Intermediate: Security in Mobile Cellular Networks

Security in Mobile Cellular
Networks
@3g4gUK

3GPP Security Architecture
©3G4G
• 3GPP TS 33.102: 3G Security; Security architecture
• 3GPP TS 33.401: 3GPP System Architecture Evolution
(SAE); Security architecture
Five security feature groups are defined. Each of these feature
groups meets certain threats and accomplishes certain
security objectives:
o Network access security (I): the set of security features that
provide users with secure access to services, and which in
particular protect against attacks on the (radio) access link.
o Network domain security (II): the set of security features that
enable nodes to securely exchange signalling data, user data
(between AN and SN and within AN), and protect against attacks
on the wireline network.
o User domain security (III): the set of security features that secure
access to mobile stations.
o Application domain security (IV): the set of security features that
enable applications in the user and in the provider domain to
securely exchange messages.
o Visibility and configurability of security (V): the set of features
that enables the user to inform himself whether a security feature
is in operation or not and whether the use and provision of
services should depend on the security feature.

Evolution of 3GPP Security (I)
©3G4G
Source: 3GPP - Bengt Sahlin

Evolution of 3GPP Security (II)
©3G4G
Source: 3GPP - Bengt Sahlin

Evolution of 3GPP Security in 5G
©3G4G
Source: Huawei 5G Security Architecture White Paper

Scope of this Presentation
©3G4G
• User Identity Confidentiality
• Authentication
• Ciphering (Confidentiality)
• Integrity Protection
• Signalling examples
• Sample messages (where available)
• Simple examples of hacking of the mobile network

Identities
©3G4G
• Each Mobile device contain IMEI (International
Mobile Equipment Identity)
• The SIM card contains IMSI (International Mobile
Subscriber Identity)
• During the operation, IMSI has to be hidden with
help of temporary identities in order to provide:
• user identity confidentiality
• user location confidentiality
• user untraceability

Temporary Identities
©3G4G
• In 2G/3G:
• TMSI (Temporary Mobile Subscriber Identity)
• P-TMSI (Packet TMSI)
• In 4G/LTE:
• GUTI (Globally Unique Temporary UE Identity)
GUMMEI - Globally Unique MME Identifier
MMEGI - MME Group ID
MMEC - MME Code
S-TMSI = SAE Temporary Mobile Subscriber Identity
M-TMSI = MME Temporary Mobile Subscriber Identity
More details: 3GPP TS 23.003

What is Authentication?
©3G4G
• Authentication is to verify everyone
is who they claim to be Hello, I am James Bond
Hello, I am the Queen
• Authentication is performed via AKA or Authentication and Key
Agreement Procedure
• In 2G, we only had Handset Authentication whereas in 3G & 4G, we
perform Mutual Authentication to verify the handset as well as the
base station.

2G, 3G, 4G Simple Network Architecture
©3G4G
BSC
BTS
MSC
Voice (PSTN)
Network
SGSN
Data (IP)
Network
RNC
Node BeNodeB
MME
GGSN
Access
Network
Core
Network
Air
Interface
MSUEUE
BSSRNS
S-GW
P-GW
2G 2.5G
3G 4G
EPC

HLR, HSS & AuC
©3G4G
• HLR – Home Location Register
• HSS – Home Subscriber Server
• AuC – Authentication Center
4G PS Core
Network
2G/3G PS
Core Network
2G/3G CS
Core Network
HLR/HSS/AuC
DATA
Logic
Further Reading: 3G4G Blog

UICC & SIM
©3G4G
2G SIM UMTS SIM (USIM)
IMSI MSISDN
SMS Data
Address Book
IMSI
MSISDN
MSISDN
MSISDN
Authentication
Data and Keys
Multimedia
Messaging
Config Data
IMS SIM (ISIM)
Security Keys
Home Network Domain
Name (URI)
Private User Identity
y
Public User Identity
Administrative Data
Access Rule Reference
Address of P-CSCF
Ki

The Attach Procedure Signalling
©3G4G
UE AN CS CN PS CN
Access Network (AN) Core Network (CN)
PS CN broadcast information
CS CN broadcast information
System information messages
Hello, I am UE 1
Hello UE1, please use this channel <…>
Thanks, I am all setup.
Hello, I am UE 1. Want to Attach and let you know that I am now active
Hello UE 1, please authenticate yourself against this vector <…>
No problems, here is my authentication response <…>

The Attach Procedure Signalling
©3G4G
UE AN CS CN PS CN
I trust UE1, please establish security with it
Establish Security using <…>
Thanks, all done.
Security Established
UE1 is now connected to us
Attach Accept. Please use this new temporary identity for now
Attach Complete.

What is Ciphering?
©3G4G
• Ciphering is the process of Encryption &
Decryption
• Its got nothing to do with compression /
decompression
• Example of 2G Ciphering

Actual Security Procedure in GSM
©3G4G
UE BSC MSC/VLR
Authentication Request (CKSN, RAND)
Authentication Response (SRES)
BTS
Cipher Mode Command (Kc, A5x)
Cipher Mode Complete
Cipher Mode Command (Kc, A5x)
Cipher Mode Command (A5x)
CKSN – Cipher Key Sequence Number
RAND – Random Number (128 bits)
SRES – Signed Response (32 bits)
XRES – Expected Response (32 bits)
Kc – Ciphering Key (64 bit)
A5 – Encryption Algorithm (A5/0 to A5/7)

Actual Security Procedure in GPRS
©3G4G
UE BSC SGSN
Authentication and Ciphering Request (RAND)
Authentication and Ciphering Response (SRES)
BTS
CKSN – Cipher Key Sequence Number
RAND – Random Number (128 bits)
SRES – Signed Response (32 bits)
XRES – Expected Response (32 bits)
Kc – Ciphering Key (64 bit)
A5 – Encryption Algorithm (A5/0 to A5/7)

Security Architecture Evolution
©3G4G
Core
Network
MS / UE BTS / NodeB BSC / RNC / eNodeB MSC/SGSN/EPC
GSM
Handset Authentication
Ciphering (AN CP, UP)
GPRS
Handset Authentication + Ciphering (AN CP, UP)
AN – Access Network
AS – Access Stratum
RRC – Radio Resource Control
NAS – Non-Access Stratum
CP – Control Plane
UP – User Plane

Fake Cell Towers on Planes to Gather Data From
Phones
©3G4G
Source: MacRumors

What is Integrity Protection?
©3G4G
• A 32 bit (4 octet) number is added to certain signalling messages in 3G &
4G to authenticate individual messages
• In 3G, Integrity protection is done at RRC layer
• In 4G, a Integrity protection happens at PDCP and in NAS.

Example of MAC-I in 3G / UMTS
©3G4G
• Message Authentication Code MAC-I

Example of MAC-I in 4G / LTE
©3G4G

UMTS Security Overview
©3G4G
Further Reading & References: UMTS Security: A Primer

©3G4G
UE RNC VLR / SGSNNodeB
RRC Connection Setup Procedure
(Start Value, HFNs and the Security Capability is stored in RNC )
Initial L3 Message (user identity, KSI, etc)
Authentication & Key Agreement (AKA) Procedure
UIA, UEA
decision
Security Mode Command (UIAs, IK, UEAs, CK, etc)
Select UIA, UEA
Generate FRESH
Start Integrity

©3G4G
UE RNC VLR / SGSNNodeB
Security Mode Complete
Verify received
message
Security Mode Command (CN domain, UIA, UEA, FRESH, Security Capability, etc)
Start Integrity
Security Mode Complete (selected UIA, UEA)

Key things to remember in UMTS Security
©3G4G
• Integrity protection is mandatory and Ciphering optional
• The user plane (UP) for each domain is protected by its own Ciphering Key
while the control plane (CP) is protected by Ciphering & Integrity Keys from
the last domain
• Ciphering for CS domain happens in MAC as RLC is in transparent mode
(TM)
• Ciphering for PS domain happens in RLC for acknowledged mode (AM) or
unacknowledged mode (UM)
• For the first domain
• Authentication messages are not Integrity Protected or Ciphered
• Security Mode Command is the first Integrity protected message

