Session 5 The e v e o v l o ve v d P a P c a k c e k t e t Co C r o e r (EP E C P ) C : T he a l a l-ip based

Similar documents
DAY 2. HSPA Systems Architecture and Protocols

System Architecture Evolution

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

Simulation of LTE Signaling

LTE Security How Good Is It?

Communication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016

UMTS Addresses and Identities Mobility and Session Management

POWER-ON AND POWER-OFF PROCEDURES

E. The enodeb performs the compression and encryption of the user data stream.

MSF Architecture for 3GPP Evolved Packet System (EPS) Access MSF-LTE-ARCH-EPS-002.FINAL

07/08/2016. Sami TABBANE. I. Introduction II. Evolved Packet Core III. Core network Dimensioning IV. Summary

LTE EPC Emulators v10.0 Release Notes - Page 1 of 15 -

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

ETSI TS V ( )

GTP-based S2b Interface Support on the P-GW and SAEGW

5G NSA for MME. Feature Summary and Revision History

3GPP security hot topics: LTE/SAE and Home (e)nb

Mobile Network Evolution Part 2

IxLoad LTE Evolved Packet Core Network Testing: enodeb simulation on the S1-MME and S1-U interfaces

3GPP TS V ( )

UMTS System Architecture and Protocol Architecture

Mobile NW Architecture Evolution

Basic SAE Management Technology for Realizing All-IP Network

Temporary Document Page 2 - switches off, the allocated resources and PCC rules information of PDN GWs used by the UE in non- network will not be dele

ETSI TS V8.3.0 ( ) Technical Specification

Dedicated Core Networks on MME

Virtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017

Exam Questions 4A0-M02

Certkiller 4A0-M02 140q

5G Non Standalone for SAEGW

1.1 Beyond 3G systems

Dedicated Core Networks on MME

LTE Training LTE (Long Term Evolution) Training Bootcamp, Crash Course

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

Mobile Network Evolution Part 2

3GPP TS V ( )

MME SGW PGW. 17-Feb-14 21:15 (Page 1) This sequence diagram was generated with EventStudio Sytem Designer -

3GPP TS V9.3.0 ( )

Delivery of Voice and Text Messages over LTE 13 年 5 月 27 日星期 一

Small Data over NAS, S11-U and SGi Interfaces

Quality of Service, Policy and Charging

LTE Radio Interface Architecture. Sherif A. Elgohari

Direct Tunnel for 4G (LTE) Networks

Version LTE Emulators v10.2 Release Notes - Page 1 of 16 - Release Date: Aug 28, Resolved Issues

ELEC-E7230 Mobile Communication Systems

ETSI TS V ( )

ETSI TS V (201

3GPP TS V ( )

Configuring GPRS Tunneling Protocol Support

A TUTORIAL ON THE FUNTIONALITY ON CORE NETWORK MOBILITY JATINDER JASBIR SINGH. Presented to the Faculty of the Graduate School of

Agenda. Introduction Roaming Scenarios. Other considerations. Data SMS Voice IMS

INTRODUCTION TO LTE. ECE MOBILE COMMUNICATION Monday, 25 June 2018

3GPP TS V ( )

Test Plan for LTE Interoperability

3GPP TS V9.5.0 ( )

3GPP. 3GPP Roadmap. Release 99 Release 4 Release 5 Release 6 Release 7 Release 8. Khaled Alutaibi

Dimensioning, configuration and deployment of Radio Access Networks. part 1: General considerations. Mobile Telephony Networks

Multi-RAT Heterogeneous Networks. Presenter: S. Vasudevan, Technical Manager, Advanced Technology Standards

ETSI TS V9.2.0 ( ) Technical Specification

3GPP TS V ( )

Operator Policy. What Operator Policy Can Do. A Look at Operator Policy on an SGSN

This chapter describes the support of Non-IP PDN on P-GW and S-GW.

