontal key derivation
V
e
r
t
i
c
a
l

k
e
y

d
e
r
i
v
a
t
i
o
n
KDF
KDF
KASME
NH
NAS uplink COUNT
Initial
KeNB
KASME
KDF
NH
KASME
KDF
NH
KASME
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KeNB KDF
PCI,
EARFCN-DL
KeNB*= KeNB
KDF
PCI,
EARFCN-DL
KeNB*= KeNB
NCC=0
KDF: Key Derivation Function
NH: Next Hop
NCC: Next hop Chaining Counter
PCI: Physical Cell Identity
Handover and Key Handling
Detail of key derivation and handling on handover
Inter-Technology Handover for EPS
eNodeB
UMTS
NodeB
Derive keys in serving
network for the target
network and in UE
based on current keys
before handover
EPS
The idea here is to derive keys both
ways from the existing context and do
AKA at the earliest possible
especially in E-UTRAN
The keys are named as follows:
Mapped context is the one derived
from other RAT keys
Current context is the context being
used
Native context is the context of E-
UTRAN
On handover to E-UTRAN mapped
context is used although it is
recommended that native context
should be used as it is considered
stronger
Today to Tomorrow
Protection against Unsolicited Communication in IMS (PUCI)
- Accounting &
Charging server
- IMS application
Server
Bots, virus etc.
Threats
Data confidentiality
Fraud Activities
Phishing
Denial of Service
Bandwidth Availability
Productivity Loss
Call Quality Degradation
Unauthorized Access
Eavesdropping
SPIT
Customer Satisfaction
Authentication
Re-Routing
Caller ID Spoofing
There are several VoIP threats that can lead to SPIT
Can lead to SPIT
Protection against Unsolicited Communication in IMS (PUCI)
Identification
(check with automatic
means and static
operator/user settings)
Marking
(indicate the likelihood of UC
through marking)
Result
Reacting
(check threshold level and
take action, e.g. re-route, voice
mailbox, further test etc.)
Marking level
F
u
r
t
h
e
r

t
e
s
t
Other
(based on user or operator policy
communication is sent to a given
network element for action.)
Marking or no marking
Destination UE
(user takes action based on
marking and sender ID
if available)
Source device
Challenge
Solve it with Identify, Mark and React
3GPP TR 33.937 available. Further work
on-going under SPUCI work-item.
Machine to Machine Communication
Known as Machine Type
Communication (MTC)
Scenarios are, for example, smart
metering or healthcare
Issues can be from the point of
access control to attack on the
device itself
The biggest problem will be the huge
number of devices trying to connect
to the mobile network and thus
overwhelming the network due to
high traffic volume
GISFI Security Activities
The security activity in Global ICT Standardisation Forum for India
(GISFI) provides solution for all the activities being carried out by
the standardization forum
Security SIG also provides input to Indian government
The activity is still at its early stage, some of the topics covered
are:
Cyber security and children
Cloud security
Inter-of-Things (starting from machine-to-machine, M2M,
communication)
What is happening today and where will it lead to?
Some observations of today:
Average age of knowledge generation is decreasing with time data and
information in readily available
World is slowly but steadily moving towards similar level of life globally
impact on age of population and education level
Reachability is at 24 / 7
Need for convenience is increasing
Computing, telecommunications and networking has converged, if not, the
trend has only become faster
Openness, free and shared are key words
Technology enhancement is moving at a faster pace:
Wireless data-rate is catching up with wired
Computing power is high and increasing while becoming available to all
Human society is maturing
Business models are changing very fast: 10 to 2 years to 6 months and now 3
months
Operators business: conventional, data only, take a ride
Thoughts: Security?
Potentially faster cycle for algorithm development
Need of increased awareness and concern of privacy and security
Necessity of ever more system security consideration
Top-to-bottom
End-to-end
Better privacy control mechanisms
Choice of level of security
Fast threat analysis together with proper understanding of risk and
input to security solution
.
Conclusions
Conclusions
Today we took a look at Evolved Packet System (EPS) security the next
generation of mobile communications
For more: write to me, check my book or check the 3GPP technical
specification TS 33.401 <http://www.3gpp.org/ftp/Specs/html-info/33401.htm>
Some of the topics currently 3GPP is working on:
Taking care of unsolicited communication (I am the rapporteur in 3GPP)
Relay node security IMT-advanced etc.
Global ICT Standardisation Forum for India (GISFI) is working on
several security topics starting from Indian requirements
Penetration of security understanding should increase which will bring with
it more demand on security itself
Complete system consideration of security from the beginning will
become even more necessary Bringing potential changes in business
arena providers of service at different layers working together?
.the book
Security in Next Generation Mobile Networks: SAE/LTE and
WiMAX
Authors: Anand R. Prasad <http://www.prasad.bz/> and
Seung-Woo Seo
Publisher: River Publishers <http://riverpublishers.com/river_publisher/>
Available: August 2011
ISBN: 978-87-92329-63-9
Table of Contents:
1. Introduction to NGMN
2. Security Overview
3. Standardization: 3GPP, IEEE 802.16 and WiMAX
4. SAE/LTE Security
5. Security in IEEE 802.16e / WiMAX
6. Security for Other Systems: MBMS, M2M, Femto
Contact: <anand@bq.jp.nec.com>
Abbreviations
3GPP Third Generation Partnership Project NAS Non Access Stratum
AS Access Stratum (RRC and UP) NGMN Next Generation Mobile Network
AuC Authentication Center PCRF Policy and Charging Rules Function
AV Autentication Vector PDCP Packet Data Control Protocol
DNS Domain Name System PDN Packet Data network
EIR Equipment Identity Register
PDNGW
or PGW
Packet Data Network Gateway
EPC Evolved Packet Core PLMN Public Land-Mobile Network
ePDG evolved Packet Data Gateway PUCI
Protection against Unsolicited
Communication in IMS
E-UTRAN Evolved-UTRAN RAN Radio Access Network
GERAN GSM EDGE Radio Access Network RLC Radio Link Control
GISFI Global ICT Standardisation Forum for India RRC Radio Resource Control
HLR Home Location Register SAE
System Architecture Evolution (or EPC
for core network)
HSS Home Subscriber Subsystem SPIT Spam over Internet Telephony
IMS IP Multemedia Subsystem SGSN Serving GPRS Support Node
IP Internet Protocol SGW Serving Gateway
LTE Long-Term Evolution (or E-UTRAN for UE User Equipment
MAC Medium Access Control UP User Plane
ME Mobile Equipment USIM Universal Subscriber Identity Module
MME Mobility Management Entity UTRAN UMTS Terrestrial Radio Access Network
Security Overview

