1

LTE SecurityLTE Security Threats, attacks and protection mechanismsThreats, attacks and protection mechanisms

11 IntroductionIntroduction LTE(LongTermEvolution)istheevolutionoftheUTRAN(UniversalTerrestrialRadio

AccessNetwork)toE-UTRAN(EvolvedUTRAN)tosupportahigh-data-rate,low-latency,packet-optimizedradioaccesstechnology.ThisdocumentprovidesanoverviewofthesecurityaspectsoftheVerizonWirelessLTEimplementation.TheVerizonWirelessLongTerm Evolution (LTE1) 4th generation (4G) data network will provide significantlyincreased user data throughput in both the downlink (network tomobile) and uplink(mobile to network) direction, decreased latency, and increased total network trafficcapacity. Additionally, the LTE network will be deployed with features required forfuturesupportofmediaservices,includingVoIP,Video,andotherenhancedservices.

Theadjacentfiguredepictsthelogicalstructureofanetworkthatimplements3GPPspecifications.ThecorenetworkthatsupportsLTEiscalledtheEPC(EvolvedPacketCore).TheEPC/LTEarchitecturecomprisesaradiodomainandapacketcoredomainwhichhasmultipleinterfacestotheusermanagement,circuitcoreandIMSdomains.Inadditiontotheseinterfaces,thepacketcoremayalsoconnectdirectlytootherIPnetworks.

Whereas GSM/UMTS-based operators have a natural evolution to LTE, many CDMA-basedmobileoperatorshavealsodecidedtoevolvetotheLTEspecification.

TheCDMAoperator LTE implementationwill support severalnewcapabilities thatarenotcurrentlypresentintheircurrentdatanetworks.Thesenewcapabilitiesinclude:

• DataroamingcapabilitieswithGSM-baseddatanetworks

• SupportforIPv6baseddataconnections

• SIM-baseddeviceportableusercredentials

1 Also known as evolved Universal Terrestrial Radio Access (eUTRA)

2

LTEoperates inanewly licensed frequencybandat700MHzand includes certainopen access requirements to support “any device, any application”. This approachrequires operators to publish device specifications for suppliers in order to allow anydevice that meets these requirements to access the network. Furthermore it isexpected that theoperatorwillhave toallowsubscribers (including roamingusers) touse any application on theirdevices as long as it does notimpactthenetwork.

LTE provides a new fourthgeneration data network forVerizon Wireless. LTE willprovide users with muchhigher throughput, up to12Mbs in the network tomobile direction (downlink)and 5Mbs in the mobile tonetworkdirection(uplink).LTEwillprovidelowerdatatrafficlatency.LTEiscompatiblewiththe3GPPstandardsandprovidesadditionalopportunitiesforroamingwithglobalGSM-basedpartnernetworks.

TheincreasedthroughputandlowerlatencycombinetomakeLTEsuitableforavarietyof advanced features and applications, including VoIP services and multimediaapplications.Inaddition,LTE’sincreasedcapabilitiesallowforaricherexperienceusingexisting connected laptop (BBA), PDA and ultimately feature phone applications. LTEPhase 1 is expected to be followed by further development of the LTE Network tosupporttheseadditionalservices.

22 Architecture overviewArchitecture overview TheEPCarchitectureisprimarilyfocusedonprovidingIPconnectivityoverLTEaccess.ThetwomainprinciplesguidingthedesignoftheEPCarchitecturearea'flat'architectureforoptimizedusertrafficandseparationofthesignalingfromtheusertraffic.A‘flat’architectureimpliesthataminimalnumberofnodesareinvolvedintheprocessingoftheuserdata,therebyreducingcostsandincreasingefficiency.Theseparationofsignalingandusertrafficwasconsiderednecessaryduetodifferentscalingconcerns.Thescalingofsignalingdataisafunctionofthenumberofusersaccessingthenetwork,whereastheuserdatascalingtypicallyoccursasafunctionofnewservicesthataredeployedonthenetwork.ThefollowingtableprovidesalistoftheLTE/EPCcomponents.

