SlideShare une entreprise Scribd logo

LTE :Mobile Network Security

Satish Chavan
Satish Chavan

LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.

Technologie
1  sur  29
Télécharger pour lire hors ligne
LTE :Mobile Network Security Satish Chavan satchavan@gmail.com
Introduction LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP- spoofing, data and service theft, DDoS attacks and numerous other variants of cyber- attacks and crimes. LTE architecture was developed by 3GPP taking into consideration security principles right from its inception and design based on five security feature groups. 1. Network access security, to provide a secure access to the service by the user. 2. Network domain security, to protect the network elements and secure the signalling and user data exchange. 3. User domain security, to control the secure access to mobile stations 4. Application domain security, to establish secure communications over the application layer 5. Visibility and configuration of security, bring the opportunity for the user to check if the security features are in operation.
Introduction-2 I. Network Access Security These security features facilitates the UEs for the secure access to EPC and protects possible attacks on radio link through integrity protection and ciphering between the USIM, ME, EUTRAN and entities of EPC (both serving networks and home networks). II. Network domain security The set of security features protects possible attack on wire line networks and enables the data exchange in secure manner. III. User domain security The mutual authentication of USIM and ME is supported using a secret PIN before they can access each other. IV. Application level security These are the set of security features that enables the application in UE and the service provider domain for the secure exchange of messages. V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non 3GPP access networks and provide security protection on the access link.
LTE architecture model has been divided into the following network segments: LTELTE architecture model 1. User equipment (UE), 2. Access, 3. Evolved Packet Core Transport 4. Service network LTE security architecture
Key security threats/risks LTE security requirements are very different from UMTS. An LTE security gateway solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also provide SCTP firewall functions to protect the mobile packet core from signaling storms and man in the middle attacks. Key security threats/risks: 1. Distributed network and open architecture 2. Complex business models (IS/Service sharing) 3. Decentralized accountability for security 4. Minimizing security spend Preventative measures: 1. Interoperability standards 2. Strong partner agreement 3. Security audits with remediation commitments 4. Security Budget
LTENetwork segments wise risk and measures-1 Network segments Key risks ,Security threats Preventative measures User Equipment (UE) subscriber entry points into the LTE network 1. Physical attacks 2. Risk of data loss, privacy 3. Lack of security standards & controls on UEs 4. Application layer: virus, malware, phishing 1. Subscriber education 2. Antivirus 3. Industry security standards & controls on UE 4. Strong authentication, authorization, encryption Access interconnection between UE and EUTRAN. 1. Physical attacks 2. Rogue eNodeBs 3. Eavesdropping, Redirection, MitM attacks, DoS 4. Privacy 1. Physical security 2. Authentication, authorization, encryption 3. Network monitoring, IPS systems 4. Security Architecture
LTE Network segments Key risks ,Security threats Preventative measures Core (EPC)/Transport manages user authentication, authorization and accounting (AAA), IP address allocation, mobility , charging, QoS and security 1. Unauthorized access 2. DoS and DDoS attacks 3. Overbilling attacks (IP address hijacking, IP spoofing) 1. Security Architecture: VPNs, VLANs 2. Encryption, IKE/ IPSec 3. Network monitoring, management and load balancing Service Network Security management in IMS is particularly important 1. Unauthorised access 2. Service abuse attacks, Theft of service 3. Network snoop, session hijacking 1. Border Security 2. Strong authentication 3. Enable security protocols 4. Implement Security Gateways Network segments wise risk and measures-2
Attack type Trigger and impact DDoS The target network is flooded by traffic from multiple sources. Ping flood A large volume of ping packets causes a network to crash. In a “ping of death,” malformed ping requests are used. SYN flood The attacker sends a high number of TCP/SYN packets, which the network accepts as connection requests and which overwhelm the network. Replay attack The attacker intercepts legitimate signaling traffic and retransmits it until the network is overwhelmed. SQL injection The attacker sends malicious commands in statements to a SQL database to make unauthorized changes to the database or to get a copy of the data. DNS hijacking The attacker redirects DNS queries to a rogue DNS server. IP port scans The attacker scans network elements for active ports and exploits their vulnerabilities. Attack type,Trigger and impact
Legacy Network IP Based network Mobile Devices Voice-based network, Limited data capabilities: easier for operators to control. Data-centric devices, visible from the internet: increased vulnerability, more entry points, less control. Equipment Expensive RAN equipment, large form factor: difficult to buy or operate a rogue base station. Femto cells, small cells and Wi-Fi hotspots: Easier and cheaper provide an entry point to the mobile network. Network architecture Proprietary, Hierarchical/Close networks Difficult to penetrate, Easier to protect. Flat networks, More connections among elements Porous easier to penetrate. Signaling SS7: Closed signaling environment, Difficult to penetrate. Diameter: IP increases mobile networks vulnerability to security threats. Applications Few applications available or used limited entry points to devices. Applications in a fragmented is difficult to control Misc / Economic /security targets. Billing fraud Limited use of cellular networks for M2M applications. Access to corporations and government. M2M unmonitored devices difficult to protect without stricter security requirements. Transition to IP-based mobile networks
Preventative measures - Security audits -1 Audit Main Point GTP •  Endpoint discovery •  Illegal connection/association establishment –  User identity impersonation –  Fuzzing •  Leak of user traffic 1. to Core Network (EPC) 2. to LTE RAN X2AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM
LTEPreventative measures - Security audits -2 Audit Audit Point S1AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM –  NAS injection LTE EPC DNS Audit •  EPC DNS is important •  EPC DNS scanner •  Close to GRX / IMS
security approach LTESecurity Approach • First Level Router-based Security Protection for all attacks • Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the receiving network. The Router can provide DoS protection for the connected network using rate limiting to prevent performance-impacting overload ofthe network and services. 1 • Second Level Firewall-based Security Inner Layer Protection • Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP) inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet inspection supports both stateful signatures and protocol anomalies. 2 • Third Level Host Security Protection for smartest attacks • Network devices including packet gateways, application nodes provide further access control measures. using identification, authentication and authorization mechanisms. Node hardening’. This includes measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol (BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and management. 3
