Upload
parimipavan794176
View
223
Download
0
Embed Size (px)
Citation preview
8/11/2019 SAE security
1/37
3GPP SAE/LTE Security
Anand R. Prasad
NEC Corporation
NIKSUN WWSMC, 26 July, 2011, Princeton, NJ, USAMI M11-0043
Disclaimer: This presentation gives views/opinion of the speakerand not necessarily that of NEC Corporation.
8/11/2019 SAE security
2/37
NEC Corporation 2009Page 2 NEC Confidential
Outline
Background on how this thing came into being:Next Generation Mobile Networks (NGMN) andThird Generation Partnership Project (3GPP)
Brief overview of Evolved packet system (EPS), i.e., SAE/LTE Security in EPS:
Requirements
Security per network elements and protocol layersKey hierarchyAuthentication and key agreementMobility
Today and Tomorrow including current security activities inGlobal ICT Standardisation Forum for India (GISFI)
For abbreviations check Slide 34
8/11/2019 SAE security
3/37
8/11/2019 SAE security
4/37
NEC Corporation 2009Page 4 NEC Confidential
9.6
14.4
14.4
57.6
14
171
384
1.3
144
2
1
21
1
12
11
42
50
100
100
1 G
1993 11996 . 96
1997 . 971998 . 98
2000 .32002 . 5
2004 . 62007 . 7
2009 .8 F
G
G
B I
C
A
Towards NGMN
Next Generation Mobile Network (NGMN):A project by mobile operators with theobjective to establish recommendations,requirements and scenario for futuremobile broadband networks
8/11/2019 SAE security
5/37
NEC Corporation 2009Page 5 NEC Confidential
L
C
. . I
G
E
F
GA
E . .
, L ,I
C
A GE A
NGMN Architecture
SAE (or EPC)
LTE (or E-UTRAN)
E ( E)
I ( I )
I
3GPP Basic Architecture
E ( E)
8/11/2019 SAE security
6/37
NEC Corporation 2009Page 6 NEC Confidential
PCGPCGPCGPCG (Project Coordination Group)(Project Coordination Group)(Project Coordination Group)(Project Coordination Group)
RAN Plenary (RadioRAN Plenary (RadioRAN Plenary (RadioRAN Plenary (Radio
Access NetworkAccess NetworkAccess NetworkAccess Network) )))
SA Plenary (SA Plenary (SA Plenary (SA Plenary (Service &Service &Service &Service &
Systems AspectSystems AspectSystems AspectSystems Aspect) )))
CT Plenary (CoreCT Plenary (CoreCT Plenary (CoreCT Plenary (Core
Network & TerminalNetwork & TerminalNetwork & TerminalNetwork & Terminal) )))
RAN WG1RAN WG1RAN WG1RAN WG1(Layer 1)(Layer 1)(Layer 1)(Layer 1)
RAN WG2RAN WG2RAN WG2RAN WG2(L(L(L(Layerayerayerayer 2222/3/3/3/3))))
RAN WG3RAN WG3RAN WG3RAN WG3((((RAN to wiredRAN to wiredRAN to wiredRAN to wired) )))
RAN WG4RAN WG4RAN WG4RAN WG4(Performance)(Performance)(Performance)(Performance)
RAN WG5RAN WG5RAN WG5RAN WG5(UE conformance test)(UE conformance test)(UE conformance test)(UE conformance test)
SA WG1SA WG1SA WG1SA WG1(Requirement)(Requirement)(Requirement)(Requirement)
SA WG2SA WG2SA WG2SA WG2(Architecture)(Architecture)(Architecture)(Architecture)
SA WG3SA WG3SA WG3SA WG3(Security)(Security)(Security)(Security)
SA WG4SA WG4SA WG4SA WG4(Codec)(Codec)(Codec)(Codec)
SA WG5 (Management)SA WG5 (Management)SA WG5 (Management)SA WG5 (Management)
CT WG1CT WG1CT WG1CT WG1((((UE/Core NWUE/Core NWUE/Core NWUE/Core NW Layer 3)Layer 3)Layer 3)Layer 3)
CT WG3CT WG3CT WG3CT WG3(Interwo(Interwo(Interwo(Interworrrrkingkingkingking externalexternalexternalexternal) )))
CT WG4CT WG4CT WG4CT WG4(Core NW protocol)(Core NW protocol)(Core NW protocol)(Core NW protocol)
CT WG5CT WG5CT WG5CT WG5(Open Service Access)(Open Service Access)(Open Service Access)(Open Service Access)
CT WG6 (SIM)CT WG6 (SIM)CT WG6 (SIM)CT WG6 (SIM)