Component Description/Function

3

Component Description/Function

UE UserEquipment,3G/4GHSS HomeSubscriberServiceAAA Authentication,AuthorizationandAccountingfunctionPCRF PolicyControlResourceFunctionPGW PacketDataNetworkGatewayHSGW HRPDServingGatewaySGW ServingGatewayMME MobilityManagementEntityeNB ENodeB(basestation)FOTA FirmwareOverTheAirDNS DomainNamingService

ThefollowingsubsectionsprovidefurtherdetailsoneachelementintheLTE/EPCimplementation.

2.12.1 UUU EEE ///UUU IIICCC CCC TheUniversal IntegratedCircuit Card (UICC)maintains subscriber andnetwork

information(e.g.,authenticationcredentials,encryptionkeys)tosupportsignalinganddatasecurityfunctionssuchasauthenticationandconfidentiality.Insomecasesaone-to-one association between the UICC and the Mobile Equipment (ME) can beestablishedandconstitutetheUserEquipment(UE)(e.g.,cell-phone)butinothercasestheUICCmaynotbedirectlyassociatedwiththeME(e.g.,laptopusingaUSBwithUICC).

AUICCmayincludeseveralapplications(USIM,ISIM,CSIMandSIM)2inordertosupportaccesstodifferentnetworks(e.g.,CDMA/GSM).Inimplementation(UMTS)theUICCcontainsaUSIM(UniversalSubscriberIdentityModule)applicationwhichmanagesthesubscribercredentialsalongwithanISIM(IPmultimediaServices IdentityModule)toprovideaccesstotheIMScore(VoRAservices).Inaddition,itmayalsocontainaCSIM(CDMASIM)toprovideaccesstotheCDMAnetwork.VerizonWirelesshaschosennottoimplementthisfeature.ThisThreatAnalysisfocusedonUSIMthreatsandassociatedcontrols.

TheUSIMholdsthemasterpre-sharedkey(whichisalsomaintainedbytheAuC)which is used to derive sub-keys for session integrity, authentication and encryption(e.g.,IKandCK).

2 A UICC which maintains a USIM, SIM and CSIM applications is called R-UIC (removable user identity card).

4

2.22.2 MMM MMM EEE ((( MMM ooo bbb iii lll iii ttt yyy MMM aaa nnn aaa ggg eee mmm eee nnn ttt EEE nnn ttt iii ttt yyy))) TheMMEistheprimarynodethat intermediatesaccesstotheLTEnetworkby

interactingwiththeHSSandrelayingauthenticationcredentialsreceivedfromtheUE.The MME is responsible for idle mode UE tracking and paging procedures includingretransmissions. It is involved in thebeareractivation/deactivationprocessand isalsoresponsibleforselectingthecorrespondingSGWforaUEduringtheinitialattachmentandduring intra-LTEhandover involvingCoreNetwork(CN)noderelocation.TheNon-Access Stratum (NAS) signaling terminates at theMME and it is also responsible forgenerationandallocationoftemporaryidentitiestoUEs.Itcheckstheauthorizationofthe UE to camp on the service provider’s Public Land Mobile Network (PLMN) andenforcesUEroamingrestrictions.TheMMEistheterminationpointinthenetworkforciphering/integrity protection for NAS signaling and handles the security keymanagement.LawfulinterceptionofsignalingisalsosupportedbytheMME.TheMMEalso provides the control plane function formobility between LTE and 2G/3G accessnetworkswiththeS3interfaceterminatingattheMMEfromtheSGSN.TheMMEalsoterminatestheS6ainterfacetowardsthehomeHSSforroamingUEs.

2.32.3 eee NNN ooo ddd eee BBB TheevolvedRAN for LTEconsistsofa singlenode, i.e., theeNodeB (eNB) that

interfaceswiththeUE.TheeNBhoststhePHYsical(PHY),MediumAccessControl(MAC),Radio Link Control (RLC), andPacketDataControl Protocol (PDCP) layers that includethefunctionalityofuser-planeheader-compressionandencryption.ItalsooffersRadioResource Control (RRC) functionality corresponding to the control plane. It performsmany functions including radio resourcemanagement, admission control, scheduling,enforcementofnegotiatedULQoS,cellinformationbroadcast,ciphering/decipheringofuser and control plane data, and compression/decompression of DL/UL user planepacketheaders.

