3G-4G Sercurity

1

Chapter 6

3G/4G Security

2

Chapter 6

3G/4G Security

TABLE OF CONTENTS

LIST OF TABLES : Not Available xll

LIST OF FIGUERS: Not Available xlll

1. Introduction to 3G/4G………………………………………….…….3

1.1 3G/3GPP System Overview………..…….…….……….…….……...3

1.2 4G Features……………………………………….……….…..9

2. 3G Security…..…….…….…………………………….…….……...12

2.1 3G/3GPP Security Architecture….…….……....…....……..12

2.2 3G/3GPP Network Access Security…….…………….....…..14

2.2.1 User identity confidentiality…………………………15

2.2.2 Authentication/Key Agreement……………….……15

2.2.3 Data Confidentiality……………….………………23

2.2.4 Data Integrity…………………………………………26

2.3 3G Network Domain Security…….………………..….…...28

2.4 3G User/Appl icat ion Domain Securi ty …….…………...30

2.4.1 User Domain security ………………………..……30

2.4.2 Application Domain security………………..…………30

2.5 3G security weakness and Security Issues ….…...…...32

3. 4G S ecu r i t y In v es t i ga t i o n R es u l t s ……… ……… …… … 34

3.1 Security Issues on 4G……….…….…….…….………….………..34

3.2 The Research Results of 4G Security …………………………….…...34

4. Discussion & Conclusion …………………….….….………….……….41

5. References .…….…….……..……….…….…….…….…….…….……42

3

Chapter 6

3G/4G Security

6.1 Introduction to 3G/4G

This section briefly introduces the overviews of 3G and 4G communication system.

With our wireless service needs of wireless network, it causes wireless network

service and its technologies rapidly growing, and becomes a basic appliance for

contemporary people. This report will provide a brief introduction to the security of

3G and 4G. In this report, we introduce the system overview of 3G and 4G. We also

introduce the security of 3G and 4G including security architecture, network security,

security weakness, etc. More details information can be referred to the 3GPP related

documents [3GPPTS121] [3GPPTS102] [3GPPTR900] [3GPPTS205]. As to the 4G,

some of current research results from papers are introduced in this report [Fu04]

[Celentano06] [Zheng 05a][Zheng 05c]. Some issues of 4G are also suggested for our

future further study [Fu04][O’Drama04] [Dell'Uomo02] [Hui03] [Celentano06]. 4G

(also known as Beyond 3G), an abbreviation for Fourth-Generation

Communications System, is a term used to describe the next complete evolution in

wireless communications. A 4G system will be able to provide a comprehensive IP

solution where voice, data and streamed multimedia can be given to users on an

"Anytime, Anywhere" basis, and at higher data rates than previous generations.

There is no formal definition for what 4G is; however, there are certain objectives that

are projected for 4G. These objectives include: that 4G will be a fully IP-based

integrated system. This will be achieved after wired and wireless technologies

converge and will be capable of providing between 100 Mbit/s and 1 Gbit/s speeds

both indoors and outdoors, with premium quality and high security. 4G will offer all

types of services at an affordable cost. According to the 4G working groups, the

infrastructure and the terminals of 4G will have almost all the standards from 2G to

4G implemented. Although legacy systems are in place to adopt existing users, the

infrastructure for 4G will be only packet-based (all-IP). Some proposals suggest

having an open platform where the new innovations and evolutions can fit. The

technologies which are being considered as pre-4G are the following: WiMax, WiBro,

iBurst, 3GPP Long Term Evolution and 3GPP2 Ultra Mobile Broadband.

3GPP LTE (Long Term Evolution) is the name given to a project within the Third

Generation Partnership Project (3GPP) to improve the UMTS mobile phone standard

4

to cope with future requirements. Goals include improving efficiency, lowering costs,

improving services, making use of new spectrum opportunities, and better integration

with other open standards. The LTE project is not a standard, but it will result in the

new evolved release 8 of the UMTS standard, including mostly or wholly extensions

and modifications of the UMTS system. The architecture that will result from this

work is called EPS (Evolved Packet System) and comprehends E-UTRAN (Evolved

UTRAN) on the access side and EPC (Evolved Packet Core) on the core side.

Universal Mobile Telecommunications System (UMTS) is one of the

third-generation (3G) cell phone technologies, which is also being developed into a

4G technology. Currently, the most common form of UMTS uses W-CDMA as the

underlying air interface. It is standardized by the 3GPP, and is the European answer to

the ITU IMT-2000 requirements for 3G cellular radio systems.

6.1.1 3G/3GPP System Overview

3G is the next generation wireless network which is to provide a world wide

standard and a common communication for mobile networking. 3G standard is

defining on 3GPP bodies. 3G features exceeding over 2G provide higher data rate,

massive network capacity, interactive multimedia service, QoS, global roaming

[3GPPTS121] [3GPPTS102]. Initially, there are several communication technologies

as WCDMA, TDMA, CDMA2000 applied for 3G. Up to 3GPP be organized, UMTS

included WCDMA is proposed as 3GPP communication standard. In 3GPP, All IP

becomes an important feature.

The services associated with 3G include wide-area wireless voice telephony and

broadband wireless data, all in a mobile environment. In marketing 3G services, video

telephone has often been suggested as the killer application for 3G. 3G support

higher network access rate than 2G system. Because of the enhancement of bandwidth,

mobile application can make much application than before, such as video phone,

some real-time services.

The main technology used in 3G system is Code division multiple access (CDMA)

which a form of multiplexing and a method of multiple access that divides up a radio

channel not by time, nor by frequency, but instead by using different pseudo-random

code sequences for each user [wiki, CDMA]. There are several types of CDMA exist,

WCDMA, TD-SCDMA, CDMA2000. In Asia, Europe, and the USA and Canada,

telecommunication companies use W-CDMA [wiki, 3G].

5

Fig. 1.1 3G service architecture

3G service architecture is illustrated as Fig. 1.1 [3GPPTS121]. A subscriber

connects to another connected user through Node B (base transceiver station BTS),

Radio Network Controller (RNC), Mobile Service Switching Center (MSC) and

GMSC (Gateway Mobile Switching Centre) of core network to the PSTN. The BSC

or RNC control the resource allocations and QoS. The RNC is charged of the

switching and control in UTRAN. UTRAN, short for UMTS Terrestrial Radio Access

Network, is a collective term for the Node B's (base transceiver station BTS) and

Radio Network Controllers which make up the UMTS radio access network. The

UTRAN allows connectivity between the UE (user equipment) and the core network.

A Gateway Mobile Switching Centre (GMSC) provides an edge function within a

PLMN Public Land Mobile Network). It terminates the PSTN (Public Switched

Telephone Network) signalling and traffic formats and converts this to protocols

employed in mobile networks. For mobile terminated calls, it interacts with the HLR

(Home Location Register) to obtain routing information. MSC and GMSC transmit

communication signal to PSTN. On the other hand, 3G also supports the GPRS

service through SGSN and GGSN to internet.

