Communication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016

Similar documents
3GPP security hot topics: LTE/SAE and Home (e)nb

LTE Security How Good Is It?

ETSI TS V ( )

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

3GPP TS V ( )

DAY 2. HSPA Systems Architecture and Protocols

Simulation of LTE Signaling

Delivery of Voice and Text Messages over LTE 13 年 5 月 27 日星期 一

GTP-based S2b Interface Support on the P-GW and SAEGW

POWER-ON AND POWER-OFF PROCEDURES

Delivery of Voice and Text Messages over LTE

Wireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013

System Architecture Evolution

INTRODUCTION TO LTE. ECE MOBILE COMMUNICATION Monday, 25 June 2018

ETSI documents published or circulated for vote/comment in September 2018

Implementation of Enhanced AKA in LTE Network

IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 1, FIRST QUARTER A Survey on Security Aspects for LTE and LTE-A Networks

ETSI documents published or circulated for vote/comment in January 2019

Survey of security features in LTE Handover Technology

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

Authenticated Key Management Scheme for Intra-Mme Handover Over LTE Networks

EXAM IN TTM4137 WIRELESS SECURITY

5G voice network evolution aspects. Voice over NR in a 5G System and migration from Evolved Packet System Fallback. Paper 3

T325 Summary T305 T325 B BLOCK 2 4 PART III T325. Session 1 Block III Part 2 Section 2 - Continous Network Architecture. Dr. Saatchi, Seyed Mohsen

Implementing Cisco Service Provider Mobility LTE Networks ( )

3GPP SA3-5G SECURITY. Major changes in 5G security architecture and procedures Sander de Kievit

Primebit Solution MASTERED DIPLOMA IN PROTOCOL DEVELOPMENT COURSE CONTENT

Nr. Standard reference Title

System Enhancements for Accessing Broadcast Services in All-IP Networks. Motivation

Improved One-Pass IP Multimedia Subsystem Authentication for UMTS

Temporary Document Page 2 - switches off, the allocated resources and PCC rules information of PDN GWs used by the UE in non- network will not be dele

MME SGW PGW. 17-Feb-14 21:15 (Page 1) This sequence diagram was generated with EventStudio Sytem Designer -

Timmins Training Consulting

Requirement Plan Plan Name: LTE_Data_Retry Plan Id: LTEDATARETRY Version Number: 31 Release Date: June 2018

Security Advances and Challenges in 4G Wireless Networks

ETSI TS V ( )

Primebit Solution EXPERT DIPLOMA IN PROTOCOL TESTING COURSE CONTENT

VoLTE Security in NG PRDs

Session 5 The e v e o v l o ve v d P a P c a k c e k t e t Co C r o e r (EP E C P ) C : T he a l a l-ip based

MSF Architecture for 3GPP Evolved Packet System (EPS) Access MSF-LTE-ARCH-EPS-002.FINAL

3GPP TR V9.0.0 ( )

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

Basic SAE Management Technology for Realizing All-IP Network

NG40 IMS Emulator. Key features: IMS Registration VoLTE Basic SRVCC (one-way HO of single active speech session from 4G PS to 3G CS)

Secure military communications on 3G, 4G and WiMAX

3GPP TS V ( )

3GPP TS V ( )

3GPP R15 5G SIM card: A definition

ETSI TR V (201

awaves academy EPS/LTE Training Program In cooperation with GreenlightPM and TheSpecTool TheSpecTool

Virtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017

IxLoad LTE Evolved Packet Core Network Testing: enodeb simulation on the S1-MME and S1-U interfaces

ETSI TS V ( )

3GPP TS V ( )

HSS-based P-CSCF Restoration

Native Deployment of ICN in 4G/LTE Mobile Networks

awaves academy EPS/LTE Training Program In cooperation with GreenlightPM and TheSpecTool awaves academy

Seamless Interoperability Across LTE And WiMAX Using Vertical Handover Mechanism

Spirent Landslide VoLTE

IPSec Network Applications

UMTS System Architecture and Protocol Architecture

Improved Internet Protocol Multimedia Subsystem Authentication for Long Term Evolution

LEGAL DISCLAIMERS AND NOTICES

IP Multimedia Subsystem Part 5 Marek Średniawa

ETSI TS V ( ) Technical Specification

Quality of Service, Policy and Charging

ETSI TS V8.3.0 ( ) Technical Specification

Keywords Quality of Service (QoS), Long Term Evolution (LTE), System Architecture Evolution (SAE), Evolved Packet System (EPS).

