OVERVIEW OF LTE SECURITY

Document Sample
OVERVIEW OF LTE SECURITY Powered By Docstoc
					Communication and security –
towards LTE

Mats Nilsson
The politicied Cyberspace – Now on top
level political agendas
› Cybergovernance - Politics
› Cybercrime (and privacy) – Legislative and law enforcement
› Cyberspace based on and driving certain values – (Geo-)Politics
       – Democracy
       – Freedom of expression
       – Respect for human rights
› Internet Freedom                Cybersecurity
› Cyberbusiness – Increased commercial values on the net, economic
  growth driver recognized in all ”digital agendas”
› Cybersociety – Increased societal values on the net
› Cybersecurity
       – Politics – trust, governance and compliance
       – Requirements on networks (including individual nodes and software)
       – Protection of critical infrastructure – CERT-s, Cyber attack excersises,
         National Contingency plans
       – Security capabilities for new services (e.g. Cloud Computing, e-health, e-
         commerce)
       – National security aspects
Limited Internal | 2010-03-29 | Page 2
What is the world’s biggest deployed
security system?

› Yes, it is the mobile networks!




Where was it developed?

› At ETSI SMG 10 ...
› ... and from 1998 at 3GPP              WG SA3 when 3GPP was
  formed


Limited Internal | 2010-03-29 | Page 3
Two important security tools that frequently pop
up in 3GPP specs
› UICC, a.k.a. (also known as) the SIM card
       – Place to hold secret keys and perform sensitive functions
       – But, not only a chip. It is THE link which provides the ownership of the customer to the operator




› Authentication and Key Agreement
  algorithm, a.k.a. AKA
       – Algorithm to authenticate the identity on the UICC to the network and vice
         versa
       – Provides keys as a by-product which can be used to protect communication

                                                    AKA

Limited Internal | 2010-03-29 | Page 4
  uses of UICC and AKA
  overview
                                                                                                       Second
                                                                                                     coming with
                                                        ”Generic Bootstrapping                      single sign-on
HTTP digest AKA                                         Architecture (GBA/GAA)”                        (SSO)?
for GBA                                                                    NAF
                                                                  BSF
HTTP digest AKA
                                                                                                        Becoming
for IMS                                                                 BM-SC
                                                                                                         deployed,
                                                                                                        e.g. VoLTE


                                                              P-CSCF             S-CSCF
                                                                                                    HSS
                                                            ”IMS security”
                                                                                                          Widely
                                                                                                         deployed,
                                                                                                        has security
                                              ”Access security”      GERAN                2G Core         issues




 2G AKA                                                                                                    Widely
                                                                    UTRAN             3G Core             deployed.
 3G AKA
 EAP SIM                                                  WLAN                                            Rapidly
                                                                                                        growing with
 EAP AKA                                                                                                    LTE
                                    2G AKA-                                           EPS Core
 EPS AKA                             based                        E-UTRAN

 EAP AKA’                                                                                               Becoming
                                                                                                          more
                                                                  Non-3GPP                            important, e.g.
                                                                   access                              WiFi roaming
  Limited Internal | 2010-03-29 | Page 5
Some design principles

› Successful attacks shall be local to the “environment”.
     – E.g., attacks on an eNB shall not affect core NW security.
     – One eNB shall have no (or as little as possible) knowledge of
       keys used in another eNB.
› Successful attacks shall be local in time.
     – E.g. Keys used in an eNB at one point in time does not help
       attacker getting access to keys used earlier or later (even in the
       same eNB).
› Prefer prevention, but resort to detection if prevention not
  cost effective.



Limited Internal | 2010-03-29 | Page 6
LTE Trust model and threat environment
                                                                     Internet


            Trusted location
                                                    HSS      PDN




                                         Core NW
                                                    MME   S-GW


Secure environment                                                    IPsec
                                         RAN




                                                   eNB     eNB



                                                            Non trusted location

Limited Internal | 2010-03-29 | Page 7
 Security termination points
                                                                                 Internet
                                          “local” control plane
User plane:
                                                                        HSS      PDN
Ciphering only




                                                            Core NW
RRC:
                                                                        MME   S-GW
Integrity and ciphering

NAS signalling:
Integrity and ciphering                                     RAN
                                                                      eNB      eNB




     “global” control plane

 Limited Internal | 2010-03-29 | Page 8
                                                (Background)
Key Derivation Functions (KDF)
A KDF takes a key as input and produces a different
key as output.
                          Key1

           Scoping data1                 KDF

                                         Key2

            Scoping data2                KDF

                                         Key3

If you have a key, you can compute all keys below in the chain,
but it is infeasible to compute keys higher up in the chain.
Limited Internal | 2010-03-29 | Page 9
LTE key hierarchy
(Basic structure)                                                  Notation:
                                                                   An Access Security Management Entity (ASME)
                                                                   is an entity which receives the top-level keys in an
                                                                   access network from the HSS, i.e., the MME.


                                                     K

                                          Established via AKA
                                                                                                 USIM/AUC
                                               CK        IK


                                                                                                 UE/HSS
                                                 K_ASME

      NAS security context
                                                                                                 UE/MME
      K_NAS-int                    K_NAS-enc                           K_eNB


                                                                          UE/eNB
                                                     AS sec security context
               UE/MME
                                                    K_eNB-UP-enc   K_eNB-RRC-int        K_eNB-RRC-enc


Limited Internal | 2010-03-29 | Page 10
 Security for System Improvement for Machine-type
 communications


 › Work ongoing in 3GPP on system improvements for machine-type communications
    – Analysis of security aspects ongoing in SA3
    – Work ongoing on SMS triggering security and USIM-device binding in Rel-11
                                                             IP-SM-GW
                                                                                   SMS -SC/            Tsms
                                                                                    GMSC/                         SME
                                                                                    IWMSC



                                                                    HSS                T4             CDF/
                                                                                                      CGF

                                                                            S6 m              Rf/Ga


                                                                                   MTC -IWF           Tsp
                          Control plane                                                                         Services                Application
                           User plane                                                                           Capability                Server      1
                                                                                                                 Server                    (AS )
                                                                                                                 (SCS )
                                                                                                      Gi/SGi

                                                       T5c                         GGSN /
                                                                                   P-GW                                                 Application
                                                                                                                                          Server      2
                                                             T5 b                                                                          (AS )
                                                                      T5a                             Gi/SGi
          HPLMN
          VPLMN
                                                 MSC
                                                                                                               Indirect Model   1
                                                       MME
             MTC UE                                                                                             Direct Model    2
            Application     UE             RAN                      SGSN                                        Hybrid Model    1 + 2
                                                                                       S-GW
                                  Um
                                  Uu //
                                 LTE -Uu

Limited Internal | 2010-03-29 | Page 11
Summary

› UP security termination in eNB the main reason behind
  the elaborate key handling.
› Subscriber authentication almost exactly as in UMTS.
› Several layers of security to make effects of successful
  attacks less severe.
     – Key hierarchy.
     – AS security context derived from current NAS security context as
       needed.
     – Key separation between eNBs (space/time).
     – Separate AS and NAS algorithm negotiation.




Limited Internal | 2010-03-29 | Page 12
  Ericsson position

                                              1. Disconnect national security, classified
                                              requirements etc
                                              ”goes outside/above” the global civilian society
                                              standards



                                   2. Standards based, Global, open,
                                   Cyberspace with unrestricted reach
                                   and growing functionality, including
                                   appropriate security for the civil society

   InfoSec Agencies <=> Threat scenarios <=> Industry <=> Standards <=> Compliance



Limited Internal | 2010-03-29 | Page 13
Limited Internal | 2010-03-29 | Page 14

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:17
posted:8/29/2012
language:English
pages:14