SlideShare a Scribd company logo

LTE :Mobile Network Security

Satish Chavan
Satish Chavan

LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.

Technology
1 of 29
Download to read offline
LTE :Mobile Network Security Satish Chavan satchavan@gmail.com
Introduction LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP- spoofing, data and service theft, DDoS attacks and numerous other variants of cyber- attacks and crimes. LTE architecture was developed by 3GPP taking into consideration security principles right from its inception and design based on five security feature groups. 1. Network access security, to provide a secure access to the service by the user. 2. Network domain security, to protect the network elements and secure the signalling and user data exchange. 3. User domain security, to control the secure access to mobile stations 4. Application domain security, to establish secure communications over the application layer 5. Visibility and configuration of security, bring the opportunity for the user to check if the security features are in operation.
Introduction-2 I. Network Access Security These security features facilitates the UEs for the secure access to EPC and protects possible attacks on radio link through integrity protection and ciphering between the USIM, ME, EUTRAN and entities of EPC (both serving networks and home networks). II. Network domain security The set of security features protects possible attack on wire line networks and enables the data exchange in secure manner. III. User domain security The mutual authentication of USIM and ME is supported using a secret PIN before they can access each other. IV. Application level security These are the set of security features that enables the application in UE and the service provider domain for the secure exchange of messages. V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non 3GPP access networks and provide security protection on the access link.
LTE architecture model has been divided into the following network segments: LTELTE architecture model 1. User equipment (UE), 2. Access, 3. Evolved Packet Core Transport 4. Service network LTE security architecture
Key security threats/risks LTE security requirements are very different from UMTS. An LTE security gateway solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also provide SCTP firewall functions to protect the mobile packet core from signaling storms and man in the middle attacks. Key security threats/risks: 1. Distributed network and open architecture 2. Complex business models (IS/Service sharing) 3. Decentralized accountability for security 4. Minimizing security spend Preventative measures: 1. Interoperability standards 2. Strong partner agreement 3. Security audits with remediation commitments 4. Security Budget
LTENetwork segments wise risk and measures-1 Network segments Key risks ,Security threats Preventative measures User Equipment (UE) subscriber entry points into the LTE network 1. Physical attacks 2. Risk of data loss, privacy 3. Lack of security standards & controls on UEs 4. Application layer: virus, malware, phishing 1. Subscriber education 2. Antivirus 3. Industry security standards & controls on UE 4. Strong authentication, authorization, encryption Access interconnection between UE and EUTRAN. 1. Physical attacks 2. Rogue eNodeBs 3. Eavesdropping, Redirection, MitM attacks, DoS 4. Privacy 1. Physical security 2. Authentication, authorization, encryption 3. Network monitoring, IPS systems 4. Security Architecture
LTE Network segments Key risks ,Security threats Preventative measures Core (EPC)/Transport manages user authentication, authorization and accounting (AAA), IP address allocation, mobility , charging, QoS and security 1. Unauthorized access 2. DoS and DDoS attacks 3. Overbilling attacks (IP address hijacking, IP spoofing) 1. Security Architecture: VPNs, VLANs 2. Encryption, IKE/ IPSec 3. Network monitoring, management and load balancing Service Network Security management in IMS is particularly important 1. Unauthorised access 2. Service abuse attacks, Theft of service 3. Network snoop, session hijacking 1. Border Security 2. Strong authentication 3. Enable security protocols 4. Implement Security Gateways Network segments wise risk and measures-2
Attack type Trigger and impact DDoS The target network is flooded by traffic from multiple sources. Ping flood A large volume of ping packets causes a network to crash. In a “ping of death,” malformed ping requests are used. SYN flood The attacker sends a high number of TCP/SYN packets, which the network accepts as connection requests and which overwhelm the network. Replay attack The attacker intercepts legitimate signaling traffic and retransmits it until the network is overwhelmed. SQL injection The attacker sends malicious commands in statements to a SQL database to make unauthorized changes to the database or to get a copy of the data. DNS hijacking The attacker redirects DNS queries to a rogue DNS server. IP port scans The attacker scans network elements for active ports and exploits their vulnerabilities. Attack type,Trigger and impact
Legacy Network IP Based network Mobile Devices Voice-based network, Limited data capabilities: easier for operators to control. Data-centric devices, visible from the internet: increased vulnerability, more entry points, less control. Equipment Expensive RAN equipment, large form factor: difficult to buy or operate a rogue base station. Femto cells, small cells and Wi-Fi hotspots: Easier and cheaper provide an entry point to the mobile network. Network architecture Proprietary, Hierarchical/Close networks Difficult to penetrate, Easier to protect. Flat networks, More connections among elements Porous easier to penetrate. Signaling SS7: Closed signaling environment, Difficult to penetrate. Diameter: IP increases mobile networks vulnerability to security threats. Applications Few applications available or used limited entry points to devices. Applications in a fragmented is difficult to control Misc / Economic /security targets. Billing fraud Limited use of cellular networks for M2M applications. Access to corporations and government. M2M unmonitored devices difficult to protect without stricter security requirements. Transition to IP-based mobile networks
Preventative measures - Security audits -1 Audit Main Point GTP •  Endpoint discovery •  Illegal connection/association establishment –  User identity impersonation –  Fuzzing •  Leak of user traffic 1. to Core Network (EPC) 2. to LTE RAN X2AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM
LTEPreventative measures - Security audits -2 Audit Audit Point S1AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM –  NAS injection LTE EPC DNS Audit •  EPC DNS is important •  EPC DNS scanner •  Close to GRX / IMS
security approach LTESecurity Approach • First Level Router-based Security Protection for all attacks • Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the receiving network. The Router can provide DoS protection for the connected network using rate limiting to prevent performance-impacting overload ofthe network and services. 1 • Second Level Firewall-based Security Inner Layer Protection • Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP) inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet inspection supports both stateful signatures and protocol anomalies. 2 • Third Level Host Security Protection for smartest attacks • Network devices including packet gateways, application nodes provide further access control measures. using identification, authentication and authorization mechanisms. Node hardening’. This includes measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol (BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and management. 3
