Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Network tap wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Wireless security wikipedia , lookup
3GPP/LTE Security Session #2: LTE Security Architecture Fundamentals Klaas Wierenga Consulting Engineer, Corporate Development Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 1 Agenda Intro Network access security Network domain security User domain security Application domain security Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 2 INTRO Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 3 Recap session 1 Crypto can be used to provide confidentiality and integrity between 2 entities 3GPP confidentiality: AES-128-CTR, SNOW 3G 3GPP integrity: EIA2 (AES-CMAC), EIA1 (SNOW 3G-GMAC) Key usage needs to be limited Access Validity Context Key derivation is used to achieve separation Purpose (integrity, confidentiality) Identity (network element A, network element B) Public key certificates issued by a CA Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 4 Overview of 3GPP LTE/SAE System eNodeB UE S1-MME MME HSS PCRF X2 eNodeB S-GW S1-U Evolved UTRAN(E-UTRAN) PDN-GW S5 Evolved Packet Core (EPC) • UE = User Equipment • MME = Mobility Management Entity, termination point in network for ciphering/integrity protection for NAS signaling, handles the security key management, authenticating users • S-GW = Serving Gateway • PDN-GW = PDN Gateway • PCRF = Policy Charging Rule Function Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 5 SAE/LTE Security Security implications: Flat architecture (all radio protocols terminate in eNB, eNB ‘speaks’ IP) Interworking with legacy and non-3GPP networks eNB placement in untrusted locations Keep security breaches local Result: Extended Authentication and Key Agreement More complex key hierarchy More complex interworking security Additional security for (home)eNB Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 6 Evolving Security Architecture Radio Controller Core Network Handset Authentication GSM Ciphering Handset Authentication + Ciphering GPRS Mutual Authentication 3G Ciphering + Signalling integrity Mutual Authentication SAE/LTE Ciphering + Radio signalling integrity Optional IPSec Core Signalling integrity Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 7 LTE/SAE security architecture ME USIM AN HE SN = = = = = Mobile Equipment Universal Subscriber Identity Module Access Network Home Environment Serving Network (I) Network access security: secure access to services, protect against attacks on (radio) access links (II) Network domain security: enable nodes to securely exchange signaling data & user data (between AN/SN and within AN, protect against attacks wireline network (III) User domain security: secure access to mobile stations (IV) Application domain security: enable applications in the user and in the provider domain to securely exchange messages This session: Network Access and Network Domain security Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 8 NETWORK ACCESS SECURITY Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 9 Network access security User identity (and location) confidentiality Entity authentication Confidentiality Data integrity Mobile equipment identification Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 10 The use of a SIM Subscription Identification Module SIM holds secret key Ki, Home network holds another Used as Identity & Security key IMSI is used as user identity Benefits Easy to get authentication from home network while in visited network without having to handle Ki Source: ETRI Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 11 Network Access Protection Authentication and key agreement UMTS AKA re-used for SAE Signaling protection For core network (NAS) signaling, integrity and confidentiality protection terminates in MME (Mobile Management Entity) For radio network (RRC) signaling, integrity and confidentiality protection terminates in eNodeB User plane protection Encryption terminates in eNodeB Network domain security for network internal interfaces Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 12 Trust establishment between UE and SN S1MME eNodeB MM E HSS PCRF PCRF HSS MM E X2 U E eNodeB S-GW S1-U PDN-GW PDNGW S-GW S5 K ASME (CK,IK,SN Id) K NASenc, K NASint K eNB (Kasme) K UPenc, K RRCint, K RRCenc (K EnB) • Trust exists between • UE and Home Network • Home Network and Serving Network • Needed: between UE and Serving Network Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 13 Distribution of authentication data from HE to MME MME HE Authentication data request IMSI, SN identity, Network Type Type Authentication data response MME security context(s) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 14 Key Hierarchy in LTE/SAE Cryptographic network separation Authentication vectors specific to serving network Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 15 Key derivation for network nodes Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 16 eNB handovers Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 17 K eNodeB derivation and handovers Handovers without MME involvement: horizontal Backward security through one-way function (old eNB, cell-id, freq) MME involved after handover: vertical Forward security after 2 hops (NH, old eNB) If MME involved during handover Forward security effective immediately Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 18 Key derivation for ME Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 19 Authentication and Key Agreement HSS generates authN data and provides it to MME Challenge-response authN and key agreement between MME and UE Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 20 Confidentiality and Integrity of Signaling RRC signaling between UE and E-UTRAN NAS signaling between UE and MME S1 interface signaling (optional) protection not UE-specific Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 21 User Plane Confidentiality S1-U (optional) protection not UE-specific, based on IPsec Integrity not protected