Professional Documents
Culture Documents
Security Aspects
Dionisio Zumerle
Technical Officer, 3GPP
ETSI
3GPP 2011
1
1
Contents
LTE security architecture
Security algorithms
Lawful Interception
Backhaul Security
Relay Node Security
3GPP 2011
2
2
3GPP 2011
3
3
LTE Security:
UMTS Security and LTE Architectural impact
UMTS security enhancements:
Mutual authentication
Integrity keys
Public algorithms
Deeper encryption
Longer key length
LTE Architecture:
Flat architecture
Separation of control plane and
user plane
eNodeB instead of NodeB/RNC
All-IP network
Interworking with legacy
and non-3GPP networks
3GPP 2011
4
4
GERAN
S3
S1-MME
S6a
MME
S11
S10
LTE-Uu
UE
S12
S4
Serving
Gateway
E-UTRAN
S5
S1-U
Confidentiality and integrity for signalling and confidentiality for user plane (RRC & NAS)
Confidentiality and integrity for signalling only (NAS)
Optional user plane protection (IPsec)
3GPP 2011
5
5
eNB
MME
AuC
3GPP 2011
6
6
Security Algorithms
3GPP 2011
7
7
3GPP 2011
8
8
DIRECTION
BEARER
COUNT
LENGTH
BEARER
EEA
KEY
PLAINTEXT
BLOCK
Receiver
Sender
COUNT
DIRECTION
MESSAGE
Sender
COUNT
BEARER
EIA
KEY
3GPP 2011
ciphering
KEYSTREAM
BLOCK
CIPHERTEXT
BLOCK
integrity
LENGTH
EEA
KEY
KEYSTREAM
BLOCK
PLAINTEXT
BLOCK
DIRECTION
MAC-I/NAS-MAC
DIRECTION
MESSAGE
KEY
BEARER
EIA
XMAC -I/XNAS-MAC
Receiver
9
9
128-EEA1/EIA1
Based on SNOW 3G
stream cipher
keystream produced by Linear Feedback Shift Register
(LFSR) and a Finite State Machine (FSM)
Allows for:
low power consumption
low gate count implementation in hardware
3GPP 2011
10
10
128-EEA2/EIA2
AES block cipher
Counter (CTM) Mode for ciphering
CMAC Mode for MAC-I creation (integrity)
11
11
128-EEA3/EIA3
Based on Chinese ZUC
stream cipher
Network-mandatory/network-optional to be decided
3GPP 2011
12
12
K
CK, IK
UE / HSS
KASME
UE / ASME
KNASenc
KNASint
KeNB
UE / MME
KUPint
KUPenc
KRRCint
KRRCenc
UE / eNB
13
13
Key Derivation
HSS
MME
CK,IK
KeNB
256
SN id, SQN
AK
NH
KDF
K
D
F
256
KeNB*
KeNB
256
eNB
KDF
NH
eNB
256
256
K
D
F
KASME
256
NAS-int-alg,
Alg-ID
KDF
256
KDF
KeNB
RRC-enc-alg, Alg-ID
RRC-int-alg, Alg-ID
UP-enc-alg, Alg-ID
UP-int-alg, Alg-ID
KDF
KDF
KNASenc
KNASint
256
256
128
KNASenc
KDF
KDF
256
256
Trunc
256
Trunc
KUPint
256
Trunc
128
128
KNASint
KUPint
256
256
KUPenc
KRRCint
256
256
Trunc
256
KRRCe
nc
Trunc
128
128
KUPenc
KRRCint
256
Trunc
128
KRRCenc
Key distribution and key derivation scheme for EPS (network side), found in 33.401
Key Derivation Function (KDF) specification can be found in 33.220
3GPP 2011
14
14
Lawful Interception
3GPP 2011
15
15
Cost
Political
Interception
Business
Retrieval
Handover
Analysis
Legal
process
Relations
Storage
3GPP 2011
16
16
3GPP 2011
17
17
EPS LI Architecture
UTRAN
SGSN
HSS
GERAN
S3
S1-MME
S6a
X2
MME
S11
UE
Serving
Gateway
E-UTRAN
S1-U
X1_1
X1_2
SGi
Operator's IP
Services
(e.g. IMS, PSS etc.)
X3
Delivery
Function 3
ADMF
Mediation
Function
PDN
Gateway
X2
X1_3
Rx
Gx
S4
S10
LTE-Uu
PCRF
S12
Delivery
Function 2
Mediation
Function
HI2
HI1
Mediation
Function
HI3
LEMF
3GPP 2011
18
18
Backhaul Security
3GPP 2011
19
19
Backhaul Security
Base stations becoming more powerful
LTE eNode B includes functions of NodeB and RNC
3GPP 2011
20
20
Certificate Enrollment
for Base Stations
RA/CA
SEG
CMPv2
IPsec
base station
Vendor-signed certificate
of base station public key
pre-installed.
3GPP 2011
21
21
3GPP 2011
22
22
Radio
UE
3GPP 2011
Radio
Relay
Donor
eNB
Backhaul
Core
NW
23
23
3GPP 2011
24
24
Conclusions
LTE Security: building on GSM and UMTS Security
Newer security algorithms, longer keys
Extended key hierarchy
New features, addressing new scenarios
Backhaul Security
Relay Node Security
3GPP 2011
25
25
Thank You!
dionisio.zumerle@etsi.org
More
Information
about 3GPP:
www.3gpp.org
contact@3gpp.org
3GPP 2011
26
26
Backup:
Selection of 3GPP Security Standards
LTE Security:
33.401 System Architecture Evolution (SAE); Security architecture
33.402 System Architecture Evolution (SAE); Security aspects of non-3GPP
Lawful Interception:
33.106 Lawful interception requirements
33.107 Lawful interception architecture and functions
33.108 Handover interface for Lawful Interception
Key Derivation Function:
33.220 GAA: Generic Bootstrapping Architecture (GBA)
Backhaul Security:
33.310 Network Domain Security (NDS); Authentication Framework (AF)
Relay Node Security
33.816 Feasibility study on LTE relay node security (also 33.401)
Home (e) Node B Security:
33.320 Home (evolved) Node B Security
3GPP 2011
27
27