Key things to remember in UMTS Security
©3G4G
• For the second domain
• Authentication messages are Integrity Protected and optionally
ciphered with the first domain keys
• Security Mode Command requests modification of Integrity protection
and Ciphering for the CP
• The new integrity protection and ciphering takes place after the
Security Procedure is complete
• It is possible that ciphering is enabled for one domain and disabled for
another

Actual Security Procedure in UMTS – PS
©3G4G
UE RNC SGSN
Authentication and Ciphering Request
Node B
Security Mode Command

UMTS Security for PS Domain - Authentication
©3G4G
DL-DCCH-Message
-----> downlinkDirectTransfer
DL-DCCH-Message =
message = downlinkDirectTransfer = r3 =
downlinkDirectTransfer-r3 =
rrc-TransactionIdentifier = 0
cn-DomainIdentity = ps-domain
nas-Message = 0812013021D5770C6D363E30C364A4078F1BF8ED3A8028106E323B36C46C5555D5760E6E323B6391
-----> Authentication and Ciphering Request PDU:
Transaction Identifier or Skip Indicator [4 bits] = 0x0 [ 0 ]
Protocol Discriminator [4 bits] = 0x8 - GPRS Mobility Management [ 8 ]
Message Type [8 bits] = 0x12 - Authentication and Ciphering Request [ 18 ]
IMEISV Request
Spare Bits [1 bit] = 0x0 [ 0 ]
value [3 bits] = 0x0 - IMEISV Not Requested [ 0 ]
Ciphering Algorithm
Type of Algorithm [3 bits] = 0x1 [ 1 ]
A & C Reference Number
value [4 bits] = 0x3 [ 3 ]
Force Standby
value [3 bits] = 0x0 - Force to Standby Not Indicated [ 0 ]
Authentication Parameter Rand
IE Identifier [8 bits] = 0x21 [ 33 ]
Authentication Parameter Rand = 0xD5770C6D363E30C364A4078F1BF8ED3A
Ciphering Key Sequence Number
Key Sequence [3 bits] = 0x0 - Ciphering Key Sequence Number [ 0 ]
Authentication Parameter AUTN
IE Length [8 bits] = 0x10 [ 16 ]
value = 0x6E323B36C46C5555D5760E6E323B6391
UL-DCCH-Message
<----- uplinkDirectTransfer
UL-DCCH-Message =
message = uplinkDirectTransfer =
nas-Message = 08130322D5760E6E290C323B36C46CAD0D8417F5E335
Authentication and Ciphering Response
<----- Authentication and Ciphering Response PDU:
Protocol Discriminator [4 bits] = 0x8 - GPRS Mobility Management [ 8 ]
Message Type [8 bits] = 0x13 - Authentication and Ciphering Response [ 19 ]
Spare Half Octet [4 bits] = 0x0 [ 0 ]
A & C Reference Number
value [4 bits] = 0x3 [ 3 ]
Authentication Response Signature
Value = 0xD5760E6E [ 3581283950 ]
Authentication Response Parameter
IE Length [8 bits] = 0xC [ 12 ]
value = 0x323B36C46CAD0D8417F5E335
Source: 3GPP Conformance Test 8.1.7.1c