6.1.1.1 UMTS Network

The core technology of universal mobile telecommunication system (UMTS)

network is Code Division Multiple Access (CDMA). It is different from the

technology used in 2G system. The main advantage of CDMA coding technique can

enlarge usage of wireless channel and reduce the inference of noise. In other words, it

6

can allow more users employ wireless channel at the same time.

UMTS comprises a realization of 3G-mobile systems, which is compatible with

the evolved Global System for Mobile communication/General Packet Radio Services

(GSM/GPRS) [GSM03.60].

UMTS network is the core network of 3G. Its main objective is to provide high

access rate than 2G system which can be used to provide a wide range of real-time

service with different levels of quality of service (QoS).

There are several releases in UMTS, including Release 1999 (R99), Release 4

(Rel-4) and Release 5 (Rel-5). R99 is the earliest release version of 3G. The

fundamental difference between GSM/GPRS and UMTS R99 is that the latter

supports higher access rates (up to 2 Mbps) [3GPPTS002a]. But UMTS R99 is just a

logical evolution from 2G-system architecture. There is not exist huge differences

from GPRS.

UMTS Rel-4 and Rel-5 are revolutionary versions [3GPPTS002b] [3GPPTS002c].

Both of them introduce all-IP network architecture that eventually replace by

circuit-switched transport technology. On the other hand, it introduces Open Service

Architecture. It allows third party service provider could access UMTS service

architecture.

6.1.1.2 UMTS Network Architecture

The architecture of UMTS network is very similar to GPRS network architecture.

We will briefly introduce UMTS Network entities and its functions. Finally, a basic

call control example makes reader know the control flow.

<UMTS Network Entities>

There are several entities on UMTS network as Fig. 1.2. Let’s introduce every

entities and its functionality.

User Equipment (UE)

The user equipment is the end device of UMTS network. The user can

make a phone call through user equipment. It always contains mobile phone

and USIM card.

Node B

The functionality of Node B is very similar to Base Station in 2G system.

UE cannot communicate directly with each other but have to communicate

with the Node B.

Radio Network Controller (RNC)

7

The functionality of RNC is responsible for control of the Node-Bs. RNC

carries out radio resource management. Some of the mobility management

functions and is the point where encryption is done before user data is sent to

and from the mobile.

Home Location Register (HLR)

The HLR is the database that holds subscription information for every

subscriber. HLR holds two types of data, permanent and temporary data.

Permanent data, such as International Mobile Subscriber Identify (IMSI),

International Mobile Equipment Identify (IMEI), authentication parameters,

and whether a static IP address is allocated to the MS.

The temporary data refer to the data changed when time goes by, such as

mobile user’s location (the MSC where mobile user located in).

We could seem HLR is a global database. When some entities need

information but do not know how to get it, just ask the HLR.

Visitor Location Register (VLR)

The VLR database contains information about the UEs who subscribed in

MSC related to VLR and temporary subscriber information needed by the

MSC to provide services for visiting subscribers.

VLR also provide Temporary Mobile Station Number (TMSI) which could

substitute IMSI in communication between MSC and UE. Because of TMSI is

generated randomly, it can prevent IMSI from eavesdropping.

Mobile Switching Centre (MSC)

MSC provides four main abilities, including Paging, Handoff and

Roaming, Update UE information on HLR, service type control and

authenticate with mobile user. When signaling to the UE which is covered by

MSC, MSC will forward paging signal to UE.

Gateway Mobile Switching Centre (GMSC)

It provides the interface which makes UE could make a phone call to other

type of communication network, such as PSTN. It is the gateway to transform

different network signal format to adapt network.

Serving GPRS Support Node (SGSN)

The SGSN forwards incoming and outgoing IP packets to/from a mobile

station and provides packet routing and transfer to and from the SGSN service

8

area. It also provides improved ciphering, authentication, session management,

and mobility management.

Gateway GPRS Support Node (GGSN)

The interface is towards the external IP packet networks. It contains access

functionality that interfaces external ISP functions like “Gateway”. In IPv4

circumstance, the IP address is not sufficient for every UE who wants to reach

the Internet. So SGSN have to provide the functionality like “NAT”. The

GGSN exchanges routing information with the external network and provides

GPRS session management, Functionality for associating the subscribers to

the right SGSN.

Fig.1.2 UMTS Network Architecture

<A Basic Call Control Example>

We assume UEa under MSCa and make a call to UEb under MSCb. First of all,

UEa’s signal transfers to RNC through Node B. The RNC check the signal format and

make sure it’s a call signal, then forward the signal to MSCa. Whenever MSCa

received the signal, MSCa have to ask HLR where the UEb located in. After MSCa

received HLR’s answer, it forward the signal to MSCb where the UEb located in. As a

result, MSCb forward the signal to UEb. UEb knows someone is calling me when

signal received. This is the basic call signal forwarding.

9

Fig. 1.3 IPv6 in 3G

6.1.1.3 IPv6 and 3G

3G systems introduce All-IP network but the lack of IP addresses may be the

bottleneck for toward all-IP network as Fig. 1.3. However, GGSN support NAT to

address this problem. But NAT still has many problems to be addressed. The best

solution that can address the issues is IPv6. The sufficient of IP addresses and

enhancement of IPv4 weakness makes IPv6 on 3G system more powerful. As a result,

IPv6 was integrated in 3G Rel-5. More specifically, UE and NE in core network have

to support IPv6.

In 3G network system, IP address has two main purposes. User-level IP address

is used in communication between mobile terminal and application host.

Transport-Level IP address is used in communication among network entities in 3G

network.

10

6.1.2 4G Features

4G has not yet reached in industry and standard. Illustration of Fig. 1.4 is a 4G

service architecture from Agora Co. Always-Best-Connected service on heterogeneous

network is hoped to achieve. In order to provide Always-Best-Connected service in

the future, a universal consensus on features of 4G is achieved. In the understanding,

main important characteristics and features are [Fu04][Hui03] [Zheng05a]:

�All-IP Based network architecture

�Higher bandwidth (than 3G)

�Heterogeneous Network (3G/UMTS, Wireless LAN, DVB-T, etc.)

�QoS, Security, ….

�Full integration of “hot spot” and “cellular”

�Support for multimedia applications

ServicesPortabi lity

MPE

A/VStreaming Gateway

EPGESG

ContentProtection

Manage ment

UMTS

Broadcast Net works(DMB, DVB-T/H)

Satell ite (DVB-S2)

GS M / GPRS

Context-awareInfor mation Centre

IP-base d micro-mobility

Wireless LANs

ISP

DTVContentDelivery

ServicesProvis ion

ServicesAggregation

DTVBill ing

SAS/SMS

IP BackboneIP Backbone

Internet

Fi

g. 1.4 4G service architecture

11

IP BoneNetwork

GPRS

CDMA

GSM

CDMA2000

TDSCDMA

WCDMA

CMDS BWAN

Bluetooth

802.11a

802.11b

4G Architecture

WLAN

3G

2G/2.5G

CDMA1x

Others

Fig. 1.5 Architecture of 4G wireless systems, Ref. [Zheng05a]

4G standard is defining in the countries such as Japan, China, Korea, Europe.

Main leading institute of standard defining consists of IMT-Advanced, 3GPP , 3GPP2.

For providing 4G service, new technologies and architectures are still on developing

at different programs such as NTT DoCoMo, Nokia, Motorola, etc.

12

Basically, 3G is on developing communication networks, 4G is on defining

standards. In spite of some 4G features exceeding over 3G, the future developments

are worth our further investigating. In the Table 1, the comparison of 3G and 4G from

different features is illustrated.

Table 1. Comparison of 3G and 4G

20 up to 100 Mbit/s384KBit/s up to 2Mbit/sData rate

100 MHz (or more)5-20 MHzBandw idth

– OFDM and MC-CDMA (Multi Carrier CDMA)

– W-CDMA, 1xRTT, EdgeAccess Technologies

– Higher frequency band (2-8 GHz)

– Regionally different (1800-2400 MHz)

Frequency band

– Hybrid – Integration of Wireless LAN (WiFi, Bluetooth, hot spots) and w ide area

– Wide area cell-basedNetwork architecture

All digital with packetizedv oice

Channel and Packet sw itching

Switching Design Basis

– Advanced 3G-capacity (an order of magnitude)

Backward compatible to2GCompatibility

– Global mobility– Serv ice compatibility– All network elements are

digital

– Many different standards worldwide

– Combination of real and dev eloped equipment

General topics

4G3G

Source: www.mobileinfo.com

13

6.2 3G Security This section describes the security architecture of 3G. In the architecture, the

security features also described. The detailed features and definitions can refer to the

3G-related documents [3GPPTS102] 3GPPTS121] [3GPPTS102] [3GPPTR900]

[3GPPTS205]. For convenience, we follow 3GPP security architecture to describe the

security features.

6.2.1 3G/3GPP Security Architecture

3G security concerns is raised from some issues as wireless access is inherently less

secure, mobility implies higher security risks, IP-based technologies brings new

vulnerabilities, …, etc.

3G Security requires consideration of several aspects such as mobility, the

particular security threats, the types of information to be protected and the complexity

of network architecture over 2G. An overview of 3G security architecture is

illustrated as follow [3GPPTS102].

When 3G was developed, security issues were taken into consideration. The

whole 3G security architecture was designed based on three fundamental principles

[3GPPTS120].

(1). The architecture for 3G will build on the security features of 2G system.

(2). The 3G security will improve on the security of the 2G system.

(3). 3G security will offer new features and will secure new services offered

by 3G.

The following are listed security enhancements in 3G security [3GPPTS120]:

-Key lengths were increased to allow for the possibility of stronger

algorithms for encryption and integrity.

-Mechanisms were included to support security within and between

networks.

-Security is based within the switch rather than the base station as in GSM

-Integrity mechanisms for the terminal identity (IMEI) have been designed

in from the start, rather than that introduced late into GSM.

-When roaming between networks, such as between a GSM and 3GPP, only

the level of protection supported by the smart card will apply.

14

HE: Home EnvironmentSN: Serving NetworkME: Mobile EquipmentUSIM: Universal Subscriber Identity Module

User Application Provider Application

ME

SN

USIM HE

AN

Application stratum

Home stratum/Serving Stratum

(I)

(II)

(III)

(IV)

Transport stratum

(I)(I)

(I)(I)

Fig. 2.1 3G Security Architecture

3G security architecture on 3GPP is illustrated in Fig 2.1 as five major classes

[3GPPTS102]: Network access security (I), Network domain security (II), User

domain security (III), Application domain security (IV) and Visibility and

configurability of security (V).

HLR: Home Location Register

CS: Circuit Switching

PS: Packet Switching

SGSN: Serving GPRS Support Node

HLR

PS locationPS locationCS locationCS location

3G MSC/VLR

CS stateCS state

3G SGSN

PS statePS state

UTRAN

UE

CS stateCS state PS statePS state

Common subscription

data base

Two CN service domains

PS service

domainCS service

domain

Packet SwitchingCircuit Switching

Two lu signalling connections (“ two RANAP instances”)

UTRAN with

distribution functionality

One RRC connection

Fig. 2.2: Overview of the ME registration and connection principles within

UMTS

15

Because legacy inherited from GSM/GPRS, 3GPP have to deal with the both

connections between Circuit Switching (CS) domain and Packet Switching (PS)

domain, as Fig. 2.2. In 3G, registration and connections within UMTS, such as user

identification, authentication and key agreement will process independently in each

service domain. 3GPP conduct the authentication and key generation by a share key

name as k. Basically, authentication and key agreement of 3G/3GPP are conducted by

f1, f2, f3, f4, f5; data integrity is conducted by f9; and confidentiality is conducted by

f8.

6.2.2 3G/3GPP Network Access Security

Network access security is a mechanism to provide a secure access 3G services

and to protect against attacks on the radio interface. In order to provide a secure 3G

service, the security features of network access security required for 3G are listed as

follows [3GPPTS102].

� User identity confidentiality

-User identity confidentiality

-User location confidentiality

-User untraceability

� Entity authentication

-User authentication

-Network authentication

� Confidentiality

-Cipher algorithm agreement

-Cipher key agreement

-Confidentiality of user data

-Confidentiality of signalling data

� Data Integrity

-Integrity Algorithm Agreement

-Integrity key agreement

-Data integrity and origin authentication of signalling data

� Mobile equipment identification

-IMEI

In order to achieve the security features of network access security, 3GPP defines

several mechanisms to achieve these features. The mechanism mainly process the

function of the secure access such as (i) user identity confidentiality, (ii)

authentication and key agreement, (iii) data confidentiality and (iv) integrity

protection of signaling messages.

16

6.2.2.1 User identity confidentiality

The user identity confidentiality of 3GPP allows user identification to access

services by a temporary Mobile Subscriber Identity (TMSI). In initial registration, the

network system registered a permanent identity of user. When a user raises a service

request, the network system assigned a TMSI to user for his services. The TMSI

implies that confidentiality of user identity is protected almost always against passive

eavesdroppers. TMSI can also avoid user traceability by changing TMSI in the short

time period.

6.2.2.2 Authentication/Key Agreement

In this section, we discuss the 3GPP Authentication/Key Agreement illustrated as

Fig. 2.3. Firstly, VLR/SGSN send authentication data request to HE/HLR

[3GPPTS102]. More details can refer to 3GPP standard TS 33.102 [3GPPTS102].

After the receipt of a request from the VLR/SGSN, the HE/AuC sends an ordered

array of n authentication vectors to the VLR/SGSN. The authentication vectors are

ordered based on sequence number. Each authentication vector consists of several

components such as a random number RAND, an expected response XRES, a cipher

key CK, an integrity key IK and an authentication token AUTN. Each authentication

vector is important for one authentication and key agreement between the VLR/SGSN

and the USIM.

