Presentation is loading. Please wait.

Presentation is loading. Please wait.

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

Similar presentations


Presentation on theme: "LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,"— Presentation transcript:

1 LTE Security

2 Agenda Intro …

3 Intro …

4 The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency, user throughput, latency – Simplification of the radio network – Efficient support of packet based services: Multicast, VoIP, etc. Network Side (SAE – System Architecture Evolution/Evolved Packet Core - EPC) – Improvement in latency, capacity, throughput, idle to active transitions – Simplification of the core network – Optimization for IP traffic and services – Simplified support and handover to non-3GPP access technologies

5 Overview of 3GPP LTE/SAE System UE eNodeB MME S-GW Evolved UTRAN(E-UTRAN)Evolved Packet Core (EPC) HSS PCRF PDN-GW S1-US5 S1-MME X2 UE = User Equipment MME = Mobility Management Entity, termination point in network for ciphering/integrity protection for NAS signaling, handles the security key management, authenticating users S-GW = Serving Gateway PDN-GW = PDN Gateway PCRF = Policy Charging Rule Function

6 Evolved Packet Core GW Capabilities Serving GW functions include: – Local Mobility Anchor point for inter-eNodeB handover (i.e. GTP termination) – PMIP or GTP support towards PDN Gateway – Per flow QoS Policy Enforcement – Lawful Interception – Traffic Accounting PDN GW functions include: – Policy Enforcement (QoS, charging, mobility) – Per-user based packet filtering – Mobility anchoring for intra- and inter-3GPP mobility (requires GTP and MIP HA) – Charging Support – Lawful Interception Both can be combined if there is a full mesh between base stations and GWs IP Tunnel Serving GW PDN GW MAC Security Layer 3 OFDMA

7 Evolving Security Architecture Radio Controller Core Network GSM Handset Authentication Ciphering GPRS Handset Authentication + Ciphering 3G Mutual Authentication Ciphering + Signalling integrity SAE/LTE Mutual Authentication Ciphering + Radio signalling integrity Core Signalling integrity Optional IPSec

8 SAE/LTE Security Security implications: – Flat architecture – Interworking with legacy and non-3GPP networks – eNB placement in untrusted locations – Keep security breaches local Result: – Extended Authentication and Key Agreement – More complex key hierarchy – More complex interworking security – Additional security for (home)eNB

9 LTE/SAE architecture (I) Network access security: secure access to services, protect against attacks on (radio) access links (II) Network domain security: enable nodes to securely exchange signaling data & user data (between AN/SN and within AN, protect against attacks wireline network (III) User domain security: secure access to mobile stations (IV) Application domain security: enable applications in the user and in the provider domain to securely exchange messages ME = Mobile Equipment USIM = Universal Subscriber Identity Module AN = Access Network HE = Home Environment SN = Serving Network

10 Non-3GPP Access (I) Network access security (II) Network domain security (III) Non-3GPP domain security (IV) Application domain security (V) User domain security ME = Mobile Equipment USIM = Universal Subscriber Identity Module AN = Access Network HE = Home Environment SN = Serving Network

11 Network access security User identity (and location) confidentiality Entity authentication Confidentiality Data integrity Mobile equipment identification

12 The use of a SIM Subscription Identification Module – SIM holds secret key Ki, Home network holds another – Used as Identity & Security key – IMSI is used as user identity Benefits – Easy to get authentication from home network while in visited network without having to handle Ki Source: ETRI

13 Network Access Protection Authentication and key agreement – UMTS AKA re-used for SAE – SIM access to LTE explicitly excluded Signaling protection – For core network (NAS) signaling, integrity and confidentiality protection terminates in MME (Mobile Management Entity) – For radio network (RRC) signaling, integrity and confidentiality protection terminates in eNodeB User plane protection – Encryption terminates in eNodeB Network domain security for network internal interfaces

14 Authentication and Key Agreement HSS generates authN data and provides it to MME Challenge-response authN and key agreement between MME and UE

15 Confidentiality and Integrity of Signaling RRC signaling between UE and E-UTRAN NAS signaling between UE and MME S1 interface signaling (optional) protection not UE- specific