UMTS Security for PS Domain - Security
©3G4G
DL-DCCH-Message
-----> securityModeCommand
DL-DCCH-Message =
integrityCheckInfo =
messageAuthenticationCode = 01000111111001000001111101101001
rrc-MessageSequenceNumber = 0
message = securityModeCommand = r3 =
securityModeCommand-r3 =
securityCapability =
cipheringAlgorithmCap = 0000000000000011
integrityProtectionAlgorithmCap = 0000000000000010
cipheringModeInfo =
cipheringModeCommand = startRestart = uea1
rb-DL-CiphActivationTimeInfo = SEQUENCE OF RB-ActivationTimeInfo
RB-ActivationTimeInfo(1) =
rb-Identity = 1
rlc-SequenceNumber = 0
rb-Identity = 2
rb-Identity = 3
rb-Identity = 4
integrityProtectionModeInfo =
integrityProtectionModeCommand = startIntegrityProtection =
integrityProtInitNumber = 00000000000000000000000000000000
integrityProtectionAlgorithm = uia1
ue-SystemSpecificSecurityCap = SEQUENCE OF InterRAT-UE-SecurityCapability
InterRAT-UE-SecurityCapability(1) = gsm =
gsmSecurityCapability = 0000011
UL-DCCH-Message
<----- securityModeComplete
UL-DCCH-Message =
message = securityModeComplete =
ul-IntegProtActivationInfo =
rrc-MessageSequenceNumberList = SEQUENCE OF RRC-MessageSequenceNumber
RRC-MessageSequenceNumber(1) = 0
rb-UL-CiphActivationTimeInfo = SEQUENCE OF RB-ActivationTimeInfo
rb-Identity = 1
rb-Identity = 2
rb-Identity = 3
rb-Identity = 4

Actual Security Procedure in UMTS - CS
©3G4G
UE RNC MSC/VLR
Authentication Request
Node B

UMTS Security for CS Domain on top of PS
domain - Authentication
©3G4G
DL-DCCH-Message
-----> downlinkDirectTransfer
DL-DCCH-Message =
message = downlinkDirectTransfer = r3 =
downlinkDirectTransfer-r3 =
cn-DomainIdentity = cs-domain
nas-Message = 051200D5770C6D363E30C364A4078F1BF8ED3A20106E323B36C46C5555D5760E6E323B6391
-----> Authentication Request PDU:
Protocol Discriminator [4 bits] = 0x5 - Mobility Management [ 5 ]
Message Type [8 bits] = 0x12 - Authentication Request [ 18 ]
Ciphering Key Sequence Number
Key Sequence [3 bits] = 0x0 - Ciphering Key Sequence Number [ 0 ]
Authentication Parameter Rand = 0xD5770C6D363E30C364A4078F1BF8ED3A
value = 0x6E323B36C46C5555D5760E6E323B6391
UL-DCCH-Message
<----- uplinkDirectTransfer
UL-DCCH-Message =
message = uplinkDirectTransfer =
nas-Message = 0514D5760E6E210C323B36C46CAD0D8417F5E335
Authentication Response
<----- Authentication Response PDU:
Protocol Discriminator [4 bits] = 0x5 - Mobility Management [ 5 ]
Message Type [8 bits] = 0x14 - Authentication Response [ 20 ]
Authentication Response Signature
Value = 0xD5760E6E [ 3581283950 ]
Authentication Response Parameter
IE Length [8 bits] = 0xC [ 12 ]
value = 0x323B36C46CAD0D8417F5E335

domain - Security
©3G4G
DL-DCCH-Message
-----> securityModeCommand
DL-DCCH-Message =
message = securityModeCommand = r3 =
securityModeCommand-r3 =
securityCapability =
cipheringAlgorithmCap = 0000000000000011
integrityProtectionAlgorithmCap = 0000000000000010
cipheringModeInfo =
cipheringModeCommand = startRestart = uea1
rb-DL-CiphActivationTimeInfo = SEQUENCE OF RB-ActivationTimeInfo
rb-Identity = 1
rb-Identity = 2
rb-Identity = 3
rb-Identity = 4
integrityProtectionModeInfo =
integrityProtectionModeCommand = modify =
dl-IntegrityProtActivationInfo =
integrityProtectionAlgorithm = uia1
ue-SystemSpecificSecurityCap = SEQUENCE OF InterRAT-UE-SecurityCapability
InterRAT-UE-SecurityCapability(1) = gsm =
gsmSecurityCapability = 0000011
UL-DCCH-Message
<----- securityModeComplete
UL-DCCH-Message =
message = securityModeComplete =
ul-IntegProtActivationInfo =
rb-UL-CiphActivationTimeInfo = SEQUENCE OF RB-ActivationTimeInfo
rb-Identity = 1
rb-Identity = 2
rb-Identity = 3
rb-Identity = 4

