Más contenido relacionado
La actualidad más candente (16)
Similar a Netmanias.2012.08.22 [en] lte security i-security concept and authentication (20)
Netmanias.2012.08.22 [en] lte security i-security concept and authentication
- 1. Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
www.netmanias.com
About NMC Consulting Group
NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN
lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi.
Copyright © 2002-2012NMC Consulting Group. All rights reserved.
www.nmcgroups.com
LTE Security I
LTE Security Concept and LTE Authentication
August 21, 2012
(Last Updated: August 22, 2012)
NMC Consulting Group
www.netmanias.com
www.nmcgroups.com
- 2. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
2
Scope and Concept of LTE Security
❶ LTE Authentication
Mutual Authentication between UE and LTE
Network (UE – MME – HSS) using EPS-AKA
Base Key: K
Derived Key: KASME
❷ NAS Security
Integrity Protection and Ciphering (Encryption)
for NAS Signaling Message between UE and MME
Base Key: KASME
Derived Key: KNASint, KNASenc
❸ AS Security
Integrity Protection and Ciphering (Encryption)
for RRC Signaling Message between UE and eNB
Base Key: KeNB
Derived Key: KRRCint, KRRCenc
Ciphering (Encryption) for User IP Packet
between UE and eNB
Base key: KeNB
Derived key: KUPenc
IP Packet
Ciphering
① Mutual Authentication
EPS Authentication Vectors
(RAND, AUTN, XRES, KASME)
KNASint/KNASenc
KNASint/KNASenc
KRRCint/KRRCenc KUPenc
KRRCint/KRRCenc KUPenc
RRC Signaling
Integrity Protection/
Ciphering
IMSI, LTE K
IMSI, LTE K
② NAS Signaling
Integrity Protection/
Ciphering
KASME
KASME
KeNB
KeNBUE
eNB
MME
HSS
1
2
3
3
Mandatory
Optional
- 3. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
3
Attach Request (IMSI, UE Network Capability, KSIASME=7)
Authentication Information Request (IMSI, SN ID, Network Type)
Authentication Information Answer
(AVs (1...n))
Authentication Request (RAND, AUTNHSS, KSIASME=1)
[not ciphered; not integrity protected]
Authentication Response (RES) [not ciphered; not integrity protected]
AS Security Mode Complete (MAC-I)
[AS integrity protected]
AS Security Mode Command
(Ciphering Algorithm=EEA1, Integrity
Algorithm=EIA1, MAC-I)
[AS integrity protected]
Attach Accept
<Initial Context Setup Request>
(UE Network Capability, KeNB)
NAS Security Mode Command (KSIASME=1, Replayed UE Network Capability, NAS
Ciphering Algorithm=EEA1, NAS Integrity Algorithm=EIA1, NAS-MAC)
[NAS integrity protected]
NAS Security Mode Complete (NAS-MAC) [NAS ciphered and integrity protected]
Network(HSS) Authentication
( AUTNUE = AUTNHSS )
UE Authentication
( RES = XRES )
Authentication
NAS Security Setup
AS Security Setup
Ciphered and Integrity Protected NAS Signaling
Compute KeNB
Ciphered and Integrity Protected RRC Signaling
Ciphered User Plane (Data Plane)
KNASenc, KNASint
KRRCenc, KRRCint
KUPenc
KRRCenc, KRRCint
KUPenc
eNBUE MME HSS
1
2
3
LTE K RAND
EPS AKA Algorithm
AUTNUE RES KASME
SQN SN ID
LTE K RAND
EPS AKA Algorithm
AUTNHSS XRES KASME
SQN SN ID
Authentication Vector=
(RAND, XRES, AUTNHSS, KASME)
Select encryption/integrity algorithm
KNASenc
KASME
KDF
KNASint
Alg-ID, Alg Distinguisher
KNASenc, KNASint
NAS Uplink Count
KeNB
KASME
KDF
Alg-ID, Alg Distinguisher
KRRCenc
KeNB
KDF
KRRCint KUPenc
Select encryption/integrity algorithm
NAS Uplink Count
KeNB
KASME
KDF
KNASenc
KASME
KDF
KNASint
Alg-ID, Alg Distinguisher
Alg-ID, Alg Distinguisher
KRRCenc
KeNB
KDF
KRRCint KUPenc
LTE Security I - Authentication
LTE Security II
– NAS & AS Security
Overview of LTE Security
After Authentication
UE and MME share KASME
After NAS Security Setup
UE and MME share NAS
Security Key (KNASenc, KNASint)
in Control Plane
After AS Security Setup
UE and eNB share AS
Security Key (KRRCenc, KRRCint)
in Control Plan
UE and eNB share AS
Security Key (KUPenc) in User
Plan
- 4. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
4
Overview of LTE Authentication Procedure: EPS-AKA
EPS-AKA (Evolved Packet System – Authentication and Key Agreement)
MME HSSAttach Request (IMSI, UE
Network Capability, KSIASME=7)
SQN
Crypto function
LTE K RAND
XRES AUTN CK IK
KDF
SQN
SN ID
KASME
IMSI: Provisioned @AuC
RAND: HSS generates
LTE K: Provisioned @AuC
SQN: HSS generates (increase)
Select an AV (e.g., AV i)
KSIASME AV
1 XRES i, KASME i
Authentication Request
(RAND i, AUTN i, KSIASME i)
SQN
Crypto function
LTE K RAND i
RES AUTNUE CK IK
KDF
SQN
SN ID
KASME (KASME i)
IMSI: Factory Default
RAND: HSS generates
LTE K: Factory Default
SQN: HSS generates
Authentication Response
(RES)
UE uses KASME (KASME i) to
calculates additional keys
MME uses KASME (KASME i) to
calculates additional keys
IMSI
USIM
LTE K
Authentication Vector (AV)
AV = (RAND, AUTN, XRES, KASME)
Authentication Complete
HSS authenticated
if AUTN i = AUTNUE
UE authenticated
if RES = XRES i
KSIASME value is not used for
authentication itself, but used to
generate subsequent key values
(for Encryption & Integrity Check)
KSIASME AV
1 KASME i
1 2
3
4
5
UE MME HSSAuthentication Information Request
(IMSI, SN ID, n, Network Type)
Authentication Information
Answer (Authentication Vectors)
AV 1 = (RAND1, AUTN1, XRES1, KASME1)
…
AV i = (RANDi, AUTNi, XRESi, KASMEi)
…
AV n = (RANDn, AUTNn, XRESn, KASMEn)
- 5. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
5
LTE Authentication Procedure (1)
Provisioning Information @HSS/AuC
K: provisioned to AuC at subscription time
IMSI: provisioned to HSS & AuC at subscription time
Storing Information @USIM
K & IMSI: stored to USIM at manufacturing time
1. Authentication Request from UE
❶ [UE MME] UE Requests Registration to Network
UE sends Attach Request (IMSI, UE Network Capability, KSIASME=7) message to MME
IMSI: Subscriber ID
UE Network Capability: supported security algorithms by UE
KSIASME=7: indicates no key is available
EEA and EIA in “UE Network Capability” Information [4]
Algorithm ID Description
128-EEA0 Null Ciphering Algorithm
128-EEA1 SNOW 3G
128-EEA2 AES
Algorithm ID Description
- -
128-EIA1 SNOW 3G
128-EIA2 AES
EEA EIA
- 6. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
6
LTE Authentication Procedure (2)
2. Transfer of Authentication Vector(s) from HSS to MME
❷ [MME HSS] Requesting Authentication Vector(s)
MME sends Authentication Information Request (IMSI, SN ID, n, Network Type)
message to HSS to request authentication vector(s) for the UE
IMSI: Subscriber ID
SN ID: Serving Network ID. Identified by PLMN ID (MCC + MNC)
n: number of requested Authentication Vector(s)
Network Type: here, E-UTRAN
HSS
Generates RAND and SQN
Calculates XRES, AUTN, CK and IK using AKA Algorithm with inputs,
LTE Key (K), SQN and RAND
Calculates local master key KASME using KDF with inputs,
CK, IK, SQN and SN ID
Constitutes Authentication Vector(s), AV=(RAND, AUTH, XRES, KASME)
❸ [MME HSS] Distributing Authentication Vector(s)
HSS sends Authentication Information Answer (AVs) message including
AVs back to MME
MME
Stores AVs and selects an AV (here the ith AV, AVi=(RANDi, AUTHi, XRESi, KASMEi))
SQN
Crypto function
LTE K RAND
XRES AUTN CK IK
KDF
SQN
SN ID
KASME
IMSI: Provisioned @AuC
RAND: HSS generates
LTE K: Provisioned @AuC
SQN: HSS generates (increase)
Authentication Vector (AV)
AV = (RAND, AUTN, XRES, KASME)
HSS
- 7. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
7
LTE Authentication Procedure (3)
3. Mutual Authentication between UE and MME
KASME : MME Base Key (local master key). Stored only in MME, not delivered to the UE
UE authenticates the Network (HSS) by comparing AUTN with AUTHUE
MME (on behalf of HSS) authenticates the UE by comparing RES with XRES
❹ [UE MME] Requesting User Authentication
MME sends Authentication Request (KSIASMEi, RANDi, AUTNi) message to UE
Keeps KASMEi and XRESi
Allocates KSIASMEi to uniquely identify KASMEi (KSIASMEi is shared in the UE and MME)
Sends KSIASMEi, RANDi, AUTNi to UE
UE
Calculates Authentication Vector, AV=(RAND, AUTHUE, RES, KASME)
using the same AKA algorithm as in HSS
Authenticates the Network (HSS) by comparing AUTHi with AUTHUE
❺ [UE MME] Responding User Authentication
UE sends Authentication Response (RES) message back to MME
MME
Authenticates the UE by comparing RES with XRESi
SQN
Crypto function
LTE K RAND
RES AUTNUE CK IK
KDF
SQN
SN ID
IMSI: Factory Default
RAND: HSS generates
LTE K: Factory Default
SQN: HSS generates
Sent to MME
Used to authenticate HSS
KASME (KASME i)
KSIASME AV
1 KASME i
UE
- 8. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
8
Summary of LTE Security Key: Authentication
LTE Security Keys related to the LTE Authentication (EPS-AKA)
Key Length Location Derived from Description
K 128 bits USIM, AuC - EPS master key
CK 128 bits USIM, HSS K Cipher key
IK 128 bits USIM, HSS K Integrity key
KASME 256 bits UE, HSS, MME CK, IK MME base key
- 9. Copyright © 2002-2012NMC Consulting Group. All rights reserved.
Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
9
References and Abbreviations
[1] Netmanias Technical Document, “LTE Network Architecture”, September 2010,
http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G
[2] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010.
[3] 3GPP TS 24.301, “Non-Access-Stratum (NAS) Protocol for Evolved Packet System (EPS); Stage 3”.
[4] 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security Architecture”.
AES
AKA
AS
ASME
AuC
AUTN
AV
CK
EEA
EIA
EPS
HSS
IK
IMSI
KSI
LTE
: Advanced Encryption Standard
: Authentication and Key Agreement
: Access Stratum
: Access Security Management Entity
: Authentication Center
: Authentication Token
: Authentication Vector
: Cipher Key
: EPS Encryption Algorithm
: EPS Integrity Algorithm
: Evolved Packet System
: Home Subscriber Server
: Integrity Key
: International Mobile Subscriber Identity
: Key Set Identifier
: Long Term Evolution
Abbreviations
MCC
MME
MNC
NAS
PLMN
RAND
RES
RRC
SN ID
SQN
UE
UP
USIM
XRES
: Mobile Country Code
: Mobility Management Entity
: Mobile Network Code
: Non Access Stratum
: Public Land Mobile Network
: RANDom number
: Response
: Radio Resource Control
: Serving Network ID
: Sequence Number
: User Equipment
: User Plane
: Universal Subscriber Identity Module
: Expected Response