16 User Plane Confidentiality S1-U (optional) protection not UE-specific, based on IPsec Integrity not protected

17 Key Hierarchy in LTE/SAE Cryptographic network separation – Authentication vectors specific to serving network

18 Handovers without MME Handovers possible between eNB’s (performance) If keys are passed unmodified, compromised eNB compromises other eNB – One-way function before passing over – MME is involved after HO for further key passing

19 Home eNodeB security threats Compromise HeNB credentials Physical attack HeNB Configuration attack MitM attacks etc. DoS attacks etc. User data and privacy attacks Radio Resources and management attacks

20 Home ENodeB security measures Mutual AuthN HeNB and home network Secure tunnel for backhaul Trusted environment inside HeNB Access Control OAM security mechanisms Hosting Party authentication (Hosting party Module)

21 Network Domain Security Enable nodes to securely exchange signaling data & user data – between Access Network and Serving Network and within Access Network Protect against attacks on wireline network No security in 2G core network Now security is needed: – IP used for signaling and user traffic – Open and easily accessible protocols – New service providers (content, data service, HLR) – Network elements can be remote (eNB)

22 Security Domains Managed by single administrative authority Border between security domains protected by Security Gateway (SEG)

23 Security Gateway Handle communication over Za interface (SEG-SEG) – AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2 for negotiating, establishing and maintaining secure ESP tunnel Handle communication over (optional) Zb interface (SEG- NE or NE-NE) – Implement ESP tunnel and IKEv1 or IKEv2 – ESP with AuthN, integrity, optional encryption All traffic flows through SEG before leaving or entering security domain Secure storage of long-term keys used for IKEv1 and IKEv2 Hop-by-hop security (chained tunnels or hub-and-spoke)

24 Security for Network Elements Services – Data integrity – Data origin authentication – Anti-replay – Confidentiality (optional) Using IPsec ESP (Encapsulation Security Payload) Between SEGs: tunnel mode Key management: IKEv1 or IKEv2 Security associations from NE only to SEG or NE’s in own domain

25 Trust validation with IPsec

26 Trust validation for TLS

27 User domain security Secure access to mobile stations Few slides

28 Application domain security The set of security features that enable applications in the user and in the provider domain to securely exchange messages. Secure messaging between the USIM and the network (TS ) Slides about IMS, SIP

29 IMS Security Security/AuthN mechnism – Mutual AuthN using UMTS AKA – Typically implemented on UICC (ISIM application) – UMTS AKA integrated into HTTP digest (RFC3310) – NASS-IMS bundled AuthN – SIP Digest based AuthN – Access security with TLS

30

31 Interworking with legacy network Few slides about CDMA-3GPP interworking

32 References Principles, objectives and requirements – TS Security principles and objectives – TS Security threats and requirements Architecture, mechanisms and algorithms – TS Security architecture – TS Integration guidelines – TS Cryptographic algorithm requirements – TS 35.20x Access network algorithm specifications

33 References TS v8.3.0: Network Domain Security: IP-layer (http://www.3gpp.org/ftp/Specs/archive/33_series/33.210/) TS V9.0.0: Network Domain Security: Authentication Framework TS V9.0.0: SAE security architecture TS V9.0.0: SAE security aspects of non 3GPP access TR V8.1.0: Security of H(e)NB 3GPP TS V8.3.0: Security architecture

34 Credits Valterri Niemi (3GPP SA3 chair)

35 Backup

36 UMTS Authentication and Key Agreement (AKA) Procedure to authenticate the user and establish pair of cipher and integrity between VLR/SGSN and USIM Source: ETRI

37 X2 Routing and Handover Source ENB Target ENB 10ms Handover Request Handover Request Confirm 30 ms Interruption Time Path Switch Req. Ack Path Switch Request Forwarded Data (20ms) Out of Order Packets Expect out of order packets around handover SGW

38 Interworking with UTRAN/GERAN UE registered in both SGSN and MME Keys may be mapped


Download ppt "LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,"

Similar presentations


Ads by Google