3GPP security hot topics: LTE/SAE and Home (e)nb

Similar documents
3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

Evolution to A Common Core

3GPP TS V8.9.0 ( )

Communication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016

ETSI TS V9.3.0 ( ) Technical Specification

SYSTEM ARCHITECTURE WITH E-UTRAN -- 3GPP ACCESS NETWORKS

ETSI TS V ( ) Technical Specification

3GPP Evolved Packet System and Femtocell Technologies

LTE Security How Good Is It?

WiMAX Networking Paradigms Base for heterogeneous networking in IEEE802?

3GPP SA3-5G SECURITY. Major changes in 5G security architecture and procedures Sander de Kievit

MSF Non-3GPP EPS Access Tile. MSF Architecture for Non-3GPP Evolved Packet System (EPS) Access Tile. MSF-LTE-ARCH-non3GPP-EPS-FINAL

Mobile NW Architecture Evolution

DAY 2. HSPA Systems Architecture and Protocols

3GPP TS V ( )

ETSI TS V ( )

IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 1, FIRST QUARTER A Survey on Security Aspects for LTE and LTE-A Networks

2. enodeb Emulator: Simulation of emtc and NB-IoT UE and enodeb conforming to 3GPP Release 13 enhancements for Cellular IoT.

3GPP TS V8.0.0 ( )

ELEC-E7230 Mobile Communication Systems

Dual-Stack Connections in 3GPP Networks. Jari Arkko and Fredrik Garneij, Ericsson

GTP-based S2b Interface Support on the P-GW and SAEGW

Network Architecture for LTE and Wi-Fi Interworking

Survey of security features in LTE Handover Technology

MSF Architecture for 3GPP Evolved Packet System (EPS) Access MSF-LTE-ARCH-EPS-002.FINAL

Virtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017

Basic SAE Management Technology for Realizing All-IP Network

Authenticated Key Management Scheme for Intra-Mme Handover Over LTE Networks

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

LEGAL DISCLAIMERS AND NOTICES

LTE Training LTE (Long Term Evolution) Training Bootcamp, Crash Course

3GPP TS V9.2.0 ( )

Agenda. LTE Data Roaming. Role of IPX as defined by i3forum Manpreet Singh ibasis Inc., a KPN Company.

IPv6 in Mobile Networks and IMS Ericsson NEA Toshikane Oda

Implementation of Enhanced AKA in LTE Network

ETSI TS V ( )

Version LTE Emulators v10.2 Release Notes - Page 1 of 16 - Release Date: Aug 28, Resolved Issues

ETSI TS V8.4.0 ( ) Technical Specification

Wireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013

3GPP TS V8.4.0 ( )

ETSI TS V ( ) Technical Specification

REFERENCE ARCHITECTURE FOR END-TO-END QOS IN HETEROGENEOUS WIRELESS NETWORK ENVIRONMENTS

Support of Multiple Access Technologies in 3GPP

ETSI TS V ( )

Evolving IP-IP Gateways to Multi-Access Convergence Gateways for LTE/SAE Systems

Version NetTest v11.0 Release Notes Page 1 of 19. Release Date: Apr 29, Resolved Issues. Issue

ETSI TS V8.8.0 ( ) Technical Specification

Performance analysis and deployment of VoLTE mechanisms over 3GPP LTEbased

Multiservice Switching Forum Contribution

ETSI TS V ( )

3GPP TR V8.0.0 ( )

SAE The Core Network for LTE

Load Tester v4.0 Release Notes - Page 1 of 6 -

VoLTE with OpenEPC and OpenIMS

ETSI TS V ( )

Path to 5G: A Control Plane Perspective

3GPP TS V ( )

Implementing Cisco Service Provider Mobility LTE Networks ( )

5G voice network evolution aspects. Voice over NR in a 5G System and migration from Evolved Packet System Fallback. Paper 3

Wi-Fi Calling Overview

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

ETSI TS V ( )

Session 5 The e v e o v l o ve v d P a P c a k c e k t e t Co C r o e r (EP E C P ) C : T he a l a l-ip based

Diameter Routing. Use Case Guide

SA WG2 Temporary Document Page 2 - Besides these advantages, it is possible to use the based mechanism to consider aspects such as: Node capabilities

3GPP TR v0.4.0( )

3GPP TS V9.4.0 ( )

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

ETSI TS V (201

ETSI TS V ( )

ETSI TS V ( )

IxLoad EPC Diameter Testing

Mobile Network Evolution Part 2

ETSI TS V (201

NetHawk EAST EPC for Evolved Packet-Core Testing

INTRODUCTION TO LTE. ECE MOBILE COMMUNICATION Monday, 25 June 2018

ETSI TS V (201

Spirent Landslide VoLTE

Securing emerging wireless networks and services

Improved Internet Protocol Multimedia Subsystem Authentication for Long Term Evolution

WiFi Integration in Evolution to 5G networks. Satish Kanugovi WiFi Knowledge Summit, Bangalore March 9, Nokia 2018

ETSI TS V ( ) Technical Specification

ETSI TS V9.3.0 ( ) Technical Specification

System Architecture Evolution

3GPP TS V ( )

3GPP TS V ( )

ETSI TS V8.0.0 ( ) Technical Specification

Mobile Network Evolution Part 2

System Enhancements for Accessing Broadcast Services in All-IP Networks. Motivation

A Review of 3G-WLAN Interworking

Exam Questions 4A0-M02

E. The enodeb performs the compression and encryption of the user data stream.

ETSI TS V ( )

Rethinking Cellular Architecture and Protocols for IoT Communica9on

awaves academy EPS/LTE Training Program In cooperation with GreenlightPM and TheSpecTool TheSpecTool

Working Party 5D LIAISON STATEMENT TO EXTERNAL ORGANIZATIONS ARCHITECTURE AND TOPOLOGY OF IMT NETWORKS

Agenda. Introduction Roaming Scenarios. Other considerations. Data SMS Voice IMS

Network Virtualization Mist to MUST. Ching-Wen Cheng ITRI ICL M

IxLoad EPC Wi-Fi Offload Testing

Improved One-Pass IP Multimedia Subsystem Authentication for UMTS

Transcription:

3GPP security hot topics: LTE/SAE and Home (e)nb Valtteri Niemi 3GPP SA3 (Security) chairman Nokia Research Center, Lausanne, Switzerland Marc Blommaert 3GPP LTE/SAE security rapporteur Devoteam Telecom & Media, Herentals, Belgium 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

Outline Some history and background SAE/LTE security: some highlights Home (e)nodeb security Summary 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 2

Some history and background 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

Some history (1/2) World Class Standards For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new specifications, e.g. TS 33.102 3G security; Security architecture 5 specifications (out of these 19) originated by ETSI SAGE, e.g. TS 35.202 KASUMI specification For Release 4 (frozen 2001), SA3 was kept busy with GERAN security while ETSI SAGE originated again 5 new specifications, e.g. TS 35.205-208 for MILENAGE algorithm set Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.: TS 33.203 IMS security TS 33.210 Network domain security: IP layer 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 4

Some history (2/2) Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.: TS 33.246 Security of MBMS World Class Standards TS 33.220-222 Generic Authentication Architecture Release 7 (frozen 2007): SA3 added 13 new specifications ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl. SNOW 3G spec) (TS 35.215-218, TR 35.919) Release 8 (frozen 2008): SA3 has added 5 new specifications, e.g.: TS 33.401 SAE: Security architecture TS 33.402 SAE: Security with non-3gpp accesses (1-2 more TR s maybe still be included in Rel-8) 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 5

SAE/LTE security: some highlights 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

SAE/LTE: What and why? SAE = System Architecture Evolution LTE = Long Term Evolution (of radio networks) World Class Standards LTE offers higher data rates, up to 100 Mb/sec SAE offers optimized (flat) IP-based architecture Technical terms: E-UTRAN = Evolved UTRAN (LTE radio network) EPC = Evolved Packet Core (SAE core network) EPS = Evolved Packet System ( = RAN + EPC ) 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 7

Implications on security World Class Standards Flat architecture: All radío access protocols terminate in one node: enb IP protocols also visible in enb Security implications due to Architectural design decisions Interworking with legacy and non-3gpp networks Allowing enb placement in untrusted locations New business environments with less trusted networks involved Trying to keep security breaches as local as possible As a result (when compared to UTRAN/GERAN): Extended Authentication and Key Agreement More complex key hierarchy More complex interworking security Additional security for enb (compared to NB/BTS/RNC) 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 8

Authentication and key agreement UTRAN GERAN S1-MME SGSN MME S3 HSS S6a UE LTE-Uu E-UTRAN S1-U S10 S11 S4 Serving Gateway S12 S5 HSS generates authentication data and provides it to MME Challenge-response authentication and key agreement procedure between MME and UE 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 9

Confidentiality and integrity of signalling UTRAN GERAN S1-MME SGSN MME S3 HSS S6a UE LTE-Uu E-UTRAN S1-U S10 S11 S4 Serving Gateway S12 S5 RRC signalling between UE and E-UTRAN NAS signalling between UE and MME S1 interface signalling protection is not UE-specific optional to use 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 10

User plane confidentiality World Class Standards UTRAN GERAN S1-MME SGSN MME S3 HSS S6a UE LTE-Uu E-UTRAN S1-U protection is not UE-specific (Enhanced) network domain security mechanisms (based on IPsec) Optional to use Integrity is not protected for various reasons, e.g.: performance S1-U S10 S11 S4 Serving Gateway limited protection for application layer S12 S5 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 11

