250 likes | 456 Views
3GPP WLAN Interworking Security. Colin Blanchard British Telecommunications (WNG-SC) 18 th March 2004. Summary. 3GPP IEEE 802.11 Interworking Scenarios Architecture Reference Point Definitions Security Requirements The authentication and link layer key generation Scheme
E N D
3GPP WLAN Interworking Security Colin Blanchard British Telecommunications (WNG-SC) 18th March 2004 Colin Blanchard, BT
Summary • 3GPP IEEE 802.11 Interworking Scenarios • Architecture Reference Point Definitions • Security Requirements • The authentication and link layer key generation Scheme • UE initiated tunnels • Securing the authentication and link layer key generation application. Colin Blanchard, BT
WLAN Interworking • The 3GPP approach to IEEE 802.11 WLAN inter- working is based on the concept of gradually adding more functionality and increasing user experience by defining and then successively working on a number of interworking scenarios. Colin Blanchard, BT
Interworking Scenarios for Release 6 • Scenario 2 provides authentication, authorisation and accounting (AAA) by the 3GPP platform. • Ensures that the security level of these AAA functions applied to IEEE 802.11 WLAN is in line with that of the 3GPP platform. • Ensures that the user does not see significant difference in the way access is granted. • Provides a means for the network operator to charge for access in a consistent manner over the two platforms. Colin Blanchard, BT
Interworking Scenarios for Release 6 • Scenario 3 allows the operator to extend 3GPP system PS based services to the IEEE 802.11 WLAN. These services may include: • GPRS Access Point Names, • Internet Multimedia Subsystem (IMS) based services, • Location Based services, • Presence based services, • Instant messaging, • Multimedia Broadcast and Multicast Services (MBMS) • Video Streaming Colin Blanchard, BT
Reference Point Definitions Colin Blanchard, BT
Reference points of interest to WNG • Ww • connects the WLAN UE to the WLAN Access Network per IEEE 802.specifications i.e. IEEE 802.11i. • Wn: • reference point between the WLAN Access Network (AN) and the WAG. forces traffic on an WLAN UE initiated tunnel to travel via the Wireless LAN Access Gateway (WAG). • Wu • Represents the IEEE 802.11 WLAN UE-initiated tunnel between the IEEE 802.11 WLAN UE and the Packet data Gateway (PDG). Colin Blanchard, BT
3GPP TS 33.234 specification • Defines security features and mechanisms that are necessary to counter identified vulnerabilities: • Authentication of the subscriber and the network and Security Association Management in scenario 2 • User Identity Privacy in WLAN Access in scenario 2 • Re-authentication in WLAN Access in scenario 2 • Confidentiality and Integrity protection in scenario 2 and 3 • Security Association Management for UE-initiated tunnels in scenario 3 Colin Blanchard, BT
Security Requirements • 14 requirements defined e.g. • The authentication scheme shall be based on a mutual challenge response protocol. • The subscriber should have at least the same security level for WLAN access as for their current cellular access subscription. • 3GPP systems should provide the required keying material with sufficient length and the acceptable levels of entropy as required by the IEEE 802.11 WLAN subsystem. • The IEEE 802.11 WLAN technology specific connection between the WLAN-UE and IEEE 802.11 WLAN AN shall be able to utilise the generated session keying material for protecting the integrity of an authenticated connection. Colin Blanchard, BT
The authentication scheme (Scenario 2) Colin Blanchard, BT
USIM application based authentication • Proven solution that satisfies the authentication requirements • This form of authentication is based on EAP-AKA . (proposed rfc) • 16 detailed steps for the EAP-AKA procedure defined in TS33.234 Colin Blanchard, BT
SIM based authentication • As an alternative, SIM based authentication is useful for GSM subscribers that do not have a UICC with a USIM application. • The IEEE 802.11 WLAN UE and AAA server must support both EAP AKA and EAP SIM methods and TS33.234 specifies a procedure to allow the HSS to select the method Colin Blanchard, BT
User Identity Privacy • Used to avoid sending any clear text permanent subscriber identification information which would compromise the subscriber’s identity and location on the radio interface. • Temporary Identities (Pseudonyms or re-authentication identities) are generated as some form of encrypted IMSI. • Advanced Encryption Standard (AES) in Electronic Codebook (ECB) mode of operation with 128-bit keys is used for this purpose. Colin Blanchard, BT
