long term evolution and its security infrastructure l.
Skip this Video
Loading SlideShow in 5 Seconds..
Long Term Evolution and its security infrastructure PowerPoint Presentation
Download Presentation
Long Term Evolution and its security infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 26

Long Term Evolution and its security infrastructure - PowerPoint PPT Presentation

Download Presentation
Long Term Evolution and its security infrastructure
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Long Term Evolutionandits security infrastructure Fataneh Safavieh Mobile security Seminar,Bit,07.02.2011

  2. Outline • Introduction: some history &background • What is LTE? • LTE-SAE Security: some highlights • Home(e)Node B Security

  3. Introduction: some history & background

  4. Mobile Evolution • Improvements in mobile communication technology during the last two decades • The Mobile Broadband is as important as Internt http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

  5. User Expectations • Highly desire of broadband acces everywhere 1. Home, Office 2. Train, Aeroplane, Canteen, during the Breake • Ubiquity (anywhere, anytime) • Higher voice quality • Higher speed • Lower prices • Multitude of services http://www.nsma.org/conf2008/Presentation/2-1045-Miyahara-LTE_Overview_NMSA%2021March08_final.pdf

  6. 3GPP • The 3rd generation partnership project • A global partnership of six SDOs: • Europe ETSI • USA ATIS • China CCSA • Japan ARIB & TTC • Korea TTA LTE The UMTS Long Term Evolution - Sesia, Toufik, Baker

  7. What is LTE?

  8. What is LTE? • The latest standard in the mobile network technology tree • A project of 3GPP & mainly built on 3GPP cellular systems´ family • May be referred as E-UTRA & E-UTRAN • Has advanced new radio interface • Circuit switched networksall-IP networks • Broadband connectivity on the move • 100Mbps(DL), 50Mbps(UL), ~10 ms Latency

  9. UMTS and LTE architecture Extract from ”Towards Global Mobile Broadband” A White Paper from the UMTS Forum

  10. LTE key features • High Spectral Efficiency morecustomers, less costs • Co-existence with other standards • Flexible radio planning (cell size of 5km30/100km) • Reduced Latency less RTT, multi-player gaming, audio/video conferencing • Reduced costs for operators (OPEX & CAPEX) • Increased data rates via enhanced air interface (OFDMA,SC-FDMA,MIMO) • All-IP environment SAE or EPC key advantages of SAE

  11. LTE-SAE Security: some highlights

  12. Security in the LTE-SAE Network Security features in the network (from TS 33.401- Fig.4-1)

  13. Security features in the LTE-SAE Network Five security feature groups defined in TS 33.401 • (I): Network access security • provides users with secure access to services • protects against attacks on the access interface • (II):Network domain security • enables nodes to exchange signaling- & user- data securely • protects against attacks on the wire line network • (III): User domain security • Provides secure access to mobile stations • (IV): Application domain security • enables applications in the user & provider domains to exchnage messages securely • (V): Visibility and configurability of security • allows the users to learn whether a security feature is in operation

  14. Authentication & key agreement • HSS generates authentication data and provides it to MME • Challenge-response authentication and key agreement procedure between MME and UE 4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009

  15. Confidentiality & integrity of signaling • RRC signaling between UE and E-UTRAN • NAS signaling between UE and MME • S1 interface signaling • protection is not UE-specific • optional to use 4th ETSI Security Workshop - Sophia- Antipolis,13-14 January 2009

  16. User plane confidentiality • S1-U protection is not UE-specific • (Enhanced) network domain security mechanisms (based on IPsec) • Optional to use • Integrity is not protected for various reasons, e.g.: • performance • limited protection for application layer 4th ETSI Security Workshop - Sophia- Antipolis, 13-14 January 2009

  17. Cryptographic network separation Key hierarchy (TS 33.401 - Figure 6.2-1)

  18. Cryptographic network separation • Authentication vectors are specific to the serving network AV’s usable in UTRAN/GERAN cannot be used in EPS • AV’s usable for UTRAN/GERAN access cannot be used for EUTRAN access • Solution by a “separation bit” • Rel-99 USIM is still sufficient for EPS access ME has to check the “separation bit” (when accessing E-UTRAN) 4th ETSI Security Workshop - Sophia-Antipolis , 13-14 January 2009

  19. Home (e) Node B Security

  20. Operator’s core network UE HNB insecure link SeGW System architecture of H(e)NB • E-UTRAN air interface between UE and HeNB • HeNB accesses operator’s core network via a Security Gateway • The backhaul between HeNB and SeGW may be insecure • Operator’s core network performs mutual authentication with HeNB via SeGW • Security tunnel between HeNB and SeGW to protect information transmitted in backhaul link Figure from draft TR 33.820

  21. Common threats to H(e)NB • Physical tampering with H(e)NB • Fraudulent software update / configuration changes • Denial of service attacks against core network • Eavesdropping of the other user’s UTRAN or E-UTRAN user data • User cloning the H(e)NB authentication Token From TR 33.820

  22. Security requirements to H(e)NB • Unprotected data should never leave a secure domain inside H(e)NB • Software updates and configuration changes for the H(e)NB shall be cryptographically signed (by operator or H(e)NB supplier) and verified configuration changes shall be authorized by H(e)NB operator or supplier • Unauthenticated traffic shall be filtered out on the links between the core network and the H(e)NB • New users should be required to explicitly confirm their acceptance before being joined to an H(e)NB • H(e)NB authentication credentials shall be stored inside a secure domain i.e. from which outsider cannot retrieve or clone the credentials From TR 33.820

  23. References and Resources

  24. References and Resources • A Long Term Evolution Downlink inspired channel simulator using the SUI 3Channel Model, Thesis of Sanjay Kumar Sarkar, August 2009 • LTE The UMTS Long Term Evolution- Sesia, Toufik, Baker (WILEY Publication) 2009 • http://www.nsma.org/conf2008/Presentation/2-1045-MiyaharaLTE_Overview_NMSA%2021March08_final.pdf • Towards Global Mobile Broadband” A White Paper from the UMTS Forum, February 2008 • TS 33.401

  25. References and Resources • 4th ETSI Security Workshop- Sophia-Antipolis , 13-14 January 2009 • TR 33.820 • A Survey of Security Threats on 4G Networks, Yongsuk Park and Taejoon Park • Security in the LTE-SAE Network, www.agilent.com/find/lte • www.3gpp.org • www.radio-electronics.com • http://sites.google.com/site/lteencyclopedia

  26. Thank You For Your Attention!