Enviar búsqueda
Cargar
Netmanias.2012.08.22 [en] lte security i-security concept and authentication
•
9 recomendaciones
•
2,878 vistas
son6971
Seguir
Tecnología
Noticias y política
Denunciar
Compartir
Denunciar
Compartir
1 de 9
Recomendados
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
son6971
Security In LTE Access Network
Security In LTE Access Network
Sukhvinder Singh Malik
Netmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.eng
son6971
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Ehab Sameh
IPsec for IMS
IPsec for IMS
Hossein Yavari
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks
csandit
Wireless Security
Wireless Security
Università Degli Studi Di Salerno
K43066774
K43066774
IJERA Editor
Recomendados
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
Netmanias.2012.09.03 [en] emm_procedure_1._initial_attach_(part_1)
son6971
Security In LTE Access Network
Security In LTE Access Network
Sukhvinder Singh Malik
Netmanias.2013.08.05 lte security i-concept and authentication.eng
Netmanias.2013.08.05 lte security i-concept and authentication.eng
son6971
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Netmanias.2013.07.31 lte security i-concept and authentication (en)
Ehab Sameh
IPsec for IMS
IPsec for IMS
Hossein Yavari
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks
csandit
Wireless Security
Wireless Security
Università Degli Studi Di Salerno
K43066774
K43066774
IJERA Editor
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET Journal
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
Zachariah Pabi
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
Nil Menon
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
Vuz Dở Hơi
Virtual private networks
Virtual private networks
UBT - Higher Education Institution
Y36146148
Y36146148
IJERA Editor
WiMAX Network Security
WiMAX Network Security
sashar86
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presales
Yiannis Hatzopoulos
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
Nil Menon
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
Go3611771182
Go3611771182
IJERA Editor
Kastriot Blakaj
Kastriot Blakaj
UBT - Higher Education Institution
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
Irsandi Hasan
Lte security concepts and design considerations
Lte security concepts and design considerations
Mary McEvoy Carroll
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)
Mohamed Tharwat Waheed
LTE :Mobile Network Security
LTE :Mobile Network Security
Satish Chavan
4g security presentation
4g security presentation
Kyle Ly
Lte security overview
Lte security overview
aliirfan04
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
Más contenido relacionado
La actualidad más candente
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET Journal
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
Zachariah Pabi
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
Nil Menon
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
Vuz Dở Hơi
Virtual private networks
Virtual private networks
UBT - Higher Education Institution
Y36146148
Y36146148
IJERA Editor
WiMAX Network Security
WiMAX Network Security
sashar86
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan Routing
Vuz Dở Hơi
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presales
Yiannis Hatzopoulos
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
Nil Menon
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
Nil Menon
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Vuz Dở Hơi
Go3611771182
Go3611771182
IJERA Editor
Kastriot Blakaj
Kastriot Blakaj
UBT - Higher Education Institution
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
Irsandi Hasan
La actualidad más candente
(16)
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point Connections
Virtual private networks
Virtual private networks
Y36146148
Y36146148
WiMAX Network Security
WiMAX Network Security
CCNAv5 - S2: Chapter5 Inter Vlan Routing
CCNAv5 - S2: Chapter5 Inter Vlan Routing
ZigBee energy manager Keletron presales
ZigBee energy manager Keletron presales
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 4
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
Go3611771182
Go3611771182
Kastriot Blakaj
Kastriot Blakaj
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
Destacado
Lte security concepts and design considerations
Lte security concepts and design considerations
Mary McEvoy Carroll
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)
