1 / 26

Long Term Evolution and its security infrastructure

Long Term Evolution and its security infrastructure. Fataneh Safavieh Mobile security Seminar,Bit,07.02.2011. Outline. Introduction: some history &background What is LTE? LTE-SAE Security: some highlights Home(e)Node B Security. Introduction: some history & background.

mieko
Download Presentation

Long Term Evolution and its security infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Long Term Evolutionandits security infrastructure Fataneh Safavieh Mobile security Seminar,Bit,07.02.2011

  2. Outline • Introduction: some history &background • What is LTE? • LTE-SAE Security: some highlights • Home(e)Node B Security

  3. Introduction: some history & background

  4. Mobile Evolution • Improvements in mobile communication technology during the last two decades • The Mobile Broadband is as important as Internt http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

  5. User Expectations • Highly desire of broadband acces everywhere 1. Home, Office 2. Train, Aeroplane, Canteen, during the Breake • Ubiquity (anywhere, anytime) • Higher voice quality • Higher speed • Lower prices • Multitude of services http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

  6. 3GPP • The 3rd generation partnership project • A global partnership of six SDOs: • Europe ETSI • USA ATIS • China CCSA • Japan ARIB & TTC • Korea TTA LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker

  7. What is LTE?

  8. What is LTE? • The latest standard in the mobile network technology tree • A project of 3GPP & mainly built on 3GPP cellular systems´ family • May be referred as E-UTRA & E-UTRAN • Has advanced new radio interface • Circuit switched networksall-IP networks • Broadband connectivity on the move • 100Mbps(DL), 50Mbps(UL), ~10 ms Latency

  9. UMTS and LTE architecture Extract from ”Towards Global Mobile Broadband” A White Paper from the UMTS Forum

  10. LTE key features • High Spectral Efficiency morecustomers, less costs • Co-existence with other standards • Flexible radio planning (cell size of 5km30/100km) • Reduced Latency less RTT, multi-player gaming, audio/video conferencing • Reduced costs for operators (OPEX & CAPEX) • Increased data rates via enhanced air interface (OFDMA,SC-FDMA,MIMO) • All-IP environment SAE or EPC key advantages of SAE

  11. LTE-SAE Security: some highlights

  12. Security in the LTE-SAE Network Security features in the network (from TS 33.401- Fig.4-1)

  13. Security features in the LTE-SAE Network Five security feature groups defined in TS 33.401 • (I): Network access security • provides users with secure access to services • protects against attacks on the access interface • (II):Network domain security • enables nodes to exchange signaling- & user- data securely • protects against attacks on the wire line network • (III): User domain security • Provides secure access to mobile stations • (IV): Application domain security • enables applications in the user & provider domains to exchnage messages securely • (V): Visibility and configurability of security • allows the users to learn whether a security feature is in operation

  14. Authentication & key agreement • HSS generates authentication data and provides it to MME • Challenge-response authentication and key agreement procedure between MME and UE 4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009

  15. Confidentiality & integrity of signaling • RRC signaling between UE and E-UTRAN • NAS signaling between UE and MME • S1 interface signaling • protection is not UE-specific • optional to use 4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009

  16. User plane confidentiality • S1-U protection is not UE-specific • (Enhanced) network domain security mechanisms (based on IPsec) • Optional to use • Integrity is not protected for various reasons, e.g.: • performance • limited protection for application layer 4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009

  17. Cryptographic network separation Key hierarchy (TS 33.401 - Figure 6.2-1)

  18. Cryptographic network separation • Authentication vectors are specific to the serving network AV’s usable in UTRAN/GERAN cannot be used in EPS • AV’s usable for UTRAN/GERAN access cannot be used for EUTRAN access • Solution by a “separation bit” • Rel-99 USIM is still sufficient for EPS access ME has to check the “separation bit” (when accessing E-UTRAN) 4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009

  19. Home (e) Node B Security

  20. Operator’s core network UE HNB insecure link SeGW System architecture of H(e)NB • E-UTRAN air interface between UE and HeNB • HeNB accesses operator’s core network via a Security Gateway • The backhaul between HeNB and SeGW may be insecure • Operator’s core network performs mutual authentication with HeNB via SeGW • Security tunnel between HeNB and SeGW to protect information transmitted in backhaul link Figure from draft TR 33.820

  21. Common threats to H(e)NB • Physical tampering with H(e)NB • Fraudulent software update / configuration changes • Denial of service attacks against core network • Eavesdropping of the other user’s UTRAN or E-UTRAN user data • User cloning the H(e)NB authentication Token From TR 33.820

  22. Security requirements to H(e)NB • Unprotected data should never leave a secure domain inside H(e)NB • Software updates and configuration changes for the H(e)NB shall be cryptographically signed (by operator or H(e)NB supplier) and verified configuration changes shall be authorized by H(e)NB operator or supplier • Unauthenticated traffic shall be filtered out on the links between the core network and the H(e)NB • New users should be required to explicitly confirm their acceptance before being joined to an H(e)NB • H(e)NB authentication credentials shall be stored inside a secure domain i.e. from which outsider cannot retrieve or clone the credentials From TR 33.820

  23. References and Resources

  24. References and Resources • A Long Term Evolution Downlink inspired channel simulator using the SUI 3Channel Model, Thesis of Sanjay Kumar Sarkar, August 2009 • LTE The UMTS Long Term Evolution- Sesia, Toufik, Baker (WILEY Publication) 2009 • http://www.nsma.org/conf2008/Presentation/2-1045-MiyaharaLTE_Overview_NMSA%2021March08_final.pdf • Towards Global Mobile Broadband” A White Paper from the UMTS Forum, February 2008 • TS 33.401

  25. References and Resources • 4th ETSI Security Workshop- Sophia-Antipolis , 13-14 January 2009 • TR 33.820 • A Survey of Security Threats on 4G Networks, Yongsuk Park and Taejoon Park • Security in the LTE-SAE Network, www.agilent.com/find/lte • www.3gpp.org • www.radio-electronics.com • http://sites.google.com/site/lteencyclopedia

  26. Thank You For Your Attention!

More Related