1 / 35

3G/4G Security

3G/4G Security. 學生 : 呂沐錡 ( 清大資工 :938340) 簡國棟 ( 交大網工所 9556508). 日期 :96 年 6 月. (1). Introduction ( 呂沐錡 / 簡國棟 ) 3G/3GPP system overview 4G features (2). 3G Security 3G/3GPP Security Architecture ( 呂沐錡 ) 3G/3GPP Network Access Security ( 呂沐錡 )

donkor
Download Presentation

3G/4G Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3G/4G Security 學生: 呂沐錡(清大資工:938340) 簡國棟(交大網工所9556508) 日期:96年 6月

  2. (1). Introduction (呂沐錡/簡國棟 ) • 3G/3GPP system overview • 4G features • (2). 3G Security • 3G/3GPP Security Architecture(呂沐錡) • 3G/3GPP Network Access Security(呂沐錡) • 3G/3GPP Network Domain Security (簡國棟) • 3G/3GPP User/Application Domain Security (簡國棟) • 3G/3GPP Security visibility and configurability(簡國棟) • 3G/3GPP security weakness (簡國棟) • (3). 4G Security Investigation Results (呂沐錡) • Security Issues on 4G • The Research Results of 4G Security • (4). Discussion & Conclusion (簡國棟/呂沐錡)

  3. 3G/4G Introduction3G service architecture MSC: Mobile Service Switching Center RNC: Radio Network Controller VLR: Visitor Location Register HLR: Home Location Register GMSC: Gateway MSC • 3G communications standards • W-CDMA : Europe/Japan • CDMA2000 : USA • TD-SCDMA : China ITU/IMT-2000 3GPP/UMTS [3GPPTS121]

  4. 3G/4G Introduction3G features • 3G features exceeding over 2G provide • higher data rate, • massive network capacity, • interactive multimedia service, • QoS, • global roaming, • All-IP

  5. 3G/4G Introduction4G Service architecture Ref: Agora

  6. 4G Architecture Others Bluetooth CMDS BWAN GPRS 802.11a CDMA1x IP Bone Network WLAN CDMA 802.11b GSM 2G/2.5G WCDMA CDMA2000 TDSCDMA 3G 3G/4G Introduction4G Requirements • All-IP Based network architecture • Higher bandwidth • Heterogeneous Network • QoS, Security, …. • Full integration of “hot spot” and “cellular” • Support for multimedia applications Architecture of 4G wireless systems Ref. : [Zheng05a]

  7. 3G/4G IntroductionComparison of 3G and 4G Source:[www.mobileinfo.com]

  8. 3G Security3G/3GPP Security Architecture Application stratum (IV) User Application Provider Application Home stratum/Serving Stratum (I) (I) (III) USIM HE (II) SN (I) (I) Transport stratum AN: Access Network HE: Home Environment SN: Serving Network ME: Mobile Equipment USIM: Universal Subscriber Identity Module (I) ME AN (Ref:3GPP TS 33.102) Network access security (I) Network domain security (II) User domain security (III) Application domain security (IV) Visibility and configurability of security (V) 3G Security Issues: -. Inherently less secure in wireless access -. Mobility implies higher security risks -. IP-based technologies brings new vulnerabilities

  9. Overview of the ME registration and connection principles within UMTS HLR Common subscription data base CS location PS location Two CN service domains PS service domain CS service domain 3G MSC/VLR 3G SGSN CS state PS state Circuit Switching Packet Switching Two lu signalling connections (“two RANAP instances”) UTRAN UTRAN with distribution functionality HLR: Home Location Register CS: Circuit Switching PS: Packet Switching SGSN: Serving GPRS Support Node UTRAN: UMTS Terrestrial Radio Access Network One RRC connection UE CS state PS state • 3G/3GPP Security features: • Authentication and Key agreement • (by f1,f2,f3,f4,f5) • Data Integrity (by f9) • Confidentiality (by f8) • Etc. (Ref:3GPP TS 33.102)

  10. 3G/3GPP Network access security • User identity confidentiality • User identity confidentiality • User location confidentiality • User untraceability • Entity authentication • User authentication • Network authentication • Confidentiality • Cipher Alg. agreement • Cipher key agreement • Confidentiality of user data • Confidentiality of signalling data • Data Integrity • Integrity Alg. agreement • Integrity key agreement • Data integrity and origin authentication of signalling data • Mobile equipment identification • IMEI

  11. 3GPP Network access securityAuthentication and key agreement (AKA) MS VLR/SGSN HE/HLR Authentication data request Distribution of authentication vectors from HE to SN Generate authentication vectors AV (1..n) Authentication data response AV(1..n) Store authentication vectors Select authentication vector AV (i) User authentication request RAND(i) || AUTN(i) Verify AUTN (i) Compute RES (i) Authentication and key establishment User authentication response RES(i) Compare RES (i) and XRES (i) Compute CK (i) and IK (i) Select CK (i) and IK (i) (Ref:3GPP TS 33.102)

  12. 3GPP Network access securityAuthentication data from HE to SN Generate SQN Generate RAND VLR/SGSN HE SQN RAND AMF Authentication data request K IMSI Authentication data response f1 f2 f3 f4 f5 AV (1..n) MAC XRES CK IK AK AUTN:=SQN ⊕AK∥AMF ∥MAC AV:=RAND ∥XRES ∥CK ∥IK ∥AUTN TMSI: Temporary mobile subscriber identity IMSI: Permanent identity K: Share secret key IK: Integrity Key CK: Cipher Key AUTN: Authentication Token AMF: Authentication Message Field (Ref:3GPP TS 33.102)

  13. RAND AUTN f5 AMF MAC SQN⊕AK USIM VLR/SGSN ⊕ AK User authentication request RAND || AUTN SQN K User authentication response RES f1 f2 f3 f4 User authentication reject CAUSE XMAC RES CK IK Verify MAC = XMAC Verify that SQN is in the correct range 3GPP Network access securityAuthentication and key agreement (Ref:3GPP TS 33.102)

  14. 3GPP Network access securityRe-synchronisation procedure SQNMS K USIM verify the SQN in the correct range If SQN is not in the range  Synchronization failure  Constructing parameter AUTS  Re-Synchronization RAND AMF f1* f5* xor MAC-S AK SQN ⊕AK MS AUTS = SQNMS ⊕ AK∥MAC-S VLR/SGSN UE/USIM HLR/AuC RAND, AUTN AUTS RAND, AUTS {Qi} Fig.: Re-syn. mechanism (Ref:3GPP TS 33.102)

  15. 3GPP Network access securityKey functionf1, f1*, f2, f3, f4, f5 and f5* • OP : Operator dependent value • OPC = OP  E(OP)K • c1, .., c5 are five fixed addition constants • EK : AES [3GPPTS205]

  16. 3GPP Network access securityLocal authentication and connection establishment • CK and IK are stored in the VLR/SGSN and USIM • Local authentication is obtained by integrity protection function by UIA, UEA as f9/SNOW, f8 UIA:UMTS Integrity Alg. UEA:UMTS Encryption Alg. KSI:Key set Identifier (Ref:3GPP TS 33.102)

  17. COUNT-I DIRECTION COUNT-I DIRECTION MESSAGE FRESH MESSAGE FRESH IK IK f 9 f 9 MAC -I XMAC -I Sender UE or RNC Receiver RNC or UE 3GPP Network access securityAccess LinkData integrity protection method Count-I: Integrity sequence number. Direction ID: use for Up-link or Down-link Fresh Parm,. :One value per user throughout the duration of a single connection. It is to protect the network against replay of signaling messages by the user. (Ref:3GPP TS 33.102)

  18. COUNT-C DIRECTION COUNT-C DIRECTION BEARER LENGTH BEARER LENGTH f8 f8 CK CK KEYSTREAM BLOCK KEYSTREAM BLOCK PLAINTEXT BLOCK CIPHERTEXT BLOCK PLAINTEXT BLOCK Sender UE or RNC Receiver RNC or UE 3GPP Network access securityAccess Linkdata confidentiality Bearer: the radio bearer identifier, avoid that for different keystream an identical set of input parameter values is used (Ref:3GPP TS 33.102)

