You are on page 1of 32

Do

c. code

Huawei LTE Security Solution

Issue

Draft B

Date

2015-08-27

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2009. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without
prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other
trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the commercial contract made
between Huawei and the customer. All or partial products, services and features described in this
document may not be within the purchased scope or the usage scope. Unless otherwise agreed by
the contract, all statements, information, and recommendations in this document are provided “AS
IS” without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in
the preparation of this document to ensure accuracy of the contents, but all statements,
information, and recommendations in this document do not constitute the warranty of any kind,
express or implied.

Huawei Technologies Co., Ltd.
Address:

Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com

1
1 Executive Summary....................................................................4
2 Introduction.............................................................................. 5
3 Security Solution........................................................................ 7
3.1 Huawei LTE Security Solution Architecture....................................................................................7
3.2 Huawei LTE Security Solution Highlight.........................................................................................8

4 Wireless Security...................................................................... 10
4.1 Integrity Protection...........................................................................................................................10
4.2 Encryption..........................................................................................................................................11
4.3 Keys Generation...............................................................................................................................13
4.4 Initial Security Activation Procedure..............................................................................................14
4.5 Security Activation Procedure during a Handover......................................................................15

5 Transport Security....................................................................17
5.1 Whole-Process Certificate Management......................................................................................18
5.2 Certificate-based Transport Security Mechanism.......................................................................21
5.3 Certificate-Based eNodeB Deployment in Secure Network Solutions....................................25

6 eNodeB Equipment and OM Security..............................................30
6.1 Equipment Security..........................................................................................................................30
6.2 OM Security......................................................................................................................................32

7 Conclusion.............................................................................38
8 Acronyms and Abbreviations.......................................................39

Contents

and OM security solution. DoS attack or even interruption of services. eNodeB equipment security solution. . it needs to be protected against threats that can affect the normal work and communication of the entire network. This white paper introduces Huawei complete LTE security solutions that help you efficiently protect and guarantee the normal work of your LTE network from the factory phase (eNodeB implementation) to the operation phase.1 Executive Summary Security issues have always been the main drawbacks of IP networking. lack even of the most basic mechanisms for security. including installation phase. Therefore. LTE naturally inherit of TCP/IP protocols security issues. such as authentication or encryption. Back to 1982. since IP is short on features that are needed or desirable on insecure network. TCP/IP protocols. and some successful cases to show the solutions maturity. This growth has created problems with security. The complete security solution is divided into wireless security solution. information modification or loss. As an all-IP based access technology. but it gradually became a gigantic global network connecting people of all types. transport security solution. A non-secured LTE network could lead to information disclosure. TCP/IP was initially designed for a small network connecting a small community of researchers. which are wrapped together with the overall solution’s highlight. the basis of today's network.

which is described as follow:  All-IP network: LTE is using IP protocols that are visible in the eNodeB. corruption and modification. or loss of information and/or other resources Disclosure of information Interruption of services Figure 1 shows the LTE system architecture and security threats.  Provide more data throughput: the more the data throughput. the more the security risks. LTE will embrace new business environments with less trusted network.  Flat architecture: the eNodeBs are directly connected to the core network.805 the five basic security threats over an LTE network can be listed as follows:      Destruction of information and/or other resources Corruption or modification of information Theft. According to ITU-T X.800 and ITU-T X. extra security measures and solutions are required and needed to be taken to prevent communicated data from disclosure of information. Table 1: LTE AS and NAS security associations There is no requirement for data protection for a user plane tunneled between the eNB and S-GW above network transport layer.  Interworking with legacy networks as well with non-3GPP networks.  As the most attractive mobile technology. confidentiality and integrity protection for signaling and user data is limited to Uu (interface between an UE and the eNodeB) interface as shown in the Table 1.2 Introduction Security issues in LTE are drawn from the network structure itself. Therefore.  The eNodeB is allowed to be placed in non-trusted locations. From standardization point of view. removal. and this leads to security issues directly in the eNodeB. .

OM channel. the eNodeB equipment plane. X2. . and the OM plane.Figure 1: LTE system architecture and security threats According to the Figure 1. the interfaces that are susceptible to security threats are the wireless plane (Uu interface). the transport plane (S1. and Clock channel).

As shown in Table 2.805. The security dimensions are sets of security measures designed to protect system. the complete security solution includes wireless plane. and OM plane security solutions. The Table 2 shows the relevant planes of the eNodeB and the corresponding security solutions. eNodeB equipment plane. IPSec. The security architecture is in accordance with ITU-T Recommendation X.2 Huawei LTE Security Solution Highlight 3. the security system refers to the eNodeB. transport plane.3 Security Solution 3. Security system Security Solution Wireless plane Integrity Protection and Encryption Transport plane PKI. and consists of the following three parts: security threats. In this white paper.1x .1 Huawei LTE Security Solution Architecture Huawei LTE security strategy is to keep security breaches as local as possible. the security systems are objects to be protected by the security dimensions. Figure 2: eNodeB security architecture The security threats are risky factors that possibly exist in the system or affect the security in normal operation of the system.1 Complete Security Solution Huawei LTE security solution provides operator with a complete security solution that gives series of security dimensions dealing with different security threats over the entire network. 802.2. security dimensions and security system as shown in Figure 2. 3.

