Present and future Standards for mobile internet and smart phone information security Presented by...
-
Upload
marie-speare -
Category
Documents
-
view
218 -
download
2
Transcript of Present and future Standards for mobile internet and smart phone information security Presented by...
![Page 1: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/1.jpg)
Present and future Standards for mobile internet and smart phone information security
Presented by Alain Sultan for MIIT and TMC visit to ETSI - September 2012
© ETSI 2012. All rights reserved
![Page 2: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/2.jpg)
Mobile Internet and Smart Phone
Mobile Internet security: not addressed by 3GPP• Mobile IP refers to extensions of IP as to be able to address mobility • But the system defined by 3GPP is mobile by nature, so there is no need
for these extensions
Smart Phone security: not addressed by 3GPP• 3GPP defines Interfaces• The internal design of whatever system component (Mobile, Node B,
MSC, etc.) is up to each manufacturer
But Security is a major topic of 3GPP specifications, from the first phase of GSM (2G) until the latest phase of LTE (4G)• This is what this set of slides addresses
![Page 3: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/3.jpg)
Standards for 2G/3G security
![Page 4: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/4.jpg)
2G/3G Security Overview
Authentication
Encryption
![Page 5: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/5.jpg)
2G/3G Authentication & Key Agreement (AKA)
Non-encrypted -> data
-> Non-encrypted data
Authentication
Encryption
![Page 6: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/6.jpg)
A5 algorithms
Contained in mobile devices and base stations Confidentiality between handset and base station• Protect voice and data traffic over radio path
Versions of A5 available• A5/0: NULL• A5/1: original strong algorithm from 1986
=> broken in 2009!• A5/2: weakened algorithm to be used outside US/Europe• A5/3: KASUMI-based new algorithm
=> mandatory from 2007 (but taking long to be deployed…)
• A5/4: A5/3 with longer key (128-bit)
![Page 7: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/7.jpg)
Standards for LTE security
![Page 8: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/8.jpg)
LTE Security
Characteristics of LTE Security• Re-use of UMTS Authentication and Key Agreement (AKA)• Use of USIM required (GSM SIM excluded, but Rel-99 USIM is
sufficient)• Extended key hierarchy• Possibility for longer keys• Greater protection for backhaul• Integrated interworking security for legacy and non-3GPP networks
![Page 9: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/9.jpg)
Authentication and key agreement (AKA)
HSS generates authentication data and provides it to MME Challenge-response authentication and key agreement procedure between MME and UE• SIM access to LTE is explicitly excluded (USIM R99 onwards allowed)
S12
S3 S1-MME S6a
HSS
S10
UE
SGSN
LTE-Uu
E-UTRAN
MME
S11
S5 Serving Gateway
S1-U
S4
UTRAN
GERAN
![Page 10: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/10.jpg)
Confidentiality and integrity of signaling
RRC signaling between UE and E-UTRAN• Encryption on PDCP layer
NAS signaling between UE and MME
S12
S3 S1-MME S6a
HSS
S10
UE
SGSN
LTE-Uu
E-UTRAN
MME
S11
S5 Serving Gateway
S1-U
S4
UTRAN
GERAN
![Page 11: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/11.jpg)
User plane confidentiality
S1 protection is not UE-specific• (Enhanced) network domain security mechanisms
• based on IPSec
• Optional• Integrity protection not available
S12
S3 S1-MME S6a
HSS
S10
UE
SGSN
LTE-Uu
E-UTRAN
MME
S11
S5 Serving Gateway
S1-U
S4
UTRAN
GERAN
![Page 12: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/12.jpg)
LTE Authentication and Key Agreement
UE eNB MME AuCNAS attach request (IMSI)
AUTH data request (IMSI, SN_id)
AUTH data response (AV={AUTN, XRES, RAND, Kasme})
NAS auth request (AUTN, RAND, KSIasme)
NAS auth response (RES)
NAS SMC (confidentiality and integrity algo)
NAS Security Mode Complete
RRC SMC (confidentiality and integrity algo)
RRC Security Mode Complete
S1AP Initial Context Setup
![Page 13: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/13.jpg)
Indication of access network encryption
Indication of access network encryption• user is informed whether confidentiality of user data is protected
on the radio access link• in particular when non-ciphered calls are set-up
![Page 14: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/14.jpg)
Security Algorithms
![Page 15: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/15.jpg)
LTE Security Algorithms (1/2)
Three separate algorithms specified• In addition to one NULL algorithm
Current keylength 128 bits• Possibility to extend to 256 in the future
Confidentiality protection of NAS/AS signalling recommended Integrity protection of NAS/AS signalling mandatory User data confidentiality protection recommended Ciphering/Deciphering applied on PDCP and NAS
![Page 16: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/16.jpg)
LTE Security Algorithms (2/2)
128-EEA1/EIA1• Based on SNOW 3G: stream cipher; keystream produced by Linear Feedback Shift
Register (LFSR) and a Finite State Machine (FSM)• Different from KASUMI as possible• Allows for low power consumption
128-EEA2/EIA2 • AES block cipher
• Counter (CTM) Mode for ciphering• CMAC Mode for MAC-I creation (integrity)
• Different from SNOW 3G as possible, so cracking one would not affect the other• KASUMI not re-used: eNB already supports AES as well as other non-3GPP accesses,
e.g. 802.11i
128-EEA3/EIA3 (Rel-11 onwards)• Based on ZUC (Zu Chongzhi): stream cipher• Developed by Data Assurance and Communication Security Research Center of
Chinese Academy of Sciences (DACAS)
![Page 17: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/17.jpg)
Lawful Interception
![Page 18: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/18.jpg)
Lawful Interception in 3GPP
HandoverRetrieval
Cost Political
LegalBusiness
Relations
process
Storage
Interception
Analysis
![Page 19: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/19.jpg)
Lawful Interception in EPS
Context and mechanisms similar to case of UMTS PS• Different core entities (ICE, Intercepting Control Elements)• ADMF handles requests from Law Enforcement Authorities
• target identity: IMSI, MSISDN and IMEI
• X1 interface provisions ICEs and Delivery Functions• X2 delivers IRI (Intercept Related Information)• X3 delivers CC (Content of Communication)• HI1,2,3: Handover Interfaces with law enforcement
• Convey requests for interception of targets (HI1)• Deliver IRI (HI2) and CC (HI3) to LEAs
![Page 20: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/20.jpg)
SGi
S12
S3 S1-MME
PCRF
Gx
S6a
HSS
Operator's IP Services
(e.g. IMS, PSS etc.)
Rx S10
UE
SGSN
LTE-Uu
E-UTRAN
MME
S11
Serving Gateway
PDN Gateway
S1-U
S4
UTRAN
GERAN
EPS LI Architecture
LEMF
MediationFunction
DeliveryFunction 2
MediationFunction
DeliveryFunction 3
MediationFunction
ADMF
X1_1
X1_2
X1_3X2 X3
HI1 HI2 HI3
X2
![Page 21: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/21.jpg)
Additional slides for more info
More on LTE security• Backhaul Security• Relay Node Security
IMS authenticationHome (e) Node B securityStatus of work at 3GPP on Security issuesMain 3GPP Security Standards
![Page 22: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/22.jpg)
Conclusions
Security is a major point of interest from GSM (2G) up to LTE (4G)GSM/UMTS Security: continues to evolve, recent introduction of A5/3 (planned before attack on old A5/1 succeeded) LTE Security: building on GSM and UMTS Security with newer security algorithms, longer keys, Extended key hierarchy Security aspects taken into consideration each time the system evolves (IMS, HNB, MTC, …)
![Page 24: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/24.jpg)
Deeper Key hierarchy in LTE
Faster handovers and key changes, independent of AKAAdded complexity in handling of security contextsSecurity breaches local
USIM / AuC
UE / MME
UE / ASME
K
KUPenc
KNASint
UE / HSS
UE / eNB
KNASenc
CK, IK
KRRCint KRRCenc
KASME
KeNB
KUPint
![Page 25: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/25.jpg)
Backhaul Security
![Page 26: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/26.jpg)
Backhaul Security
Base stations becoming more powerful• LTE eNode B includes functions of NodeB and RNC
Coverage needs grow constantlyInfrastructure sharing
Not always possible to trust physical security of eNBGreater backhaul link protection necessary
![Page 27: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/27.jpg)
Certificate Enrollment for Base Stations
RA/CA
base stationbase station obtains operator-signed certificate on its own public key from RA/CA using CMPv2.