  19. 3GPP Network access securityConfidentiality Algorithm f8 F8:Steream cipher The key generator is based on the block cipher KASUMI A=COUNT[0]…COUNT[31]BEARER[0]…BEARER[4]DIRECTION[0]0…0 A= KASUMI[A]CK⊕ KM For each n with 1<= n <= BLOCKS KSBn = KASUMI[A⊕ BLKCNT ⊕KSBn-1]CK For n=1 to BLOCKS KS[((n-1)*64) + i] = KSBn[i] [3GPPTS201]

  20. 3GPP Network access securityIntegrity Algorithm f9 Initialization : A=0, B=0 PS=COUNT[0]…COUNT[31]FRESH[0]…FRESH[31]MESSAGE[0]…MESSAGE[LENGTH - 1]DIRECTION[0]10* PS = PS0 || PS1 ||PS2|| …|| PSBLOCKS-1 A= KASUMI[A ⊕PSn] IK B = B ⊕A B = KASUMI[B] IK ⊕KM MAC-I = lefthalf(B) [3GPPTS201]

  21. L0 32 R0 32 64 32 16 16 16 9 7 KL1 KO1, KI1 ⊕ KOi,1 S9 ⊕ 16 32 Zero-extend KIi,1 ⊕ FL1 FO1 9 7 16 16 Fli1 ⊕ KO6, KI6 KO4, KI4 KO2, KI2 KL6 KL2 KL4 ⊕ ⊕ S9 S7 ⊕ ⊕ ⊕ FO2 FO6 FO4 FL4 FL2 FL6 ⊕ ⊕ S7 FIi,1 FIi,2 truncate ⊕ ⊕ ⊕ KOi,3 KOi,2 ⊕ KL3 KL5 KL7 KO7, KI7 KO5, KI5 KO3, KI3 ⊕ ⊕ ⊕ KIi,j,1 KIi,j,2 ⊕ ⊕ ⊕ ⊕ ⊕ KIi,2 KIi,3 Fli2 Fli3 FL5 FL7 FL3 FO3 FO5 FO7 ⊕ ⊕ ⊕ S9 S7 FIi,3 ⊕ S9 ⊕ ⊕ Zero-extend ⊕ S7 truncate ⊕ Fig.2:FO Function Fig.3:FI Function Fig.5:FI Function Fig.6:FO Function 32 16 16 KLi,1 ∩ KO8, KI8 KL8 <<< ⊕ ⊕ KLi,2 ∩ bitwise AND operation ∪ bitwise OR operation <<< one bit left rotation FO8 FL8 ∪ ⊕ <<< L8 R8 Fig.4:FL Function C Fig.1:KASUMI Network access security3GPP Network access securityKASUMI Algorithm

  22. 3GPP Network access securityAuthentication and key agreement of UMTS subscribers (Ref:3GPP TS 33.102)

  23. 4G Security 學生:簡國棟 呂沐錡(清大:938340)

  24. (1). Introduction (呂沐錡/簡國棟 ) • 3G/3GPP system overview • 4G features • (2). 3G Security • 3G/3GPP Security Architecture(呂沐錡) • 3G/3GPP Network Access Security(呂沐錡) • 3G/3GPP Network Domain Security (簡國棟) • 3G/3GPP User/Application Domain Security (簡國棟) • 3G/3GPP Security visibility and configurability(簡國棟) • 3G/3GPP security weakness (簡國棟) • (3). 4G Security Investigation Results (呂沐錡) • Security Issues on 4G • The Research Results of 4G Security • (4). Discussion & Conclusion (簡國棟/呂沐錡)

  25. 4G Security Issues • QoS and Security [Fu04][O’Drama04] [Dell'Uomo02] • Seamless integrated Mobility, QoS and Security • Delay across different networks for QoS • Privacy • AAA for 4G [McEvoy05][Zheng05] [Dell'Uomo02] [Fu04] • Heterogeneous Network • Mobility • Mobile IPv6 with inherent problems of IP [Celentano06] [Dell'Uomo02] • Security and Handover [Prasad05] [Dell'Uomo02] [Celentano06]