2.42.4 SSS GGG WWW TheSGW (ServingGateway) routesand forwardsuserdatapackets,whilealso

actingasthemobilityanchorfortheuserplaneduringinter-eNBhandoversandastheanchorformobilitybetweenLTEandother3GPPtechnologies(terminatingS4interfaceandrelayingthetrafficbetween2G/3GsystemsandPDNGW).For idlestateUEs, theSGWterminatestheDLdatapathandtriggerspagingwhenDLdataarrivesfortheUE.Itmanages and stores UE contexts, e.g. parameters of the IP bearer service, networkinternal routing information. It also performs replication of the user traffic in case oflawfulinterception.

5

2.52.5 HHH SSS GGG WWW

TheHSGWprovides interworkingbetween theHRPDaccessnodeand thePacketDataNetworkGateway(PGW),akeyelementoftheSAE/EPCnetwork.Insomenetworkinstances,theexistingPDSNcanbeintegratedwithorupgradedtotheHSGWwhiletheexistingHAcanbeintegratedwithorupgradedtothePGW(orprovidedasaseparatenode).

2.62.6 PPP GGG WWW The PDN GW (Packet Gateway) provides connectivity to the UE to external

packetdatanetworksbybeingthepointofexitandentryoftrafficfortheUE.AUEmayhave simultaneous connectivity with more than one PDN GW for accessing multiplePDNs. ThePGWperformspolicy enforcement, packet filtering for eachuser, chargingsupport,lawfulInterceptionandpacketscreening.AnotherkeyroleofthePDNGWistoact as the anchor for mobility between 3GPP and non-3GPP technologies such asWiMAXand3GPP2(CDMA1XandEvDO).

The PGW provides interfaces to Lawful Intercept (CALEA) functionality andunauthorizedaccesstothisinterfacemayallowattackerstoperformvariousattacksbymanipulating the protocol to obtain traffic, identify intercepted parties among othertypes of malicious activity. It is therefore critical to protect this interface usingauthenticationandconfidentiality.

2.72.7 HHH SSS SSS --- AAA AAA AAA TheHSS-AAA(HomeSubscriberServer)supportssubscriberrelatedfunctions

including,MobilityManagement,Calland/orsessionestablishmentsupportandauthenticationprocedurestoaccesstheIMsubsystemservicesbystoringthegenerateddataforauthentication,integrityandcipheringandbyprovidingthesedatatotheappropriateentityintheIMSnetwork(i.e.,AAAServerorCSCF).

2.82.8 PPP CCC RRR FFF ThePCRF(PolicyControlandChargingRulesFunction)supportspolicycontrol

decisionandflowbasedchargingcontrolfunctionalities.ThePCRFalsoprovidesnetworkcontrolregardingtheservicedataflowdetection,gating,QoSandflowbasedcharging.

2.92.9 FFF OOO TTT AAA FirmwareOverTheAirprovidestheabilitytoperformupdatesandprovisioning

tasksontheUE/UICCfirmware.AllcontrolcommunicationanddatatransfersareexpectedtobeperformedoverauthenticatedHTTP(S)sessions.ThesesessionsusePSK-TLS(PreSharedKeyTransportLayerSecurity).ThisprotocolrequiresthataTLSkeybesharedbetweentheUEandtheFOTAserverandtheTLSsessionisthennegotiated

6

basedonthiskey.ThisschemeprovidesmutualauthenticationtoensurethatrogueUEsdonotgetfirmwareupdatesandpackages.

2.102.10 DDD NNN SSS BoththeGPRSsystem(precursortoLTEonGSMnetworks)andtheIPMultimedia

Subsystem(IMS)in3GPPusesDNSextensively.TheEPScontinuesthisandexpandsDNSusagetoincludenodeselection.TheusageofDNSimprovestheselectionprocessasvariouscriteriacanbeusedasinputtotheprocesswhilealsomakinginter-operatoroperationsmoreflexible.InEPS,theDNSserversareusedtostoreinformationonthemappingbetweentheAPN,theprotocol(PMIP/GTP)andPDNGW.ItalsomapstheTAIandServingGW.TheDNScanalsobeconfiguredtoprovideinformationoncollocatednodesandtopologicalandgeographicalproximitybetweendifferentnodes.