MS VLR/SGSN HE/HLR

Authentication data request

Authentication data responseAV(1..n)

User authentication requestRAND(i) || AUTN(i)

User authentication response

RES(i)

Compute CK (i) and IK (i) Select CK (i) and IK (i)

Distr ibution of authentication

vectors from HE to SN

Generate authentication vectors AV (1..n)

Store authentication vectors

Select authentication vector AV (i)

Verify AUTN (i)

Compute RES (i)

Compare RES (i) and XRES (i)

Authentication and

key establishment

Fig. 2.3

Authentication and key agreement for 3G

17

When the VLR/SGSN initiates an authentication and key agreement, it selects

the next authentication vector from the ordered array, and then it sends the parameters

RAND and AUTN to the user. The USIM verify whether AUTN can be accepted or

not. If it is yes, the USIM produces a response RES which is sent back to the

VLR/SGSN. The USIM also computes CK and IK. The VLR/SGSN compares the

RES with XRES when VLR/SGSN received the RES. If they are matched, the

VLR/SGSN considers the authentication and key agreement exchange to be

successfully completed. The established keys CK and IK then are transferred by the

USIM and the VLR/SGSN to the entities which perform ciphering and integrity

functions.

-. Distribution of Authentication data from HE to SN

Distribution of authentication data procedure is to provide the VLR/SGSN

with an array of fresh authentication vectors to perform a number of user

authentications [3GPPTS102]. The VLR/SGSN invokes the distribution

procedures by requesting authentication vectors to the HE/AuC [3GPPTS102].

In this procedure, VLR/SGSN first issues an authentication data request

including the IMSI and the requesting node type (Packet Switching:PS or

Circuit Switching:CS). Upon the receipt of the authentication data request, the

HE may have pre-computed authentication vectors and retrieve them from the

HLR database or compute them on demand. The HE/AuC sends an

authentication response back to the VLR/SGSN with an ordered array of n

authentication vectors AV(1..n).

18

IK: Integrity Key

CK: Cipher Key

AUTN: A uthentication Token

AMF: A uthentication Message Field

VLR/SGSN HE

Authentication data request

Authentication data response

IMSI

AV (1 ..n)

K

SQNRAND

f1 f2 f3 f4 f5

MAC XRES CK IK AK

AUTN:=SQN ⊕⊕⊕⊕ AK∥∥∥∥AMF ∥∥∥∥ MAC

AV:=RAND ∥∥∥∥ XRES ∥∥∥∥ CK ∥∥∥∥ IK ∥∥∥∥ AUTN

Generate SQN

Generate RAND

AMF

Fig.

2.4: Distribution of authentication data and the generation of an authentication

vector

We can figure out the generation of an authentication vector AV by the

HE/AuC in Fig. 2.4. Basically, the mechanism of the generation of an

authentication vector in Fig. 2.4 is an Cipher mode operations using f1, f2, f3, f4

and f5 function included Rijndael [3GPPTS102]. The mechanism as in Fig. 2.4

inputs SQN (Sequence Number), RAND (Random Number), AMF

(Authentication Management Field) and shared secrete key K to generate the

authentication code and keys of MAC, XRES, CK, IK, AK by computing with

f1, f2, f3, f4, f5. The mechanism combines the authentication code and key into

an authentication vector. By the generation of an authentication, HE/AuC

generate the authentication vector AV and the authentication token AUTN.

19

-. Authentication and key agreement

In this paragraph, we discuss the user authentication and key agreement as

illustrated as fig. 2.5. The purpose of this Authentication and key agreement

procedure is to authenticate the user and establish a new pair of cipher and

integrity keys between the VLR/SGSN and the USIM. During the authentication,

the USIM verifies the validity of the authentication vector that is used.

USIM VLR/SGSN

User authentication requestRAND || AUTN

User authentication responseRES

User authentication rejectCAUSE

KSQN

RAND

f1 f2 f3 f4

f5

XMAC RES CK IK

AK

AMF MAC

AUTN

Verify MAC = XMAC

Verify that SQN is in the correct range

⊕

SQN⊕⊕⊕⊕AK

Fig.

2.5 User authentication function in the USIM

At user end, the mechanism of Fig. 2.5 input SQN, RAND, AMF and share

secrete key K generate the authentication code and keys of XMAC, RES, CK,

IK by computing with f1, f2, f3, f4, f5. The mechanism make a comparison of

the authentication code for VLR/SGSN authentication .

-. Key function f1, f1*, f2, f3, f4, f5 and f5*

As the distribution of authentication data and Authentication and key

agreement use key function f1, f1*, f2, f3, f4, f5 and f5*, we will briefly

describe how they work well about the key function f1, f1*, f2, f3, f4, f5 and f5*

[3GPPTS205]. The Fig. 2.6 illustrated the function of f1, f1*, f2, f3, f4, f5 and

f5*.

20

RAND

EK

(SQN, AMF)expanded to

128 bits

rotateby r1

EK

rotateby r3

EK

rotateby r2

EK

rotateby r5

EK

rotateby r4

EK

OPC

c1

f1 f1* f5 f2 f3 f4 f5*

OPC OPC OPC OPC

c2 c3 c4 c5

OPC OPC OPC OPC OPC

OPC

Fig. 2.6 f1,f1*,f2,f3,f4,f5,f5* functions

The value OPC is derived from the subscriber key K and the operator

dependent value OP by OPC = OP ⊕ E(OP)K ; c1, .., c5 are five fixed addition

constants. Rijndael was chosen as being then one of the five remaining AES

candidates, was well studied, could be efficiently implemented in S/W or H/W.

The mechanism of Fig. 2.6 generate the f1, f1*, f2, f3, f4, f5, f5* value for key

generation and authentication.

-. Re-synchronisation procedure [3GPPTS102]

After USIM verify the SQN in the correct range, If SQN is not in the range,

then UE of user send a synchronization failure message to VLR/SGSN. The

synchronization failure message consists of RAND and AUTS. The AUTS

message is also constructed by f1* and f5*. Upon receiving synchronization

failure message, VLR/SGSN sends the message to HLR/AuC to re-compute and

re-generate authentication vector with {Qi}. After the new authentication is

re-constructed, HLR/AuC send back to the VLR/SGSN for re-synchronization.

The re-synchronisation procedure and integrity function can refer to the Fig. 2.7.

21

RAND

SQNMS

K

AUTS = SQNMS ⊕ AK || MAC-S

AMF

f1* f5*

MAC-S AK SQNMS ⊕ AK

xor

UE/USIM VLR/SGSN HLR/AuC

RAND, AUTN

AUTS

RAND, AUTS

{Q i}

Fig.

2.7 Re-synchronisation mechanism

-. Local authentication and connection establishment

When an user set-up on a network, an entity authentication have to be

conducted [3GPPTS102]. Two mechanisms have been included: an

authentication mechanism using an authentication vector, and a local

authentication mechanism [3GPPTS102]. Local authentication employs the

integrity key established between the user and serving network during the

previous execution of the authentication and key establishment procedure

[3GPPTS102].

22

MS

2. “Initial L3 message” with user identity, KSI etc.

