Scribd Logo
Upload

Welcome to Scribd!

  • Long Term Evolutionandits Security Infrastructure

    Uploaded by

    krishkarn
    0 views26 pages

    Original Title

    Long Term Evolutionandits security infrastructure

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    0 views26 pages

    Long Term Evolutionandits Security Infrastructure

    Uploaded by

    krishkarn

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Long Term Evolution

    and
    its security infrastructure

    Fataneh Safavieh
    Mobile security Seminar,Bit,07.02.2011
    Outline

    Introduction: some history &background


    What is LTE?
    LTE-SAE Security: some highlights
    Home(e)Node B Security

    2
    Introduction:
    some history & background

    3
    Mobile Evolution
     Improvements in mobile communication
    technology during the last two decades
     The Mobile Broadband is as important as Internt

    4
    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
    User Expectations
     Highly desire of broadband acces everywhere
    1. Home, Office
    2. Train, Aeroplane, Canteen, during the Breake
     Ubiquity (anywhere, anytime)
     Higher voice quality
     Higher speed
     Lower prices
     Multitude of services

    5
    http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
    3GPP

     The 3rd generation partnership project

     A global partnership of six SDOs:

    1. Europe ETSI
    2. USA ATIS
    3. China CCSA
    4. Japan ARIB & TTC
    5. Korea TTA

    LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker 6


    What is LTE?

    7
    What is LTE?
     The latest standard in the mobile network
    technology tree
     A project of 3GPP & mainly built on 3GPP
    cellular systems´ family
     May be referred as E-UTRA & E-UTRAN
     Has advanced new radio interface
     Circuit switched networksall-IP networks
     Broadband connectivity on the move
     100Mbps(DL), 50Mbps(UL), ~10 ms Latency
    8
    UMTS and LTE architecture

    Extract from ”Towards Global Mobile Broadband” 9


    A White Paper from the UMTS Forum
    LTE key features
     High Spectral Efficiency more customers, less
    costs
     Co-existence with other standards
     Flexible radio planning (cell size of 5km30/100km)
     Reduced Latency less RTT, multi-player gaming,
    audio/video conferencing
     Reduced costs for operators (OPEX & CAPEX)
     Increased data rates via enhanced air interface
    (OFDMA,SC-FDMA,MIMO)
     All-IP environment SAE or EPC
    key advantages of SAE 10
    LTE-SAE Security:
    some highlights

    11
    Security in the LTE-SAE Network

    Security features in the network (from TS 33.401- Fig.4-1) 12


    Security features in the LTE-SAE
    Network
    Five security feature groups defined in TS 33.401

     (I): Network access security


     provides users with secure access to services
     protects against attacks on the access interface
     (II): Network domain security
     enables nodes to exchange signaling- & user- data securely
     protects against attacks on the wire line network
     (III): User domain security
     Provides secure access to mobile stations
     (IV): Application domain security
     enables applications in the user & provider domains to exchnage messages
    securely
     (V): Visibility and configurability of security
     allows the users to learn whether a security feature is in operation
    13
    Authentication & key agreement

     HSS generates authentication data and provides it to


    MME
     Challenge-response authentication and key agreement
    procedure between MME and UE
    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009 15
    Confidentiality & integrity of
    signaling

     RRC signaling between UE and E-UTRAN


     NAS signaling between UE and MME
     S1 interface signaling
     protection is not UE-specific
     optional to use

    4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009 16


    User plane confidentiality

     S1-U protection is not UE-specific


     (Enhanced) network domain security mechanisms (based on IPsec)
     Optional to use
     Integrity is not protected for various reasons, e.g.:
     performance
     limited protection for application layer

    4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009 17


    Cryptographic network separation

    Key hierarchy (TS 33.401 - Figure 6.2-1) 18


    Cryptographic network separation
     Authentication vectors are specific to the serving network
    AV’s usable in UTRAN/GERAN cannot be used in
    EPS
     AV’s usable for UTRAN/GERAN access cannot be used
    for EUTRAN access
     Solution by a “separation bit”
     Rel-99 USIM is still sufficient for EPS access
    ME has to check the “separation bit” (when
    accessing E-UTRAN)

    4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009


    19
    Home (e) Node B Security

    21
    System architecture of H(e)NB

    Operator’s
    UE HNB insecure SeGW core
    link network

    E-UTRAN air interface between UE and HeNB


    HeNB accesses operator’s core network via a Security Gateway
    The backhaul between HeNB and SeGW may be insecure
    Operator’s core network performs mutual authentication with HeNB
    via SeGW
    Security tunnel between HeNB and SeGW to protect information
    transmitted in backhaul link

    22
    Figure from draft TR 33.820
    Common threats to H(e)NB
    1. Physical tampering with H(e)NB
    2. Fraudulent software update / configuration
    changes
    3. Denial of service attacks against core network
    4. Eavesdropping of the other user’s UTRAN or
    E-UTRAN user data
    5. User cloning the H(e)NB authentication Token

    From TR 33.820

    23
    Security requirements to H(e)NB
    1. Unprotected data should never leave a secure domain inside
    H(e)NB
    2. Software updates and configuration changes for the H(e)NB shall
    be cryptographically signed (by operator or H(e)NB supplier) and
    verified configuration changes shall be authorized by H(e)NB
    operator or supplier
    3. Unauthenticated traffic shall be filtered out on the links between
    the core network and the H(e)NB
    4. New users should be required to explicitly confirm their
    acceptance before being joined to an H(e)NB
    5. H(e)NB authentication credentials shall be stored inside a secure
    domain i.e. from which outsider cannot retrieve or clone the
    credentials

    From TR 33.820 24
    References and Resources

    25
    References and Resources
     A Long Term Evolution Downlink inspired channel
    simulator using the SUI 3Channel Model, Thesis of
    Sanjay Kumar Sarkar, August 2009
     LTE The UMTS Long Term Evolution-
    Sesia, Toufik, Baker (WILEY Publication) 2009
     http://www.nsma.org/conf2008/Presentation/2-1045-
    MiyaharaLTE_Overview_NMSA%2021March08_final.pdf
     Towards Global Mobile Broadband” A White Paper
    from the UMTS Forum, February 2008
     TS 33.401

    26
    References and Resources

     4th ETSI Security Workshop- Sophia-Antipolis ,


    13-14 January 2009
     TR 33.820
     A Survey of Security Threats on 4G Networks,
    Yongsuk Park and Taejoon Park
     Security in the LTE-SAE Network,
    www.agilent.com/find/lte
     www.3gpp.org
     www.radio-electronics.com
     http://sites.google.com/site/lteencyclopedia
    27
    Thank
    You
    For
    Your
    Attention!
    28

    You might also like