Scribd Logo
Upload

Welcome to Scribd!

  • Long Term Evolution and Its Security Infrastructure

    Uploaded by

    Kalyra Adolinama
    13 views26 pages
    EVOLUTION

    Original Title

    Safavi Eh

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    EVOLUTION

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views26 pages

    Long Term Evolution and Its Security Infrastructure

    Uploaded by

    Kalyra Adolinama
    EVOLUTION

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Long Term Evolution

    and
    its security infrastructure
    Fataneh Safavieh
    Mobile security Seminar,Bit,07.02.2011

    Outline

    Introduction: some history &background


    What is LTE?
    LTE-SAE Security: some highlights
    Home(e)Node B Security

    Introduction:
    some history & background

    Mobile Evolution
    Improvements in mobile communication
    technology during the last two decades
    The Mobile Broadband is as important as Internt

    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

    User Expectations

    Highly desire of broadband acces everywhere


    1. Home, Office
    2. Train, Aeroplane, Canteen, during the Breake

    Ubiquity (anywhere, anytime)


    Higher voice quality
    Higher speed
    Lower prices
    Multitude of services

    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

    3GPP

    The 3rd generation partnership project

    A global partnership of six SDOs:


    1.
    2.
    3.
    4.
    5.

    Europe
    USA
    China
    Japan
    Korea

    ETSI
    ATIS
    CCSA
    ARIB & TTC
    TTA

    LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker

    What is LTE?

    What is LTE?
    The latest standard in the mobile network
    technology tree
    A project of 3GPP & mainly built on 3GPP
    cellular systems family
    May be referred as E-UTRA & E-UTRAN
    Has advanced new radio interface
    Circuit switched networksall-IP networks
    Broadband connectivity on the move
    100Mbps(DL), 50Mbps(UL), ~10 ms Latency
    8

    UMTS and LTE architecture

    Extract from Towards Global Mobile Broadband


    A White Paper from the UMTS Forum

    LTE key features


    High Spectral Efficiency more customers, less
    costs

    Co-existence with other standards


    Flexible radio planning (cell size of 5km30/100km)
    Reduced Latency less RTT, multi-player gaming,
    audio/video conferencing

    Reduced costs for operators (OPEX & CAPEX)


    Increased data rates via enhanced air interface
    (OFDMA,SC-FDMA,MIMO)
    All-IP environment SAE or EPC
    key advantages of SAE

    10

    LTE-SAE Security:
    some highlights

    11

    Security in the LTE-SAE Network

    Security features in the network (from TS 33.401- Fig.4-1)

    12

    Security features in the LTE-SAE


    Network
    Five security feature groups defined in TS 33.401
    (I): Network access security
    provides users with secure access to services
    protects against attacks on the access interface

    (II): Network domain security


    enables nodes to exchange signaling- & user- data securely
    protects against attacks on the wire line network

    (III): User domain security


    Provides secure access to mobile stations

    (IV): Application domain security


    enables applications in the user & provider domains to exchnage messages securely

    (V): Visibility and configurability of security


    allows the users to learn whether a security feature is in operation
    13

    Authentication & key agreement

    HSS generates authentication data and provides it to MME


    Challenge-response authentication and key agreement
    procedure between MME and UE
    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009

    15

    Confidentiality & integrity of


    signaling

    RRC signaling between UE and E-UTRAN


    NAS signaling between UE and MME
    S1 interface signaling
    protection is not UE-specific
    optional to use

    4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009

    16

    User plane confidentiality

    S1-U protection is not UE-specific


    (Enhanced) network domain security mechanisms (based on IPsec)
    Optional to use

    Integrity is not protected for various reasons, e.g.:


    performance
    limited protection for application layer
    4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009

    17

    Cryptographic network separation

    Key hierarchy (TS 33.401 - Figure 6.2-1)

    18

    Cryptographic network separation


    Authentication vectors are specific to the serving network

    AVs usable in UTRAN/GERAN cannot be used in


    EPS
    AVs usable for UTRAN/GERAN access cannot be used
    for EUTRAN access
    Solution by a separation bit

    Rel-99 USIM is still sufficient for EPS access


    ME has to check the separation bit (when
    accessing E-UTRAN)
    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009
    19

    Home (e) Node B Security

    21

    System architecture of H(e)NB


    UE

    HNB

    insecure
    link

    SeGW

    Operators
    core
    network

    E-UTRAN air interface between UE and HeNB


    HeNB accesses operators core network via a Security Gateway
    The backhaul between HeNB and SeGW may be insecure
    Operators core network performs mutual authentication with HeNB
    via SeGW
    Security tunnel between HeNB and SeGW to protect information
    transmitted in backhaul link
    Figure from draft TR 33.820

    22

    Common threats to H(e)NB


    1. Physical tampering with H(e)NB
    2. Fraudulent software update / configuration
    changes
    3. Denial of service attacks against core network
    4. Eavesdropping of the other users UTRAN or
    E-UTRAN user data
    5. User cloning the H(e)NB authentication Token
    From TR 33.820
    23

    Security requirements to H(e)NB


    1.
    2.

    3.
    4.
    5.

    Unprotected data should never leave a secure domain inside


    H(e)NB
    Software updates and configuration changes for the H(e)NB shall
    be cryptographically signed (by operator or H(e)NB supplier) and
    verified configuration changes shall be authorized by H(e)NB
    operator or supplier
    Unauthenticated traffic shall be filtered out on the links between
    the core network and the H(e)NB
    New users should be required to explicitly confirm their
    acceptance before being joined to an H(e)NB
    H(e)NB authentication credentials shall be stored inside a secure
    domain i.e. from which outsider cannot retrieve or clone the
    credentials
    From TR 33.820

    24

    References and Resources

    25

    References and Resources


    A Long Term Evolution Downlink inspired channel
    simulator using the SUI 3Channel Model, Thesis of
    Sanjay Kumar Sarkar, August 2009
    LTE The UMTS Long Term EvolutionSesia, Toufik, Baker (WILEY Publication) 2009
    http://www.nsma.org/conf2008/Presentation/2-1045MiyaharaLTE_Overview_NMSA%2021March08_final.pdf
    Towards Global Mobile Broadband A White Paper
    from the UMTS Forum, February 2008
    TS 33.401
    26

    References and Resources


    4th ETSI Security Workshop- Sophia-Antipolis ,
    13-14 January 2009
    TR 33.820
    A Survey of Security Threats on 4G Networks,
    Yongsuk Park and Taejoon Park
    Security in the LTE-SAE Network,
    www.agilent.com/find/lte
    www.3gpp.org
    www.radio-electronics.com

    http://sites.google.com/site/lteencyclopedia
    27

    Thank
    You
    For
    Your

    Attention!
    28

    You might also like