1. Valtteri Niemi, SA3 Chairman
ITU-T security workshop
Geneva, Switzerland, 9-10 February 2009
3GPP SA3 status
Valtteri Niemi, SA3 Chairman
Nokia Research Center
Lausanne, Switzerland 1

2. Outline Some history and background SAE/LTE security: some highlights
Home (e)NodeB security
Other work items

3. Some history and background

4. Some history (1/2)
For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new specifications, e.g.
TS “3G security; Security architecture”
5 specifications (out of these 19) originated by ETSI SAGE, e.g. TS “KASUMI specification”
For Release 4 (frozen 2001), SA3 was kept busy with GERAN security while ETSI SAGE originated again 5 new specifications, e.g.
TS for MILENAGE algorithm set
Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.:
TS “IMS security”
TS “Network domain security: IP layer”

5. Some history (2/2)
Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.:
TS “Security of MBMS”
TS “Generic Authentication Architecture”
Release 7 (frozen 2007): SA3 added 13 new specifications
ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl. SNOW 3G spec) (TS , TR )
Release 8 (frozen 2008): SA3 has added 5 new specifications, e.g.:
TS “SAE: Security architecture”
TS “SAE: Security with non-3GPP accesses”
(1-2 more TR’s maybe still be included in Rel-8)

6. SAE/LTE security (Rel-8): some highlights

7. SAE/LTE: What and why? SAE = System Architecture Evolution
LTE = Long Term Evolution (of radio networks)
LTE offers higher data rates, up to 100 Mb/sec
SAE offers optimized (flat) IP-based architecture
Technical terms:
E-UTRAN = Evolved UTRAN (LTE radio network)
EPC = Evolved Packet Core (SAE core network)
EPS = Evolved Packet System ( = RAN + EPC )

8. Implications on security
Flat architecture:
All radio access protocols terminate in one node: eNB
IP protocols also visible in eNB
Security implications due to
Architectural design decisions
Interworking with legacy and non-3GPP networks
Allowing eNB placement in untrusted locations
New business environments with less trusted networks involved
Trying to keep security breaches as local as possible
As a result (when compared to UTRAN/GERAN):
Extended Authentication and Key Agreement
More complex key hierarchy
More complex interworking security
Additional security for eNB (compared to NB/BTS/RNC)

9. Home (e) Node B security

10. Home (e)NB architectureUE
HeNB
SGW
insecure link
Operator’s core network
OAM
Figure from draft TR
One of the key concepts: Closed Subscriber Group

11. Threats Compromise of HeNB credentials e.g. cloning of credentials
Physical attacks on HeNB
e.g. physical tampering
Configuration attacks on HeNB
e.g. fraudulent software updates
Protocol attacks on HeNB
e.g. man-in-the-middle attacks
Attacks against the core network
e.g. Denial of service
Attacks against user data and identity privacy
e.g. by eavesdropping
Attacks against radio resources and management

12. Other features in past releases of 3GPP

13. IMS (SIP) security (Rel-5)
IMS home
authentication &
key agreement
network domain security
security
mechanism
agreement
IMS visited
integrity protection
PS domain
R99 access security

14. Release 6 highlights

15. WLAN interworking in 3GPP
WLAN access zone can be connected to cellular core network
Shared subscriber database & charging & authentication (WLAN Direct IP access)
Shared services (WLAN 3GPP IP Access)
Service continuity is the next step

16. MBMS Security Architecture (node layout)
Content
Server
Mobile Operator Network
BM-SC
Content
Server
BSF
Internet
BGW
BM-SC can reside in home or visited network
BGW: Bearer Gateway (first hop IP-router)
BM-SC: Broadcast/Multicast Service Center
BSF: Bootstrapping Server Function

17. Generic Authentication Architecture (GAA)
GAA consists of three parts (Rel-6):
TS Generic Bootstrapping Architecture (GBA) offers generic authentication capability for various applications based on shared secret. Subscriber authentication in GBA is based on HTTP Digest AKA [RFC 3310].
TS Support of subscriber certificates: PKI Portal issues subscriber certificates for UEs and delivers an operator CA certificates. The issuing procedure is secured by using shared keys from GBA.
TS Access to Network Application Function using HTTPS is also based on GBA.
Figure from 3GPP TR

18. Release 7 & 8 highlights

19. Release 7 & 8: security enhancements
Key establishment for secure UICC-terminal channel (TS )
Applies, e.g. for secure UICC-terminal channel specified by ETSI SCP
Built on top of GBA
Key establishment between UICC hosting device and a remote device (TS )
Liberty-3GPP security interworking
GBA push (TS , Rel-8)
Applies to several OMA specified features (e.g. BCAST)
Network domain security: Authentication Framework (TS ) enhanced for TLS support
Withdrawal of A5/2 algorithm

20. Work in progress: Rel-9

21. Rel-9 work items SAE/LTE: emergence call security Media security
End-to-end and end-to-middle protection of media independently of access technology
Protection against unsolicited communications in IMS
Remote management of USIM/ISIM for machine-to-machine communications
Security of Earthquake and Tsunami Warning System

22. For more information: