1. Gii thiu tng quan kin trc v an ninh ca h thng LTE.
1.1. Gii thiu.
Vi bt k mng IP no vic m bo an ninh l ti quan trng, iu ny ng vi mng LTE, l mt mng di ng all-IP vi kin trc phng (eNodeB c kt ni vi nhau thng qua giao din X2, v kt ni trc tip vi EPC thng qua giao din S1, khng c thnh phn iu khin tp trung cho cc trm v tuyn).Bn cnh cc nguy c an ninh r rng trngiao dinv tuyn truyn n v i khi thit b ngi dng (User Equipment - UE) cn l cc nguy c an ninh truyn thng lin quan n cc lin kt IP ca cc nh cung cp mng LTE. Vic xy dng kin trc an ninh i ph vi cc nguy c l khi u quan trng cho cc nh cung cp di ng. 1.2. Cc yu cu an ninh ca mng LTE. Tiu chun 3GPP TS 33.401 a ra cc yu cu v cc tnh nng an ninh cn c trong mng LTE nh sau: m bo an ninh gia ngi dng v mng, gm: Nhn dng ngi dng v bo mt thit b. Nhn thc cc thc th. Bo mt d liu ngi dng v d liu bo hiu. Ton vn d liu ngi dng v d liu bo hiu. C kh nng cu hnh v hin th an ninh. p ng cc yu cu an ninh trn eNodeB. Ngoi ra, c mt s yu cu khc i vi an ninh trn mng LTE c th d dng nhn ra nh: Cc tnh nng an ninh khng c nh hng ti s tin dng ca ngi dng. Cc tnh nngan ninh khng c nh hng ti qu trnh chuyn dch t 3G ln LTE. 1.3. Kin trc an ninh tng qut ca LTE. 3GPP a ra kin trc an ninh tng qut ca LTE trong tiu chun 3GPP TS33.401 gm 5 nhm tnh nngan ninh khc nhau:
Network access security (I): tp hp cc tnh nngan ninh cung cp kh nng
bo v truy nhp ngi dng ti cc dch v, v cng bo v chng li cc cuc tn cng trn lin kt truy nhp v tuyn. V d: s dng USIM cung cp truy nhp c m bo cho ngi dng ti EPC, bao gm nhn thc tng h v cc tnh nng ring khc. Network Domain Sercurity (II): Tp hp cc tnh nngan ninh cho php cc node trao i an ton d liu bo hiu v d liu ngi dng (gia AN v SN, v trong AN), v cng bo v chng li cc cuc tn cng trn mnghu tuyn. V d: AS Security, NAS Security, IPsec EPS. User domain security (III): Tp hp cc tnh nngan ninh bo v truy nhp ti cc MS (Mobile Station). V d: kha mn hnh, m PIN s dng SIM. Application domain security (IV): tp hp cc tnh nngan ninh cho phpbo v cc bn tin trao i ca cc ng dng ti min ngi dng v min nh cung cp. V d: https. Visibility and configurability of security (V): tp hp cc tnh nngan ninh cho php thng bo ti ngi dng mt tnh nng an ninh c ang hot ng hay khng, v cc dch v ang s dng v c cung cp nn ph thuc vo tnh nng an ninh khng. Di y chng ta s xem xt mt s tnh nng an ninh p dng cho mng LTE thuc v cc nhm tnh nng an ninh (I) v (II), l nhng nhm tnh nng an ninh c trng v lin quan trc tip n cc thc th trong mng LTE. 1.4. Mng li EPC Mng li mi l s m rng hon ton ca mng li trong h thng 3G v n ch bao ph min chuyn mch gi. V vy, n c mt ci tn mi: Evolved Packet Core (EPC Cng mt mc ch nh E-UTRAN, s mode trong EPC c gim. EPC chia lung d liu ngi dng thnh mt phng ngi dng v mt phng iu khin. Mt mode c th c nh ngha cho mt mt phng, cng vi Gateway chung kt ni mng LTE vi Internet v nhng h thng khc. EPC gm mt vi thc th chc nng: MME (Mobile Management Entity): Chu trch nhim x l nhng chc nng mt bng iu khin, lin quan n qun l thu bao v qun l phin. Gateway dch v (Serving Gateway): L v tr kt ni ca giao tip d liu gi vi E-UTRAN. N cn hot ng nh mt node nh tuyn n nhng k thut 3GPP khc. P-Gateway (Packet Data Gateway): L im u cui cho nhng phin hng v mng d liu gi bn ngoi. N cng l Router n mng Internet. PCRF (Policyand Charging Rules Function): iu khin vic to ra bng gi v cu hnh cho h thng con a phng tin IP IMS (the IP Multimedia Subsystem) cho mi ngi dng. HSS (Home Subscriber Server): L mt ni lu tr d liu ca thu bao cho tt c cc d liu ngi dng. N l c s d liu trung tm trong trung tm ca nh khai thc. Cc min dch v bao gm IMS (Ip Multimedia Sub-system) da trn cc nh khai thc, IMS khng da trn cc nh khai thc v cc dch v khc. IMS l mt kin trc mng nhm to s thun tin cho vic pht trin v phn phi cc dch v a phng tin n ngi dng, bt k l h ang kt ni thng qua mng truy nhp no. IMS h tr nhiu phng thc truy nhp nh GSM, UMTS, CDMA 2000, truy nhp hu tuyn bng rng nh xDSL, cp quang, cp truyn hnh, cng nh truy nhp v tuyn bng rng nh WLAN, WiMAX, IMS to iu kin cho h thng mng khc nhau c th tng thch vi nhau. IMS ha hn mng nhiu li ch cho c ngi dng ln nh cung cp dch v. N v ang c tp trung nghin cu cng nh thu ht c s quan tm ca gii cng nghip. Tuy nhin IMS cng gp phi kh khan nht nh cng nh cha thc s chn thuyt phc cc nh cung cp mng u t trin khai n. Kin trc IMS c cho l kh phc tp vi nhiu thc th v v s cc chc nng khc nhau. 1.5. Dsgsd 2. An ninh trong min mng li EPC ca LTE. 2.1. D 2.2. Df 2.3. fdfd 2.4. Dfdkjfsd 2.5. Dfdsf 2.6. Khdsfsd 2.7.