Interoperability Test Plan for LTE Wireless Devices

A Review of 3G-WLAN Interworking

3GPP TS V9.5.0 ( )

David Williams. Next Generation ecall

Reqs-LTE-SMS. Device Requirements Issued: Mar-16

USIM based Authentication Test-bed For UMTS-WLAN Handover 25 April, 2006

ETSI TS V ( ) Technical Specification

3GPP TR V ( )

Test Plan for LTE Interoperability

VoIP and Voice over LTE

3GPP TS V ( )

Mobile NW Architecture Evolution

Test-king QA

3GPP TS V ( )

Agenda. Introduction Roaming Scenarios. Other considerations. Data SMS Voice IMS

Security functions in mobile communication systems

Experimental Analysis of the Femtocell Location Verification Techniques

3GPP TS V8.7.0 ( )

3gpp Based LTE Network Architecture for Broad band Wireless Communication

ETSI TS V3.4.0 ( )

EPC-SIM for enb/henb/ HeNB-GW Testing VERSION 5.0

LTE Radio Interface Architecture. Sherif A. Elgohari

- Page 1 of 8 -

Federated Identity Management and Network Virtualization

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks

embms application tests with the R&S CMW 500 and R&S CMWcards

VoLTE is the mainstream solution

SRVCC Ensuring voice service continuity in VoLTE/IMS

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

5G-ENSURE. Privacy Enablers. (Project Number )

Transcription:

Communication and Distributed Systems Seminar on : LTE Security By Anukriti Shrimal May 09, 2016

LTE network with interfaces LTE Security 2

Contents LTE Security : Why, What, How EPS Architecture Design Decisions AKA Procedure & Key Hierarchy UE Endpoint Security (NAS and AS signalling) Base-station Security Emergency Call Handling LTE Security 3

Why :Threats against EPS User Privacy & Identity UE tracking Handovers. Base stations and last-mile transport links. Multicast or broadcast signalling. Denial of service (DoS). Misusing network services. Radio protocols. Mobility management. Manipulation of control plane data. Unauthorized access to the network. These threats have been handled by the guidelines provided by 3GPP standards. LTE Security 4

What : High-Level Security Requirements in LTE The high-level security requirements of can be summarized as follows. (H-1) EPS shall provide a high level of security. (H-2) Any security lapse in one access technology must not compromise other accesses. (H-3) EPS should provide protection against threats and attacks. (H-4) EPS shall support authenticity of information between the terminal and the network. (H-5) Appropriate traffic protection measures should be provided. (H-6) EPS shall ensure that unauthorized users cannot establish communications through the system. LTE Security 5

Service-Related Security Requirements in LTE The more service-related security requirements of can be summarized as follows. (S-1) EPS shall allow a network to hide its internal structure from the terminal. (S-2) Security policies shall be under home operator control. (S-3) Security solutions should not interfere with service delivery or handovers in a way noticeable by end users. (S-4) EPS shall provide support for lawful interception. (S-5) Rel-99 (or newer) USIM is required for authentication of the user towards EPS. (S-6) USIM shall not be required for re-authentication in handovers (or other changes) between EPS and other 3GPP systems, unless requested by the operator. (S-7) EPS shall support IP Multimedia Subsystem (IMS) emergency calls (ECs). LTE Security 6

Privacy-Related Security Requirements in LTE The privacy-related requirements can be summarized as follows: (P-1) EPS shall provide several appropriate levels of user privacy for communication, location and identity. (P-2) Communication contents, origin and destination shall be protected against disclosure to unauthorized parties. (P-3) EPS shall be able to hide user identities from unauthorized parties. (P-4) EPS shall be able to hide user location from unauthorized parties, including another party with which the user is communicating. LTE Security 7

5. Emergency Calls LTE Security 8 Legislation dependent How : EPS Security Features 1. Confidentiality of the User and Device Identities The device identity is sent to the network only after security measures have been activated. Temporary identity (GUTI) is assigned and used for subscriber identity. 2. Authentication between the UE and the Network Two-way authentication, i.e., the network authenticates the user and vice-versa 3. Confidentiality & Integrity of User and Signalling Data Confidentiality & integrity protection mechanism for signalling data between the UE and the core network is mandatory while for user data, integrity protection is optional. 4. Platform Security of the enodeb Base station setup and configuration must follow platform security requirements by operator and manufacturer. All keys as well as handling of user and control plane data shall take place inside a secure environment.

How : EPS Security Features.. Contd. 6. Interworking Security Security should be maintained when there is a change from one system to another 7. Network Domain Security (NDS) Its purpose is to protect the traffic between network elements using mutual authentication, data confidentiality and integrity. 8. Lawful Interception A controlled exception to the other security features The conditions of interception are a matter of the legislation of the country 9. IMS Security for Voice over LTE IP Multimedia Subsystem(IMS) is an overlay system for LTE/3G which uses SIP for voice calls over IP-based network. 10. Visibility and Configurability of Security LTE Security Personal Identification Number (PIN) based access control to the UICC 9

EPS Security Architecture EPS security architecture deals with following: - UE endpoint security : MME triggers the authentication and key agreement (AKA) protocol with the UE to generate K ASME Signalling data between the MME and the UE(NAS) is protected using two derived keys Signalling data between enb and UE(AS) is protected using two more derived keys from a key sent by MME User plane (UP) data between the enb and the UE using a third derived key - S1 Interface security : The signalling data transferred between the UE and the MME over the S1-MME interface can be secured using IPsec - LTE X2-interface Security 10 security :

