Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
1
Use of IPsec & IKE inUniversal Mobile Telecommunication System
Dr. John K. ZaoSr. Scientist, Information Security
Verizon Communications / BBN Technologies
BBN TechnologiesAn Operating Unit of
IPSEC 2000Paris La Defense - France 10/26/2000
IPSEC 2000Paris La Defense - France 10/26/2000
2 BBN TechnologiesAn Operating Unit of
Outline
uOverview: 3G Wireless Data Networks
u Analysis: UMTS Security
u Proposal: Possible Use of IPsec & IKE in UMTS Security
2
IPSEC 2000Paris La Defense - France 10/26/2000
3 BBN TechnologiesAn Operating Unit of
Outline
uOverview: 3G Wireless Data Networksv Historyv Architecturev Domainsv Strata
u Analysis: UMTS Security
u Proposal: Possible Use of IPsec & IKE in UMTS Security
IPSEC 2000Paris La Defense - France 10/26/2000
4 BBN TechnologiesAn Operating Unit of
Wireless Data Network Development2G 2.5G 3G
Europe
USA
3
IPSEC 2000Paris La Defense - France 10/26/2000
5 BBN TechnologiesAn Operating Unit of
GPRS / UMTS System Architecture
MSC
EIR
MESIM
AuC
HLR VLR
BSC
BSC
BTS
BTS
BTS
BTS
PSTN / ISDNPSPDN / CSPDN
MESIM
MESIM
MESIM
MSC
Access NetworkDomain
Core NetworkDomain
Serving NetworkDomain
Transit NetworkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
DomainUSIM
Domain
Home NetworkDomain
IPSEC 2000Paris La Defense - France 10/26/2000
6 BBN TechnologiesAn Operating Unit of
UMTS Domain Hierarchy
Access NetworkDomain
Serving NetworkDomain
Transit NetworkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote NetworkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Domain – a high-level group of UMTS entities; reference points (interfaces) are defined between domains
4
IPSEC 2000Paris La Defense - France 10/26/2000
7 BBN TechnologiesAn Operating Unit of
UMTS MT-HN Strata
Home StratumService Stratum
Transport StratumAccess Stratum
Access NetworkDomain
Serving NetworkDomain
Transit NetworkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote NetworkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
IPSEC 2000Paris La Defense - France 10/26/2000
8 BBN TechnologiesAn Operating Unit of
UMTS MT-RN Strata
Service Stratum
Transport StratumAccess Stratum
Application Stratum
Access NetworkDomain
Serving NetworkDomain
Transit NetworkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote NetworkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Stratum – a group of UMTS protocols that are relevant to one aspect of the services provided by one or more domains
5
IPSEC 2000Paris La Defense - France 10/26/2000
9 BBN TechnologiesAn Operating Unit of
Outline
uOverview: 3G Wireless Data Networks
u Analysis: UMTS Securityv Security Threadsv Security Architecturev Security Features/Services
F Network Access SecurityF Network Domain SecurityF User Domain SecurityF Application Domain Security
v Security MechanismsF Mobile User Identity AllocationF Entity Authentication & Key AgreementF User Traffic ConfidentialityF Network Domain Security
u Proposal: Possible Use of IPsec & IKE in UMTS Security
IPSEC 2000Paris La Defense - France 10/26/2000
10 BBN TechnologiesAn Operating Unit of
3G Security: Threats
Privilege Misuse,User
Privilege MisuseAlteration,USIM Download
Masquerading,Net Elements
Information Leakage User Location
Masquerading, Download Origins
Unauthorized Access, System Data
Stealing,Terminals
Masquerading,Net Elements
Traffic Analysis, Active
Privilege Misuse,Service Net
Service AbuseAlteration,System Data
Traffic Analysis, Passive
Repudiation,Traffic Delivery
Masquerading,Home Environment
Masquerading,Net Elements
Alteration,ME Download
Masquerading,User
Repudiation,Traffic Origin
Masquerading,Service Net
Intervention,Protocols
Alteration,Signal & Control
Eavesdropping, Signal & Control
Repudiation,Charge
Masquerading,User
Intervention,Physical
Alteration,User Traffic
Eavesdropping, User Traffic
EnablingThreads