33 LTE Security OverviewLTE Security Overview SecurityintheEPSisdefinedwithinthecontextofthefollowinggroupsordomains;Networkaccesssecurity,Networkdomainsecurity,Userdomainsecurity,ApplicationdomainsecurityandVisibilityandconfigurabilityofsecurity.Inadditiontotheseareas,node/componentsecurityisanothercriticalareawithinthesecurityframework.

Networkaccesssecurityprimarilydealswithsecurityfeaturesthatprovidesecureaccesstousers.Thisincludesmutualauthenticationandprotectionofsignalingandmediatraffic(confidentialityandintegrity).Networkdomainsecurityreferstofeaturesthatensuresecuretransferofdatabetweennetworkelementsandprotectionsagainstattacksonthenetworkthatconnectsthesenodes.Userdomainsecurityrelatestothesecurityfeaturesofaccesstoterminals(UE),suchasPINcodesandpasswords.ApplicationdomainsecurityreferencestheapplicationsthatrunonthenetworkincludingHTTPforwebaccessorIMS.VisibilityandconfigurabilityisthemethodbywhichtheUEinforms

7

theuserwhethercertainprotectionsareturnedonorareconfiguredonthenetwork.Configurabilitypermitstheusertoconfiguresecurityfeaturestopermitordenyoperationsbyapplications.Nodesecuritypertainstothesecurityoftheunderlyingoperatingsystemandservicesthatareconfiguredonaparticularnode.Thisalsoincludesmalicioussoftwareandphysicalsecurity(suchasaccesstoradionetworkelementsinaremotelocation).ThedifferentdomainswithinthesecurityframeworkoftheLTE/EPCensurethatpropercoverageisprovidedfordifferenttypesofattackvectors.Awellthoughtoutsecurityarchitectureemphasizestheconceptofdefenseindepthandthedomainmodelisintegralinimplementingthisconcept.

8

3.13.1 NNN eee ttt www ooo rrr kkk AAA ccc ccc eee sss sss SSS eee ccc uuu rrr iii ttt yyy

NetworkaccessisacriticalcomponentofthesecurityframeworkwithintheLTEarchitecture.ThesecurityfeaturessupportedinE-UTRANhavethefollowingcharacteristics:

• MutualauthenticationbetweenUEandthenetwork.• Keyderivationtocreatekeysforcipheringandintegrityprotection.• Encryption,integrityandreplayprotectionofNASsignalingbetweenUE

andMME.• Encryption,integrityandreplayprotectionofRRCsignalingbetweenUe

andeNodeB.• EncryptionoftheuserplanetrafficbetweenUEandeNodeB.• UseoftemporaryidentitiestoavoidsendingthepermanentID(IMSI)over

theradiolink.MutualauthenticationinE-UTRANisenabledbytothepresenceofasecretkeyKinboththeUSIMcardandthenetwork(specificallytheAuC).Onceconfigured,thekeyneverleavestheUSIMortheHSS/AuC.Thekeyitselfisnotusedtoprotectanytraffic,ratheritisusedtogenerateotherkeysthatprovideencryptionandintegrityforthecontrolplaneanduserplanetraffic.

Figure 1 E-UTRAN Security Features

9

WhentheUEattachestotheEPS,theUEsendsitsIMSItotheMME.Tomutually

authenticate,theMMErequeststheEPSauthenticationvector(AV)fromtheHSS/AuC.TheHSS/AuClooksupthesharedkey(K)andasequencenumber(SQN)usingtheIMSI.TheAUCincrementstheSQNandgeneratedarandomchallenge(RAND).Takingtheseparametersandthesharedkey(K)asinputtothecryptographicfunctionstheAViscreated.Itconsistsoffivevalues–anexpectedresult(XRES),anauthenticationtoken(AUTN),twootherkeys(CKandIK)andtherandomchallenge(RAND).Subsequently,anewkeyKASMEisgeneratedbasedontheCK,IKandtheServingNetworkidentity(SNID).TheSNIDincludestheMobileCountryCode(MCC)andtheMobileNetworkCode(MNC)oftheservingnetwork.Thisprovidesfurtherkeyseparationsothatakeyfromoneservingnetworkcannotbemisusedinadifferentnetwork. TheAVthatisprovidedtotheMMEconsistsoftheKASME,XRES,AUTNandRAND.MutualauthenticationisperformedbyusingtheXRES,AUTNandRAND.TheMMEkeepstheKASMEwhileforwardingRANDandAUTNtotheUE.TheUSIMthencomputesitsownAUTNusingthesharedkey(K)andcomparesitwiththeAUTNreceivedfromtheMME.Iftheymatch,thenetworkhasauthenticatedtotheUSIM.TheUSIMthencomputesaresponse(RES)usingthesharedkey(K)andthechallenge(RAND)asparameters.ThisvalueisthensenttotheMME.IftheRESvaluematchestheXRESthattheMMEreceivedfromtheHSS/AuC,theUEhasauthenticateditselftothenetwork,therebyachievingmutualauthentication.TheUEalsocomputesCK,IKandKASME.ThefollowingtypesoftrafficareprotectedbetweentheUEandE-UTRAN:

• RRC(Radio)SignalingbetweenUEandeNodeB• UserplanetrafficbetweenUEandeNodeB• NASsignalingbetweenUEandMME

AnumberofkeysarederivedfromtheKASMEforfacilitatingencryptionandintegrityprotectionforthistraffic.BoththeUEandtheMMEcomputethekeysKNASenc(encryption)andKNASint(integrity)toprotecttheNASsignaling.TheMMEalsoderivestheKeNBwhichissenttotheeNodeB.TheeNodeBfurtherderivesthekeyforencryptionoftheuserplaneKUPencandkeystoprotecttheRRCsignaling(KRRCencandKRRCint).TheUEderivesthesesamekeysastheeNodeB.Thekeyhierarchyisshowninthefigurebelow.

10

Figure 2 Key Hierarchy

Thecreationofmultiplekeysprovideskeyseparation,therebyprovidingbetterprotectionoftheunderlyingsharedsecretK. Tofacilitateidentityprotection,temporaryidentitiesareusewhereverpossiblesoastolimittheexposureoftheIMSIontheradiointerface.TheGUTI(GloballyUniqueTemporaryID)isaworldwideuniqueIDthatpointstoaparticularsubscriberinaspecificMME.TheS-TMSI(SAETemporaryMobileSubscriberIdentity)isuniquewithinaparticularareaofasinglenetwork.TheGUTIisalongidentifiertherefore,tosaveonradioresources,theS-TMSIisoftenusedonlywithinagroupofMMEs.TheGUTIandS-TMSIconstructsandtheircompositionaredescribedinthefigurebelow.

11

Figure 3 GUTI and S-TMSI Structure

Othernetworkprotectionmechanismsaddresstheissueofcompromisedbasestations.The‘forward/backward’featureensuresthateachtimetheUEchangesitsattachmentpoint(duetomobility)orchangesfromtheIDLEstatetotheACTIVEstate,theairinterfacekeysareupdated.Thisimpliesthatevenifthepriorkeyswerecompromised,securityisstillmaintainedfromthatpointforward.

