Long Term Evolution - Wcdma
-
Upload
sondang123 -
Category
Documents
-
view
22 -
download
3
description
Transcript of Long Term Evolution - Wcdma
Long Term EvolutionLong Term Evolutionandand
its security infrastructure its security infrastructure
Fataneh SafaviehFataneh SafaviehMobile security Seminar,Bit,07.02.2011Mobile security Seminar,Bit,07.02.2011
2
Outline
Introduction: some history &backgroundWhat is LTE?LTE-SAE Security: some highlightsHome(e)Node B Security
33
Introduction:Introduction: some history & backgroundsome history & background
4
Mobile Evolution
Improvements in mobile communication technology during the last two decades
The Mobile Broadband is as important as Internt
http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
5
User Expectations
Highly desire of broadband acces everywhere1. Home, Office
2. Train, Aeroplane, Canteen, during the Breake
Ubiquity (anywhere, anytime) Higher voice quality Higher speed Lower prices Multitude of services
http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf
6
3GPP
The 3rd generation partnership project
A global partnership of six SDOs:
1. Europe ETSI
2. USA ATIS
3. China CCSA
4. Japan ARIB & TTC
5. Korea TTA
LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker
77
What is LTE?What is LTE?
8
What is LTE?
The latest standard in the mobile network technology tree
A project of 3GPP & mainly built on 3GPP cellular systems´ family
May be referred as E-UTRA & E-UTRAN Has advanced new radio interface Circuit switched networksall-IP networks Broadband connectivity on the move 100Mbps(DL), 50Mbps(UL), ~10 ms Latency
9
UMTS and LTE architecture
Extract from ”Towards Global Mobile Broadband” A White Paper from the UMTS Forum
10
LTE key features
High Spectral Efficiency more customers, less costs
Co-existence with other standards Flexible radio planning (cell size of 5km30/100km) Reduced Latency less RTT, multi-player gaming,
audio/video conferencing Reduced costs for operators (OPEX & CAPEX) Increased data rates via enhanced air interface
(OFDMA,SC-FDMA,MIMO) All-IP environment SAE or EPC
key advantages of SAE
1111
LTE-SAE Security:LTE-SAE Security: some highlightssome highlights
12
Security in the LTE-SAE Network
Security features in the network (from TS 33.401- Fig.4-1)
13
Security features in the LTE-SAE Network
Five security feature groups defined in TS 33.401
(I): Network access security provides users with secure access to services protects against attacks on the access interface
(II): Network domain security enables nodes to exchange signaling- & user- data securely protects against attacks on the wire line network
(III): User domain security Provides secure access to mobile stations
(IV): Application domain security enables applications in the user & provider domains to exchnage messages
securely
(V): Visibility and configurability of security allows the users to learn whether a security feature is in operation
15
Authentication & key agreement
HSS generates authentication data and provides it to MME
Challenge-response authentication and key agreement procedure between MME and UE
4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009
16
Confidentiality & integrity of signaling
RRC signaling between UE and E-UTRAN NAS signaling between UE and MME S1 interface signaling
protection is not UE-specific optional to use
4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009
17
User plane confidentiality
S1-U protection is not UE-specific (Enhanced) network domain security mechanisms (based on IPsec) Optional to use
Integrity is not protected for various reasons, e.g.: performance limited protection for application layer
4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009
18
Cryptographic network separation
Key hierarchy (TS 33.401 - Figure 6.2-1)
19
Cryptographic network separation
Authentication vectors are specific to the serving network
AV’s usable in UTRAN/GERAN cannot be used in EPS
AV’s usable for UTRAN/GERAN access cannot be used for EUTRAN access
Solution by a “separation bit”
Rel-99 USIM is still sufficient for EPS access
ME has to check the “separation bit” (when accessing E-UTRAN)
4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009
2121
Home (e) Node B SecurityHome (e) Node B Security
22
System architecture of H(e)NB
UE HNB SeGWinsecure link
Operator’s core network
Figure from draft TR 33.820
E-UTRAN air interface between UE and HeNBHeNB accesses operator’s core network via a Security GatewayThe backhaul between HeNB and SeGW may be insecure Operator’s core network performs mutual authentication with HeNB
via SeGWSecurity tunnel between HeNB and SeGW to protect information transmitted in backhaul link
23
Common threats to H(e)NB
1. Physical tampering with H(e)NB
2. Fraudulent software update / configuration changes
3. Denial of service attacks against core network
4. Eavesdropping of the other user’s UTRAN or E-UTRAN user data
5. User cloning the H(e)NB authentication Token
From TR 33.820
24
Security requirements to H(e)NB
1. Unprotected data should never leave a secure domain inside H(e)NB
2. Software updates and configuration changes for the H(e)NB shall be cryptographically signed (by operator or H(e)NB supplier) and verified configuration changes shall be authorized by H(e)NB operator or supplier
3. Unauthenticated traffic shall be filtered out on the links between the core network and the H(e)NB
4. New users should be required to explicitly confirm their acceptance before being joined to an H(e)NB
5. H(e)NB authentication credentials shall be stored inside a secure domain i.e. from which outsider cannot retrieve or clone the credentials
From TR 33.820
2525
References and ResourcesReferences and Resources
26
References and Resources
A Long Term Evolution Downlink inspired channel simulator using the SUI 3Channel Model, Thesis of Sanjay Kumar Sarkar, August 2009
LTE The UMTS Long Term Evolution-
Sesia, Toufik, Baker (WILEY Publication) 2009 http://www.nsma.org/conf2008/Presentation/2-1045-Miya
haraLTE_Overview_NMSA%2021March08_final.pdf Towards Global Mobile Broadband” A White Paper
from the UMTS Forum, February 2008 TS 33.401
27
References and Resources
4th ETSI Security Workshop- Sophia-Antipolis , 13-14 January 2009 TR 33.820 A Survey of Security Threats on 4G Networks,
Yongsuk Park and Taejoon Park Security in the LTE-SAE Network,
www.agilent.com/find/lte www.3gpp.org www.radio-electronics.com http://sites.google.com/site/lteencyclopedia
2828
Thank Thank YouYou
ForFor
YourYour
Attention!Attention!