LTENetwork Element & IP Network Security Measures Network Security Measures • Network elements designed and implemented with security and comply with the 3GPP recommendations. • Network element security architecture. • Network element hardening and security testing. • Threat and risk analysis per network element. • Security audit, Timely patch and hardware upgradation. • Security vulnerability and performance monitoring. • Authorized site access. IP Network Security Measures • Secure operation and maintenance process. • Perimeter security and Traffic separation • IPsec used to be mandatory for core network.
LTEOM Security Measures OM Security functions in the system Measures 1. The log and security alarm function monitors the security of the whole system and reports the security information to the management system. 2. The user authentication and access control function controls the user access to avoid access of invalid users. 3. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB. – Digital Signature of Software is used to ensure software integrity and reliability – An eNodeB can be deployed using a Secured USB storage device – Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like operating systems are corrupted, backup data can be used to restore the system. 4. The OM channel security ensures security for the channel between EMS equipment and the NEs. – Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer – NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time
LTEeNodeB Security architechture
LTEeNodeB Security
LTEeNodeB Security •Performs the crypto specified for radio interface and backhaul link •Access to the cleartext in the user plane •Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the core, detach mobiles, discard traffic • 3GPP requires a secure environment inside the eNB • Stores keys, executes crypto, helps to secure boot • Preserves integrity and confidentiality of its content • Authorized access
TENetwork Access Security 1 Network access security protects the mobile’s communications with the network across the air interface, which is the most vulnerable part of the system. Using four main techniques 1. Authentication 2. Confidentiality 3. Ciphering 4. Integrity protection • Authentication - Evolved packet core (EPC) network and mobile confirm each other’s identities the confirms that the user is authorized to use the network’s services and is not using a cloned device. Mobile confirms that the network is genuine and is not a spoof network set up to steal the user’s personal data
LTENetwork Access Security-2 • Confidentiality- protects the user’s identity International mobile subscriber identity (IMSI) is one of the quantities that an intruder needs to clone a mobile so LTE avoids broadcasting it across the air interface wherever possible instead, the network identifies the user by means of temporary identities. EPC knows the MME pool area that the mobile is in during paging, then it uses the 40 bit STMSI otherwise (during the attach procedure) it uses the longer GUTI (Globally Unique Temporary ID) similarly, the radio access network uses the radio network temporary identifiers (RNTIs)
LTENetwork Access Security-3 •Ciphering also known as encryption, ensures that intruders cannot read the data and signaling messages that the mobile and network exchange. The packet data convergence protocol (PDCP) ciphers data and signaling messages in the air interface access stratum, while the EMM protocol ciphers signaling messages in the non access stratum • Integrity protection detects any attempt by an intruder to replay or modify signaling messages. Protects the system against problems such as man- in-the-middle attacks, in which an intruder intercepts a sequence of signaling messages and modifies and re-transmits them, in an attempt to take control of the mobile.
Authentication and key agreement procedure
Diagram for Authentication and key generation http://www.3glteinfo.com/lte-security-architecture/
LTEEPS Key Hierarchy and Radio Interface Security Keys and Key Hierarchy In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the MME and permanent master key is stored in the AuC. This approach provides the following advantages. 1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one key does not deduce the second one. 2. The system is improved by providing key freshness and it is possible to renew the keys used in security mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio interface and also the home network is not involved every time. This introduces a security versus complexity trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity which was not true in 3G. The base station eNB stores another key KeNB and the addition of KeNB makes it possible to renew keys for protection of radio access without involving MME.
LTEKey Derivations The hierarchy contains one root key (K), several intermediate keys such as CK, IK etc. and a set of leaf keys [5]. The purpose of the different keys are explained below. 1. K is a random bit string and it is a subscriber specific master key stored in USIM and AuC. 2. CK and IK are 128 bit keys derived from K using additional input parameters. 3. KASME is derived from CK and IK using two additional parameters, the serving network id and bitwise sum of two additional parameters (SQN and AK from the EPS AKA procedure). The KASME serves as local master key. 4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure that each new key KeNB derived differs from the earlier key. 5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for the initial NH derivation or previous NH as an additional input. 6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed and others may remain same.
LTEEPS Key Hierarchy
LTEConclusion How to Secure an LTE-Network? •Comply with the 3GPP recommendations . •IP network security mechanisms and recommendations . •Network elements designed and implemented with security . •Fraud management and tools. •Regular security Audit, Performance and Traffic trend report . •Monitor network element keeping security points in mind. Security is a ongoing and never ending process!
LTEAbbreviations 3GPP 3. Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key eNB Evolved Node B enc Encryption EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunneling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System Int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RA Registration Authority RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecomunication System UP User Plane USIM UMTS Subscriber Identity Module
LTEReferences •3rd Generation Partnership Project, http://www.3gpp.org/ •Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document •ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper •Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha Bhasker •White Paper The Security Vulnerabilities of LTE: Risks for Operators •White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting •http://www.3glteinfo.com/lte-security-architecture/ •https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf
LTE

Recommended

Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access Network
Sukhvinder Singh Malik
 
4G Handovers || LTE Handovers ||
4G Handovers || LTE Handovers || 4G Handovers || LTE Handovers ||
4G Handovers || LTE Handovers ||
ankur tomar
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
Mustahid Ali
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
RanjitUpadhyay4
 
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEUnderstanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
 
Circuit switched fallback
Circuit switched fallbackCircuit switched fallback
Circuit switched fallback
Subhash Kumar
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
aliirfan04
 
Wireless LAN
Wireless LANWireless LAN
Wireless LAN
KannanKrishnana
 

Recommended

Security In LTE Access Network
Security In LTE Access NetworkSecurity In LTE Access Network
Security In LTE Access Network
Sukhvinder Singh Malik
 
4G Handovers || LTE Handovers ||
4G Handovers || LTE Handovers || 4G Handovers || LTE Handovers ||
4G Handovers || LTE Handovers ||
ankur tomar
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
Mustahid Ali
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
RanjitUpadhyay4
 
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEUnderstanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
 
Circuit switched fallback
Circuit switched fallbackCircuit switched fallback
Circuit switched fallback
Subhash Kumar
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
aliirfan04
 
Wireless LAN
Wireless LANWireless LAN
Wireless LAN
KannanKrishnana
 
LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfacesAbdulrahman Fady
 
Bluetooth protocol stack
Bluetooth protocol stackBluetooth protocol stack
Bluetooth protocol stackstuimrozsm
 