3GPP Overview
8/11/2019 SAE security
7/37
NEC Corporation 2009Page 7 NEC Confidential
A IBJ
A IA
CC AC
E IE
AK
CJ
CG
G I
3G
This is how it works
Third Generation Partnership Project(3GPP) develops specification standardizedby organizational partners (OPs)
OPs follow their government / regulatory
mandate OPs participate in the project coordinationgroup (PCG)
Individual members are member of at leastone of the OPs and provide input to the
technical specification group (TSG) Result of TSG is a TR or TS that formsstandars by OPs
3GPP also takes input from ITU and uses itsguideline
Resulting specification from 3GPP TSG istaken to ITU by individual members asspecification
8/11/2019 SAE security
8/37
Evolved Packet System (EPS)
Overview and Security EPS is also know as System Architecture Evolution (SAE) /Long Term Evolution (LTE)
SAE is also known as Evolved Packet Core (EPC) LTE is also known as Evolved UTRAN
8/11/2019 SAE security
9/37
8/11/2019 SAE security
10/37
NEC Corporation 2009Page 10 NEC Confidential
Basic Requirements
Continued usage of current USIM, i.e., there should not be anychange in USIM for accessing EPS network. The USIM that isused in UMTS networks should be thus reusable.
Security should be at least of the same level or better than thatcompared to UMTS.
8/11/2019 SAE security
11/37
NEC Corporation 2009Page 11 NEC Confidential
eNodeB
MME SGWUE
Uu
S1-U
S11S1-MME
I & I EI( )
I EI( ) A
E
C
A (
3G AE )eNodeB
X2
I ,
/ E / C /
K
C
B &
O&M
Security Requirements
8/11/2019 SAE security
12/37
NEC Corporation 2009Page 12 NEC Confidential
eNodeB
MME SGWUE
Uu
S1-U
S11
S1-MME
E ( E )
C
A I E A
E ( E )
A A
A E
G A HI E A
C 3G AE ( C
)
S6a
HSS (AuC,HLR,EIR,DNS)
E G A
Network Elements and Security Functions
8/11/2019 SAE security
13/37
NEC Corporation 2009Page 13 NEC Confidential
A
C
DC
LC/ AC/L1
A / I
C
C
H A ( C )
DC
A
A
Protocol Layers and Security Functions
8/11/2019 SAE security
14/37
NEC Corporation 2009Page 14 NEC Confidential
Key Hierarchy
K A C I A K A (AKA)
CK, IK
K
C AKA H A C E I
G H E C CK IK
KA KA
K B
K C K CK
A : E A ( )
K B B E A : D B C
( ), C
A C & I
H & E
E & E
B & E
Key separationdepending onpurpose
8/11/2019 SAE security
15/37
NEC Corporation 2009Page 15 NEC Confidential
Uu
S1-US11
(3) AKA
( C)
E B E H G G
(2) A
(1)
(4)
(5) I
(6)
A
E B
C A E C
A
E A E E
C
H E E
C D G D G I
L
C
EPS Terminal Start-up and Security
8/11/2019 SAE security
16/37
NEC Corporation 2009Page 16 NEC Confidential
I H (
A C)E
1. I
2. A
3. A
(A )
4. A
5. C A A E
(A ). G E .
6. A E
7. E = E ?(A E)
Authentication and Key Agreement (AKA)
Network and UE are
authenticated to each other.The top-level-key (Kasme)is created
8/11/2019 SAE security
17/37
NEC Corporation 2009Page 17 NEC Confidential
SMC: NAS Algorithm Selection
eNB MMEUE
NAS integrityprotection start
NAS Security Mode Command (eKSI, UE sec capabilities,ENEA, ENIA, [IMEI request,] [NONCEue, NONCEmme,]NAS-MAC)
NAS Security Mode Complete ([IMEI,] NAS-MAC)
Configured with list of NASconfidentiality and integrity algorithmsthat can be used and with priority
Choose highestpriority algorithms
Verify NAS SMC integrity. If succesful,start ciphering/
deciphering and integrity protection andsend NAS Security Mode Complete.
NAS de-ciphering/ciphering start
Integrity protected with the newalgorithm if there was change inalgorithm
Algorithm is chosen for NAS and NASkeys are generated. NAS security starts.
