Core Network KPI Optimization_Security_Huawei
50
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Internal www.huawei.com CN Security Optimization ISSUE 1.0
description
Upon completion this course, you will be able to:Deeply understand the signaling procedures of location registrationDeeply understand data configuration related to the location updatingTrouble shooting related to location updating
Transcript of Core Network KPI Optimization_Security_Huawei
1Chapter 3 KPI of security
Chapter 4 Authentication Optimization
Definition
Concept
Encryption - In order to ensure the secrecy of subscriber information (speech service or non-speech service), the GSM/UMTS system specially adopts an encryption process when exchanging information between BTS/nodeB and MS
*
*
*
*
COMP128 is an implementation of the A3 and A8 algorithms defined in the GSM standard.
A3 and A8 both take a 128 bits key (Ki) and a 128 bits challenge (RAND) as inputs. A3 produces a 32 bits response (SRES) and A8 produces a 64 bits session key (Kc).
HUAWEI TECHNOLOGIES CO., LTD.
Encryption in GMS network
*
*
*
Weak authentication and encryption algorithms (COMP128 has a weakness allowing user impersonation; A5 can be broken to reveal the cipher key)
Short key length (32 bits)
No data integrity (allows certain denial of service attacks)
No network authentication (false base station attack possible)
Limited encryption scope (Encryption terminated at the base station, in clear on microwave links)
Insecure key transmission (Cipher keys and authentication parameters are transmitted in clear between and within networks)
*
false base station attack , where an attacker poses as a fake GSM network and requests the user to provide her IMSI or turn off encryption.
denial of service attacks: DoS attacks, transfer a lot of,… congestion.
HUAWEI TECHNOLOGIES CO., LTD.
*
*
RAND: network authentication random number
Function: It is a parameter for calculating XRES. It is considered as the seeds to generate authentication sets.
XRES: the expected value of subscriber response
Function: It is a parameter for checking subscriber validity. It is the standard based on which the network authenticates the subscriber.
CK: ciphering key
Function: it is an encryption parameter of subscriber information (speech and other contents transmitted by the subscriber). It is equivalent to the KC used in the 2G. network.
IK: integrity key
Function: it is an integrity protection parameter of network terminal signals, used for signaling encryption. The KC of 2G only encrypts the content transmitted by the subscriber (such as speech), while cannot encrypt signaling.
AUTN: authentication token
Function: A parameter for the USIM to determine network validity
SQN: to protect AUTN, RAND on radio channel
HUAWEI TECHNOLOGIES CO., LTD.
Home Network
Mobile station
128 bit secret key K is shared between the home network and the mobile user
Serving Network
*
AV := RAND || XRES || CK || IK || AUTN
Generate RAND
Generate SQN
MAC
AMF
*
Protection against active attacks on the radio interface
– New integrity mechanism added to protect critical signaling information on the radio interface
– Enhanced authentication protocol provides mutual authentication and freshness of cipher/integrity key towards the user
– Compared with the 3G network, the 2G network lacks an authentication flow from the MS to the network side
• Enhanced encryption
– Stronger algorithm, longer key
– Encryption terminates in the radio network controller rather than the base station
• Core network security
• Potential for secure global roaming
– Adoption of 3GPP authentication by TIA TR-45 / 3GPP2
*
All rights reserved
*
Chapter 3 KPI of security
Chapter 4 Authentication Optimization
TMSI reallocation with cipher
This parameter specifies whether MSOFTX3000 needs to send the cipher mode command to the BSC or RNC if the MSOFTX3000 reallocates the TMSI to a mobile subscriber during the authentication of service access or location update
Authset numbers required
he parameter is valid only when MAP version of the MSOFTX3000 is MAP phase2+. During the network authentication for the service access and location update of a subscriber, if the MSOFTX3000 needs to send a Send Authentication Information message to require the HLR/AuC to allocate authentication sets, the parameter specifies the number of authentication sets that the MSOFTX3000 requires the HLR/AuC to send once. Value range: 0-5.
HUAWEI TECHNOLOGIES CO., LTD.
Authentication set reuse times:
It specifies the times that an authentication set stored in the memory of VLR is reused. It is valid for 2G networks only. Value range: 0 - 255
To query the number of valid authentication sets for a subscriber, run DSP USRINF .
Remained AV when parallel get AV:
It specifies whether the MSOFTX3000 must originate the parallel obtaining authentication set operation during the process of the location update or service access. Value range: 1 - 3
HUAWEI TECHNOLOGIES CO., LTD.
MOD AUTHCFG
If a carrier requires the MSOFTX3000 to execute the authentication flow according to a proportion for the requests of location update and service access to improve the network security, run MOD AUTHCFG to modify authentication configuration parameters. Currently, the MSOFTX3000 provides 17 authentication options for the carrier
HUAWEI TECHNOLOGIES CO., LTD.
SET MAPACCFG
2G Cipher
During the authentication of service access and location update of a mobile subscriber, it specifies whether the MSOFTX3000 sends the Cipher mode command to the BSC on the access network side, that is, whether the MSOFTX3000 requires the access network to cipher radio channel (air interface)
Cipher algorithm
The parameter is valid when the MSOFTX3000 commands the access network to cipher radio channel. It indicates a cipher algorithm contained in Cipher mode command sent by the MSOFTX3000 to BSC or RNC on access network side
HUAWEI TECHNOLOGIES CO., LTD.
MM_MTN_WAIT_INIT_AUTH
The timer determines the duration for the MM module to wait for an Authentication_Response message in response to an Authentication_Request message. The authentication procedure has been started by the network. The timer T3260 is running.
MOD TIMER: MPID=138, TMRIDX=0, TMRSEQ=2, TMRVAL=5;
MM_MTN_WAIT_INIT_CIPH
After sending a security message including ciphering key(s) to a mobile station, MM module starts this timer to limit the time before completing the procedure from the mobile station.
MOD TIMER: MPID=138, TMRIDX=0, TMRSEQ=3, TMRVAL=5;
HUAWEI TECHNOLOGIES CO., LTD.
Chapter 3 KPI of security
Chapter 4 Authentication Optimization
Key performance indexes (KPIs)
The key performance indexes (KPIs) are used to reflect the quality of service (QoS) of the network and the performance of the equipment on the network.
The KPI system is formulated to help:
Understand the performance measurement system for communication equipment.
Establish performance evaluation systems.
Optimize the services and equipment based on the performance measurement results.
HUAWEI TECHNOLOGIES CO., LTD.
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Authentication
Authentication
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Authentication
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Chapter 3 KPI of security
Chapter 4 Security Optimization
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
AUTHSET of HLR rate
*
AUTHSET of PVLR rate
*
AUTH Success Times
*
waits for an auth response, MSC timeout occurs
Auth response with MAC failure or Synchronization failure
Receive clear Req/Release from BSC/RNC
*
Example: analysis for MSC4 in VMS1
MSC-Date
AUTH Failures due to Illegal SRES(times)
AUTH No Response Times(times)
MHAN04H10/06
800543
248545
821607
296181
1773
2
9154832
9060826
4695
MHAN04H11/06
805013
277637
826041
327553
1719
1
9408344
9308414
3630
MHAN04H12/06
801553
272677
823032
321587
2092
30
9225804
9121637
6729
MHAN04H13/06
784826
270703
804699
320443
1541
80
9144115
9044334
6548
MHAN04H14/06
771492
267792
788967
318373
1083
0
9090011
8990861
8994
MHAN04H15/06
768813
277986
786528
329834
1147
2
8953049
8854549
4749
MHAN04H16/06
754944
280504
772026
336440
1211
0
8812575
8713344
3705
Example: analysis for MSC4 in VMS1
MSC-Date
Negative AUTH Responses by Subscribers
AUTH Failures due to Others
MHAN04H10/06
97.44%
83.92%
98.97%
0.02%
0.05%
0.96%
MHAN04H11/06
97.45%
84.76%
98.94%
0.02%
0.04%
1.01%
MHAN04H12/06
97.39%
84.79%
98.87%
0.02%
0.07%
1.03%
MHAN04H13/06
97.53%
84.48%
98.91%
0.02%
0.07%
1.00%
MHAN04H14/06
97.79%
84.11%
98.91%
0.01%
0.10%
0.98%
MHAN04H15/06
97.75%
84.28%
98.90%
0.01%
0.05%
1.03%
MHAN04H16/06
97.79%
83.37%
98.87%
0.01%
0.04%
1.07%
Cipher
Set Cipher Mode Times
Encryption Requested - LU
Encryption Requested - Service
Encryption Succ rate
Based on LAC
Encryption Successfully - LU
Encryption Successfully - Service
1. Based on SMS
2. Based on call
MSC Basic Services
Short Message Service
SMMO Failures due to Cipher-Mode Setting Failures
Total Traffic of the Office
GSM Subscriber Originated/T Calls
Which network element decides to choose cipther algorithm?
Security Analysis
*
If a network carrier requires the base station subsystem (BSS) in the 2G network to encrypt the radio channel, choose one or multiple cipher algorithms supported by all BSCs controlled by the MSOFTX3000 (The cipher algorithms include A5_1 - A5_7 and A5_0(No cipher for 2G)). The cipher algorithm to be adopted by the BSC must meet the following requirements at the same time: a) It is contained in the Cipher mode command sent by the MSOFTX3000 to a BSC; b) It is supported by the BSC; c) It is supported by a mobile station (MS). If such algorithms exist, after receiving the Cipher mode command from the MSOFTX3000, the BSC of Huawei selects the algorithm with the highest priority in the sequence of A5_7 to A5_1 and then A5_0(No cipher for 2G). If such algorithms do not exist, the BSC sends a command which refuses the Cipher mode to the MSOFTX3000, and the authentication for 2G network subscribers fails.
If a network carrier requires the radio access network (RAN) in 3G network to encrypt the radio channel, choose one or multiple 3G cipher algorithms supported by all RNCs controlled by the MSOFTX3000 (the last three algorithms). The cipher algorithm to be adopted by the RNC must meet the following requirements at the same time: a) It is contained in the Cipher mode command sent by the MSOFTX3000 to the RNC; b) It is supported by the RNC; c) It is supported by a UE. If such algorithms exist, after receiving the Cipher mode command from the MSOFTX3000, the RNC of Huawei selects the algorithm with the higher priority in the sequence of UEA2, UEA1, and then UEA0(No cipher for 3G). If such algorithms do not exist, the RNC sends a command which rejects the Cipher mode to the MSOFTX3000, and the authentication for 3G network subscriber fails.
If a BSC finally selects A5_0(No cipher for 2G) or the RNC selects UEA0(No cipher for 3G) as its cipher algorithm, it indicates that the BSC or RNC on the access network side does not cipher radio channel. The initial value includes all cipher algorithm except UEA2.
HUAWEI TECHNOLOGIES CO., LTD.
Adjust timer for suitable
Sync security algorithm on whole network
Based on analysis can disable or enable authentication for service access
*
Case sharing and discussing
Case 1: Why activate cipher to impact on authentication performance in VMS4/5/6? (Happened in VMS4/5/6 2013)
Case 2: For 3G, MSC configures only UEA1. RNC also configure both UEA0 and UEA1. SGSN only configure UEA0.
What happens in this case? (Happened in VMS1 2011)
*
and A8algorithms
Generate SQN
Generate RAND
Å
PLAINTEXT
BLOCK
f8
COUNT-C
DIRECTION
BEARER
LENGTH
CK
KEYSTREAM
BLOCK
CIPHERTEXT
BLOCK
f8
COUNT-C
DIRECTION
BEARER
LENGTH
CK
KEYSTREAM
BLOCK
PLAINTEXT
BLOCK
Sender
Chapter 4 Authentication Optimization
Definition
Concept
Encryption - In order to ensure the secrecy of subscriber information (speech service or non-speech service), the GSM/UMTS system specially adopts an encryption process when exchanging information between BTS/nodeB and MS
*
*
*
*
COMP128 is an implementation of the A3 and A8 algorithms defined in the GSM standard.
A3 and A8 both take a 128 bits key (Ki) and a 128 bits challenge (RAND) as inputs. A3 produces a 32 bits response (SRES) and A8 produces a 64 bits session key (Kc).
HUAWEI TECHNOLOGIES CO., LTD.
Encryption in GMS network
*
*
*
Weak authentication and encryption algorithms (COMP128 has a weakness allowing user impersonation; A5 can be broken to reveal the cipher key)
Short key length (32 bits)
No data integrity (allows certain denial of service attacks)
No network authentication (false base station attack possible)
Limited encryption scope (Encryption terminated at the base station, in clear on microwave links)
Insecure key transmission (Cipher keys and authentication parameters are transmitted in clear between and within networks)
*
false base station attack , where an attacker poses as a fake GSM network and requests the user to provide her IMSI or turn off encryption.
denial of service attacks: DoS attacks, transfer a lot of,… congestion.
HUAWEI TECHNOLOGIES CO., LTD.
*
*
RAND: network authentication random number
Function: It is a parameter for calculating XRES. It is considered as the seeds to generate authentication sets.
XRES: the expected value of subscriber response
Function: It is a parameter for checking subscriber validity. It is the standard based on which the network authenticates the subscriber.
CK: ciphering key
Function: it is an encryption parameter of subscriber information (speech and other contents transmitted by the subscriber). It is equivalent to the KC used in the 2G. network.
IK: integrity key
Function: it is an integrity protection parameter of network terminal signals, used for signaling encryption. The KC of 2G only encrypts the content transmitted by the subscriber (such as speech), while cannot encrypt signaling.
AUTN: authentication token
Function: A parameter for the USIM to determine network validity
SQN: to protect AUTN, RAND on radio channel
HUAWEI TECHNOLOGIES CO., LTD.
Home Network
Mobile station
128 bit secret key K is shared between the home network and the mobile user
Serving Network
*
AV := RAND || XRES || CK || IK || AUTN
Generate RAND
Generate SQN
MAC
AMF
*
Protection against active attacks on the radio interface
– New integrity mechanism added to protect critical signaling information on the radio interface
– Enhanced authentication protocol provides mutual authentication and freshness of cipher/integrity key towards the user
– Compared with the 3G network, the 2G network lacks an authentication flow from the MS to the network side
• Enhanced encryption
– Stronger algorithm, longer key
– Encryption terminates in the radio network controller rather than the base station
• Core network security
• Potential for secure global roaming
– Adoption of 3GPP authentication by TIA TR-45 / 3GPP2
*
All rights reserved
*
Chapter 3 KPI of security
Chapter 4 Authentication Optimization
TMSI reallocation with cipher
This parameter specifies whether MSOFTX3000 needs to send the cipher mode command to the BSC or RNC if the MSOFTX3000 reallocates the TMSI to a mobile subscriber during the authentication of service access or location update
Authset numbers required
he parameter is valid only when MAP version of the MSOFTX3000 is MAP phase2+. During the network authentication for the service access and location update of a subscriber, if the MSOFTX3000 needs to send a Send Authentication Information message to require the HLR/AuC to allocate authentication sets, the parameter specifies the number of authentication sets that the MSOFTX3000 requires the HLR/AuC to send once. Value range: 0-5.
HUAWEI TECHNOLOGIES CO., LTD.
Authentication set reuse times:
It specifies the times that an authentication set stored in the memory of VLR is reused. It is valid for 2G networks only. Value range: 0 - 255
To query the number of valid authentication sets for a subscriber, run DSP USRINF .