T325 Summary T305 T325 B BLOCK 2 4 PART III T325. Session 1 Block III Part 2 Section 2 - Continous Network Architecture. Dr. Saatchi, Seyed Mohsen

AAA Server-provided 3GPP-User-Location-Information Support

Access Restriction based on Regional Zone Code

GGSN Pooling Support for Firewalls

3GPP TS V9.2.0 ( )

3GPP TS V ( )

5G NSA(Non-Standalone Architecture)

Virtual Mobile Core Placement for Metro Area BY ABHISHEK GUPTA FRIDAY GROUP MEETING NOVEMBER 17, 2017

Delivery of Voice and Text Messages over LTE

LEGAL DISCLAIMERS AND NOTICES

3gpp Based LTE Network Architecture for Broad band Wireless Communication

S11U Interface Support on S-GW for CIoT Devices

ETSI TS V (201

ETSI TS V ( )

Interoperability Test Plan for LTE Wireless Devices

3GPP TS V ( )

SA WG2 Temporary Document Page 2 - Besides these advantages, it is possible to use the based mechanism to consider aspects such as: Node capabilities

show mme show mme-service all This chapter includes the show mme command output tables.

3GPP TS V ( )

3GPP TS V ( )

WIRELESS SYSTEM AND NETWORKING

ETSI TS V9.1.0 ( ) Technical Specification

3GPP TS V ( )

New service standardisation approach

Requirement Plan Plan Name: LTE_Data_Retry Plan Id: LTEDATARETRY Version Number: 31 Release Date: June 2018

End-to-end IP Service Quality and Mobility - Lecture #6 -

3G TS V3.1.0 ( )

GPRS and UMTS T

show mme show mme-service all This chapter includes the show mme command output tables.

REFERENCE ARCHITECTURE FOR END-TO-END QOS IN HETEROGENEOUS WIRELESS NETWORK ENVIRONMENTS

P-GW Service Configuration Mode Commands

ETSI TS V8.3.0 ( ) Technical Specification

ETSI TS V ( )

LTE Backhaul Considerations. June 25,

ETSI TS V8.6.0 ( ) Technical Specification

Network Architecture for LTE and Wi-Fi Interworking

ETSI TS V9.2.0 ( ) Technical Specification

Architecture and Protocols of EPC-LTE with relay

Transcription:

Session 5 The evolved Packet Core (EPC): The all-ip based Core Network of LTE ITU ASP COE Training on Technology, Standardization and Deployment of Long Term Evolution (IMT) Sami TABBANE 9-11 December 2013 Islamic Republic of Iran 1

Agenda 1. User Plane Overview 2. LTE Interfaces 3. LTE Identities 4. LTE/EPC Bearers 5. Network Entities 6. Backhauling and Backbone 7. Security 2

Network and protocol architecture 1. User plane Overview 3

User plane Overview User plane Traffic Architecture: Cost efficient 2 types of nodes architecture Fully meshed approach with tunneling mechanism over IP transport network Iu Flex approach Access Gateway(AGW) Enhanced Node B(ENB) 4

User plane Overview S1-flex Mechanism Allows: Network redundancy, Load sharing of traffic across network elements in the CN, the MME and the SGW, Creates poolsof MMEs and SGWs, Each enbconnected to multiple MMEs and SGWs in a pool. 5

MME Pooling S1 Flex Flexible architecture S1 Flex + MME Pooling network redundancy and traffic load sharing S1Flex:eNBcanconnecttoamaximumof16MMEs In practice geographical redundancy is desired, connecting each enb to 2 MMEs, in different locations. 6

Multiple Operator Core Network MOCN service providers can have separate core networks (MME, SGW, PDN GW) and E-UTRAN(eNBs) jointly shared. Enabled by the S1-flex mechanism (each enb can be connected to multiple core networks entities). 7

Network sharing benefits 8

Network and protocol architecture 2. LTE Interfaces 9

LTE-SAE network interfaces HSS PCRF IP networks Gr S6 S7 S4 SGi SAE GW S2a/b SGSN S3 MME S11 Gb Iu CP Iu UP Iu CP S1 CP 2G networks 3G networks LTE networks non 3GPP networks 10