VLR/SGSN

3. Authentication and key generation

1. Storage of HFNs START values and UE security capability

4 Decide allowed UIAs and UEAs

SRNC

1. RRC connection establishment including transfer of the HFNs START values and the UE security capability from MS to SRNC

5. Security mode command (UIAs, IK, UEAs, CK, etc.)

6. Select UIA and UEA, generate FRESH Start integrity

7. Security mode command (CN domain, UIA, FRESH, UE security capability, UEA, MAC-I, etc.)

10. Verify received message

9. Security mode complete (MAC-I, etc.)

11. Security mode complete (selected UEA and UIA)

8. Control of UE security capability, Verify message, Start of integrity

“UE security capability” indicates UIAs and UEAs supported by MS

Start ciphering/deciphering Start ciphering/deciphering

Fig.

2.8 Local authentication and connection set-up

In the procedure, CK and IK are stored in the VLR/SGSN and USIM,

Local authentication is obtained by integrity protection function by UIA, UEA

as f9/SNOW and f8. The message integrity of the procedure is achieved from f8

and f9.

-. Authentication and key agreement of UMTS subscribers

In 3GPP, in order to provide backward compatible, Interoperation and

handover between UMTS and GSM have to be handled properly [3GPPTS102].

An UMTS user connects to the VLR/SGSN through ME/UMTS and UTRAN; a

GSM user connects to VLR/SGSN through ME and GSM BSS.

23

R e le a s e 9 9 + V L R /S G S N R e le a se 9 8 - V L R /S G S N

R e le a se 9 9 + H L R /A u C

U S IM

R A N D A U T N

R E S

C K IK

C K , IK K c

U T R A N

M E c a p a b le o f U M T S A K A

R A N D A U T N

R E S

[K c ]

C K , IK K c

G S M B S S

C K , IK � K c R E S � S R E S

C K , IK � K c

M E n o t c a p a b le o f U M T S

A K A

C K , IK � K c


R A N D [ A U T N ]

S R E S

[ K c ]

K c

R A N D S R E S

[ K c ]

K c

M E


Q u in te ts T r ip le ts


U M T S s e c u r i t y c o n te x t

G S M s e c u r i ty c o n te x t

C K , IK � K c

Fig.

2.9 authentication and key agreement of UMTS subscribers

The UMTS parameters RAND, AUTN and RES are sent transparently

through the UTRAN or GSM BSS and that the GSM parameters RAND and

SRES are sent transparently through the GSM BSS [3GPPTS102]. In a GSM

BSS case, ciphering is employed in the GSM BSS for services delivered via the

MSC/VLR, and by the SGSN for services delivered via the SGSN. In the latter

case the GSM cipher key Kc is not sent to the GSM BSS. In an UTRAN case,

ciphering and integrity are always applied in the RNC, and the UMTS

cipher/integrity keys CK an IK are always sent to the RNC [3GPPTS102].

24

6.2.2.3 Data Confidentiality

-. Access Link data confidentiality

As the sensitive data of users should be confidentiality protected, 3GPP

employs ciphering methods to protect the sensitive data. Fig. 2.10 illustrates the

use of the ciphering algorithm f8 to encrypt plaintext [3GPPTS102]. The

method ciphers the sensitive data by applying a keystream using a bit per bit

binary addition of the plaintext and the keystream.

PLAINTEXT BLOCK

f8

COUNT-C DIRECTION

BEARER LENGTH

CK

KEYSTREAMBLOCK

CIPHERTEXTBLOCK

f8

COUNT-C DIRECTION

BEARER LENGTH

CK

KEYSTREAMBLOCK

PLAINTEXT BLOCK

SenderUE or RNC

ReceiverRNC or UE

Fig.

2.10 Cipher method

For the encryption, the algorithm inputs the parameters as COUNT-C,

DIRECTION, LENGTH, BEARER, and the cipher key CK to f8 cipher, then

ouputs a keystream block. The plaintext block make a exclusive OR operation

with keystream block, then output a ciphertext block. For the decryption, the

algorithm do the same procedure as the encryption. The algorithm do an

exclusive OR operation between ciphertext block and keystream block.

25

-. Confidentiality Algorithm f8

The operation of Confidentiality Algorithm f8 can refer to Fig. 2.11. The f8

is a stream cipher. The key generator is based on the block cipher KASUMI. The

f8 algorithm detail specification can be found at 3GPP TS 35.201 [3GPPTS201].

The Confidentiality Algorithm f8 is briefly described as follow:

A=COUNT[0]…COUNT[31]BEARER[0]…BEARER[4]DIRECTIO

N[0]0…0

A= KASUMI[A] CK KM

For each n with 1<= n <= BLOCKS

KSBn = KASUMI[A BLKCNT KSBn-1]CK

For n=1 to BLOCKS

KS[((n-1)*64) + i] = KSBn[i]

COUNT || BEARER || DIRECTION || 0…0

A

CK

BLKCNT=0

KASUMICK KASUMICKKASUMICK

KS[0]…KS[63] KS[64]…KS[127] KS[128]…KS[191]

KASUMI

KASUMICK ⊕ KM

BLKCNT=1 BLKCNT=2 BLKCNT=BLOCKS-1

Fig.

2.11 f8 Confidentiality function

26

-. KASUMI Algorithm

KASUMI is a block cipher. Actually, KASUMI a Feistel cipher with 8

rounds. KASUMI is a cipher algorithm modified from AES, but operated under

8 rounds less than AES. It operates on a 64-bits data-block and use a 128-bits

key. The KASUMI detail specification can be found at 3GPP TS 35.202 V3.1.1

[3GPPTS202]. The block cipher with encryption is briefly described as follow:

FO2 FL2 ⊕KO2, KI2 KL2

FO3FL3 ⊕KO3, KI3KL3







64 R032

L032

C

R8L8

Fig.1:KASUMI

KOi,1KI i,1

⊕Fli1⊕

KOi,2KI i,2

⊕

Fli2⊕

KOi,3KI i,3

⊕

Fli3⊕

321616

Fig.2:FO Function

Zero-extend⊕

S9

truncate⊕

S7

⊕ ⊕KI i,j,1 KI i,j,2

Zero-extend⊕

S9

truncate⊕S7

1679

Fig.3:FI Function

∩ bitwise AND operation∪ bitwise OR operation<<< one bit left rotation

Fig.4:FL Function

⊕

⊕<<<

<<<

321616

KLi,1

∩

∪

KLi,2

⊕

⊕

FIi,2FI i,1

FI i,3

⊕

⊕

⊕

⊕

321616

Fig.6:FO Function

1679

S7S9

S7S9

⊕

⊕ ⊕

⊕

⊕⊕

Fig.5:FI Function

Fig.

2.12 KASIMI algorithm

27

6.2.2.4 Data Integrity

-. Access Link Data integrity protection method

The sensitive data between the MS and the network should also protect its

integrity. Fig. 2.13 illustrates the use of the algorithm f8 to authenticate the data

integrity [3GPPTS102].

f 9

COUNT-I DIRECTIO N

MESSAGE FRESH

IK

MAC -I

f 9

COUNT-I DIRECTION

MESSAGE FRESH

IK

XMAC -I

SenderUE or RNC

Receiver RNC or UE

Fig.