EPS Security Architecture Contd. LTE Security 11

Design Decisions Permanent Security Association A permanent key is stored in USIM in UE and also in AuC (HSS). It is never exchanged or visible outside these modules. Interfaces between UE and HSS/HLR are completely standardized The interface between the ME and the USIM is fully standardized to allow interoperability AuC is considered part of the HSS Reuse of 3G USIMs, but not 2G Authentication & Key agreement (AKA) on EPS is designed to enable reuse of 3G USIMs. 3GPP forbade the use of 3G ME(handset) and 2G SIMs for security advantages. Delegated Authentication The actual authentication procedure is done by MME asking information from the HSS The delegation can also happen in a visited network Cryptographic Network Separation and Serving Network Authentication Involves binding of any EPS-related cryptographic keys, which leave the HSS, to the identity of the serving network LTE Security 12 Prevents a spill-over of the effects of the breach to other networks

Design Decisions..Contd. Reuse of the Fundamental Elements of UMTS AKA Termination Point for Encryption and Integrity Protection Extending from the UE It has been applied in multiple levels with each level having a different end-point User plane security is terminated security at the enb AS security extends between the UE and the enb NAS signalling starts from UE and ends at MME. Homogeneous Security Concept for Heterogeneous Access Networks EPS provides a framework(eap) for connecting heterogeneous access networks to the EPC. EAP allows carrying authentication messages over a variety of transports New key hierarchy and Key separation in Handovers Introduction of a new local master key K ASME obtained from 3Gs (IK, CK) pair Introduction of intermediate key KeNB given to enb from MME, and other keys derived from it. During handovers, the key is modified before forwarding to avoid its derivation in the forwarded element. LTE Security 13

EPS authentication and key agreement (AKA) Initial Attach Message (UE Sec Cap.) LTE Security 14

EPS : Generation of UMTS and EPS authentication vectors AuC LTE Security 15

Verification in the USIM LTE Security 16

Key Hierarchy Each key is generated using the key above it along with some additional parameters. The generation functions are oneway, i.e., the key on lower level cannot be used to derive key on higher level. All key derivations except the one from K to CK, IK are standardized as they happen outside of USIM. All the key derivations carried out in the UE share the same core LTE Security cryptographic function. 17

EPS Key Generation LTE Security 18

NAS Signalling (Integrity and protection) NAS security command is integrityprotected but not ciphered. eksi (evolved Key Set Identifier) used to identify the K ASME The UE can derive the K NASenc and K NASint from K ASME NAS Security Mode Command Procedure Integrity and replay protection for NAS messages is part of the NAS protocol itself. LTE Security 19

AS Level / RRC Signalling and User data AS Security mode is integrity protected. The UE verifies the MAC and replies with Complete/Reject message unciphered. Both user-plane data and RRC signalling are carried over PDCP protocol AS-level integrity and replay protection is verified both in the UE and in the base station. If verification fails at UE, RRC connection re-establishment is used for recovery LTE Security 20

Base Station Enrollment Architecture Manufacturer provided base-station is installed and connected to the network The base station must provide the RA/CA with a proof of possession for the private key Certifying Authority (CA): - Authenticates & authorize base station - Generates/signs certificate for BS Integrity & confidentiality carried over Certificate Management Protocol (CMPv2) LTE Security 21

Emergency Call Handling - Features Features of emergency calls: Regulations on emergency calls vary between different countries, such as whether unauthenticated emergency calls are permitted or not. Regulations of some countries require that it is possible to always make an emergency call with UE, even when there is no valid SIM or USIM. A limited service state, is used to describe situations in which a UE cannot obtain normal service but can only be used for emergency purposes. A voice solution for EPS is provided by IMS ((IP Multimedia Subsystem) also used in VoLTE On the bearer level, there are specific emergency bearers that support IMS emergency sessions. LTE Security 22

Emergency Call Handling - Security Security measures to make normal but still unauthenticated calls: UE in limited service state can only use emergency bearers. Emergency bearers are limited to an emergency APN and a specific emergency-aware PDN GW. This specific PDN GW allows only traffic to and from IMS entities that handle emergency services. The P-CSCF on the IMS side checks that all IMS traffic to and from the specific PDN GW is indeed for emergency purposes and selects a suitable E-CSCF for the further handling of the requests, including finding an appropriate PSAP for the session. LTE Security 23

Open issues/topics Security during mobility Ciphering and encryption algorithms - Null Algorithms - Ciphering algorithms : AES, UEA1, UEA2 (based on SNOW) - Intergrity algorithms : 128-EIA1, 128EIA2 Interworking with GSM and 3G networks - The keys are designed to be backward compatible - Systems are designed to be able to differentiate the mode of operation. Security for Voice over LTE - SIP authentication - IMS AKA procedure LTE Security 24

References - LTE Security, Second Edition By Dan Forsberg, Günther Horn, Wolf-Dietrich Moeller, Valtteri Niemi http://onlinelibrary.wiley.com/book/10.1002/9781118380642 - http://www.3gpp.org/dynareport/33102.htm - Lectures on LTE by Dr. Braun LTE Security 25

THANK YOU! Questions? LTE Security 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback