Download Presentation Title Size 30PT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
Document related concepts

Network tap wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Airborne Networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Cisco Systems wikipedia , lookup

Transcript 
3GPP/LTE Security
Session #2: LTE
Security Architecture
Fundamentals
Klaas Wierenga
Consulting Engineer, Corporate Development
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
1
Agenda
 Intro
 Network access security
 Network domain security
 User domain security
 Application domain security
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
2
INTRO
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
3
Recap session 1
 Crypto can be used to provide confidentiality and
integrity between 2 entities
 3GPP confidentiality: AES-128-CTR, SNOW 3G
 3GPP integrity: EIA2 (AES-CMAC), EIA1 (SNOW 3G-GMAC)
 Key usage needs to be limited
 Access
 Validity
 Context
 Key derivation is used to achieve separation
 Purpose (integrity, confidentiality)
 Identity (network element A, network element B)
 Public key certificates issued by a CA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
4
Overview of 3GPP LTE/SAE System
eNodeB
UE
S1-MME
MME
HSS
PCRF
X2
eNodeB
S-GW
S1-U
Evolved UTRAN(E-UTRAN)
PDN-GW
S5
Evolved Packet Core (EPC)
• UE = User Equipment
• MME = Mobility Management Entity, termination point in network for
ciphering/integrity protection for NAS signaling, handles the security key
management, authenticating users
• S-GW = Serving Gateway
• PDN-GW = PDN Gateway
• PCRF = Policy Charging Rule Function
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
5
SAE/LTE Security
 Security implications:
 Flat architecture (all radio protocols terminate in eNB, eNB ‘speaks’ IP)
 Interworking with legacy and non-3GPP networks
 eNB placement in untrusted locations
 Keep security breaches local
 Result:
 Extended Authentication and Key Agreement
 More complex key hierarchy
 More complex interworking security
 Additional security for (home)eNB
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
6
Evolving Security Architecture
Radio Controller
Core Network
Handset Authentication
GSM
Ciphering
Handset Authentication + Ciphering
GPRS
Mutual Authentication
3G
Ciphering + Signalling integrity
Mutual Authentication
SAE/LTE
Ciphering + Radio
signalling
integrity
Optional IPSec
Core Signalling integrity
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
7
LTE/SAE security architecture
ME
USIM
AN
HE
SN
=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
 (I) Network access security: secure access to services, protect against attacks on
(radio) access links
 (II) Network domain security: enable nodes to securely exchange signaling data &
user data (between AN/SN and within AN, protect against attacks wireline network
 (III) User domain security: secure access to mobile stations
 (IV) Application domain security: enable applications in the user and in the
provider domain to securely exchange messages
 This session: Network Access and Network Domain security
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
8
NETWORK ACCESS SECURITY
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
9
Network access security
 User identity (and location) confidentiality
 Entity authentication
 Confidentiality
 Data integrity
 Mobile equipment identification
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
10
The use of a SIM
 Subscription Identification Module
 SIM holds secret key Ki, Home network holds another
 Used as Identity & Security key
 IMSI is used as user identity
 Benefits
 Easy to get authentication from home network while in visited network without
having to handle Ki
Source: ETRI
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
11
Network Access Protection
 Authentication and key agreement
 UMTS AKA re-used for SAE
 Signaling protection
 For core network (NAS) signaling, integrity and confidentiality protection
terminates in MME (Mobile Management Entity)
 For radio network (RRC) signaling, integrity and confidentiality protection
terminates in eNodeB
 User plane protection
 Encryption terminates in eNodeB
 Network domain security for network internal interfaces
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
12
Trust establishment between UE and SN
S1MME
eNodeB
MM
E
HSS
PCRF
PCRF
HSS
MM
E
X2
U
E
eNodeB
S-GW
S1-U
PDN-GW
PDNGW
S-GW
S5
K ASME (CK,IK,SN Id)
K NASenc, K NASint
K eNB (Kasme)
K UPenc, K RRCint, K RRCenc
(K EnB)
• Trust exists between
• UE and Home Network
• Home Network and Serving Network
• Needed: between UE and Serving Network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
13
Distribution of authentication data from
HE to MME
MME
HE
Authentication data request
IMSI, SN identity, Network Type
Type
Authentication data response
MME security context(s)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
14
Key Hierarchy in LTE/SAE
 Cryptographic network separation
 Authentication vectors specific to serving network
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
15
Key derivation for network nodes
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
16
eNB handovers
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
17
K eNodeB derivation and handovers
 Handovers without MME involvement: horizontal
 Backward security through one-way function (old eNB, cell-id, freq)
 MME involved after handover: vertical
 Forward security after 2 hops (NH, old eNB)
 If MME involved during handover
 Forward security effective immediately
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
18
Key derivation for ME
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
19
Authentication and Key Agreement
 HSS generates authN data and provides it to MME
 Challenge-response authN and key agreement between MME
and UE
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
20
Confidentiality and Integrity of Signaling
 RRC signaling between UE and E-UTRAN
 NAS signaling between UE and MME
 S1 interface signaling (optional) protection not UE-specific
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
21
User Plane Confidentiality
 S1-U (optional) protection not UE-specific, based on
IPsec
 Integrity not protected
 Overhead with small packets
 Integrity protected at higher layers (IMS media security)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
22
Summary
Confidentiality
Integrity
NAS
Recommended
Shall
RRC
Recommended
Shall
UP
Recommended
Shall not (UE-eNB)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
23
Home eNodeB security threats
 Compromise HeNB credentials
 Physical attack HeNB
 Configuration attack
 MitM attacks etc.
 DoS attacks etc.
 User data and privacy attacks
 Radio Resources and management attacks
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
24
Home eNodeB security measures
 Mutual AuthN HeNB and home network
 Secure tunnel for backhaul
 Trusted environment inside HeNB
 Access Control
 OAM security mechanisms
 Hosting Party authentication (Hosting Party Module)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
25
NETWORK DOMAIN SECURITY
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
26
Network Domain Security
 Enable nodes to securely exchange signaling data & user data
 between Access Network and Serving Network, within Access
Network and between Security Domains
 Protect against attacks on wireline network
 No security in 2G core network
 Now security is needed:
 IP used for signaling and user traffic
 Open and easily accessible protocols
 New service providers (content, data service, HLR)
 Network elements can be remote (eNB)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
27
Security Domains
 Managed by single administrative authority
 Border between security domains protected by
Security Gateway (SEG)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
28
Security Gateway
 Handle communication over Za interface (SEG-SEG)
 AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2
for negotiating, establishing and maintaining secure ESP tunnel
 Handle communication over (optional) Zb interface (SEG- NE or NE-NE)
 Implement ESP tunnel and IKEv1 or IKEv2
 ESP with AuthN, integrity, optional encryption
 Shall implement IKEv1 and IKEv2
 All traffic flows through SEG before leaving or entering security domain
 Secure storage of long-term keys used for IKEv1 and IKEv2
 Hop-by-hop security (chained tunnels or hub-and-spoke)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
29
Security for Network Elements
 Services
 Data integrity
 Data origin authentication
 Anti-replay
 Confidentiality (optional)
 Using IPsec ESP (Encapsulation Security Payload)
 Between SEGs: tunnel mode
 Key management:
 IKEv1: confidentiality (3DES-CBC/AES-CBC), integrity (SHA-1)
 IKEv2: confidentiality (3DES-CBC/AES-CBC), integrity (HMAC-SHA1-96)
 Security associations from NE only to SEG or NE’s in own
domain (so no direct SA between NE’s in different domains,
always via SEG)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
30
Trust validation with IPsec
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
31
Trust validation for TLS
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
32
Summary
 In this session, we reviewed …
See you in 2 weeks for the Final Session!
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
33
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
34
References
 TS 21.133 Security threats and requirements
 TS 33.102 Security architecture
 TS 33.103 Integration guidelines
 TS 33.105 Cryptographic algorithm requirements
 TS 33.120 Security principles and objectives
 TS 33.210 Network Domain Security: IP-layer
 TS 33.310 Network Domain Security: Authentication
Framework
 TS 33.401 SAE security architecture
 TS 33.402 SAE security aspects of non 3GPP access
 TR 33.820 Security of H(e)NB
 TS 35.20x Access network algorithm specifications
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
35
Acknowledgement
 Valterri Niemi (3GPP SA3 chair) for some slides and
discussions
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
36
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
37
37
BACKUP
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
38
UMTS Authentication and Key
Agreement (AKA)
 Procedure to authenticate the user and establish pair
of cipher and integrity between VLR/SGSN and USIM
Source: ETRI
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
39
X2 Routing and Handover
Source
ENB
SGW
Target
ENB
30 ms
Interruption
Time
Out of Order
Packets
Expect out of order packets around handover
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
40
Non-3GPP Access
ME
USIM
AN
HE
SN





=
=
=
=
=
Mobile Equipment
Universal Subscriber Identity Module
Access Network
Home Environment
Serving Network
(I) Network access security
(II) Network domain security
(III) Non-3GPP domain security
(IV) Application domain security
(V) User domain security
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
41
How does all we discussed relate to LTE/SAE
architecture?
eNodeB
UE
S1-MME
MME
PCRF
X2
eNodeB
S-GW
S1-U
User Plane: Integrity Protection Not Used
Encryption Recommended
HSS
PDN-GW
S5/S8
S1-MME: Integrity Protection Required
Security Mechanisms highly
recommended for inter-network
connections such as for roaming
(under study?)
Signalling: Integrity Protection Required
Encryption Recommended
S1-U: ?
Authentication Required
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
42
USER DOMAIN SECURITY
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
43
User domain security
 Secure access to mobile stations
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
44
APPLICATION DOMAIN
SECURITY
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
45
Application domain security
 The set of security features that enable applications in
the user and in the provider domain to securely
exchange messages.
 Secure messaging between the USIM and the network
(TS 22.048)
 IMS
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
46
IMS Security
 Security/AuthN mechanisms
 Mutual AuthN using UMTS AKA
 Typically implemented on UICC (ISIM application)
 UMTS AKA integrated into HTTP digest (RFC3310)
 NASS-IMS bundled AuthN
 SIP Digest based AuthN
 Access security with TLS
 Media security
 Access medium independent
 Various proposals, work in progress
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CISCO PROPRIETARY
47
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
Alexander-Ereweles-CV
Alexander-Ereweles-CV
Learning Services
Learning Services
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org
Network Addressing
Network Addressing
O L G A F O S T... Inside Sales Account Manager
O L G A F O S T... Inside Sales Account Manager