  26. Mobile IPv6 on Heterogeneous Network Issues RRP (Return Routability Procedure) mechanism is vulnerable to attacks along the path between the HA and the CN, where a malicious node, aware of a session between MN and CN, might simulate a handoff of the MN by sending fake HoTI and CoTI messages. -> Impersonation attack/Man-in-the-middle attack (Adversary can obtain Kbm and send fake BU to CN or MN) When MN roams away from its HN => Binding new address by sending Binding Update (BU) message to HA by RRP • When handoff in heterogeneous network • Acquire a new CoA (Care of Address) only , Security Association (SA) between HA and MN is not impacted (MIPv6 Routing Header Type2 and Home address option are transparent to IPSec SA) Ref: [Celentano06]

  27. An Approach of Secure Mobile IPv6 • As the SA is not impacted , A solution is : • Every handoff => update BU, • On each path, IPSec or ESP is employed to protect the distribution of keys • At set-up, Kbm distribute to MN and CN within the body of the SIP 200 OK and ACK message • => instead of RRP • 2. Kbm can be generated by AAA Server. • The distribution of keys is secured by IPSec and ESP between SIP user (MN and CN) and P-CSCF. Ref: [Celentano06]

  28. CN HA CN MAP MIPv6(w/oRO) MIPv6(w/RT) MIPv6(w/RO) HMIPv6 HA HMIPv6 MIPv6(w/oRT) pAR nAR MAP HMIPv6 HMIPv6 FMIPv6 HMIPv6+FMIPv6 HMIPv6+FMIPv6 pAR MIPv6+FMIPv6 nAR FMIPv6 MN FMIPv6 MN An approach on QoS and security Issues • Traditional AAA is not suited for mobility • needs more efficient and scalable • QoS needs hop-by-hop way of dynamic key establishment • Routing Optimization • Delay for QoS; The current RSVP exhibits lack of intrinsic arch. flexibility for mobility requirements • How to integrate QoS with AAA (b) Mobile node as data receiver (a) Mobile node as data sender (Ref: Fu04)

  29. An approach on QoS and security • Integrated: • SeaSoS allow modify network attributes using dynamic plug-in, orre-configure parameters in order to interact with heterogeneous networks • QoS Protocol :RSVP+ NSIS-QoS, • AAA protocol :Diameter + COPS, • HMIPv6 + MIPv6 • IETF Authentication protocol :EAP • Seamless Access (Ref: Fu04)

  30. A Trusted Computing-Based Security Architecture for 4G (PKBP) PKI Issue [Zheng 05a][Zheng 05c] • Symmetric key based protocol can not work for its poor scalability • Pure public key based protocol increase computational load • It is impossible to take one CA for heterogeneous networks in 4G • Hybrid scheme can not provide non-repudiation and be difficult for ME to verify the signature of FA outside HN. • It is very difficult for ME to verify the validity of BS’s public-key certificate since ME and BS usually belongs to different CA. • It is hard to achieve mutual authentication between ME and FA, and ME is vulnerable to be cheated by forged BS/FA.

  31. A Trusted Computing-Based Security Architecture for 4G (PKBP) • Public key Broadcast Protocol • A hybrid authentication and key agreement scheme with Public key mechanism • Every CA employed PKI and X.509 • Every HA broadcast it PKH, IDH, IPv6 address and those parameters of neighbors [Zheng 05a][Zheng 05c]

  32. A Trusted Computing-Based Security Architecture for 4G (PKBP) • The PKBP Scheme achieved : • Authentication on heterogeneous networks • Against the man-in-the-middle attack • Mutual authentication • Anonymity and Non-repudiation • Security of key agreement [Zheng 05a][Zheng 05c]

  33. Discussion & Conclusion • 3GPP provided more security mechanisms than 1G and 2G as - Mutual authentication, stronger confidentiality and integrity, …,etc. • 3G still exists some problems as - privacy, DoS, IMSI: plaintext,….etc. • Convergence of heterogeneous networks, for example, 4G, is an important trend, and exists a lots of issues as - Seamless connection, high mobility, QoS, secure service,…,etc. • All-IP is an important and necessary environment for communication networks