RepudiationIllegitimate UsesDenial of Services
Integrity Violation
Confidentiality Violation
BasicThreads
Source: 3G Security; Security Threats & Requirements [3G TS 21.133]
6
IPSEC 2000Paris La Defense - France 10/26/2000
11 BBN TechnologiesAn Operating Unit of
3G Security : Threats, Radio Interface
Privilege Misuse,User
Privilege MisuseAlteration,USIM Download
Masquerading,Net Elements
Information Leakage User Location
Masquerading, Download Origins
Unauthorized Access, System Data
Stealing,Terminals
Masquerading,Net Elements
Traffic Analysis, Active
Privilege Misuse,Service Net
Service AbuseAlteration,System Data
Traffic Analysis, Passive
Repudiation,Traffic Delivery
Masquerading,Home Environment
Masquerading,Net Elements
Alteration,ME Download
Masquerading,User
Repudiation,Traffic Origin
Masquerading,Service Net
Intervention,Protocols
Alteration,Signal & Control
Eavesdropping, Signal & Control
Repudiation,Charge
Masquerading,User
Intervention,Physical
Alteration,User Traffic
Eavesdropping, User Traffic
EnablingThreads
RepudiationIllegitimate UsesDenial of Services
Integrity Violation
Confidentiality Violation
BasicThreads
Relevant Threads Significant Threads Major Threadsv Radio Eavesdropping & Traffic Analysisv User & Net Element Masquerading
IPSEC 2000Paris La Defense - France 10/26/2000
12 BBN TechnologiesAn Operating Unit of
3G Security : Threats, ME-USIM Interface
Information Leakage, User Location
Privilege Misuse, (Borrowed USIM)
Privilege MisuseAlteration,USIM Download
Masquerading,Net Elements
Masquerading, Download Origins
Unauthorized Access, System Data (USIM)
Stealing,Terminals (ME)
Masquerading,Net Elements
Traffic Analysis, Active
Privilege Misuse, Service Net
Service AbuseAlteration,System Data (ME)
Traffic Analysis, Passive
Repudiation,Traffic Delivery
Masquerading,Home Environment
Masquerading,Net Elements
Alteration,ME Download
Masquerading,User (ME/USIM)
Repudiation,Traffic Origin
Masquerading,Service Net
Intervention,Protocols
Alteration, (USIM) Signal & Control
Eavesdropping, (USIM) Signal & Control
Repudiation,Charge
Masquerading, User (Stolen ME & USIM)
Intervention,Physical
Alteration, (USIM) User Traffic
Eavesdropping, (USIM) User Traffic
EnablingThreads
RepudiationIllegitimate UsesDenial of Services
Integrity Violation
Confidentiality Violation
BasicThreads
Relevant Threads Significant Threads Major Threadsv ME/USIM Masqueradingv ME/USIM Data Alteration & Accessv ME/USIM Download Alteration & Eavesdropping
7
IPSEC 2000Paris La Defense - France 10/26/2000
13 BBN TechnologiesAn Operating Unit of
3G Security : Threats, General System
Privilege Misuse,User
Privilege MisuseAlteration,USIM Download
Masquerading,Net Elements
Information Leakage User Location
Masquerading, Download Origins
Unauthorized Access, System Data
Stealing,Terminals
Masquerading,Net Elements
Traffic Analysis, Active
Privilege Misuse,Service Net
Service Abuse,Emergency Service
Alteration,System Data
Traffic Analysis, Passive
Repudiation,Traffic Delivery
Masquerading,Home Environment
Masquerading,Net Elements
Alteration,ME Download
Masquerading,User
Repudiation,Traffic Origin
Masquerading,Service Net
Intervention,Protocols
Alteration,Signal & Control
Eavesdropping, Signal & Control
Repudiation,Charge
Masquerading,User
Intervention,Physical
Alteration,User Traffic
Eavesdropping, User Traffic
EnablingThreads
RepudiationIllegitimate UsesDenial of Services
Integrity Violation
Confidentiality Violation
BasicThreads
Relevant Threads Significant Threads Major Threadsv Privilege Misusev Network Element Masqueradingv Wired Link Eavesdropping
IPSEC 2000Paris La Defense - France 10/26/2000
14 BBN TechnologiesAn Operating Unit of
UMTS Security Architecture
Service Stratum
Transport StratumAccess Stratum
Application Stratum
Access NetworkDomain
Serving NetworkDomain
Transit NetworkDomain
User EquipmentDomain
InfrastructureDomain
