SlideShare una empresa de Scribd logo

Netmanias.2012.08.22 [en] lte security i-security concept and authentication

son6971
son6971
TecnologíaNoticias y política
1 de 9
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication www.netmanias.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012NMC Consulting Group. All rights reserved. www.nmcgroups.com LTE Security I LTE Security Concept and LTE Authentication August 21, 2012 (Last Updated: August 22, 2012) NMC Consulting Group www.netmanias.com www.nmcgroups.com
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 2 Scope and Concept of LTE Security ❶ LTE Authentication  Mutual Authentication between UE and LTE Network (UE – MME – HSS) using EPS-AKA  Base Key: K  Derived Key: KASME ❷ NAS Security  Integrity Protection and Ciphering (Encryption) for NAS Signaling Message between UE and MME  Base Key: KASME  Derived Key: KNASint, KNASenc ❸ AS Security  Integrity Protection and Ciphering (Encryption) for RRC Signaling Message between UE and eNB  Base Key: KeNB  Derived Key: KRRCint, KRRCenc  Ciphering (Encryption) for User IP Packet between UE and eNB  Base key: KeNB  Derived key: KUPenc IP Packet Ciphering ① Mutual Authentication EPS Authentication Vectors (RAND, AUTN, XRES, KASME) KNASint/KNASenc KNASint/KNASenc KRRCint/KRRCenc KUPenc KRRCint/KRRCenc KUPenc RRC Signaling Integrity Protection/ Ciphering IMSI, LTE K IMSI, LTE K ② NAS Signaling Integrity Protection/ Ciphering KASME KASME KeNB KeNBUE eNB MME HSS 1 2 3 3 Mandatory Optional
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 3 Attach Request (IMSI, UE Network Capability, KSIASME=7) Authentication Information Request (IMSI, SN ID, Network Type) Authentication Information Answer (AVs (1...n)) Authentication Request (RAND, AUTNHSS, KSIASME=1) [not ciphered; not integrity protected] Authentication Response (RES) [not ciphered; not integrity protected] AS Security Mode Complete (MAC-I) [AS integrity protected] AS Security Mode Command (Ciphering Algorithm=EEA1, Integrity Algorithm=EIA1, MAC-I) [AS integrity protected] Attach Accept <Initial Context Setup Request> (UE Network Capability, KeNB) NAS Security Mode Command (KSIASME=1, Replayed UE Network Capability, NAS Ciphering Algorithm=EEA1, NAS Integrity Algorithm=EIA1, NAS-MAC) [NAS integrity protected] NAS Security Mode Complete (NAS-MAC) [NAS ciphered and integrity protected] Network(HSS) Authentication ( AUTNUE = AUTNHSS ) UE Authentication ( RES = XRES ) Authentication NAS Security Setup AS Security Setup Ciphered and Integrity Protected NAS Signaling Compute KeNB Ciphered and Integrity Protected RRC Signaling Ciphered User Plane (Data Plane) KNASenc, KNASint KRRCenc, KRRCint KUPenc KRRCenc, KRRCint KUPenc eNBUE MME HSS 1 2 3 LTE K RAND EPS AKA Algorithm AUTNUE RES KASME SQN SN ID LTE K RAND EPS AKA Algorithm AUTNHSS XRES KASME SQN SN ID Authentication Vector= (RAND, XRES, AUTNHSS, KASME) Select encryption/integrity algorithm KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher KNASenc, KNASint NAS Uplink Count KeNB KASME KDF Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc Select encryption/integrity algorithm NAS Uplink Count KeNB KASME KDF KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc LTE Security I - Authentication LTE Security II – NAS & AS Security Overview of LTE Security After Authentication  UE and MME share KASME After NAS Security Setup  UE and MME share NAS Security Key (KNASenc, KNASint) in Control Plane After AS Security Setup  UE and eNB share AS Security Key (KRRCenc, KRRCint) in Control Plan  UE and eNB share AS Security Key (KUPenc) in User Plan
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 4 Overview of LTE Authentication Procedure: EPS-AKA EPS-AKA (Evolved Packet System – Authentication and Key Agreement) MME HSSAttach Request (IMSI, UE Network Capability, KSIASME=7) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Select an AV (e.g., AV i) KSIASME AV 1 XRES i, KASME i Authentication Request (RAND i, AUTN i, KSIASME i) SQN Crypto function LTE K RAND i RES AUTNUE CK IK KDF SQN SN ID KASME (KASME i) IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Authentication Response (RES) UE uses KASME (KASME i) to calculates additional keys MME uses KASME (KASME i) to calculates additional keys IMSI USIM LTE K Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) Authentication Complete HSS authenticated if AUTN i = AUTNUE UE authenticated if RES = XRES i KSIASME value is not used for authentication itself, but used to generate subsequent key values (for Encryption & Integrity Check) KSIASME AV 1 KASME i 1 2 3 4 5 UE MME HSSAuthentication Information Request (IMSI, SN ID, n, Network Type) Authentication Information Answer (Authentication Vectors) AV 1 = (RAND1, AUTN1, XRES1, KASME1) … AV i = (RANDi, AUTNi, XRESi, KASMEi) … AV n = (RANDn, AUTNn, XRESn, KASMEn)
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 5 LTE Authentication Procedure (1)  Provisioning Information @HSS/AuC  K: provisioned to AuC at subscription time  IMSI: provisioned to HSS & AuC at subscription time  Storing Information @USIM  K & IMSI: stored to USIM at manufacturing time 1. Authentication Request from UE ❶ [UE  MME] UE Requests Registration to Network  UE sends Attach Request (IMSI, UE Network Capability, KSIASME=7) message to MME  IMSI: Subscriber ID  UE Network Capability: supported security algorithms by UE  KSIASME=7: indicates no key is available EEA and EIA in “UE Network Capability” Information [4] Algorithm ID Description 128-EEA0 Null Ciphering Algorithm 128-EEA1 SNOW 3G 128-EEA2 AES Algorithm ID Description - - 128-EIA1 SNOW 3G 128-EIA2 AES EEA EIA
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 6 LTE Authentication Procedure (2) 2. Transfer of Authentication Vector(s) from HSS to MME ❷ [MME  HSS] Requesting Authentication Vector(s)  MME sends Authentication Information Request (IMSI, SN ID, n, Network Type) message to HSS to request authentication vector(s) for the UE  IMSI: Subscriber ID  SN ID: Serving Network ID. Identified by PLMN ID (MCC + MNC)  n: number of requested Authentication Vector(s)  Network Type: here, E-UTRAN  HSS  Generates RAND and SQN  Calculates XRES, AUTN, CK and IK using AKA Algorithm with inputs, LTE Key (K), SQN and RAND  Calculates local master key KASME using KDF with inputs, CK, IK, SQN and SN ID  Constitutes Authentication Vector(s), AV=(RAND, AUTH, XRES, KASME) ❸ [MME  HSS] Distributing Authentication Vector(s)  HSS sends Authentication Information Answer (AVs) message including AVs back to MME  MME  Stores AVs and selects an AV (here the ith AV, AVi=(RANDi, AUTHi, XRESi, KASMEi)) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) HSS
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 7 LTE Authentication Procedure (3) 3. Mutual Authentication between UE and MME  KASME : MME Base Key (local master key). Stored only in MME, not delivered to the UE  UE authenticates the Network (HSS) by comparing AUTN with AUTHUE  MME (on behalf of HSS) authenticates the UE by comparing RES with XRES ❹ [UE  MME] Requesting User Authentication  MME sends Authentication Request (KSIASMEi, RANDi, AUTNi) message to UE  Keeps KASMEi and XRESi  Allocates KSIASMEi to uniquely identify KASMEi (KSIASMEi is shared in the UE and MME)  Sends KSIASMEi, RANDi, AUTNi to UE  UE  Calculates Authentication Vector, AV=(RAND, AUTHUE, RES, KASME) using the same AKA algorithm as in HSS  Authenticates the Network (HSS) by comparing AUTHi with AUTHUE ❺ [UE  MME] Responding User Authentication  UE sends Authentication Response (RES) message back to MME  MME  Authenticates the UE by comparing RES with XRESi SQN Crypto function LTE K RAND RES AUTNUE CK IK KDF SQN SN ID IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Sent to MME Used to authenticate HSS KASME (KASME i) KSIASME AV 1 KASME i UE
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 8 Summary of LTE Security Key: Authentication LTE Security Keys related to the LTE Authentication (EPS-AKA) Key Length Location Derived from Description K 128 bits USIM, AuC - EPS master key CK 128 bits USIM, HSS K Cipher key IK 128 bits USIM, HSS K Integrity key KASME 256 bits UE, HSS, MME CK, IK MME base key
Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 9 References and Abbreviations [1] Netmanias Technical Document, “LTE Network Architecture”, September 2010, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [2] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010. [3] 3GPP TS 24.301, “Non-Access-Stratum (NAS) Protocol for Evolved Packet System (EPS); Stage 3”. [4] 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security Architecture”. AES AKA AS ASME AuC AUTN AV CK EEA EIA EPS HSS IK IMSI KSI LTE : Advanced Encryption Standard : Authentication and Key Agreement : Access Stratum : Access Security Management Entity : Authentication Center : Authentication Token : Authentication Vector : Cipher Key : EPS Encryption Algorithm : EPS Integrity Algorithm : Evolved Packet System : Home Subscriber Server : Integrity Key : International Mobile Subscriber Identity : Key Set Identifier : Long Term Evolution Abbreviations MCC MME MNC NAS PLMN RAND RES RRC SN ID SQN UE UP USIM XRES : Mobile Country Code : Mobility Management Entity : Mobile Network Code : Non Access Stratum : Public Land Mobile Network : RANDom number : Response : Radio Resource Control : Serving Network ID : Sequence Number : User Equipment : User Plane : Universal Subscriber Identity Module : Expected Response

