2. Overview
• Security in LTE
Security Architecture for 3GPP
During Attach
• Key Derivation
• Mutual Authentication
• NAS Security
• AS Security
Handovers
• Key derivation at target eNB
Irfan Ali
Irfan Ali 2 2
3. Key Cryptographic Methods
• Two cryptographic Methods:
Symmetric key: uses same key at both ends (shared key)
• Encryption algos: Data Encryption Standard (DES), 3DES,
International Data Encryption Algorithm (IDEA)
• Used in UMTS and LTE
Asymmetric key: uses two different keys (private and public
keys)
• Another tool used with the above is:
Hash function: One way transformation, used for digital
signature generation.
LTE uses Symmetric Key Cryptography
Irfan Ali
Irfan Ali 3 3
4. Symmetric Key Cryptography: Encryption and Message
Authentication
Alice Bob
m c m
A A
Communication
Medium
Ke
Kd
A Algorithm
A (Ke, m) = c Ke Encryption key
A (Kd, c) = m Kd Decryption key
m message
C encrypted message
Ke := Kd
Alice Bob
Alice Bob
Secret Key
Hello
DATA
DATA
R1 DATA
MAC
Algorithm
R2, Kab( R1 | R2) Secret Key
MAC MAC =?
Kab( R2 | R1) MAC
MAC
Algorithm
Mutual Authentication with Message Authentication or Integrity Protection with
Secret Key Secret Key
Irfan Ali
Irfan Ali 4 4
5. 3GPP Overall Security Architecture
Network Domain
HPLMN Security
Security Domain B
HPLMN Internet IMS Internet
IMS
HSS
HSS P-GW
P-GW SEG
SEG
S-GW
S-GW
S-GW
S-GW
MME
MME
eNB
eNB eNB
eNB eNB VPLMN eNB
RRC Connection Security Domain A
User Domain
Security Network Access
Security
NAS Connection
Irfan Ali
Irfan Ali 5 5
SEG Security Gateway
6. 3GPP Overall Security Architecture
• Network Access Security
Primarily radio link security
• Encryption and Integrity protection of RRC
• Encryption and Integrity protection of NAS
• Encryption of Data Radio bearers (optional)
• Network Domain Security
PLMN-A PLMN-B
Security of the wireline network between IKE/ISAKMP
PLMNs
• Key negoation using IKE
IPSec/ESP
• Use of ISAKMP for setting up the security
association between the SEG
• Tunnel-mode ESP to be used
• Encryption triple DES
• Data Integrity and Authentication: MD5 and SHA-1
• User Domain Security
User – USIM authentication: • NOTE: Maintaining Security on wired
• Access to the USIM is restricted until the links within a security domain (i.e PLMN
USIM has authenticated the user. Use of ,eg between eNB and MME) is
PIN. If user does not know PIN, user is not responsibility of operator. Only
allowed to use SIM.
recommendations in 3GPP
USIM – Terminal authentication Specifications.
• Used only for SIM-Locked Mobiles. When an
ME is SIM-locked (SIM/USIM personalisation In general, links should be either
indicator in the ME to "on“), the ME stores physically secured or through IPSec
the IMSI of the USIM. If the inserted USIM (NDS/IP)
has a different IMSI, the ME goes into a
emergency call only mode. Ref TS 22.022
Section 8. IKE Internet Key Exchange
ISAKMP Internet Security Association and Key Management Protocol
Irfan Ali
Irfan Ali
ESP Encapsulation Security Protocol
6
IPSec 6 IP Security
7. Key Heirarchy for LTE
HSS
MME
K K
S6a
Kasme Kasme
Kasme
KeNB SRB-0
KeNB KeNB
SRB-1 S1-MME
SRB-2 NAS
GTPC-1
CK, IK
CK, IK CK, IK
CK, IK
GTPC-1
Data Radio Bearer-10
GTP-U-10 GTP-U-10
CK CK
UE eNB SGW PGW
Encrypted Info
ASME Access Security Management Entity (MME)
CK, IK Ciphering Key, Integrity Protection Key
Integrity Protected
Irfan Ali
Irfan Ali
Info
7 7
8. LTE Key Hierarchy
USIM / AuC K
CK, IK
UE / HSS
KASME
UE / MME
• ASME = Access
Security KNASenc KNASint
Management KeNB / NH
Entity, located
at the MME UE / eNB
KUPenc KRRCint KRRCenc
Irfan Ali
Irfan Ali 8 8
9. Identity Protection
• The two permanent identities of UE are:
IMSI (subscriber identity)
• Seldom send over the air (only during attach, if no other valid
temporary ID is present in the UE).
• Temporary identities used instead (S-TMSI, GUTI)
IMEI (hardware identity)
• Only sent to MME (in NAS), not to eNB.
• Sent only after NAS security is setup (i.e encrypted and
integrity protected).
Irfan Ali
Irfan Ali
S-TMSI
GUTI
System architecture evolution Temporary Mobile Subscriber Identity
9 9
Globally Unique Temporary Identity
10. General Security Characteristics
• Use of UMTS AKA (Authentication and Key Agreement) procedure
• Use of 128-bit keys truncated from generated 256-bit keys
• Ciphering Algorithms (AS and NAS):
0 = Null;
1= SNOW 3G;
2 = AES Rel-8 UE is required to
• Integrity Algorithms (AS, NAS): support these algorithms
1= SNOW 3G;
2 = AES
• Access Stratum (AS), between eNB and UE:
Ciphering applicable to both user traffic and RRC-level signaling traffic.