LTE and EPC Specifications
LTE and EPC SpecificationsLTE and EPC Specifications
LTE and EPC Specifications
aliirfan04
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
Prasenjit Gayen
 
LTE Call Processing and Handover
LTE Call Processing and HandoverLTE Call Processing and Handover
LTE Call Processing and Handover
Sitha Sok
 
LTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionLTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) Introduction
Guisun Han
 
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Rohit Choudhury
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM
3G4G
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Telecom Roaming Overview
Telecom Roaming OverviewTelecom Roaming Overview
Telecom Roaming Overview
Shilpin Pvt. Ltd.
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
junnubabu
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
Vikas Shokeen
 
PS Core Presentation
PS Core PresentationPS Core Presentation
PS Core Presentation
Narendra Negi 7777+ Direct Connection
 
International roaming technical view
International roaming technical viewInternational roaming technical view
International roaming technical view
Rawand Jaf
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
WCDMA
WCDMAWCDMA
WCDMA
Harshal Tiwari
 
Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)
Jyothishmathi Institute of Technology and Science Karimnagar
 
LTE Testing | 4G Testing
LTE Testing | 4G TestingLTE Testing | 4G Testing
LTE Testing | 4G Testing
Ixia
 
UMTS, Introduction.
UMTS, Introduction.UMTS, Introduction.
UMTS, Introduction.
Mateen Shahid
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management Protocole
Amin Komeili
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
RAVI RAJ
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 

More Related Content

What's hot

LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfacesAbdulrahman Fady
 
Bluetooth protocol stack
Bluetooth protocol stackBluetooth protocol stack
Bluetooth protocol stackstuimrozsm
 
LTE and EPC Specifications
LTE and EPC SpecificationsLTE and EPC Specifications
LTE and EPC Specifications
aliirfan04
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
Prasenjit Gayen
 
LTE Call Processing and Handover
LTE Call Processing and HandoverLTE Call Processing and Handover
LTE Call Processing and Handover
Sitha Sok
 
LTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionLTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) Introduction
Guisun Han
 
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Rohit Choudhury
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM
3G4G
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Telecom Roaming Overview
Telecom Roaming OverviewTelecom Roaming Overview
Telecom Roaming Overview
Shilpin Pvt. Ltd.
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
junnubabu
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
Vikas Shokeen
 
PS Core Presentation
PS Core PresentationPS Core Presentation
PS Core Presentation
Narendra Negi 7777+ Direct Connection
 
International roaming technical view
International roaming technical viewInternational roaming technical view
International roaming technical view
Rawand Jaf
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)
Jyothishmathi Institute of Technology and Science Karimnagar
 
LTE Testing | 4G Testing
LTE Testing | 4G TestingLTE Testing | 4G Testing
LTE Testing | 4G Testing
Ixia
 
UMTS, Introduction.
UMTS, Introduction.UMTS, Introduction.
UMTS, Introduction.
Mateen Shahid
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management Protocole
Amin Komeili
 

What's hot (20)

LTE Architecture and interfaces
LTE Architecture and interfacesLTE Architecture and interfaces
LTE Architecture and interfaces
 
Bluetooth protocol stack
Bluetooth protocol stackBluetooth protocol stack
Bluetooth protocol stack
 
LTE and EPC Specifications
LTE and EPC SpecificationsLTE and EPC Specifications
LTE and EPC Specifications
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
LTE Call Processing and Handover
LTE Call Processing and HandoverLTE Call Processing and Handover
LTE Call Processing and Handover
 
LTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) IntroductionLTE (Long Term Evolution) Introduction
LTE (Long Term Evolution) Introduction
 
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
Universal Mobile Telecommunication System (UMTS)- Evolution from 2G to 3G
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
 
Telecom Roaming Overview
Telecom Roaming OverviewTelecom Roaming Overview
Telecom Roaming Overview
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
 
PS Core Presentation
PS Core PresentationPS Core Presentation
PS Core Presentation
 
International roaming technical view
International roaming technical viewInternational roaming technical view
International roaming technical view
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
WCDMA
WCDMAWCDMA
WCDMA
 
Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)Mobile computing (Wireless) Medium Access Control (MAC)
Mobile computing (Wireless) Medium Access Control (MAC)
 