8/11/2019 SAE security
18/37
NEC Corporation 2009Page 18 NEC Confidential
SMC: AS Algorithm Selection
eNB MMEUE
UE AS security context setup
UE capabilities., eKSI
RRC/UP integrityprotection start
AS Security Mode Command RRC-Integrity protected (Integrity algo, ciphering algo, MAC-I)
AS Security Mode Complete (MAC-I)
Configured with list of ASconfidentiality and integrity algorithmsthat can be used and with priority
Choose highestpriority algorithms
Verify AS SMC integrity.If succesful, start RRC/UP integrity
protection, downlink deciphering, andsend AS Security Mode Complete.
RRC/UP cipheringstart
RRC/UP de-ciphering start
RRC/UP cipheringstart
UE security capabilities is sent to MME duringconnection establishment together with START
value. This is informed back to UE integrityprotected. UE responds back with the same thing
again integrity protected. All in NAS.
Algorithm is chosen for AS &AS keys are generated. ASsecurity starts.
8/11/2019 SAE security
19/37
NEC Corporation 2009Page 19 NEC Confidential
SGSNMME MME
eNodeB eNodeB
eNodeB
NodeB NodeB
RNC
Cell 1 Cell 2 eNodeB
/
/ 1
S1-MME S1-MME S1-MME S1-MME
X2
S10 S3
Mobility in EPS
8/11/2019 SAE security
20/37
8/11/2019 SAE security
21/37
NEC Corporation 2009Page 21 NEC Confidential
CC=1
CC=3
CC=2
H
KDF
KDF
KA E
H
A C
IK B
KA E
KDF
H
KA E
KDF
H
KA E
KDF
CI,EA FC DL
K B *= K B KDF
CI,
EA FC DL
K B *= K B KDF
CI,EA FC DL
K B *= K B
KDF
CI,EA FC DL
K B *= K B KDF
CI,EA FC DL
K B *= K B KDF
CI,EA FC DL
K B *= K B
K B KDF
CI,EA FC DL
K B *= K B KDF
CI,EA FC DL
K B *= K B CC=0
KDF: Key Derivation FunctionNH: Next HopNCC: Next hop Chaining Counter PCI: Physical Cell Identity
Handover and Key Handling
Detail of key derivation and handling on handover
8/11/2019 SAE security
22/37
NEC Corporation 2009Page 22 NEC Confidential
Inter-Technology Handover for EPS
eNodeB
UMTS
NodeB
Derive keys in servingnetwork for the target
network and in UEbased on current keys
before handover
EPS
The idea here is to derive keys bothways from the existing context and doAKA at the earliest possible
especially in E-UTRAN The keys are named as follows:Mapped context is the one derivedfrom other RAT keys
Current context is the context beingusedNative context is the context of E-UTRAN
On handover to E-UTRAN mappedcontext is used although it isrecommended that native contextshould be used as it is consideredstronger
8/11/2019 SAE security
23/37
Today to Tomorrow
8/11/2019 SAE security
24/37
NEC Corporation 2009Page 24 NEC Confidential
Protection against Unsolicited Communication in IMS (PUCI)
- Accounting &Charging server
- IMS applicationServer
Bots, virus etc.
Threats
Data confidentiality
Fraud Activities
Phishing
Denial of Service
Bandwidth Availability
Productivity Loss
Call Quality Degradation
Unauthorized Access
Eavesdropping
SPIT
Customer Satisfaction
Authentication
Re-Routing
Caller ID Spoofing
There are several VoIP threats that can lead to SPIT
Can lead to SPIT
8/11/2019 SAE security
25/37
NEC Corporation 2009Page 25 NEC Confidential
Protection against Unsolicited Communication in IMS (PUCI)
Identification(check with automatic
means and staticoperator/user settings)
Marking(indicate the likelihood of UCthrough marking)
Result
Reacting(check threshold level and
take action, e.g. re-route, voicemailbox, further test etc.)
Marking level F
u r t
h e r
t e s
t
Other (based on user or operator policycommunication is sent to a given
network element for action.)Marking or no marking
Destination UE(user takes action based on
marking and sender IDif available)
Source device
Challenge
Solve it with Identify, Mark and React
3GPP TR 33.937 available. Further workon-going under SPUCI work-item.
8/11/2019 SAE security
26/37
NEC Corporation 2009Page 26 NEC Confidential
Machine to Machine Communication
Known as Machine TypeCommunication (MTC)
Scenarios are, for example, smart
metering or healthcare Issues can be from the point ofaccess control to attack on thedevice itself
The biggest problem will be the hugenumber of devices trying to connectto the mobile network and thusoverwhelming the network due tohigh traffic volume
8/11/2019 SAE security
27/37
NEC Corporation 2009Page 27 NEC Confidential
GISFI Security Activities
The security activity in Global ICT Standardisation Forum for India(GISFI) provides solution for all the activities being carried out bythe standardization forum
Security SIG also provides input to Indian government The activity is still at its early stage, some of the topics coveredare:
Cyber security and childrenCloud securityInter-of-Things (starting from machine-to-machine, M2M,communication)
8/11/2019 SAE security
28/37
NEC Corporation 2009Page 28 NEC Confidential
What is happening today and where will it lead to?
Some observations of today:Average age of knowledge generation is decreasing with time data andinformation in readily availableWorld is slowly but steadily moving towards similar level of life globally
impact on age of population and education levelReachability is at 24 / 7Need for convenience is increasingComputing, telecommunications and networking has converged, if not, thetrend has only become faster Openness, free and shared are key wordsTechnology enhancement is moving at a faster pace:
Wireless data-rate is catching up with wired Computing power is high and increasing while becoming available to all
Human society is maturingBusiness models are changing very fast: 10 to 2 years to 6 months and now 3monthsOperators business: conventional, data only, take a ride
8/11/2019 SAE security
29/37
NEC Corporation 2009Page 29 NEC Confidential
Thoughts: Security?
Potentially faster cycle for algorithm development Need of increased awareness and concern of privacy and security Necessity of ever more system security consideration
Top-to-bottomEnd-to-end
Better privacy control mechanisms Choice of level of security Fast threat analysis together with proper understanding of risk and
input to security solution .
8/11/2019 SAE security
30/37
Conclusions
8/11/2019 SAE security
31/37
8/11/2019 SAE security
32/37
NEC Corporation 2009Page 32 NEC Confidential
.the book
Security in Next Generation Mobile Networks: SAE/LTE andWiMAXAuthors: Anand R. Prasad and
Seung-Woo SeoPublisher: River Publishers Available: August 2011ISBN: 978-87-92329-63-9Table of Contents:
1. Introduction to NGMN2. Security Overview3. Standardization: 3GPP, IEEE 802.16 and WiMAX4. SAE/LTE Security5. Security in IEEE 802.16e / WiMAX6. Security for Other Systems: MBMS, M2M, Femto
Contact:
8/11/2019 SAE security
33/37
8/11/2019 SAE security
34/37
NEC Corporation 2009Page 34 NEC Confidential
Abbreviations
3G G A A A A ( C ) G G A C A C C F C FA A DC D C D D D D
EI E I D G G
D G
E C E C L L
DG D G CI
C IE A E A A A
GE A G EDGE A LC L CGI FI G IC F I C C
HL H L AE A E ( E C
)H H I I I I G G
I I G GL E L E ( E A E EAC A C E E I I E E A A
8/11/2019 SAE security
35/37
NEC Corporation 2009Page 35 NEC Confidential
Security Overview
Home stratum/ Serving Stratum
Transport stratum ME
Application stratum User Application Provider Application
(IV)
(III)
(II)
(I)
(I)
(I)
(I)
(I)
SN
AN (I)
USIM
(II)
HE
Network access security (I) Network domain security (II)
User domain security (III)
Application domain security (IV) Visibility and configurability of security (V)
8/11/2019 SAE security
36/37
O h S i A
8/11/2019 SAE security
37/37
NEC Corporation 2009Page 37 NEC Confidential
Other Security Aspects
Network domain control plane protectionProtection of IP based control plane will be done using 33.210. If theinterfaces are trusted then such protection is not required.Thus for S1-MME and X2-C
Implement IPsec ESP [RFC 4303 and TS 33.210] IKEv2 certificate based authentication [TS 33.310] Tunnel mode IPsec mandatory on eNB while SEG can be used in core Transport mode is optional
Backhaul link user plane protectionProtection of user plane will be done using 33.210. If the interfacesare trusted then such protection is not required.S1-U and X2-U
IPsec ESP as in RFC 4303 and TS 33.210 with confidentiality, integrityand replay protection
IKEv2 certificate based authentication [TS 33.310]
Tunnel mode IPsec mandatory on eNB while SEG can be used in core Transport mode is optional Management plane protection
Same as S1-U and X2-UThere is no management traffic over X2