domain – Voice Radio Bearers Setup
©3G4G
DL-DCCH-Message
-----> radioBearerSetup
DL-DCCH-Message =
message = radioBearerSetup = r3 =
radioBearerSetup-r3 =
activationTime = 184
rrc-StateIndicator = cell-DCH
rab-InformationSetupList = SEQUENCE OF RAB-InformationSetup
RAB-InformationSetup(1) =
rab-Info =
rab-Identity = gsm-MAP-RAB-Identity = 00000001
re-EstablishmentTimer = useT314
rb-InformationSetupList = SEQUENCE OF RB-InformationSetup
RB-InformationSetup(1) =
rb-Identity = 10
rlc-InfoChoice = rlc-Info =
ul-RLC-Mode = ul-TM-RLC-Mode =
segmentationIndication = FALSE
dl-RLC-Mode = dl-TM-RLC-Mode =
segmentationIndication = FALSE
rb-MappingInfo = SEQUENCE OF RB-MappingOption
RB-MappingOption(1) =
ul-LogicalChannelMappings = oneLogicalChannel =
ul-TransportChannelType = dch = 1
rlc-SizeList = configured = NULL
mac-LogicalChannelPriority = 6
dl-LogicalChannelMappingList = SEQUENCE OF DL-LogicalChannelMapping
DL-LogicalChannelMapping(1) =
dl-TransportChannelType = dch = 6
RB-InformationSetup(2) =
rb-Identity = 11
…
UL-DCCH-Message
<----- radioBearerSetupComplete
UL-DCCH-Message =
message = radioBearerSetupComplete =
start-Value = 00000000000000000010
count-C-ActivationTime = 168

©3G4G
Core
Network
GSM
GPRS
UMTS
Mutual Authentication
Ciphering (RRC / AN CP, UP) + Signalling Integrity (RRC)
UP – User Plane
IPSec (Optional)

Hacking The Femtocells - UMTS
©3G4G
More Info: Femto Hacking in UMTS and LTE

Key Hierarchy in LTE / E-UTRAN
©3G4G
Picture Source: RedYoda 3GPP Spec Reference: TS 33.401
K - Master key
CK - Cipher Key
IK - Integrity Key
KASME - Key-Access Security Management Entity
KNASenc - Key-NAS encryption
KNASint - Key-NAS integrity
KeNB - Key-eNodeB
NH - Next Hop
KUPint - Key-User Plane integrity
KUPenc - Key-User Plane encryption
KRRCint - Key-Radio Resource Control integrity
KRRCenc - Key-Radio Resource Control encryption

EPS Authentication and Key Agreement (EPS-AKA)
procedure
©3G4G
Picture Source: RedYoda 3GPP Spec Reference: TS 33.401
AUTN - Authentication Token
RAND - A 128 bit random number
SQN - 48 bit sequence number
RES - Response
XRES - Expected Response
KDF - Key Derivation Function
KSI - Key Set Identifier
SN Id - Serving Network Id
K - Master key
CK - Cipher Key
IK - Integrity Key
KASME - Key-Access Security Management Entity

Actual Security Procedure in LTE
©3G4G
UE eNodeB MME
NAS: Security Mode Complete
NAS: Security Mode Command
RRC: Security Mode Complete
RRC: Security Mode Command

LTE Security Signaling - Authentication
©3G4G
Authentication Request PDU
Security header type [4 bits] = 0x0 [ 0 ]
Protocol Discriminator [4 bits] = 0x7 [ 7 ]
Message Type [8 bits] = 0x52 - Authentication Request [ 82 ]
NAS key set identifierASME
Type of security context flag [1 bit] = 0x0 [ 0 ]
ksi [3 bits] = 0x0 [ 0 ]
Authentication Parameter Rand
Authentication Parameter Rand = 0xA3DE0C6D363E30C364A4078F1BF8D577
value = 0x6E323B36C46C5555A3DF0E6E323B6391
075200A3DE0C6D363E30C364A4078F1BF8D577106E323B36C46C5555A3DF0E6E323B6391
DL-DCCH-Message
dlInformationTransfer
DL-DCCH-Message =
message = c1 = dlInformationTransfer =
criticalExtensions = c1 = dlInformationTransfer-r8 =
dedicatedInfoType = dedicatedInfoNAS =
075200A3DE0C6D363E30C364A4078F1BF8D577106E323B36C46C5555A3DF0E6E323B6391
0801203A90051EF06369B1F1861B25203C78DFC6ABB8837191D9B62362AAAD1EF8737191DB1C88
UL-DCCH-Message
ulInformationTransfer
UL-DCCH-Message =
message = c1 = ulInformationTransfer =
criticalExtensions = c1 = ulInformationTransfer-r8 =
dedicatedInformationType = dedicatedInfoNAS = 075308A3DF0E6E323B36C4
480160EA61147BE1CDC64766D880
Authentication Response
Authentication Response PDU
Message Type [8 bits] = 0x53 - Authentication Response [ 83 ]
Authentication response parameter
Authentication response parameter information = 0xA3DF0E6E323B36C4
075308A3DF0E6E323B36C4
Source: 3GPP Conformance Test 8.1.2.1

LTE Security Signaling – NAS Security 1
©3G4G
Security Mode Command PDU
Security Mode Command PDU
[1]Security header type [4 bits] = 0x0 [ 0 ]
Message Type [8 bits] = 0x5D - Security Mode Command [ 93 ]
Selected NAS security algorithms
Type of ciphering algorithm [3 bits] = 0x0 [ 0 ]
Spare Padding [1 bit] = 0x0 [ 0 ]
Type of integrity protection algorithm [3 bits] = 0x1 [ 1 ]
NAS key set identifierASME
Type of security context flag [1 bit] = 0x0 [ 0 ]
ksi [3 bits] = 0x0 [ 0 ]
Replayed UE security capabilities
eea0_128 [1 bit] = 0x1 [ 1 ]
eea1_128 [1 bit] = 0x1 [ 1 ]
eea2_128 [1 bit] = 0x0 [ 0 ]
eea3 [1 bit] = 0x0 [ 0 ]
eea4 [1 bit] = 0x0 [ 0 ]
eea5 [1 bit] = 0x0 [ 0 ]
eea6 [1 bit] = 0x0 [ 0 ]
eea7 [1 bit] = 0x0 [ 0 ]
eia1_128 [1 bit] = 0x1 [ 1 ]
eia2_128 [1 bit] = 0x0 [ 0 ]
eia3 [1 bit] = 0x0 [ 0 ]
eia4 [1 bit] = 0x0 [ 0 ]
eia5 [1 bit] = 0x0 [ 0 ]
eia6 [1 bit] = 0x0 [ 0 ]
eia7 [1 bit] = 0x0 [ 0 ]
075D010002C0C0
Continued…
Security Protected NAS Message
Security Protected NAS Message PDU
MAC = 0x0B4DAFA8 [ 189640616 ]
Sequence Number = 0x00 [ 0 ]
NAS message = 0x075D010002C0C0
370B4DAFA800075D010002C0C0
DL-DCCH-Message
dlInformationTransfer
DL-DCCH-Message =
message = c1 = dlInformationTransfer =
criticalExtensions = c1 = dlInformationTransfer-r8 =
dedicatedInfoType = dedicatedInfoNAS = 370B4DAFA800075D010002C0C0
080069B85A6D7D40003AE80800160600

LTE Security Signaling – NAS Security 2
©3G4G
UL-DCCH-Message
ulInformationTransfer
UL-DCCH-Message =
message = c1 = ulInformationTransfer =
criticalExtensions = c1 = ulInformationTransfer-r8 =
dedicatedInformationType = dedicatedInfoNAS = 4794E585C000075E
480108F29CB0B80000EBC0
Security Protected NAS Message
Security Protected NAS Message PDU
MAC = 0x94E585C0 [ 2498069952 ]
Sequence Number = 0x00 [ 0 ]
NAS message = 0x075E [ 1886 ]
4794E585C000075E
Security Mode Complete PDU
Message Type [8 bits] = 0x5E - Security Mode Complete [ 94 ]
075E
Security header type (octet 1)
8 7 6 5
0 0 0 0 Plain NAS message, not security protected
Security protected NAS message:
0 0 0 1 Integrity protected
0 0 1 0 Integrity protected and ciphered
0 0 1 1 Integrity protected with new EPS security context (NOTE 1)
0 1 0 0 Integrity protected and ciphered with new EPS security context (NOTE 2)
Non-standard L3 message:
1 1 0 0 Security header for the SERVICE REQUEST message
1 1 0 1 These values are not used in this version of the protocol.
to If received they shall be interpreted as '1100'. (NOTE 3)
1 1 1 1
All other values are reserved.
NOTE 1: This codepoint may be used only for a SECURITY MODE COMMAND message.
NOTE 2: This codepoint may be used only for a SECURITY MODE COMPLETE message.
NOTE 3: When bits 7 and 8 are set to '11', bits 5 and 6 can be used for future extensions of
the SERVICE REQUEST message.
Table 9.3.1: Security header type
3GPP TS 24.301 V10.10.0 (2013-03)

LTE Security Signaling – RRC Security
©3G4G
DL-DCCH-Message
securityModeCommand
DL-DCCH-Message =
message = c1 = securityModeCommand =
criticalExtensions = c1 = securityModeCommand-r8 =
securityConfigSMC =
securityAlgorithmConfig =
cipheringAlgorithm = eea0
integrityProtAlgorithm = eia1
300010
PDCPDataReqPDU
PLANE = 1 (Control)
SeqNum = 3
Data Packet = 30 00 10 65 3E 8C...
03300010653E8C00
PDCPDataIndPDU
PLANE = 1 (Control)
SeqNum = 4
Data Packet = 28 00 CC E1 31 D1
042800CCE131D1
UL-DCCH-Message
securityModeComplete
UL-DCCH-Message =
message = c1 = securityModeComplete =
criticalExtensions = securityModeComplete-r8 =
2800

Mapped Security (Applicable for PS Only)
©3G4G
1. No need for Authentication
2. Map security keys from
previous Authentication
LTE2G/3G
HLR/HSS/AuC
DATA
Logic
1. Performs Authentication
2. Performs security
Handover
or
Cell Re-selection
‘Native’ UTRAN to
‘Mapped’ E-UTRAN

Mapped Security (Applicable for PS Only)
©3G4G
‘Native’ E-UTRAN to
‘Mapped’ UTRAN
1. No need for Authentication
2. Map security keys from
previous Authentication
LTE2G/3G
HLR/HSS/AuC
DATA
Logic
1. Performs Authentication
2. Performs security
Handover
or
Cell Re-selection More details

©3G4G
Core
Network
GSM
GPRS
UMTS
Ciphering (RRC / AN CP, UP) + Signalling Integrity (RRC)
LTE
Ciphering (RRC / AN CP, UP) + Signalling Integrity (RRC) IPSec (Optional)
Ciphering (NAS) + Signalling Integrity (NAS)
UP – User Plane
IPSec (Optional)

