A REVIEW PAPER ON SECURITY TRENDS IN LTE

Sandeep Saini,saurabh vats

E.C.E Department,K.I.T.M,Kurukshetra
Saini426@gmail.com,saurabhvats18@gmail.com Abstract:In this paper, we review the security techniques that protect LTE against attacks from Intruders. The most important issue is network access security, which protects the mobiles Communications with the network across the air interface. In the first part of this paper,we cover the architecture of network access security, the procedures that establish secure communications between the network and mobile, and the security techniques that are subsequently used. The system must also secure certain types of communication within the radio access network and the evolved packet core. This issue is known as network domain security and is the subject of the second part.

1.INTRODUCTION The Long Term Evolution (LTE) architecture design is greatly different from the scheme used by the existing 3g network. That difference brings with it a need to adapt and improve the security functions. The most important requirement is that at least the same level of security as exists in the 3G network must be guaranteed in LTE. The main changes and additions made to satisfy that requirement are listed below[1]. Introduction of a hierarchical key system in which keys can be changed for different purposes Separation of the security functions for the Non-access Stratum (NAS) in which processing is done for communication between a core network node and a mobile terminal,from those functions for the Access Stratum (AS) which encompasses communication between the network edge (evolved Node B (eNB) and the UE. Introduction of the concept of forward security, which limits the scope of harm when a compromised key is used Addition of security functions for interconnection between a 3G net- work and an LTE network. In this article, we describe the main new security functions for LTE to which NTT DOCOMO contributed in 3GPP Service and System Aspects (SA) WG3: introduction of a key hierrchy,separation of the NAS security functions from AS security and expansion of forward security functions for handover. 2. Network Access Security

Network access security (Figure-1) protects the mobiles communications with the network across the air interface, which is the most vulnerable part of the system. It does this using four main techniques. (1) authentication, the network and mobile confirm each others identities. The evolved packet core confirms that the user is authorized to use the networks services and is not using a cloned device. Similarly, the mobile confirms that the network is genuine and is not a spoof network set up to steal the users personal data. (2) Confidentiality protects the users identity. The international mobile subscriber identity(IMSI) is one of the quantities that an intruder needs to clone a mobile, so LTE avoids broadcasting it across the air interface wherever possible.Instead, the network identifies the user by means of temporary identities.

*1

Fig 1 Network access security architecture[1].

(3) Ciphering, also known as encryption,ens- ures that intruders cannot read the data and signalling messages that the mobile and network exchange. (4) Integrity protection,detects any attempt by an intruder to replay or modify signaling messag- es. It protects the system against problems such as man-in-the-middle attacks, in which an intruder intercepts a sequence of signalling messages and modifies and re-transmits them, in an attempt to take control of the mobile. GSM and UMTS only implemented ciphering and integrity protection in the air interfaces access

stratum, to protect user plane data and RRC signalling messages between the mobile and the radio access network. As shown in Figure 1, LTE implements them in the non access stratum as well, to protect EPS mobility and session management messages between the mobile and the MME. This brings two main advantages. In a widearea network, it provides two cryptographically separate levels of encryption, so that even if an intruder breaks one level of security, the information is still secured on the other. It also eases the deployment of home base stations, whose access stratum security can be more easily compromised. 2.1 Key Hierarchy Network access security is based on a hierarchy of keys that is illustrated in Figure 2.Ultimately, it relies on the shared knowledge of a user-specific key, K, which is securely stored in the home subscriber server (HSS) and securely distributed within the universal integrated circuit card (UICC). There is a one-to-one mapping between a users IMSI and the corresponding value of K, and the authentication process relies on the fact that cloned mobiles and spoof networks will not know the correct value of K.From K, the HSS and UICC derive two further keys, denoted CK and IK. UMTS used those keys directly for ciphering and integrity protection, but LTE uses them differently, to derive an access security management entity (ASME) key, denoted KASME.From KASME, the MME and the mobile equipment derive three further keys, denoted KNASenc, KNASint and KeNB. The first two are used for ciphering and integrity protection of non access stratum (NAS) signalling messages between the mobile and the MME

used for ciphering of data, ciphering of RRC signalling messages and integrity protection of RRC signalling messages in the access stratum (AS).This set of keys is larger than the set used by GSM or UMTS, but it brings several benefits.Firstly, the mobile stores the values of CK and IK in its UICC after it detaches from the network, while the MME stores the value of KASME. This allows the system to secure the mobiles attach request when it next switches on.The hierarchy also ensures that the AS and NAS keys are cryptographically separate, so that knowledge of one set of keys does not help an intruder to derive the other. At the same time, the hierarchy is backwards compatible with USIMs from 3GPP Release 99.K, CK and IK contain 128 bits each, while the other keys all contain 256 bits. The current ciphering and integrity protection algorithms use 128 bit keys, which are derived from the least significant bits of the original 256 bit keys. If LTE eventually has to upgrade its algorithms to use 256 bit keys, then it will be able to do so with ease[3]. 2.2 Authentication and Key Agreement During authentication and key agreement (AKA) the mobile and network confirm each others identities and agree on a value of KASME. We have already seen this procedure used as part of the larger attach procedure: Figure 3 shows the full message sequence.Before the procedure begins, the MME has retrieved the mobiles IMSI from its own records or from the mobiles previous MME, or exceptionally by sending an EMM Identity Request to the mobile itself. It now wishes to confirm the mobiles identity. To start the procedure, it sends a Diameter Authentication Information Request to the HSS (1), in which it includes the IMSI.The HSS looks up the corresponding secure key K and calculates an authentication vector that contains four elements. RAND is a random number that the MME will use as an authentication challenge to the mobile. XRES is the expected response to that challenge, which can only be calculated by a mobile that knows the value of K. AUTN is an authentication token, which can only be calculated by a network that knows the value of K, and which includes a sequence number to prevent an intruder from recording an authentication request and replaying it. Finally, KASME is the access security management entity key, which is derived from CK and IK and ultimately from the values of K and RAND. In step 2, the HSS returns the authentication vector to the MME.In GSM and UMTS, the HSS usually returns several authentication vectors at once, to minimize the number of separate messages that it has to handle.LTE actually discourages this technique, on the grounds that the

