doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications (WNG-SC) 18 th March 2004

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 2 Summary 3GPP IEEE Interworking Scenarios Architecture Reference Point Definitions Security Requirements The authentication and link layer key generation Scheme UE initiated tunnels Securing the authentication and link layer key generation application.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 3 WLAN Interworking The 3GPP approach to IEEE WLAN inter- working is based on the concept of gradually adding more functionality and increasing user experience by defining and then successively working on a number of interworking scenarios.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 4 Interworking Scenarios for Release 6 Scenario 2 provides authentication, authorisation and accounting (AAA) by the 3GPP platform. –Ensures that the security level of these AAA functions applied to IEEE WLAN is in line with that of the 3GPP platform. –Ensures that the user does not see significant difference in the way access is granted. –Provides a means for the network operator to charge for access in a consistent manner over the two platforms.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 5 Interworking Scenarios for Release 6 Scenario 3 allows the operator to extend 3GPP system PS based services to the IEEE WLAN. These services may include: – GPRS Access Point Names, –Internet Multimedia Subsystem (IMS) based services, Location Based services, Presence based services, Instant messaging, –Multimedia Broadcast and Multicast Services (MBMS) Video Streaming

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 6 Reference Point Definitions

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 7 Reference points of interest to WNG Ww –connects the WLAN UE to the WLAN Access Network per IEEE 802.specifications i.e. IEEE i. Wn: –reference point between the WLAN Access Network (AN) and the WAG. forces traffic on an WLAN UE initiated tunnel to travel via the Wireless LAN Access Gateway (WAG). Wu –Represents the IEEE WLAN UE-initiated tunnel between the IEEE WLAN UE and the Packet data Gateway (PDG).

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 8 3GPP TS specification Defines security features and mechanisms that are necessary to counter identified vulnerabilities: –Authentication of the subscriber and the network and Security Association Management in scenario 2 –User Identity Privacy in WLAN Access in scenario 2 –Re-authentication in WLAN Access in scenario 2 –Confidentiality and Integrity protection in scenario 2 and 3 –Security Association Management for UE-initiated tunnels in scenario 3

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 9 Security Requirements 14 requirements defined e.g. The authentication scheme shall be based on a mutual challenge response protocol. The subscriber should have at least the same security level for WLAN access as for their current cellular access subscription. 3GPP systems should provide the required keying material with sufficient length and the acceptable levels of entropy as required by the IEEE WLAN subsystem. The IEEE WLAN technology specific connection between the WLAN-UE and IEEE WLAN AN shall be able to utilise the generated session keying material for protecting the integrity of an authenticated connection.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 10 The authentication scheme (Scenario 2)

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 11 USIM application based authentication Proven solution that satisfies the authentication requirements This form of authentication is based on EAP-AKA. (proposed rfc) 16 detailed steps for the EAP-AKA procedure defined in TS33.234

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 12 SIM based authentication As an alternative, SIM based authentication is useful for GSM subscribers that do not have a UICC with a USIM application. –The IEEE WLAN UE and AAA server must support both EAP AKA and EAP SIM methods and TS specifies a procedure to allow the HSS to select the method

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 13 User Identity Privacy –Used to avoid sending any clear text permanent subscriber identification information which would compromise the subscriber’s identity and location on the radio interface. Temporary Identities (Pseudonyms or re- authentication identities) are generated as some form of encrypted IMSI. Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode of operation with 128-bit keys is used for this purpose.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 14 Fast Re-authentication When authentication processes have to be performed frequently, it can lead to a high network load especially when the number of connected users is high. It is more efficient then to perform fast re-authentications. –The re-authentication process allows the IEEE WLAN-AN to authenticate a certain user in a lighter process than a full authentication, making use of stored keys derived on the previous full authentication. –The simplified process takes 9 steps instead of the previous 16.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 15 Confidentiality Protection (Scenario 2) When the WLAN link layer is based on IEEE then the confidentiality mechanisms of IEEE i is used. –EAP/AKA and EAP/SIM specify how the key material required for the link layer confidentiality mechanism is obtained from the master session key MSK.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 16 Integrity Protection (Scenario 2) When the WLAN link layer is based on IEEE then the integrity mechanisms of IEEE i are used. –EAP/AKA and EAP/SIM specify how the key material required for the link layer integrity mechanism is obtained from the master session key MSK.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 17 UE initiated tunnel(Scenario 3) Having established an authenticated link with the Access Point, user traffic is tunnelled to the home network via the Wu interface. This is known as a UE initiated tunnel and differentiates the functionality available in scenario 3 from scenario 2.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 18 Tunnel set-up procedure The tunnel endpoints, the UE and the PDG, are mutually authenticated when setting up the tunnel. –The tunnel set-up procedure results in security associations –These are used to provide confidentiality and integrity protection, if required, for data transmitted through the tunnel.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 19 Confidentiality and Integrity Protection (Scenario 2) IPSec ESP protects the confidentiality and Integrity of IP packets sent through a tunnel between the UE and the Packet Data Gateway (PDG) The IEEE WLAN UE and the PDG use IKEv2, in order to establish IPSec security associations. Public key signature based authentication with certificates, as specified in [ikev2], is used to authenticate the PDG. EAP-AKA within IKEv2 is used to authenticate IEEE WLAN UE's, which contain a USIM or EAP-SIM for WLAN UE's, which contain a SIM and no USIM.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 20 Securing the EAP/AKA or EAP/SIM application It cannot be assumed that the IEEE WLAN device has the space and an interface to support a UICC card, so 3GPP SA3 have proposed that either:

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 21 USB connection The UICC card with SIM or USIM application can be connected to IEEE WLAN UE via the standard USB port. –This means that the user requires 2 UICC's or if only one UICC, that it is removed from the mobile phone for the duration of the WLAN access session meaning that the user is restricted from making or receiving calls over their mobile phone.

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 22 Bluetooth Connection A better alternative is where the UICC card resides in a 3GPP UE and the USIM or SIM application can be accessed by IEEE WLAN-UE through Bluetooth. This would facilitate the user with the ability to get simultaneous access on IEEE WLAN and 3GPP networks with the same UICC

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 23 U(SIM) reuse on local interfaces

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 24 References 3G Security; Wireless Local Area Network (WLAN) Interworking Security(Release 6) TS draft V / zip / zip TR Feasibility study on (Universal) Subscriber Interface Module (U)SIM security reuse by peripheral devices on local interfaces / zip / zip

doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 25 Summary and Future plans TS planned for approval on 18 th March 04 Ongoing work –Optimal distribution of EAP/AKA functions and parameters between the UICC and the IEEE WLAN-UE and their persistence, taking account: The security protection of the parameters in storage and transfer, for example the PIN used to protect these from access Performance when first accessing and moving between networks Compatibility with existing IEEE WLAN Client software. Will require close cooperation with IEEE