Research on 3GPP LTE Security Architecture Li Zhu1, Hang Qin2, Huaqing Mao1 Zhiwen Hu1 Oujiang College, Wenzhou University, Wenzhou, 325035, China 2 Computer School, Yangtze University, Jingzhou, 434023, China
[email protected],
[email protected],
[email protected],
[email protected] 1
Abstract—with the improvement and maturity of 3G network, the wireless communication rate for the users has become more and more high. Every research institution will focus gradually shift to long term evolution Version (LTE) of 3G network. In this paper, 3GPP LTE security mechanisms are introduced in detailed; the security architecture of LTE/SAE is present; the key structure and domain security of the network are studied respectively. Keywords-LTE; security architecure; key structure; domain security;
I.
INTRODUCTION
The fast growth of mobile traffic volume is one of the main reasons why the fourth generation mobile communication systems are being investigated and standardized. Every research institution will focus gradually shift to long term evolution Version (LTE) of 3G network. At present, the experimental network for LTE standard has been built around the world, however, there are many problems to be solved for business application. In this paper, the 3GPP LTE network security problems are studied. The preliminary analysis and research indicated the former methods can improve security of the 3GPP LTE network and be compatible with the existing 3G standard to some degree. At the same time, it would also facilitate further deployment and improvement of the TD-LTE of China's technological standards. The remainder of the paper is organized as follows. Section II introduced related work on LTE/SAE security mechanisms. Section III analyzed security architecture of LTE/SAE. In Section IV, key structure of LTE/SAE is described. In Section V, domain security of the network is studied. The paper is concluded in Section VI. II.
RELATED WORK
With the rapid development of Wireless access network research project on long term evolution (LTE), as well as system architecture evolution (SAE) lead to China's existing mobile communications network will transit to LTE, how to ensure the security of communication related not only the daily life of individuals but also the national security. At the same time, researching on security of LTE network also helps to solve the existing security problems for mobile network. In order to resolve the security issues in mobile communications network, domestic and foreign scholars and organizations have done a great deal of research and standardization. [2] is the security specification defined by the European ETSI organization for the GSM mobile communication system, through authentication to prevent
unauthorized access, and data transmission on the air interface is encrypted. 3GPP organization proposed the security specification for third-generation mobile communication system[3], and its security is significantly improved on the basis of GSM, however, there are still some security flaws.[4,5] further researched and effectively solved the system security issues such as the identity disclosure and false base station attack for security of the third generation mobile communication. In LTE/SAE Release8 standard, the network security mechanism has been largely improved compared to the third generation mobile communication. The security functions provided by LTE/SAE mainly include [6]: ensure unauthorized (EPS: Evolution Packet System) service not be used; providing confidentiality protection for users’ identity; providing confidentiality protection for users’ data and signaling; Providing original authentication of signaling data; providing authentication from the user to the network. The main security problem faced on 3GPP LTE communication is identity authentication between the two sides. Current 3G network defines norms and restrictions for terminal and base station with different protocols but they are not perfect. LTE/SAE Release 8 standard has been appropriately modified mainly in authentication and key agreement, which adds identity information of service network into authentication and key agreement protocols in data request message of HSS sent by MME. It also makes rule in situation of MME request multiple authentication vector from HSS for the processing mechanism, which has further improved security of authentication and key agreement, also has added process of UE authenticate the service network and avoided SQN serial number synchronization. LTE/SAE authentication and key agreement protocol have still existed security flaws. such as: the user authentication vector is intercepted; identity of IMSI user is disclosed; the malicious intruders can access to network to get fake IMSI information by listen to signal and get user authentication vector by network domain; It also get the key of the confidential communication, at the same time, the malicious intruders can enjoy a fully encrypted communications. In addition, UE and HSS shared key long time and don’t support data sign services which will lead to potential security problems of the system. Another security risk exists in handover process of terminal equipments. Current 3GPP LTE handover mechanism is to ensure normal communication for mobile terminals. Handover occurs in the process of a communication, and it does not need to handover when a terminal doesn’t communication [7], there are two views for current handover commands generation [8]. One is that handover command is generated by the target base station and is passed to the UE through the original service station; the other one is the target base stations send individual
The research is supported by project of Wenzhou Science & Technology Bureau (Grant No. S20110012) and the excellent scientists Programs of Hubei Province in China (Grant No Q20111311) and Wenzhou University cooperative research project in 2012 (Grant No. 2012Z007)
978-1-61284-683-5/12/$31.00 ©2012 IEEE
element of information in form of Handover Request Acknowledge. The source base station generates source handover command according to information element. 3GPP LTE adopts the second form, which handover command is generated by the source base station. 3GPP LTE handover can be divided into UE handover in homogeneous networks and handover in heterogeneous networks. The security of eNode authentication is insufficient in heterogeneous network handover. From the 3GPP LTE network architecture, homogeneous handover includes X2 handover and S1 handover [9], where the X2 handover between both 3GPP LTE base station eNB, S1 handover is between MME (Mobility Management Entity) and 3GPP LTE base station. From the existing wireless networks, handover between homogeneous networks includes handover between 3GPP LTE and UTRAN, handover between the 3GPP LTE and GERAN, handover between Non-3GPP and 3GPP LTE. The handover mechanisms mentioned above have different security vulnerabilities. That is mainly due to emerging of new attack methods and there aren’t scientific design guidelines for the security protocols. The scholars at home and abroad mainly concentrate on the mechanisms including radio resource management and transmit performance of 3GPP LTE [10-15]. [10] proposes the LTE handover decision algorithm and compares it with the traditional PBGT (Power Budget) handover algorithms; [11] introduces handover process of LTE and intra-MME/SAE's. [12] puts forward a mobile management technology; [13] describes handover process of LTE and assess its performance. [14] regards that ICIC can improve LTE handover performance; ICIC can be used in low handover rate in order to improve the performance. At present, the research on LTE security [16, 17] is still insufficient. [16] proposes wireless access security threats between LTE base station and the UE; [17] introduces LTE Mobility and present key management and possible solutions for SAE and LTE. This paper will focus on security architecture of LTE/SAE. The research will provide a reference standard for TD-LTE and FDD-LTE security protocols and promote the implementation of TD-LTE standard in China. III.
LTE/SAE SECURITY ARCHITECTURE
A. LTE/SAE Security Architecture In this paper, we reference the security architecture of UMTS and present security architecture for LTE/SAE network. The proposed architecture is basically the same as UMTS; however, it still has some different points compared to UMTS. The architecture for LTE/SAE is shown in Figure 1:
The network architecture of LTE/SAE is divided into five domains: network access security (I), network domain security (II), the user's domain security (III), application domain security (IV), visibility and configurability of the security services. Compared with the security architecture of UMTS network, the differences are shown as following: (1) Two-headed arrows are added between ME (Mobile Equipment) and SN (Service Network), which indicated that there are also non-access-layer security between ME and SN; (2)Bi-directional arrow is added between AN and SN indicated security communication is needed between AN and SN; (3)The concept of service network certification is also added, so one-way arrow has been changed to a two-headed arrow between HE and SN; B.
LTE/SAE Security Layer:
Figure 2. Security layer of LTE/SAE
As shown in Figure 2, in LTE/SAE, because the eNB is not a fully trusted zone, so, two-level security is considered in LTE/SAE: security of access layer (AS) and non-access layer (NAS): (1) Security of the access layer (AS): security between the UE and the eNB, which mainly provides encryption and integrity protection for AS signaling, encryption protection for users’ UP; (2) Non-access layer (NAS) security: the security between UE and MME is providing encryption and integrity protection for NAS signaling. IV.
KEY STRUCTURE OF LTE/SAE
The key architecture of LTE/SAE is described in figure 3, every layer of keys are derived from the k, and respectively realize confidentiality and integrity protection which improve security of communication.
Figure 1. LTE/SAE security architecture
V.
NETWORK DOMAIN SECURITY
In LTE/SAE network, different security domains are divided, the NDS/IP (IKE+IPsec) is adopted to protect network domain security, as is shown in Figure 4:
Figure 3. Key structure of LTE/SAE
The key architecture of LTE/SAE network contains the following keys: (1) The key k is the permanent key shared between the UE and the HSS, which stored in the USIM and the certification center AuC; CK/IK: key pairs generated in AKA authentication process of AuC and USIM. Compared with UMTS, CK/IK should not leave the HSS; (2) The shared key between ME and ASME is KASME. UE and HSS deduced KASME according to CK/IK, and it is used to deduce lower keys; (3) KNASint is the shared key among UE, the eNBA and MME: UE and MME get the key according to KASME. It is used for protecting the integrity of NAS flow between UE and MME; (4)KNASenc: UE and MME get the key according to KASME which is used for flow confidentiality between UE and MME; (5)KeNBS: UE and MME derive the key according to KASME; KeNBS is used to deduce keys of AS layer; (5)KUPenc: UE and eNB get the keys according to KeNBS and identity of encryption algorithms, which is used for confidentiality protection between UE and eNB; (6)KRRCint: UE and eNB deduced according to KeNB and Integrity algorithm identifiers, it is used to protect integrity of RCC between the UE and the inter-eNB; (7)KRRCenc: UE and eNB deduced according to KeNBS and encryption algorithm identifier, which used to protect the confidentiality of RCC between the UE and the eNB; Due to the keys of LTE/SAE are different in security levels, the key strength as well as distribution management mechanisms are also different. But the most important thing is to protect security of the key k, which is the cornerstone of the entire communication. Other security keys and distribution processes need to be derived from the key k.
Figure 4. LTE/SAE network domain security
In Figure 4, if MME/S-GW and eNB located in a different security domains (such as MME/S-GW and the eNB connected through Internet), NE A-1 in the graph can be viewed as MME/S-GW, NE B-1 can be viewed as eNB. Security gateway can be integrated in the NE, which may be a separated device. If the connection between the SEG and NE are trusted (such as a connection between the MME/S-GW and the SEG is located within the same building), then there needn’t to attach additional security measures (except physical measures) between them. If ENB and MME/S-GW are in the same security domain, MME/S-GW and eNB may correspond to NE A-1 and NE A-2, they can be protected by Zb interface. If more nodes are deployed in a trusted environment, security should be set in a separated device (the boundary SEG of the trusting domain). In general scene, end the Za (SEG function) or IPsec function of Zb should be integrated into the eNB; multiple eNB flow can be converged by SEG. NDS/IP can adopt pre-shared key and certificate to provide key management. VI.
CONCLUSION
With the improvement and maturity of 3G networks, the user requirements for wireless communication rate become more and more high. Every research institution will focus gradually shift to long term evolution Version (LTE) of 3G network. At present, the experimental network for LTE standard has been built around the world; however, there are many problems to be solved for business application. In this paper, the 3GPP LTE network security problems are studied, the paper provides a tutorial overview of the proposed security mechanism in 3GPP LTE. It first gives a brief overview of the LTE security mechanisms, and then puts forward security architecture for LTE/SAE. The security layers of LTE/SAE, the key architecture and domain security are studied.
