1
3GPP SA3 status
Valtteri Niemi, SA3 Chairman
Nokia Research Center
Lausanne, Switzerland
ITU-T security workshop
Geneva, Switzerland, 9-10 February 2009
2
Outline
• Some history and background• SAE/LTE security: some highlights• Home (e)NodeB security• Other work items
3
Some history and background
4
Some history (1/2)• For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new
specifications, e.g. – TS 33.102 “3G security; Security architecture”– 5 specifications (out of these 19) originated by ETSI SAGE,
e.g. TS 35.202 “KASUMI specification”• For Release 4 (frozen 2001), SA3 was kept busy with GERAN
security while ETSI SAGE originated again 5 new specifications, e.g.– TS 35.205-208 for MILENAGE algorithm set
• Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.:– TS 33.203 “IMS security”– TS 33.210 “Network domain security: IP layer”
5
Some history (2/2)• Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.:
– TS 33.246 “Security of MBMS”– TS 33.220-222 “Generic Authentication Architecture”
• Release 7 (frozen 2007): SA3 added 13 new specifications– ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl.
SNOW 3G spec) (TS 35.215-218, TR 35.919)• Release 8 (frozen 2008): SA3 has added 5 new specifications,
e.g.:– TS 33.401 “SAE: Security architecture”– TS 33.402 “SAE: Security with non-3GPP accesses”– (1-2 more TR’s maybe still be included in Rel-8)
6
SAE/LTE security (Rel-8): some highlights
7
SAE/LTE: What and why?SAE = System Architecture Evolution
LTE = Long Term Evolution (of radio networks)
• LTE offers higher data rates, up to 100 Mb/sec• SAE offers optimized (flat) IP-based architecture
• Technical terms:– E-UTRAN = Evolved UTRAN (LTE radio network)– EPC = Evolved Packet Core (SAE core network)– EPS = Evolved Packet System ( = RAN + EPC )
8
Implications on security• Flat architecture:
– All radio access protocols terminate in one node: eNB– IP protocols also visible in eNB
• Security implications due to – Architectural design decisions– Interworking with legacy and non-3GPP networks– Allowing eNB placement in untrusted locations– New business environments with less trusted networks
involved– Trying to keep security breaches as local as possible
• As a result (when compared to UTRAN/GERAN):– Extended Authentication and Key Agreement– More complex key hierarchy– More complex interworking security– Additional security for eNB (compared to NB/BTS/RNC)
9
Home (e) Node B security
10
Home (e)NB architecture
Figure from draft TR 33.820
One of the key concepts: Closed Subscriber Group
UE HeNB SGWinsecure linkOperator’s core network
OAM
11
Threats• Compromise of HeNB credentials
– e.g. cloning of credentials• Physical attacks on HeNB
– e.g. physical tampering• Configuration attacks on HeNB
– e.g. fraudulent software updates• Protocol attacks on HeNB
– e.g. man-in-the-middle attacks• Attacks against the core network
– e.g. Denial of service• Attacks against user data and identity privacy
– e.g. by eavesdropping• Attacks against radio resources and management
12
Other features in past releases of 3GPP
13
IMS home
IMS visited
PS domain
R99 access security
authentication & key agreement security
mechanism agreement
integrity protection
network domain security
IMS (SIP) security (Rel-5)
14
Release 6 highlights
15
WLAN interworking in 3GPP
• WLAN access zone can be connected to cellular core network
• Shared subscriber database & charging & authentication (WLAN Direct IP access)
• Shared services (WLAN 3GPP IP Access)
• Service continuity is the next step
16
MBMS Security Architecture (node layout)
BM-SC
BSFContentServer
BGW
BGW: Bearer Gateway (first hop IP-router)BM-SC: Broadcast/Multicast Service CenterBSF: Bootstrapping Server Function
Mobile Operator Network ContentServer
Internet
BM-SC can reside in home or visited network
17
Generic Authentication Architecture (GAA)
• GAA consists of three parts (Rel-6):• TS 33.220 Generic Bootstrapping
Architecture (GBA) offers generic authentication capability for various applications based on shared secret. Subscriber authentication in GBA is based on HTTP Digest AKA [RFC 3310].
• TS 33.221 Support of subscriber certificates: PKI Portal issues subscriber certificates for UEs and delivers an operator CA certificates. The issuing procedure is secured by using shared keys from GBA.
• TS 33.222 Access to Network Application Function using HTTPS is also based on GBA.
NE
GBA
AP
Certificates
HSS
UE
GAA
Figure from 3GPP TR 33.919
18
Release 7 & 8 highlights
19
Release 7 & 8: security enhancements
• Key establishment for secure UICC-terminal channel (TS 33.110)– Applies, e.g. for secure UICC-terminal channel specified
by ETSI SCP– Built on top of GBA
• Key establishment between UICC hosting device and a remote device (TS 33.259)
• Liberty-3GPP security interworking• GBA push (TS 33.223, Rel-8)
– Applies to several OMA specified features (e.g. BCAST)• Network domain security: Authentication Framework (TS
33.310) enhanced for TLS support• Withdrawal of A5/2 algorithm
20
Work in progress: Rel-9
21
Rel-9 work items
• SAE/LTE: emergence call security• Media security
– End-to-end and end-to-middle protection of media independently of access technology
• Protection against unsolicited communications in IMS
• Remote management of USIM/ISIM for machine-to-machine communications
• Security of Earthquake and Tsunami Warning System
22
For more information:
www.3gpp.org