Summary of Algorithms for 2G, 3G & 4G
©3G4G
GSM GPRS UMTS LTE
Authentication
Algorithms
GSM Milenage GSM Milenage Milenage
TUAK
Milenage
TUAK
Integrity Algorithms UIA0 – NULL
UIA1 – Kasumi
UIA2 – Snow3G
EIA0 – NULL
EIA1 – Snow3G
EIA2 – AES
EIA3 – ZUC
Ciphering
Algorithms
A5/1
A5/2
A5/3
A5/4
GEA3
GEA4
UEA0 - NULL
UEA1 – Kasumi
UEA2 – Snow3G
EEA0 – NULL
EEA1 – Snow3G
EEA2 – AES
EEA3 – ZUC
GSM Milenage - 3GPP TS 55.205, Milenage - 3GPP TS 35.206, TUAK - 3GPP TS 35.231,
A5/3 & GEA3 - 3GPP TS 55.216, A5/4 & GE4 - 3GPP TS 55.226
For other specifications see GSMA Security Algorithms

Further Reading Material
©3G4G
• 3GPP: Confidentiality Algorithms
• GSMA: Security Algorithms
• Netmanias
• LTE Security I: Concept and Authentication
• LTE Security II: NAS and AS Security
• 3G4G Website
• GSM, GPRS and EDGE
• 3G/UMTS Tutorials
• 3GPP LTE/SAE
• Security in Mobile Cellular Systems
• EventHelix:
• GSM, LTE, UMTS and IMS Call Flows
• LTE Security: Encryption and Integrity Protection Call Flows

Hacking: Papers, Talks, Materials
©3G4G
• The SS7 flaws that allows hackers to snoop on your calls and SMS
• Video: LTE & IMSI Catcher Myths - by Ravishankar Borgaonkar & Altaf Shaik & N. Asokan
& Valtteri Niemi & Jean-Pierre Seifert
• Video: Understanding IMSI Privacy - By Ravishankar Borgaonkar and Swapnil Udar
• Video: Femtocells: A Poisonous Needle in the Operator's Hay Stack - Ravishankar
Borgaonkar, Kevin Redon and Nico Golde
• Breaking Band - reverse engineering and exploiting the shannon baseband
• Huawei: Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones
• LTE protocol exploits – IMSI catchers, blocking devices and location leaks - Roger Piqueras
Jover
• WiFi-Based IMSI Catcher
• ‘Small Cells’ and the City
• Long Term Exploitation: “Baseband security? 4Get about it.”

3GPP Specifications
©3G4G
• 3GPP TS 33.102: 3G Security; Security architecture
• 3GPP TS 33.401: 3GPP System Architecture Evolution (SAE); Security architecture
• 3GPP TS 23.401: General Packet Radio Service (GPRS) enhancements for Evolved
Universal Terrestrial Radio Access Network (E-UTRAN) access
• 3GPP TS 36.323: E-UTRA; Packet Data Convergence Protocol (PDCP) specification
• 3GPP TS 25.331: UTRA RRC Protocol Specification
• 3GPP TS 36.331:E-UTRA RRC Protocol specification
• 3GPP TS 24.008: Mobile Radio Interface Layer 3 specification; Core Network
Protocols; Stage 3
• 3GPP TS 24.301: Non-Access-Stratum (NAS) protocol for Evolved Packet System
(EPS); Stage 3

Thank You
To learn more, visit:
3G4G Website – http://www.3g4g.co.uk/
3G4G Blog – http://blog.3g4g.co.uk/
3G4G Small Cells Blog – http://smallcells.3g4g.co.uk/
Operator Watch - http://operatorwatch.3g4g.co.uk/
Follow us on Twitter: https://twitter.com/3g4gUK
Follow us on Facebook: https://www.facebook.com/3g4gUK/
Follow us on Linkedin: https://www.linkedin.com/company/3g4g
Follow us on Slideshare: https://www.slideshare.net/3G4GLtd
Follow us on Youtube: https://www.youtube.com/3G4G5G
Follow us on Storify: https://storify.com/3g4gUK
©3G4G

Intermediate: Security in Mobile Cellular Networks

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Intermediate: Security in Mobile Cellular Networks

Similar to Intermediate: Security in Mobile Cellular Networks (20)

More from 3G4G

More from 3G4G (20)

Recently uploaded

Recently uploaded (20)

Intermediate: Security in Mobile Cellular Networks