LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.
2. Introduction
LTE is designed with strong cryptographic techniques, mutual authentication between
LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers
can target mobile devices and networks with spam, eavesdropping, malware, IP-
spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-
attacks and crimes.
LTE architecture was developed by 3GPP taking into consideration security principles
right from its inception and design based on five security feature groups.
1. Network access security, to provide a secure access to the service by the user.
2. Network domain security, to protect the network elements and secure the signalling and user
data exchange.
3. User domain security, to control the secure access to mobile stations
4. Application domain security, to establish secure communications over the application layer
5. Visibility and configuration of security, bring the opportunity for the user to check if the
security features are in operation.
3. Introduction-2
I. Network Access Security These security features facilitates
the UEs for the secure access to EPC and protects possible
attacks on radio link through integrity protection and
ciphering between the USIM, ME, EUTRAN and entities of EPC
(both serving networks and home networks).
II. Network domain security The set of security features protects
possible attack on wire line networks and enables the data
exchange in secure manner.
III. User domain security The mutual authentication of USIM and
ME is supported using a secret PIN before they can access
each other.
IV. Application level security These are the set of security features that enables the application in UE and the service
provider domain for the secure exchange of messages.
V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non
3GPP access networks and provide security protection on the access link.
4. LTE architecture model has been divided into the following network segments:
LTELTE architecture model
1. User equipment (UE),
2. Access,
3. Evolved Packet Core Transport
4. Service network
LTE security architecture
5. Key security threats/risks
LTE security requirements are very different from UMTS. An LTE security gateway
solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also
provide SCTP firewall functions to protect the mobile packet core from signaling storms
and man in the middle attacks.
Key security threats/risks:
1. Distributed network and open architecture
2. Complex business models (IS/Service sharing)
3. Decentralized accountability for security
4. Minimizing security spend
Preventative measures:
1. Interoperability standards
2. Strong partner agreement
3. Security audits with remediation commitments
4. Security Budget
6. LTENetwork segments wise risk and measures-1
Network segments Key risks ,Security threats Preventative measures
User Equipment (UE)
subscriber entry
points into the LTE
network
1. Physical attacks
2. Risk of data loss, privacy
3. Lack of security standards &
controls on UEs
4. Application layer: virus, malware,
phishing
1. Subscriber education
2. Antivirus
3. Industry security standards &
controls on UE
4. Strong authentication,
authorization, encryption
Access
interconnection
between UE and
EUTRAN.
1. Physical attacks
2. Rogue eNodeBs
3. Eavesdropping, Redirection, MitM
attacks, DoS
4. Privacy
1. Physical security
2. Authentication, authorization,
encryption
3. Network monitoring, IPS
systems
4. Security Architecture
7. LTE
Network segments Key risks ,Security threats Preventative measures
Core (EPC)/Transport
manages user
authentication,
authorization and
accounting (AAA), IP
address allocation,
mobility , charging, QoS
and security
1. Unauthorized access
2. DoS and DDoS attacks
3. Overbilling attacks (IP address
hijacking, IP spoofing)
1. Security Architecture: VPNs,
VLANs
2. Encryption, IKE/ IPSec
3. Network monitoring,
management and load
balancing
Service Network
Security management in
IMS is particularly
important
1. Unauthorised access
2. Service abuse attacks, Theft of
service
3. Network snoop, session hijacking
1. Border Security
2. Strong authentication
3. Enable security protocols
4. Implement Security Gateways
Network segments wise risk and measures-2
8. Attack type Trigger and impact
DDoS The target network is flooded by traffic from multiple sources.
Ping flood
A large volume of ping packets causes a network
to crash. In a “ping of death,” malformed ping
requests are used.
SYN flood
The attacker sends a high number of TCP/SYN
packets, which the network accepts as
connection requests and which overwhelm the
network.
Replay attack
The attacker intercepts legitimate signaling
traffic and retransmits it until the network is
overwhelmed.
SQL injection
The attacker sends malicious commands in
statements to a SQL database to make
unauthorized changes to the database or to get
a copy of the data.
DNS hijacking
The attacker redirects DNS queries to a rogue
DNS server.
IP port scans
The attacker scans network elements for active
ports and exploits their vulnerabilities.
Attack type,Trigger and impact
9. Legacy Network IP Based network
Mobile Devices
Voice-based network,
Limited data capabilities:
easier for operators to
control.
Data-centric devices,
visible from the internet:
increased vulnerability, more
entry points, less control.
Equipment
Expensive RAN
equipment, large form
factor: difficult to buy or
operate a rogue base
station.
Femto cells, small cells and
Wi-Fi hotspots:
Easier and cheaper provide
an entry point to the mobile
network.
Network architecture
Proprietary,
Hierarchical/Close networks
Difficult to penetrate,
Easier to protect.
Flat networks,
More connections among elements
Porous easier to penetrate.
Signaling SS7: Closed signaling environment,
Difficult to penetrate.
Diameter: IP increases mobile networks vulnerability to
security threats.
Applications
Few applications available or used
limited
entry points to devices.
Applications in a fragmented
is difficult to control
Misc / Economic
/security targets.
Billing fraud
Limited use of cellular networks for M2M
applications.
Access to corporations and
government.
M2M unmonitored devices difficult to protect without
stricter security requirements.
Transition to IP-based mobile networks
10. Preventative measures - Security audits -1
Audit Main Point
GTP • Endpoint discovery
• Illegal connection/association establishment
– User identity impersonation
– Fuzzing
• Leak of user traffic
1. to Core Network (EPC)
2. to LTE RAN
X2AP Audit • Endpoint discovery
• Illegal connection/association establishment
– Fuzzing
• Reverse engineering of proprietary extensions
• MITM
11. LTEPreventative measures - Security audits -2
Audit Audit Point
S1AP Audit • Endpoint discovery
• Illegal connection/association establishment
– Fuzzing
• Reverse engineering of proprietary extensions
• MITM
– NAS injection
LTE EPC DNS Audit • EPC DNS is important
• EPC DNS scanner
• Close to GRX / IMS
12. security approach LTESecurity Approach
• First Level Router-based Security Protection for all attacks
• Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the
receiving network. The Router can provide DoS protection for the connected network using rate limiting to
prevent performance-impacting overload ofthe network and services.
1
• Second Level Firewall-based Security Inner Layer Protection
• Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP)
inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS
attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet
inspection supports both stateful signatures and protocol anomalies.
2
• Third Level Host Security Protection for smartest attacks
• Network devices including packet gateways, application nodes provide further access control measures.
using identification, authentication and authorization mechanisms. Node hardening’. This includes
measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol
(BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and
clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and
management.
3
13. LTENetwork Element & IP Network Security Measures
Network Security Measures
• Network elements designed and implemented with security and comply with the 3GPP
recommendations.
• Network element security architecture.
• Network element hardening and security testing.
• Threat and risk analysis per network element.
• Security audit, Timely patch and hardware upgradation.
• Security vulnerability and performance monitoring.
• Authorized site access.
IP Network Security Measures
• Secure operation and maintenance process.
• Perimeter security and Traffic separation
• IPsec used to be mandatory for core network.
14. LTEOM Security Measures
OM Security functions in the system Measures
1. The log and security alarm function monitors the security of the whole system and reports
the security information to the management system.
2. The user authentication and access control function controls the user access to avoid access
of invalid users.
3. The OM system security protects the software and configuration data running on the eNodeB
to prevent invalid control over the eNodeB.
– Digital Signature of Software is used to ensure software integrity and reliability
– An eNodeB can be deployed using a Secured USB storage device
– Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like
operating systems are corrupted, backup data can be used to restore the system.
4. The OM channel security ensures security for the channel between EMS equipment and the
NEs.
– Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between
TCP layer and the application layer
– NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP
packets so that the validity of the reference time
17. LTEeNodeB Security
•Performs the crypto specified for radio interface and backhaul link
•Access to the cleartext in the user plane
•Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the
core, detach mobiles, discard traffic
• 3GPP requires a secure environment inside the eNB
• Stores keys, executes crypto, helps to secure boot
• Preserves integrity and confidentiality of its content
• Authorized access
18. TENetwork Access Security 1
Network access security protects the mobile’s communications with the network across
the air interface, which is the most vulnerable part of the system.
Using four main techniques
1. Authentication
2. Confidentiality
3. Ciphering
4. Integrity protection
• Authentication - Evolved packet core (EPC) network and mobile confirm each other’s
identities the confirms that the user is authorized to use the network’s services and is
not using a cloned device.
Mobile confirms that the network is genuine and is not a spoof network set up to
steal the user’s personal data
19. LTENetwork Access Security-2
• Confidentiality- protects the user’s identity
International mobile subscriber identity (IMSI) is
one of the quantities that an intruder needs to
clone a mobile so LTE avoids broadcasting it across
the air interface wherever possible instead, the
network identifies the user by means of temporary
identities.
EPC knows the MME pool area that the mobile is in
during paging, then it uses the 40 bit STMSI
otherwise (during the attach procedure) it uses the
longer GUTI (Globally Unique Temporary ID)
similarly, the radio access network uses the radio
network temporary identifiers (RNTIs)
20. LTENetwork Access Security-3
•Ciphering also known as encryption, ensures that
intruders cannot read the data and signaling messages
that the mobile and network exchange.
The packet data convergence protocol (PDCP) ciphers
data and signaling messages in the air interface access
stratum, while the EMM protocol ciphers signaling
messages in the non access stratum
• Integrity protection detects any attempt by an
intruder to replay or modify signaling messages.
Protects the system against problems such as man-
in-the-middle attacks, in which an intruder
intercepts a sequence of signaling messages and
modifies and re-transmits them, in an attempt to
take control of the mobile.
23. LTEEPS Key Hierarchy and Radio Interface Security
Keys and Key Hierarchy
In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for
various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the
subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the
MME and permanent master key is stored in the AuC. This approach provides the following advantages.
1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one
key does not deduce the second one.
2. The system is improved by providing key freshness and it is possible to renew the keys used in security
mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio
interface and also the home network is not involved every time. This introduces a security versus complexity
trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity
which was not true in 3G.
The base station eNB stores another key KeNB and the
addition of KeNB makes it possible to renew keys for
protection of radio access without involving MME.
24. LTEKey Derivations
The hierarchy contains one root key (K), several
intermediate keys such as CK, IK etc. and a set of leaf
keys [5]. The purpose of the different keys are explained
below.
1. K is a random bit string and it is a subscriber specific
master key stored in USIM and AuC.
2. CK and IK are 128 bit keys derived from K using
additional input parameters.
3. KASME is derived from CK and IK using two additional
parameters, the serving network id and bitwise sum of
two additional parameters (SQN and AK from the EPS
AKA procedure). The KASME serves as local master key.
4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure
that each new key KeNB derived differs from the earlier key.
5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for
the initial NH derivation or previous NH as an additional input.
6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key
hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very
easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed
and others may remain same.
26. LTEConclusion
How to Secure an LTE-Network?
•Comply with the 3GPP recommendations .
•IP network security mechanisms and recommendations .
•Network elements designed and implemented with security .
•Fraud management and tools.
•Regular security Audit, Performance and Traffic trend report .
•Monitor network element keeping security points in mind.
Security is a ongoing and never ending process!
27. LTEAbbreviations
3GPP 3. Generation Partnership Project
ASME Access Security Management Entity
AuC Authentication Centre
CA Certificate Authority
CMP Certificate Management Protocol
CK Cipher Key
eNB Evolved Node B
enc Encryption
EPC Evolved Packet Core
ePDG Evolved Packet Data Gateway
EPS Evolved Packet System
ESP Encapsulating Security Payload
GRX GPRS Roaming eXchange Network
GTP-C GPRS Tunneling Protocol - Control
GW Gateway
HeNB Home eNB
HNB Home Node B
HSS Home Subscriber Server
IK Integrity Key
IMS IP Multimedia System
Int Integrity
K Key
LEA Law Enforcement Agency
LI Lawful Interception
LTE Long Term Evolution
MME Mobility Management Entity
NAS Non Access Stratum
PCRF Policy and Charging Rules Function
PDN Packet Data Network
PKI Public Key Infrastructure
PLMN Public Land Mobile Network
RA Registration Authority
RRC Radio Resource Control
SAE System Architecture Evolution
SEG Security Gateway
SeGW Security Gateway
Serv.GW Serving Gateway
UMTS Universal Mobile Telecomunication System
UP User Plane
USIM UMTS Subscriber Identity Module
28. LTEReferences
•3rd Generation Partnership Project, http://www.3gpp.org/
•Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document
•ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper
•Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha
Bhasker
•White Paper The Security Vulnerabilities of LTE: Risks for Operators
•White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting
•http://www.3glteinfo.com/lte-security-architecture/
•https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf