Professional Documents
Culture Documents
Role of Crypto in Mobile Communications: Outline
Role of Crypto in Mobile Communications: Outline
Mobile
Communications
Valtteri Niemi
ECRYPT workshop 27-29 May 2008
Outline
• Some history about:
• Use of crypto in 1G, 2G, 3G mobile communications
• 3GPP security specifications
• SAE/LTE security
• Role of crypto in other 3GPP features
• Network domain security (NDS)
• IP Multimedia Subsystem (IMS)
• Interworking with WLAN (I-WLAN)
• Generic Authentication Architecture (GAA)
• Multimedia Broadcast/Multicast Service (MBMS)
• Secure channel between UICC and a (remote) terminal
• Lawful interception
• Summary
Auth (2-way)
SAE/LTE:
Ciph + intg of radio signalling IPsec
UTRAN
SGSN
GERAN HS
S3
S1-MME S6a
MME
PCRF
S12
S11 S7 Rx+
S4
S10
“LTE-Uu”
Serving S5 PDN SGi
UE E-UTRAN Gateway Operator’s IP Services
Gateway (e.g. IMS, PSS etc.)
S1-U
Implications on security
CK, IK
UE / HSS
KASME
UE / ASME
UE / MME
KUPenc KRRCint KRRCenc
UE / eNB
KDF
Ks C-RNTI
KeNB
256
network-ID 256 eNB
KDF KDF
Physical cell ID eNB
256
256 256 256
MME KeNB
KDF
KASME
UP-enc-alg,
256 Alg-ID
NAS COUNT
RRC-int-alg,
Alg-ID
NAS-enc-alg, NAS-int-alg, RRC-enc-alg,
Alg-ID Alg-ID Alg-ID
256-bit 256-bit
keys KNASenc KNASint keys KRRCenc KRRCint
128-bit 128-bit
keys KNASenc KNASint keys KRRCenc KRRCint
Ks C-RNTI
256
network-ID 256
256
KDF KDF
Physical cell ID
256
256 256 256
KeNB
KDF
KASME UP-enc-alg,
Alg-ID
256 NAS COUNT
RRC-int-alg,
Alg-ID
NAS-enc-alg, NAS-int-alg, RRC-enc-alg,
Alg-ID Alg-ID Alg-ID
256-bit 256-bit
keys KNASenc KNASint keys KRRCenc KRRCint KUPenc
128-bit 128-bit
keys KNASenc KNASint keys KRRCenc KRRCint KUPenc
Theory Practical
break of break of
algo 2 algo 2
time
Spec Algo 3 Majority of
work for implemented terminal base
algo 3 supports algo 3
time
Spec Algo 3 Majority of
work for implemented terminal base
algo 3 supports algo 3
• If this is not the case anymore, broken algorithm has to be withdrawn completely
from the system
• In the same way as A5/2 is withdrawn from GSM
Network A Network B
a
a a
SEGA SEGB
Intermediate
IP network
NEA b NEB
IMS home
PS domain
bearer access security
25 © 2008 Nokia Crypto_in_Mobile.ppt / 2008-05-28 / VN
HSS
• Bootstrapping Server Function (BSF)
and the UE run AKA protocol, and
Zh Zn agreed session keys are later used
between UE and Network Application
BSF NAF Function (NAF).
• After the bootstrapping, the UE and
NAF can run some application-specific
Ub Ua
protocol where security is based on
derived session keys
UE
BM-SC
Content
BSF Server Internet
BGW
BM-SC can reside in home or visited network
Lawful interception
• 3GPP specifies required lawful interception mechanisms for all features
• Call/message content and related data provided from certain network elements to
the law enforcement side
• Assumes typically that the content appears in clear in the network element
• End-to-end encryption is still possible if keys are provided
• No weak algorithms introduced for LI purposes
• All 3GPP algorithms are publicly known
• National variations exist
• Specified in TSs 33.106-108