LTE-SAE network interfaces S1-flex: enb (enhanced Node B) and agw (access Gateway) multipointto-multipoint links, X2: inter-enbs direct interface for HO management and RRM. GGSN, SGSN and RNC elements: unique and central node ACGM (Access Core Gateway) or a-gw (in 3GPP LTE/SAE, agw refers to the Serving Gateway(SGW)). A-GW: terminates control and used planes for UE and manages the core network features implemented in the GGSN and SGSN in Release 6. UE Control plane protocol similar to Release 6 RRC (Radio Resource Control): mobility control and radio bearer configuration. ACGW user plane: header compression, ciphering, integrity and ARQ 11

Core Network Interface Two interfaces: S1 for the control plane X2 for the user plane Inter-eNode Bs X2 interface (includes Control and user planes) 12

E-UTRAN Network interfaces Interfaces User plane carries user data and high layers signaling: Voice and data packets Application level signaling (SIP, SDP or RTCP (Real-time Transport Control Protocol) packets) Before transmission on S1 interface, user plane packets are transmitted to the transport layer without processing, Control plane is linked to the messages and procedures related to the interface operation: Handover management control messages Bearer control messages 13

E-UTRAN Network interfaces Interfaces Physical layer (part of the transport layer) is common to the user and control planes, Control plane signaling: more constraints in terms of security, reliability and data loss, User plane information: less secured routing protocols S1 and X2 interfaces specified by the 3GPP enodebofvariousvendorsmaybe: Interconnected through X2 interface ConnectedtotheMMEorS-GW(S1interface). 14

E-UTRAN Network interfaces S1 interface: user plane User plane S1 interface or S1-U: Carries user data packets between enodeb and Serving GW, Uses GTP (GPRS Tunneling Protocol) inherited from 2G/GPRS and 3G/UMTS networks top of UDP/IP, with user data encapsulation, No flow control, no error control and no data delivery guaranteed. 15

GTP All variants of GTP have certain features in common. The structure of the messages is the same, with a GTP header following the UDP/TCP header. GTPv1 headers contain the following fields: + Bit 0-2 3 4 5 6 7 8-15 16-23 24-31 0 Version Protocol type Reserved Extension Header Flag Sequence Number Flag 32 TEID N-PDU Number Flag Message Type Total length 64 Sequence number N-PDU number Next extension header type Version: 3-bit field. For GTPv1, this has a value of 1. Protocol Type (PT): 1-bit value that differentiates GTP (value 1) from GTP' (value 0). Reserved a 1-bit reserved field (must be 0). Extension header flag (E): 1-bit value that states whether there is an extension header optional field. Sequence number flag (S): 1-bit value that states whether there is a Sequence Number optional field. N-PDU number flag (PN): 1-bit value that states whether there is a N-PDU number optional field. Message Type: 8-bit field to indicate the type of GTP message. Different types of messages are defined in 3GPP TS 29.060 section Length a 16-bit field that indicates the length of the payload in bytes (rest of the packet following the mandatory 8-byte GTP header). Includes the optional fields. Tunnel endpoint identifier (TEID): 32-bit(4-octet) field used to multiplex different connections in the same GTP tunnel. Sequence number: optional 16-bit field. Exists if any of the E, S, or PN bits are on. N-PDU number: optional 8-bit field. This field exists if any of the E, S, or PN bits are on. Next extension header type: optional 8-bit field. This field exists if any of the E, S, or PN bits are on. 16

GTP principle 17

E-UTRAN Network interfaces S1 interface: Control plane Control plane S1 interface, or S1-C: signaling interface supporting a set of features and procedures between enodeb and MME, 4 main groups S1-C signaling procedures: Bearer related procedures: bearer establishment, change and release, Handover procedures: all S1 features related to the mobility of the users between enodebs or with the 2G/3G technologies, NAS (Non Access Stratum) signaling transfer: signaling between a terminal and MME, through S1 interface(enodeb transparent signaling), Paging procedure: used for MT sessions (the MME request from enodeb topageaterminalinagivencell) 18

Network and protocol architecture 3. LTE Identities 19

User Identities International Mobile Subscriber Identity (IMSI) allocated to each mobile subscriber in every (GSM, UMTS, and EPS) system. VLRs, SGSNs and MMEs may allocate Temporary Mobile Subscriber Identities(X-TMSI) for subscriber identity confidentiality. An MS may be allocated three TMSIs through the: VLR (TMSI) SGSN (P-TMSI) MME (S-TMSI, M-TMSI, part of GUTI, Globally Unique Temporary UE Identity). 20

