Embed Size (px)
Citation preview
March 2004
Colin Blanchard, BTSlide 1
doc.: IEEE 802.11-04/0408r0
Submission
3GPP WLAN Interworking Security
Colin BlanchardBritish Telecommunications
(WNG-SC)18th March 2004
March 2004
Colin Blanchard, BTSlide 2
doc.: IEEE 802.11-04/0408r0
Submission
Summary
• 3GPP IEEE 802.11 Interworking Scenarios • Architecture Reference Point Definitions• Security Requirements• The authentication and link layer key
generation Scheme • UE initiated tunnels• Securing the authentication and link layer
key generation application.
March 2004
Colin Blanchard, BTSlide 3
doc.: IEEE 802.11-04/0408r0
Submission
WLAN Interworking• The 3GPP approach to IEEE 802.11 WLAN
inter- working is based on the concept of gradually adding more functionality and increasing user experience by defining and then successively working on a number of interworking scenarios.
March 2004
Colin Blanchard, BTSlide 4
doc.: IEEE 802.11-04/0408r0
Submission
Interworking Scenarios for Release 6
• Scenario 2 provides authentication, authorisation and accounting (AAA) by the 3GPP platform. – Ensures that the security level of these AAA functions
applied to IEEE 802.11 WLAN is in line with that of the 3GPP platform.
– Ensures that the user does not see significant difference in the way access is granted.
– Provides a means for the network operator to charge for access in a consistent manner over the two platforms.
March 2004
Colin Blanchard, BTSlide 5
doc.: IEEE 802.11-04/0408r0
Submission
Interworking Scenarios for Release 6
• Scenario 3 allows the operator to extend 3GPP system PS based services to the IEEE 802.11 WLAN. These services may include:– GPRS Access Point Names, – Internet Multimedia Subsystem (IMS) based services,
• Location Based services, • Presence based services,• Instant messaging,
– Multimedia Broadcast and Multicast Services (MBMS) • Video Streaming
March 2004
Colin Blanchard, BTSlide 6
doc.: IEEE 802.11-04/0408r0
Submission
Reference Point Definitions
Ww
3GPP Home Network
WLAN Access Network
WLANUE
3GPP AAAServer
Packet DataGateway
HSS
HLR
CGw/CCF
OCS
D' / Gr'
Wf
Wo
Intranet / Internet
3GPP Visited Network
3GPP AAAProxy
CGw/CCF
WAGWn
WaWf
Wd
Wp
Wm
Wi
Wx
Sce
nario
3
Wg
Wu
March 2004
Colin Blanchard, BTSlide 7
doc.: IEEE 802.11-04/0408r0
Submission
Reference points of interest to WNG
• Ww – connects the WLAN UE to the WLAN Access Network per
IEEE 802.specifications i.e. IEEE 802.11i.
• Wn:– reference point between the WLAN Access Network (AN)
and the WAG. forces traffic on an WLAN UE initiated tunnel to travel via the Wireless LAN Access Gateway (WAG).
• Wu– Represents the IEEE 802.11 WLAN UE-initiated tunnel
between the IEEE 802.11 WLAN UE and the Packet data Gateway (PDG).
March 2004
Colin Blanchard, BTSlide 8
doc.: IEEE 802.11-04/0408r0
Submission
3GPP TS 33.234 specification
• Defines security features and mechanisms that are necessary to counter identified vulnerabilities:– Authentication of the subscriber and the network and
Security Association Management in scenario 2– User Identity Privacy in WLAN Access in scenario 2– Re-authentication in WLAN Access in scenario 2– Confidentiality and Integrity protection in scenario 2
and 3– Security Association Management for UE-initiated
tunnels in scenario 3
March 2004
Colin Blanchard, BTSlide 9
doc.: IEEE 802.11-04/0408r0
Submission
Security Requirements
• 14 requirements defined e.g. • The authentication scheme shall be based on a mutual
challenge response protocol.
• The subscriber should have at least the same security level for WLAN access as for their current cellular access subscription.
• 3GPP systems should provide the required keying material with sufficient length and the acceptable levels of entropy as required by the IEEE 802.11 WLAN subsystem.
• The IEEE 802.11 WLAN technology specific connection between the WLAN-UE and IEEE 802.11 WLAN AN shall be able to utilise the generated session keying material for protecting the integrity of an authenticated connection.
March 2004
Colin Blanchard, BTSlide 10
doc.: IEEE 802.11-04/0408r0
Submission
The authentication scheme (Scenario 2)
UE WLAN 3GPP AAA
server HSS / HLR
1. WLAN Connection Setup
5. Diameter Access Accept
6. EAP / Success
2. EAP Request / Identity
3. EAP Response / Identity
[User ID in NAI format]
2. Necessary amount of EAP Request & EAP Response message exchanges between UE and 3GPP AAA Server as specified in the utilised EAP type.
3. Authentication info retrieval from HSS if info not yet available in 3GPP AAA server
4. Subscriber profile retrieval from HSS if info not yet available in this 3GPP AAA server. Authentication info retrieval from HSS if info not yet available in 3GPP AAA server
7. WLAN Registration to HSS if WLAN user not yet registered to this 3GPP AAA Server
[Keying material and authorisation information within Diameter message]
March 2004
Colin Blanchard, BTSlide 11
doc.: IEEE 802.11-04/0408r0
Submission
USIM application based authentication
• Proven solution that satisfies the authentication requirements
• This form of authentication is based on EAP-AKA . (proposed rfc)
• 16 detailed steps for the EAP-AKA procedure defined in TS33.234
March 2004
Colin Blanchard, BTSlide 12
doc.: IEEE 802.11-04/0408r0
Submission
SIM based authentication
• As an alternative, SIM based authentication is useful for GSM subscribers that do not have a UICC with a USIM application. – The IEEE 802.11 WLAN UE and AAA server
must support both EAP AKA and EAP SIM methods and TS33.234 specifies a procedure to allow the HSS to select the method
March 2004
Colin Blanchard, BTSlide 13
doc.: IEEE 802.11-04/0408r0
Submission
User Identity Privacy
– Used to avoid sending any clear text permanent subscriber identification information which would compromise the subscriber’s identity and location on the radio interface. • Temporary Identities (Pseudonyms or re-
authentication identities) are generated as some form of encrypted IMSI.
• Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode of operation with 128-bit keys is used for this purpose.
March 2004
Colin Blanchard, BTSlide 14
doc.: IEEE 802.11-04/0408r0
Submission
Fast Re-authentication
• When authentication processes have to be performed frequently, it can lead to a high network load especially when the number of connected users is high. It is more efficient then to perform fast re-authentications. – The re-authentication process allows the IEEE 802.11
WLAN-AN to authenticate a certain user in a lighter process than a full authentication, making use of stored keys derived on the previous full authentication.
– The simplified process takes 9 steps instead of the previous 16.
March 2004
Colin Blanchard, BTSlide 15
doc.: IEEE 802.11-04/0408r0
Submission
Confidentiality Protection (Scenario 2)
• When the WLAN link layer is based on IEEE 802.11 then the confidentiality mechanisms of IEEE 802.11i is used. – EAP/AKA and EAP/SIM specify how the key
material required for the link layer confidentiality mechanism is obtained from the master session key MSK.
March 2004
Colin Blanchard, BTSlide 16
doc.: IEEE 802.11-04/0408r0
Submission
Integrity Protection (Scenario 2)
• When the WLAN link layer is based on IEEE 802.11 then the integrity mechanisms of IEEE 802.11i are used. – EAP/AKA and EAP/SIM specify how the key
material required for the link layer integrity mechanism is obtained from the master session key MSK.
March 2004
Colin Blanchard, BTSlide 17
doc.: IEEE 802.11-04/0408r0
Submission
UE initiated tunnel(Scenario 3)
• Having established an authenticated link with the Access Point, user traffic is tunnelled to the home network via the Wu interface.
• This is known as a UE initiated tunnel and differentiates the functionality available in scenario 3 from scenario 2.
March 2004
Colin Blanchard, BTSlide 18
doc.: IEEE 802.11-04/0408r0
Submission
Tunnel set-up procedure
• The tunnel endpoints, the UE and the PDG, are mutually authenticated when setting up the tunnel. – The tunnel set-up procedure results in security
associations– These are used to provide confidentiality and
integrity protection, if required, for data transmitted through the tunnel.
March 2004
Colin Blanchard, BTSlide 19
doc.: IEEE 802.11-04/0408r0
Submission
Confidentiality and Integrity Protection (Scenario 2)
• IPSec ESP protects the confidentiality and Integrity of IP packets sent through a tunnel between the UE and the Packet Data Gateway (PDG)
• The IEEE 802.11 WLAN UE and the PDG use IKEv2, in order to establish IPSec security associations.
• Public key signature based authentication with certificates, as specified in [ikev2], is used to authenticate the PDG.
• EAP-AKA within IKEv2 is used to authenticate IEEE 802.11 WLAN UE's, which contain a USIM or EAP-SIM for WLAN UE's, which contain a SIM and no USIM.
March 2004
Colin Blanchard, BTSlide 20
doc.: IEEE 802.11-04/0408r0
Submission
Securing the EAP/AKA or EAP/SIM application
• It cannot be assumed that the IEEE 802.11 WLAN device has the space and an interface to support a UICC card, so 3GPP SA3 have proposed that either:
March 2004
Colin Blanchard, BTSlide 21
doc.: IEEE 802.11-04/0408r0
Submission
USB connection
• The UICC card with SIM or USIM application can be connected to IEEE 802.11 WLAN UE via the standard USB port. – This means that the user requires 2 UICC's or if only
one UICC, that it is removed from the mobile phone for the duration of the WLAN access session meaning that the user is restricted from making or receiving calls over their mobile phone.
March 2004
Colin Blanchard, BTSlide 22
doc.: IEEE 802.11-04/0408r0
Submission
Bluetooth Connection
• A better alternative is where the UICC card resides in a 3GPP UE and the USIM or SIM application can be accessed by IEEE 802.11 WLAN-UE through Bluetooth.
• This would facilitate the user with the ability to get simultaneous access on IEEE 802.11 WLAN and 3GPP networks with the same UICC
March 2004
Colin Blanchard, BTSlide 23
doc.: IEEE 802.11-04/0408r0
Submission
U(SIM) reuse on local interfaces
AAA Server
HSS /HLR
WLAN AN
UMTS Terminal
USIM
SGSN MSC /VLR
Bluetooth Interfaces
USB Local Interface
WLAN Interfaces
(U)SIM Re-use on Local Interfaces using Peripheral devices for WLAN authentication in 3G-WLAN Interworking
3GPP Core Network
GPRS Card SIM
PDA with WLAN
GSM Terminal
SIM
Notebook PC with WLAN
Notebook PC with WLAN
3GPP RAN
GSM GPRS WLAN
Terminal
SIM
March 2004
Colin Blanchard, BTSlide 24
doc.: IEEE 802.11-04/0408r0
Submission
References• 3G Security; Wireless Local Area Network
(WLAN) Interworking Security(Release 6) TS33.234 draft V1.0.1 http://www.3gpp.org/ftp/Specs/archive/33_series/33.234/33234-101.zip
• TR 33.817 Feasibility study on (Universal) Subscriber Interface Module (U)SIM security reuse by peripheral devices on local interfaces. http://www.3gpp.org/ftp/Specs/archive/33_series/33.817/33817-112.zip
March 2004
Colin Blanchard, BTSlide 25
doc.: IEEE 802.11-04/0408r0
Submission
Summary and Future plans
• TS33.234 planned for approval on 18th March 04 • Ongoing work
– Optimal distribution of EAP/AKA functions and parameters between the UICC and the IEEE 802.11 WLAN-UE and their persistence, taking account: • The security protection of the parameters in storage and transfer,
for example the PIN used to protect these from access • Performance when first accessing and moving between networks• Compatibility with existing IEEE 802.11 WLAN Client
software.
• Will require close cooperation with IEEE 802.11