Integrity protection applicable only to RRC-level signaling traffic. Integrity information is ciphered.
Located at the PDCP sublayer in both eNB and UE
• Non-Access Stratum (NAS), between MME and UE:
Ciphering and Integrity of NAS messages, independent of the AS security
• Keys change at every intra-E-UTRAN handover, including intra-eNB handovers.
Irfan Ali
Irfan Ali 10 10 AES Advanced Encryption Standard
11. LTE AKA
SQN AUTN RAND UE MME HSS
SQN K RAND
Authentication data request
(IMSI, VPLMN, Network
USIM K
Type = E-UTRAN)
Function
Generate authentication
CK vectors AV(1..n)
RES
XRES
IK CK
RAND
SQN VPLMN Authentication data AUTN IK
response AV RAND
SQN VPLMN
IMSI
Store authentication vectors AV(1..n)
IMSI
KDF
Select authentication vector AV KDF
Kasme User authentication request
RAND || AUTN
Kasme
Verify AUTN
Compute RES AV AUTN, RAND, XRES, Kasme
User authentication response
RES
Compre RES and XRES
AKA Authentication and Key Agreement
AUTN Authentication TokeN
Security Mode
GUTI Globally Unique Temporary Identity
Command Used to
KSI Key Set Identifier
Derive NAS keys from
Kasme
Irfan Ali
Irfan Ali 11 11
12. User authentication function in the USIM
RAND AUTN
f5 SQN AK AMF MAC
AK
SQN
K
f1 f2 f3 f4
XMAC RES CK IK
Verify MAC = XMAC • USIM keeps track of last SQN received, SQNms
• USIM only accepts a sequence number from HSS if
|SQN – SQNms | < ∆
Verify that SQN is in the correct range
AUTN Authentication TokeN
AMF Authentication management field
SQN Sequence Number
AK Anonymity Key
MAC Message Authentication Code
Irfan Ali
Irfan Ali 12 12
13. Overview of NAS and AS Security negotiations
UE eNB MME-1 HSS
EPS-AKA EPS-AKA
Partial EPS Partial EPS
native Context. native
Context
NAS- Security Mode Command (SMC)
NAS Security Algorithms decided here
Full EPS Full EPS
native native
Context Context
Current
Kasme, KSImme eKSI Kasme Current
UE’s security Capability
AS-SMC
AS Security Algorithms decided here
AS Keys AS Keys
ASME Access Security Management Entity (MME)
Irfan Ali
Irfan Ali 13 13 KSI Key Set Identifier
14. Negotiation of NAS/AS Enc & Inc Algorithm
ME provides support of different EPS encryption (EEA) and integrity
protection (EIA) algorithm support as part of “UE Network Capability”
IE.
• The same set of ciphering and integrity algorithms shall be supported by
the UE both for AS and NAS level
The eNB and MME are configured with a prioritized list of EEA and
EIA algorithms to use. Eg
• Priority-0 EIA2
• Priority-1: EIA1
eNB/MME selects first intersection of configured algorithm with UE’s
capability.
NAS and AS security algorithms can be different.
Irfan Ali
Irfan Ali 14 14
15. Power-off/Power-on issue
• Power-off
The objective is to store a fully valid native EPS security
context, preferably in USIM otherwise in non-volatile
memory of the ME.
• Power-on
Retrieve a “valid” EPS security context either from (a)
USIM, or (b) if-not from ME non-volatile memory. This
becomes the current EPS security context.
If no valid EPS security context can be retrieved, UE
signals to MME in attach that it has “no valid keys”.
Irfan Ali
Irfan Ali 15 15
16. UE Performs attach – Part 1 of 3
Internet
UE PGW
eNB MME SGW
RACH
1. Random Access Preamble Random Access
Procedure
DL-SCH: Common CC
2. Random Access
Preamble
UL-SCH: SRB0
3. RRC Connection
Request
RRC Setup
DL-SCH: Common CC
Procedure
4. RRC Connection Setup
UL-SCH: SRB1
5. RRC Connection Complete
NAS Msg: Attach
Request IMSI
NAS Msg PDN
Connect Req
Irfan Ali
Irfan Ali 16 16
17. UE Performs Attach – Part 2 of 3
HSS
UE eNB MME SGW
Encryption PGW
+ Integrity
Interne
eNB selects
MME Protection Algorithm
support
NAS MSG: Attach S1-MME
Request, IMSI, UE S6a
Network Capability 6. Initial UE Message 7. Auth Info Request
NAS MSG: Attach IMSI, VPLMN,Net=EUTRAN
Request, IMSI, UE
Network Capability 8. Auth Info Answer
NAS Msg PDN Kasme, AUTN, RAND,XRES
DL-SCH:CCH SRB1 Connect Req User
Authentication
10. DL Info Xfer 9. DL NAS Xport Procedure
Authn Request: Authn Request MME Compares
AUTN, RAND, eKSI RES with XRES.
If same, AKA
11. UL Info Transport successful
12. UL NAS Xport
Authn Response
Authn Response:
RES
UL-SCH: SRB1
DL-SCH:CCH SRB1
13. DL NAS Xport
14. DL Info Transport SMC: eKSI, NAS Algo, NAS Security Setup
Security Mode Command UE Security Capability Procedure
15. UL Info Transport
16. UL NAS Xport
Security Mode
SMC Complete
Complete 17. Location Update Request
UL-SCH: SRB1 IMSI, … Authorization
NAS Security
18. Location Update Response
Subscription Data
MME
Irfan Ali
Irfan Ali 17 UE
authorizes17