Upload
kang-wei-
View
219
Download
0
Embed Size (px)
Citation preview
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 1/20
© ETSI 2011. All rights reserved
How secure is LTE?
Charles Brookson – Chairman ETSI OCG SecuritySpecial thanks to Bengt Sahlin, 3GPP SA3 Chairman & Dionisio Zumerle, 3GPP SA3 Secretary
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 2/20
GSM Security – is it still secure?
Chaos Computer Club – December 2010
• GSM sniffing
• Demonstration of how to fing GSM phones and
© ETSI 2011. All rights reserved
• http://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-
Sniffing.Nohl_Munaut.pdf
• For GSM, A5/1, only
• Admits Operators can defend by using somemethods …..
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 3/20
LTE – building on UMTS Security
UMTS is stronger than GSM in some ways:
• Mutual authentication
• Strong algorithms
© ETSI 2011. All rights reserved
• Integrity keys
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 4/20
LTE implications on security
Flat architecture: radio terminates in access network
Interworking with a variety of legacy and non-3GPP networksAllowing eNB placement in untrusted locations
Trying to keep security breaches as local as possible
© ETSI 2011. All rights reserved
Extended AKA (Authentication and Key Agreement)
Extended key hierarchy
More complex interworking securityAdditional security for eNB (compared to NB/BTS/RNC)
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 5/20
LTE Architecture
S3 HSS SGSN
UTRAN GERAN
© ETSI 2011. All rights reserved
S12 S1-MME S6a
S10 UE
LTE-Uu E-UTRAN
MME S11
S5 Serving Gateway
S1-U
S4
Confidentiality and integrity for signaling and user plane
Optional user plane protection (IPsec)
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 6/20
Encryption indication on phone
Indication of access network encryption
• user is informed whether confidentiality of user
data is protected on the radio access link
•
© ETSI 2011. All rights reserved
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 7/20
LTE Security Algorithms
Two sets: 128-EEA1/EIA1 & 128-EEA2/EIA2
• AES and SNOW 3G chosen as basis
• Different from each other as possible
© ETSI 2011. All rights reserved
Third set EEA3/EIA3 under consideration
• Based on Chinese ZUC (stream cipher)
• Public evaluation ongoing!http://zucalg.forumotion.net/
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 8/20
Key hierarchy in LTE
USIM / AuC
UE / ASME
K
KeNBKNASint
UE / HSS
KNASenc
CK, IK
KASME
© ETSI 2011. All rights reserved
Deeper key hierarchy than UMTS• Offers faster handovers
• Keeps security breaches local
• Adds complexity to handling of security contexts
UE / MME
KUPenc
UE / eNB
KRRCint KRRCenc
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 9/20
Network Domain Security
Base stations getting more and more powerful
• LTE eNode B includes features of UMTS RNCCoverage needs grow constantly
• Not always possible to trust physical security of location of
© ETSI 2011. All rights reserved
Greater backhaul link protection needed
Certificate enrolment mechanisms for backhaulsecurity
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 10/20
Certificate EnrollmentCertificate Enrollment
for Base Stationsfor Base Stations
RA/CA
Vendor root certificate
SEG
Operator root certificate
pre-installed.
Enrolled base station
IPsec
© ETSI 2011. All rights reserved
base stationbase station obtains operator-signed
certificate on its own public key from RA/CAusing CMPv2.
v
Vendor-signed certificate
of base station public key
pre-installed.
pre- nsta e . cer ca e s use n sec.
Picture from 3GPP TS 33.310
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 11/20
Home e Node B Security
UE H(e)NBunsecure
link
Operator’s core
network
H(e)NB GW
H(e)MS H(e)MS
AAA
Server/HSS
SeGW
© ETSI 2011. All rights reserved
Security features include:• Integrity checking of device
• Mutual authentication of H(e)NB and operator (SeGW) (certificate based)
• Hosting party of the H(e)NB authentication (optional, EAP-AKA based)
• H(e)MS (OAM server) authentication
• Secure SW updates• Sensitive data not accessible in plaintext
• Access Control Mechanism
• Clock synchronization
• Location locking
• Unauthenticated traffic filtering
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 12/20
Relay Nodes
e Node B that communicates directly with other eNBs over radio
Does not require backhaul infrastructure
Objectives• improve coverage of high data rates
• improve cell edge throughput
• augment ease of deployment
© ETSI 2011. All rights reserved
a enge:
• Relay node “invisible” to the UE
• Relay Node looks like a UE to the network in some aspects
Basic Architecture:
Relay DeNBUECore
NW
Radio Radio Backhaul
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 13/20
Relay Node Authentication
Mutual authentication between Relay Node and
network• AKA used
• credentials stored on a UICC
© ETSI 2011. All rights reserved
Relay node device authentication is mandatory• Binding these two authentications needed
One-to-one binding of Relay Node and USIM
• binding realized by
• symmetric pre-shared keys (psk)
• or by certificate
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 14/20
Relay Node Security
Secure environment for storing and processingsensitive data
Device integrity check
Control plane traffic is integrity protected
© ETSI 2011. All rights reserved
Connection between Relay Node and network isconfidentiality protected
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 15/20
Security for
Machine-Type Communications
Analysis of security aspects ongoing
• identification and analysis of threats
• identification of potential security impacts of the
© ETSI 2011. All rights reserved
• identification of potential new security features
needed
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 16/20
Single Sign On
Two ongoing studies:
• SSO Application Security for IMS (figure)
• SSO frameworks with 3GPP networks for various operator
authentication configurations UE
SSOa
© ETSI 2011. All rights reserved figure from draft 3GPP TR 33.914
IM Subsystem
(IMS)
using SIP Digest
S-CSCF
HSS
SIP
AS
SSO
Subsystem
AS
Isc
Cx
m
SSOh
SSOb
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 17/20
Protection against
Unsolicited Communication (UC)Protect mobile subscribers from receiving unsolicited
communication (aka SPIT) over IMS
Current work analyses possible solutions
c e s
e d
© ETSI 2011. All rights reserved
automated UC protection
network-to-user ideal state of UC prevention
legislation (different per country) statutorily regulation of UC definition, UC handling
operator controlled environment contract conditions, policies, Service Level Agreements (SLAs)
re-use of DoS protection mechanisms e.g. limiting number of parallel calls
network supported user self protection based on SS with e.g. black-/white listing
UC feedback user-to-network web interface, DTMF/SIP
UC score network-to-user identifying, marking and handling of UC
c o m p
l e x i t y , i m p
a c t o n I M
S
non-technical UC protection measures technical UC protection measures
n o c h a
n g e s
i n i n t e r f a c e
s
o r p r o
t o c o l s
r e q u i
r e d
c h a n
g e s i n i n
t e r
o r p r o t o
c o l s r e
q u i
1
2
3
4
5
6
7
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 18/20
Selection of 3GPP Security Standards
LTE:
33.401 System Architecture Evolution (SAE); Security architecture
33.402 System Architecture Evolution (SAE); Security aspects of non-3GPP
Home (e) Node B:33.320 Security Home (evolved) Node B (H(e)NB)
General and 3G:
33.102 Security architecture
33.203 Access security for IP-based services
© ETSI 2011. All rights reserved
33.106 Lawful interception requirements33.107 Lawful interception architecture and functions
33.108 Handover interface for Lawful Interception
GBA:
33.220 GAA: Generic Bootstrapping Architecture (GBA)
Network Domain Security:
33.310 Network Domain Security (NDS); Authentication Framework (AF)
SSO:
33.914 Single Sign On for Application Security for IMS
33.924 Interworking of GBA and OpenID
33.980 Interworking of GBA and Liberty Alliance
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 19/20
How secure is LTE?
Building on GSM and UMTS Security
Newer security algorithms, longer keys
Extended key hierarchy
© ETSI 2011. All rights reserved
New features, addressing new scenarios• Home evolved Node B
• Relay Node
New topics• Machine-Type Communication, Single Sign-On,
Protection against Unsolicited Communication over IMS
8/3/2019 How Secure is LTE Presentation at ETSI Stand During MWC 2011
http://slidepdf.com/reader/full/how-secure-is-lte-presentation-at-etsi-stand-during-mwc-2011 20/20
Questions?
© ETSI 2011. All rights reserved