MobileEquipment
Domain
USIMDomain
Home/Remote NetworkDomain
ME USIM
MT SNAN HN / RN
HE / TE
TN
Cu Uu Iu [Yu] [Zu]
SN
User Apps Provider Apps
Network Access Security
Network Domain Security
User Domain Security
Application Domain Security
v User Domain Security – protection against attacks on ME - USIM/USIM interfacesv Network Access Security – protection against attacks on radio (access) linksv Network Domain Security – protection against attacks on wired network infrastructurev Application Domain Security – protection on user & provider application exchangesv Security Management – monitoring & managing user - provider security features
8
IPSEC 2000Paris La Defense - France 10/26/2000
15 BBN TechnologiesAn Operating Unit of
Network Access Security
User Identity ConfidentialityServicesServicesF Identity ConfidentialityF Location ConfidentialityF Untraceability
MechanismsMechanismsF Temporary Visiting IdentityF Encrypted Permanent IdentityF Encrypted Signal / Control Data
Entity AuthenticationServicesServicesF Authentication Mechanism AgreementF User AuthenticationF Network Element Authentication
MechanismsMechanismsF HE-SN Authentication & Key AgreementF Local Authentication
Data ConfidentialityServicesServicesF Cipher Algorithm AgreementF Cipher Key AgreementF User Data ConfidentialityF Signal / Control Data Confidentiality
Data IntegrityServicesServicesF Integrity Algorithm AgreementF Integrity Key AgreementF Signal / Control Data IntegrityF Signal / Control Data Origin Authentication
IPSEC 2000Paris La Defense - France 10/26/2000
16 BBN TechnologiesAn Operating Unit of
Network Domain Security
Entity AuthenticationServicesServicesF Mechanism AgreementF Network Element Authentication
MechanismMechanismF Explicit Symmetric Key Authentication
Data ConfidentialityServicesServicesF Cipher Algorithm AgreementF Cipher Key AgreementF Signal / Control Data Confidentiality
Data IntegrityServicesServicesF Integrity Algorithm AgreementF Integrity Key AgreementF Signal / Control Data IntegrityF Signal / Control Data Origin Authentication
9
IPSEC 2000Paris La Defense - France 10/26/2000
17 BBN TechnologiesAn Operating Unit of
User Domain Security
User - USIM AuthenticationServicesServicesF PIN-based Authentication
USIM - ME AuthenticationServicesServicesF Shared Secret Authentication
IPSEC 2000Paris La Defense - France 10/26/2000
18 BBN TechnologiesAn Operating Unit of
Application Domain Security
Secure USIM Download & MessagingServicesServicesF Application Identity AuthenticationF Application Data ConfidentialityF Application Data Origin AuthenticationF Application Data IntegrityF Application Exchange Sequence IntegrityF Application Exchange Replay ProtectionF Application Data Non-repudiation
IP Security[TBD][TBD]
User Traffic ConfidentialityServiceServiceF End-to-End Data Confidentiality
User Profile Confidentiality[TBD][TBD]
10
IPSEC 2000Paris La Defense - France 10/26/2000
19 BBN TechnologiesAn Operating Unit of
* Mobile User Identity (MUI) ExchangesTemporary MUI (TMUI) Allocation
Permanent MUI (IMUI) Identification
v Similar to Mobile IP Registration
v Source: UMTS Security Architec-ture [3G TS 33.102]
IPSEC 2000Paris La Defense - France 10/26/2000
20 BBN TechnologiesAn Operating Unit of
Entity Authentication & Key AgreementParametersvAuthentication Vector
AV(i) := RAND(i)||XRES(i)||CK(i)||IK(i)||AUTN(i)
AUTN,CK,IK,XRES derived from RAND,SQN,AMF
vAuthentication Data RequestAuthen_Req := IMUI || HLR_MSG
vAuthentication Data RequestAuthen_Res := [IMUI] || AV(1..n)
CommentsvAuthentication is conducted between
HE/AuC & MS/USIMvHE is authentication & key distribution
center
vSN/VLR is trusted mediatorvIf HE is off-line then MS-SN authenti-cate
using shared integrity key & protect their traffic using old (CK,IK)
11
IPSEC 2000Paris La Defense - France 10/26/2000
21 BBN TechnologiesAn Operating Unit of
User Traffic Confidentiality
Key Management
v Cipher Key (Ks)v Initialization Vector (IV)
Cipher Algorithmsv Synchronous Stream Cipher
F Data stream XOR with key stream
F Synchronization controlled by IV
Issuesv Encryption synchronization mechanismv TFO voice protection adaptation v Data traffic protection adaptationv Encryption termination at net gatewaysv Encryption management
IPSEC 2000Paris La Defense - France 10/26/2000
22 BBN TechnologiesAn Operating Unit of
Network Domain SecuritySimilar to Multi-Realm Kerberos
Layer Iv Symmetric Session Key
Negotiation using PK technology
Layer IIv Session Key Distribution within
each Operator
Layer IIIv Secure communication between
Elements of different Operators
12
IPSEC 2000Paris La Defense - France 10/26/2000
23 BBN TechnologiesAn Operating Unit of
Outline
uOverview: 3G Wireless Data Networks
u Analysis: UMTS Security
u Proposal: Possible Use of IPsec & IKE in UMTS Securityv Motivation
v Use of IPsec with IKE
v Use of IPsec with UMTS Key Management
v Use of IKE with UMTS Cipher Mechanisms
v Use of IPsec with Stateful Header Compression
IPSEC 2000Paris La Defense - France 10/26/2000
24 BBN TechnologiesAn Operating Unit of
Motivation
Why are we thinking of putting IPsec & IKE into 3G?Because …v IP (with XML payloads) is likely to be the networking protocol for
future Wireless Internet.v GSM/GPRS/UMTS Security Architecture is complex & fragmented.
v IPsec & IKE will become widely deployed.v Use of USIM will make PK technology more accessible.v …
What will be the major show stoppers?v Wireless Voice traffic will NOT be over IP in near future.v Wireless Signaling & Control traffic is NOT over IP either.
13
IPSEC 2000Paris La Defense - France 10/26/2000
25 BBN TechnologiesAn Operating Unit of
Use of IPsec with IKE in UMTS
uApplication Domain Security [Strong Case]v User Traffic Confidentiality
uNetwork Domain Security [Possible but Unlikely Case]v Entity Authentication
v Data Confidentiality
v Data Integrity
v First, UMTS Core Network must speak IP …
IPSEC 2000Paris La Defense - France 10/26/2000
26 BBN TechnologiesAn Operating Unit of
Use of IPsec with UMTS Key Management
uNetwork Domain Signaling & Control Security [Possible Case]v Entity Authentication
v Data Confidentiality
v Data Integrityv More likely than IPsec protection for entire UMTS Core Networkv Use UMTS Key Management is reasonable for compatibilityv Still, UMTS Signaling & Control must speak IP …
14
IPSEC 2000Paris La Defense - France 10/26/2000
27 BBN TechnologiesAn Operating Unit of
Use of IKE with UMTS Cipher Mechanisms
Not so unlikely as we think because …v UMTS uses USIM-HE exchanges to establish user security v USIM & HE/AuC may use IKE technology
uEntity Authentication & Cipher/Integrity Key Agreementv Network Access Securityv Application Domain Security
IPSEC 2000Paris La Defense - France 10/26/2000
28 BBN TechnologiesAn Operating Unit of
Use of IPsec with Header Compression
Justificationv Wireless Data Network may have limited bandwidthv Wireless Access & Network Domains support stateful L2 switching
Approachv Adopt technologies from IETF Robust Header Compression WGv Consider possible IPsec header compression ?
15
IPSEC 2000Paris La Defense - France 10/26/2000
29 BBN TechnologiesAn Operating Unit of
Bibliography
3rd Generation Partnership Project, Technical Specification Group (TSG) SA
v 3G TS 21.133 - 3G Security; Security Threats & Requirements
v 3G TS 21.120 - 3G Security; Security Principles & Objectives
v 3G TS 33.105 - 3G Security; Cryptographic Algorithm Requirements
v 3G TS 33.102 - UMTS; 3G Security; Security Architecture
v 3G TS 23.101 - UMTS; General UMTS Architecture
GSM Documents
v GS 02.60 – GPRS; Service Description; Stage 1
v GS 03.60 – GPRS; Service Description; Stage 2
v GS 02.09 – Security Aspects
v GS 03.20 – Security Related Network Functions
Source: http://www.etsi.org/