User Identities IMSI is composed of three parts: Mobile Country Code (MCC) consisting of three digits, Mobile Network Code (MNC) consisting of two or three digits for GSM/UMTS applications. Mobile Subscriber Identification Number (MSIN) identifying the mobile subscriber within a PLMN. National Mobile Subscriber Identity (NMSI) = MNC and NMSI. 21

User Identities Temporary Mobile Subscriber Identity (TMSI) structure and coding is chosen by agreement between operator and ME manufacturer in order to meet local needs. The TMSI consists of 4 octets. It can be coded using a hexadecimal representation. The network shall not allocate a TMSI with all 32 bits equal to 1, because TMSI must be stored in the SIM, and SIM uses 4 octets with all bits equal to 1 to indicate that no valid TMSI is available. Globally Unique Temporary UE Identity (GUTI ): unambiguous identification of the UE that does not reveal the UE or the user's permanent identity in the Evolved Packet System (EPS). It allows the identification of the MME and network. GUTI=GUMMEI + M-TMSI, where GUMMEI= MCC + MNC + MME Identifier MME Identifier = MME Group ID + MME Code MCC and MNC shall have the same field size as in earlier 3GPP systems. M-TMSIshall be of 32 bits length. MME Group ID shall be of 16 bits length. MME Code shall be of 8 bits length. 22

LTE Identities ID Meaning Description Structure IMSI PLMN ID International Mobile Subscriber Identity Public Land Mobile Network Identifier Unique identification of mobile (LTE) subscriber Network (MME) gets the PLMN of the subscriber Unique identification of PLMN MCC Mobile Country Code assigned by ITU MNC Mobile Network Code assigned by National Authority Mobile Subscriber MSIN assigned by operator Identification Number GUTI TIN S-TMSI Globally Unique Temporary UE Identity Temporary Identity used in Next Update SAE Temporary Mobile Subscriber Identity To identify a UE between the UE and the MME on behalf of IMSI for security reason GUTI is stored in TIN parameter of UE s MM context. TIN indicates which temporary ID will be used in the next update. To locally identify a UE in short within a MME group (Unique within a MME Pool) IMSI (not more than 15 digits) = PLMN ID + MSIN = MCC + MNC + MSIN PLMN ID (not more than 6 digits) = MCC + MNC 3 digits 2 or 3 digits 9 or 10digits GUTI (not more than 80 bits) = GUMMEI + M- TMSI TIN = GUTI S-TMSI (40 bits) = MMEC + M-TMSI 23

LTE Identities ID Meaning Description Structure MME Mobile M-TMSI Unique within a MME 32 bits Subscriber Identity GUMMEI Globally Unique MME Identity To identify a MME uniquely in global GUTI contains GUMMEI MMEI MME Identifier To identify a MME uniquely within a PLMN Operator commissions at enbmmei MMEGI MME Group Identifier Unique within a PLMN MMEC MME Code To identify a MME uniquely within a MME Group. S-TMSI contains MMEC8 C-RNTI Cell-Radio Network Temporary Identifier To identify an UE uniquely in a cell IMEI International Mobile To identify a ME (Mobile Equipment) Equipment Identity uniquely To identify a ME (Mobile Equipment) IMEI/SV IMEI/Software Version uniquely ECGI E-UTRAN Cell Global Identifier To identify a Cell in global (Globally Unique) EPC can know UE location based of ECGI GUMMEI (not more than 48 bits)= PLMN ID + MMEI MMEI (24 bits) = MMEGI + MMEC 16 bits 8 bits 0x0001 ~ 0xFFF3 (16 bits) IMEI (15 digits) = TAC + SNR + CD IMEI/SV (16 digits) = TAC + SNR + SVN ECGI (not more than 52 bits) = PLMN I D+ ECI 24