3.23.2 NNN eee ttt www ooo rrr kkk DDD ooo mmm aaa iiinnn SSS eee ccc uuu rrr iii ttt yyy WiththeadventofIPbasedtransport,thesignalinganduserplanetransportnowrunsovernetworksandprotocolsthataremoreopenandaccessibletoorganizationsotherthanthemajortelecominstitutions.Forexample,thecorenetworkinterfacesmaytraversethirdpartyIPtransportnetworks,orinterfacesmaycrossoperatorboundariesincasesofroaming.ThespecificationtoprotectIP-basedcontrolplanetrafficiscalledNetworkDomainSecurityforIP-basedcontrolplanes(NDS/IP)asspecifiedin3GPPTS33.210.Thisspecificationintroducestheconceptofsecuritydomains,whichrefertonetworksthataremanagedbyasingleadministrativeauthority.Securitydomainsmaypertaintomultipleoperatorsandtheirnetworksorasingleoperatorwhochoosestosegmentthenetworkintodomains.Atthebordersofthesedomains,theoperatorplacesSecurityGateways(SEGs)toprotectthecontrolplanetrafficthattraversesintoandoutofthedomain.IPSecisusedtoprotectthetrafficthatpassesbetweenthedomains,specificallyIPSecEncapsulatedSecurityPayload(ESP)intunnelmode.IKE(InternetKeyExchange)protocol(v1orv2)isusedbetweentheSEGstosetupthesecurityassociations.TheS1-UinterfacebetweentheEPCandE-UTRAN(radio)isofspecialinterest,sinceuserplanedataterminatesontheeNodeBwhichmayexposesensitivedata.Thisshould

12

beprotectedeitherphysicallyorusingNDS/IP.IPSecmayalsobeusedtoprotecttrafficbetweenentitiesinthesamesecuritydomainforfurtherprotection.Thus,theendtoendtrafficbetweentwonetworkentitiesindifferentdomainsisprotectedinahop-by-hopfashion.

3.33.3 UUU sss eee rrr DDD ooo mmm aaa iiinnn SSS eee ccc uuu rrr iii ttt yyy Securityintheuserdomainisprimarilyfocusedonthesecureaccesstoterminals.MostaccesstoterminalsmaybecontrolledbyusingasharedsecretsuchasaPINcode,whichisstoredinsidetheUSIM.ThePINcodeprovidedbytheuserisvalidatedwiththecodepresentintheUSIMwherebyaccessisgranted.Inaddition,thesecurityoftheUICC/USIMisanotheraspectofthisdomain.TheprotectionofthesharedkeyontheUSIMisvitalforprotectionagainstavarietyofattacks.TheUICCshouldalsoberesistanttootherattackssuchaslocalexposureofUSIMauthenticationdataorconnectionhijackattacks.

3.43.4 AAA ppp ppp lll iii ccc aaa ttt iii ooo nnn DDD ooo mmm aaa iiinnn SSS eee ccc uuu rrr iii ttt yyy Applicationdomainsecurityreferstoend-to-endsecuritybetweentheapplicationintheterminalandtheentityprovidingtheservice.Bycontrast,othersecuritydomainsgenerallyrefertosecurityfeaturesonahopbyhopbasis(singlelinkinthenetwork).ThispaperfocusesprimarilyontheEPSwhichprovidesthetransportfortheuserplaneorapplicationtraffic,andassuchistransparenttoapplicationlevelsecurity.

3.53.5 VVV iii sss iiibbb iii lll iii ttt yyy aaa nnn ddd CCC ooo nnn fff iii ggg uuu rrr aaa bbb iii lll iii ttt yyy Thissecuritydomainaddressesthefeedbacktousersandconfigurationofsettingsrelatedtosecurityfeaturesavailablewithinthenetwork.Inmostinstances,securityistransparenttotheenduser,althoughinsomecasestheusershouldbeinformedabouttheoperationalstatus.Asanexample,theusageofencryptioninE-UTRANisdependentonoperatorconfigurationandtheusershouldbeabletofindoutwhetheritisused,perhapsbyasymboldisplayedonthehandset.Configurationofsecuritysettingsisapropertywherebyausercanconfigurewhethertheuse(orprovision)ofaserviceshoulddependontheenablementofasecurityfeature.

3.63.6 NNN ooo ddd eee SSS eee ccc uuu rrr iii ttt yyy Nodesecurityprimarilyfocusesonthreatsassociatedwiththenetworkelementsin

theEPCandLTE.ThesenetworkelementsprovideaccesstotheIMScorenetworkandcorrespondingservicessuchasvoiceandSMS.Securityoftheseelementsinvolvesnetworkservicesthatrunonthem,malicioussoftwarethatmaybeloaded,vulnerabilitiesintheoperatingsystemoruseofun-patchedsoftware,amongothervectors.

13

44 ThreatsThreats As any carrier grade telecommunications network there are several external andinternal threats that need to bemanaged in order to minimize impact of subscribercommunications, revenue assurance, availability and organizational image. Thefollowing are some of the most significant threats associated with the LTE/EPCimplementation. Threat DomainThreat Domain ThreatsThreats

Fraud • Subscriptionsharing

• Subscriber impersonation through remote unauthorizedaccess(UICC)

• SubscriberimpersonationthroughTrojanHorse/malware

UnauthorizedAccess • Exploitationofvulnerablenetworkservices

• Man-in-the-middle/Connectionhijackattacks(UICC)

• AttacksonUSIMsecretkey(UICC)

• Unauthorizedaccesstomanagementandadministrativeinterfaces

• PCRFpolicymanipulationthroughvulnerableservice

• UnauthorizedaccesstotheCALEAsystemviavulnerablenetworkservices.

• CALEAWiretapEavesdropping

• Accesstosubscriberdataviabackups(HSS)

• AccesstosubscriberprofileinformationthroughunauthorizedDIAMETERrequests.

• Messageeavesdropping(DIAMETER)

• UnauthorizedaccesstoBackup,recoveryandloggingdata

• Unauthorizedaccesstosubscriberkeys(eNodeB)

• Networktrafficcompromiseduetolackofappropriateencryption

• Systemcompromiseviacommandinjection

ServiceDisruption • Signalingmessageamplification

• Resourceconsumptionbymis-configureddevice

• Malformedmessages(DIAMETER)

• DoSagainstsubscriberavailabilitythroughspoofedpush-

14

profileDIAMETERrequests.

• Servicedisruption(DoS)viapacketflooding

• Exploitationoftrafficforwarding(HSGW,SGW)NodeTampering • Maliciouscodeinjection

• Unauthorizedsoftwaremodification

• Exploitationofoperatingsystemvulnerabilities

• Manipulationoffirmware/packageupdates(FOTA)

15

Figure 4 components Threat taxonomy visualization

16

55 SummarySummary TheLTEarchitectureimplementationistheevolutionofUTRAN(forGSM

providers)andeHRPD(forCDMAproviders)tosupporthighpacketrate,lowlatency

communications.Aclearunderstandingofitssecurityrequirementsandimplicationsis

requiredtoaddressthecomplexityofthearchitectureanditsdeployment.

AholisticapproachtosecurityintheLTEimplementationwilldiminishthe

opportunitiesforattacksagainsttheinfrastructure.Thebroadareasoffocusinclude:

• NetworkAccessSecurity

• NetworkDomainSecurity

• UserDomainSecurity

• NodeSecurity

• ApplicationDomainSecurity

• VisibilityandConfigurabilityofSecurity(forusers)

Inadditiontothese,traditionalsecuritypracticessuchasrobustlogging,fraud

detectionmonitoring,periodicsecurityevaluations,well-definedsecuritypolicies

amongotherstrategieswillhelpmaintainanadequatesecuritypostureagainst

internalandexternalthreatswithoutnegativelyimpactingservicequalityor

adverselyaffectingoperations.

17

66 Acronyms and definitions Acronyms and definitions Acronym Definition

1xRTT 1x Radio Transmission Technology AKA Authentication and Key Agreement CAVE Cellular Authentication and Voice Encryption CMEA Cellular Message Encryption Algorithm ECMEA Enhanced Cellular Message Encryption Algorithm EPC Evolved Packet Core EPS Evolved Packet System HRPD High Rate Packet Data (a.k.a 1xEV-DO ) LFSR Line Feedback Shift Register

NAS Non Access Stratum

NDS/IP Network Domain Security for IP

ORYX Not an acronym PLCM Privacy Long Code Mask PLUT Pre-computed Lookup Tables RLC Radio Link Control RRC Radio Resource Control SEG Security Gateway UMTS Universal Mobile Telecommunication System E-UTRAN Evolved Universal Terrestrial Radio Access Network UTRAN Universal Terrestrial Radio Access Network VPM Voice Privacy Mask