Professional Documents
Culture Documents
Presentation_ID
CISCO PROPRIETARY
Agenda
Intro
Presentation_ID
CISCO PROPRIETARY
Intro
Presentation_ID
CISCO PROPRIETARY
Presentation_ID
CISCO PROPRIETARY
UE
S1-MME
MME
HSS
PCRF
X2
eNodeB
S-GW
S1-U
Evolved UTRAN(E-UTRAN)
PDN-GW
S5
UE = User Equipment
MME = Mobility Management Entity, termination point in network for
ciphering/integrity protection for NAS signaling, handles the security key
management, authenticating users
S-GW = Serving Gateway
PDN-GW = PDN Gateway
PCRF = Policy Charging Rule Function
Presentation_ID
CISCO PROPRIETARY
PDN GW
IP Tunnel
Serving
GW
IP Tunnel
MAC
Security
Layer 3
OFDMA
Presentation_ID
CISCO PROPRIETARY
Core Network
Handset Authentication
GSM
Ciphering
Handset Authentication + Ciphering
GPRS
Mutual Authentication
3G
SAE/LTE
Ciphering + Radio
signalling
integrity
Optional IPSec
CISCO PROPRIETARY
SAE/LTE Security
Security implications:
Flat architecture
Interworking with legacy and non-3GPP networks
eNB placement in untrusted locations
Keep security breaches local
Result:
Extended Authentication and Key Agreement
More complex key hierarchy
More complex interworking security
Additional security for (home)eNB
Presentation_ID
CISCO PROPRIETARY
LTE/SAE architecture
ME=MobileEquipment
USIM=UniversalSubscriberIdentityModule
AN=AccessNetwork
HE=HomeEnvironment
SN=ServingNetwork
(I) Network access security: secure access to services, protect against attacks on (radio) access links
(II) Network domain security: enable nodes to securely exchange signaling data & user data (between AN/SN
and within AN, protect against attacks wireline network
(III) User domain security: secure access to mobile stations
(IV) Application domain security: enable applications in the user and in the provider domain to securely
exchange messages
Presentation_ID
CISCO PROPRIETARY
Non-3GPP Access
ME=MobileEquipment
USIM=UniversalSubscriberIdentityModule
AN=AccessNetwork
HE=HomeEnvironment
SN=ServingNetwork
Presentation_ID
CISCO PROPRIETARY
10
Presentation_ID
CISCO PROPRIETARY
11
Benefits
Easy to get authentication from home network while in visited network without
having to handle Ki
Source: ETRI
Presentation_ID
CISCO PROPRIETARY
12
Signaling protection
For core network (NAS) signaling, integrity and confidentiality protection
terminates in MME (Mobile Management Entity)
For radio network (RRC) signaling, integrity and confidentiality protection
terminates in eNodeB
Presentation_ID
CISCO PROPRIETARY
13
Presentation_ID
CISCO PROPRIETARY
14
Presentation_ID
CISCO PROPRIETARY
15
CISCO PROPRIETARY
16
Presentation_ID
CISCO PROPRIETARY
17
Presentation_ID
CISCO PROPRIETARY
18
Presentation_ID
CISCO PROPRIETARY
19
Presentation_ID
CISCO PROPRIETARY
20
Presentation_ID
CISCO PROPRIETARY
21
Security Domains
Presentation_ID
CISCO PROPRIETARY
22
Security Gateway
Handle communication over Za interface (SEG-SEG)
AuthN/integrity mandatory, encryption recommended using IKEv1 or IKEv2 for
negotiating, establishing and maintaining secure ESP tunnel
All traffic flows through SEG before leaving or entering security domain
Secure storage of long-term keys used for IKEv1 and IKEv2
Hop-by-hop security (chained tunnels or hub-and-spoke)
Presentation_ID
CISCO PROPRIETARY
23
Presentation_ID
CISCO PROPRIETARY
24
Presentation_ID
CISCO PROPRIETARY
25
Presentation_ID
CISCO PROPRIETARY
26
Few slides
Presentation_ID
CISCO PROPRIETARY
27
Presentation_ID
CISCO PROPRIETARY
28
IMS Security
Security/AuthN mechnism
Mutual AuthN using UMTS AKA
Typically implemented on UICC (ISIM application)
UMTS AKA integrated into HTTP digest (RFC3310)
NASS-IMS bundled AuthN
SIP Digest based AuthN
Access security with TLS
Presentation_ID
CISCO PROPRIETARY
29
Presentation_ID
CISCO PROPRIETARY
30
Presentation_ID
CISCO PROPRIETARY
31
References
Principles, objectives and requirements
TS 33.120 Security principles and objectives
TS 21.133 Security threats and requirements
Presentation_ID
CISCO PROPRIETARY
32
References
(http://www.3gpp.org/ftp/Specs/archive/33_series/33.210/)
http://www.3gpp.org/ftp/Specs/archive/33_series/33.310/
http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/
http://www.3gpp.org/ftp/Specs/archive/33_series/33.402/
http://www.3gpp.org/ftp/Specs/archive/33_series/33.820/33820-810.zip
http://www.3gpp.org/ftp/Specs/archive/33_series/33.102/33102-830.zip
Presentation_ID
CISCO PROPRIETARY
33
Credits
Valterri Niemi (3GPP SA3 chair)
Presentation_ID
CISCO PROPRIETARY
34
Backup
Presentation_ID
CISCO PROPRIETARY
35
Source: ETRI
Presentation_ID
CISCO PROPRIETARY
36
s
10m
Source
ENB
Target
ENB
SGW
Handover Reque
st
est Confirm
Handover Requ
30 ms
Interruption
Time
equest
Path Switch R
Path Switch Req
.
Ack
Forwarded D
ata (20ms)
Out of Order
Packets
CISCO PROPRIETARY
37
Summary
In this session, we reviewed
Presentation_ID
CISCO PROPRIETARY
38
Presentation_ID
CISCO PROPRIETARY
39
Presentation_ID
CISCO PROPRIETARY
40
40
UE
S1-MME
MME
PCRF
X2
eNodeB
S-GW
S1-U
HSS
S5/S8
PDN-GW
S1-U: ?
Authentication Required
Presentation_ID
CISCO PROPRIETARY
41