2.13 Data integrity function

At sender site, the algorithm inputs the parameters as COUNT-I,

DIRECTION, MESSAGE, LENGTH, and the integrity key IK to f9 function,

then outputs the MAC-I code and send to receiver site. At the receiver site, when

it received the MAC-I, it inputs the parameters as COUNT-I, DIRECTION,

MESSAGE, LENGTH, and the integrity key IK to f9 function, then outputs the

XMAC-I code. The receiver compare the XMAC-I with MAC-I received for

verifying the data integrity.

28

-. Integrity Algorithm f9

The operation of integrity algorithm f8 can refer to Fig. 2.14. The f9

algorithm detail specification can also be found at 3GPP TS 35.201

[3GPPTS201]. The Integrity Algorithm f9 is described as follow:

Initialization: A=0, B=0,

PS=COUNT[0]…COUNT[31]FRESH[0]…FRESH[31]MESSAGE[0

]…MESSAGE[LENGTH – 1] DIRECTION[0]10*

PS = PS0 || PS1 ||PS2|| …|| PSBLOCKS-1

A= KASUMI[A PSn] IK

B = B A

B = KASUMI[B] IK KM

MAC-I = lefthalf(B)

COUNT || FRESH || M E S S A G E || DIRECTION || 1 || 0 … 0

KASUMI KASUMI KASUMIIK IK IK IK KASUMI

KASUMIIK ⊕ KM

MAC-I (left 32-bits)

PS0 PS1 PS2 PSBLOCKS-1

Fig. 1.14

f9 Integrity function

29

6.2.3 3G Network Domain Security

Network Domain Security (NDS) ensures signal exchanges, within core network

security. Generally, there are two types of networks, which use different scheme to

achieve security. The first one is IP-based, the other one is SS7-based. The former

shall be protected by means of IPSec [Kent98]. The later shall be protected in

application level. Furthermore, the employment of traditional security technologies,

originally designed for fixed networking, such as firewalls, and static VPN, in order to

safeguard the UMTS core network from external attacks.

IP-based protocol

Fig. 2.15 NDS architecture for IP-based protocols

Security gateways (SEGs) are the main entities used in IP-based protocol. It is the

core gateway of IPSec. Key administration centers (KACs) negotiate the IPSec

security associations (SAs) by using the Internet Key Exchange (IKE) protocol

[Harkins98]. The KACs also distribute SAs parameters to the network entities (NEs)

or the SEGs through standard interfaces.

There are two approaches to secure IP traffic flow between NEs. Either

hop-by-hop scheme or end-to-end scheme can be applied. In hop-by-hop scheme,

originate NE setup a tunnel to appreciate SEG in the same security domain. NE

forwards data to it and then SEG setup another tunnel to the appreciate SEG on other

UMTS core network. Similarly, SEG forwards data to the appreciate SEG, setup

tunnel to target NE and forward to it. The end-to-end scheme implies that an IPsec SA

is established between the two NEs.

Node authentication is another important issue on traffic flow which can be

accomplished by using either pre-shared symmetric keys, or public keys [Harkins98].

The IPsec protocol shall always be Encapsulation Security Payload, given that it can

30

provide confidentiality and integrity protection as well.

SS7-based protocol

Fig. 2.16 NDS architecture for SS7-based and mixed SS7/IP-based protocols

NDS for SS7-based protocol is mainly founded at application layer. Application

data transport base on SS7 network or SS7 and IP network, it have to provide security

features at the application layer. The SAs for signaling protection at application layer

are negotiated by KAC, similarly to IP-based architecture.

Traditional network security features

Inter-network communication may base on the public Internet. Attackers can

take many actions when signals flow on Internet which introduces traditional

network security issue. Besides the security features in the 3G security

architecture, the operators can employ traditional network security tools make

core network more security. There are two complementary tools: firewalls and

VPNs.

Firewalls always established at border of core network. It can just allows

specific IP addresses flow in and out. Furthermore, Application firewalls prevent

direct access through the use of proxies for services, which analyze application

commands, perform authentication, and keeps logs.

Firewalls just can filter packets but without providing any confidentiality or

privacy, but VPNs are. VPN [Gleeson00] establishes a secure tunnel between two

points, encapsulates and encrypts data, and authenticates and authorizes user

access of the corporate resources on the network. The low cost and security make

VPN much appreciate employ on UMTS network.

6.2.4 3G User/Application Domain Security

The purpose of user domain security is to provide user using the UE securely. It

31

uses PIN code for user authentication. Application domain security provides the

mechanisms to ensure applications communicate with remote server safely, especially

in 3G environment.

6.2.4.1 User Domain security

User domain security [3GPPTS102] ensures secure access to the MS. UMTS

Integrated Circuit Card (USIM) play the important role on it. USIM represents and

identifies a user and is responsible for authentication on home environment.

In order to prevent invalid access to USIM, mobile user and USIM must share a

secret key (e.g. PIN). The user gets accesses after providing knowledge of the secret.

6.2.4.2 Application Domain security

Under 3G circumstance, there are more applications provide network services in

order to reach information on Internet. As a result, user application and service

provider have to communicate more and more often. The purpose of application

domain security is to provide security communication between users and service

providers. Besides 3G network security features, application domain security is

needed because the lower layer security features may not exist.

There are some tools for develop application reside on USIM (e.g. USIM

Application Toolkit) [3GPPTS111] which provides a number of basic security

mechanisms such as entity authentication, message authentication, replay detection,

sequence integrity, confidentiality assurance, and proof of receipt.

Wireless Application Protocol (WAP) is a suite of standards for delivery and

presentation of Internet services on wireless terminals. Limited bandwidth and

capacity of processing take into account when WAP protocol was developed. It is

very suitable for development applications on wireless environment. However, there

are fewer and fewer programmers employ WAP for development applications.

Currently, the WAP architecture has been standardized in two releases (versions

1.2.1 and 2.0) [Wireless Application Forum, WAP].

32

Secure Transmission in WAP 1.2.1

Fig. 2.17 WAP 1.2.1 Architecture

In WAP architecture, it needs a WAP gateway to transform wireless side message

format into IP network format and vice versa. When WAP device needs to transmit

data to Web server, WAP device have to setup a tunnel between WAP device and

WAP gateway for secure transmission. On the other hand, WAP gateway also needs

to create a tunnel between WAP gateway and Web server. The tunnel between WAP

device and WAP gateway employ Wireless Transport Layer Protocol (WTLS) which

is based upon the TLS protocol which has been optimized for use over narrow-band

communication channels providing also datagram support. It ensures data integrity,

privacy, authentication, and denial-of-service protection. The tunnel between WAP

gateway and Web server employs the TLS protocol. Because of the different secure

mechanisms used in these two tunnels, this scheme does not support end-to-end

security.

33

Secure Transmission in WAP 2.0

Fig. 2.18 WAP 2.0 Architecture

WAP 2.0 proceeds to the re-design of the WAP architecture by introducing the

existing Internet protocol stack, including the Transmission Control Protocol (TCP),

into the WAP environment. The tunnel can be established all the way from WAP

device to the Web server. It provides end-to-end security features. Another pros is that

two TCP versions can be applied on, one for wireless part, the other for wire part

which can improve performance in WAP 2.0.

6.2.5 3G security weakness and Security Issues

3G security features counteract many security threats in 2G system. 3G is much

securing than 2G system. There are many new features introduce in 3G. This section

will discuss what security threats were counteracted or not.

