3gpp security hot topics - etsi€¦ · · 2010-01-203gpp security hot topics home base station...
TRANSCRIPT
3GPP security hot topicsHome base station &
IMS media plane securityIMS media plane security
Valtteri NiemiNokia Research Center, Lausanne,
SwitzerlandBengt Sahlin,
Ericsson NomadicLab, Jorvas, Finland
© ETSI 2009. All rights reserved5th ETSI Security Workshop
Some history
Some history (1/2)� For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new
specifications, e.g. � TS 33.102 “3G security; Security architecture”� 5 specifications (out of these 19) originated by ET SI SAGE, e.g.
TS 35.202 “KASUMI specification”� For Release 4 (frozen 2001), SA3 was kept busy with
GERAN security while ETSI SAGE originated again 5 new specifications, e.g.� TS 35.205-208 for MILENAGE algorithm set� TS 35.205-208 for MILENAGE algorithm set
� Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.:� TS 33.203 “IMS security”
� Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.:� TS 33.220-222 “Generic Authentication Architecture”
� Release 7 (frozen 2007): SA3 added 13 new specifications� ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl.
SNOW 3G spec) (TS 35.215-218, TR 35.919)
Some history (2/2)� Release 8 (frozen 2008): SA3 added 7 new specifications,
e.g.:� TS 33.401 “SAE: Security architecture”
� Release 9 (frozen end of 2009 ): SA3 added 6 new specifications (one more TR still to be included):� TS 33.224 “Generic Push layer”� TS 33.328 “IMS media plane security”� TS 33.328 “IMS media plane security”� TS 33.320 “Security Aspects of Home NodeB/eNodeB”� TRs:
• 33.937 “Protection against Unsolicited Communicatio n for IMS”• 33.924 “Identity Management and 3GPP Security Inter working”• 33.812 “Feasibility Study on the Security Aspects o f Remote
Provisioning and Change of Subscription for M2M Equ ipment”
Home (e)Node B securityHome (e)Node B security
Configuration of eNB
� Communication between the remote/local O&M systems and the eNB mutually authenticated.
� The eNB shall be able to ensure that software/data change attempts are authorized
� Confidentiality and integrity of software transfer towards the eNB ensured.eNB ensured.
� etc.
(see TS 33.401)
Secure environment inside eNB
� Secure storage of sensitive data, e.g. long term cr yptographic secrets and vital configuration data.
� The secure environment shall support the execution of sensitive functions, e.g. use of long term secrets in authentication protocols.
� The secure environment shall support the execution of � The secure environment shall support the execution of sensitive parts of the boot process.
� Only authorised access shall be granted to the secu re environment.
� etc.
(see TS 33.401)
Home base stations: new architecture
UE H(e)NB SeGWinsecure link
Operator’s core network
H(e)NB-GW
AAA Server/HSS
� Concept of Closed Subscriber Group introduced� Applies also to HSPA base stations
H(e)MSH(e)MS
Security mechanisms for Home base stations
� Device Integrity Check upon booting, based on Trusted Environment (TrE)
� secured Clock synchronization� Device authentication
� Mutual authentication between H(e)NB and SeGW� Based on IKEv2 and certificates
� IPsec tunnel between H(e)NB and SeGW� Optionally Hosting Party authentication, based on UICC� Location verification
Base stations and Lawful interception
� Usually lawful interception is not applied in base stations� However, current (Release 10) work for Local IP Access and
Selective IP Traffic Offload may change the situation
IMS media plane security
Goals of IMS media security
1. to provide security for media usable across all a ccess networks2. to provide an end-to-end media security solution to satisfy major
user categories3. to provide end-to-end media security for importan t user groups
like enterprises, National Security and Public Safe ty (NSPS) organizationsorganizations
Mechanisms for IMS media security
The media stream is protected by SRTP (RFC 3711)
Three solutions for key managementEnd to access edge (e2ae)
���� SDES (RFC 4568) between IMS terminal and P -CSCF (first SIP proxy) ���� SDES (RFC 4568) between IMS terminal and P -CSCF (first SIP proxy) to provide keys
end-to-end (e2e)� SDES between two IMS terminals to exchange keys���� specific Key Management Service with GBA authentication (or a proprietary
authentication mechanism) and MIKEY-TICKET protocol (draft-mattsson-mikey-ticket)
SDES e2e case: Originating side
P-CSCF S-CSCF
1. SDP Offer
2. SDP Offer
Originating Network
3. SDP Offer)
UE A
Terminating Network
4. SDP Answer
5. SDP Answer
6. SDP Answer
7. Completion of session setup and bearer setup procedures
e2e protected media
SDES e2e case: Terminating side
P-CSCF UE B
1. SDP Offer
2. SDP Offer
Terminating Network
3. SDP Offer
S-CSCF
Originating Network
4. SDP Answer
5. SDP Answer
6. SDP Answer
7. Completion of session setup and bearer setup procedures
Media
KMS originating side
P-CSCF S-CSCF
2. SDP Offer
3. SDP Offer
Originating Network
4. SDP Offer)
UE A
Terminating Network
1. Interactions with KMS
5. SDP Answer
6. SDP Answer
7. SDP Answer
8. Completion of session setup and bearer setup procedures
e2e protected media
KMS terminating side
P-CSCF UE B
1. SDP Offer
2. SDP Offer
Terminating Network
3. SDP Offer
S-CSCF
Originating Network
5. SDP Answer
6. SDP Answer
7. SDP Answer
8. Completion of session setup and bearer setup procedures
Media
4. Interactions with KMS Reference figure in 6
Key management for MIKEY TICKET
MIKEY TICKET messages
IMS media security LI issues
� e2e security and LI do not go well together� For SDES and KMS, keys are delivered to LEA – we are OK� IETF prefers DTLS-SRTP, based on Diffie-Hellman key exhange� On the other hand, LI must not be detectable to the target� Three potential solutions (but all problematic for undetectability)� Three potential solutions (but all problematic for undetectability)
� Network plays man-in-the-middle� Key hidden in protocol messages� Terminals disclose keys to network
Summary
� Home (e)NB security� New architecture with more exposed locations of NB’ s� New types of threats� Many new countermeasures needed
� IMS media plane securityTwo methods for IMS media e2e protection� Two methods for IMS media e2e protection
• SDES for major user categories• MIKEY-TICKET for special user groups
� One e2ae method for IMS media protection• SDES
For more information:www.3gpp.org