Figure 2 Hierarchy of the security keys used by LTE.

while the last is passed to the base station. From KeNB, the base station and the mobile equipment derive three access stratum keys, denoted KUPenc, KRRCenc and KRRCint. These are respectively

storage of KASME has greatly reduced the number of messages that the HSS has to exchange.

3.1 Security Protocols Inside the fixed network, two devices often have to exchange information securely.Because the fixed network is based on IP, this can be done using standard IETF security protocols[2].

Figure - 4 Operation of the integrity protection algorithm. Reproduced by permission of ETSI.

Figure- 3 Authentication and key agreement procedure.

The MME sends RAND and AUTN to the mobile equipment as part of an EMM Authentication Request (3) and the mobile equipment forwards them to the UICC (4).Inside the UICC,the USIM application examines the authentication token, to check that the network knows the value of K and that the enclosed sequence number has not been used before. If it is happy, then it calculates its response to the networks challenge,denoted RES, by combining RAND with its own copy of K. It also computes the values of CK and IK, and passes all three parameters back to the mobile equipment (5).Using CK and IK, the mobile equipment computes the access security management entity key KASME. It then returns its response to the MME, as part of an EMM Authentication Response (6). In turn, the MME compares the mobiles response with the expected response that it received from the home subscriber server. If it is the same, then the MME concludes that the mobile is genuine. The system can then use the two copies of KASME to activate the subsequent security procedures, as described in the next section

Devices first authenticate each other and establish a security association using a protocol known as Internet Key Exchange version 2 (IKEv2). This relies either on the use of a pre-shared secret, as in the air interfaces use of the secure key K, or on public key cryptography. Encryption and integrity protection are then implemented using the Internet Protocol Security (IPSec) Encapsulating Security Payload(ESP). Depending on the circumstances,the network can use ESP transport mode,which just protects the payload of an IP packet, or tunnel mode, which protects the IP header as well. These techniques are used in two parts of the LTE network, in the manner described next. 3.2Security in the Evolved Packet Core In the evolved packet core, secure communications are required between networks that are run by different network operators, so as to handle roaming mobiles. To support this,the evolved packet core is modelled using security domains[4]. A security domain usually corresponds to a network operators EPC (Figure 5), but the operator can divide the EPC into more than one security domain if required.From the viewpoint of the network domain security functions, different security domains are separated by the Za interface. On this interface, it is mandatory for LTE signaling messages to be protected using ESP tunnel mode. The security functions are implemented using secure gateways (SEGs), although operators can

3. Network Domain Security

include the secure gateways functions in the network elements themselves if they wish to. There is no protection for data,which will usually end up in an insecure public network anyway. If required, the data can be protected at the application layer. Within a security domain, the network elements are separated by the Zb interface.This interface is usually under the control of a single network operator, so protection of LTE signalling messages across this interface is optional. If the interface is secured,then support of ESP tunnel mode is mandatory, while support of ESP transport mode is optional.

Figure-6 Network domain security architecture for the S1 and X2 interfaces.

them vulnerable to intruders. In a femtocell network, a home base station communicates with the EPC across a public IP backhaul.To handle these issues, it is optional for network operators to secure the S1 and X2 interfaces in the manner shown in Figure 6. If the interfaces are secured, then support of ESP tunnel mode is mandatory, while support of ESP transport mode is optional. The security functions are applied to the LTE signalling messages and to the users data, which is a similar situation to the air interfaces access stratum, but is different from the EPC[6].

4.CONCLUSION LTE security function must provide at least the same level of security as provided by 3g security function ,and still minimize the effect on the previous architecture. The current 3GPP release has standardized the security function that satisfy those requirements .in the future,we will continue to develop new security function such as home eNB security and machine to machine security for standardization in Release 9.

Figure-5 Example implementation of the network domain security architecture in the evolved packet core.

3.3 Security in the Radio Access Network In the radio access network, network operators may also wish to secure the X2 and S1 interfaces, which connect the base stations to each other and to the evolved packet core. They typically do this in two scenarios. In a wide-area network, the S1 and X2 Is the only difference between the S5 and S8 interfaces.Across the S5 interface, the serving and PDN gateways lie in the same security domain, so security functions are optional and are Implementted using Zb. Across the S8 interface, the gateways lie in different security domains, so security functions are mandatory and are implemented using Za.

REFRENCE [1] LTE:The UMTS long term evolution by Stephania Ses [2] An introduction to LTE by Christopher Cox. [3] Security technology for SAE/LTE,NTT Dcomo,vol.11 no.3. [4] Afaq H. Khan, Mohammed A. Qadeer,4g as a next wireless network2009 international conference on future computer and communication. [5] Mudit Ratana Bhalla,Generations of Mobile Wireless Technology:A Survey International Journal of Computer Applications (0975 8887),Volume 5 No.4, August 2010 [6] White paper 2010 Cisco Systems [7] Role of Cognitive Radio on 4G Communications:A Review Journal of Emerging Trends in Computing and Information Sciences VOL. 3, NO. 2, February 2012,ISSN 2079-8407