First of all, denial of service attacks, such as user de-registration request spoofing,

location update request spoofing are counteract in 3G circumstances because integrity

protection of critical signaling messages mechanism. However, attackers can setup a

modified BS/MS to entice mobile user to camp on it. The modified BS/MS relay

message between mobile user and real BS. The modified BS/MS can ignore certain

messages, such as paging, and make DoS attacks succeed. This attack is very difficult

to counteract effectively in any radio system.

There are many methods can be used in identity catching, including passive and

active identity catching. The attacker requires a modified BS and entices mobile user

camp on. The differences between passive and active identity catching is that passive

catching just waiting for mobile user send identify in clear text. Active identify

34

catching is that modified BS requests mobile user identify. However, neither passive

nor active identify catching methods do not work in 3G system because of identity

confidentiality which encryption key shared by a group of users to protect identify.

Attackers also can use the modify BS/MS to eavesdrop on user data by

suppression of encryption between mobile user and the core network. But, Message

authentication and replay inhibition of the mobile’s ciphering capabilities allow the

network to verify that encryption has not been suppressed by an attacker [3GTR900].

6.3 4G Security Investigation Results

This section describes the current research results of 4G. Due to the standards of

4G are on defining, we investigate the current research results from papers. By the

survey, some the features and issues of 4G can be illustrated, and are helpful to our

future studies.

6.3.1 Security Issues on 4G

Basically, 4G/B3G hope to provide a communication environment with seamless

connection service consists of integrating heterogeneous network, All-IP, multimedia

applications, and so on. Toward 4G and beyond 3G, there exist many security issues to

be resolved [Hui03][Fu04][Celentano06][O’Drama04][Dell'Uomo02] [McEvoy05]

[Zheng05] [Prasad05]. As follows, we list some important security issues on 4G/B3G.

Some of these issues have been investigating and getting some results as an important

reference.

� QoS and Security [Fu04][O’Drama04] [Dell'Uomo02] [Hui03]

-. Seamless integrated Mobility, QoS and Security

-. Delay across different networks for QoS

-. Privacy

� AAA for 4G [McEvoy05][Zheng05] [Dell'Uomo02]

-. Heterogeneous Network

� Mobile IPv6 with inherent problems of IP [Celentano06]

[Dell'Uomo02]

� Security and Handover [Celentano06] [Prasad05] [Dell'Uomo02]

6.3.2 The Research Results of 4G Security

As 4G has not yet reached in industry and standard, many researches on security

issues on 4G as described in section 3.1 have been doing progressively. Several

research results have proposed from prior papers. In this section, we introduce several

results about these security issues, specially issues resulted from heterogeneous

network.

35

6.3.2.1 An approach on QoS and Security

In this section, we introduce an approach on QoS and Security proposed by

Xiaoming Fu [Fu04]. He propose a system architecture for QoS and Security in 4G,

which integrates QoS and AAA mechanism. As we know, traditional AAA is not

suited for mobility. AAA of 4G needs more efficient and scalable; QoS needs

hop-by-hop way of dynamic key establishment. He illustrates several QoS and

Security issues as Fig. 3.1:

. Problems on routing optimization between CN and MN,

. How to make sure quality guarantee on delay for QoS,

. How to integrate QoS with AAA.

Fig. 3.1 Illustration of routing on for mobility

In Fu’s approach illustrated as Fig. 3.2, his SeaSoS architecture allow modify

network attributes using dynamic plug-in, or re-configure parameters in order to

interact with heterogeneous networks as :

• QoS Protocol :RSVP + NSIS-QoS,

• AAA protocol :Diameter + COPS,

• HMIPv6 + MIPv6

In the SeaSoS, IETF Authentication protocol :EAP is chosen as authentication

protocol with the EAP suited to mobility. The architecture can also achieve the

Seamless Access. The architecture can achieve QoS and Security requirements with

seamless access. As this architecture applies RSVP, it can prevent Denial of Service

36

(DoS) attack.

MN nAR AAAL CR AAAH HA

Start

EAP

EAP

AAA(Diameter)

RSVP

SeaSoS

Fig. 3.2

The SeaSoS operation procedure

6.3.2.2 An approach of Secure Mobile IPv6

In this section, we introduce an approach of secure Mobile IPv6 for B3G

Networks proposed by Celentano, and et. al. [Celentano06]. They propose a system

architecture for secure Mobile IPv6 for B3G Networks. They exposed several issues

of mobile IPv6 for B3G network.

Security Vulnerabilities of Mobile IPv6 and Return Routability Procedure

In mobile IPv6, when MN roams away from its HN, Neighbour Discovery

mechanism or Dynamic Host Configuration Protocol binds new address by sending

Binding Update (BU) message to HA. When handoff occurs in heterogeneous

network, Mobile IPv6 acquire a new CoA only, Security Association (SA) between

HA and MN is not impacted (MIPv6 Routing Header Type2 and Home address option

are transparent to IPSec SA). On the other hand, RRP (Return Routability Procedure)

mechanism is vulnerable to attacks along the path between the HA and the CN, where

a malicious node, aware of a session between MN and CN, might simulate a handoff

of the MN by sending fake HoTI and CoTI messages. Adversary can obtain Kbm and

send fake BU to CN or MN. Hence Mobile IPv6 on heterogeneous network will incur

an impersonation attack/Man-in-the-middle attack.

37

MN HA CN

HoTi

CoTi

HoT

CoT

RRP

Fig. 3.3

A RRP vulnerability

Celentano, and et. al. proposed a system architecture to resolve these insecure

issues of Mobile IPv6 for B3G Networks. As the SA is not impacted , the solutions to

resolve above man-in-the-middle attack are (a) BU should be updated in every

handoff , (b) on each path, IPSec or ESP is employed to protected the distribution of

keys. They proposed solutions described as follows.

(1). At set-up, Kbm distribute to MN and Cn within the body of the SIP 200

OK and ACK message, instead of RRP.

(2). Kbm can be generated by AAA Server.

(3). The distribution of keys is secured by IPSec and ESP between SIP user

(MN and CN) and P-CSCF.

6.3.2.3 A Trusted Computing-Based Security Architecture

4G exists some technology issues as providing great flexibility and mobility

which complex the security problem in turn. In this section, a Trusted

Computing-Based Security Architecture for 4G based on the PKBP scheme proposed

by Zheng [Zheng 05a][Zheng 05c].

38

Fi

g. 3.5 An illustration of PKI under different CA

As Fig. 3.5 illustrated, several authentication protocols have been proposed for

mobile IP, which can not employed directly in 4G with heterogeneous network, for

following reason.

• Symmetric key based protocol can not work for its poor scalability,

• Pure public key based protocol increase computational load

• It is impossible to take one CA for heterogeneous networks in 4G

• Hybrid scheme can not provide non-repudiation and be difficult for

ME to verify the signature of FA outside HN.

• It is very difficult for ME to verify the validity of BS’s public-key

certificate since ME and BS usually belongs to different CA.