LTENetwork Element & IP Network Security Measures Network Security Measures • Network elements designed and implemented with security and comply with the 3GPP recommendations. • Network element security architecture. • Network element hardening and security testing. • Threat and risk analysis per network element. • Security audit, Timely patch and hardware upgradation. • Security vulnerability and performance monitoring. • Authorized site access. IP Network Security Measures • Secure operation and maintenance process. • Perimeter security and Traffic separation • IPsec used to be mandatory for core network.
LTEOM Security Measures OM Security functions in the system Measures 1. The log and security alarm function monitors the security of the whole system and reports the security information to the management system. 2. The user authentication and access control function controls the user access to avoid access of invalid users. 3. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB. – Digital Signature of Software is used to ensure software integrity and reliability – An eNodeB can be deployed using a Secured USB storage device – Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like operating systems are corrupted, backup data can be used to restore the system. 4. The OM channel security ensures security for the channel between EMS equipment and the NEs. – Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer – NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time
LTEeNodeB Security architechture
LTEeNodeB Security
LTEeNodeB Security •Performs the crypto specified for radio interface and backhaul link •Access to the cleartext in the user plane •Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the core, detach mobiles, discard traffic • 3GPP requires a secure environment inside the eNB • Stores keys, executes crypto, helps to secure boot • Preserves integrity and confidentiality of its content • Authorized access
TENetwork Access Security 1 Network access security protects the mobile’s communications with the network across the air interface, which is the most vulnerable part of the system. Using four main techniques 1. Authentication 2. Confidentiality 3. Ciphering 4. Integrity protection • Authentication - Evolved packet core (EPC) network and mobile confirm each other’s identities the confirms that the user is authorized to use the network’s services and is not using a cloned device. Mobile confirms that the network is genuine and is not a spoof network set up to steal the user’s personal data
LTENetwork Access Security-2 • Confidentiality- protects the user’s identity International mobile subscriber identity (IMSI) is one of the quantities that an intruder needs to clone a mobile so LTE avoids broadcasting it across the air interface wherever possible instead, the network identifies the user by means of temporary identities. EPC knows the MME pool area that the mobile is in during paging, then it uses the 40 bit STMSI otherwise (during the attach procedure) it uses the longer GUTI (Globally Unique Temporary ID) similarly, the radio access network uses the radio network temporary identifiers (RNTIs)
LTENetwork Access Security-3 •Ciphering also known as encryption, ensures that intruders cannot read the data and signaling messages that the mobile and network exchange. The packet data convergence protocol (PDCP) ciphers data and signaling messages in the air interface access stratum, while the EMM protocol ciphers signaling messages in the non access stratum • Integrity protection detects any attempt by an intruder to replay or modify signaling messages. Protects the system against problems such as man- in-the-middle attacks, in which an intruder intercepts a sequence of signaling messages and modifies and re-transmits them, in an attempt to take control of the mobile.
Authentication and key agreement procedure
Diagram for Authentication and key generation http://www.3glteinfo.com/lte-security-architecture/
LTEEPS Key Hierarchy and Radio Interface Security Keys and Key Hierarchy In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the MME and permanent master key is stored in the AuC. This approach provides the following advantages. 1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one key does not deduce the second one. 2. The system is improved by providing key freshness and it is possible to renew the keys used in security mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio interface and also the home network is not involved every time. This introduces a security versus complexity trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity which was not true in 3G. The base station eNB stores another key KeNB and the addition of KeNB makes it possible to renew keys for protection of radio access without involving MME.
LTEKey Derivations The hierarchy contains one root key (K), several intermediate keys such as CK, IK etc. and a set of leaf keys [5]. The purpose of the different keys are explained below. 1. K is a random bit string and it is a subscriber specific master key stored in USIM and AuC. 2. CK and IK are 128 bit keys derived from K using additional input parameters. 3. KASME is derived from CK and IK using two additional parameters, the serving network id and bitwise sum of two additional parameters (SQN and AK from the EPS AKA procedure). The KASME serves as local master key. 4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure that each new key KeNB derived differs from the earlier key. 5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for the initial NH derivation or previous NH as an additional input. 6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed and others may remain same.
LTEEPS Key Hierarchy
LTEConclusion How to Secure an LTE-Network? •Comply with the 3GPP recommendations . •IP network security mechanisms and recommendations . •Network elements designed and implemented with security . •Fraud management and tools. •Regular security Audit, Performance and Traffic trend report . •Monitor network element keeping security points in mind. Security is a ongoing and never ending process!
LTEAbbreviations 3GPP 3. Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key eNB Evolved Node B enc Encryption EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunneling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System Int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RA Registration Authority RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecomunication System UP User Plane USIM UMTS Subscriber Identity Module
LTEReferences •3rd Generation Partnership Project, http://www.3gpp.org/ •Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document •ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper •Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha Bhasker •White Paper The Security Vulnerabilities of LTE: Risks for Operators •White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting •http://www.3glteinfo.com/lte-security-architecture/ •https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf
LTE