ACKNOWLEDGMENT The author gratefully thanks all the members who help to modify this paper. REFERENCES [1]
Wenyu Li, long-term evolution of mobile communication system wireless network structure and protocols [J], telecom science, 2006, 22 (6): 29-33. [2] GSM Technical Specification 02.09, Security Aspects[S]. [3] 3GPP TS 33.102 V8, 3rd Generation Partnership Project: Technical Specification Group Services and System Aspects, 3G Security, Security architectures[S]. [4] Yu Zheng, DaKe He, Qixiang Mei, authentication mechenism of 3 G mobile communication sytem based on self test [J], journal of computer, 2005,8(8): 1328-1332. [5] Juang Wen-Shen, Wu Jing-Lin, Efficient 3Gpp Authentication and Key Agreement with Robust User Privacy Protection[C], Proceeding of WCNC 2007, HongKong, IEEE, 2007: 2551-2556. [6] 3GPP TS 33.401 V 8, 3rd Generation Partnership Project: Technical Specification Group Services and System Aspects, 3GPP System Architecture Evolution (SAE), Security Architecture[S]. [7] Kan Zheng, Hui Zhao,Wenbo Wang,3 G long-term evolution technology and system design [B], electronic industry press, September,2007. [8] 3GPP R2-082392, Need for Key Sequence indicator during Security Configuration[S], 2008. [9] Naizheng zheng,Wigard J., On the Performance of Integrator Handover Algorithm in LTE Networks[C], Vechicular Technology Conference, VTC 2008-Fall, IEEE 68th, 2008:1-5. [10] Bajzik L, Horvath. P. Korossy, L. Vulkan C., Impact of Intra-LTE Handover with Forwarding on the User Connections, [C], Mobile and Wireless Communications, Summit, 2007, 16th IST, 2007: 1-5. [11] Tae-Hyong Kim, Qiping Yang, Jae-Hyoung Lee, et al, A Mobility Management Technique with Simple Handover Prediction for 3G LTE Systems[C], Vehicular Technology Conference,2007, VTC-2007 Fall, 2007IEEE 66th: 259-263. [12] Rac. A., Temesvary A., Reider N., Handover Performance in 3GPP LTE Systems, [C], Mobile and Wireless Communications Summit, 16th IST, 2007: 1-5.
[13] Danish Aziz, Rolf Sigle, Improvement of LTE Handover Performance through Interference Coordination[C], IEEE Vehicular Technology Conference, 2009,VTC Spring 2009-IEEE 69th Vehicular Technology Conference. [14] Lajos Bajzik, Peter Horvath, Laszlo Krrossy, Csaba Vulkan, Impact of Intra-LTE Handover with Forwarding on the User Connections, [C], 16th IST Mobile and Wireless Communications Summit,2007: 12191223. [15] Anand R. Prasad, Julien Laganier, Alf Zugenmaier, et al, Mobility and Key Management in SAE/LTE, [C], Wireless communications 2007 CNIT Thyrrenian Symposium, 2008:165-178. [16] A. Bou Saleh et al., “Comparison of Relay and Pico eNB Deployments in LTE-Advanced,” IEEE VTC 2009. [17] T. Nihtila and V. Haikola, “HSDPA Performance with Dual Stream MIMO in a Combined Macro-Femto Cell Network,” IEEE VTC 2010. [18] H. R. Karimi et al., “Evolution Towards Dynamic Spectrum Sharing in Mobile Communications,” IEEE PIMRC 2006. [19] J. Gora and T. E. Kolding, “Deployment Aspects of 3G Femtocells,” IEEE PIMRC 2009. [20] H. A. Mahmoud and I. Guvenc, “A Comparative Study of Different Deployment Modes for Femtocell Networks,”IEEE PIMRC 2009. [21] Han et al., “Optimization of Femtocell Network Configuration Under Interference Constraints,” WiOPT 2009. [22] Y. Tokgoz et al., “Uplink Interference Management for HSPA+ and 1xEVDO Femtocells,” IEEE GLOBECOM 2009. [23] G. Boudreau et al., “Interference Coordination and Cancellation for 4G Networks,” IEEE Commun. Mag., 2009. [24] A. Khandekar et al., “LTE-Advanced: Heterogeneous Networks,” European Wireless Conf. 2010. [25] O. Simeone, E. Erkip, and S. Shamai , “Robust Transmission and Interference Management For Femtocells with Unreliable Network Access,” IEEE JSAC, Dec. 2010. [26] S. Annapureddy et al., “http://www.ieee-ctw.org/2010/ mon/Gorokhov.pdf,” 2010 IEEE Commun. Theory Wksp., Cancun, Mexico, 2010. [27] 3GPP Evolved Universal Terrestrial Radio Access (EUTRA)and Evolved Universal Terrestrial Radio Access Network (EUTRAN);Overall Description; Stage 2 (Release 10). [28] 3GPP TR 36.814, “E-UTRA; Further Advancements for E-UTRA Physical Layer Aspects.”