1x. NTP security authentication.eNodeB equipment Plane Integrated firewall function. and so on. such as the running status.3 3. automatically authenticate itself and establish an IPSec tunnel with the security gateway. operator has access to a complete secure audit solution through which. Table 2: security system and security solution 3.5 Comprehensive Security Audit Solution By querying logs. Huawei eNodeB can be connected to two security gateways through one primary IPSec tunnel.7 Support of IPSec and ACL for IPv6 Environment Huawei eNodeB supports IPSec encryption and authentication on the selected data flows with ACL under IPv6. the eNodeB will automatically search for the relevant security information including the certificates first. .2. physical security. 3. 3. Log and alarms. 3. and certificate based transport security mechanisms. After powered on. it can check the security status and security related information of the system. and user operations on M2000 or eNodeB. and secure storage. digital signature of software. It is implemented in two phases: factory phase and operation phase. The whole process of the eNodeB automatic secure deployment is described in the section 5.2.2. OM plane User Authentication and access control.2 Whole-process Certificate Management Huawei whole-process digital certificate management is a PKI-based end-to-end digital certificate management scheme that provides operator with automatic eNodeB secure deployment.3 Certificate-Based Transport Security Mechanism Huawei transport security features such as IPSec. SSL.2.4 eNodeB Automatic Secure Deployment Huawei eNodeB supports automatic secure deployment (PnP). and SSL are based on digital certificate authentication.6 IPSec tunnel Backup To enhance the security reliability.2. system security situation.2. access control based on 802. 3. and one secondary IPSec tunnel used as backup.

defined in R11 is optional and refers to ZUC algorithm. where as encryption applies to both control plane and data plane. Integrity protection consists of integrity protection performed by the sending end and integrity verification by the receiving end.1 Integrity Protection Integrity protection is used to prevent unauthorized modification of data on Control Plane (CP). including KEY. the security keys generation. BEARER. Integrity protection and encryption are performed on Uu interface to prevent the communication data from information disclosure. and integrity protection application could add some overhead to the transmitted data.401 (reference document 3GPP TS 33. since packet loss is tolerable on UP. AES and SNOW3G feature the same integrity performance. as shown in Figure 3. The priorities of the eNodeB integrity algorithms are operator configurable.  AES based algorithm  SNOW 3G based algorithm  ZUC: Zu Chongzhi algorithm (eRAN6. the integrity verification is successful.0): indicate that ZUC integrity protection is used. 128-EIA3. The MAC-I is attached to the RRC signaling and sent as a part of the PDCP PDU. ZUC has the lowest priority. If the X-MAC and the MAC-I are the same. the user authentication between the UE and the core network. If the X-MAC and MAC-I are different.4 Wireless Security Wireless security ensures the security of the data transmitted or exchanged over the Uu interface (the interface between an eNodeB and the UE). The Integrity protection algorithm is configured by RRC signaling. 4. As part of wireless plane security. The sending end uses the negotiated integrity protection algorithm to compute a MAC-I for an RRC signaling message based on the input parameters. the initial security activation. In this section of the white paper. the receiving end inputs the same integrity protection parameters as the sending end. since it belongs to the core network. modification and corruption. and the eNodeB and UE must support the 128-EIA1 and 128-EIA2 algorithms according to 3GPP TS 33. The receiving end compares the X-MAC with the MAC-I attached to the RRC signaling (or PDCP SDU for the Relay enodeB). DIRECTION. It is performed on the PDCP layer. and applies only to the Control Plane. Integrity protection is performed before encryption and only applies to the data on control plane. . and then generates the X-MAC through the integrity protection algorithm. COUNT (Hyper-Frame Number (HFN) and PDU’s PDCP SN). The eNodeB supports four integrity protection algorithms:  Null algorithm: indicates that integrity protection is not applied. After receiving the RRC signaling.401). the data is modified and the integrity verification is not successful. will not be covered in this white paper. and the security mechanism activation during a handover will also be described. Note that integrity is not defined for the User Plane (UP) by 3GPP.

Error: Reference source not found Figure 3: Integrity Protection 4. and it is performed on the PDCP layer. only the PDCP Service Data Unit (SDU) is ciphered. On CP. The eNodeB and UE must support the EEA0. defined in R11 is optional and refers to ZUC algorithm.401). and then. On UP plane.401 (reference document 3GPP TS 33.2 Encryption The encryption procedure consists of ciphering and deciphering. as shown in Figure 4 for both CP and UP data. the CP data and MAC-I are ciphered. and 128-EEA2 algorithms according to 3GPP TS 33. 128-EEA1. 128-EEA3. the integrity protection is firstly performed. but only integrity protection is performed on the RRC signaling that is used for activating the security mode. no encryption. Moreover. Figure 4: Encryption .

The receiving end inputs the same encryption parameters as the sending end. to ensure the safety of the keys. including Key. the receiving end performs the Exclusive-OR operation on the Cipher text and Key stream to generate the Plaintext. During a handover. NH (Next Hop) is used by the UE and eNodeB to derive KeNodeB*. the NH is derived from the previous NH. In addition. target physical cell number. and Length. .3 Keys Generation Keys are important input for the procedures of encryption and integrity protection. and DL EARFCN (E-UTRA Absolute Radio Frequency Channel Number). KRRC enc is the key used to encrypt the RRC signaling. the NCC is used to synchronize the key chain between the UE and the eNodeB. the keys on the UE side and eNodeB side should be consistent. KUP enc. it can help to determine whether the next KeNodeB* is derived from current KeNodeB or the new NH. NCC (Next Hop Chaining Count) counts the number of times that the NH is generated. Then. KeNodeB* is used by the UE and target eNodeB as a new KeNodeB. whereas encryption and integrity protection algorithms can only change during handovers. Figure 5: key derivation scheme for encryption and integrity protection        KeNodeB is used for generating KRRC int. To guarantee correct ciphering and deciphering. ZUC has the lowest priority. It is derived by the UE and MME separately from the top-layer key of the E-UTRAN when an initial connection is set up. KUP enc is the key used to encrypt the UP data. the NH is derived by the UE and MME from KeNodeB. or from the new NH. the sending end performs the Exclusive-OR operation on the Plaintext and Keystream to generate the Cipher text. A generated key can change during handovers or during RRC Re-connection. It is derived by the UE and eNodeB from KeNodeB.0) The priorities of the eNodeB ciphering algorithms are operator configurable and can be set on the eNodeB. The eNodeB supports four encryption algorithms:     Null algorithm AES based algorithm SNOW 3G based algorithm ZUC: Zu Chongzhi algorithm (eRAN6. KeNodeB* is generated during a handover. the eNodeB ciphers downlink data and deciphers uplink data. Encryption and integrity protection have three keys: a key for integrity protection of RRC signaling. When a security context is setup. they are derived by the UE and the eNodeB separately instead of being sent over the Uu interface. The same Key stream is generated through the EEA. After a handover. The Keystream is generated through the EPS Encryption Algorithm (EEA). The key derivation scheme is shown in Figure 5. In this way. since to encrypt or decrypt the data. 4. During a handover. Count. The sending end inputs the encryption parameters. RRC configures the encryption algorithm and key for all the wireless bearers such as SRB (Signaling Radio Bearer) and DRB (Data RB). KRRC enc.When the encryption function is enabled. It is derived by the UE and eNodeB from KeNodeB. It is derived by UE and source eNodeB from KeNodeB. Bearer. AES and SNOW3G feature the same encryption performance. Then. and verification of the data integrity. It is derived by the UE and eNodeB from KeNodeB. and a key for encryption of UP data. a key for encryption of RRC signaling. KRRC int is the key used to protect the integrity of RRC signaling. Direction.