Recommandé

Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing3G4G
 
LTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionLTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionGuisun Han
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
Intermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular NetworksIntermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular Networks3G4G
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G securityRanjitUpadhyay4
 
5G Network Architecture and FMC
5G Network Architecture and FMC5G Network Architecture and FMC
5G Network Architecture and FMCITU
 
5G NR parameters
5G NR parameters5G NR parameters
5G NR parametersSasi Reddy
 

Recommandé

Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing3G4G
 
LTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionLTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionGuisun Han
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
Intermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular NetworksIntermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular Networks3G4G
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G securityRanjitUpadhyay4
 
5G Network Architecture and FMC
5G Network Architecture and FMC5G Network Architecture and FMC
5G Network Architecture and FMCITU
 
5G NR parameters
5G NR parameters5G NR parameters
5G NR parametersSasi Reddy
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
UMTS, Introduction.
UMTS, Introduction.UMTS, Introduction.
UMTS, Introduction.Mateen Shahid
 
Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel Eiko Seidel
 
LTE Radio Overview: Downlink
LTE Radio Overview: DownlinkLTE Radio Overview: Downlink
LTE Radio Overview: Downlinkaliirfan04
 
Lte channel
Lte channelLte channel
Lte channelAchmad Salsabil
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
lte channel types
lte channel typeslte channel types
lte channel typesavneesh7
 
Evolution of Core Networks
Evolution of Core NetworksEvolution of Core Networks
Evolution of Core NetworksSarp Köksal
 