  34. References • [3GPPTS120] 3GPP TS 33.120 V4.0.0 Technical Specification. • [3GPPTR900] 3GPP TR 33.900 V1.2.0 Technical Specification. • [3GPPTS102] 3GPP TS 33.102 V7.1.0 Technical Specification. • [3GPPTS202] 3GPP TS 35.202 V3.1.1 Technical Specification. • [3GPPTS205] 3GPP TS 35.205 V6.0.0 Technical Specification. • [3GPPTS201] 3GPP TS 35.201 V6.1.0 Technical Specification. • [3GPPTS121] 3GPP TS 23.121 V3.6.0 Technical Specification. • [Zheng05a] Yu Zheng, Dake He; Lixing Xu and Xiaohu Tang, “Security scheme for 4G wireless systems,”Proceedings. 2005 International Conference on Communications, Circuits and Systems, Vol. 1, Page(s):397 – 401, May 2005 . • [Joseph06] Joseph, V.C.and Talukder, A.K.;” Verifiable AKA for beyond 3G wireless packet services,” 2006 IFIP International Conference on Wireless and Optical Communications Networks, pp. 11-13 April 2006. • [Zhang05] Muxiang Zhang and Yuguang Fang; “Security analysis and enhancements of 3GPP authentication and key agreement protocol,” IEEE Transactions on Wireless Communications, Vol. 4, No. 2, PP. 734-742, March 2005. • [Barba93] Barba, A., Recacha, F. and Melus, J.L., “Security architecture in the third generation networks,” Proceedings of IEEE Singapore International Conference on Networks, 1993. International Conference on Information Engineering '93. 'Communications and Networks for the Year 2000', Volume 1, PP. 421 - 425 , Sept. 1993 . • [Zheng05b] Yu Zheng, He, D., Xiaohu Tang and Hongxia Wang, “AKA and Authorization Scheme for 4G Mobile Networks Based on Trusted Mobile Platform,” 2005 Fifth International Conference on Information, Communications and Signal Processing, PP. 976 – 980, Dec. 2005.

  35. [Zheng05c] Yu Zheng, Dake He, Weichi Yu and Xiaohu Tang, “Trusted Computing-Based Security Architecture For 4G Mobile Networks,” PDCAT 2005. Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005, PP. 251 – 255, Dec. 2005. [ITU] ITU:Security in Telecommunications and Information Technology - October 2004 http://www.itu.int/itudoc/itu-t/86435.html [O'Droma 04] Ganchev, I.; O'Droma, M.; Chaouchi, H.; Armuelles, I.; Siebert, M.; Houssos, N., “Requirements for an integrated system and service 4G architecture,” VTC 2004-Spring. 2004 IEEE 59th Vehicular Technology Conference, 2004, Volume 5, PP. 3029 – 3034, May 2004. [Dell'Uomo02] Dell'Uomo, L.; Scarrone, E., “An all-IP solution for QoS mobility management and AAA in the 4G mobile networks, ” The 5th International Symposium on Wireless Personal Multimedia Communications, 2002, Volume 2, PP. 591 – 595, Oct. 2002. [Fu04] Xiaoming Fu, Dieter Hogrefe, Sathya Narayanan, Rene Soltwish, “Qos and Security in 4G Networks,” Proceedings of the first annual global mobile congress, Shanhai, China, Oct. 2004. [Celentano06] D. Celentano, A. Fresa; M. Longo, F. Postiglione, A.L. Robustelli, “Secure Mobile IPv6 for B3G Networks,” SoftCOM 2006. International Conference on Software in Telecommunications and Computer Networks, PP. 331 – 335, Sept. 2006. [Hui03] Suk Yu Hui; Kai Hau Yeung, “Challenges in the migration to 4G mobile systems, ” IEEE Communications Magazine, Volume 41, PP. 54 – 59, Dec. 2003. [mobileinfo.com] http://WWW.mobileinfo.com

More Related