Fast Re-authentication • When authentication processes have to be performed frequently, it can lead to a high network load especially when the number of connected users is high. It is more efficient then to perform fast re-authentications. • The re-authentication process allows the IEEE 802.11 WLAN-AN to authenticate a certain user in a lighter process than a full authentication, making use of stored keys derived on the previous full authentication. • The simplified process takes 9 steps instead of the previous 16. Colin Blanchard, BT
Confidentiality Protection (Scenario 2) • When the WLAN link layer is based on IEEE 802.11 then the confidentiality mechanisms of IEEE 802.11i is used. • EAP/AKA and EAP/SIM specify how the key material required for the link layer confidentiality mechanism is obtained from the master session key MSK. Colin Blanchard, BT
Integrity Protection (Scenario 2) • When the WLAN link layer is based on IEEE 802.11 then the integrity mechanisms of IEEE 802.11i are used. • EAP/AKA and EAP/SIM specify how the key material required for the link layer integrity mechanism is obtained from the master session key MSK. Colin Blanchard, BT
UE initiated tunnel(Scenario 3) • Having established an authenticated link with the Access Point, user traffic is tunnelled to the home network via the Wu interface. • This is known as a UE initiated tunnel and differentiates the functionality available in scenario 3 from scenario 2. Colin Blanchard, BT
Tunnel set-up procedure • The tunnel endpoints, the UE and the PDG, are mutually authenticated when setting up the tunnel. • The tunnel set-up procedure results in security associations • These are used to provide confidentiality and integrity protection, if required, for data transmitted through the tunnel. Colin Blanchard, BT
Confidentiality and Integrity Protection (Scenario 3) • IPSec ESP protects the confidentiality and Integrity of IP packets sent through a tunnel between the UE and the Packet Data Gateway (PDG) • The IEEE 802.11 WLAN UE and the PDG use IKEv2, in order to establish IPSec security associations. • Public key signature based authentication with certificates, as specified in [ikev2], is used to authenticate the PDG. • EAP-AKA within IKEv2 is used to authenticate IEEE 802.11 WLAN UE's, which contain a USIM or EAP-SIM for WLAN UE's, which contain a SIM and no USIM. Colin Blanchard, BT
Securing the EAP/AKA or EAP/SIM application • It cannot be assumed that the IEEE 802.11 WLAN device has the space and an interface to support a UICC card, so 3GPP SA3 have proposed that either: Colin Blanchard, BT
USB connection • The UICC card with SIM or USIM application can be connected to IEEE 802.11 WLAN UE via the standard USB port. • This means that the user requires 2 UICC's or if only one UICC, that it is removed from the mobile phone for the duration of the WLAN access session meaning that the user is restricted from making or receiving calls over their mobile phone. Colin Blanchard, BT
Bluetooth Connection • A better alternative is where the UICC card resides in a 3GPP UE and the USIM or SIM application can be accessed by IEEE 802.11 WLAN-UE through Bluetooth. • This would facilitate the user with the ability to get simultaneous access on IEEE 802.11 WLAN and 3GPP networks with the same UICC Colin Blanchard, BT
U(SIM) reuse on local interfaces Colin Blanchard, BT
References • 3G Security; Wireless Local Area Network (WLAN) Interworking Security(Release 6) TS33.234 draft V1.0.1 http://www.3gpp.org/ftp/Specs/archive/33_series/33.234/33234-101.zip • TR 33.817 Feasibility study on (Universal) Subscriber Interface Module (U)SIM security reuse by peripheral devices on local interfaces. http://www.3gpp.org/ftp/Specs/archive/33_series/33.817/33817-112.zip Colin Blanchard, BT
Summary and Future plans • TS33.234 planned for approval on 18th March 04 • Ongoing work • Optimal distribution of EAP/AKA functions and parameters between the UICC and the IEEE 802.11 WLAN-UE and their persistence, taking account: • The security protection of the parameters in storage and transfer, for example the PIN used to protect these from access • Performance when first accessing and moving between networks • Compatibility with existing IEEE 802.11 WLAN Client software. • Will require close cooperation with IEEE 802.11 Colin Blanchard, BT