LTE Architecture
LTE ArchitectureLTE Architecture
LTE ArchitectureManje Gowda
 
3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)3G4G
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8RUpaliLohar
 
MSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdfMSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdfssuseraab3a8
 
End-to-End QoS in LTE
End-to-End QoS in LTEEnd-to-End QoS in LTE
End-to-End QoS in LTERadisys Corporation
 
4g interview-question
4g interview-question4g interview-question
4g interview-questionManpreet Singh
 
5G Network Architecture Options
5G Network Architecture Options5G Network Architecture Options
5G Network Architecture Options3G4G
 
5 g core overview
5 g core overview5 g core overview
5 g core overviewHemraj Kumar
 
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdfKey Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdfssuser3be61c1
 
Utran architecture(rashmi)
Utran architecture(rashmi)Utran architecture(rashmi)
Utran architecture(rashmi)Dr. ABHISHEK K PANDEY
 
Lte attach-messaging
Lte attach-messagingLte attach-messaging
Lte attach-messagingPraveen Kumar
 
Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access NetworkSukhvinder Singh Malik
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho
 

Contenu connexe

Tendances

GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel Eiko Seidel
 
LTE Radio Overview: Downlink
LTE Radio Overview: DownlinkLTE Radio Overview: Downlink
LTE Radio Overview: Downlinkaliirfan04
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
lte channel types
lte channel typeslte channel types
lte channel typesavneesh7
 
Evolution of Core Networks
Evolution of Core NetworksEvolution of Core Networks
Evolution of Core NetworksSarp Köksal
 
LTE Architecture
LTE ArchitectureLTE Architecture
LTE ArchitectureManje Gowda
 
3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)3G4G
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8RUpaliLohar
 
MSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdfMSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdfssuseraab3a8
 
5G Network Architecture Options
5G Network Architecture Options5G Network Architecture Options
5G Network Architecture Options3G4G
 
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdfKey Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdfssuser3be61c1
 
Lte attach-messaging
Lte attach-messagingLte attach-messaging
Lte attach-messagingPraveen Kumar
 

Tendances (20)

GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS Security
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
 
UMTS, Introduction.
UMTS, Introduction.UMTS, Introduction.
UMTS, Introduction.
 
Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel Overview 5G NR Radio Protocols by Intel
Overview 5G NR Radio Protocols by Intel
 
LTE Radio Overview: Downlink
LTE Radio Overview: DownlinkLTE Radio Overview: Downlink
LTE Radio Overview: Downlink
 
Lte channel
Lte channelLte channel
Lte channel
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
lte channel types
lte channel typeslte channel types
lte channel types
 
Evolution of Core Networks
Evolution of Core NetworksEvolution of Core Networks
Evolution of Core Networks
 
LTE Architecture
LTE ArchitectureLTE Architecture
LTE Architecture
 
3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)3GPP SON Series: Minimization of Drive Testing (MDT)
3GPP SON Series: Minimization of Drive Testing (MDT)
 
Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8Gsm security algorithms A3 , A5 , A8
Gsm security algorithms A3 , A5 , A8
 
MSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdfMSC(-S) R12 configuration (2).pdf
MSC(-S) R12 configuration (2).pdf
 
End-to-End QoS in LTE
End-to-End QoS in LTEEnd-to-End QoS in LTE
End-to-End QoS in LTE
 
4g interview-question
4g interview-question4g interview-question
4g interview-question
 
5G Network Architecture Options
5G Network Architecture Options5G Network Architecture Options
5G Network Architecture Options
 
5 g core overview
5 g core overview5 g core overview
5 g core overview
 
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdfKey Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
Key Factors that affect 5G Throughput, Possible Causes and Ways to optimize.pdf
 
Utran architecture(rashmi)
Utran architecture(rashmi)Utran architecture(rashmi)
Utran architecture(rashmi)
 
Lte attach-messaging
Lte attach-messagingLte attach-messaging
Lte attach-messaging
 

En vedette

4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Mohamed Tharwat Waheed
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerationsMary McEvoy Carroll
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Netshmatthews1
 

En vedette (6)

Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access Network
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)
 
4g security presentation
4g security presentation4g security presentation
4g security presentation
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerations
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
 

Similaire à LTE :Mobile Network Security

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network securityAnkit Anand
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesIRJET Journal
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docxballolliemin
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmzBaha Rababah
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET Journal
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
 
Wireless security
Wireless securityWireless security
Wireless securitySalma Elhag
 
IRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET Journal
 

Similaire à LTE :Mobile Network Security (20)

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense Techniques
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
 
Network Security
Network SecurityNetwork Security
Network Security
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmz
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
Wireless security
Wireless securityWireless security
Wireless security
 
IRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN SecurityIRJET- Coordinates based Keying Scheme for WSN Security
IRJET- Coordinates based Keying Scheme for WSN Security
 

Plus de Satish Chavan

Carrier grade wi fi integration architecture
Carrier grade wi fi integration architectureCarrier grade wi fi integration architecture
Carrier grade wi fi integration architectureSatish Chavan
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations centerSatish Chavan
 
Network function virtualization
Network function virtualizationNetwork function virtualization
Network function virtualizationSatish Chavan
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stackSatish Chavan
 
Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator Satish Chavan
 

Plus de Satish Chavan (6)

Internet of things
Internet of thingsInternet of things
Internet of things
 
Carrier grade wi fi integration architecture
Carrier grade wi fi integration architectureCarrier grade wi fi integration architecture
Carrier grade wi fi integration architecture
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
 
Network function virtualization
Network function virtualizationNetwork function virtualization
Network function virtualization
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
 
Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator
 

Dernier

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Dernier (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

