Valtteri Niemi, SA3 Chairman

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: Security Group TR Date Submitted: 20 th January, 2009 Presented at IEEE

TS **): Non-Roaming Reference Architecture for non-3GPP Accesses

1 IEEE Media Independent Handoff Overview of services and scenarios for 3GPP2 Stefano M. Faccin Liaison officer to 3GPP2.

Doc.: IEEE xxx Submission May 10-14, 2004 Alan Carlton, Interdigital CommunicationsSlide 1 Defining Layer 2.5 Alan Carlton Interdigital Communications.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

Expanding LTE for Devices European Commission Information Society and Media The aim of EXATED is to realise the vision of a new scalable.

World Class Standards 1 SCP(11)0001 SCP Plenary #47 January 12-14, 2011 Title*: Update on TC M2M activities (and Smart Metering Mandate) Submitted by:

ETSI Starter Group on Digital Content Distribution July 7, 2008 DVB IPDC A fragment of Mobile TV Georges Martinez – Motorola DVB TM-CBMS Chairman July.

Halifax, 31 Oct – 3 Nov 2011Global Standards Collaboration ETSI ETSI Jørgen Friis, VP ETSI SES (Standards Enabling Services) Document No: GSC-16-PLEN-XX.

1 Introducing the Specifications of the Metro Ethernet Forum MEF 19 Abstract Test Suite for UNI Type 1 February 2008.

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

Geneva 9-11 Dec 2002ITU Workshop on Satellites in IP and Multimedia 1 IP over Satellite: Standardization activities in ETSI/TC-SES ITU Workshop on Satellites.

Fostering worldwide interoperabilityGeneva, July 2009 Use of cdma2000 ® Femto Cells for Home Network Applications Home Networking Global Standards.

1MEDIACON 2004 © 2001, Cisco Systems, Inc. A View on Mobility for Multimedia Arthur Feather Mobile Wireless Group Cisco Systems Arthur Feather Mobile Wireless.

Fostering worldwide interoperabilityGeneva, July 2009 Overview of Security work in ETSI Presenter: Mike Sharpe, VP ETSI ESP Source: Charles Brookson,

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Networks: Introduction 1 CS4514 Computer Networks Term B06 Professor Bob Kinicki.

© 3GPP 2009 Mobile World Congress, Barcelona, 19 th February 2009© 3GPP GPP The Training Course / Module 9 1 All you always wanted to know about.

1 3GPP and Fixed Mobile Convergence TSG-SA presentation Stephen Hayes, SA chairman.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I NETWORK LAYER AND IP Derived From CCNA Network Fundamentals.

1 Development and evolution of 3GPP Core Network Hannu Hietalahti, CT chairman.

Location Services Overview Larry A. Young Chairman, OMA Location Working Group SDO Emergency Services Coordination Workshop 5 th and 6 th October, 2006.

Addition 1’s to 20.

Mobile Switching Systems Unit, L M Ericsson in Finland

25 seconds left…...

Connecting LANs, Backbone Networks, and Virtual LANs

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

Slide title minimum 48 pt Slide subtitle minimum 30 pt Communication and security – towards LTE Mats Nilsson.

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

© 3GPP 2009 Mobile World Congress, Barcelona, 19 th February Next Generation Core Networks Summit 2011 Standardisation and Developments within SAE.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

Long Term Evolution and its security infrastructure

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

5th Emergency Service Coordination Workshop 3GPP ETWS Update (Material primarily provided by Itsuma Tanaka of DoCoMo) Deb Barclay Alcatel-Lucent October.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.

Doc.: IEEE /01149r1 Submission September 2012 Slide 1 WLAN Standardization in 3GPP A Tutorial Date: Authors:

GSC-19 Meeting, July 2015, Geneva 3GPP and The Road to 5G Erik Guttman, 3GPP SA Chairman, Consultant to Samsung Electronics Co., Ltd. Document No:GSC-19_302.

THE Mobile Broadband Standard © 3GPP 2012 LTE Latin America, 17 th – 18 th April GPP Core Network Migration Towards the Evolved Packet Core.

Critical Communications Workshop, 26-27/August 1 © 3GPP 2012 © 3GPP GPP Status Balazs Bertenyi Chairman of 3GPP TSG SA.

Chapter 4 Application Level Security in Cellular Networks.

LTE Architecture KANNAN M JTO(3G).

September 28, 2006 Page 1 3GPP2 MMD Status for IMS Workshop - draft - Jack Nasielski

INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?

3GPP2 Vision: System Release 6 & 7 Jane Brownley Chair, Vision Ad Hoc 1.

Doc.: IEEE /0154r0 Submission January 2014 S. Rayment, Ericsson & S. McCann, BlackBerrySlide 1 3GPP Liaison Report Date: Authors:

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

Cdma2000 Femto Standardization Activities in 3GPP2 … Femtocell World Summit June 21 st -23 rd, 2011 London, UK.

eHRPD (evolved High Rate Packet Data)

September 28, 2006 Page 1 3GPP2 MMD Status for IMS Workshop Jack Nasielski

Update on 3GPP RAN3 Multi-RAT joint coordination

N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center

November 2001 Lars Falk, TeliaSlide 1 doc.: IEEE /617r1 Submission Status of 3G Interworking Lars Falk, Telia.

1 On 3GPP2 Femto Security Anand Palanigounder Qualcomm Inc. Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

Features of Long Term Evolution (LTE)

1 Special Topics in Computer Engineering Supervised by Dr. Walid Abu-Sufah Jordan University Department of Computer Engineering.