Remained AV when parallel get AV:
It specifies whether the MSOFTX3000 must originate the parallel obtaining authentication set operation during the process of the location update or service access. Value range: 1 - 3
HUAWEI TECHNOLOGIES CO., LTD.
MOD AUTHCFG
If a carrier requires the MSOFTX3000 to execute the authentication flow according to a proportion for the requests of location update and service access to improve the network security, run MOD AUTHCFG to modify authentication configuration parameters. Currently, the MSOFTX3000 provides 17 authentication options for the carrier
HUAWEI TECHNOLOGIES CO., LTD.
SET MAPACCFG
2G Cipher
During the authentication of service access and location update of a mobile subscriber, it specifies whether the MSOFTX3000 sends the Cipher mode command to the BSC on the access network side, that is, whether the MSOFTX3000 requires the access network to cipher radio channel (air interface)
Cipher algorithm
The parameter is valid when the MSOFTX3000 commands the access network to cipher radio channel. It indicates a cipher algorithm contained in Cipher mode command sent by the MSOFTX3000 to BSC or RNC on access network side
HUAWEI TECHNOLOGIES CO., LTD.
MM_MTN_WAIT_INIT_AUTH
The timer determines the duration for the MM module to wait for an Authentication_Response message in response to an Authentication_Request message. The authentication procedure has been started by the network. The timer T3260 is running.
MOD TIMER: MPID=138, TMRIDX=0, TMRSEQ=2, TMRVAL=5;
MM_MTN_WAIT_INIT_CIPH
After sending a security message including ciphering key(s) to a mobile station, MM module starts this timer to limit the time before completing the procedure from the mobile station.
MOD TIMER: MPID=138, TMRIDX=0, TMRSEQ=3, TMRVAL=5;
HUAWEI TECHNOLOGIES CO., LTD.
Chapter 3 KPI of security
Chapter 4 Authentication Optimization
Key performance indexes (KPIs)
The key performance indexes (KPIs) are used to reflect the quality of service (QoS) of the network and the performance of the equipment on the network.
The KPI system is formulated to help:
Understand the performance measurement system for communication equipment.
Establish performance evaluation systems.
Optimize the services and equipment based on the performance measurement results.
HUAWEI TECHNOLOGIES CO., LTD.
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Authentication
Authentication
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Authentication
Measurement Point
Measurement Entity
Measurement Unit
Measurement Type
Chapter 3 KPI of security
Chapter 4 Security Optimization
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI TECHNOLOGIES CO., LTD.
AUTHSET of HLR rate
*
AUTHSET of PVLR rate
*
AUTH Success Times
*
waits for an auth response, MSC timeout occurs
Auth response with MAC failure or Synchronization failure
Receive clear Req/Release from BSC/RNC
*
Example: analysis for MSC4 in VMS1
MSC-Date
AUTH Failures due to Illegal SRES(times)
AUTH No Response Times(times)
MHAN04H10/06
800543
248545
821607
296181
1773
2
9154832
9060826
4695
MHAN04H11/06
805013
277637
826041
327553
1719
1
9408344
9308414
3630
MHAN04H12/06
801553
272677
823032
321587
2092
30
9225804
9121637
6729
MHAN04H13/06
784826
270703
804699
320443
1541
80
9144115
9044334
6548
MHAN04H14/06
771492
267792
788967
318373
1083
0
9090011
8990861
8994
MHAN04H15/06
768813
277986
786528
329834
1147
2
8953049
8854549
4749
MHAN04H16/06
754944
280504
772026
336440
1211
0
8812575
8713344
3705
Example: analysis for MSC4 in VMS1
MSC-Date
Negative AUTH Responses by Subscribers
AUTH Failures due to Others
MHAN04H10/06
97.44%
83.92%
98.97%
0.02%
0.05%
0.96%
MHAN04H11/06
97.45%
84.76%
98.94%
0.02%
0.04%
1.01%
MHAN04H12/06
97.39%
84.79%
98.87%
0.02%
0.07%
1.03%
MHAN04H13/06
97.53%
84.48%
98.91%
0.02%
0.07%
1.00%
MHAN04H14/06
97.79%
84.11%
98.91%
0.01%
0.10%
0.98%
MHAN04H15/06
97.75%
84.28%
98.90%
0.01%
0.05%
1.03%
MHAN04H16/06
97.79%
83.37%
98.87%
0.01%
0.04%
1.07%
Cipher
Set Cipher Mode Times
Encryption Requested - LU
Encryption Requested - Service
Encryption Succ rate
Based on LAC
Encryption Successfully - LU
Encryption Successfully - Service
1. Based on SMS
2. Based on call
MSC Basic Services
Short Message Service
SMMO Failures due to Cipher-Mode Setting Failures
Total Traffic of the Office
GSM Subscriber Originated/T Calls
Which network element decides to choose cipther algorithm?
Security Analysis
*
If a network carrier requires the base station subsystem (BSS) in the 2G network to encrypt the radio channel, choose one or multiple cipher algorithms supported by all BSCs controlled by the MSOFTX3000 (The cipher algorithms include A5_1 - A5_7 and A5_0(No cipher for 2G)). The cipher algorithm to be adopted by the BSC must meet the following requirements at the same time: a) It is contained in the Cipher mode command sent by the MSOFTX3000 to a BSC; b) It is supported by the BSC; c) It is supported by a mobile station (MS). If such algorithms exist, after receiving the Cipher mode command from the MSOFTX3000, the BSC of Huawei selects the algorithm with the highest priority in the sequence of A5_7 to A5_1 and then A5_0(No cipher for 2G). If such algorithms do not exist, the BSC sends a command which refuses the Cipher mode to the MSOFTX3000, and the authentication for 2G network subscribers fails.
If a network carrier requires the radio access network (RAN) in 3G network to encrypt the radio channel, choose one or multiple 3G cipher algorithms supported by all RNCs controlled by the MSOFTX3000 (the last three algorithms). The cipher algorithm to be adopted by the RNC must meet the following requirements at the same time: a) It is contained in the Cipher mode command sent by the MSOFTX3000 to the RNC; b) It is supported by the RNC; c) It is supported by a UE. If such algorithms exist, after receiving the Cipher mode command from the MSOFTX3000, the RNC of Huawei selects the algorithm with the higher priority in the sequence of UEA2, UEA1, and then UEA0(No cipher for 3G). If such algorithms do not exist, the RNC sends a command which rejects the Cipher mode to the MSOFTX3000, and the authentication for 3G network subscriber fails.
If a BSC finally selects A5_0(No cipher for 2G) or the RNC selects UEA0(No cipher for 3G) as its cipher algorithm, it indicates that the BSC or RNC on the access network side does not cipher radio channel. The initial value includes all cipher algorithm except UEA2.
HUAWEI TECHNOLOGIES CO., LTD.
Adjust timer for suitable
Sync security algorithm on whole network
Based on analysis can disable or enable authentication for service access
*
Case sharing and discussing
Case 1: Why activate cipher to impact on authentication performance in VMS4/5/6? (Happened in VMS4/5/6 2013)
Case 2: For 3G, MSC configures only UEA1. RNC also configure both UEA0 and UEA1. SGSN only configure UEA0.
What happens in this case? (Happened in VMS1 2011)
*
and A8algorithms
Generate SQN
Generate RAND
Å
PLAINTEXT
BLOCK
f8
COUNT-C
DIRECTION
BEARER
LENGTH
CK
KEYSTREAM
BLOCK
CIPHERTEXT
BLOCK
f8
COUNT-C
DIRECTION
BEARER
LENGTH
CK
KEYSTREAM
BLOCK
PLAINTEXT
BLOCK
Sender
