Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2G
Only network authenticates user, not vice versa Weak crypto algorithms Mutual authentication between user and network Service provided through private ISP infrastructure IMSI sent in plaintext when allocating TMSI to the user Open heterogeneous IP-based environment Security is integral part of the design Authentication with AAA or PKI
3G
LTE/4G
Terminology
To protect against attacks on radio links To protect against attacks on wire links and signaling security Authentication Secure exchange of application data Secure access to EPC via non-3GPP access networks
Sensitive data used for authentication never leave trusted environment Autonomous validation
Restriction of the number of connections per eNodeB IMSI should be kept secret inside the device
DoS protection
User privacy
IETF HOKEY Workgroup Project IEEE 802.21 Y-Comm Architecture X.805 Framework Security Management System proposal 2012 (Hani Alquhayz, Ali Al-Bayatti, Amelia Platt)
Security Management System proposal 2012 (Hani Alquhayz, Ali Al-Bayatti, Amelia Platt)
Conclusion
Opened 4G architecture inherit many security vulnerabilities compared to 3G Mass effort in order to protect and guarantee secure mobile communications Improvement required to neutralize actual attacks and vulnerabilities Necessity of security management model
Sources
Bikos A., Sklavos N.: LTE/SAE Security Issues on 4G Wireless Networks, In: IEEE Security and Privacy, 2012 Alquahayz H., et. al: Security Management System for 4G Heterogeneous Networks, In: WCE 2012 Vol II, 2012 Maode M.: Security Investigation in 4G LTE Wireless Networks, Nanyang Technological University, 2011
Questions