• It is hard to achieve mutual authentication between ME and FA, and

ME is vulnerable to be cheated by forged BS/FA.

A Trusted Computing-Based Security Architecture with PKBP scheme proposed by

Zheng can be a feasible solution for 4G with heterogeneous network. In Fig. 3.3, we

shows how does the A Trusted Computing-Based Security Architecture work.

39

CA11 CA12CA31 CA32

RCA1RCA2 RCA3

BCA1

BCA2 BCA3

HA1 AAA1

HA2AAA2

HA4AAA3

HA5 AAA4

Fig.

3.6 Hybrid PKI model of PKBP

In this scheme, a hierarchical trust model is employed 4G with heterogeneous

network.. Every radio networks has a root CA (RCA), and different networks are

connected with bridge CA (BCA). Each CA employed PKI and X.509. As Fig. 7

described, every HA broadcast its PKH, IDH, IPv6 address and those parameters by

upper layer CA.

1 2

34

5 6

PKI Based on Hybrid Trust model

ME

FA

(HA5) AAAH

(AAA2)

CCAH CCFA

Fig.

40

3.7 Authentication protocol of PKBP

When the ME roams to the area belong HA5 outside from HA, An PKBP

authentication communications are performed by upper layer CA. The PKBP scheme

achieved :

(a). Authentication on heterogeneous networks

(b), Against the man-in-the-middle attack

(c ).Mutual authentication

(d). Anonymity and Non-repudiation

(e). Security of key agreement

The Trusted Computing-Based Security Architecture linked up PKBP scheme is

applicable for 4G. It is convenient to globe mobility and flexible scalability. It will be

a feasible solution for 4G with heterogeneous network.

41

6.4 Discussion & Conclusion With our wireless service needs of wireless network, it causes the rapid growth

of wireless network service and its technologies, and wireless device becomes basic

appliances for contemporary people. As known by this report, 3GPP provided more

security mechanisms than 2G such as mutual-authentication, stronger confidentiality

and integrity, …etc. 3G still exists some security problems, for example, privacy, DoS,

plaintext of IMSI, ….etc., for providing more secure communication. On the view

points of future trend, the convergence of heterogeneous networks, for example, 4G, is

an important issues. Some of issues about the convergence, for example, seamless

service, high mobility, QoS,…, ect, have to be further investigated. All-IP have been a

necessary environment in the future communication and network. Some issues about

all-IP for 4G also have to be further resolved.

42

References [3GPPTS120] 3GPP TS 33.120 V4.0.0 Technical Specification.

[3GPPTR900] 3GPP TR 33.900 V1.2.0 Technical Specification.

[3GPPTS102] 3GPP TS 33.102 V7.1.0 Technical Specification.






[3GPPTS002a] 3GPP TS 23.002 V3.6.0, Network Architecture, Release ’99, Sept.

2002.

[3GPPTS002b] 3GPP TS 23.002 V4.5.0, Network Architecture, Release 4, Sept.

2002.

[3GPPTS002c] 3GPP TS 23.002 V5.8.0, Network Architecture, Release 5, Sept. 2002.

[Barba93] Barba, A., Recacha, F. and Melus, J.L., “Security architecture in the third

generation networks,” Proceedings of IEEE Singapore International Conference on

Networks, 1993. International Conference on Information Engineering '93.

'Communications and Networks for the Year 2000', Volume 1, PP. 421-425 , Sept.

1993.

[Celentano06] D. Celentano, A. Fresa; M. Longo, F. Postiglione, A.L. Robustelli,

“Secure Mobile IPv6 for B3G Networks,” SoftCOM 2006. International Conference

on Software in Telecommunications and Computer Networks, PP. 331–335, Sept.

2006.

[Dell'Uomo02] Dell'Uomo, L.; Scarrone, E., “An all-IP solution for QoS mobility

management and AAA in the 4G mobile networks,” The 5th International Symposium

on Wireless Personal Multimedia Communications, 2002, Volume 2, PP. 591 – 595,

Oct. 2002.

[Fu04] Xiaoming Fu, Dieter Hogrefe, Sathya Narayanan, Rene Soltwish, “Qos and

Security in 4G Networks,” Proceedings of the first annual global mobile congress,

Shanhai, China, Oct. 2004.

[Gleeson00] B. Gleeson, A. Lin, J. Heinanen, G. Armitage, A. Malis, A Framework for

IP Based Virtual Private Networks, RFC 2764, Feb 2000.

[GSM03.60] GSM 03.60, GPRS, Service Description, Stage 2. 1998.

[Hui03] Suk Yu Hui; Kai Hau Yeung, “Challenges in the migration to 4G mobile

systems, ” IEEE Communications Magazine, Volume 41, PP. 54 – 59, Dec. 2003.

[Harkins98] D. Harkins, D. Carrel, The Internet Key Exchange (IKE), RFC 2409, Nov.

1998.

[ITU] ITU:Security in Telecommunications and Information Technology – Oct. 2004

43

http://www.itu.int/itudoc/itu-t/86435.html

[Joseph06] Joseph, V.C.and Talukder, A.K.;” Verifiable AKA for beyond 3G wireless

packet services,” 2006 IFIP International Conference on Wireless and Optical

Communications Networks, pp. 11-13 Apr. 2006.

[Kent98] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, RFC

2401, 1998.

[O'Droma 04] Ganchev, I., O'Droma, M., Chaouchi, H., Armuelles, I., Siebert, M.,

Houssos, N., “Requirements for an integrated system and service 4G architecture,”

VTC 2004-Spring. 2004 IEEE 59th Vehicular Technology Conference, 2004, Volume

5, PP. 3029 – 3034, May 2004.

[wiki, Cdma] http://en.wikipedia.org/wiki/Cdma.

[wiki, 3G] http://en.wikipedia.org/wiki/3G.

[Wireless Application Forum, WAP] Wireless Application Forum (WAP), WAP

Specifications, URL: http://www.wapforum.org/what/technical.htm.

[Zhang05] Muxiang Zhang and Yuguang Fang; “Security analysis and enhancements

of 3GPP authentication and key agreement protocol,” IEEE Transactions on Wireless

Communications, Vol. 4, No. 2, PP. 734-742, Mar. 2005.

[Zheng05a] Yu Zheng, Dake He; Lixing Xu and Xiaohu Tang, “Security scheme for

4G wireless systems,” Proceedings. 2005 International Conference on

Communications, Circuits and Systems, Vol. 1, Page(s):397 – 401, May 2005 .

[Zheng05b] Yu Zheng, He, D., Xiaohu Tang and Hongxia Wang, “AKA and

Authorization Scheme for 4G Mobile Networks Based on Trusted Mobile Platform,”

2005 Fifth International Conference on Information, Communications and Signal

Processing, PP. 976 – 980, Dec. 2005.

[Zheng05c] Yu Zheng, Dake He, Weichi Yu and Xiaohu Tang, “Trusted

Computing-Based Security Architecture For 4G Mobile Networks,” PDCAT 2005.

Sixth International Conference on Parallel and Distributed Computing, Applications

and Technologies, 2005, PP. 251 – 255, Dec. 2005.

Documents

3G-4G Sercurity