Download LTE Security Architecture Fundamentals

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Deep packet inspection wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript
3GPP/LTE Security
Session #2: LTE
Security Architecture
Fundamentals
Klaas Wierenga
Consulting Engineer, Corporate Development
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
1
Agenda
 Intro
…
…
…
…
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
2
Intro
…
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
3
The LTE System
 Radio Side (LTE – Long Term
Evolution/Evolved UTRAN EUTRAN)
Presentation_ID
 Network Side (SAE – System
Architecture Evolution/Evolved
Packet Core - EPC)
 Improvements in spectral efficiency,
user throughput, latency
 Improvement in latency, capacity,
throughput, idle to active transitions
 Simplification of the radio network
 Simplification of the core network
 Efficient support of packet based
services: Multicast,
VoIP, etc.
 Optimization for IP traffic and
services
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
 Simplified support and handover to
non-3GPP access technologies
4
Overview of 3GPP LTE/SAE System
eNodeB
UE
S1-MME
MME
HSS
PCRF
X2
eNodeB
S-GW
S1-U
Evolved UTRAN(E-UTRAN)
PDN-GW
S5
Evolved Packet Core (EPC)
• UE = User Equipment
• MME = Mobility Management Entity, termination point in network for
ciphering/integrity protection for NAS signaling, handles the security key
management, authenticating users
• S-GW = Serving Gateway
• PDN-GW = PDN Gateway
• PCRF = Policy Charging Rule Function
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
5
Evolved Packet Core GW Capabilities
 Serving GW functions include:





Local Mobility Anchor point for inter-eNodeB handover (i.e. GTP
termination)
PMIP or GTP support towards PDN Gateway
Per flow QoS Policy Enforcement
Lawful Interception
Traffic Accounting
PDN GW
IP Tunnel
 Both can be combined if there is a full mesh
between base stations and GWs
Serving
GW
IP Tunnel
MAC


Policy Enforcement (QoS, charging, mobility)
Per-user based packet filtering
Mobility anchoring for intra- and inter-3GPP mobility (requires GTP
and MIP HA)
Charging Support
Lawful Interception
Security



Layer 3
 PDN GW functions include:
OFDMA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
6
Evolving Security Architecture
Radio Controller
Core Network
Handset Authentication
GSM
Ciphering
Handset Authentication + Ciphering
GPRS
Mutual Authentication
3G
Ciphering + Signalling integrity
Mutual Authentication
SAE/LTE
Ciphering + Radio
signalling
integrity
Optional IPSec
Core Signalling integrity
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
7
SAE/LTE Security
 Security implications:
 Flat architecture
 Interworking with legacy and non-3GPP networks
 eNB placement in untrusted locations
 Keep security breaches local
 Result:
 Extended Authentication and Key Agreement
 More complex key hierarchy
 More complex interworking security
 Additional security for (home)eNB
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
8
LTE/SAE architecture
ME
USIM
AN
HE
SN
=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
 (I) Network access security: secure access to services, protect against attacks on
(radio) access links
 (II) Network domain security: enable nodes to securely exchange signaling data &
user data (between AN/SN and within AN, protect against attacks wireline network
 (III) User domain security: secure access to mobile stations
 (IV) Application domain security: enable applications in the user and in the
provider domain to securely exchange messages
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
9
Non-3GPP Access
ME
USIM
AN
HE
SN





=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
(I) Network access security
(II) Network domain security
(III) Non-3GPP domain security
(IV) Application domain security
(V) User domain security
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
10
Network access security
 User identity (and location) confidentiality
 Entity authentication
 Confidentiality
 Data integrity
 Mobile equipment identification
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
11
The use of a SIM
 Subscription Identification Module
 SIM holds secret key Ki, Home network holds another
 Used as Identity & Security key
 IMSI is used as user identity
 Benefits
 Easy to get authentication from home network while in visited network without
having to handle Ki
Source: ETRI
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
12
Network Access Protection
 Authentication and key agreement
 UMTS AKA re-used for SAE
 SIM access to LTE explicitly excluded
 Signaling protection
 For core network (NAS) signaling, integrity and confidentiality protection
terminates in MME (Mobile Management Entity)
 For radio network (RRC) signaling, integrity and confidentiality protection
terminates in eNodeB
 User plane protection
 Encryption terminates in eNodeB
 Network domain security for network internal interfaces
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
13
Authentication and Key Agreement
 HSS generates authN data and provides it to MME
 Challenge-response authN and key agreement between MME
and UE
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
14
Confidentiality and Integrity of Signaling
 RRC signaling between UE and E-UTRAN
 NAS signaling between UE and MME
 S1 interface signaling (optional) protection not UE-specific
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
15
User Plane Confidentiality
 S1-U (optional) protection not UE-specific, based on
IPsec
 Integrity not protected
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
16
Key Hierarchy in LTE/SAE
 Cryptographic network separation
 Authentication vectors specific to serving network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
17
Handovers without MME
 Handovers possible between eNB’s (performance)
 If keys are passed unmodified, compromised eNB
compromises other eNB
 One-way function before passing over
 MME is involved after HO for further key passing
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
18
Home eNodeB security threats
 Compromise HeNB credentials
 Physical attack HeNB
 Configuration attack
 MitM attacks etc.
 DoS attacks etc.
 User data and privacy attacks
 Radio Resources and management attacks
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
19
Home ENodeB security measures
 Mutual AuthN HeNB and home network
 Secure tunnel for backhaul
 Trusted environment inside HeNB
 Access Control
 OAM security mechanisms
 Hosting Party authentication (Hosting party Module)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
20
Network Domain Security
 Enable nodes to securely exchange signaling data & user data
 between Access Network and Serving Network and within Access
Network
 Protect against attacks on wireline network
 No security in 2G core network
 Now security is needed:
 IP used for signaling and user traffic
 Open and easily accessible protocols
 New service providers (content, data service, HLR)
 Network elements can be remote (eNB)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
21
Security Domains
 Managed by single administrative authority
 Border between security domains protected by
Security Gateway (SEG)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
22
Security Gateway
 Handle communication over Za interface (SEG-SEG)
 AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2
for negotiating, establishing and maintaining secure ESP tunnel
 Handle communication over (optional) Zb interface (SEG- NE or NE-NE)
 Implement ESP tunnel and IKEv1 or IKEv2
 ESP with AuthN, integrity, optional encryption
 All traffic flows through SEG before leaving or entering security domain
 Secure storage of long-term keys used for IKEv1 and IKEv2
 Hop-by-hop security (chained tunnels or hub-and-spoke)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
23
Security for Network Elements
 Services
 Data integrity
 Data origin authentication
 Anti-replay
 Confidentiality (optional)
 Using IPsec ESP (Encapsulation Security Payload)
 Between SEGs: tunnel mode
 Key management: IKEv1 or IKEv2
 Security associations from NE only to SEG or NE’s in own
domain
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
24
Trust validation with IPsec
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
25
Trust validation for TLS
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
26
User domain security
 Secure access to mobile stations
 Few slides
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
27
Application domain security
 The set of security features that enable applications in
the user and in the provider domain to securely
exchange messages.
 Secure messaging between the USIM and the network
(TS 22.048)
 Slides about IMS, SIP
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
28
IMS Security
 Security/AuthN mechnism
 Mutual AuthN using UMTS AKA
 Typically implemented on UICC (ISIM application)
 UMTS AKA integrated into HTTP digest (RFC3310)
 NASS-IMS bundled AuthN
 SIP Digest based AuthN
 Access security with TLS
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
29
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
30
Interworking with legacy network
 Few slides about CDMA-3GPP interworking
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
31
References
 Principles, objectives and requirements
 TS 33.120 Security principles and objectives
 TS 21.133 Security threats and requirements
 Architecture, mechanisms and algorithms
 TS 33.102 Security architecture
 TS 33.103 Integration guidelines
 TS 33.105 Cryptographic algorithm requirements
 TS 35.20x Access network algorithm specifications
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
32
References

TS 33.210 v8.3.0: Network Domain Security: IP-layer
(http://www.3gpp.org/ftp/Specs/archive/33_series/33.210/)

TS 33.310 V9.0.0: Network Domain Security: Authentication Framework
http://www.3gpp.org/ftp/Specs/archive/33_series/33.310/

TS 33.401 V9.0.0: SAE security architecture
http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/

TS 33.402 V9.0.0: SAE security aspects of non 3GPP access
http://www.3gpp.org/ftp/Specs/archive/33_series/33.402/

TR 33.820 V8.1.0: Security of H(e)NB
http://www.3gpp.org/ftp/Specs/archive/33_series/33.820/33820-810.zip

3GPP TS 33.102 V8.3.0: Security architecture
http://www.3gpp.org/ftp/Specs/archive/33_series/33.102/33102-830.zip
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
33
Credits
 Valterri Niemi (3GPP SA3 chair)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
34
Backup
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
35
UMTS Authentication and Key
Agreement (AKA)
 Procedure to authenticate the user and establish pair
of cipher and integrity between VLR/SGSN and USIM
Source: ETRI
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
36
X2 Routing and Handover
Source
ENB
SGW
Target
ENB
30 ms
Interruption
Time
Out of Order
Packets
Expect out of order packets around handover
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
37
Summary
 In this session, we reviewed …
See you in 2 weeks for the Final Session!
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
38
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
39
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
40
40
How does all we discussed relate to LTE/SAE
architecture?
eNodeB
UE
S1-MME
MME
PCRF
X2
eNodeB
S-GW
S1-U
User Plane: Integrity Protection Not Used
Encryption Recommended
HSS
PDN-GW
S5/S8
S1-MME: Integrity Protection Required
Security Mechanisms highly
recommended for inter-network
connections such as for roaming
(under study?)
Signalling: Integrity Protection Required
Encryption Recommended
S1-U: ?
Authentication Required
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
41