LTE Identities ECI ID Meaning Description Structure E-UTRAN Cell ECI (28 Bits) = enb ID To identify a Cell within a PLMN Identifier + Cell ID PGW ID PDN GW Identity TAI TAC TAI List Tracking Area Identity Tracking Area Code Tracking Area Identity List To identify a specific PDN GW (P- GW) HSS assigns P-GW for PDN (IP network) connection of each UE To identify Tracking Area Globally uniquetai To indicate enbto which Tracking Area the enb belongs (per Cell) Unique within a PLMN16 UE can move into the cells included in TAL list without location update (TA update) Globally unique IP address (4 bytes) or FQDN (variable length) TAI (not more than 32 bits) = PLMN ID + TAC P-GW 16 bits Variable length 25

LTE Identities ID Meaning Description Structure To identify an PDN (IP network), that mobile data user wants to communicate with PDN ID PDN Identity (APN) is used to PDN Identify= APN = Packet Data Network determine the P-GW and point of APN.NI + APN.OI Identity interconnection with a PDN (variable length) With APN as query parameter to the DNS procedures, the MME will receive a list of candidate P-GWs, and then a P- GW is selected by MME with policy EPS Bearer ID E-RAB ID DRB ID LBI TEID Evolved Packet System Bearer Identifier E-UTRAN Radio Access Bearer Identifier Data Radio Bearer Identifier Linked EPS Bearer ID Tunnel End Point identifier To identify an EPS bearer (Default or Dedicated) per an UE4 To identify an E-RAB per an UE To identify a DRB per an UE 4 bits 4 bits 4 bits To identify the default bearer associated with a dedicated EPS bearer 4 bits To identify the end point of a GTP 32 bits tunnel when the tunnel is established 26

LTE Identities 27

Control Plane Protocols 4. Network Entities 28

MME MME host the following functions: NAS signaling security AS security control Inter CN node signaling for mobility between 3GPP access networks Tracking Area list management PDN GW and Serving GW selection MME selection for handovers with MME change SGSN selection for handovers to 2G or 3G 3GPP access networks Roaming Authentication Bearer management functions including dedicated bearer establishment Support PWS(which includes ETWS and CMAS) message transmission UE reachability in idle state(including control and paging retransmission) 29

S-GW Serving Gateway(S-GW) hosts the following functions: The local Mobility Anchor point for inter-enb handover Mobility anchoring for inter-3gpp mobility E-UTRAN idle mode downlink packet buffering and initiation of network tri ggered service request procedure Lawful Interception Packet routeing and forwarding Transport level packet marking in the uplink and the downlink Accounting on user and QCI granularity for inter-operator charging ULandDLchargingperUE,PDN,andQCI 30

P-GW PDN Gateway hosts the following functions: Per-user based packet filtering(by e.g. deep packet inspection) Lawful Interception UE IP address allocation Transport level packet marking in the downlink UL and DL service level charging, gating and rate enforcement DL rate enforcement based on APN-AMBR Credit control for online charging Note The S-GW and P-GW are usually integrated in the same equipment (direct tunnel). Physical separation is done in the case of roaming. 31

PCRF HSS PCRF (Policy Control and Charging Rules Function) - Policy control decision-making, - Control the flow-based charging functionalities in the Policy Control Enforcement Function (PCEF), which resides in the P-GW - Provides the QoS authorization (QoS class identifier [QCI] and bit rates) that decides how a certain data flow will be treated in the PCEF and ensures that this is in accordance with the user s subscription profile. HSS (Home Subscriber Server) - Contains users SAE subscription data such as the EPS-subscribed QoS profile and any access restrictions for roaming - Holds information about the PDNs to which the user can connect (in the form of an access point name (APN) (which is a label according to DNS naming conventions describing the access point to the PDN) or a PDN address (indicating subscribed IP address(es)) - Holds dynamic information such as the identity of the MME to which the user is currently attached or registered - Integrates the authentication center (AUC), which generates the vectors for authentication and security keys. 32

LTE Entity Functions Summary RR: Radio Resource RRC: Radio Resource Control EMM: Evolved Mobility Management ECM: Evolved Connection Management 33

Network and protocol architecture 5. LTE/EPC Bearers 34

Control plane protocols Radio Protocol Stack Overview 35

RRC Overview (1/2) Main RRC services and functions: System Information Broadcast: Through the logical channel BCCH Related to the access network (Settings related to the radio) or core network(plmnidentity,...) Paging: Through the PCCH(logical channel) Establishment, maintenance and release of an RRC connection between the UE and E-UTRAN: Allocation of temporary identifiers between UE and E-UTRAN Configuration of signaling radio bearer(s) for RRC connection Security functions including key management, Mobility functions including: UE measurement reporting for handover RRC talks directly with PHY to obtain measurement results UE cell selection and reselection and control of cell selection and reselection 36

RRC Overview (2/2) Transmission of signaling messages to and from the EPS: NAS Messages (Non Access Stratum) handled transparently by the RRC (Radio Resource Control): control information exchanged between UE and E-UTRAN E-UTRAN RRC significantly simplified compared to UTRAN: Reduction in the number of messages 37

Default/Dedicated Bearer Default Bearer vs Dedicated Bearer A default bearer carries all kinds of traffic (no filter) without QoS. It is typically created during the Attach procedure A dedicated bearer carries a specific data flow, identify by the TFT (Traffic Flow Template), with a given QoS. Ex.: Voice, streaming Can be established: During the Attach procedure (depending on the user profile) After the Attach procedure, on demand. 38

Default/Dedicated bearer 39

Default/Dedicated Bearer When the UE establishes a PDN Connection this creates a logical end to end "pipe" between the UE and the PGW. The UE is assigned an IP address (IPv4 or IPv6) and the default bearer is setup (always best effort). If the UE requires some QoSdifferent than best effort, a dedicated bearer can be setup. This will be a necessity for voice services over LTE for example but could also be used when a streaming session is setup, or a Skype session etc. The network knows that a dedicated beareris needed by DPI, most likely by the PCRFnode. 40

DPI (Deep Packet Inspection) DPI = HW and SW solution that: Monitors a network's data stream, Identifies protocols and applications, inappropriate URLs, intrusion attempts and malware DPI inspects, reassembles and decompresses incoming packets, analyzes the code and passes data to appropriate applications and services. If malicious URLs or code are detected, the system can block them entirely. DPI can also be used by service providers to offer subscribers different levels of access (such as type of usage, data limits or bandwidth level), comply with regulations, prioritize traffic, adjust loads and gather statistical information. DPI can recognize applications as data passes through the system, allocating each the resources they need. 41

Default Bearer QoS Control Total volume limit exceeded Agg gregated bandwidth Cell capacity Aggregated load in the cell Normal users THP=2 THP=2 THP=2 THP=3 Heavy user Heavy users are dynamically downprioritized at network congestion 42

Network and protocol architecture 6. Mobile Backhaul /Backbone 43

Wireless Backhaul Access Network Handset, PDA or Laptop Copper Fiber Carrier Base Station Mobile Switching Office (provisioning, call routing, etc) Public Switched Telephone Network Source: Fibertower Investor Presentation, April 2008. Three Main Transport Methods Copper (T1s) Fiber Microwave Copper/Fiber Hybrid Solution Copper TDM great for voice, not so great for data Fiber Ethernet great for data, allows transition to VOIP 44

Wireless Backhaul Infrastructure Trends Fiber quickly replacing copper to meet LTE bandwidth requirements Point-to-point microwave backhauled to fiber to save cost -Ethernet over E1 driving savings, greater data flow and greater reliability 45

LTE Architecture: Mobile backhaul trends Convergence of backhaul/backbone In 2G/3G mobile networks, the BSC/RNC perform RRM. They reside at the local switch and the connection between the base station and the controllers is enabled via the backhaul network. The backbone network is not involved and can be functionally separate, being utilized primarily for interconnection of switch. Mobile backhaul is increasingly becoming a strategic investment for service providers (source: World Mobile Backhaul Infrastructure Market, Frost & Sullivan, February 2009) and hence the need for flexibility is ever growing. 46

LTE Architecture: The Mobile broadband backhaul Broadband Mobile Network Evolution Backhaul systems designed to serve LTE deployments should address three basic requirements: Higher capacities: Backhaul to a single site should be able scale to 100Mbps and even beyond Lower Latencies: The requirement for 10 millisecond endto-end leads to select a solution that supports extremely low latency AllIP:SupportIPtrafficfromtheget-go. 47

Examples of microwave capacities BridgeWave Description Distance Capacity 80 GHz Fast Ethernet extended range 125Mbps Up to 4 Miles(KM) wireless bridge Upgrade to Gig-E 80 GHz Fast Ethernet extended range 125Mbps Up to 5 Miles(8.0KM) wireless bridge Upgrade to Gig-E 80 GHz Fast Ethernet medium range wireless bridge Up to 5 miles(8 km) 100 Mbps 80 GHz Fast Ethernet medium range Up to 6 miles(9.7 km) wireless bridge 100 Mbps 80 GHz Fast Ethernet medium range wireless bridge Up to 4 miles( km) 1000 Mbps 80 GHz Fast Ethernet medium range wireless bridge Up to 5 miles(8 km) 1000 Mbps 80 GHz AdaptRate 100/1000 Mbps extended range wireless bridge Up to 5 miles(8 km) 100/1000 Mbps 80 GHz AdaptRate 100/1000 Mbps extended range wireless bridge Up to 6 miles(9.7 km) 100/1000 Mbps 48

Summary The E-UTRAN The E-UTRAN consists of enodebs which provide E-UTRA user plane (PDCP/RLC/MAC/PHY) and control plane (RRC) protocol terminations toward the user equipment(ue). The enbs are interconnected with each other by means of the X2 interface. The enbs connected through S1 interface to the Evolved Packet Core (EPC), more specifically to the Mobility Management Entity (MME) by means of the S1-MME interface and to the Serving Gateway (SGW) by means of the S1-U interface. The EPC(Evolved Packet Core) The LTE architecture defines the Evolved Packet System (EPS) as a combination of the LTE access system(radio part) and an IP-based core network, the Evolved Packet Core(EPC). The EPC is an all-ip mobile core network for LTE, allowing the convergence of packet-based realtime and non-real-time services. All EPS transactions are IP-based: from the mobile handsets, over enode Bs, across the EPC, and throughout the application domain, for both IMS and non-ims. The EPC is a multi-access core IP-based network that enables operators to deploy and operate one common packet core network for 3GPP radio access (LTE, 3G, and 2G) and non-3gpp radio access (HRPD, WLAN, and WiMAX), and fixed access(ethernet, DSL, cable and fiber) LTE Architecture 49

Control Plane Protocols 7. Security 50

Security Aspects and parameters in LTE Security concerns: As UMTS, UE authentication (USIM: 128 bits key imposed); The internal signaling protection (integrity), signaling and traffic encryption; Additional signaling encryption for RRCandNAS. Safety is enhanced by protecting all entities Hierarchical protection (UE, enb, ASME, HSS, AuC); Ensure transport security on all interfaces. USIM / AuC UE / HSS UE / MME K UPenc K RRCenc K RRCint K NASenc K NASint enodeb RRC K CK, IK K ASME UE / enb IPsec K NASenc K NASint K enb S-GW MME K UPenc K RRCint K RRCenc ASME: Access Security Mangement Entity 51

Security Aspects and parameters in LTE Main changes and additions for security in LTE versus 3G: Introduction of a hierarchical key system in which keys can be changed for different purposes, Separation of the security functions for the NAS, Introduction of the concept of forward security: limits thesecurityissueswhenadisclosedkeyisused Additional security functions for 3G and LTE network interconnection 52

Security Aspects and parameters in LTE Characteristics Re-use of UMTS Authentication and Key Agreement (AKA) Use of USIM required (GSM SIM excluded) Extended key hierarchy Longer keys Greater protection for backhaul Integrated interworking security for legacy and non-3gpp networks 53

Security Aspects in LTE Encryption is performed at the enodeb. MSPs (Mobile Services Provider) should support encryption within the transport network, especially if using third-party backhaul transport providers or public Internet transport. IPSec tunneling between the enodeb and the security gateway used to secure data and provide QoS to manage the security centrally. 54