Note that the process is the same as a handover through S1 interface. otherwise the security activation fails. 4. and sends KeNodeB together with UE security capability to the eNodeB. Then.  After activation. the eNodeB performs integrity protection and then encryption on the CP data. The process of security activation is shown in the below Figure 6. the integrity protection and encryption functions are activated.  The eNodeB generates KUP enc. KRRC enc based on KeNodeB and the selected security algorithms.  The eNodeB sends a Security Mode Command message. However. the security related parameters are sent from the source eNodeB to the target eNodeB. integrity protection and encryption are not performed on data when the UE initiates an emergency call. whereas it performs only encryption on the UP data. which contains the security mode parameters. Figure 7 shows the security activation process during a handover through X2 interface. Null algorithms are used. It configures the corresponding encryption parameters and integrity parameters for the PDCP layer. to the UE through SRB1. KRRC int.4. and consequently. UE security capability includes the supported encryption and integrity algorithms.5 Security Activation Procedure during a Handover During a handover. Figure 6: initial security activation procedure When an RRC connection is being set:  The MME generates KeNodeB and NH. .  If a security complete message is received from the UE.4 Initial Security Activation Procedure The security mode is activated when an RRC connection is being set up (after the set up of SRB1 and before the set up of SRB2 and DRB) to enable the encryption and integrity protection. the security activation is successful.

and configures PDCP (Packet Data Control Protocol) with security parameter that will be generated after handover. KeNodeB is used to generate KeNodeB*. The target eNodeB uses the transferred KeNodeB* as the KeNodeB.Figure 7: security activation procedure during a handover through X2          The source eNodeB generates KeNodeB* based on NH or KeNodeB. The target eNodeB sends to the souce eNodeB the Handover Request Acknowledgement message. The target eNodeB uses the security parameters that are obtained after handover to perform integrity protection and encryption on the RRC signaling and UP data. derives the keys for integrity and encryption of the RRC signaling and key for encryption of UP data. The security parameters that are obtained after handover are used for the integrity protection and encryption of the RRC Connection Reconfiguration Complete message. Upon receiving the Path Switch Request message. which contains the NCC of the source eNodeB and the selected security algorithms. The UE uses its own KeNodeB and received NCC to generate KeNodeB*. The derived keys are used on the UE side. and sent it to the target eNodeB through X2 interface together with the UE security context that includes the UE security capability. will choose the most appropriate encryption and integrity protection algorithms from its configured priority list of encryption and integrity algorithms based on UE security capability. the UE configures the PDCP with the security parameters that will be generated after the handover. which contains the NCC and security algorithms provided by the target eNodeB. According to its selected encryption and integrity protection algorithm. target physical cell number. Whether to use NH or KeNodeB to generate KeNodeB* depends on whether or not the NH on the source eNodeB is used. it sends the RRC Connection Reconfiguration Complete message to the target eNodeB. The source eNodeB sends to the UE the RRC Connection Reconfiguration message. If the NH is used. The target eNodeB sends the Path Switch Request message to inform the MME of the handover completion. When the UE has performed the handover successfully. the UE derives the integrity key and encryption key of RRC signaling and the encryption key of UP data. And according to its supported security algorithm and KeNodeB*. NCC. and DL EARFCN (Downlink E-UTRA Absolute Radio Frequency Channel Number). . and KeNodeB*. the MME adds 1 to the NCC and generates the new NH based on the original NH. The security parameters obtained before the handover are only used for the integrity protection and encryption of the RRC Connection Reconfiguration message sent in this procedure. If NH is not used. after receiving the handover request message that contains the security context. then it is used to generate KeNodeB* The target eNodeB.

The target eNodeB sends the UE Context Release message to the source eNodeB to order the source eNodeB to release the UE context If the target eNodeB does not receive the Path Switch Request Acknowledge message. and therefore the target eNodeB can only use KeNodeB to generate KeNodeB* in the next handover. The message contains the new NCC and NH. the NCC and NH of the target eNodeB are not updated. .   The MME sends the Path Switch Request Acknowledgement message to the target eNodeB. which could be used in the next handover. The target eNodeB saves the new NCC and NH.

automatic secure eNodeB deployment using the intelligent PnP process. the PKI certificate mechanism provides an infrastructure for secure and standardized key management.   Factory phase: the factory CA issues factory equipment certificates. and certificate management between the NE and the PKI server. Figure 8: Huawei transport security architecture 5. distribution. The certificate preset in the eNodeB includes equipment certificate and Huawei root certificate. . and certificate-based intelligent eNodeB secure deployment scheme as shown in the Figure 8. The whole-process certificate management scheme provides PKI certificate management mechanism according to the customer requirements and Huawei delivery capacity.1 Basic Concepts of PKI The core of the PKI mechanism lies in the certificate. certificate-based transport mechanism. and Certificate Revocation List (CRL) are issued on the security information dedicated website. The certificate-based transport mechanism and certificate-based intelligent PnP process are applications based on the whole-process certificate management scheme.1 Whole-Process Certificate Management To support certificate-based transport security mechanism. Compared to the user name and symmetric encryption. The PKI mechanism involves the NEs that use the certificate. It is based on the asymmetrical key algorithm. transport security solutions based on Public Key Infrastructure are implemented in the eNodeB. Huawei provides the whole-process certificate management solution. and serves as the foundation and core for establishing the network security system. The core of the PKI mechanism lies in the management of digital certificate (public key). 5.5 Transport Security To protect and ensure the security of the network equipments and the transport network. Public Key infrastructure (PKI) is a mechanism that provides information security services. The root certificate. The solutions include wholeprocess certificate management scheme. including the issue. . Huawei certificates are compliant with ITU-T X509 standards. and cancellation of the certificate. which is implemented in two phases: factory phase and operation phase. PKI server (CA and CRL server) for certificate management. update.1. and automatic eNodeB certificate management based on the whole-process certificate management scheme. Operation phase: operations in this phase involve eNodeB installation.

and the CRL. Each equipment certificate corresponds to a unique hardware. and according to operator strategy. After obtaining the CRL.  The equipment is stolen or discarded. 2. the root certificate. such as the issue. .  Certificate Authority (CA): supports certificate management. For example. Network Element (NE) They are three types of files that are used in the network elements: the equipment certificate. including CA and CRL server. the security gateway (SeGW) uses the root certificate to verify the eNodeB. The Equipment certificate of the eNodeB is stored in the main control board and bound with its ESN (Electronic serial Number). It is used to verify the validity of the equipment certificate issued by the CA. Figure 10: certificate verification using the preset root certificate CRL: a certificate must be revoked before it expires when any one of the following situations occurs:  The equipment location changes  The private key corresponding to the certificate is disclosed or enhanced. the NE checks the validity of the certificates. Root certificate: indicates the equipment certificate of the CA. update. The operations comply with the Certificate Management Protocol version 2 (CMPv2). Huawei provides both direct NE-CA interaction and indirect NE-CA interaction as shown in the Figure 11. and each main control board is preset with an equipment certificate before delivery to ensure the validity of the Huawei eNodeB.   Equipment certificate: indicates the identity of the NE and the validity of the equipment during authentication. CRL records the revoked certificates. determines whether to trigger the related alarms or disconnect itself.Figure 9: basic concept of Public key Infrastructure 1. and revocation of certificates. PKI System PKI server is a certificate management device.

Indirect NE-CA interaction: The M2000 acts as an agent.Figure 11: NE and CA supported interaction methods  Direct NE-CA interaction: The eNodeB interacts with the CA directly using CMPv2. Certificate update: a certificate has a lifetime. the equipment is stolen or discarded. Certificate revocation: A certificate must be revoked before it expires when any one of the following situations occurs: the equipment location changes. which are the factory phase and the operation phase.   CRL server: maintains the CRL. Factory phase . update. and it must be replaced before its expiration. and root certificate of factory CA are issued on the Web portal server. Certificate Management The certificate management involves operations including certificates application. The direct NE-CA interaction is recommended for networking. The CMPv2 is recommended to facilitate the management.1. the eNodeB is preset with a unique equipment certificate. and revocation.2 Certificate Management Solutions Figure 12 shows the two phases of certificate management.    Certificate application: the NE generates and sends certificate application file to the CA. the operator obtains CRL. A revoked certificate is published on the CRL server. Figure 12: the two phases of certificate management 1. CRL. the private key corresponding to the certificate is disclosed or enhanced. Certificate management on the eNodeB can be implemented manually or using CMPv2. In the factory phase. CA and M2000 uses CMP interface. and eNodeB and M2000 uses Huawei-defined interfaces. The CA issues an equipment certificate to the NE according to the application file. 5. The NE obtains the CRL through the LADP or FTP periodically. 3. and root certificate of factory CA from the Web portal and check them against the certificate preset by the factory to verify the validity of the eNodeB. In the operation phase. Huawei recommend to use the Direct NE-CA interaction for certificate mangement.

Enable PnP process on the eNodeB. the CA issues the operator's equipment certificate and stores the operator's equipment certificate and operator's root certificate in the eNodeB. integrity. Both the equipment certificate and root certificate are preset in the main control board. The IEEE 802. Access control based on IEEE 802.1x refers to the Port-Based Network Access Control protocol. 2.1x During the initial access. The CN domain and Subjectaltname are configured as ESN.2 Certificate-based Transport Security Mechanism The transport mechanism consists of IEEE 802.1 Access Control Based on IEEE 802. The LAN switch forwards the EAPoL packets to the RADIUS server. Figure 13: Principle of access control based on IEEE 802. It is a standard LAN access control protocol in the IEEE 802 protocol family.huawei. an eNodeB initiates the authentication and send the EAPoL (Extensible Authentication Protocol over LAN) packets. which contains the information about its certificate.A CA server is set up in Huawei factory to issue a unique certificate for each main control board.2. The factory CA issues an equipment certificate to each main control board. IPSec is used to provide the security mechanism that ensures the confidentiality. and IPSec mechanisms. 5. At the same time. 6. This phase involves steps 4. can be used separately or together. 3. and availability of data transmission. which authenticates the eNodeB according to the preset Huawei root certificate. and CRL are issued on the Web portal server. CRL. Set up IPSec tunnel between the eNodeB and the SeGW using the operator's equipment certificate. the electronic serial number of the main control board. 5. and 7. Whereas. to the authentication access equipment (LAN switch or other equipments). 4. and CRL from the Web portal server. the operator certificate needs to be loaded for normal running. that is. the root certificate of factory CA. the MAC address of eNodeB is authenticated.com. which are the authentication client.1x ensures the valid access of the eNodeB to the transport network. and root certificate of factory CA are issued on the Web portal server. Install the board preset with the certificate.1x and IPSec provide transport security protection for different layers. . Access Control based on IEEE 802. With Access Control based on IEEE 802. preset the CRL. 5. The factory phase involves the following two steps. 6.1x performs authentication through three components. and the eNodeB that fails to the authentication are prohibited from accessing the Local Area Network (LAN) ensuring the transport network security. authentication access equipment. 1. Therefore. 5. 2. and authentication server as shown in the Figure 13. Routine certificate management between the eNodeB and the operator CA complies with the CMPv2. After authenticating the eNodeB (by checking factory equipment certificate preset on the eNodeB against the root certificate of factory CA).1x (EAP-TLS). The operator obtains the root certificate.1 x. and root certificate issued by the factory CA in the operator's PKI server (CA). Operation phase When an eNodeB is deployed onsite and the PnP deployment process is completed.1x Access Control based on IEEE 802.

providing high quality. and cryptology-based security for IP packets transmission. the eNodeBs and SeGW can be . which are the security zone.2 IPSec To adapt to the all-IP based transmission mode of the LTE system. 1. integrity. IPSec Networking The Figure 14 shows the typical LTE IPSec networking.Before authentication. other types of data can pass through the authorized ports when the eNodeB passes the authentication. The protection flow consists of two types:   Data flow across the secure zone: includes S1 interface. For example. Data flow in the non-secure zone: The X2 interfaces that are the interfaces used between among the eNodeBs are located in the non-secure zone. and SCTP. A SeGW needs to be configured in front of the secure zone and IPSec is used for security protection between the eNodeB and the SeGW to protect data in the nonsecure zone. and availability of data transmission. Data flow to be protected: data flows requiring protection are identified and protection strategies are formulated. X2. only the EAPoL packets can pass through the LAN Switch. OAM interface. X2 interface. Authentication: the data source is authenticated to guarantee that data is transmitted from an authenticated sender. and clock interface. ICMP. Encryption and integrity verification are implemented on the IP layer between specific communication parties to guarantee the following security features of packet transmission:     Data confidentiality: encryption protection is implemented on user data.   Security zone: the operator's network can be divided into secure zone and non-secure zone. the eNodeB and MME/S-GW related to the S1 interface are located in the non-secure zone and the secure zone respectively. NEs to which these interfaces belong are located in both the secure zone and the non-secure zone. Anti-replay-packet: the attack by malicious users who repeatedly transmit the captured packets is prevented.2. unauthorized access is prohibited and the transport network security is ensured. the data flow to be protected. In this way. OM and clock channels depending of operator’s requirements. Data integrity: the received data is authenticated to check whether the data is modified. IPSec is a collection of protocol frameworks to guarantee IP-based transmission security. Generally. UDP. which is transmitted in cipher text. The main reason lies in the fact that the equipments of the core network are often protected by physical facilities. the access network is considered non-secure while the core network is thought to be secure. Therefore. The receiving end does not accept those old or repeated packets. interoperable. the eNodeB uses IPSec to provide the security mechanism and ensures the confidentiality. and the configuration mode need to be considered in the IPSec networking. The IPSec provides protection for the non-secure zone only. 5. In Huawei eNodeB. and clock interface. OAM interface. IPSec is applied to S1. Figure 14: LTE IPSec networking scenarios Three main factors. IPSec services are the security services provided at the IP layer. and therefore can be used by the upper-layer protocols such as the TCP. such as the equipment room. Data flows requiring protection on the eNodeB include S1 interface.

since.210. the eNodeB switches uplink data transmission to the secondary IPSec tunnel. distributed networking has much more sophisticated initial configurations and configuration adjustment than concentrated networking. 2. 3. IPSec Tunnel Backup Generally. and it is shared between the eNodeB and other eNodeBs. The concentrated networking enables IPSec protection between the eNodeB and the SeGW. If the primary IPSec tunnel is faulty.configured in either concentrated mode or distributed mode. In this situation. If this tunnel is faulty. actually. If IPSec tunnel backup is used. the operator prefers the PKI authentication. active and standby SeGWs are generally deployed to improve the reliability of the entire network. Huawei recommends to use the concentrated mode networking.   IPSec profile:  Protocol type: ESP  Encapsulation mode: tunnel mode  Encryption algorithm: 3DES and AES (128)  Integrity algorithm: SHA-I IKE profile:  Version: IKEv2 (recommended)  Encryption algorithm: 3DES and AES (128)  Integrity algorithm: HMAC-SHA1-96  DH algorithm: DH2 (1024) and DH14 (2048)  Authentication mode: PKI and pre-shared key Note: PKI is recommended. please refer to the related section in Huawei Security Feature Parameters Description. Figure 15: IPSec deployment modes In the distributed mode. For example. In addition. the eNodeB uses the primary IPSec tunnel. if the status of the two tunnels is both active and functional. This enhances reliability of data transmission. For uplink transmission. The eNodeB uses BFD sessions to detect connectivity between the eNodeB and the SeGWs. in actual applications. Both IPSec tunnels can be available. data streams cannot be transmitted in this tunnel. For detailed configuration information. therefore having higher management cost. the following configurations are recommended. The SeGW can also . In reference to the configuration profile and operation application stated in the 3GPP TS33. During downlink transmission. an eNodeB can be connected only to one SeGW through one IPSec tunnel. a direct IPSec tunnel protection is available between every two eNodeBs. Configuration mode The IPSec configuration consists of IPSec profile and IKE profile. the eNodeB can be connected to two SeGWs through one primary IPSec tunnel and one secondary IPSec tunnel. From the above Figure 15. we can see that distributed networking requires more IPSec paths than concentrated networking. the eNodeB can receive data transmitted in both tunnels. However. data can be transmitted in either tunnel from a SeGW to the eNodeB.

IPSec. The eNodeB uses the primary tunnel only after the secondary tunnel becomes faulty. which must be the same as the subject name of the CA certificate 39 CA protocol 0: HTTP 1: HTTPS Table 3: information to be configured in DHCP option 43 on a public DHCP server . option 43 in a DHCP response sent to the eNodeB must contain information about the SeGW. The next sections describe the eNodeB deployment by PnP according to whether SSL only or SSL + IPSec is used for OM channel security. process. A secure networking scenario refers to a network that is deployed with certificate-based transport security mechanisms. and transport network requirements. Security mechanisms such as SSL or SSL+IPSec for OM transmission have an impact on the eNodeB deployment method. CA. the eNodeB exchanges messages with the public DHCP server. /exampleCA/ 38 CA name CA name. The white paper describes only the auto-discovery procedure during eNodeB deployment.3.3 Certificate-Based eNodeB Deployment in Secure Network Solutions Huawei provides the certificate-based secure eNodeB deployment solution to enable the PnP function and reduce the deployment cost in a secure networking scenario. Subcode Meaning Description 18 SeGW IP address IP address of the SeGW (the IKE peer) with which the eNodeB negotiates a temporary IPSec tunnel for the second DHCP procedure 42 IP address of the M2000 DHCP server Configured only when unicast is used in the second DHCP procedure 35 CA IP address IP address of the CA from which the eNodeB initially requests an operator-issued device certificate 36 CA port number Number of the CA port to which the eNodeB sends the first certificate request 37 CA path CA path. In addition. and M2000 DHCP server. as described in Table 3. the eNodeB still uses the secondary tunnel for data transmission.switch downlink data transmission to the secondary IPSec tunnel. the public DHCP server must be configured with an address pool and a next-hop gateway address. 5. The difference is just that IPSec for IPv6 transmission uses another set of MOs for configuration management. Other commissioning procedures are not explained. Figure 16: auto-discovery with a public DHCP serverFigure 16 shows the auto discovery procedure with a public DHCP server. since security mechanisms do not have any impact on them. 5. The OM channel information is generated by M2000 when M2000 creates an eNodeB deployment task.1x. IPSec for IPv6 Transmission eNodeBs support IPSec for IPv6 transmission. IPSec configuration principles and methods for IPv6 transmission are similar to those for IPv4 transmission. such as the IEEE 802. and SSL. During the second DHCP procedure. Even after the primary tunnel resumes. 4. This feature needs also to be supported by security gateway.1 eNodeB Deployment by PnP with SSL+IPSec for OM Transmission 1. Auto-discovery With a Public DHCP Server Deployed The eNodeB needs to perform two DHCP procedures. M2000 DHCP server sends OM channel information to the eNodeB. for example. For this purpose. During the first DHCP procedure.

Figure 17 shows the auto-discovery procedure without a public DHCP server deployed. CA information. and M2000 DHCP server information. The eNodeB applies for an operator-issued device certificate using CMP. Through this tunnel. 3. The eNodeB sets up an SSL-based OM channel to the M2000. Auto-discovery Without a Public DHCP Server Deployed If DHCP messages from an eNodeB travel to the M2000 DHCP server without IPSec protection. the eNodeB uses a port IP address to set up an IPSec tunnel for OM transmission through negotiation. The eNodeB sets up a temporary IPSec tunnel to the SeGW. 7. 2. during which the eNodeB negotiates with the peer and activates an Ethernet port for communication. the eNodeB performs VLAN acquisition.Figure 16: auto-discovery with a public DHCP server The procedure is as follows: 1. After starting up. 4. 2. the eNodeB automatically starts physical link detection. If the authentication procedure successes. no public DHCP server is required. the eNodeB sends a request for IEEE 802. Based on the OM channel information. SeGW information. 6. 8. After the physical link is activated. the eNodeB sends a DHCP request to the M2000 DHCP server and acquires OM channel information. 5. and DHCP procedure through which it acquires a temporary port IP address.1x-based authentication. Figure 17: auto-discovery without a public DHCP server deployed The procedure is as follows: .

during which the eNodeB negotiates with the peer and activates an Ethernet port for communication. The M2000 DHCP server responds to the eNodeB with OM channel. 4. the eNodeB performs VLAN acquisition and a DHCP procedure. the eNodeB acquires OM channel and operator's CA information from the M2000 DHCP server through the DHCP procedure. the eNodeB configures a port IP address. routes.1X-based authentication.1. the eNodeB sends a request for IEEE 802. This procedure is only supported by eRAN6. and an OM channel. Based on the acquired information. 3. 5. routes. . 5. the eNodeB sets up an SSL-based OM channel to the M2000. as shown in Figure 18. and VLANs and sets up an IPSec tunnel for OM transmission through negotiation. After starting up. If the authentication procedure is successful or expires. 6. 2. 4. SeGW.3. If the authentication procedure is successful or expires. After the physical link is activated. the eNodeB performs VLAN acquisition and a DHCP procedure. The eNodeB sets up an SSL-based OM channel to the M2000. The eNodeB applies for an operator-issued device certificate using CMP. After the physical link is activated. the eNodeB automatically starts physical link detection. the eNodeB configures a port IP address. 3. during which the eNodeB negotiates with the peer and activates an Ethernet port for communication. 2. The eNodeB applies for an operator-issued device certificate using CMP.1X-based authentication. Based on the acquired information. the eNodeB automatically starts physical link detection. Figure 18: auto-discovery with SSL and an operator-issued device certificate The procedure is as follows: 1.2 eNodeB Deployment by PnP with SSL only for OM channel If SSL only is used for OM transmission. Then the eNodeB automatically applies for an operator-issued device certificate. and authentication is based on operator certificates during autodiscovery.0 and above versions. and CA information. The M2000 DHCP server responds to the eNodeB with OM channel and CA information. After starting up. 5. VLANs. Then. the eNodeB sends a request for IEEE 802.

and secure environment. physical security is ensured by adding lock to the equipment room and outdoor eNodeBs. The integrated firewall function ensures the security of the input on the eNodeB. The physical security ensures the security of the hardware and eNodeB site. the users can lock the equipment room or use the door control system. . 1 Physical Security Currently. Figure 20: Huawei equipment security architecture The Figure 20 shows positions of the three functions of the equipment security.1 Equipment Security Equipment security protects the eNodeB in terms of physical security. Figure 19: eNodeB equipment and OM security architecture 6. Integrated firewall function.6 eNodeB Equipment and OM Security The eNodeB equipment and OM security ensures the security for the eNodeB equipment and OM plane. The secure environment provides internal security protection to the eNodeB. For the indoor eNodeB. the user can lock the cabinet. and focus on anti-attack. For the outdoor eNodeB.

Communication matrix management is the foundation of port management. ACL is also used for IPSec matching. If a packet matches one of the ACL rules. and OM system security. source port. including ACL (Access List Control) packet filtering and interface security management. a private key in the public key infrastructure (PKI) system can be stored in encryption mode. The eNodeB defines the ACL rules to allow or prohibit the packets that match the rules. and DSCP. it can be permitted or denied. Service Ethernet port disabling: when there is no service configured on a service Ethernet port. The sextuple rules refer to protocol type. destination port. 2. and the key is automatically backed up by the eNodeB. In addition. disabling of service Ethernet port and commissioning Ethernet port. In addition to packet filtering function. Huawei eNodeB supports IPSec encryption and authentication for selected data flows with ACL under IPv6. From eRAN3. and only packets with own VLAN ID will be allowed. From the perspective of security protection. The backup private key will be used if the original private key is damaged. ACL Packet Filtering Packets are filtered through ACL to avoid DoS attacks. log and security alarm. source IP address. ACL defines sextuple rules and handling methods for packets. destination IP address. the white list provides protection that is more comprehensive. OM channel security. Interface Security Management Interface security management consists of communication matrix management. Black list: configure an ACL rule for prohibiting packets for each data flow. Working under L2. Huawei eNodeB supports ACL by layer 2 filtering. the attacker sends a large number of packets to make the eNodeB out of service. 1. The eNodeB identifies the VLAN ID of the packets. an ACL rule corresponding to the X2 interface is automatically added by the system. for the SON X2 self-setup function. For example. Commissioning Ethernet port disabling: the operator can disable the commissioning Ethernet port. ACL is used in two ways: white list and black list. 3 Secure Environment eNodeB keys can be encrypted and backed up to enhance system security. Operator can specify the purposes of ACL.2 Integrated Firewall Function The eNodeB provides the integrated firewall function.0. ACL rule will filter packets by VLAN identification. in which ACL is used to determine whether packets use the IPSec mechanism or not.    Communication matrix management: the communication matrix file lists external protocol ports (TCP/UDP) of the eNodeB and it is issued together with the product document. 2 OM Security OM security supports four functions: user authentication and access control.   White list: set an ACL rule to prohibit receiving of all packets and then configuring packets to be permitted for each data flow. During a DoS attack. the operator can disable the port to avoid possible attacks. The operator does not need to configure an ACL rule of receiving all packets because the default system configuration allows receiving all packets. .

access control is to specify and restrict the operations to be performed and the resources to be accessed by users. All the operation commands are also classified based on command groups. the user management (excluding the admin management) is allowed  Custom: The operator can define a user group as required. Local user account information includes user name. The user authentication and access control function controls the user access to avoid access of invalid users. User Operation Authentication The operator cannot perform all system operations before successful login. operating level/access policy. whereas. User Login Management The eNodeB supports logins by local users. the system maintenance is allowed  Operators: besides the right of users. The system has five default user groups: Guests. locking threshold for password errors. user description. the data configuration is allowed  Administrators: besides the right of Operators. User groups with different authorities can be defined. and passport expiration management. and Custom (depending on the eNodeB). 4. 1 User Authentication and Access Control The objects of user authentication and access control are the users who access the eNodeB. 2. Each user must be specified with one or more authorized command group. and a login prompt is displayed. M2000 domain users. User authentication is to identify and authorize the users. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB. The log and security alarm function monitors the security of the whole system and reports the security information to the management system. Administrators. the login time can be controlled and specified for each account. User Account Management Local user account management refers to the management on adding. Operators. 3. Logs . deletion. For the logins. and querying of local user accounts. and machine-machine authentication during EMS access. modifying. enabling/disabling. User Rights Management A perfect authorization management mechanism supports authorization based on command level. The OM channel security ensures security for the channel between EMS equipment and the NEs. the communication with the system is unavailable before successful authentication. Users.  Guests: users in this user group can only view data  Users: besides the right of Guests. 2 Log and Alarms 1. indicating the last successful login. In addition. Operation users in the system can be classified into different user groups and each user belongs to a user group. permitted access time range.Figure 21: Huawei OM security architecture The Figure 21 shows the positions of the four OM security functions in the system. Authentication and access control involve the following functions: 1.

NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time received by the eNodeB is ensured. DES encryption and MD5 encryption. and TLS1. 2. Alternatively. if the DCN (Data Communication) where the M2000 is located is directly connected to an un-trusted domain in the transport network. an OM channel can also use only SSL at the transport layer to ensure channel security. thus. its time becomes incorrect and this will cause errors in related information such as alarms and logs.  File Transfer Protocol over SSL (FTPS) applies to communication between the eNodeB and an FTP server. if an invalid time source is used. applies to communication between the eNodeB and the LMT An OM channel can use SSL and IPSec at the transport layer and network layer respectively to ensure channel security. NTP Security Authentication The eNodeB is deployed on the public network. faults and alarms.0. such as login and logout operations performed by users. therefore. Actually. which is also over SSL. affecting the maintenance of the eNodeB. Figure 22 shows the principle of NTP security authentication. the SSL encryption mode is recommended for OM transmission.1 X authentication failed alarm  Certificate will soon expire alarm  Peer Certificate expiry alarm  Certificate invalid alarm  Digital certificate automatically updated failure alarm  Local User Consecutive Login Retries Failed alarm 3 OM Channel Security 1. Figure 22: Principle of NTP security authentication . TLS1. that is. SSL usage is described as follows:  SSL applies to communication between the eNodeB and the M2000. It uses the certificates to perform the automatic encryption key management. eNodeBs support the following SSL/TLS versions: SSL3.Operator is provided with logs that record the system history information. for example. Particularly. The history information is the most important non-repudiation information.0. TLS1. for example.2. and identification of entities. the main security alarms include:  802.1. The authentication mode depends on the operator's requirements for network security and network conditions. the execution of MML commands and performance measurement initiated by the system periodically.  HTTPS. It is designed to meet basic security requirements such as confidentiality. The system provides the following security-related logs:  Operation logs List the history operations that are performed by users or the system.  Security logs List the security-related operations.  Running logs List the key information during the system operation. Alarms Some alarms are provided for the system security issues. 2. Security Socket Layer The Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer. integrity. NTP security authentication supports two encryption algorithms.

If the authentication is successful. Figure 23: principle of the digital signature   Before a software package is released. Secured USB Storage Device An eNodeB can be deployed using a USB storage device. a deciphering key and an integrity verification key are generated according to the random number in the secured USB storage device and information about the eNodeB. AES192. Data Backup and Restore eNodeB and M2000 data backup ensures data consistency and integrity. software and configuration files from the USB storage device should be encrypted and data integrity should be ensured. the eNodeB authenticates the digital signature of the software package before using it. After the software package is downloaded. Digital Signature of Software The digital signature is used to ensure software integrity and reliability in the whole process from release to use. If the two message digests are consistent. M2000. backup data can be used to restore the system. This type of USB storage device is called a secured USB storage device. and the software can be installed or be used for upgrade. If the authentication fails. When Huawei releases software. . The message digest of all files in the software package is calculated. Integrity verification is also performed before deciphering. encryption and integrity protection are implemented in a secured USB storage device. Before delivery. 3. 4 OM System Security 1. When the software package with a digital signature is loaded to M2000 or eNodeB through the software release platform. HMAC_SHA1. When a secured USB storage device is inserted into the commissioning port on the eNodeB for site deployment. the authentication is successful. and the private key is used to put a signature on the message digest. a new message digest is obtained through calculation. The integrity protection algorithms are SHA256. and the checksum and NTP packets are sent to the eNodeB. when operating systems are corrupted. software and configuration files disclosed from the USB storage device expose the network to security risks. Therefore. M2000 or eNodeB authenticates the digital signature of the software package. the NTP server checks the configured NTP authentication mode to determine whether to encrypt the NTP packets. a digital signature is put on all files in the software package. The public key is used to decrypt the digital signature to obtain the original message digest. the software is complete and reliable and therefore can be used. The original and new message digests are compared with each other. Figure 23 shows the principle of the digital signature of software. the authentication will fail. the digital signature is put on the software package. the checksum of the NTP packets is calculated through the selected algorithm. 2. However. The signature is the digital signature of the software package. the NTP packets do not need to be encrypted. If NTP packets are transmitted in plaintext. The secured USB storage device uses the following encryption algorithms: 3DES. or USB storage device. and the information about the digital signature is released with the software package. and HMAC_SHA256. LMT. the software package is invalid and cannot be used. If the DES or MD5 encryption algorithm is selected.Before sending NTP packets to the eNodeB. In addition. for example. and AES256. Otherwise. If eNodeB or M2000 data is detected as damaged. and the software can not be installed or use for upgrade.

One backup file is generated on the M2000 server each time a backup task is performed. and causes for login failures (such as incorrect passwords and invalid accounts)  User logout success and failure events: including user names. users can obtain information about the running status. 5 OM Security Evaluation OM security can be evaluated based on logs. By querying logs. eNodeB data can be restored based on these backup files. and user operations of the M2000 or eNodeB. system logs. workstation information (such as IP addresses). deletion. workstation information (such as IP addresses). regardless of the backup mode. and causes for logout  Users' attempt to access resources beyond their permission  All OM and configuration events: including user names. and security logs. Users can also save logs as files or print them out. and responses  Operations concerning user accounts and permission levels: including addition. workstation information (such as IP addresses). The auditable security events include:  System startup and shutdown  User login success and failure events: including user names. login time. system security situation. OM time. logout time.eNodeB and M2000 data can be backed up manually or automatically. Users can audit the security logs collected by M2000 to evaluate OM security. operations. Logs about eNodeBs and the M2000 are classified into operation logs. and modification .

transport security solution. eNodeB equipment security solution. and OM system security solution. Huawei will provide operators with the best security solutions that satisfy the most their LTE network and business requirements while helping them keep on leading the industry.7 Conclusion From air interface to the OM system. They are complete. including the equipment. mature. Based on high professionalism. and better consulting capability and understanding of LTE network requirements. and OM and clock channels. this white paper describes and touches every aspect of LTE security solution. and designed to satisfy operator’s network requirements. transport interfaces. . Huawei LTE security solution includes wireless security solution.

8 Acronyms and Abbreviations 3GPP Third Generation Partnership Project ACL AES AH Access control List Advanced Encryption Standard Authentication Header CA CMP CP CRL Certificate Authority Certificate Management Protocol Control Plane Certificate Revocation List DES DH DHCP DL EARFCN DMZ DOS DPD DSCP DRB Data Encryption Standard Diffie-Hellman Dynamic Host configuration Protocol E-UTRA Absolute Radio Frequency Channel Number DeMilitarized Zone Denial Of Service Deep Packet Detection Differentiated Service Check Point Data Radio Bearer EAPoL EEA EIA EPS ESN ESP Extensible Authentication Protocol over LAN EPS Encryption Algorithm EPS Integrity Algorithm Evolved Packet System Electronic Serial Number Encapsulation Security Protocol FTP File Transfer Protocol GTP GPRS Tunneling Protocol HMAC Hash-based Message Authentication Code IKE IKE SA IP IPSec IPSec SA ISAKMP Internet Key Exchange IKE Security Association Internet Protocol Internet Protocol Security IPSec Security Association Internet Security Association and Key management Protocol International Telecommunication Union Telecommunication ITU-T LAN LDAP LMT Local Area Network Lightweight Directory Access Protocol Local Maintenance Terminal MAC-I MD5 MML Message Authentication Code I Message Digest algorithm 5 Machine Man Language NCC NH Next hop Chaining Count Next Hop .

NTP Network Time Protocol OM Operation and Management PDCP PDU PKI PnP PRF Packet Data Control Protocol Protocol Data Unit Public Key Infrastructure Plug and Play Pseudo Random Function RA RADIUS RRC Registration Authority Remote Authentication Dial-in User Server Radio Resource Control SDU SeGW SHA SPI SRB SSL SCTP Service Data Unit Security Gateway Secure Hash Algorithm Security Parameter Index Signaling Radio Bearer Security Socket Layer Stream Control Transport Protocol TCP TLS Transport Control Protocol Transport Layer Security UDP ULP UP USB User Datagram Protocol Upper Layer Protocol User Plane Universal Serial Bus VLAN Virtual Local Area Network WLAN Wireless Local Area Network .