Overhead with small packets Integrity protected at higher layers (IMS media security) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 22 Summary Confidentiality Integrity NAS Recommended Shall RRC Recommended Shall UP Recommended Shall not (UE-eNB) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 23 Home eNodeB security threats Compromise HeNB credentials Physical attack HeNB Configuration attack MitM attacks etc. DoS attacks etc. User data and privacy attacks Radio Resources and management attacks Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 24 Home eNodeB security measures Mutual AuthN HeNB and home network Secure tunnel for backhaul Trusted environment inside HeNB Access Control OAM security mechanisms Hosting Party authentication (Hosting Party Module) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 25 NETWORK DOMAIN SECURITY Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 26 Network Domain Security Enable nodes to securely exchange signaling data & user data between Access Network and Serving Network, within Access Network and between Security Domains Protect against attacks on wireline network No security in 2G core network Now security is needed: IP used for signaling and user traffic Open and easily accessible protocols New service providers (content, data service, HLR) Network elements can be remote (eNB) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 27 Security Domains Managed by single administrative authority Border between security domains protected by Security Gateway (SEG) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 28 Security Gateway Handle communication over Za interface (SEG-SEG) AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2 for negotiating, establishing and maintaining secure ESP tunnel Handle communication over (optional) Zb interface (SEG- NE or NE-NE) Implement ESP tunnel and IKEv1 or IKEv2 ESP with AuthN, integrity, optional encryption Shall implement IKEv1 and IKEv2 All traffic flows through SEG before leaving or entering security domain Secure storage of long-term keys used for IKEv1 and IKEv2 Hop-by-hop security (chained tunnels or hub-and-spoke) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 29 Security for Network Elements Services Data integrity Data origin authentication Anti-replay Confidentiality (optional) Using IPsec ESP (Encapsulation Security Payload) Between SEGs: tunnel mode Key management: IKEv1: confidentiality (3DES-CBC/AES-CBC), integrity (SHA-1) IKEv2: confidentiality (3DES-CBC/AES-CBC), integrity (HMAC-SHA1-96) Security associations from NE only to SEG or NE’s in own domain (so no direct SA between NE’s in different domains, always via SEG) Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 30 Trust validation with IPsec Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 31 Trust validation for TLS Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 32 Summary In this session, we reviewed … See you in 2 weeks for the Final Session! Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 33 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 34 References TS 21.133 Security threats and requirements TS 33.102 Security architecture TS 33.103 Integration guidelines TS 33.105 Cryptographic algorithm requirements TS 33.120 Security principles and objectives TS 33.210 Network Domain Security: IP-layer TS 33.310 Network Domain Security: Authentication Framework TS 33.401 SAE security architecture TS 33.402 SAE security aspects of non 3GPP access TR 33.820 Security of H(e)NB TS 35.20x Access network algorithm specifications Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 35 Acknowledgement Valterri Niemi (3GPP SA3 chair) for some slides and discussions Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 36 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 37 37 BACKUP Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 38 UMTS Authentication and Key Agreement (AKA) Procedure to authenticate the user and establish pair of cipher and integrity between VLR/SGSN and USIM Source: ETRI Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 39 X2 Routing and Handover Source ENB SGW Target ENB 30 ms Interruption Time Out of Order Packets Expect out of order packets around handover Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 40 Non-3GPP Access ME USIM AN HE SN = = = = = Mobile Equipment Universal Subscriber Identity Module Access Network Home Environment Serving Network (I) Network access security (II) Network domain security (III) Non-3GPP domain security (IV) Application domain security (V) User domain security Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 41 How does all we discussed relate to LTE/SAE architecture? eNodeB UE S1-MME MME PCRF X2 eNodeB S-GW S1-U User Plane: Integrity Protection Not Used Encryption Recommended HSS PDN-GW S5/S8 S1-MME: Integrity Protection Required Security Mechanisms highly recommended for inter-network connections such as for roaming (under study?) Signalling: Integrity Protection Required Encryption Recommended S1-U: ? Authentication Required Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 42 USER DOMAIN SECURITY Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 43 User domain security Secure access to mobile stations Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 44 APPLICATION DOMAIN SECURITY Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 45 Application domain security The set of security features that enable applications in the user and in the provider domain to securely exchange messages. Secure messaging between the USIM and the network (TS 22.048) IMS Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 46 IMS Security Security/AuthN mechanisms Mutual AuthN using UMTS AKA Typically implemented on UICC (ISIM application) UMTS AKA integrated into HTTP digest (RFC3310) NASS-IMS bundled AuthN SIP Digest based AuthN Access security with TLS Media security Access medium independent Various proposals, work in progress Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. CISCO PROPRIETARY 47