How To Protect Your Data From Being Stolen On An Lte Network (Mumts) From A Cell Phone Or Ipad (Lte) From Being Hacked On A Cell Network (Umts, Lte) On A Network (Lty)

Similar documents

LTE Security. EventHelix.com. Encryption and Integrity Protection in LTE. telecommunication design systems engineering real-time and embedded systems

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Network Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua

LTE Security How Good Is It?

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

3GPP SAE/LTE Security

LTE and the Evolution to 4G Wireless

Diameter in the Evolved Packet Core

3GPP Long Term Evolution: Architecture, Protocols and Interfaces

Security Analysis of LTE Access Network

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

LTE Attach and Default Bearer Setup Messaging

Security in the Evolved Packet System

Long-Term Evolution. Mobile Telecommunications Networks WMNet Lab

LTE Overview October 6, 2011

Overview of the Evolved packet core network

Enhanced Authentication and Key Agreement Procedure of next Generation 3GPP Mobile Networks

On the Security of 3GPP Networks

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca

SAE and Evolved Packet Core

Evolutionary Trends towards Beyond 3G Mobile Networks

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network

Protocol Signaling Procedures in LTE

Nokia Siemens Networks Flexi Network Server

Single Radio Voice Call Continuity. (SRVCC) with LTE. White Paper. Overview. By: Shwetha Vittal, Lead Engineer CONTENTS

Security Evaluation of CDMA2000

3GPP System Architecture Evolution. ATIS LTE Conference January 26, GPP TSG SA Chairman Stephen Hayes

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils

Evolution of the 3GPP Network Architecture, (the Evolved Packet Core)

LTE X2 Handover Messaging

Architecture Overview NCHU CSE LTE - 1

Long Term Evolution - LTE. A short overview

Voice over IP over LTE (VoLTE) Impacts on LTE access. EFORT

Voice over LTE Telephony on the National Public Safety Broadband Network

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils

Telesystem Innovations. LTE in a Nutshell: Protocol Architecture WHITE PAPER

Security in cellular-radio access networks

Delivery of Voice and Text Messages over LTE

Study of Long Term Evolution Network, its Architecture along with its Interfaces

IP Multimedia System: general aspects and migration perspectives

Priority, Pre-Emption, and Quality of Service

Security Architecture Standardization and Services in UMTS

A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols

TEPZZ 68575_A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks

LTE CDMA Interworking

3GPP Long-Term Evolution / System Architecture Evolution Overview

The LTE Network Architecture

Voice and SMS in LTE White Paper

Introduction to Evolved Packet Core

GSM and UMTS security

4G Mobile Networks At Risk

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications

SOLUTIONS FOR ROAMING AND INTEROPERABILITY PROBLEMS BETWEEN LTE AND 2G OR 3G NETWORKS

Security Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra

1 Introduction Services and Applications for HSPA Organization of the Book 6 References 7

Security and Authentication Concepts

Nationwide Interoperability Framework

3GPP Femtocells: Architecture and Protocols. by Gavin Horn

Single Radio Voice Call Continuity (SRVCC) Testing Using Spirent CS8 Interactive Tester

Contents. Preface. Acknowledgement. About the Author. Part I UMTS Networks

Technical white paper. Enabling mobile broadband growth Evolved Packet Core

How To Understand The Gsm And Mts Mobile Network Evolution

EETS 8316 Wireless Networks Fall 2013

ARIB TR-T V G Security; Generic Authentication Architecture (GAA); System Description (Release 7)

The future of mobile networking. David Kessens

Trends in Mobile Network Architectures 3GPP LTE Mobile WiMAX Next Generation Mobile Networks Dr.-Ing. Michael Schopp, Siemens Networks

UTRA-UTRAN Long Term Evolution (LTE) and 3GPP System Architecture Evolution (SAE)

2G/3G Mobile Communication Systems

Kamakshi Sridhar, PhD Distinguished Member of Technical Staff Director Wireless CTO organization

Chapter 2 Network Architecture and Protocols

Performance validation for the mobile core

ETSI TR V6.1.0 ( )

LTE Performance and Analysis using Atoll Simulation

Public Safety Communications Research. LTE Demonstration Network Test Plan. Phase 3 Part 1: Network Interoperability & Drive Test. Version 2.

UMTS/GPRS system overview from an IP addressing perspective. David Kessens Jonne Soininen

LTE Control Plane on Intel Architecture

Long Term Evolution - LTE L10 Training Programs. Catalog of Course Descriptions

Nokia Siemens Networks Flexi Network Gateway. Brochure

Design and Implementation of a Distributed Mobility Management Entity (MME) on OpenStack

Mobile network evolution A tutorial presentation

How to deal with a thousand nodes: M2M communication over cellular networks. A. Maeder NEC Laboratories Europe andreas.maeder@neclab.

LTE Perspective. Ericsson Inc. Sridhar vadlamudi LTE HEAD, India

On LTE Security: Closing the Gap Between Standards and Implementation

ETSI TS V3.1.0 ( )

ETSI TS V3.6.0 ( )

Network Optimization based on performance and capacity criteria

Migration to LTE: Infrastructure Impact. Maria E. Palamara Director CDMA-LTE Strategy Alcatel-Lucent January, 2009

SIMalliance LTE UICC profile. This document is a collection of requirements for optimal support of LTE/EPS networks by UICC

Performance Analysis and Deployment of VoLTE Mechanisms over 3GPP LTE-based Networks

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

CS Fallback Function for Combined LTE and 3G Circuit Switched Services

ETSI TS V8.0.0 ( ) Technical Specification

Operator-based Over-the-air M2M Wireless Sensor Network Security

Alcatel-Lucent LTE Solution. Edgar Velarde Technical Support Manager May 2011

IP-based Mobility Management for a Distributed Radio Access Network Architecture. helmut.becker@siemens.com

EVERYTHING YOU EVER WANTED TO KNOW ABOUT LTE

Transcription:

3GPP LTE Security Aspects Dionisio Zumerle Technical Officer, 3GPP ETSI 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 1

Contents LTE security architecture Security algorithms Lawful Interception Backhaul Security Relay Node Security 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 2

LTE Security Architecture 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 3

LTE Security: UMTS Security and LTE Architectural impact UMTS security enhancements: Mutual authentication Integrity keys Public algorithms Deeper encryption Longer key length LTE Architecture: Flat architecture Separation of control plane and user plane enodeb instead of NodeB/RNC All-IP network Interworking with legacy and non-3gpp networks Characteristics of LTE Security Re-use of UMTS Authentication and Key Agreement (AKA) Use of USIM required (GSM SIM excluded) Extended key hierarchy Possibility for longer keys Greater protection for backhaul Integrated interworking security for legacy and non-3gpp networks 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 4

AKA and signalling protection UTRAN SGSN GERAN S1-MME S3 MME HSS S6a UE LTE-Uu E-UTRAN S1-U S10 S11 S4 Serving Gateway S12 S5 Confidentiality and integrity for signalling and confidentiality for user plane (RRC & NAS) Confidentiality and integrity for signalling only (NAS) Optional user plane protection (IPsec) 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 5

Authentication and Key Agreement UE enb MME AuC NAS attach request (IMSI) NAS auth request (AUTN, RAND, KSIasme) NAS auth response (RES) NAS SMC (confidentiality and integrity algo) NAS Security Mode Complete RRC SMC (confidentiality and integrity algo) RRC Security Mode Complete S1AP Initial Context Setup AUTH data request (IMSI, SN_id) AUTH data response (AV={AUTN, XRES, RAND, Kasme}) 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 6

Security Algorithms 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 7

LTE Security Algorithms Currently two separate algorithms specified In addition to one NULL algorithm Current keylength 128 bits Possibility to extend to in the future Confidentiality protection of NAS/AS signalling recommended Integrity protection of NAS/AS signalling mandatory User data confidentiality protection recommended Ciphering/Deciphering applied on PDCP and NAS 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 8

COUNT LTE Ciphering and Integrity mechanisms DIRECTION COUNT DIRECTION BEARER LENGTH BEARER LENGTH ciphering KEY EEA KEY EEA KEYSTREAM BLOCK KEYSTREAM BLOCK PLAINTEXT BLOCK CIPHERTEXT BLOCK PLAINTEXT BLOCK Sender Receiver integrity COUNT DIRECTION MESSAGE BEARER COUNT DIRECTION MESSAGE BEARER KEY EIA KEY EIA Sender MAC-I/NAS-MAC XMAC -I/XNAS-MAC Receiver 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 9

128-EEA1/EIA1 Based on SNOW 3G stream cipher keystream produced by Linear Feedback Shift Register (LFSR) and a Finite State Machine (FSM) Different from KASUMI as possible selected during UMTS security design Allows for: low power consumption low gate count implementation in hardware 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 10

128-EEA2/EIA2 AES block cipher Counter (CTM) Mode for ciphering CMAC Mode for MAC-I creation (integrity) Different from SNOW 3G as possible Cracking one would not affect the other Reasons why KASUMI was not re-used: enb already supports AES needs to support AES for NDS/IP Similarity with other non-3gpp accesses (e.g. 802.11i) Other 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 11

128-EEA3/EIA3 Based on Chinese ZUC stream cipher Three-phase evaluation ongoing Public evaluation ongoing! http://zucalg.forumotion.net/ 2 nd International Workshop on ZUC: June 5-6 in Beijing http://www.3gpp.org/call-for-papers-beijing-zuc Network-mandatory/network-optional to be decided 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 12