Home
stratum/
Serving
Stratum
Transport
stratum
ME
Application
stratum
User Application Provider Application
(IV)
(III)
(II)
(I)
(I)
(I)
(I)
(I)
SN
AN
(I)
USIM
(II)
HE
Network access security (I)
Network domain security (II)
User domain security (III)
Application domain security (IV)
Visibility and configurability of security (V)
EPS AKA
USIM MME
GUTI or IMSI
HSS
Authentication data request
[IMSI, SNID (MCC+MNC), Network Type]
RAND, AUTN, eKSI
Authentication data response
AVs(1.n) [RAND, XRES
HSS
,K
ASME
, AUTN]
K
RAND
AKA
RES
USIM
XRES
HSS
=
RES
USIM
?
RES
USIM
,CK, IK, AUTN
AUTN
acceptable?
eNB
CK || IK
SNID
KDF
K_ASME
K
RAND AKA RES
USIM
,CK, IK, AUTN
HSS delete all AVs
CK,IK never leave HSS
Pre-computed or computed on demand
Recommended to fetch only 1 AV
RRC connection setup
Start of NAS communication
3 bits for 7 values. 111 from network to UE
reserved other way it signals deletion
Allocated by MME after NAS ciphering
S-TMSI (short GUTI) used for efficient
radio resource usage e.g. service req.,
paging (GUTI allocation in 23.401)
Other Security Aspects
Network domain control plane protection
Protection of IP based control plane will be done using 33.210. If the
interfaces are trusted then such protection is not required.
Thus for S1-MME and X2-C
Implement IPsec ESP [RFC 4303 and TS 33.210]
IKEv2 certificate based authentication [TS 33.310]
Tunnel mode IPsec mandatory on eNB while SEG can be used in core
Transport mode is optional
Backhaul link user plane protection
Protection of user plane will be done using 33.210. If the interfaces
are trusted then such protection is not required.
S1-U and X2-U
IPsec ESP as in RFC 4303 and TS 33.210 with confidentiality, integrity
and replay protection
IKEv2 certificate based authentication [TS 33.310]
Tunnel mode IPsec mandatory on eNB while SEG can be used in core
Transport mode is optional
Management plane protection
Same as S1-U and X2-U
There is no management traffic over X2

5g, Mobile Network

Uploaded by

Copyright:

Available Formats

5g, Mobile Network

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5g, Mobile Network

Uploaded by

Copyright:

Available Formats

3GPP SAE/LTE Security

You might also like