Cryptographic network separation (1/2) USIM / AuC K UE / HSS UE / ASME CK, IK K ASME Network id K NASenc K NASint K enb UE / MME K UPenc K RRCint K RRCenc UE / enb 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 12

Cryptographic network separation (2/2) Authentication vectors are specific to the serving network AV s usable in UTRAN/GERAN cannot be used in EPS AV s usable for UTRAN/GERAN access cannot be used for E- UTRAN access Solution by a separation bit in AMF field On the other hand, Rel-99 USIM is sufficient for EPS access ME has to check the separation bit (when accessing E-UTRAN) As one consequence, EAP-AKA was created in IETF 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 13

Handovers without MME involvement (1/2) USIM / AuC UE / HSS UE / ASME K CK, IK K ASME K NASenc K NASint K enb UE / MME K UPenc K RRCint K RRCenc UE / enb 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 14

Handovers without MME involvement (2/2) Handovers are possible directly between enb s for performance reasons If keys would be passed as such, all enb s in a HO chain would know all the keys one compromised enb would compromise all enb s in the HO chain Countermeasures: One-way function used before key is passed (Backward security) MME is involved after the HO for further key passes (Forward security, effective after two hops) When MME involved already during the HO, Forward security is effective already after one hop 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 15

K enb derivations World Class Standards 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 16

Interworking with UTRAN/GERAN (1/2) UE may be registered in both SGSN and MME simultaneously when moving from one system (source) to the other (target) both cached keys (created earlier in the target system) and mapped keys (converted from the keys in the source system) may exist Note: cached keys only for Rel-8 SGSN, not for legacy SGSN 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 17

Interworking with UTRAN/GERAN (2/2) Idle mode transition From E-UTRAN to UTRAN: either mapped or cached keys are used (depending on the identity used in Routing Area Update Request) From UTRAN to E-UTRAN: cached keys are used but an exceptional case exists also Handover From E-UTRAN to UTRAN: mapped keys are used From UTRAN to E-UTRAN: mapped keys are used but it is possible to activate the cached keys after HO completed (using key-change-onthe-fly procedure) 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 18

Inter-working with non-3gpp networks (1/2) HSS SWx HPLMN 3GPP Access S6a Serving Gateway S5 Gxc S2a PDN Gateway S2b Gx PCRF Gxb epdg SWn SGi Rx S6b SWm Operator's IP Services (e.g. IMS, PSS etc.) 3GPP AAA Server Non-3GPP Networks Trusted Non-3GPP IP Access Gxa SWu Untrusted Non-3GPP IP Access UE SWa STa Extract from TS 23.402 (one of several architecture figures) 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 19

Inter-working with non-3gpp networks (2/2) Three options for mobility between 3GPP and non-3gpp networks: Proxy Mobile IP: no user-specific security associations between the Proxy and Home Agent Client MIPv4: tailor-made security mechanisms are used Dual Stack MIPv6: IPsec with IKEv2 is used between UE and HA IPsec tunnel (with evolved Packet Data Gateway) is used in case the non-3gpp network is untrusted by the operator (of EPS network) Authentication is run by EAP-AKA or EAP-AKA procedures, in both cases based on USIM 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 20

Home (e) Node B security 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

Home (e)nb architecture World Class Standards UE HeNB insecure link SGW Operator s core network OAM One of the key concepts: Closed Subscriber Group Figure from draft TR 33.820 Note: Rest of the talk: Home (e)nb denoted by HeNB 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 22

Threats Compromise of HeNB credentials e.g. cloning of credentials Physical attacks on HeNB e.g. physical tampering Configuration attacks on HeNB e.g. fraudulent software updates Protocol attacks on HeNB e.g. man-in-the-middle attacks Attacks against the core network e.g. Denial of service Attacks against user data and identity privacy e.g. by eavesdropping Attacks against radio resources and management 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 23

Several sources of Security Requirements (Additional) requirements for enb due to SAE/LTE security architecture (TS 33.401) Requirements stemming from threats due to home placement (TR 33.820) Requirements due to Closed Subscriber Group concept 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 24

Countermeasures World Class Standards Mutual authentication between the HeNB and the (rest of) network Security tunnel establishment for backhaul link Trusted Environment inside HeNB e.g. secure execution Access Control mechanisms (for Closed Subscriber Groups) Security mechanisms for OAM Hosting party authentication (if used) with Hosting Party Module etc.. 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 25

Summary 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

SAE/LTE security Summary New architecture and business environment require enhancements to 3G security Radio interface user plane security terminates in base station site Cryptographic separation of keys Forward/backward security in handovers Different security mechanisms in many inter-working cases with both 3GPP and non-3gpp access networks Home (e)nb security New architecture with more exposed locations of NB s New types of threats Many new countermeasures needed 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 27

For more information: www.3gpp.org 4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback