How To Protect Your Data From Being Stolen On An Lte Network (Mumts) From A Cell Phone Or Ipad (Lte) From Being Hacked On A Cell Network (Umts, Lte) On A Network (Lty)

Transcription

1 3GPP LTE Security Aspects Dionisio Zumerle Technical Officer, 3GPP ETSI 3GPP GPP Workshop, Bangalore, 30 May

2 Contents LTE security architecture Security algorithms Lawful Interception Backhaul Security Relay Node Security 3GPP GPP Workshop, Bangalore, 30 May

3 LTE Security Architecture 3GPP GPP Workshop, Bangalore, 30 May

4 LTE Security: UMTS Security and LTE Architectural impact UMTS security enhancements: Mutual authentication Integrity keys Public algorithms Deeper encryption Longer key length LTE Architecture: Flat architecture Separation of control plane and user plane enodeb instead of NodeB/RNC All-IP network Interworking with legacy and non-3gpp networks Characteristics of LTE Security Re-use of UMTS Authentication and Key Agreement (AKA) Use of USIM required (GSM SIM excluded) Extended key hierarchy Possibility for longer keys Greater protection for backhaul Integrated interworking security for legacy and non-3gpp networks 3GPP GPP Workshop, Bangalore, 30 May

5 AKA and signalling protection UTRAN SGSN GERAN S1-MME S3 MME HSS S6a UE LTE-Uu E-UTRAN S1-U S10 S11 S4 Serving Gateway S12 S5 Confidentiality and integrity for signalling and confidentiality for user plane (RRC & NAS) Confidentiality and integrity for signalling only (NAS) Optional user plane protection (IPsec) 3GPP GPP Workshop, Bangalore, 30 May

6 Authentication and Key Agreement UE enb MME AuC NAS attach request (IMSI) NAS auth request (AUTN, RAND, KSIasme) NAS auth response (RES) NAS SMC (confidentiality and integrity algo) NAS Security Mode Complete RRC SMC (confidentiality and integrity algo) RRC Security Mode Complete S1AP Initial Context Setup AUTH data request (IMSI, SN_id) AUTH data response (AV={AUTN, XRES, RAND, Kasme}) 3GPP GPP Workshop, Bangalore, 30 May

7 Security Algorithms 3GPP GPP Workshop, Bangalore, 30 May

8 LTE Security Algorithms Currently two separate algorithms specified In addition to one NULL algorithm Current keylength 128 bits Possibility to extend to in the future Confidentiality protection of NAS/AS signalling recommended Integrity protection of NAS/AS signalling mandatory User data confidentiality protection recommended Ciphering/Deciphering applied on PDCP and NAS 3GPP GPP Workshop, Bangalore, 30 May

9 COUNT LTE Ciphering and Integrity mechanisms DIRECTION COUNT DIRECTION BEARER LENGTH BEARER LENGTH ciphering KEY EEA KEY EEA KEYSTREAM BLOCK KEYSTREAM BLOCK PLAINTEXT BLOCK CIPHERTEXT BLOCK PLAINTEXT BLOCK Sender Receiver integrity COUNT DIRECTION MESSAGE BEARER COUNT DIRECTION MESSAGE BEARER KEY EIA KEY EIA Sender MAC-I/NAS-MAC XMAC -I/XNAS-MAC Receiver 3GPP GPP Workshop, Bangalore, 30 May

10 128-EEA1/EIA1 Based on SNOW 3G stream cipher keystream produced by Linear Feedback Shift Register (LFSR) and a Finite State Machine (FSM) Different from KASUMI as possible selected during UMTS security design Allows for: low power consumption low gate count implementation in hardware 3GPP GPP Workshop, Bangalore, 30 May

11 128-EEA2/EIA2 AES block cipher Counter (CTM) Mode for ciphering CMAC Mode for MAC-I creation (integrity) Different from SNOW 3G as possible Cracking one would not affect the other Reasons why KASUMI was not re-used: enb already supports AES needs to support AES for NDS/IP Similarity with other non-3gpp accesses (e.g i) Other 3GPP GPP Workshop, Bangalore, 30 May

12 128-EEA3/EIA3 Based on Chinese ZUC stream cipher Three-phase evaluation ongoing Public evaluation ongoing! 2 nd International Workshop on ZUC: June 5-6 in Beijing Network-mandatory/network-optional to be decided 3GPP GPP Workshop, Bangalore, 30 May

13 Deeper Key hierarchy in LTE USIM / AuC UE / HSS UE / ASME K CK, IK K ASME K NASenc UE / MME K NASint K enb K UPint K UPenc K RRCint K RRCenc UE / enb Faster handovers and key changes, independent of AKA Added complexity in handling of security contexts Security breaches local 3GPP GPP Workshop, Bangalore, 30 May

14 Key Derivation HSS SN id, SQN AK CK,IK KDF K ASME MME K enb NH K D F K D F K enb * s KDF NH Physical cell ID, EARFCN-DL K enb RRC-enc-alg, Alg-ID RRC-int-alg, Alg-ID K enb enb enb NAS UPLINK COUNT UP-enc-alg, Alg-ID NAS-enc-alg, Alg-ID NAS-int-alg, Alg-ID UP-int-alg, Alg-ID KDF KDF KDF KDF KDF KDF K NASenc K NASint K UPint K UPenc K RRCint K RRCe nc Trunc Trunc Trunc 128 Trunc Trunc Trunc 128 K NASenc K NASint K UPint K UPenc K RRCint K RRCenc Key distribution and key derivation scheme for EPS (network side), found in Key Derivation Function (KDF) specification can be found in GPP GPP Workshop, Bangalore, 30 May

15 Lawful Interception 3GPP GPP Workshop, Bangalore, 30 May

16 Lawful Interception in 3GPP Cost Political Interception Business Retrieval Handover Analysis Legal process Relations Storage 3GPP GPP Workshop, Bangalore, 30 May

17 Lawful Interception in EPS Context and mechanisms similar to case of UMTS PS Different core entities (ICE, Intercepting Control Elements) ADMF handles requests from Law Enforcement Authorities target identity: IMSI, MSISDN and IMEI X1 interface provisions ICEs and Delivery Functions X2 delivers IRI (Intercept Related Information) X3 delivers CC (Content of Communication) HI1,2,3: Handover Interfaces with law enforcement Convey requests for interception of targets (HI1) Deliver IRI (HI2) and CC (HI3) to LEAs 3GPP GPP Workshop, Bangalore, 30 May

18 EPS LI Architecture UTRAN UE LTE-Uu E-UTRAN GERAN S1-MME S1-U ADMF SGSN MME S10 Mediation Function S3 S11 X1_1 X1_3 X1_2 HSS S6a X2 S4 Serving Gateway Delivery Function 2 Mediation Function S12 X2 Gx PDN Gateway PCRF X3 SGi Delivery Function 3 Mediation Function Rx Operator's IP Services (e.g. IMS, PSS etc.) HI1 HI2 HI3 LEMF 3GPP GPP Workshop, Bangalore, 30 May

19 Backhaul Security 3GPP GPP Workshop, Bangalore, 30 May

20 Backhaul Security Base stations becoming more powerful LTE enode B includes functions of NodeB and RNC Coverage needs grow constantly Infrastructure sharing Not always possible to trust physical security of enb Greater backhaul link protection necessary 3GPP GPP Workshop, Bangalore, 30 May

21 Certificate Enrollment for Base Stations RA/CA SEG Operator root certificate pre-installed. Vendor root certificate pre-installed. CMPv2 IPsec Enrolled base station certificate is used in IKE/IPsec. base station obtains operator-signed certificate on its own public key from RA/CA using CMPv2. base station Vendor-signed certificate of base station public key pre-installed. Picture from 3GPP TS GPP GPP Workshop, Bangalore, 30 May

22 Relay Node Security 3GPP GPP Workshop, Bangalore, 30 May

23 Relay Node Authentication Mutual authentication between Relay Node and network AKA used (RN attach) credentials stored on UICC Binding of Relay Node and USIM: Based on symmetric pre-shared keys, or Based on certificates UE Radio Radio Donor Backhaul Relay enb Core NW 3GPP GPP Workshop, Bangalore, 30 May

24 Relay Node Security Control plane traffic integrity protected User plane traffic optionally integrity protected Relay Node and network connection confidentiality protected Device integrity check Secure environment for storing and processing sensitive data 3GPP GPP Workshop, Bangalore, 30 May

25 Conclusions LTE Security: building on GSM and UMTS Security Newer security algorithms, longer keys Extended key hierarchy New features, addressing new scenarios Backhaul Security Relay Node Security 3GPP GPP Workshop, Bangalore, 30 May

26 Thank You! More Information about 3GPP: 3GPP GPP Workshop, Bangalore, 30 May

27 Backup: Selection of 3GPP Security Standards LTE Security: System Architecture Evolution (SAE); Security architecture System Architecture Evolution (SAE); Security aspects of non-3gpp Lawful Interception: Lawful interception requirements Lawful interception architecture and functions Handover interface for Lawful Interception Key Derivation Function: GAA: Generic Bootstrapping Architecture (GBA) Backhaul Security: Network Domain Security (NDS); Authentication Framework (AF) Relay Node Security Feasibility study on LTE relay node security (also ) Home (e) Node B Security: Home (evolved) Node B Security 3GPP GPP Workshop, Bangalore, 30 May