Mohamed Tharwat Waheed
LTE :Mobile Network Security
LTE :Mobile Network Security
Satish Chavan
4g security presentation
4g security presentation
Kyle Ly
Lte security overview
Lte security overview
aliirfan04
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 2012
44CON
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
Stephen Kho
4G LTE Presentation Group 9
4G LTE Presentation Group 9
eel4514team9
Chap 4. call processing and handover.eng
Chap 4. call processing and handover.eng
sivakumar D
LTE Basics
LTE Basics
Praveen Kumar
Lte Presentation.Ppt
Lte Presentation.Ppt
vaimalik
Destacado
(12)
Lte security concepts and design considerations
Lte security concepts and design considerations
Lte security solution white paper(20130207)
Lte security solution white paper(20130207)
LTE :Mobile Network Security
LTE :Mobile Network Security
4g security presentation
4g security presentation
Lte security overview
Lte security overview
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
Security Testing 4G (LTE) Networks - 44CON 2012
Security Testing 4G (LTE) Networks - 44CON 2012
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
4G LTE Presentation Group 9
4G LTE Presentation Group 9
Chap 4. call processing and handover.eng
Chap 4. call processing and handover.eng
LTE Basics
LTE Basics
Lte Presentation.Ppt
Lte Presentation.Ppt
Similar a Netmanias.2012.08.22 [en] lte security i-security concept and authentication
WLAN and IP security
WLAN and IP security
Chaitanya Tata, PMP
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESET
IRJET Journal
Chapter 15 - Security
Chapter 15 - Security
Wayne Jones Jnr
Moein
Moein
itrraincity
Basic Security in Routing and Switching
Basic Security in Routing and Switching
Reza Farahani
IRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA Algorithm
IRJET Journal
VPN presentation - moeshesh
VPN presentation - moeshesh
Mohamed Shishtawy
IS - SSL
IS - SSL
FumikageTokoyami4
Ip Sec
Ip Sec
Ram Dutt Shukla
Ip Sec Rev1
Ip Sec Rev1
Ram Dutt Shukla
Web Security
Web Security
Ram Dutt Shukla
Ip Sec
Ip Sec
Ram Dutt Shukla
Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
An Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA Implementation
IRJET Journal
Test
Test
son6971
Test 1
Test 1
son6971
CCNA Icnd110 s03l02
CCNA Icnd110 s03l02
computerlenguyen
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2
mohammad norozzudegan
Websecurity
Websecurity
Merve Bilgen
Introduction to security_and_crypto
Introduction to security_and_crypto
Harry Potter
Similar a Netmanias.2012.08.22 [en] lte security i-security concept and authentication
(20)
WLAN and IP security
WLAN and IP security
Enhanced Advanced Encryption Standard (E-AES): using ESET
Enhanced Advanced Encryption Standard (E-AES): using ESET
Chapter 15 - Security
Chapter 15 - Security
Moein
Moein
Basic Security in Routing and Switching
Basic Security in Routing and Switching
IRJET- Data Transmission using RSA Algorithm
IRJET- Data Transmission using RSA Algorithm
VPN presentation - moeshesh
VPN presentation - moeshesh
IS - SSL
IS - SSL
Ip Sec
Ip Sec
Ip Sec Rev1
Ip Sec Rev1
Web Security
Web Security
Ip Sec
Ip Sec
Ipsec vpn v0.1
Ipsec vpn v0.1
An Efficient VLSI Architecture for AES and It's FPGA Implementation
An Efficient VLSI Architecture for AES and It's FPGA Implementation
Test
Test
Test 1
Test 1
CCNA Icnd110 s03l02
CCNA Icnd110 s03l02
IMS Authentication with AKAv1 and AKAv2
IMS Authentication with AKAv1 and AKAv2
Websecurity
Websecurity
Introduction to security_and_crypto
Introduction to security_and_crypto
Último
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Último
(20)
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Netmanias.2012.08.22 [en] lte security i-security concept and authentication
1.
Netmanias Technical Document:
LTE Security I - LTE Security Concept and LTE Authentication www.netmanias.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012NMC Consulting Group. All rights reserved. www.nmcgroups.com LTE Security I LTE Security Concept and LTE Authentication August 21, 2012 (Last Updated: August 22, 2012) NMC Consulting Group www.netmanias.com www.nmcgroups.com
2.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 2 Scope and Concept of LTE Security ❶ LTE Authentication Mutual Authentication between UE and LTE Network (UE – MME – HSS) using EPS-AKA Base Key: K Derived Key: KASME ❷ NAS Security Integrity Protection and Ciphering (Encryption) for NAS Signaling Message between UE and MME Base Key: KASME Derived Key: KNASint, KNASenc ❸ AS Security Integrity Protection and Ciphering (Encryption) for RRC Signaling Message between UE and eNB Base Key: KeNB Derived Key: KRRCint, KRRCenc Ciphering (Encryption) for User IP Packet between UE and eNB Base key: KeNB Derived key: KUPenc IP Packet Ciphering ① Mutual Authentication EPS Authentication Vectors (RAND, AUTN, XRES, KASME) KNASint/KNASenc KNASint/KNASenc KRRCint/KRRCenc KUPenc KRRCint/KRRCenc KUPenc RRC Signaling Integrity Protection/ Ciphering IMSI, LTE K IMSI, LTE K ② NAS Signaling Integrity Protection/ Ciphering KASME KASME KeNB KeNBUE eNB MME HSS 1 2 3 3 Mandatory Optional
3.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 3 Attach Request (IMSI, UE Network Capability, KSIASME=7) Authentication Information Request (IMSI, SN ID, Network Type) Authentication Information Answer (AVs (1...n)) Authentication Request (RAND, AUTNHSS, KSIASME=1) [not ciphered; not integrity protected] Authentication Response (RES) [not ciphered; not integrity protected] AS Security Mode Complete (MAC-I) [AS integrity protected] AS Security Mode Command (Ciphering Algorithm=EEA1, Integrity Algorithm=EIA1, MAC-I) [AS integrity protected] Attach Accept <Initial Context Setup Request> (UE Network Capability, KeNB) NAS Security Mode Command (KSIASME=1, Replayed UE Network Capability, NAS Ciphering Algorithm=EEA1, NAS Integrity Algorithm=EIA1, NAS-MAC) [NAS integrity protected] NAS Security Mode Complete (NAS-MAC) [NAS ciphered and integrity protected] Network(HSS) Authentication ( AUTNUE = AUTNHSS ) UE Authentication ( RES = XRES ) Authentication NAS Security Setup AS Security Setup Ciphered and Integrity Protected NAS Signaling Compute KeNB Ciphered and Integrity Protected RRC Signaling Ciphered User Plane (Data Plane) KNASenc, KNASint KRRCenc, KRRCint KUPenc KRRCenc, KRRCint KUPenc eNBUE MME HSS 1 2 3 LTE K RAND EPS AKA Algorithm AUTNUE RES KASME SQN SN ID LTE K RAND EPS AKA Algorithm AUTNHSS XRES KASME SQN SN ID Authentication Vector= (RAND, XRES, AUTNHSS, KASME) Select encryption/integrity algorithm KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher KNASenc, KNASint NAS Uplink Count KeNB KASME KDF Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc Select encryption/integrity algorithm NAS Uplink Count KeNB KASME KDF KNASenc KASME KDF KNASint Alg-ID, Alg Distinguisher Alg-ID, Alg Distinguisher KRRCenc KeNB KDF KRRCint KUPenc LTE Security I - Authentication LTE Security II – NAS & AS Security Overview of LTE Security After Authentication UE and MME share KASME After NAS Security Setup UE and MME share NAS Security Key (KNASenc, KNASint) in Control Plane After AS Security Setup UE and eNB share AS Security Key (KRRCenc, KRRCint) in Control Plan UE and eNB share AS Security Key (KUPenc) in User Plan
4.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 4 Overview of LTE Authentication Procedure: EPS-AKA EPS-AKA (Evolved Packet System – Authentication and Key Agreement) MME HSSAttach Request (IMSI, UE Network Capability, KSIASME=7) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Select an AV (e.g., AV i) KSIASME AV 1 XRES i, KASME i Authentication Request (RAND i, AUTN i, KSIASME i) SQN Crypto function LTE K RAND i RES AUTNUE CK IK KDF SQN SN ID KASME (KASME i) IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Authentication Response (RES) UE uses KASME (KASME i) to calculates additional keys MME uses KASME (KASME i) to calculates additional keys IMSI USIM LTE K Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) Authentication Complete HSS authenticated if AUTN i = AUTNUE UE authenticated if RES = XRES i KSIASME value is not used for authentication itself, but used to generate subsequent key values (for Encryption & Integrity Check) KSIASME AV 1 KASME i 1 2 3 4 5 UE MME HSSAuthentication Information Request (IMSI, SN ID, n, Network Type) Authentication Information Answer (Authentication Vectors) AV 1 = (RAND1, AUTN1, XRES1, KASME1) … AV i = (RANDi, AUTNi, XRESi, KASMEi) … AV n = (RANDn, AUTNn, XRESn, KASMEn)
5.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 5 LTE Authentication Procedure (1) Provisioning Information @HSS/AuC K: provisioned to AuC at subscription time IMSI: provisioned to HSS & AuC at subscription time Storing Information @USIM K & IMSI: stored to USIM at manufacturing time 1. Authentication Request from UE ❶ [UE MME] UE Requests Registration to Network UE sends Attach Request (IMSI, UE Network Capability, KSIASME=7) message to MME IMSI: Subscriber ID UE Network Capability: supported security algorithms by UE KSIASME=7: indicates no key is available EEA and EIA in “UE Network Capability” Information [4] Algorithm ID Description 128-EEA0 Null Ciphering Algorithm 128-EEA1 SNOW 3G 128-EEA2 AES Algorithm ID Description - - 128-EIA1 SNOW 3G 128-EIA2 AES EEA EIA
6.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 6 LTE Authentication Procedure (2) 2. Transfer of Authentication Vector(s) from HSS to MME ❷ [MME HSS] Requesting Authentication Vector(s) MME sends Authentication Information Request (IMSI, SN ID, n, Network Type) message to HSS to request authentication vector(s) for the UE IMSI: Subscriber ID SN ID: Serving Network ID. Identified by PLMN ID (MCC + MNC) n: number of requested Authentication Vector(s) Network Type: here, E-UTRAN HSS Generates RAND and SQN Calculates XRES, AUTN, CK and IK using AKA Algorithm with inputs, LTE Key (K), SQN and RAND Calculates local master key KASME using KDF with inputs, CK, IK, SQN and SN ID Constitutes Authentication Vector(s), AV=(RAND, AUTH, XRES, KASME) ❸ [MME HSS] Distributing Authentication Vector(s) HSS sends Authentication Information Answer (AVs) message including AVs back to MME MME Stores AVs and selects an AV (here the ith AV, AVi=(RANDi, AUTHi, XRESi, KASMEi)) SQN Crypto function LTE K RAND XRES AUTN CK IK KDF SQN SN ID KASME IMSI: Provisioned @AuC RAND: HSS generates LTE K: Provisioned @AuC SQN: HSS generates (increase) Authentication Vector (AV) AV = (RAND, AUTN, XRES, KASME) HSS
7.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 7 LTE Authentication Procedure (3) 3. Mutual Authentication between UE and MME KASME : MME Base Key (local master key). Stored only in MME, not delivered to the UE UE authenticates the Network (HSS) by comparing AUTN with AUTHUE MME (on behalf of HSS) authenticates the UE by comparing RES with XRES ❹ [UE MME] Requesting User Authentication MME sends Authentication Request (KSIASMEi, RANDi, AUTNi) message to UE Keeps KASMEi and XRESi Allocates KSIASMEi to uniquely identify KASMEi (KSIASMEi is shared in the UE and MME) Sends KSIASMEi, RANDi, AUTNi to UE UE Calculates Authentication Vector, AV=(RAND, AUTHUE, RES, KASME) using the same AKA algorithm as in HSS Authenticates the Network (HSS) by comparing AUTHi with AUTHUE ❺ [UE MME] Responding User Authentication UE sends Authentication Response (RES) message back to MME MME Authenticates the UE by comparing RES with XRESi SQN Crypto function LTE K RAND RES AUTNUE CK IK KDF SQN SN ID IMSI: Factory Default RAND: HSS generates LTE K: Factory Default SQN: HSS generates Sent to MME Used to authenticate HSS KASME (KASME i) KSIASME AV 1 KASME i UE
8.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 8 Summary of LTE Security Key: Authentication LTE Security Keys related to the LTE Authentication (EPS-AKA) Key Length Location Derived from Description K 128 bits USIM, AuC - EPS master key CK 128 bits USIM, HSS K Cipher key IK 128 bits USIM, HSS K Integrity key KASME 256 bits UE, HSS, MME CK, IK MME base key
9.
Copyright © 2002-2012NMC
Consulting Group. All rights reserved. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication 9 References and Abbreviations [1] Netmanias Technical Document, “LTE Network Architecture”, September 2010, http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G [2] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010. [3] 3GPP TS 24.301, “Non-Access-Stratum (NAS) Protocol for Evolved Packet System (EPS); Stage 3”. [4] 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security Architecture”. AES AKA AS ASME AuC AUTN AV CK EEA EIA EPS HSS IK IMSI KSI LTE : Advanced Encryption Standard : Authentication and Key Agreement : Access Stratum : Access Security Management Entity : Authentication Center : Authentication Token : Authentication Vector : Cipher Key : EPS Encryption Algorithm : EPS Integrity Algorithm : Evolved Packet System : Home Subscriber Server : Integrity Key : International Mobile Subscriber Identity : Key Set Identifier : Long Term Evolution Abbreviations MCC MME MNC NAS PLMN RAND RES RRC SN ID SQN UE UP USIM XRES : Mobile Country Code : Mobility Management Entity : Mobile Network Code : Non Access Stratum : Public Land Mobile Network : RANDom number : Response : Radio Resource Control : Serving Network ID : Sequence Number : User Equipment : User Plane : Universal Subscriber Identity Module : Expected Response