LTE :Mobile Network Security

  • 1. LTE :Mobile Network Security Satish Chavan satchavan@gmail.com
  • 2. Introduction LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP- spoofing, data and service theft, DDoS attacks and numerous other variants of cyber- attacks and crimes. LTE architecture was developed by 3GPP taking into consideration security principles right from its inception and design based on five security feature groups. 1. Network access security, to provide a secure access to the service by the user. 2. Network domain security, to protect the network elements and secure the signalling and user data exchange. 3. User domain security, to control the secure access to mobile stations 4. Application domain security, to establish secure communications over the application layer 5. Visibility and configuration of security, bring the opportunity for the user to check if the security features are in operation.
  • 3. Introduction-2 I. Network Access Security These security features facilitates the UEs for the secure access to EPC and protects possible attacks on radio link through integrity protection and ciphering between the USIM, ME, EUTRAN and entities of EPC (both serving networks and home networks). II. Network domain security The set of security features protects possible attack on wire line networks and enables the data exchange in secure manner. III. User domain security The mutual authentication of USIM and ME is supported using a secret PIN before they can access each other. IV. Application level security These are the set of security features that enables the application in UE and the service provider domain for the secure exchange of messages. V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non 3GPP access networks and provide security protection on the access link.
  • 4. LTE architecture model has been divided into the following network segments: LTELTE architecture model 1. User equipment (UE), 2. Access, 3. Evolved Packet Core Transport 4. Service network LTE security architecture
  • 5. Key security threats/risks LTE security requirements are very different from UMTS. An LTE security gateway solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also provide SCTP firewall functions to protect the mobile packet core from signaling storms and man in the middle attacks. Key security threats/risks: 1. Distributed network and open architecture 2. Complex business models (IS/Service sharing) 3. Decentralized accountability for security 4. Minimizing security spend Preventative measures: 1. Interoperability standards 2. Strong partner agreement 3. Security audits with remediation commitments 4. Security Budget
  • 6. LTENetwork segments wise risk and measures-1 Network segments Key risks ,Security threats Preventative measures User Equipment (UE) subscriber entry points into the LTE network 1. Physical attacks 2. Risk of data loss, privacy 3. Lack of security standards & controls on UEs 4. Application layer: virus, malware, phishing 1. Subscriber education 2. Antivirus 3. Industry security standards & controls on UE 4. Strong authentication, authorization, encryption Access interconnection between UE and EUTRAN. 1. Physical attacks 2. Rogue eNodeBs 3. Eavesdropping, Redirection, MitM attacks, DoS 4. Privacy 1. Physical security 2. Authentication, authorization, encryption 3. Network monitoring, IPS systems 4. Security Architecture
  • 7. LTE Network segments Key risks ,Security threats Preventative measures Core (EPC)/Transport manages user authentication, authorization and accounting (AAA), IP address allocation, mobility , charging, QoS and security 1. Unauthorized access 2. DoS and DDoS attacks 3. Overbilling attacks (IP address hijacking, IP spoofing) 1. Security Architecture: VPNs, VLANs 2. Encryption, IKE/ IPSec 3. Network monitoring, management and load balancing Service Network Security management in IMS is particularly important 1. Unauthorised access 2. Service abuse attacks, Theft of service 3. Network snoop, session hijacking 1. Border Security 2. Strong authentication 3. Enable security protocols 4. Implement Security Gateways Network segments wise risk and measures-2
  • 8. Attack type Trigger and impact DDoS The target network is flooded by traffic from multiple sources. Ping flood A large volume of ping packets causes a network to crash. In a “ping of death,” malformed ping requests are used. SYN flood The attacker sends a high number of TCP/SYN packets, which the network accepts as connection requests and which overwhelm the network. Replay attack The attacker intercepts legitimate signaling traffic and retransmits it until the network is overwhelmed. SQL injection The attacker sends malicious commands in statements to a SQL database to make unauthorized changes to the database or to get a copy of the data. DNS hijacking The attacker redirects DNS queries to a rogue DNS server. IP port scans The attacker scans network elements for active ports and exploits their vulnerabilities. Attack type,Trigger and impact
  • 9. Legacy Network IP Based network Mobile Devices Voice-based network, Limited data capabilities: easier for operators to control. Data-centric devices, visible from the internet: increased vulnerability, more entry points, less control. Equipment Expensive RAN equipment, large form factor: difficult to buy or operate a rogue base station. Femto cells, small cells and Wi-Fi hotspots: Easier and cheaper provide an entry point to the mobile network. Network architecture Proprietary, Hierarchical/Close networks Difficult to penetrate, Easier to protect. Flat networks, More connections among elements Porous easier to penetrate. Signaling SS7: Closed signaling environment, Difficult to penetrate. Diameter: IP increases mobile networks vulnerability to security threats. Applications Few applications available or used limited entry points to devices. Applications in a fragmented is difficult to control Misc / Economic /security targets. Billing fraud Limited use of cellular networks for M2M applications. Access to corporations and government. M2M unmonitored devices difficult to protect without stricter security requirements. Transition to IP-based mobile networks
  • 10. Preventative measures - Security audits -1 Audit Main Point GTP •  Endpoint discovery •  Illegal connection/association establishment –  User identity impersonation –  Fuzzing •  Leak of user traffic 1. to Core Network (EPC) 2. to LTE RAN X2AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM
  • 11. LTEPreventative measures - Security audits -2 Audit Audit Point S1AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM –  NAS injection LTE EPC DNS Audit •  EPC DNS is important •  EPC DNS scanner •  Close to GRX / IMS
  • 12. security approach LTESecurity Approach • First Level Router-based Security Protection for all attacks • Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the receiving network. The Router can provide DoS protection for the connected network using rate limiting to prevent performance-impacting overload ofthe network and services. 1 • Second Level Firewall-based Security Inner Layer Protection • Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP) inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet inspection supports both stateful signatures and protocol anomalies. 2 • Third Level Host Security Protection for smartest attacks • Network devices including packet gateways, application nodes provide further access control measures. using identification, authentication and authorization mechanisms. Node hardening’. This includes measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol (BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and management. 3