Recomendados

Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)son6971
 
Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access NetworkSukhvinder Singh Malik
 
Netmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.engNetmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.engson6971
 
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)Ehab Sameh
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks csandit
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecurityUniversità Degli Studi Di Salerno
 
K43066774
K43066774K43066774
K43066774IJERA Editor
 

Recomendados

Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)son6971
 
Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access NetworkSukhvinder Singh Malik
 
Netmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.engNetmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.engson6971
 
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)Ehab Sameh
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks csandit
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecurityUniversità Degli Studi Di Salerno
 
K43066774
K43066774K43066774
K43066774IJERA Editor
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetVuz Dở Hơi
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLZachariah Pabi
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsVuz Dở Hơi
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks UBT - Higher Education Institution
 
Y36146148
Y36146148Y36146148
Y36146148IJERA Editor
 
WiMAX Network Security
WiMAX Network SecurityWiMAX Network Security
WiMAX Network Securitysashar86
 
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan RoutingCCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan RoutingVuz Dở Hơi
 
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presalesZigBee energy manager Keletron presales
ZigBee energy manager Keletron presalesYiannis Hatzopoulos
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4Nil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
Go3611771182
Go3611771182Go3611771182
Go3611771182IJERA Editor
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot BlakajUBT - Higher Education Institution
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3Irsandi Hasan
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerationsMary McEvoy Carroll
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Mohamed Tharwat Waheed
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network SecuritySatish Chavan
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
 

Más contenido relacionado

La actualidad más candente

IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET Journal
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetVuz Dở Hơi
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLZachariah Pabi
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsVuz Dở Hơi
 
WiMAX Network Security
WiMAX Network SecurityWiMAX Network Security
WiMAX Network Securitysashar86
 
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan RoutingCCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan RoutingVuz Dở Hơi
 
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presalesZigBee energy manager Keletron presales
ZigBee energy manager Keletron presalesYiannis Hatzopoulos
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4Nil Menon
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3Irsandi Hasan
 

La actualidad más candente (16)

IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks
 
Y36146148
Y36146148Y36146148
Y36146148
 
WiMAX Network Security
WiMAX Network SecurityWiMAX Network Security
WiMAX Network Security
 
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan RoutingCCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan Routing
 
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presalesZigBee energy manager Keletron presales
ZigBee energy manager Keletron presales
 
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
Go3611771182
Go3611771182Go3611771182
Go3611771182
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot Blakaj
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

Destacado

Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerationsMary McEvoy Carroll
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Mohamed Tharwat Waheed
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network SecuritySatish Chavan
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
 
Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 2012Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 201244CON
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho
 
4G LTE Presentation Group 9
4G LTE Presentation Group 94G LTE Presentation Group 9
4G LTE Presentation Group 9eel4514team9
 
Chap 4. call processing and handover.eng
Chap 4. call processing and handover.engChap 4. call processing and handover.eng
Chap 4. call processing and handover.engsivakumar D
 
Lte Presentation.Ppt
Lte Presentation.PptLte Presentation.Ppt
Lte Presentation.Pptvaimalik
 

Destacado (12)

Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerations
 
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)Lte security solution white paper(20130207)
Lte security solution white paper(20130207)
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network Security
 
4g security presentation
4g security presentation4g security presentation
4g security presentation
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
 
Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 2012Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 2012
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
 
4G LTE Presentation Group 9
4G LTE Presentation Group 94G LTE Presentation Group 9
4G LTE Presentation Group 9
 
Chap 4. call processing and handover.eng
Chap 4. call processing and handover.engChap 4. call processing and handover.eng
Chap 4. call processing and handover.eng
 
LTE Basics
LTE BasicsLTE Basics
LTE Basics
 
Lte Presentation.Ppt
Lte Presentation.PptLte Presentation.Ppt
Lte Presentation.Ppt
 

Similar a Netmanias.2012.08.22 [en] lte security i-security concept and authentication

Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETEnhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETIRJET Journal
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and SwitchingReza Farahani
 
IRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA AlgorithmIRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA AlgorithmIRJET Journal
 
An Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA ImplementationAn Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA ImplementationIRJET Journal
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 mohammad norozzudegan
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
 

Similar a Netmanias.2012.08.22 [en] lte security i-security concept and authentication (20)

WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESETEnhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESET
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
Moein
MoeinMoein
Moein
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and Switching
 
IRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA AlgorithmIRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA Algorithm
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Web Security
Web SecurityWeb Security
Web Security
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
An Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA ImplementationAn Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA Implementation
 
Test
TestTest
Test
 
Test 1
Test 1Test 1
Test 1
 
CCNA Icnd110 s03l02
CCNA Icnd110 s03l02CCNA Icnd110 s03l02
CCNA Icnd110 s03l02
 
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2 IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2
 
Websecurity
Websecurity Websecurity
Websecurity
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Netmanias.2012.08.22 [en] lte security i-security concept and authentication

  • 1. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication www.netmanias.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012NMC Consulting Group. All rights reserved. www.nmcgroups.com LTE Security I LTE Security Concept and LTE Authentication August 21, 2012 (Last Updated: August 22, 2012) NMC Consulting Group www.netmanias.com www.nmcgroups.com
  • 2. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 2 Scope and Concept of LTE Security ❶ LTE Authentication  Mutual Authentication between UE and LTE Network (UE – MME – HSS) using EPS-AKA  Base Key: K  Derived Key: KASME ❷ NAS Security  Integrity Protection and Ciphering (Encryption) for NAS Signaling Message between UE and MME  Base Key: KASME  Derived Key: KNASint, KNASenc ❸ AS Security  Integrity Protection and Ciphering (Encryption) for RRC Signaling Message between UE and eNB  Base Key: KeNB  Derived Key: KRRCint, KRRCenc  Ciphering (Encryption) for User IP Packet between UE and eNB  Base key: KeNB  Derived key: KUPenc IP Packet Ciphering ① Mutual Authentication EPS Authentication Vectors (RAND, AUTN, XRES, KASME) KNASint/KNASenc KNASint/KNASenc KRRCint/KRRCenc KUPenc KRRCint/KRRCenc KUPenc RRC Signaling Integrity Protection/ Ciphering IMSI, LTE K IMSI, LTE K ② NAS Signaling Integrity Protection/ Ciphering KASME KASME KeNB KeNBUE eNB MME HSS 1 2 3 3 Mandatory Optional
  • 3. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 3 Attach Request (IMSI, UE Network Capability, KSIASME=7) Authentication Information Request (IMSI, SN ID, Network Type) Authentication Information Answer (AVs (1...n)) Authentication Request (RAND, AUTNHSS, KSIASME=1) [not ciphered; not integrity protected] Authentication Response (RES) [not ciphered; not integrity protected] AS Security Mode Complete (MAC-I) [AS integrity protected] AS Security Mode Command (Ciphering Algorithm=EEA1, Integrity Algorithm=EIA1, MAC-I) [AS integrity protected] Attach Accept <Initial Context Setup Request> (UE Network Capability, KeNB) NAS Security Mode Command (KSIASME=1, Replayed UE Network Capability, NAS Ciphering Algorithm=EEA1, NAS Integrity Algorithm=EIA1, NAS-MAC) [NAS integrity protected] NAS Security Mode Complete (NAS-MAC) [NAS ciphered and integrity protected] Network(HSS) Authentication ( AUTNUE = AUTNHSS ) UE Authentication ( RES = XRES ) Authentication NAS Security Setup AS Security Setup Ciphered and Integrity Protected NAS Signaling Compute KeNB Ciphered and Integrity Protected RRC Signaling Ciphered User Plane (Data Plane) KNASenc, KNASint KRRCenc, KRRCint KUPenc KRRCenc, KRRCint KUPenc eNBUE MME HSS 1 2 3 LTE K RAND EPS AKA Algorithm AUTNUE RES KASME SQN SN ID LTE K RAND EPS AKA Algorithm AUTNHSS XRES KASME SQN SN ID Authentication Vector= (RAND, XRES, AUTNHSS, KASME) Select encryption/integrity algorithm KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher KNASenc, KNASint NAS Uplink Count KeNB KASME KDF Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc Select encryption/integrity algorithm NAS Uplink Count KeNB KASME KDF KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc LTE Security I - Authentication LTE Security II – NAS & AS Security Overview of LTE Security After Authentication  UE and MME share KASME After NAS Security Setup  UE and MME share NAS Security Key (KNASenc, KNASint) in Control Plane After AS Security Setup  UE and eNB share AS Security Key (KRRCenc, KRRCint) in Control Plan  UE and eNB share AS Security Key (KUPenc) in User Plan
  • 4. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 4 Overview of LTE Authentication Procedure: EPS-AKA EPS-AKA (Evolved Packet System – Authentication and Key Agreement) MME HSSAttach Request (IMSI, UE Network Capability, KSIASME=7) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Select an AV (e.g., AV i) KSIASME AV 1 XRES i, KASME i Authentication Request (RAND i, AUTN i, KSIASME i) SQN Crypto function LTE K RAND i RES AUTNUE CK IK KDF SQN SN ID KASME (KASME i) IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Authentication Response (RES) UE uses KASME (KASME i) to calculates additional keys MME uses KASME (KASME i) to calculates additional keys IMSI USIM LTE K Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) Authentication Complete HSS authenticated if AUTN i = AUTNUE UE authenticated if RES = XRES i KSIASME value is not used for authentication itself, but used to generate subsequent key values (for Encryption & Integrity Check) KSIASME AV 1 KASME i 1 2 3 4 5 UE MME HSSAuthentication Information Request (IMSI, SN ID, n, Network Type) Authentication Information Answer (Authentication Vectors) AV 1 = (RAND1, AUTN1, XRES1, KASME1) … AV i = (RANDi, AUTNi, XRESi, KASMEi) … AV n = (RANDn, AUTNn, XRESn, KASMEn)
  • 5. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 5 LTE Authentication Procedure (1)  Provisioning Information @HSS/AuC  K: provisioned to AuC at subscription time  IMSI: provisioned to HSS & AuC at subscription time  Storing Information @USIM  K & IMSI: stored to USIM at manufacturing time 1. Authentication Request from UE ❶ [UE  MME] UE Requests Registration to Network  UE sends Attach Request (IMSI, UE Network Capability, KSIASME=7) message to MME  IMSI: Subscriber ID  UE Network Capability: supported security algorithms by UE  KSIASME=7: indicates no key is available EEA and EIA in “UE Network Capability” Information [4] Algorithm ID Description 128-EEA0 Null Ciphering Algorithm 128-EEA1 SNOW 3G 128-EEA2 AES Algorithm ID Description - - 128-EIA1 SNOW 3G 128-EIA2 AES EEA EIA
  • 6. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 6 LTE Authentication Procedure (2) 2. Transfer of Authentication Vector(s) from HSS to MME ❷ [MME  HSS] Requesting Authentication Vector(s)  MME sends Authentication Information Request (IMSI, SN ID, n, Network Type) message to HSS to request authentication vector(s) for the UE  IMSI: Subscriber ID  SN ID: Serving Network ID. Identified by PLMN ID (MCC + MNC)  n: number of requested Authentication Vector(s)  Network Type: here, E-UTRAN  HSS  Generates RAND and SQN  Calculates XRES, AUTN, CK and IK using AKA Algorithm with inputs, LTE Key (K), SQN and RAND  Calculates local master key KASME using KDF with inputs, CK, IK, SQN and SN ID  Constitutes Authentication Vector(s), AV=(RAND, AUTH, XRES, KASME) ❸ [MME  HSS] Distributing Authentication Vector(s)  HSS sends Authentication Information Answer (AVs) message including AVs back to MME  MME  Stores AVs and selects an AV (here the ith AV, AVi=(RANDi, AUTHi, XRESi, KASMEi)) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) HSS
  • 7. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 7 LTE Authentication Procedure (3) 3. Mutual Authentication between UE and MME  KASME : MME Base Key (local master key). Stored only in MME, not delivered to the UE  UE authenticates the Network (HSS) by comparing AUTN with AUTHUE  MME (on behalf of HSS) authenticates the UE by comparing RES with XRES ❹ [UE  MME] Requesting User Authentication  MME sends Authentication Request (KSIASMEi, RANDi, AUTNi) message to UE  Keeps KASMEi and XRESi  Allocates KSIASMEi to uniquely identify KASMEi (KSIASMEi is shared in the UE and MME)  Sends KSIASMEi, RANDi, AUTNi to UE  UE  Calculates Authentication Vector, AV=(RAND, AUTHUE, RES, KASME) using the same AKA algorithm as in HSS  Authenticates the Network (HSS) by comparing AUTHi with AUTHUE ❺ [UE  MME] Responding User Authentication  UE sends Authentication Response (RES) message back to MME  MME  Authenticates the UE by comparing RES with XRESi SQN Crypto function LTE K RAND RES AUTNUE CK IK KDF SQN SN ID IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Sent to MME Used to authenticate HSS KASME (KASME i) KSIASME AV 1 KASME i UE
  • 8. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 8 Summary of LTE Security Key: Authentication LTE Security Keys related to the LTE Authentication (EPS-AKA) Key Length Location Derived from Description K 128 bits USIM, AuC - EPS master key CK 128 bits USIM, HSS K Cipher key IK 128 bits USIM, HSS K Integrity key KASME 256 bits UE, HSS, MME CK, IK MME base key
  • 9. Copyright © 2002-2012NMC Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 9 References and Abbreviations [1] Netmanias Technical Document, “LTE Network Architecture”, September 2010, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [2] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010. [3] 3GPP TS 24.301, “Non-Access-Stratum (NAS) Protocol for Evolved Packet System (EPS); Stage 3”. [4] 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security Architecture”. AES AKA AS ASME AuC AUTN AV CK EEA EIA EPS HSS IK IMSI KSI LTE : Advanced Encryption Standard : Authentication and Key Agreement : Access Stratum : Access Security Management Entity : Authentication Center : Authentication Token : Authentication Vector : Cipher Key : EPS Encryption Algorithm : EPS Integrity Algorithm : Evolved Packet System : Home Subscriber Server : Integrity Key : International Mobile Subscriber Identity : Key Set Identifier : Long Term Evolution Abbreviations MCC MME MNC NAS PLMN RAND RES RRC SN ID SQN UE UP USIM XRES : Mobile Country Code : Mobility Management Entity : Mobile Network Code : Non Access Stratum : Public Land Mobile Network : RANDom number : Response : Radio Resource Control : Serving Network ID : Sequence Number : User Equipment : User Plane : Universal Subscriber Identity Module : Expected Response