[内容简介]

A concise, updated guide to the 3GPP LTE Security Standardization specifications

A welcome Revised Edition of the successful LTE Security addressing the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but which needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. The authors explain in detail the security mechanisms employed to meet these requirements. The specifications generated by standardization bodies only inform about how to implement the system (and this only to the extent required for interoperability), but almost never inform readers about why things are done the way they are. Furthermore, specifications tend to be readable only for a small group of experts and lack the context of the broader picture. The book fills this gap by providing first hand information from insiders who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP, and can therefore explain the rationale for design decisions in this area.

• A concise, fully updated guide to the 3GPP LTE Security Standardization specifications
• Describes the essential elements of LTE and SAE Security, written by leading experts who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP
• Explains the rationale behind the standards specifications giving readers a broader understanding of the context to these specifications
• Includes new chapters covering 3GPP work on system enhancements for MTC, plus application layer security in ETSI TC M2M and embedded smart card in ETSI SCP; Security for Machine-type Communication, Relay Node Security, and Future Challenges, including Voice over LTE, MTC, Home base stations, LIPA/SIPTO, and New Cryptographic Algorithms

Essential reading for System engineers, developers and people in technical sales working in the area of LTE and LTE security, communication engineers and software developers in mobile communication field.

[目录]

Preface xiii

Foreword to the First Edition xv

Acknowledgements xix

Copyright Acknowledgements xix

1 Overview of the Book 1

2 Background 5

2.1 Evolution of Cellular Systems 5

2.1.1 Third-Generation Network Architecture 6

2.1.2 Important Elements of the 3G Architecture 7

2.1.3 Functions and Protocols in the 3GPP System 8

2.1.4 The EPS System 9

2.2 Basic Security Concepts 10

2.2.1 Information Security 10

2.2.2 Design Principles 11

2.2.3 Communication Security Features 12

2.3 Basic Cryptographic Concepts 13

2.3.1 Cryptographic Functions 14

2.3.2 Securing Systems with Cryptographic Methods 16

2.3.3 Symmetric Encryption Methods 17

2.3.4 Hash Functions 18

2.3.5 Public-Key Cryptography and PKI 19

2.3.6 Cryptanalysis 20

2.4 Introduction to LTE Standardization 21

2.4.1 Working Procedures in 3GPP 22

2.5 Notes on Terminology and Specification Language 26

2.5.1 Terminology 26

2.5.2 Specification Language 27

3 GSM Security 29

3.1 Principles of GSM Security 29

3.2 The Role of the SIM 30

3.3 Mechanisms of GSM Security 31

3.3.1 Subscriber Authentication in GSM 32

3.3.2 GSM Encryption 32

3.3.3 GPRS Encryption 33

3.3.4 Subscriber Identity Confidentiality 34

3.4 GSM Cryptographic Algorithms 34

4 Third-Generation Security (UMTS) 37

4.1 Principles of Third-Generation (3G) Security 37

4.1.1 Elements of GSM Security Carried over to 3G 37

4.1.2 Weaknesses in GSM Security 38

4.1.3 Higher Level Objectives 39

4.2 Third-Generation Security Mechanisms 40

4.2.1 Authentication and Key Agreement 40

4.2.2 Ciphering Mechanism 45

4.2.3 Integrity Protection Mechanism 46

4.2.4 Identity Confidentiality Mechanism 48

4.3 Third-Generation Cryptographic Algorithms 49

4.3.1 KASUMI 50

4.3.2 UEA1 and UIA1 51

4.3.3 SNOW3G, UEA2 and UIA2 51

4.3.4 MILENAGE 54

4.3.5 Hash Functions 54

4.4 Interworking between GSM and 3G Security 55

4.4.1 Interworking Scenarios 55

4.4.2 Cases with SIM 56

4.4.3 Cases with USIM 57

4.4.4 Handovers between GSM and 3G 58

4.5 Network Domain Security 59

4.5.1 Generic Security Domain Framework 59

4.5.2 Security Mechanisms for NDS 62

4.5.3 Application of NDS 64

4.6 Architectures with RNCs in Exposed Locations 65

5 3G–WLAN Interworking 67

5.1 Principles of 3G–WLAN Interworking 67

5.1.1 The General Idea 67

5.1.2 The EAP Framework 69

5.1.3 Overview of EAP-AKA 72

5.2 Security Mechanisms of 3G–WLAN Interworking 75

5.2.1 Reference Model for 3G–WLAN Interworking 75

5.2.2 Security Mechanisms of WLAN Direct IP Access 76

5.2.3 Security Mechanisms of WLAN 3GPP IP Access 78

5.3 Cryptographic Algorithms for 3G–WLAN Interworking 81

6 EPS Security Architecture 83

6.1 Overview and Relevant Specifications 83

6.1.1 Need for Security Standardization 85

6.1.2 Relevant Nonsecurity Specifications 87

6.1.3 Security Specifications for EPS 88

6.2 Requirements and Features of EPS Security 89

6.2.1 Threats against EPS 90

6.2.2 EPS Security Features 91

6.2.3 How the Features Meet the Requirements 95

6.3 Design Decisions for EPS Security 97

6.4 Platform Security for Base Stations 103

6.4.1 General Security Considerations 103

6.4.2 Specification of Platform Security 103

6.4.3 Exposed Position and Threats 103

6.4.4 Security Requirements 104

7 EPS Authentication and Key Agreement 109

7.1 Identification 109

7.1.1 User Identity Confidentiality 110

7.1.2 Terminal Identity Confidentiality 111

7.2 The EPS Authentication and Key Agreement Procedure 112

7.2.1 Goals and Prerequisites of EPS AKA 112

7.2.2 Distribution of EPS Authentication Vectors from HSS to MME 114

7.2.3 Mutual Authentication and Establishment of a Shared Key between the Serving Network and the UE 118

7.2.4 Distribution of Authentication Data inside and between Serving Networks 122

7.3 Key Hierarchy 123

7.3.1 Key Derivations 124

7.3.2 Purpose of the Keys in the Hierarchy 125

7.3.3 Cryptographic Key Separation 127

7.3.4 Key Renewal 128

7.4 Security Contexts 129

7.4.1 EPS Security Context 129

7.4.2 EPS NAS Security Context 130

7.4.3 UE Security Capabilities 130

7.4.4 EPS AS Security Context 130

7.4.5 Native versus Mapped Contexts 130

7.4.6 Current versus Non-current Contexts 131

7.4.7 Key Identification 131

7.4.8 EPS Security Context Storage 131

7.4.9 EPS Security Context Transfer 132

8 EPS Protection for Signalling and User Data 133

8.1 Security Algorithms Negotiation 133

8.1.1 Mobility Management Entities 134

8.1.2 Base Stations 135

8.2 NAS Signalling Protection 136

8.2.1 NAS Security Mode Command Procedure 136

8.2.2 NAS Signalling Protection 137

8.3 AS Signalling and User Data Protection 138

8.3.1 AS Security Mode Command Procedure 138

8.3.2 RRC Signalling and User Plane Protection 138

8.3.3 RRC Connection Re-establishment 140

8.4 Security on Network Interfaces 141

8.4.1 Application of NDS to EPS 141

8.4.2 Security for Network Interfaces of Base Stations 142

8.5 Certificate Enrolment for Base Stations 143

8.5.1 Enrolment Scenario 143

8.5.2 Enrolment Principles 144

8.5.3 Enrolment Architecture 147

8.5.4 CMPv2 Protocol and Certificate Profiles 148

8.5.5 CMPv2 Transport 149

8.5.6 Example Enrolment Procedure 150

8.6 Emergency Call Handling 151

8.6.1 Emergency Calls with NAS and AS Security Contexts in Place 153

8.6.2 Emergency Calls without NAS and AS Security Contexts 153

8.6.3 Continuation of the Emergency Call When Authentication Fails 154

9 Security in Intra-LTE State Transitions and Mobility 155

9.1 Transitions to and from Registered State 156

9.1.1 Registration 156

9.1.2 Deregistration 156

9.2 Transitions between Idle and Connected States 157

9.2.1 Connection Initiation 158

9.2.2 Back to Idle State 158

9.3 Idle State Mobility 158

9.4 Handover 161

9.4.1 Handover Key Management Requirements Background 161

9.4.2 Handover Keying Mechanisms Background 162

9.4.3 LTE Key Handling in Handover 166

9.4.4 Multiple Target Cell Preparations 168

9.5 Key Change on the Fly 169

9.5.1 KeNB Rekeying 169

9.5.2 KeNB Refresh 169

9.5.3 NAS Key Rekeying 170

9.6 Periodic Local Authentication Procedure 170

9.7 Concurrent Run of Security Procedures 171

10 EPS Cryptographic Algorithms 175

10.1 Null Algorithms 176

10.2 Ciphering Algorithms 177

10.3 Integrity Algorithms 180

10.4 Key Derivation Algorithms 180

11 Interworking Security between EPS and Other Systems 183

11.1 Interworking with GSM and 3G Networks 183

11.1.1 Routing Area Update Procedure in UTRAN or GERAN 186

11.1.2 Tracking Area Update Procedure in EPS 187

11.1.3 Handover from EPS to 3G or GSM 190

11.1.4 Handover from 3G or GSM to EPS 191

11.2 Interworking with Non-3GPP Networks 193

11.2.1 Principles of Interworking with Non-3GPP Networks 193

11.2.2 Authentication and Key Agreement for Trusted Access 201

11.2.3 Authentication and Key Agreement for Untrusted Access 205

11.2.4 Security for Mobile IP Signalling 208

11.2.5 Mobility between 3GPP and Non-3GPP Access Networks 211

12 Security for Voice over LTE 215

12.1 Methods for Providing Voice over LTE 215

12.1.1 IMS over LTE 216

12.1.2 Circuit Switched Fallback (CSFB) 218

12.1.3 Single Radio Voice Call Continuity (SRVCC) 218

12.2 Security Mechanisms for Voice over LTE 220

12.2.1 Security for IMS over LTE 220

12.2.2 Security for Circuit Switched Fallback 228

12.2.3 Security for Single Radio Voice Call Continuity 228

12.3 Rich Communication Suite and Voice over LTE 230

13 Security for Home Base Station Deployment 233

13.1 Security Architecture, Threats and Requirements 234

13.1.1 Scenario 234

13.1.2 Threats and Risks 237

13.1.3 Requirements 239

13.1.4 Security Architecture 240

13.2 Security Features 241

13.2.1 Authentication 241

13.2.2 Local Security 243

13.2.3 Communications Security 244

13.2.4 Location Verification and Time Synchronization 244

13.3 Security Procedures Internal to the Home Base Station 244

13.3.1 Secure Boot and Device Integrity Check 245

13.3.2 Removal of Hosting Party Module 245

13.3.3 Loss of Backhaul Link 245

13.3.4 Secure Time Base 246

13.3.5 Handling of Internal Transient Data 246

13.4 Security Procedures between Home Base Station and Security Gateway 247

13.4.1 Device Integrity Validation 247

13.4.2 Device Authentication 247

13.4.3 IKEv2 and Certificate Profiling 250

13.4.4 Certificate Processing 253

13.4.5 Combined Device-Hosting Party Authentication 255

13.4.6 Authorization and Access Control 256

13.4.7 IPsec Tunnel Establishment 258

13.4.8 Verification of HeNB Identity and CSG Access 258

13.4.9 Time Synchronization 260

13.5 Security Aspects of Home Base Station Management 261

13.5.1 Management Architecture 261

13.5.2 Management and Provisioning during Manufacturing 264

13.5.3 Preparation for Operator-Specific Deployment 266

13.5.4 Relationships between HeNB Manufacturer and Operator 267

13.5.5 Security Management in Operator Network 267

13.5.6 Protection of Management Traffic 268

13.5.7 Software Download 270

13.5.8 Location Verification 272

13.6 Closed Subscriber Groups and Emergency Call Handling 275

13.6.1 UE Access Control to HeNBs 275

13.6.2 Emergency Calls 276

13.7 Support for Subscriber Mobility 277

13.7.1 Mobility Scenarios 277

13.7.2 Direct Interfaces between HeNBs 278

14 Relay Node Security 281

14.1 Overview of Relay Node Architecture 281

14.1.1 Basic Relay Node Architecture 281

14.1.2 Phases for Start-Up of Relay Nodes 283

14.2 Security Solution 284

14.2.1 Security Concepts 284

14.2.2 Security Procedures 288

14.2.3 Security on the Un Interface 290

14.2.4 USIM and Secure Channel Aspects 290

14.2.5 Enrolment Procedures 291

14.2.6 Handling of Subscription and Certificates 291

15 Security for Machine-Type Communications 293

15.1 Security for MTC at the Application Level 294

15.1.1 MTC Security Framework 295

15.1.2 Security (Kmr) Bootstrapping Options 298

15.1.3 Connection (Kmc) and Application-Level Security Association (Kma) Establishment Procedures 301

15.2 Security for MTC at the 3GPP Network Level 301

15.2.1 3GPP System Improvements for MTC 301

15.2.2 Security Related to 3GPP System Improvements for MTC 303

15.3 Security for MTC at the Credential Management Level 306

15.3.1 Trusted Platform in the Device 307

15.3.2 Embedded UICC 307

15.3.3 Remote Management of Credentials 308

16 Future Challenges 309

16.1 Near-Term Outlook 309

16.1.1 Security for Relay Node Architectures 309

16.1.2 Security for Interworking of 3GPP Networks and Fixed Broadband Networks 310

16.1.3 Security for Voice over LTE 310

16.1.4 Security for Machine-Type Communication 311

16.1.5 Security for Home Base Stations 311

16.1.6 New Cryptographic Algorithms 312

16.1.7 Public Warning System 313

16.1.8 Proximity Services 314

16.2 Far-Term Outlook 314

Abbreviations 319

References 327

Index 337