  • 13. LTENetwork Element & IP Network Security Measures Network Security Measures • Network elements designed and implemented with security and comply with the 3GPP recommendations. • Network element security architecture. • Network element hardening and security testing. • Threat and risk analysis per network element. • Security audit, Timely patch and hardware upgradation. • Security vulnerability and performance monitoring. • Authorized site access. IP Network Security Measures • Secure operation and maintenance process. • Perimeter security and Traffic separation • IPsec used to be mandatory for core network.
  • 14. LTEOM Security Measures OM Security functions in the system Measures 1. The log and security alarm function monitors the security of the whole system and reports the security information to the management system. 2. The user authentication and access control function controls the user access to avoid access of invalid users. 3. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB. – Digital Signature of Software is used to ensure software integrity and reliability – An eNodeB can be deployed using a Secured USB storage device – Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like operating systems are corrupted, backup data can be used to restore the system. 4. The OM channel security ensures security for the channel between EMS equipment and the NEs. – Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer – NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time
  • 17. LTEeNodeB Security •Performs the crypto specified for radio interface and backhaul link •Access to the cleartext in the user plane •Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the core, detach mobiles, discard traffic • 3GPP requires a secure environment inside the eNB • Stores keys, executes crypto, helps to secure boot • Preserves integrity and confidentiality of its content • Authorized access
  • 18. TENetwork Access Security 1 Network access security protects the mobile’s communications with the network across the air interface, which is the most vulnerable part of the system. Using four main techniques 1. Authentication 2. Confidentiality 3. Ciphering 4. Integrity protection • Authentication - Evolved packet core (EPC) network and mobile confirm each other’s identities the confirms that the user is authorized to use the network’s services and is not using a cloned device. Mobile confirms that the network is genuine and is not a spoof network set up to steal the user’s personal data
  • 19. LTENetwork Access Security-2 • Confidentiality- protects the user’s identity International mobile subscriber identity (IMSI) is one of the quantities that an intruder needs to clone a mobile so LTE avoids broadcasting it across the air interface wherever possible instead, the network identifies the user by means of temporary identities. EPC knows the MME pool area that the mobile is in during paging, then it uses the 40 bit STMSI otherwise (during the attach procedure) it uses the longer GUTI (Globally Unique Temporary ID) similarly, the radio access network uses the radio network temporary identifiers (RNTIs)
  • 20. LTENetwork Access Security-3 •Ciphering also known as encryption, ensures that intruders cannot read the data and signaling messages that the mobile and network exchange. The packet data convergence protocol (PDCP) ciphers data and signaling messages in the air interface access stratum, while the EMM protocol ciphers signaling messages in the non access stratum • Integrity protection detects any attempt by an intruder to replay or modify signaling messages. Protects the system against problems such as man- in-the-middle attacks, in which an intruder intercepts a sequence of signaling messages and modifies and re-transmits them, in an attempt to take control of the mobile.
  • 21. Authentication and key agreement procedure
  • 22. Diagram for Authentication and key generation http://www.3glteinfo.com/lte-security-architecture/
  • 23. LTEEPS Key Hierarchy and Radio Interface Security Keys and Key Hierarchy In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the MME and permanent master key is stored in the AuC. This approach provides the following advantages. 1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one key does not deduce the second one. 2. The system is improved by providing key freshness and it is possible to renew the keys used in security mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio interface and also the home network is not involved every time. This introduces a security versus complexity trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity which was not true in 3G. The base station eNB stores another key KeNB and the addition of KeNB makes it possible to renew keys for protection of radio access without involving MME.
  • 24. LTEKey Derivations The hierarchy contains one root key (K), several intermediate keys such as CK, IK etc. and a set of leaf keys [5]. The purpose of the different keys are explained below. 1. K is a random bit string and it is a subscriber specific master key stored in USIM and AuC. 2. CK and IK are 128 bit keys derived from K using additional input parameters. 3. KASME is derived from CK and IK using two additional parameters, the serving network id and bitwise sum of two additional parameters (SQN and AK from the EPS AKA procedure). The KASME serves as local master key. 4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure that each new key KeNB derived differs from the earlier key. 5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for the initial NH derivation or previous NH as an additional input. 6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed and others may remain same.
  • 26. LTEConclusion How to Secure an LTE-Network? •Comply with the 3GPP recommendations . •IP network security mechanisms and recommendations . •Network elements designed and implemented with security . •Fraud management and tools. •Regular security Audit, Performance and Traffic trend report . •Monitor network element keeping security points in mind. Security is a ongoing and never ending process!
  • 27. LTEAbbreviations 3GPP 3. Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key eNB Evolved Node B enc Encryption EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunneling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System Int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RA Registration Authority RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecomunication System UP User Plane USIM UMTS Subscriber Identity Module
  • 28. LTEReferences •3rd Generation Partnership Project, http://www.3gpp.org/ •Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document •ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper •Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha Bhasker •White Paper The Security Vulnerabilities of LTE: Risks for Operators •White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting •http://www.3glteinfo.com/lte-security-architecture/ •https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf
  • 29. LTE