Communication and security –
The politicied Cyberspace – Now on top
level political agendas
› Cybergovernance - Politics
› Cybercrime (and privacy) – Legislative and law enforcement
› Cyberspace based on and driving certain values – (Geo-)Politics
– Freedom of expression
– Respect for human rights
› Internet Freedom Cybersecurity
› Cyberbusiness – Increased commercial values on the net, economic
growth driver recognized in all ”digital agendas”
› Cybersociety – Increased societal values on the net
– Politics – trust, governance and compliance
– Requirements on networks (including individual nodes and software)
– Protection of critical infrastructure – CERT-s, Cyber attack excersises,
National Contingency plans
– Security capabilities for new services (e.g. Cloud Computing, e-health, e-
– National security aspects
Limited Internal | 2010-03-29 | Page 2
What is the world’s biggest deployed
› Yes, it is the mobile networks!
Where was it developed?
› At ETSI SMG 10 ...
› ... and from 1998 at 3GPP WG SA3 when 3GPP was
Limited Internal | 2010-03-29 | Page 3
Two important security tools that frequently pop
up in 3GPP specs
› UICC, a.k.a. (also known as) the SIM card
– Place to hold secret keys and perform sensitive functions
– But, not only a chip. It is THE link which provides the ownership of the customer to the operator
› Authentication and Key Agreement
algorithm, a.k.a. AKA
– Algorithm to authenticate the identity on the UICC to the network and vice
– Provides keys as a by-product which can be used to protect communication
Limited Internal | 2010-03-29 | Page 4
uses of UICC and AKA
”Generic Bootstrapping single sign-on
HTTP digest AKA Architecture (GBA/GAA)” (SSO)?
for GBA NAF
HTTP digest AKA
for IMS BM-SC
”Access security” GERAN 2G Core issues
2G AKA Widely
UTRAN 3G Core deployed.
EAP SIM WLAN Rapidly
EAP AKA LTE
2G AKA- EPS Core
EPS AKA based E-UTRAN
EAP AKA’ Becoming
Non-3GPP important, e.g.
access WiFi roaming
Limited Internal | 2010-03-29 | Page 5
Some design principles
› Successful attacks shall be local to the “environment”.
– E.g., attacks on an eNB shall not affect core NW security.
– One eNB shall have no (or as little as possible) knowledge of
keys used in another eNB.
› Successful attacks shall be local in time.
– E.g. Keys used in an eNB at one point in time does not help
attacker getting access to keys used earlier or later (even in the
› Prefer prevention, but resort to detection if prevention not
Limited Internal | 2010-03-29 | Page 6
LTE Trust model and threat environment
Secure environment IPsec
Non trusted location
Limited Internal | 2010-03-29 | Page 7
Security termination points
“local” control plane
Integrity and ciphering
Integrity and ciphering RAN
“global” control plane
Limited Internal | 2010-03-29 | Page 8
Key Derivation Functions (KDF)
A KDF takes a key as input and produces a different
key as output.
Scoping data1 KDF
Scoping data2 KDF
If you have a key, you can compute all keys below in the chain,
but it is infeasible to compute keys higher up in the chain.
Limited Internal | 2010-03-29 | Page 9
LTE key hierarchy
(Basic structure) Notation:
An Access Security Management Entity (ASME)
is an entity which receives the top-level keys in an
access network from the HSS, i.e., the MME.
Established via AKA
NAS security context
K_NAS-int K_NAS-enc K_eNB
AS sec security context
K_eNB-UP-enc K_eNB-RRC-int K_eNB-RRC-enc
Limited Internal | 2010-03-29 | Page 10
Security for System Improvement for Machine-type
› Work ongoing in 3GPP on system improvements for machine-type communications
– Analysis of security aspects ongoing in SA3
– Work ongoing on SMS triggering security and USIM-device binding in Rel-11
SMS -SC/ Tsms
HSS T4 CDF/
S6 m Rf/Ga
MTC -IWF Tsp
Control plane Services Application
User plane Capability Server 1
Server (AS )
T5c GGSN /
T5 b (AS )
Indirect Model 1
MTC UE Direct Model 2
Application UE RAN SGSN Hybrid Model 1 + 2
Limited Internal | 2010-03-29 | Page 11
› UP security termination in eNB the main reason behind
the elaborate key handling.
› Subscriber authentication almost exactly as in UMTS.
› Several layers of security to make effects of successful
attacks less severe.
– Key hierarchy.
– AS security context derived from current NAS security context as
– Key separation between eNBs (space/time).
– Separate AS and NAS algorithm negotiation.
Limited Internal | 2010-03-29 | Page 12
1. Disconnect national security, classified
”goes outside/above” the global civilian society
2. Standards based, Global, open,
Cyberspace with unrestricted reach
and growing functionality, including
appropriate security for the civil society
InfoSec Agencies <=> Threat scenarios <=> Industry <=> Standards <=> Compliance
Limited Internal | 2010-03-29 | Page 13
Limited Internal | 2010-03-29 | Page 14