CMPv2
Vendor-signed certificate of base station public key pre-installed.
Vendor root certificate pre-installed.
SEG
Operator root certificate pre-installed.
Enrolled base station certificate is used in IKE/IPsec.IPsec
Picture from 3GPP TS 33.310
![Page 28: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/28.jpg)
Relay Node Security
![Page 29: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/29.jpg)
Relay Node Authentication
Mutual authentication between Relay Node and network• AKA used (RN attach)• credentials stored on UICC
Binding of Relay Node and USIM:• Based on symmetric pre-shared keys, or• Based on certificates
RelayDonoreNBUE
Core
NW
Radio Radio Backhaul
![Page 30: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/30.jpg)
Relay Node Security
Control plane traffic integrity protectedUser plane traffic optionally integrity protectedRelay Node and network connection confidentiality protectedDevice integrity checkSecure environment for storing and processing sensitive data
![Page 31: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/31.jpg)
IP Multimedia Subsystem (IMS) Security
![Page 32: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/32.jpg)
HSSHSSHSSHSSDNSDNSENUMENUMDNSDNS
ENUMENUM
I-I-CSCFCSCF
I-I-CSCFCSCF
S-S-CSCFCSCF
S-S-CSCFCSCF
Own/VisitedNetwork
Home NetworkASASASASASASASASASASASAS
Home Subscriber Server• Centralized DB• HLR successor• User profile• Filter criteria (sent to S-CSCF)
• Which applications• Which conditions
Home Subscriber Server• Centralized DB• HLR successor• User profile• Filter criteria (sent to S-CSCF)
• Which applications• Which conditions
Application Servers• Push-to-talk• Instant messaging• Telephony AS• 3rd party
Application Servers• Push-to-talk• Instant messaging• Telephony AS• 3rd party
P-P-CSCFCSCF
P-P-CSCFCSCF
BackboneBackbonePacketPacket
NetworkNetwork
BackboneBackbonePacketPacket
NetworkNetwork
AccessAccessAccessAccess
MGCFMGCFMGCFMGCF
MGWMGWMGWMGWPSTNPSTNPSTNPSTN
BGCFBGCFBGCFBGCF
SS7SS7SS7SS7
Call SessionControl Function• SIP registration • SIP session setup
Call SessionControl Function• SIP registration • SIP session setup
MRFMRFPP
MRFMRFPP
MRFMRFPP
MRFMRFPP
MRFCMRFCMRFCMRFC
Media Gatewayand MG Control FunctionInterfaces to PSTN/PLMN MGCF:• SIP ISUP/BICC • controls the MGW (H.248)MGW:• IP transport e.g. TDM• transcoding e.g. AMR G.711•Tones/Announcements
Media Gatewayand MG Control FunctionInterfaces to PSTN/PLMN MGCF:• SIP ISUP/BICC • controls the MGW (H.248)MGW:• IP transport e.g. TDM• transcoding e.g. AMR G.711•Tones/Announcements
Breakout Gateway Control Function• Selects network (MGCF or other BGCF) in which PSTN/ PLMN breakout is to occur
Breakout Gateway Control Function• Selects network (MGCF or other BGCF) in which PSTN/ PLMN breakout is to occur
Media Resource Function Controller• Pooling of Media servers
Media Resource Function Controller• Pooling of Media servers
Proxy CSCF• 1st contact point for UE• QoS• Routes to I-CSCF- Charging Records- Lawful Interception- SIP Header Comp
Proxy CSCF• 1st contact point for UE• QoS• Routes to I-CSCF- Charging Records- Lawful Interception- SIP Header Comp
Interrogating CSCF• Entry point for incoming calls• Determines S-CSCF for Subscribers• Hides network topology
Interrogating CSCF• Entry point for incoming calls• Determines S-CSCF for Subscribers• Hides network topology
Serving CSCF• Register• Session control• Application Interface- IMS User Authentication- Loads IMS User Profiles- Service (AS) Control- Address Translation- Charging Records
Serving CSCF• Register• Session control• Application Interface- IMS User Authentication- Loads IMS User Profiles- Service (AS) Control- Address Translation- Charging Records
Domain Name Server
Domain Name Server
IP CAN
More detailed view of IMS (2/2)
SIP
H.248
ISUP
SIP
SIP
SIP SIP
SIP
SIP
SIP
SIPSIPSIP
Diameter
RTP TDM
RTP
RTP
![Page 33: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/33.jpg)
Flow for IMS RegistrationUE GGSN HSSS-CSCFP-CSCF I-CSCF AS
1. Register (no Integrity Key (IK), no Confidentiality Key (CK), no RES)
2. Register (“integrity-protected”=no, no RES)
(find appropriate S-CSCF)
3. Register (“integrity-protected”=no, no RES)
4. Retrieval of Authentication Vector(s) for that PrivateID
5. RAND, AUTN, IK(HSS), CK (HSS), RES(HSS)6. 401 non authorized (RAND, AUTN, IK(HSS), CK (HSS))
7. 401 non authorized (RAND, AUTN)
8. Register (IK(UE), CK (UE), RES(UE))
UE computes IK(UE), CK(UE) from AUTN and RES(UE) from RAND
P-CSCF compares IK(UE) and CK(UE) with IK(HSS) and CK(HSS). If identical, then “integrity-protected”=yes
9. Register (“integrity-protected”=yes, RES(UE))
I-CSCF compares RES(UE) with RES(HSS). If not identical, then registration failure
10. Update HSS
11. Update S-CSCF (User Profile: subscribed services, user pref., etc)
12. 200 OK13. 200 OK
![Page 34: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/34.jpg)
Home (e) Node B security
![Page 35: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/35.jpg)
(out of scope for security)Datamodel cooperation with BBF
ref. S5-091892, S5-092661
Broadband Forum
RAN3
tim
e
DatamodelBased on RAN3, FF input+SA5 input (late in the process)
FF
Flat list of radio parameters SA51. Influenced the data modelBased on SA5 requirements2. Derived info model (semantics)
Produced stage 1,2,3
![Page 36: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/36.jpg)
Threats
Examplescloning of credentialsphysical tamperingfraudulent software updatesman-in-the-middle attacksDenial of service against core networkEavesdropping (identity theft, privacy breaches, …)
countermeasures in Technical
Report 33.820
3GPP TR 33.820 V8.2.0 (2009-09) Technical Report
3rd Generation Partnership Project; Technical Specification Group Service and System Aspects;
Security of H(e)NB; (Release 8)
The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented. This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners' Publications Offices.
3GPP TR 33.820 V8.2.0 (2009-09) Technical Report
3rd Generation Partnership Project; Technical Specification Group Service and System Aspects;
Security of H(e)NB; (Release 8)
The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organizational Partners and shall not be implemented. This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organizational Partners' Publications Offices.
![Page 37: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/37.jpg)
Home (e)NB Security architecture (1/2)
Security Gateway (SeGW)• element at the edge of the core network terminating security association(s) for backhaul
link between H(e)NB and core networkH(e)MS – Home (e) NodeB Management System• management server that configures the H(e)NB according to the operator’s policy, instals
software updates on the H(e)NBHosting Party Module (HPM)• physical entity distinct from the H(e)NB physical equipment, dedicated to the
identification and authentication of the Hosting Party towards the MNOTrusted Environment (TrE)• logical entity which provides a trustworthy environment for the execution of sensitive
functions and the storage of sensitive data
UE H(e)NB SeGWunsecure link
Operator’s core network
H(e)NB GW
H(e)MSH(e)MS
AAA Server/HSS
![Page 38: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/38.jpg)
Home (e)NB Security architecture (2/2)
Air interface between UE and H(e)NB backwards compatible with UTRANH(e)NB access operator’s core network via a Security Gateway (SeGW)• Backhaul between H(e)NB and SeGW may be unsecure
Security tunnel established between H(e)NB and SeGW• to protect information transmitted in backhaul link
UE H(e)NB SeGWunsecure link
Operator’s core network
H(e)NB GW
H(e)MSH(e)MS
AAA Server/HSS
![Page 39: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/39.jpg)
H(e)NB Authentication
Two separate concepts of authentication:Mutual authentication of H(e)NB and operator (SeGW) (mandatory)• Certificate based• Credentials stored in TrE in H(e)NB
Authentication of hosting party by operator’s network (optional)• EAP-AKA based• credentials contained in separate Hosting Party Module (HPM) in H(e)NB• bundled with the device authentication (one step)
Backhaul link protection• IPSec, IKEv2, based on H(e)NB/SeGW authentication
![Page 40: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/40.jpg)
Other security mechanisms for H(e)NB
Device Integrity Check• AV, SAV, Hybrid, …
Location Locking• IP address based• Macro-cell/UE reporting based• (A)GPS based• Combination of the above
Access Control Mechanism• ACL for Pre-R8 UE accessing HNB• CSG for H(e)NB
Clock Synchronization• Based on backhaul link between H(e)NB and SeGW• Based on security protocol of clock synchronization protocol
![Page 41: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/41.jpg)
H(e)NB security in the real world…
location locking does NOT seem to work• in current commercial trials• HNBs operating from different countries
• No roaming charges
algorithm licensing is an issue• customers do not sign any agreement for use of COTS HNBs
Lawful Interception• currently would not work in LIPA• would not work between CSG MSs camping on the same HNB
rogue HNB roaming
![Page 42: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/42.jpg)
Status of work at 3GPP on Security issues
![Page 43: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/43.jpg)
Recently completed security activities at 3GPP (Rel-11)
![Page 44: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/44.jpg)
Recently completed security activities at 3GPP (Rel-10)
![Page 45: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/45.jpg)
Ongoing security activities at 3GPP
![Page 46: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/46.jpg)
Main 3GPP Security Standards
![Page 47: Present and future Standards for mobile internet and smart phone information security Presented by Alain Sultan for MIIT and TMC visit to ETSI - September.](https://reader036.fdocuments.in/reader036/viewer/2022062404/551c299a550346a34f8b5fac/html5/thumbnails/47.jpg)
Main 3GPP Security Standards
UMTS Security:• 33.102 Security Architecture. • 33.105. 3GPP Cryptographic Algorithm Requirements. • 35.201. f8 and f9 Specification. • 35.202. KASUMI Specification.
IMS Security:• 23.228 IMS Architecture.
LTE Security:• 33.401 System Architecture Evolution (SAE); Security architecture• 33.402 System Architecture Evolution (SAE); Security aspects of non-3GPP
Lawful Interception:• 33.106 Lawful interception requirements• 33.107 Lawful interception architecture and functions• 33.108 Handover interface for Lawful Interception
Key Derivation Function:• 33.220 GAA: Generic Bootstrapping Architecture (GBA)
Backhaul Security:• 33.310 Network Domain Security (NDS); Authentication Framework (AF)
Relay Node Security• 33.816 Feasibility study on LTE relay node security (also 33.401)
Home (e) Node B Security:• 33.320 Home (evolved) Node B Security
All documents available for free at: ftp://ftp.3gpp.org/specs