Deeper Key hierarchy in LTE USIM / AuC UE / HSS UE / ASME K CK, IK K ASME K NASenc UE / MME K NASint K enb K UPint K UPenc K RRCint K RRCenc UE / enb Faster handovers and key changes, independent of AKA Added complexity in handling of security contexts Security breaches local 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 13

Key Derivation HSS SN id, SQN AK CK,IK KDF K ASME MME K enb NH K D F K D F K enb * s KDF NH Physical cell ID, EARFCN-DL K enb RRC-enc-alg, Alg-ID RRC-int-alg, Alg-ID K enb enb enb NAS UPLINK COUNT UP-enc-alg, Alg-ID NAS-enc-alg, Alg-ID NAS-int-alg, Alg-ID UP-int-alg, Alg-ID KDF KDF KDF KDF KDF KDF K NASenc K NASint K UPint K UPenc K RRCint K RRCe nc Trunc Trunc 128 128 Trunc 128 Trunc Trunc 128 128 Trunc 128 K NASenc K NASint K UPint K UPenc K RRCint K RRCenc Key distribution and key derivation scheme for EPS (network side), found in 33.401 Key Derivation Function (KDF) specification can be found in 33.220 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 14

Lawful Interception 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 15

Lawful Interception in 3GPP Cost Political Interception Business Retrieval Handover Analysis Legal process Relations Storage 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 16

Lawful Interception in EPS Context and mechanisms similar to case of UMTS PS Different core entities (ICE, Intercepting Control Elements) ADMF handles requests from Law Enforcement Authorities target identity: IMSI, MSISDN and IMEI X1 interface provisions ICEs and Delivery Functions X2 delivers IRI (Intercept Related Information) X3 delivers CC (Content of Communication) HI1,2,3: Handover Interfaces with law enforcement Convey requests for interception of targets (HI1) Deliver IRI (HI2) and CC (HI3) to LEAs 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 17

EPS LI Architecture UTRAN UE LTE-Uu E-UTRAN GERAN S1-MME S1-U ADMF SGSN MME S10 Mediation Function S3 S11 X1_1 X1_3 X1_2 HSS S6a X2 S4 Serving Gateway Delivery Function 2 Mediation Function S12 X2 Gx PDN Gateway PCRF X3 SGi Delivery Function 3 Mediation Function Rx Operator's IP Services (e.g. IMS, PSS etc.) HI1 HI2 HI3 LEMF 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 18

Backhaul Security 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 19

Backhaul Security Base stations becoming more powerful LTE enode B includes functions of NodeB and RNC Coverage needs grow constantly Infrastructure sharing Not always possible to trust physical security of enb Greater backhaul link protection necessary 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 20

Certificate Enrollment for Base Stations RA/CA SEG Operator root certificate pre-installed. Vendor root certificate pre-installed. CMPv2 IPsec Enrolled base station certificate is used in IKE/IPsec. base station obtains operator-signed certificate on its own public key from RA/CA using CMPv2. base station Vendor-signed certificate of base station public key pre-installed. Picture from 3GPP TS 33.310 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 21

Relay Node Security 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 22

Relay Node Authentication Mutual authentication between Relay Node and network AKA used (RN attach) credentials stored on UICC Binding of Relay Node and USIM: Based on symmetric pre-shared keys, or Based on certificates UE Radio Radio Donor Backhaul Relay enb Core NW 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 23

Relay Node Security Control plane traffic integrity protected User plane traffic optionally integrity protected Relay Node and network connection confidentiality protected Device integrity check Secure environment for storing and processing sensitive data 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 24

Conclusions LTE Security: building on GSM and UMTS Security Newer security algorithms, longer keys Extended key hierarchy New features, addressing new scenarios Backhaul Security Relay Node Security 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 25

Thank You! dionisio.zumerle@etsi.org More Information about 3GPP: www.3gpp.org contact@3gpp.org 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 26

Backup: Selection of 3GPP Security Standards LTE Security: 33.401 System Architecture Evolution (SAE); Security architecture 33.402 System Architecture Evolution (SAE); Security aspects of non-3gpp Lawful Interception: 33.106 Lawful interception requirements 33.107 Lawful interception architecture and functions 33.108 Handover interface for Lawful Interception Key Derivation Function: 33.220 GAA: Generic Bootstrapping Architecture (GBA) Backhaul Security: 33.310 Network Domain Security (NDS); Authentication Framework (AF) Relay Node Security 33.816 Feasibility study on LTE relay node security (also 33.401) Home (e) Node B Security: 33.320 Home (evolved) Node B Security 3GPP 2011 3GPP Workshop, Bangalore, 30 May 2011 27