Upload
quang-hai
View
129
Download
1
Embed Size (px)
Citation preview
1
Chapter 6
3G/4G Security
2
Chapter 6
3G/4G Security
TABLE OF CONTENTS
LIST OF TABLES : Not Available xll
LIST OF FIGUERS: Not Available xlll
1. Introduction to 3G/4G………………………………………….…….3
1.1 3G/3GPP System Overview………..…….…….……….…….……...3
1.2 4G Features……………………………………….……….…..9
2. 3G Security…..…….…….…………………………….…….……...12
2.1 3G/3GPP Security Architecture….…….……....…....……..12
2.2 3G/3GPP Network Access Security…….…………….....…..14
2.2.1 User identity confidentiality…………………………15
2.2.2 Authentication/Key Agreement……………….……15
2.2.3 Data Confidentiality……………….………………23
2.2.4 Data Integrity…………………………………………26
2.3 3G Network Domain Security…….………………..….…...28
2.4 3G User/Appl icat ion Domain Securi ty …….…………...30
2.4.1 User Domain security ………………………..……30
2.4.2 Application Domain security………………..…………30
2.5 3G security weakness and Security Issues ….…...…...32
3. 4G S ecu r i t y In v es t i ga t i o n R es u l t s ……… ……… …… … 34
3.1 Security Issues on 4G……….…….…….…….………….………..34
3.2 The Research Results of 4G Security …………………………….…...34
4. Discussion & Conclusion …………………….….….………….……….41
5. References .…….…….……..……….…….…….…….…….…….……42
3
Chapter 6
3G/4G Security
6.1 Introduction to 3G/4G
This section briefly introduces the overviews of 3G and 4G communication system.
With our wireless service needs of wireless network, it causes wireless network
service and its technologies rapidly growing, and becomes a basic appliance for
contemporary people. This report will provide a brief introduction to the security of
3G and 4G. In this report, we introduce the system overview of 3G and 4G. We also
introduce the security of 3G and 4G including security architecture, network security,
security weakness, etc. More details information can be referred to the 3GPP related
documents [3GPPTS121] [3GPPTS102] [3GPPTR900] [3GPPTS205]. As to the 4G,
some of current research results from papers are introduced in this report [Fu04]
[Celentano06] [Zheng 05a][Zheng 05c]. Some issues of 4G are also suggested for our
future further study [Fu04][O’Drama04] [Dell'Uomo02] [Hui03] [Celentano06]. 4G
(also known as Beyond 3G), an abbreviation for Fourth-Generation
Communications System, is a term used to describe the next complete evolution in
wireless communications. A 4G system will be able to provide a comprehensive IP
solution where voice, data and streamed multimedia can be given to users on an
"Anytime, Anywhere" basis, and at higher data rates than previous generations.
There is no formal definition for what 4G is; however, there are certain objectives that
are projected for 4G. These objectives include: that 4G will be a fully IP-based
integrated system. This will be achieved after wired and wireless technologies
converge and will be capable of providing between 100 Mbit/s and 1 Gbit/s speeds
both indoors and outdoors, with premium quality and high security. 4G will offer all
types of services at an affordable cost. According to the 4G working groups, the
infrastructure and the terminals of 4G will have almost all the standards from 2G to
4G implemented. Although legacy systems are in place to adopt existing users, the
infrastructure for 4G will be only packet-based (all-IP). Some proposals suggest
having an open platform where the new innovations and evolutions can fit. The
technologies which are being considered as pre-4G are the following: WiMax, WiBro,
iBurst, 3GPP Long Term Evolution and 3GPP2 Ultra Mobile Broadband.
3GPP LTE (Long Term Evolution) is the name given to a project within the Third
Generation Partnership Project (3GPP) to improve the UMTS mobile phone standard
4
to cope with future requirements. Goals include improving efficiency, lowering costs,
improving services, making use of new spectrum opportunities, and better integration
with other open standards. The LTE project is not a standard, but it will result in the
new evolved release 8 of the UMTS standard, including mostly or wholly extensions
and modifications of the UMTS system. The architecture that will result from this
work is called EPS (Evolved Packet System) and comprehends E-UTRAN (Evolved
UTRAN) on the access side and EPC (Evolved Packet Core) on the core side.
Universal Mobile Telecommunications System (UMTS) is one of the
third-generation (3G) cell phone technologies, which is also being developed into a
4G technology. Currently, the most common form of UMTS uses W-CDMA as the
underlying air interface. It is standardized by the 3GPP, and is the European answer to
the ITU IMT-2000 requirements for 3G cellular radio systems.
6.1.1 3G/3GPP System Overview
3G is the next generation wireless network which is to provide a world wide
standard and a common communication for mobile networking. 3G standard is
defining on 3GPP bodies. 3G features exceeding over 2G provide higher data rate,
massive network capacity, interactive multimedia service, QoS, global roaming
[3GPPTS121] [3GPPTS102]. Initially, there are several communication technologies
as WCDMA, TDMA, CDMA2000 applied for 3G. Up to 3GPP be organized, UMTS
included WCDMA is proposed as 3GPP communication standard. In 3GPP, All IP
becomes an important feature.
The services associated with 3G include wide-area wireless voice telephony and
broadband wireless data, all in a mobile environment. In marketing 3G services, video
telephone has often been suggested as the killer application for 3G. 3G support
higher network access rate than 2G system. Because of the enhancement of bandwidth,
mobile application can make much application than before, such as video phone,
some real-time services.
The main technology used in 3G system is Code division multiple access (CDMA)
which a form of multiplexing and a method of multiple access that divides up a radio
channel not by time, nor by frequency, but instead by using different pseudo-random
code sequences for each user [wiki, CDMA]. There are several types of CDMA exist,
WCDMA, TD-SCDMA, CDMA2000. In Asia, Europe, and the USA and Canada,
telecommunication companies use W-CDMA [wiki, 3G].
5
Fig. 1.1 3G service architecture
3G service architecture is illustrated as Fig. 1.1 [3GPPTS121]. A subscriber
connects to another connected user through Node B (base transceiver station BTS),
Radio Network Controller (RNC), Mobile Service Switching Center (MSC) and
GMSC (Gateway Mobile Switching Centre) of core network to the PSTN. The BSC
or RNC control the resource allocations and QoS. The RNC is charged of the
switching and control in UTRAN. UTRAN, short for UMTS Terrestrial Radio Access
Network, is a collective term for the Node B's (base transceiver station BTS) and
Radio Network Controllers which make up the UMTS radio access network. The
UTRAN allows connectivity between the UE (user equipment) and the core network.
A Gateway Mobile Switching Centre (GMSC) provides an edge function within a
PLMN Public Land Mobile Network). It terminates the PSTN (Public Switched
Telephone Network) signalling and traffic formats and converts this to protocols
employed in mobile networks. For mobile terminated calls, it interacts with the HLR
(Home Location Register) to obtain routing information. MSC and GMSC transmit
communication signal to PSTN. On the other hand, 3G also supports the GPRS
service through SGSN and GGSN to internet.
6.1.1.1 UMTS Network
The core technology of universal mobile telecommunication system (UMTS)
network is Code Division Multiple Access (CDMA). It is different from the
technology used in 2G system. The main advantage of CDMA coding technique can
enlarge usage of wireless channel and reduce the inference of noise. In other words, it
6
can allow more users employ wireless channel at the same time.
UMTS comprises a realization of 3G-mobile systems, which is compatible with
the evolved Global System for Mobile communication/General Packet Radio Services
(GSM/GPRS) [GSM03.60].
UMTS network is the core network of 3G. Its main objective is to provide high
access rate than 2G system which can be used to provide a wide range of real-time
service with different levels of quality of service (QoS).
There are several releases in UMTS, including Release 1999 (R99), Release 4
(Rel-4) and Release 5 (Rel-5). R99 is the earliest release version of 3G. The
fundamental difference between GSM/GPRS and UMTS R99 is that the latter
supports higher access rates (up to 2 Mbps) [3GPPTS002a]. But UMTS R99 is just a
logical evolution from 2G-system architecture. There is not exist huge differences
from GPRS.
UMTS Rel-4 and Rel-5 are revolutionary versions [3GPPTS002b] [3GPPTS002c].
Both of them introduce all-IP network architecture that eventually replace by
circuit-switched transport technology. On the other hand, it introduces Open Service
Architecture. It allows third party service provider could access UMTS service
architecture.
6.1.1.2 UMTS Network Architecture
The architecture of UMTS network is very similar to GPRS network architecture.
We will briefly introduce UMTS Network entities and its functions. Finally, a basic
call control example makes reader know the control flow.
<UMTS Network Entities>
There are several entities on UMTS network as Fig. 1.2. Let’s introduce every
entities and its functionality.
User Equipment (UE)
The user equipment is the end device of UMTS network. The user can
make a phone call through user equipment. It always contains mobile phone
and USIM card.
Node B
The functionality of Node B is very similar to Base Station in 2G system.
UE cannot communicate directly with each other but have to communicate
with the Node B.
Radio Network Controller (RNC)
7
The functionality of RNC is responsible for control of the Node-Bs. RNC
carries out radio resource management. Some of the mobility management
functions and is the point where encryption is done before user data is sent to
and from the mobile.
Home Location Register (HLR)
The HLR is the database that holds subscription information for every
subscriber. HLR holds two types of data, permanent and temporary data.
Permanent data, such as International Mobile Subscriber Identify (IMSI),
International Mobile Equipment Identify (IMEI), authentication parameters,
and whether a static IP address is allocated to the MS.
The temporary data refer to the data changed when time goes by, such as
mobile user’s location (the MSC where mobile user located in).
We could seem HLR is a global database. When some entities need
information but do not know how to get it, just ask the HLR.
Visitor Location Register (VLR)
The VLR database contains information about the UEs who subscribed in
MSC related to VLR and temporary subscriber information needed by the
MSC to provide services for visiting subscribers.
VLR also provide Temporary Mobile Station Number (TMSI) which could
substitute IMSI in communication between MSC and UE. Because of TMSI is
generated randomly, it can prevent IMSI from eavesdropping.
Mobile Switching Centre (MSC)
MSC provides four main abilities, including Paging, Handoff and
Roaming, Update UE information on HLR, service type control and
authenticate with mobile user. When signaling to the UE which is covered by
MSC, MSC will forward paging signal to UE.
Gateway Mobile Switching Centre (GMSC)
It provides the interface which makes UE could make a phone call to other
type of communication network, such as PSTN. It is the gateway to transform
different network signal format to adapt network.
Serving GPRS Support Node (SGSN)
The SGSN forwards incoming and outgoing IP packets to/from a mobile
station and provides packet routing and transfer to and from the SGSN service
8
area. It also provides improved ciphering, authentication, session management,
and mobility management.
Gateway GPRS Support Node (GGSN)
The interface is towards the external IP packet networks. It contains access
functionality that interfaces external ISP functions like “Gateway”. In IPv4
circumstance, the IP address is not sufficient for every UE who wants to reach
the Internet. So SGSN have to provide the functionality like “NAT”. The
GGSN exchanges routing information with the external network and provides
GPRS session management, Functionality for associating the subscribers to
the right SGSN.
Fig.1.2 UMTS Network Architecture
<A Basic Call Control Example>
We assume UEa under MSCa and make a call to UEb under MSCb. First of all,
UEa’s signal transfers to RNC through Node B. The RNC check the signal format and
make sure it’s a call signal, then forward the signal to MSCa. Whenever MSCa
received the signal, MSCa have to ask HLR where the UEb located in. After MSCa
received HLR’s answer, it forward the signal to MSCb where the UEb located in. As a
result, MSCb forward the signal to UEb. UEb knows someone is calling me when
signal received. This is the basic call signal forwarding.
9
Fig. 1.3 IPv6 in 3G
6.1.1.3 IPv6 and 3G
3G systems introduce All-IP network but the lack of IP addresses may be the
bottleneck for toward all-IP network as Fig. 1.3. However, GGSN support NAT to
address this problem. But NAT still has many problems to be addressed. The best
solution that can address the issues is IPv6. The sufficient of IP addresses and
enhancement of IPv4 weakness makes IPv6 on 3G system more powerful. As a result,
IPv6 was integrated in 3G Rel-5. More specifically, UE and NE in core network have
to support IPv6.
In 3G network system, IP address has two main purposes. User-level IP address
is used in communication between mobile terminal and application host.
Transport-Level IP address is used in communication among network entities in 3G
network.
10
6.1.2 4G Features
4G has not yet reached in industry and standard. Illustration of Fig. 1.4 is a 4G
service architecture from Agora Co. Always-Best-Connected service on heterogeneous
network is hoped to achieve. In order to provide Always-Best-Connected service in
the future, a universal consensus on features of 4G is achieved. In the understanding,
main important characteristics and features are [Fu04][Hui03] [Zheng05a]:
�All-IP Based network architecture
�Higher bandwidth (than 3G)
�Heterogeneous Network (3G/UMTS, Wireless LAN, DVB-T, etc.)
�QoS, Security, ….
�Full integration of “hot spot” and “cellular”
�Support for multimedia applications
ServicesPortabi lity
MPE
A/VStreaming Gateway
EPGESG
ContentProtection
Manage ment
UMTS
Broadcast Net works(DMB, DVB-T/H)
Satell ite (DVB-S2)
GS M / GPRS
Context-awareInfor mation Centre
IP-base d micro-mobility
Wireless LANs
ISP
DTVContentDelivery
ServicesProvis ion
ServicesAggregation
DTVBill ing
SAS/SMS
IP BackboneIP Backbone
Internet
Fi
g. 1.4 4G service architecture
11
IP BoneNetwork
GPRS
CDMA
GSM
CDMA2000
TDSCDMA
WCDMA
CMDS BWAN
Bluetooth
802.11a
802.11b
4G Architecture
WLAN
3G
2G/2.5G
CDMA1x
Others
Fig. 1.5 Architecture of 4G wireless systems, Ref. [Zheng05a]
4G standard is defining in the countries such as Japan, China, Korea, Europe.
Main leading institute of standard defining consists of IMT-Advanced, 3GPP , 3GPP2.
For providing 4G service, new technologies and architectures are still on developing
at different programs such as NTT DoCoMo, Nokia, Motorola, etc.
12
Basically, 3G is on developing communication networks, 4G is on defining
standards. In spite of some 4G features exceeding over 3G, the future developments
are worth our further investigating. In the Table 1, the comparison of 3G and 4G from
different features is illustrated.
Table 1. Comparison of 3G and 4G
20 up to 100 Mbit/s384KBit/s up to 2Mbit/sData rate
100 MHz (or more)5-20 MHzBandw idth
– OFDM and MC-CDMA (Multi Carrier CDMA)
– W-CDMA, 1xRTT, EdgeAccess Technologies
– Higher frequency band (2-8 GHz)
– Regionally different (1800-2400 MHz)
Frequency band
– Hybrid – Integration of Wireless LAN (WiFi, Bluetooth, hot spots) and w ide area
– Wide area cell-basedNetwork architecture
All digital with packetizedv oice
Channel and Packet sw itching
Switching Design Basis
– Advanced 3G-capacity (an order of magnitude)
Backward compatible to2GCompatibility
– Global mobility– Serv ice compatibility– All network elements are
digital
– Many different standards worldwide
– Combination of real and dev eloped equipment
General topics
4G3G
Source: www.mobileinfo.com
13
6.2 3G Security This section describes the security architecture of 3G. In the architecture, the
security features also described. The detailed features and definitions can refer to the
3G-related documents [3GPPTS102] 3GPPTS121] [3GPPTS102] [3GPPTR900]
[3GPPTS205]. For convenience, we follow 3GPP security architecture to describe the
security features.
6.2.1 3G/3GPP Security Architecture
3G security concerns is raised from some issues as wireless access is inherently less
secure, mobility implies higher security risks, IP-based technologies brings new
vulnerabilities, …, etc.
3G Security requires consideration of several aspects such as mobility, the
particular security threats, the types of information to be protected and the complexity
of network architecture over 2G. An overview of 3G security architecture is
illustrated as follow [3GPPTS102].
When 3G was developed, security issues were taken into consideration. The
whole 3G security architecture was designed based on three fundamental principles
[3GPPTS120].
(1). The architecture for 3G will build on the security features of 2G system.
(2). The 3G security will improve on the security of the 2G system.
(3). 3G security will offer new features and will secure new services offered
by 3G.
The following are listed security enhancements in 3G security [3GPPTS120]:
-Key lengths were increased to allow for the possibility of stronger
algorithms for encryption and integrity.
-Mechanisms were included to support security within and between
networks.
-Security is based within the switch rather than the base station as in GSM
-Integrity mechanisms for the terminal identity (IMEI) have been designed
in from the start, rather than that introduced late into GSM.
-When roaming between networks, such as between a GSM and 3GPP, only
the level of protection supported by the smart card will apply.
14
HE: Home EnvironmentSN: Serving NetworkME: Mobile EquipmentUSIM: Universal Subscriber Identity Module
User Application Provider Application
ME
SN
USIM HE
AN
Application stratum
Home stratum/Serving Stratum
(I)
(II)
(III)
(IV)
Transport stratum
(I)(I)
(I)(I)
Fig. 2.1 3G Security Architecture
3G security architecture on 3GPP is illustrated in Fig 2.1 as five major classes
[3GPPTS102]: Network access security (I), Network domain security (II), User
domain security (III), Application domain security (IV) and Visibility and
configurability of security (V).
HLR: Home Location Register
CS: Circuit Switching
PS: Packet Switching
SGSN: Serving GPRS Support Node
HLR
PS locationPS locationCS locationCS location
3G MSC/VLR
CS stateCS state
3G SGSN
PS statePS state
UTRAN
UE
CS stateCS state PS statePS state
Common subscription
data base
Two CN service domains
PS service
domainCS service
domain
Packet SwitchingCircuit Switching
Two lu signalling connections (“ two RANAP instances”)
UTRAN with
distribution functionality
One RRC connection
Fig. 2.2: Overview of the ME registration and connection principles within
UMTS
15
Because legacy inherited from GSM/GPRS, 3GPP have to deal with the both
connections between Circuit Switching (CS) domain and Packet Switching (PS)
domain, as Fig. 2.2. In 3G, registration and connections within UMTS, such as user
identification, authentication and key agreement will process independently in each
service domain. 3GPP conduct the authentication and key generation by a share key
name as k. Basically, authentication and key agreement of 3G/3GPP are conducted by
f1, f2, f3, f4, f5; data integrity is conducted by f9; and confidentiality is conducted by
f8.
6.2.2 3G/3GPP Network Access Security
Network access security is a mechanism to provide a secure access 3G services
and to protect against attacks on the radio interface. In order to provide a secure 3G
service, the security features of network access security required for 3G are listed as
follows [3GPPTS102].
� User identity confidentiality
-User identity confidentiality
-User location confidentiality
-User untraceability
� Entity authentication
-User authentication
-Network authentication
� Confidentiality
-Cipher algorithm agreement
-Cipher key agreement
-Confidentiality of user data
-Confidentiality of signalling data
� Data Integrity
-Integrity Algorithm Agreement
-Integrity key agreement
-Data integrity and origin authentication of signalling data
� Mobile equipment identification
-IMEI
In order to achieve the security features of network access security, 3GPP defines
several mechanisms to achieve these features. The mechanism mainly process the
function of the secure access such as (i) user identity confidentiality, (ii)
authentication and key agreement, (iii) data confidentiality and (iv) integrity
protection of signaling messages.
16
6.2.2.1 User identity confidentiality
The user identity confidentiality of 3GPP allows user identification to access
services by a temporary Mobile Subscriber Identity (TMSI). In initial registration, the
network system registered a permanent identity of user. When a user raises a service
request, the network system assigned a TMSI to user for his services. The TMSI
implies that confidentiality of user identity is protected almost always against passive
eavesdroppers. TMSI can also avoid user traceability by changing TMSI in the short
time period.
6.2.2.2 Authentication/Key Agreement
In this section, we discuss the 3GPP Authentication/Key Agreement illustrated as
Fig. 2.3. Firstly, VLR/SGSN send authentication data request to HE/HLR
[3GPPTS102]. More details can refer to 3GPP standard TS 33.102 [3GPPTS102].
After the receipt of a request from the VLR/SGSN, the HE/AuC sends an ordered
array of n authentication vectors to the VLR/SGSN. The authentication vectors are
ordered based on sequence number. Each authentication vector consists of several
components such as a random number RAND, an expected response XRES, a cipher
key CK, an integrity key IK and an authentication token AUTN. Each authentication
vector is important for one authentication and key agreement between the VLR/SGSN
and the USIM.
MS VLR/SGSN HE/HLR
Authentication data request
Authentication data responseAV(1..n)
User authentication requestRAND(i) || AUTN(i)
User authentication response
RES(i)
Compute CK (i) and IK (i) Select CK (i) and IK (i)
Distr ibution of authentication
vectors from HE to SN
Generate authentication vectors AV (1..n)
Store authentication vectors
Select authentication vector AV (i)
Verify AUTN (i)
Compute RES (i)
Compare RES (i) and XRES (i)
Authentication and
key establishment
Fig. 2.3
Authentication and key agreement for 3G
17
When the VLR/SGSN initiates an authentication and key agreement, it selects
the next authentication vector from the ordered array, and then it sends the parameters
RAND and AUTN to the user. The USIM verify whether AUTN can be accepted or
not. If it is yes, the USIM produces a response RES which is sent back to the
VLR/SGSN. The USIM also computes CK and IK. The VLR/SGSN compares the
RES with XRES when VLR/SGSN received the RES. If they are matched, the
VLR/SGSN considers the authentication and key agreement exchange to be
successfully completed. The established keys CK and IK then are transferred by the
USIM and the VLR/SGSN to the entities which perform ciphering and integrity
functions.
-. Distribution of Authentication data from HE to SN
Distribution of authentication data procedure is to provide the VLR/SGSN
with an array of fresh authentication vectors to perform a number of user
authentications [3GPPTS102]. The VLR/SGSN invokes the distribution
procedures by requesting authentication vectors to the HE/AuC [3GPPTS102].
In this procedure, VLR/SGSN first issues an authentication data request
including the IMSI and the requesting node type (Packet Switching:PS or
Circuit Switching:CS). Upon the receipt of the authentication data request, the
HE may have pre-computed authentication vectors and retrieve them from the
HLR database or compute them on demand. The HE/AuC sends an
authentication response back to the VLR/SGSN with an ordered array of n
authentication vectors AV(1..n).
18
IK: Integrity Key
CK: Cipher Key
AUTN: A uthentication Token
AMF: A uthentication Message Field
VLR/SGSN HE
Authentication data request
Authentication data response
IMSI
AV (1 ..n)
K
SQNRAND
f1 f2 f3 f4 f5
MAC XRES CK IK AK
AUTN:=SQN ⊕⊕⊕⊕ AK∥∥∥∥AMF ∥∥∥∥ MAC
AV:=RAND ∥∥∥∥ XRES ∥∥∥∥ CK ∥∥∥∥ IK ∥∥∥∥ AUTN
Generate SQN
Generate RAND
AMF
Fig.
2.4: Distribution of authentication data and the generation of an authentication
vector
We can figure out the generation of an authentication vector AV by the
HE/AuC in Fig. 2.4. Basically, the mechanism of the generation of an
authentication vector in Fig. 2.4 is an Cipher mode operations using f1, f2, f3, f4
and f5 function included Rijndael [3GPPTS102]. The mechanism as in Fig. 2.4
inputs SQN (Sequence Number), RAND (Random Number), AMF
(Authentication Management Field) and shared secrete key K to generate the
authentication code and keys of MAC, XRES, CK, IK, AK by computing with
f1, f2, f3, f4, f5. The mechanism combines the authentication code and key into
an authentication vector. By the generation of an authentication, HE/AuC
generate the authentication vector AV and the authentication token AUTN.
19
-. Authentication and key agreement
In this paragraph, we discuss the user authentication and key agreement as
illustrated as fig. 2.5. The purpose of this Authentication and key agreement
procedure is to authenticate the user and establish a new pair of cipher and
integrity keys between the VLR/SGSN and the USIM. During the authentication,
the USIM verifies the validity of the authentication vector that is used.
USIM VLR/SGSN
User authentication requestRAND || AUTN
User authentication responseRES
User authentication rejectCAUSE
KSQN
RAND
f1 f2 f3 f4
f5
XMAC RES CK IK
AK
AMF MAC
AUTN
Verify MAC = XMAC
Verify that SQN is in the correct range
⊕
SQN⊕⊕⊕⊕AK
Fig.
2.5 User authentication function in the USIM
At user end, the mechanism of Fig. 2.5 input SQN, RAND, AMF and share
secrete key K generate the authentication code and keys of XMAC, RES, CK,
IK by computing with f1, f2, f3, f4, f5. The mechanism make a comparison of
the authentication code for VLR/SGSN authentication .
-. Key function f1, f1*, f2, f3, f4, f5 and f5*
As the distribution of authentication data and Authentication and key
agreement use key function f1, f1*, f2, f3, f4, f5 and f5*, we will briefly
describe how they work well about the key function f1, f1*, f2, f3, f4, f5 and f5*
[3GPPTS205]. The Fig. 2.6 illustrated the function of f1, f1*, f2, f3, f4, f5 and
f5*.
20
RAND
EK
(SQN, AMF)expanded to
128 bits
rotateby r1
EK
rotateby r3
EK
rotateby r2
EK
rotateby r5
EK
rotateby r4
EK
OPC
c1
f1 f1* f5 f2 f3 f4 f5*
OPC OPC OPC OPC
c2 c3 c4 c5
OPC OPC OPC OPC OPC
OPC
Fig. 2.6 f1,f1*,f2,f3,f4,f5,f5* functions
The value OPC is derived from the subscriber key K and the operator
dependent value OP by OPC = OP ⊕ E(OP)K ; c1, .., c5 are five fixed addition
constants. Rijndael was chosen as being then one of the five remaining AES
candidates, was well studied, could be efficiently implemented in S/W or H/W.
The mechanism of Fig. 2.6 generate the f1, f1*, f2, f3, f4, f5, f5* value for key
generation and authentication.
-. Re-synchronisation procedure [3GPPTS102]
After USIM verify the SQN in the correct range, If SQN is not in the range,
then UE of user send a synchronization failure message to VLR/SGSN. The
synchronization failure message consists of RAND and AUTS. The AUTS
message is also constructed by f1* and f5*. Upon receiving synchronization
failure message, VLR/SGSN sends the message to HLR/AuC to re-compute and
re-generate authentication vector with {Qi}. After the new authentication is
re-constructed, HLR/AuC send back to the VLR/SGSN for re-synchronization.
The re-synchronisation procedure and integrity function can refer to the Fig. 2.7.
21
RAND
SQNMS
K
AUTS = SQNMS ⊕ AK || MAC-S
AMF
f1* f5*
MAC-S AK SQNMS ⊕ AK
xor
UE/USIM VLR/SGSN HLR/AuC
RAND, AUTN
AUTS
RAND, AUTS
{Q i}
Fig.
2.7 Re-synchronisation mechanism
-. Local authentication and connection establishment
When an user set-up on a network, an entity authentication have to be
conducted [3GPPTS102]. Two mechanisms have been included: an
authentication mechanism using an authentication vector, and a local
authentication mechanism [3GPPTS102]. Local authentication employs the
integrity key established between the user and serving network during the
previous execution of the authentication and key establishment procedure
[3GPPTS102].
22
MS
2. “Initial L3 message” with user identity, KSI etc.
VLR/SGSN
3. Authentication and key generation
1. Storage of HFNs START values and UE security capability
4 Decide allowed UIAs and UEAs
SRNC
1. RRC connection establishment including transfer of the HFNs START values and the UE security capability from MS to SRNC
5. Security mode command (UIAs, IK, UEAs, CK, etc.)
6. Select UIA and UEA, generate FRESH Start integrity
7. Security mode command (CN domain, UIA, FRESH, UE security capability, UEA, MAC-I, etc.)
10. Verify received message
9. Security mode complete (MAC-I, etc.)
11. Security mode complete (selected UEA and UIA)
8. Control of UE security capability, Verify message, Start of integrity
“UE security capability” indicates UIAs and UEAs supported by MS
Start ciphering/deciphering Start ciphering/deciphering
Fig.
2.8 Local authentication and connection set-up
In the procedure, CK and IK are stored in the VLR/SGSN and USIM,
Local authentication is obtained by integrity protection function by UIA, UEA
as f9/SNOW and f8. The message integrity of the procedure is achieved from f8
and f9.
-. Authentication and key agreement of UMTS subscribers
In 3GPP, in order to provide backward compatible, Interoperation and
handover between UMTS and GSM have to be handled properly [3GPPTS102].
An UMTS user connects to the VLR/SGSN through ME/UMTS and UTRAN; a
GSM user connects to VLR/SGSN through ME and GSM BSS.
23
R e le a s e 9 9 + V L R /S G S N R e le a se 9 8 - V L R /S G S N
R e le a se 9 9 + H L R /A u C
U S IM
R A N D A U T N
R E S
C K IK
C K , IK K c
U T R A N
M E c a p a b le o f U M T S A K A
R A N D A U T N
R E S
[K c ]
C K , IK K c
G S M B S S
C K , IK � K c R E S � S R E S
C K , IK � K c
M E n o t c a p a b le o f U M T S
A K A
C K , IK � K c
C K , IK � K c R E S � S R E S
R A N D [ A U T N ]
S R E S
[ K c ]
K c
R A N D S R E S
[ K c ]
K c
M E
C K , IK � K c R E S � S R E S
Q u in te ts T r ip le ts
C K , IK � K c R E S � S R E S
U M T S s e c u r i t y c o n te x t
G S M s e c u r i ty c o n te x t
C K , IK � K c
Fig.
2.9 authentication and key agreement of UMTS subscribers
The UMTS parameters RAND, AUTN and RES are sent transparently
through the UTRAN or GSM BSS and that the GSM parameters RAND and
SRES are sent transparently through the GSM BSS [3GPPTS102]. In a GSM
BSS case, ciphering is employed in the GSM BSS for services delivered via the
MSC/VLR, and by the SGSN for services delivered via the SGSN. In the latter
case the GSM cipher key Kc is not sent to the GSM BSS. In an UTRAN case,
ciphering and integrity are always applied in the RNC, and the UMTS
cipher/integrity keys CK an IK are always sent to the RNC [3GPPTS102].
24
6.2.2.3 Data Confidentiality
-. Access Link data confidentiality
As the sensitive data of users should be confidentiality protected, 3GPP
employs ciphering methods to protect the sensitive data. Fig. 2.10 illustrates the
use of the ciphering algorithm f8 to encrypt plaintext [3GPPTS102]. The
method ciphers the sensitive data by applying a keystream using a bit per bit
binary addition of the plaintext and the keystream.
PLAINTEXT BLOCK
f8
COUNT-C DIRECTION
BEARER LENGTH
CK
KEYSTREAMBLOCK
CIPHERTEXTBLOCK
f8
COUNT-C DIRECTION
BEARER LENGTH
CK
KEYSTREAMBLOCK
PLAINTEXT BLOCK
SenderUE or RNC
ReceiverRNC or UE
Fig.
2.10 Cipher method
For the encryption, the algorithm inputs the parameters as COUNT-C,
DIRECTION, LENGTH, BEARER, and the cipher key CK to f8 cipher, then
ouputs a keystream block. The plaintext block make a exclusive OR operation
with keystream block, then output a ciphertext block. For the decryption, the
algorithm do the same procedure as the encryption. The algorithm do an
exclusive OR operation between ciphertext block and keystream block.
25
-. Confidentiality Algorithm f8
The operation of Confidentiality Algorithm f8 can refer to Fig. 2.11. The f8
is a stream cipher. The key generator is based on the block cipher KASUMI. The
f8 algorithm detail specification can be found at 3GPP TS 35.201 [3GPPTS201].
The Confidentiality Algorithm f8 is briefly described as follow:
A=COUNT[0]…COUNT[31]BEARER[0]…BEARER[4]DIRECTIO
N[0]0…0
A= KASUMI[A] CK KM
For each n with 1<= n <= BLOCKS
KSBn = KASUMI[A BLKCNT KSBn-1]CK
For n=1 to BLOCKS
KS[((n-1)*64) + i] = KSBn[i]
COUNT || BEARER || DIRECTION || 0…0
A
CK
BLKCNT=0
KASUMICK KASUMICKKASUMICK
KS[0]…KS[63] KS[64]…KS[127] KS[128]…KS[191]
KASUMI
KASUMICK ⊕ KM
BLKCNT=1 BLKCNT=2 BLKCNT=BLOCKS-1
Fig.
2.11 f8 Confidentiality function
26
-. KASUMI Algorithm
KASUMI is a block cipher. Actually, KASUMI a Feistel cipher with 8
rounds. KASUMI is a cipher algorithm modified from AES, but operated under
8 rounds less than AES. It operates on a 64-bits data-block and use a 128-bits
key. The KASUMI detail specification can be found at 3GPP TS 35.202 V3.1.1
[3GPPTS202]. The block cipher with encryption is briefly described as follow:
FO2 FL2 ⊕KO2, KI2 KL2
FO3FL3 ⊕KO3, KI3KL3
FO1FL1 ⊕KO1, KI1KL1
FO4 FL4 ⊕KO4, KI4 KL4
FO5FL5 ⊕KO5, KI5KL5
FO6 FL6 ⊕KO6, KI6 KL6
FO7FL7 ⊕KO7, KI7KL7
FO8 FL8 ⊕KO8, KI8 KL8
64 R032
L032
C
R8L8
Fig.1:KASUMI
KOi,1KI i,1
⊕Fli1⊕
KOi,2KI i,2
⊕
Fli2⊕
KOi,3KI i,3
⊕
Fli3⊕
321616
Fig.2:FO Function
Zero-extend⊕
S9
truncate⊕
S7
⊕ ⊕KI i,j,1 KI i,j,2
Zero-extend⊕
S9
truncate⊕S7
1679
Fig.3:FI Function
∩ bitwise AND operation∪ bitwise OR operation<<< one bit left rotation
Fig.4:FL Function
⊕
⊕<<<
<<<
321616
KLi,1
∩
∪
KLi,2
⊕
⊕
FIi,2FI i,1
FI i,3
⊕
⊕
⊕
⊕
321616
Fig.6:FO Function
1679
S7S9
S7S9
⊕
⊕ ⊕
⊕
⊕⊕
Fig.5:FI Function
Fig.
2.12 KASIMI algorithm
27
6.2.2.4 Data Integrity
-. Access Link Data integrity protection method
The sensitive data between the MS and the network should also protect its
integrity. Fig. 2.13 illustrates the use of the algorithm f8 to authenticate the data
integrity [3GPPTS102].
f 9
COUNT-I DIRECTIO N
MESSAGE FRESH
IK
MAC -I
f 9
COUNT-I DIRECTION
MESSAGE FRESH
IK
XMAC -I
SenderUE or RNC
Receiver RNC or UE
Fig.
2.13 Data integrity function
At sender site, the algorithm inputs the parameters as COUNT-I,
DIRECTION, MESSAGE, LENGTH, and the integrity key IK to f9 function,
then outputs the MAC-I code and send to receiver site. At the receiver site, when
it received the MAC-I, it inputs the parameters as COUNT-I, DIRECTION,
MESSAGE, LENGTH, and the integrity key IK to f9 function, then outputs the
XMAC-I code. The receiver compare the XMAC-I with MAC-I received for
verifying the data integrity.
28
-. Integrity Algorithm f9
The operation of integrity algorithm f8 can refer to Fig. 2.14. The f9
algorithm detail specification can also be found at 3GPP TS 35.201
[3GPPTS201]. The Integrity Algorithm f9 is described as follow:
Initialization: A=0, B=0,
PS=COUNT[0]…COUNT[31]FRESH[0]…FRESH[31]MESSAGE[0
]…MESSAGE[LENGTH – 1] DIRECTION[0]10*
PS = PS0 || PS1 ||PS2|| …|| PSBLOCKS-1
A= KASUMI[A PSn] IK
B = B A
B = KASUMI[B] IK KM
MAC-I = lefthalf(B)
COUNT || FRESH || M E S S A G E || DIRECTION || 1 || 0 … 0
KASUMI KASUMI KASUMIIK IK IK IK KASUMI
KASUMIIK ⊕ KM
MAC-I (left 32-bits)
PS0 PS1 PS2 PSBLOCKS-1
Fig. 1.14
f9 Integrity function
29
6.2.3 3G Network Domain Security
Network Domain Security (NDS) ensures signal exchanges, within core network
security. Generally, there are two types of networks, which use different scheme to
achieve security. The first one is IP-based, the other one is SS7-based. The former
shall be protected by means of IPSec [Kent98]. The later shall be protected in
application level. Furthermore, the employment of traditional security technologies,
originally designed for fixed networking, such as firewalls, and static VPN, in order to
safeguard the UMTS core network from external attacks.
IP-based protocol
Fig. 2.15 NDS architecture for IP-based protocols
Security gateways (SEGs) are the main entities used in IP-based protocol. It is the
core gateway of IPSec. Key administration centers (KACs) negotiate the IPSec
security associations (SAs) by using the Internet Key Exchange (IKE) protocol
[Harkins98]. The KACs also distribute SAs parameters to the network entities (NEs)
or the SEGs through standard interfaces.
There are two approaches to secure IP traffic flow between NEs. Either
hop-by-hop scheme or end-to-end scheme can be applied. In hop-by-hop scheme,
originate NE setup a tunnel to appreciate SEG in the same security domain. NE
forwards data to it and then SEG setup another tunnel to the appreciate SEG on other
UMTS core network. Similarly, SEG forwards data to the appreciate SEG, setup
tunnel to target NE and forward to it. The end-to-end scheme implies that an IPsec SA
is established between the two NEs.
Node authentication is another important issue on traffic flow which can be
accomplished by using either pre-shared symmetric keys, or public keys [Harkins98].
The IPsec protocol shall always be Encapsulation Security Payload, given that it can
30
provide confidentiality and integrity protection as well.
SS7-based protocol
Fig. 2.16 NDS architecture for SS7-based and mixed SS7/IP-based protocols
NDS for SS7-based protocol is mainly founded at application layer. Application
data transport base on SS7 network or SS7 and IP network, it have to provide security
features at the application layer. The SAs for signaling protection at application layer
are negotiated by KAC, similarly to IP-based architecture.
Traditional network security features
Inter-network communication may base on the public Internet. Attackers can
take many actions when signals flow on Internet which introduces traditional
network security issue. Besides the security features in the 3G security
architecture, the operators can employ traditional network security tools make
core network more security. There are two complementary tools: firewalls and
VPNs.
Firewalls always established at border of core network. It can just allows
specific IP addresses flow in and out. Furthermore, Application firewalls prevent
direct access through the use of proxies for services, which analyze application
commands, perform authentication, and keeps logs.
Firewalls just can filter packets but without providing any confidentiality or
privacy, but VPNs are. VPN [Gleeson00] establishes a secure tunnel between two
points, encapsulates and encrypts data, and authenticates and authorizes user
access of the corporate resources on the network. The low cost and security make
VPN much appreciate employ on UMTS network.
6.2.4 3G User/Application Domain Security
The purpose of user domain security is to provide user using the UE securely. It
31
uses PIN code for user authentication. Application domain security provides the
mechanisms to ensure applications communicate with remote server safely, especially
in 3G environment.
6.2.4.1 User Domain security
User domain security [3GPPTS102] ensures secure access to the MS. UMTS
Integrated Circuit Card (USIM) play the important role on it. USIM represents and
identifies a user and is responsible for authentication on home environment.
In order to prevent invalid access to USIM, mobile user and USIM must share a
secret key (e.g. PIN). The user gets accesses after providing knowledge of the secret.
6.2.4.2 Application Domain security
Under 3G circumstance, there are more applications provide network services in
order to reach information on Internet. As a result, user application and service
provider have to communicate more and more often. The purpose of application
domain security is to provide security communication between users and service
providers. Besides 3G network security features, application domain security is
needed because the lower layer security features may not exist.
There are some tools for develop application reside on USIM (e.g. USIM
Application Toolkit) [3GPPTS111] which provides a number of basic security
mechanisms such as entity authentication, message authentication, replay detection,
sequence integrity, confidentiality assurance, and proof of receipt.
Wireless Application Protocol (WAP) is a suite of standards for delivery and
presentation of Internet services on wireless terminals. Limited bandwidth and
capacity of processing take into account when WAP protocol was developed. It is
very suitable for development applications on wireless environment. However, there
are fewer and fewer programmers employ WAP for development applications.
Currently, the WAP architecture has been standardized in two releases (versions
1.2.1 and 2.0) [Wireless Application Forum, WAP].
32
Secure Transmission in WAP 1.2.1
Fig. 2.17 WAP 1.2.1 Architecture
In WAP architecture, it needs a WAP gateway to transform wireless side message
format into IP network format and vice versa. When WAP device needs to transmit
data to Web server, WAP device have to setup a tunnel between WAP device and
WAP gateway for secure transmission. On the other hand, WAP gateway also needs
to create a tunnel between WAP gateway and Web server. The tunnel between WAP
device and WAP gateway employ Wireless Transport Layer Protocol (WTLS) which
is based upon the TLS protocol which has been optimized for use over narrow-band
communication channels providing also datagram support. It ensures data integrity,
privacy, authentication, and denial-of-service protection. The tunnel between WAP
gateway and Web server employs the TLS protocol. Because of the different secure
mechanisms used in these two tunnels, this scheme does not support end-to-end
security.
33
Secure Transmission in WAP 2.0
Fig. 2.18 WAP 2.0 Architecture
WAP 2.0 proceeds to the re-design of the WAP architecture by introducing the
existing Internet protocol stack, including the Transmission Control Protocol (TCP),
into the WAP environment. The tunnel can be established all the way from WAP
device to the Web server. It provides end-to-end security features. Another pros is that
two TCP versions can be applied on, one for wireless part, the other for wire part
which can improve performance in WAP 2.0.
6.2.5 3G security weakness and Security Issues
3G security features counteract many security threats in 2G system. 3G is much
securing than 2G system. There are many new features introduce in 3G. This section
will discuss what security threats were counteracted or not.
First of all, denial of service attacks, such as user de-registration request spoofing,
location update request spoofing are counteract in 3G circumstances because integrity
protection of critical signaling messages mechanism. However, attackers can setup a
modified BS/MS to entice mobile user to camp on it. The modified BS/MS relay
message between mobile user and real BS. The modified BS/MS can ignore certain
messages, such as paging, and make DoS attacks succeed. This attack is very difficult
to counteract effectively in any radio system.
There are many methods can be used in identity catching, including passive and
active identity catching. The attacker requires a modified BS and entices mobile user
camp on. The differences between passive and active identity catching is that passive
catching just waiting for mobile user send identify in clear text. Active identify
34
catching is that modified BS requests mobile user identify. However, neither passive
nor active identify catching methods do not work in 3G system because of identity
confidentiality which encryption key shared by a group of users to protect identify.
Attackers also can use the modify BS/MS to eavesdrop on user data by
suppression of encryption between mobile user and the core network. But, Message
authentication and replay inhibition of the mobile’s ciphering capabilities allow the
network to verify that encryption has not been suppressed by an attacker [3GTR900].
6.3 4G Security Investigation Results
This section describes the current research results of 4G. Due to the standards of
4G are on defining, we investigate the current research results from papers. By the
survey, some the features and issues of 4G can be illustrated, and are helpful to our
future studies.
6.3.1 Security Issues on 4G
Basically, 4G/B3G hope to provide a communication environment with seamless
connection service consists of integrating heterogeneous network, All-IP, multimedia
applications, and so on. Toward 4G and beyond 3G, there exist many security issues to
be resolved [Hui03][Fu04][Celentano06][O’Drama04][Dell'Uomo02] [McEvoy05]
[Zheng05] [Prasad05]. As follows, we list some important security issues on 4G/B3G.
Some of these issues have been investigating and getting some results as an important
reference.
� QoS and Security [Fu04][O’Drama04] [Dell'Uomo02] [Hui03]
-. Seamless integrated Mobility, QoS and Security
-. Delay across different networks for QoS
-. Privacy
� AAA for 4G [McEvoy05][Zheng05] [Dell'Uomo02]
-. Heterogeneous Network
� Mobile IPv6 with inherent problems of IP [Celentano06]
[Dell'Uomo02]
� Security and Handover [Celentano06] [Prasad05] [Dell'Uomo02]
6.3.2 The Research Results of 4G Security
As 4G has not yet reached in industry and standard, many researches on security
issues on 4G as described in section 3.1 have been doing progressively. Several
research results have proposed from prior papers. In this section, we introduce several
results about these security issues, specially issues resulted from heterogeneous
network.
35
6.3.2.1 An approach on QoS and Security
In this section, we introduce an approach on QoS and Security proposed by
Xiaoming Fu [Fu04]. He propose a system architecture for QoS and Security in 4G,
which integrates QoS and AAA mechanism. As we know, traditional AAA is not
suited for mobility. AAA of 4G needs more efficient and scalable; QoS needs
hop-by-hop way of dynamic key establishment. He illustrates several QoS and
Security issues as Fig. 3.1:
. Problems on routing optimization between CN and MN,
. How to make sure quality guarantee on delay for QoS,
. How to integrate QoS with AAA.
Fig. 3.1 Illustration of routing on for mobility
In Fu’s approach illustrated as Fig. 3.2, his SeaSoS architecture allow modify
network attributes using dynamic plug-in, or re-configure parameters in order to
interact with heterogeneous networks as :
• QoS Protocol :RSVP + NSIS-QoS,
• AAA protocol :Diameter + COPS,
• HMIPv6 + MIPv6
In the SeaSoS, IETF Authentication protocol :EAP is chosen as authentication
protocol with the EAP suited to mobility. The architecture can also achieve the
Seamless Access. The architecture can achieve QoS and Security requirements with
seamless access. As this architecture applies RSVP, it can prevent Denial of Service
36
(DoS) attack.
MN nAR AAAL CR AAAH HA
Start
EAP
EAP
AAA(Diameter)
RSVP
SeaSoS
Fig. 3.2
The SeaSoS operation procedure
6.3.2.2 An approach of Secure Mobile IPv6
In this section, we introduce an approach of secure Mobile IPv6 for B3G
Networks proposed by Celentano, and et. al. [Celentano06]. They propose a system
architecture for secure Mobile IPv6 for B3G Networks. They exposed several issues
of mobile IPv6 for B3G network.
Security Vulnerabilities of Mobile IPv6 and Return Routability Procedure
In mobile IPv6, when MN roams away from its HN, Neighbour Discovery
mechanism or Dynamic Host Configuration Protocol binds new address by sending
Binding Update (BU) message to HA. When handoff occurs in heterogeneous
network, Mobile IPv6 acquire a new CoA only, Security Association (SA) between
HA and MN is not impacted (MIPv6 Routing Header Type2 and Home address option
are transparent to IPSec SA). On the other hand, RRP (Return Routability Procedure)
mechanism is vulnerable to attacks along the path between the HA and the CN, where
a malicious node, aware of a session between MN and CN, might simulate a handoff
of the MN by sending fake HoTI and CoTI messages. Adversary can obtain Kbm and
send fake BU to CN or MN. Hence Mobile IPv6 on heterogeneous network will incur
an impersonation attack/Man-in-the-middle attack.
37
MN HA CN
HoTi
CoTi
HoT
CoT
RRP
Fig. 3.3
A RRP vulnerability
Celentano, and et. al. proposed a system architecture to resolve these insecure
issues of Mobile IPv6 for B3G Networks. As the SA is not impacted , the solutions to
resolve above man-in-the-middle attack are (a) BU should be updated in every
handoff , (b) on each path, IPSec or ESP is employed to protected the distribution of
keys. They proposed solutions described as follows.
(1). At set-up, Kbm distribute to MN and Cn within the body of the SIP 200
OK and ACK message, instead of RRP.
(2). Kbm can be generated by AAA Server.
(3). The distribution of keys is secured by IPSec and ESP between SIP user
(MN and CN) and P-CSCF.
6.3.2.3 A Trusted Computing-Based Security Architecture
4G exists some technology issues as providing great flexibility and mobility
which complex the security problem in turn. In this section, a Trusted
Computing-Based Security Architecture for 4G based on the PKBP scheme proposed
by Zheng [Zheng 05a][Zheng 05c].
38
Fi
g. 3.5 An illustration of PKI under different CA
As Fig. 3.5 illustrated, several authentication protocols have been proposed for
mobile IP, which can not employed directly in 4G with heterogeneous network, for
following reason.
• Symmetric key based protocol can not work for its poor scalability,
• Pure public key based protocol increase computational load
• It is impossible to take one CA for heterogeneous networks in 4G
• Hybrid scheme can not provide non-repudiation and be difficult for
ME to verify the signature of FA outside HN.
• It is very difficult for ME to verify the validity of BS’s public-key
certificate since ME and BS usually belongs to different CA.
• It is hard to achieve mutual authentication between ME and FA, and
ME is vulnerable to be cheated by forged BS/FA.
A Trusted Computing-Based Security Architecture with PKBP scheme proposed by
Zheng can be a feasible solution for 4G with heterogeneous network. In Fig. 3.3, we
shows how does the A Trusted Computing-Based Security Architecture work.
39
CA11 CA12CA31 CA32
RCA1RCA2 RCA3
BCA1
BCA2 BCA3
HA1 AAA1
HA2AAA2
HA4AAA3
HA5 AAA4
Fig.
3.6 Hybrid PKI model of PKBP
In this scheme, a hierarchical trust model is employed 4G with heterogeneous
network.. Every radio networks has a root CA (RCA), and different networks are
connected with bridge CA (BCA). Each CA employed PKI and X.509. As Fig. 7
described, every HA broadcast its PKH, IDH, IPv6 address and those parameters by
upper layer CA.
1 2
34
5 6
PKI Based on Hybrid Trust model
ME
FA
(HA5) AAAH
(AAA2)
CCAH CCFA
Fig.
40
3.7 Authentication protocol of PKBP
When the ME roams to the area belong HA5 outside from HA, An PKBP
authentication communications are performed by upper layer CA. The PKBP scheme
achieved :
(a). Authentication on heterogeneous networks
(b), Against the man-in-the-middle attack
(c ).Mutual authentication
(d). Anonymity and Non-repudiation
(e). Security of key agreement
The Trusted Computing-Based Security Architecture linked up PKBP scheme is
applicable for 4G. It is convenient to globe mobility and flexible scalability. It will be
a feasible solution for 4G with heterogeneous network.
41
6.4 Discussion & Conclusion With our wireless service needs of wireless network, it causes the rapid growth
of wireless network service and its technologies, and wireless device becomes basic
appliances for contemporary people. As known by this report, 3GPP provided more
security mechanisms than 2G such as mutual-authentication, stronger confidentiality
and integrity, …etc. 3G still exists some security problems, for example, privacy, DoS,
plaintext of IMSI, ….etc., for providing more secure communication. On the view
points of future trend, the convergence of heterogeneous networks, for example, 4G, is
an important issues. Some of issues about the convergence, for example, seamless
service, high mobility, QoS,…, ect, have to be further investigated. All-IP have been a
necessary environment in the future communication and network. Some issues about
all-IP for 4G also have to be further resolved.
42
References [3GPPTS120] 3GPP TS 33.120 V4.0.0 Technical Specification.
[3GPPTR900] 3GPP TR 33.900 V1.2.0 Technical Specification.
[3GPPTS102] 3GPP TS 33.102 V7.1.0 Technical Specification.
[3GPPTS202] 3GPP TS 35.202 V3.1.1 Technical Specification.
[3GPPTS205] 3GPP TS 35.205 V6.0.0 Technical Specification.
[3GPPTS201] 3GPP TS 35.201 V6.1.0 Technical Specification.
[3GPPTS121] 3GPP TS 23.121 V3.6.0 Technical Specification.
[3GPPTS111] 3GPP TS 31.111 V3.7.0 Technical Specification.
[3GPPTS002a] 3GPP TS 23.002 V3.6.0, Network Architecture, Release ’99, Sept.
2002.
[3GPPTS002b] 3GPP TS 23.002 V4.5.0, Network Architecture, Release 4, Sept.
2002.
[3GPPTS002c] 3GPP TS 23.002 V5.8.0, Network Architecture, Release 5, Sept. 2002.
[Barba93] Barba, A., Recacha, F. and Melus, J.L., “Security architecture in the third
generation networks,” Proceedings of IEEE Singapore International Conference on
Networks, 1993. International Conference on Information Engineering '93.
'Communications and Networks for the Year 2000', Volume 1, PP. 421-425 , Sept.
1993.
[Celentano06] D. Celentano, A. Fresa; M. Longo, F. Postiglione, A.L. Robustelli,
“Secure Mobile IPv6 for B3G Networks,” SoftCOM 2006. International Conference
on Software in Telecommunications and Computer Networks, PP. 331–335, Sept.
2006.
[Dell'Uomo02] Dell'Uomo, L.; Scarrone, E., “An all-IP solution for QoS mobility
management and AAA in the 4G mobile networks,” The 5th International Symposium
on Wireless Personal Multimedia Communications, 2002, Volume 2, PP. 591 – 595,
Oct. 2002.
[Fu04] Xiaoming Fu, Dieter Hogrefe, Sathya Narayanan, Rene Soltwish, “Qos and
Security in 4G Networks,” Proceedings of the first annual global mobile congress,
Shanhai, China, Oct. 2004.
[Gleeson00] B. Gleeson, A. Lin, J. Heinanen, G. Armitage, A. Malis, A Framework for
IP Based Virtual Private Networks, RFC 2764, Feb 2000.
[GSM03.60] GSM 03.60, GPRS, Service Description, Stage 2. 1998.
[Hui03] Suk Yu Hui; Kai Hau Yeung, “Challenges in the migration to 4G mobile
systems, ” IEEE Communications Magazine, Volume 41, PP. 54 – 59, Dec. 2003.
[Harkins98] D. Harkins, D. Carrel, The Internet Key Exchange (IKE), RFC 2409, Nov.
1998.
[ITU] ITU:Security in Telecommunications and Information Technology – Oct. 2004
43
http://www.itu.int/itudoc/itu-t/86435.html
[Joseph06] Joseph, V.C.and Talukder, A.K.;” Verifiable AKA for beyond 3G wireless
packet services,” 2006 IFIP International Conference on Wireless and Optical
Communications Networks, pp. 11-13 Apr. 2006.
[Kent98] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, RFC
2401, 1998.
[O'Droma 04] Ganchev, I., O'Droma, M., Chaouchi, H., Armuelles, I., Siebert, M.,
Houssos, N., “Requirements for an integrated system and service 4G architecture,”
VTC 2004-Spring. 2004 IEEE 59th Vehicular Technology Conference, 2004, Volume
5, PP. 3029 – 3034, May 2004.
[wiki, Cdma] http://en.wikipedia.org/wiki/Cdma.
[wiki, 3G] http://en.wikipedia.org/wiki/3G.
[Wireless Application Forum, WAP] Wireless Application Forum (WAP), WAP
Specifications, URL: http://www.wapforum.org/what/technical.htm.
[Zhang05] Muxiang Zhang and Yuguang Fang; “Security analysis and enhancements
of 3GPP authentication and key agreement protocol,” IEEE Transactions on Wireless
Communications, Vol. 4, No. 2, PP. 734-742, Mar. 2005.
[Zheng05a] Yu Zheng, Dake He; Lixing Xu and Xiaohu Tang, “Security scheme for
4G wireless systems,” Proceedings. 2005 International Conference on
Communications, Circuits and Systems, Vol. 1, Page(s):397 – 401, May 2005 .
[Zheng05b] Yu Zheng, He, D., Xiaohu Tang and Hongxia Wang, “AKA and
Authorization Scheme for 4G Mobile Networks Based on Trusted Mobile Platform,”
2005 Fifth International Conference on Information, Communications and Signal
Processing, PP. 976 – 980, Dec. 2005.
[Zheng05c] Yu Zheng, Dake He, Weichi Yu and Xiaohu Tang, “Trusted
Computing-Based Security Architecture For 4G Mobile Networks,” PDCAT 2005.
Sixth International Conference on Parallel and Distributed Computing, Applications
and Technologies, 2005, PP. 251 – 255, Dec. 2005.