Long Term Evolution (LTE) and System Architecture Evolution (SAE)

Update on 3GPP RAN3 Multi-RAT joint coordination

3GPP interworking in R3 Group Name: ARC

Security Working Group

3GPP Update/Status (Release 15 – June 2018)

LM 7. Cellular Network Security

Presentation transcript:

Valtteri Niemi, SA3 Chairman ITU-T security workshop Geneva, Switzerland, 9-10 February 2009 3GPP SA3 status Valtteri Niemi, SA3 Chairman Nokia Research Center Lausanne, Switzerland 1

Outline Some history and background SAE/LTE security: some highlights Home (e)NodeB security Other work items

Some history and background

Some history (1/2) For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new specifications, e.g. TS 33.102 “3G security; Security architecture” 5 specifications (out of these 19) originated by ETSI SAGE, e.g. TS 35.202 “KASUMI specification” For Release 4 (frozen 2001), SA3 was kept busy with GERAN security while ETSI SAGE originated again 5 new specifications, e.g. TS 35.205-208 for MILENAGE algorithm set Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.: TS 33.203 “IMS security” TS 33.210 “Network domain security: IP layer”

Some history (2/2) Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.: TS 33.246 “Security of MBMS” TS 33.220-222 “Generic Authentication Architecture” Release 7 (frozen 2007): SA3 added 13 new specifications ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl. SNOW 3G spec) (TS 35.215-218, TR 35.919) Release 8 (frozen 2008): SA3 has added 5 new specifications, e.g.: TS 33.401 “SAE: Security architecture” TS 33.402 “SAE: Security with non-3GPP accesses” (1-2 more TR’s maybe still be included in Rel-8)

SAE/LTE security (Rel-8): some highlights

SAE/LTE: What and why? SAE = System Architecture Evolution LTE = Long Term Evolution (of radio networks) LTE offers higher data rates, up to 100 Mb/sec SAE offers optimized (flat) IP-based architecture Technical terms: E-UTRAN = Evolved UTRAN (LTE radio network) EPC = Evolved Packet Core (SAE core network) EPS = Evolved Packet System ( = RAN + EPC )

Implications on security Flat architecture: All radio access protocols terminate in one node: eNB IP protocols also visible in eNB Security implications due to Architectural design decisions Interworking with legacy and non-3GPP networks Allowing eNB placement in untrusted locations New business environments with less trusted networks involved Trying to keep security breaches as local as possible As a result (when compared to UTRAN/GERAN): Extended Authentication and Key Agreement More complex key hierarchy More complex interworking security Additional security for eNB (compared to NB/BTS/RNC)

Home (e) Node B security

Home (e)NB architecture UE HeNB SGW insecure link Operator’s core network OAM Figure from draft TR 33.820 One of the key concepts: Closed Subscriber Group

Threats Compromise of HeNB credentials e.g. cloning of credentials Physical attacks on HeNB e.g. physical tampering Configuration attacks on HeNB e.g. fraudulent software updates Protocol attacks on HeNB e.g. man-in-the-middle attacks Attacks against the core network e.g. Denial of service Attacks against user data and identity privacy e.g. by eavesdropping Attacks against radio resources and management

Other features in past releases of 3GPP

IMS (SIP) security (Rel-5) IMS home authentication & key agreement network domain security security mechanism agreement IMS visited integrity protection PS domain R99 access security

Release 6 highlights

WLAN interworking in 3GPP WLAN access zone can be connected to cellular core network Shared subscriber database & charging & authentication (WLAN Direct IP access) Shared services (WLAN 3GPP IP Access) Service continuity is the next step

MBMS Security Architecture (node layout) Content Server Mobile Operator Network BM-SC Content Server BSF Internet BGW BM-SC can reside in home or visited network BGW: Bearer Gateway (first hop IP-router) BM-SC: Broadcast/Multicast Service Center BSF: Bootstrapping Server Function

Generic Authentication Architecture (GAA) GAA consists of three parts (Rel-6): TS 33.220 Generic Bootstrapping Architecture (GBA) offers generic authentication capability for various applications based on shared secret. Subscriber authentication in GBA is based on HTTP Digest AKA [RFC 3310]. TS 33.221 Support of subscriber certificates: PKI Portal issues subscriber certificates for UEs and delivers an operator CA certificates. The issuing procedure is secured by using shared keys from GBA. TS 33.222 Access to Network Application Function using HTTPS is also based on GBA. Figure from 3GPP TR 33.919

Release 7 & 8 highlights

Release 7 & 8: security enhancements Key establishment for secure UICC-terminal channel (TS 33.110) Applies, e.g. for secure UICC-terminal channel specified by ETSI SCP Built on top of GBA Key establishment between UICC hosting device and a remote device (TS 33.259) Liberty-3GPP security interworking GBA push (TS 33.223, Rel-8) Applies to several OMA specified features (e.g. BCAST) Network domain security: Authentication Framework (TS 33.310) enhanced for TLS support Withdrawal of A5/2 algorithm

Work in progress: Rel-9

Rel-9 work items SAE/LTE: emergence call security Media security End-to-end and end-to-middle protection of media independently of access technology Protection against unsolicited communications in IMS Remote management of USIM/ISIM for machine-to-machine communications Security of Earthquake and Tsunami Warning System

For more information: www.3gpp.org