Presentation is loading. Please wait.

Presentation is loading. Please wait.

LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,

Published byTiana Wingate Modified over 9 years ago

Similar presentations

Presentation on theme: "LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,"— Presentation transcript:

1 LTE Security

2 Agenda Intro …

3 Intro …

4 The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency, user throughput, latency – Simplification of the radio network – Efficient support of packet based services: Multicast, VoIP, etc. Network Side (SAE – System Architecture Evolution/Evolved Packet Core - EPC) – Improvement in latency, capacity, throughput, idle to active transitions – Simplification of the core network – Optimization for IP traffic and services – Simplified support and handover to non-3GPP access technologies

5 Overview of 3GPP LTE/SAE System UE eNodeB MME S-GW Evolved UTRAN(E-UTRAN)Evolved Packet Core (EPC) HSS PCRF PDN-GW S1-US5 S1-MME X2 UE = User Equipment MME = Mobility Management Entity, termination point in network for ciphering/integrity protection for NAS signaling, handles the security key management, authenticating users S-GW = Serving Gateway PDN-GW = PDN Gateway PCRF = Policy Charging Rule Function

6 Evolved Packet Core GW Capabilities Serving GW functions include: – Local Mobility Anchor point for inter-eNodeB handover (i.e. GTP termination) – PMIP or GTP support towards PDN Gateway – Per flow QoS Policy Enforcement – Lawful Interception – Traffic Accounting PDN GW functions include: – Policy Enforcement (QoS, charging, mobility) – Per-user based packet filtering – Mobility anchoring for intra- and inter-3GPP mobility (requires GTP and MIP HA) – Charging Support – Lawful Interception Both can be combined if there is a full mesh between base stations and GWs IP Tunnel Serving GW PDN GW MAC Security Layer 3 OFDMA

7 Evolving Security Architecture Radio Controller Core Network GSM Handset Authentication Ciphering GPRS Handset Authentication + Ciphering 3G Mutual Authentication Ciphering + Signalling integrity SAE/LTE Mutual Authentication Ciphering + Radio signalling integrity Core Signalling integrity Optional IPSec

8 SAE/LTE Security Security implications: – Flat architecture – Interworking with legacy and non-3GPP networks – eNB placement in untrusted locations – Keep security breaches local Result: – Extended Authentication and Key Agreement – More complex key hierarchy – More complex interworking security – Additional security for (home)eNB

9 LTE/SAE architecture (I) Network access security: secure access to services, protect against attacks on (radio) access links (II) Network domain security: enable nodes to securely exchange signaling data & user data (between AN/SN and within AN, protect against attacks wireline network (III) User domain security: secure access to mobile stations (IV) Application domain security: enable applications in the user and in the provider domain to securely exchange messages ME = Mobile Equipment USIM = Universal Subscriber Identity Module AN = Access Network HE = Home Environment SN = Serving Network

10 Non-3GPP Access (I) Network access security (II) Network domain security (III) Non-3GPP domain security (IV) Application domain security (V) User domain security ME = Mobile Equipment USIM = Universal Subscriber Identity Module AN = Access Network HE = Home Environment SN = Serving Network

11 Network access security User identity (and location) confidentiality Entity authentication Confidentiality Data integrity Mobile equipment identification

12 The use of a SIM Subscription Identification Module – SIM holds secret key Ki, Home network holds another – Used as Identity & Security key – IMSI is used as user identity Benefits – Easy to get authentication from home network while in visited network without having to handle Ki Source: ETRI

13 Network Access Protection Authentication and key agreement – UMTS AKA re-used for SAE – SIM access to LTE explicitly excluded Signaling protection – For core network (NAS) signaling, integrity and confidentiality protection terminates in MME (Mobile Management Entity) – For radio network (RRC) signaling, integrity and confidentiality protection terminates in eNodeB User plane protection – Encryption terminates in eNodeB Network domain security for network internal interfaces

14 Authentication and Key Agreement HSS generates authN data and provides it to MME Challenge-response authN and key agreement between MME and UE

15 Confidentiality and Integrity of Signaling RRC signaling between UE and E-UTRAN NAS signaling between UE and MME S1 interface signaling (optional) protection not UE- specific

16 User Plane Confidentiality S1-U (optional) protection not UE-specific, based on IPsec Integrity not protected

17 Key Hierarchy in LTE/SAE Cryptographic network separation – Authentication vectors specific to serving network

18 Handovers without MME Handovers possible between eNB’s (performance) If keys are passed unmodified, compromised eNB compromises other eNB – One-way function before passing over – MME is involved after HO for further key passing

19 Home eNodeB security threats Compromise HeNB credentials Physical attack HeNB Configuration attack MitM attacks etc. DoS attacks etc. User data and privacy attacks Radio Resources and management attacks

20 Home ENodeB security measures Mutual AuthN HeNB and home network Secure tunnel for backhaul Trusted environment inside HeNB Access Control OAM security mechanisms Hosting Party authentication (Hosting party Module)

21 Network Domain Security Enable nodes to securely exchange signaling data & user data – between Access Network and Serving Network and within Access Network Protect against attacks on wireline network No security in 2G core network Now security is needed: – IP used for signaling and user traffic – Open and easily accessible protocols – New service providers (content, data service, HLR) – Network elements can be remote (eNB)

22 Security Domains Managed by single administrative authority Border between security domains protected by Security Gateway (SEG)

23 Security Gateway Handle communication over Za interface (SEG-SEG) – AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2 for negotiating, establishing and maintaining secure ESP tunnel Handle communication over (optional) Zb interface (SEG- NE or NE-NE) – Implement ESP tunnel and IKEv1 or IKEv2 – ESP with AuthN, integrity, optional encryption All traffic flows through SEG before leaving or entering security domain Secure storage of long-term keys used for IKEv1 and IKEv2 Hop-by-hop security (chained tunnels or hub-and-spoke)

24 Security for Network Elements Services – Data integrity – Data origin authentication – Anti-replay – Confidentiality (optional) Using IPsec ESP (Encapsulation Security Payload) Between SEGs: tunnel mode Key management: IKEv1 or IKEv2 Security associations from NE only to SEG or NE’s in own domain

25 Trust validation with IPsec

26 Trust validation for TLS

27 User domain security Secure access to mobile stations Few slides

28 Application domain security The set of security features that enable applications in the user and in the provider domain to securely exchange messages. Secure messaging between the USIM and the network (TS 22.048) Slides about IMS, SIP

29 IMS Security Security/AuthN mechnism – Mutual AuthN using UMTS AKA – Typically implemented on UICC (ISIM application) – UMTS AKA integrated into HTTP digest (RFC3310) – NASS-IMS bundled AuthN – SIP Digest based AuthN – Access security with TLS

30

31 Interworking with legacy network Few slides about CDMA-3GPP interworking

32 References Principles, objectives and requirements – TS 33.120 Security principles and objectives – TS 21.133 Security threats and requirements Architecture, mechanisms and algorithms – TS 33.102 Security architecture – TS 33.103 Integration guidelines – TS 33.105 Cryptographic algorithm requirements – TS 35.20x Access network algorithm specifications

33 References TS 33.210 v8.3.0: Network Domain Security: IP-layer (http://www.3gpp.org/ftp/Specs/archive/33_series/33.210/) TS 33.310 V9.0.0: Network Domain Security: Authentication Framework http://www.3gpp.org/ftp/Specs/archive/33_series/33.310/ TS 33.401 V9.0.0: SAE security architecture http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/ TS 33.402 V9.0.0: SAE security aspects of non 3GPP access http://www.3gpp.org/ftp/Specs/archive/33_series/33.402/ TR 33.820 V8.1.0: Security of H(e)NB http://www.3gpp.org/ftp/Specs/archive/33_series/33.820/33820-810.zip 3GPP TS 33.102 V8.3.0: Security architecture http://www.3gpp.org/ftp/Specs/archive/33_series/33.102/33102-830.zip

34 Credits Valterri Niemi (3GPP SA3 chair)

35 Backup

36 UMTS Authentication and Key Agreement (AKA) Procedure to authenticate the user and establish pair of cipher and integrity between VLR/SGSN and USIM Source: ETRI

37 X2 Routing and Handover Source ENB Target ENB 10ms Handover Request Handover Request Confirm 30 ms Interruption Time Path Switch Req. Ack Path Switch Request Forwarded Data (20ms) Out of Order Packets Expect out of order packets around handover SGW

38 Interworking with UTRAN/GERAN UE registered in both SGSN and MME Keys may be mapped

Download ppt "LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
TS **): Non-Roaming Reference Architecture for non-3GPP Accesses

TS **): Non-Roaming Reference Architecture for non-3GPP Accesses
Valtteri Niemi, SA3 Chairman

Valtteri Niemi, SA3 Chairman
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
LTE Call Flow and MS Attached Procedures

LTE Call Flow and MS Attached Procedures
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
1 3GPP TSG CT Chairman 3GPP TSG CT Chairman Hannu Hietalahti Hannu Hietalahti 3GPP presentation Architecture evolution Moscow, October 2008.

1 3GPP TSG CT Chairman 3GPP TSG CT Chairman Hannu Hietalahti Hannu Hietalahti 3GPP presentation Architecture evolution Moscow, October 2008.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
Long Term Evolution and its security infrastructure

Long Term Evolution and its security infrastructure
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Telefónica Móviles España GPRS (General Packet Radio Service)

Telefónica Móviles España GPRS (General Packet Radio Service)
Aida BotonjićTieto1 LTE Aida Botonjić. Aida BotonjićTieto2 Why LTE? Applications: Interactive gaming DVD quality video Data download/upload Targets: High.

Aida BotonjićTieto1 LTE Aida Botonjić. Aida BotonjićTieto2 Why LTE? Applications: Interactive gaming DVD quality video Data download/upload Targets: High.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

Similar presentations

Ads by Google