LTE Testing | 4G Testing
LTE Testing | 4G TestingLTE Testing | 4G Testing
LTE Testing | 4G Testing
 
UMTS, Introduction.
UMTS, Introduction.UMTS, Introduction.
UMTS, Introduction.
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management Protocole
 

Similar to LTE :Mobile Network Security

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
RAVI RAJ
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
IJNSA Journal
 
7215nsa05
7215nsa057215nsa05
7215nsa05
Shivanand Manjaragi
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
IJNSA Journal
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
Ankit Anand
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense Techniques
IRJET Journal
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET Journal
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
ballolliemin
 
Network Security
Network SecurityNetwork Security
Network Security
IlhamMohomed1
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmz
Baha Rababah
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerations
Mary McEvoy Carroll
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET Journal
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
willcoxjanay
 
Wireless security
Wireless securityWireless security
Wireless security
Salma Elhag
 

Similar to LTE :Mobile Network Security (20)

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSCOMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
Cellular wireless network security
Cellular wireless network securityCellular wireless network security
Cellular wireless network security
 
Denial of Service Attack Defense Techniques
Denial of Service Attack Defense TechniquesDenial of Service Attack Defense Techniques
Denial of Service Attack Defense Techniques
 
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
IRJET - Virtual Private Network Implementation on PC as a Router for Privacy ...
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
 
Network Security
Network SecurityNetwork Security
Network Security
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
Evaluation the performanc of dmz
Evaluation the performanc of dmzEvaluation the performanc of dmz
Evaluation the performanc of dmz
 
Lte security concepts and design considerations
Lte security concepts and design considerationsLte security concepts and design considerations
Lte security concepts and design considerations
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed FirewallsIRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
Wireless security
Wireless securityWireless security
Wireless security
 

More from Satish Chavan

Internet of things
Internet of thingsInternet of things
Internet of things
Satish Chavan
 
Carrier grade wi fi integration architecture
Carrier grade wi fi integration architectureCarrier grade wi fi integration architecture
Carrier grade wi fi integration architecture
Satish Chavan
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
Satish Chavan
 
Network function virtualization
Network function virtualizationNetwork function virtualization
Network function virtualization
Satish Chavan
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
Satish Chavan
 
Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator
Satish Chavan
 

More from Satish Chavan (6)

Internet of things
Internet of thingsInternet of things
Internet of things
 
Carrier grade wi fi integration architecture
Carrier grade wi fi integration architectureCarrier grade wi fi integration architecture
Carrier grade wi fi integration architecture
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
 
Network function virtualization
Network function virtualizationNetwork function virtualization
Network function virtualization
 
Understanding the cloud computing stack
Understanding the cloud computing stackUnderstanding the cloud computing stack
Understanding the cloud computing stack
 
Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator Smart city -Opportunity to Indian Telecom Operator
Smart city -Opportunity to Indian Telecom Operator
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

LTE :Mobile Network Security

  • 1. LTE :Mobile Network Security Satish Chavan satchavan@gmail.com
  • 2. Introduction LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture. With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP- spoofing, data and service theft, DDoS attacks and numerous other variants of cyber- attacks and crimes. LTE architecture was developed by 3GPP taking into consideration security principles right from its inception and design based on five security feature groups. 1. Network access security, to provide a secure access to the service by the user. 2. Network domain security, to protect the network elements and secure the signalling and user data exchange. 3. User domain security, to control the secure access to mobile stations 4. Application domain security, to establish secure communications over the application layer 5. Visibility and configuration of security, bring the opportunity for the user to check if the security features are in operation.
  • 3. Introduction-2 I. Network Access Security These security features facilitates the UEs for the secure access to EPC and protects possible attacks on radio link through integrity protection and ciphering between the USIM, ME, EUTRAN and entities of EPC (both serving networks and home networks). II. Network domain security The set of security features protects possible attack on wire line networks and enables the data exchange in secure manner. III. User domain security The mutual authentication of USIM and ME is supported using a secret PIN before they can access each other. IV. Application level security These are the set of security features that enables the application in UE and the service provider domain for the secure exchange of messages. V. Non 3GPP domain security These are the set of features enables the UEs to securely access to the EPC via non 3GPP access networks and provide security protection on the access link.
  • 4. LTE architecture model has been divided into the following network segments: LTELTE architecture model 1. User equipment (UE), 2. Access, 3. Evolved Packet Core Transport 4. Service network LTE security architecture
  • 5. Key security threats/risks LTE security requirements are very different from UMTS. An LTE security gateway solution needs to not only authenticate eNodeBs and encrypt traffic with IPsec, but also provide SCTP firewall functions to protect the mobile packet core from signaling storms and man in the middle attacks. Key security threats/risks: 1. Distributed network and open architecture 2. Complex business models (IS/Service sharing) 3. Decentralized accountability for security 4. Minimizing security spend Preventative measures: 1. Interoperability standards 2. Strong partner agreement 3. Security audits with remediation commitments 4. Security Budget
  • 6. LTENetwork segments wise risk and measures-1 Network segments Key risks ,Security threats Preventative measures User Equipment (UE) subscriber entry points into the LTE network 1. Physical attacks 2. Risk of data loss, privacy 3. Lack of security standards & controls on UEs 4. Application layer: virus, malware, phishing 1. Subscriber education 2. Antivirus 3. Industry security standards & controls on UE 4. Strong authentication, authorization, encryption Access interconnection between UE and EUTRAN. 1. Physical attacks 2. Rogue eNodeBs 3. Eavesdropping, Redirection, MitM attacks, DoS 4. Privacy 1. Physical security 2. Authentication, authorization, encryption 3. Network monitoring, IPS systems 4. Security Architecture
  • 7. LTE Network segments Key risks ,Security threats Preventative measures Core (EPC)/Transport manages user authentication, authorization and accounting (AAA), IP address allocation, mobility , charging, QoS and security 1. Unauthorized access 2. DoS and DDoS attacks 3. Overbilling attacks (IP address hijacking, IP spoofing) 1. Security Architecture: VPNs, VLANs 2. Encryption, IKE/ IPSec 3. Network monitoring, management and load balancing Service Network Security management in IMS is particularly important 1. Unauthorised access 2. Service abuse attacks, Theft of service 3. Network snoop, session hijacking 1. Border Security 2. Strong authentication 3. Enable security protocols 4. Implement Security Gateways Network segments wise risk and measures-2
  • 8. Attack type Trigger and impact DDoS The target network is flooded by traffic from multiple sources. Ping flood A large volume of ping packets causes a network to crash. In a “ping of death,” malformed ping requests are used. SYN flood The attacker sends a high number of TCP/SYN packets, which the network accepts as connection requests and which overwhelm the network. Replay attack The attacker intercepts legitimate signaling traffic and retransmits it until the network is overwhelmed. SQL injection The attacker sends malicious commands in statements to a SQL database to make unauthorized changes to the database or to get a copy of the data. DNS hijacking The attacker redirects DNS queries to a rogue DNS server. IP port scans The attacker scans network elements for active ports and exploits their vulnerabilities. Attack type,Trigger and impact
  • 9. Legacy Network IP Based network Mobile Devices Voice-based network, Limited data capabilities: easier for operators to control. Data-centric devices, visible from the internet: increased vulnerability, more entry points, less control. Equipment Expensive RAN equipment, large form factor: difficult to buy or operate a rogue base station. Femto cells, small cells and Wi-Fi hotspots: Easier and cheaper provide an entry point to the mobile network. Network architecture Proprietary, Hierarchical/Close networks Difficult to penetrate, Easier to protect. Flat networks, More connections among elements Porous easier to penetrate. Signaling SS7: Closed signaling environment, Difficult to penetrate. Diameter: IP increases mobile networks vulnerability to security threats. Applications Few applications available or used limited entry points to devices. Applications in a fragmented is difficult to control Misc / Economic /security targets. Billing fraud Limited use of cellular networks for M2M applications. Access to corporations and government. M2M unmonitored devices difficult to protect without stricter security requirements. Transition to IP-based mobile networks
  • 10. Preventative measures - Security audits -1 Audit Main Point GTP •  Endpoint discovery •  Illegal connection/association establishment –  User identity impersonation –  Fuzzing •  Leak of user traffic 1. to Core Network (EPC) 2. to LTE RAN X2AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM
  • 11. LTEPreventative measures - Security audits -2 Audit Audit Point S1AP Audit •  Endpoint discovery •  Illegal connection/association establishment –  Fuzzing •  Reverse engineering of proprietary extensions •  MITM –  NAS injection LTE EPC DNS Audit •  EPC DNS is important •  EPC DNS scanner •  Close to GRX / IMS
  • 12. security approach LTESecurity Approach • First Level Router-based Security Protection for all attacks • Packet filter policy based on a ‘deny-all’ approach. permits ingress of packets permissible user traffic of the receiving network. The Router can provide DoS protection for the connected network using rate limiting to prevent performance-impacting overload ofthe network and services. 1 • Second Level Firewall-based Security Inner Layer Protection • Use of firewall filter policies, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) stateful inspection are used to lower the number of policies required. GPRS Tunneling Protocol (GTP) inspection is used to inspect traffic destined for other peer networks via GRX. Firewalls provide DoS attack protection, deep packet inspection, and intrusion detection and prevention options. Deep packet inspection supports both stateful signatures and protocol anomalies. 2 • Third Level Host Security Protection for smartest attacks • Network devices including packet gateways, application nodes provide further access control measures. using identification, authentication and authorization mechanisms. Node hardening’. This includes measures such as Interior Border Gateway Protocol (IGP) and Border Gateway Protocol (BGP)authentication, applying access control lists , closing unwanted or unused ports in applications and clients, and using a secure protocol like Secure Shell (SSH) instead of Telnet for configuration and management. 3
  • 13. LTENetwork Element & IP Network Security Measures Network Security Measures • Network elements designed and implemented with security and comply with the 3GPP recommendations. • Network element security architecture. • Network element hardening and security testing. • Threat and risk analysis per network element. • Security audit, Timely patch and hardware upgradation. • Security vulnerability and performance monitoring. • Authorized site access. IP Network Security Measures • Secure operation and maintenance process. • Perimeter security and Traffic separation • IPsec used to be mandatory for core network.
  • 14. LTEOM Security Measures OM Security functions in the system Measures 1. The log and security alarm function monitors the security of the whole system and reports the security information to the management system. 2. The user authentication and access control function controls the user access to avoid access of invalid users. 3. The OM system security protects the software and configuration data running on the eNodeB to prevent invalid control over the eNodeB. – Digital Signature of Software is used to ensure software integrity and reliability – An eNodeB can be deployed using a Secured USB storage device – Data backup ensures data consistency and integrity. If eNodeB data is detected as damaged, like operating systems are corrupted, backup data can be used to restore the system. 4. The OM channel security ensures security for the channel between EMS equipment and the NEs. – Security Socket Layer (SSL) is a protocol that provides end-to-end communication security between TCP layer and the application layer – NTP (Network Time Protocol) security authentication is used to encrypt and authenticate the NTP packets so that the validity of the reference time
  • 17. LTEeNodeB Security •Performs the crypto specified for radio interface and backhaul link •Access to the cleartext in the user plane •Exposed to tampering that eavesdrop/modify user traffic, send maliciously crafted PDUs to the core, detach mobiles, discard traffic • 3GPP requires a secure environment inside the eNB • Stores keys, executes crypto, helps to secure boot • Preserves integrity and confidentiality of its content • Authorized access
  • 18. TENetwork Access Security 1 Network access security protects the mobile’s communications with the network across the air interface, which is the most vulnerable part of the system. Using four main techniques 1. Authentication 2. Confidentiality 3. Ciphering 4. Integrity protection • Authentication - Evolved packet core (EPC) network and mobile confirm each other’s identities the confirms that the user is authorized to use the network’s services and is not using a cloned device. Mobile confirms that the network is genuine and is not a spoof network set up to steal the user’s personal data
  • 19. LTENetwork Access Security-2 • Confidentiality- protects the user’s identity International mobile subscriber identity (IMSI) is one of the quantities that an intruder needs to clone a mobile so LTE avoids broadcasting it across the air interface wherever possible instead, the network identifies the user by means of temporary identities. EPC knows the MME pool area that the mobile is in during paging, then it uses the 40 bit STMSI otherwise (during the attach procedure) it uses the longer GUTI (Globally Unique Temporary ID) similarly, the radio access network uses the radio network temporary identifiers (RNTIs)
  • 20. LTENetwork Access Security-3 •Ciphering also known as encryption, ensures that intruders cannot read the data and signaling messages that the mobile and network exchange. The packet data convergence protocol (PDCP) ciphers data and signaling messages in the air interface access stratum, while the EMM protocol ciphers signaling messages in the non access stratum • Integrity protection detects any attempt by an intruder to replay or modify signaling messages. Protects the system against problems such as man- in-the-middle attacks, in which an intruder intercepts a sequence of signaling messages and modifies and re-transmits them, in an attempt to take control of the mobile.
  • 21. Authentication and key agreement procedure
  • 22. Diagram for Authentication and key generation http://www.3glteinfo.com/lte-security-architecture/
  • 23. LTEEPS Key Hierarchy and Radio Interface Security Keys and Key Hierarchy In the Evolved Packet Core Authentication and Key Agreement (EPS AKA) protocol, all the keys that are needed for various security mechanisms are derived from intermediate key KASME which is viewed as local master key for the subscriber in contrast to permanent master key K. In the network side, the local master key KASME is stored in the MME and permanent master key is stored in the AuC. This approach provides the following advantages. 1. It enables cryptographic key separation, where the usage of each key in one specific context and knowing one key does not deduce the second one. 2. The system is improved by providing key freshness and it is possible to renew the keys used in security mechanism. The EPS AKA is need not be run every time when the key to be renewed for protecting the radio interface and also the home network is not involved every time. This introduces a security versus complexity trade-off situation. For EPS, the security benefits of using an intermediate key overweigh the added complexity which was not true in 3G. The base station eNB stores another key KeNB and the addition of KeNB makes it possible to renew keys for protection of radio access without involving MME.
  • 24. LTEKey Derivations The hierarchy contains one root key (K), several intermediate keys such as CK, IK etc. and a set of leaf keys [5]. The purpose of the different keys are explained below. 1. K is a random bit string and it is a subscriber specific master key stored in USIM and AuC. 2. CK and IK are 128 bit keys derived from K using additional input parameters. 3. KASME is derived from CK and IK using two additional parameters, the serving network id and bitwise sum of two additional parameters (SQN and AK from the EPS AKA procedure). The KASME serves as local master key. 4. KeNB is derived from KASME and the additional input a counter. This additional parameter is needed to ensure that each new key KeNB derived differs from the earlier key. 5. NH is another intermediate key derived from KASME, and used in handover situations. It is derived from KeNB for the initial NH derivation or previous NH as an additional input. 6. KRRCenc, KRRCint and KUPenc are used for the encryption and integrity of RRC and Users.The complex key hierarchy achieves the key separation and prevents related key attack. The key hierarchy achieves key renewal very easily without affecting the other keys. When one key is changed, only the keys dependent on it have to be changed and others may remain same.
  • 26. LTEConclusion How to Secure an LTE-Network? •Comply with the 3GPP recommendations . •IP network security mechanisms and recommendations . •Network elements designed and implemented with security . •Fraud management and tools. •Regular security Audit, Performance and Traffic trend report . •Monitor network element keeping security points in mind. Security is a ongoing and never ending process!
  • 27. LTEAbbreviations 3GPP 3. Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key eNB Evolved Node B enc Encryption EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunneling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System Int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RA Registration Authority RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecomunication System UP User Plane USIM UMTS Subscriber Identity Module
  • 28. LTEReferences •3rd Generation Partnership Project, http://www.3gpp.org/ •Security aspects 3GPP specification 3G and beyond / GSM (R99 and later)series -33 series document •ETSI Security White Paper Freely available at: www.etsi.org/securitywhitepaper •Journal of Cyber Security and Information Systems – October 2013 4G LTE Security for Mobile Network Operators By Daksha Bhasker •White Paper The Security Vulnerabilities of LTE: Risks for Operators •White paper Wireless security in LTE networks- Monica Paolini Senza Fili Consulting •http://www.3glteinfo.com/lte-security-architecture/ •https://www.rsaconference.com/writable/presentations/file_upload/tech-r03_lte-security-how-good-is-it.pdf
  • 29. LTE