Security Aspects and parameters in LTE NAS security NAS messages, UEand MMEscope. NAS message communication between UE and MME are Integrityprotected and Ciphered with extra NAS security header. AS security RRC and user plane data, UEand enbscope. PDCP layer in UE and enb side responsible for ciphering and integrity. RRC messages integrity protected and ciphered but U-Plane data is only ciphered. Different Security algorithms (integrity/ciphering) Integrity (EIA: EPS Integrity Algorithm) 0000 EIA0 Null Integrity Protection algorithm 0001 128-EIA1 SNOW 3G 0010 128-EIA2 AES Ciphering (EEA: EPS Encryption Algorithm) 0000 EEA0 Null ciphering algorithm 0001 128-EEA1 SNOW 3G based algorithm 0010 128-EEA2 AES based algorithm 55

Security Aspects and parameters in LTE Key/parameters distribution in LTE nodes AMF(Authentication Management Field) SQN(Sequence Number) 56

Key hierarchy Faster handovers and key changes, independent of AKA Added complexity in handling of security contexts USIM / AuC K UE / HSS CK, IK UE / MME K ASME K NASenc K NASint UE / enb K enb K UPenc K RRCint K RRCenc ASME: Access Security Mangement Entity 57

Security Aspects and parameters in LTE Security aspects in LTE 58

Security Aspects and parameters in LTE AKA procedure 59

Security Aspects and parameters in LTE LTE Ciphering and Integrity Algorithms 60

Security Aspects and parameters in LTE Security keys for AS (Access Stratum) User data and control Different from those used in EPC. enodebkeys: K enb : Derived by the terminal and the MME from K ASME ('Master Key') and issued by the MME in enodeb( Master Key ) K enb is used to derive the AS traffic keys and handover key K enb * K enb* : Derived from the terminal and the source from enodeb K enb or valid NH (Next Hop) Duringthe handover, the terminal and the target enodebderive a new K enb * from K enb 61

Security Aspects and parameters in LTE K UPenc : Derived from K enb and used to encrypt the user plane K RRCint : Derived from K enb and usedto ensure the integrity of RRC message K RRCenc : DerivedfromK enb and usedto encryptrrc messages NextHop (NH): Intermediate key used to derive K * enb during intra-lte handover security The NCC (NextHop ChainingCounter)determines if the next K * enb must be based on a current K * enb or fresh NH: If no freshnh availabletargetpci (PhysicalCellIdentity) + K enb FreshNH Target PCI + NH 62

Security Aspects and parameters in LTE Keys derivation scheme 63

Security Aspects and parameters in LTE LTE: Initial Attach K RES, Ck, Ik - Have I seen it before? ATTACH REQUEST (IMSI, SUPPORTED_ALGS) enb - Does AUTN come from HSS? 1. Check Π(AES1(K, RAND), SQN, AUTN)) 2. RES = AES2(K, RAND) 3. (Ck, Ik) = AES3(K, RAND) - Verify OK - Switch on security RES Derive K ASME, K enb... [ OK ] RAND, AUTN OK, SELECTED_ALG, SUPPORTED_ALGS MME AUTH VECT REQUEST (IMSI) RAND, XRES, AUTN, K ASME HSS RAND = RANDOM() Check: RES == XRES?? SQN = SQN + 1 AUTN = AES1(K, RAND, SQN) RES = AES2(K, RAND) (Ck, Ik) = AES3(K, KA RAND) K ASME = F(Ck, Ik,...) F Ke KN-int KN-enc K K enb Protected signaling Protected traffic K enb F KeUP-enc KeRRC-int KeRRC-enc 64

Backhauling Security Technologies: IP/MPLS(Backbone), Metro Ethernet(Backhaul) IETF has defined a suite of security protocols: Internet Protocol Security or IPsec. Provide end-to-end security at the packet processing layer to protect the network and higherlayer applications. Secures communications on a host-to-host, network-to-network and network-to-host basis. Ipsec authenticates and encrypts each IP packet within a communications session. IPsec tunnel with BGP/MPLS IPVPN 65

Thank you 66

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback