Netmanias.2012.08.22 [en] lte security i-security concept and authentication

Netmanias Technical Document: LTE Security I - LTE Security Concept and LTE Authentication
www.netmanias.com
About NMC Consulting Group
NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN
lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi.
Copyright © 2002-2012NMC Consulting Group. All rights reserved.
www.nmcgroups.com
LTE Security I
LTE Security Concept and LTE Authentication
August 21, 2012
(Last Updated: August 22, 2012)
NMC Consulting Group
www.netmanias.com
www.nmcgroups.com

2
Scope and Concept of LTE Security
❶ LTE Authentication
 Mutual Authentication between UE and LTE
Network (UE – MME – HSS) using EPS-AKA
 Base Key: K
 Derived Key: KASME
❷ NAS Security
 Integrity Protection and Ciphering (Encryption)
for NAS Signaling Message between UE and MME
 Base Key: KASME
 Derived Key: KNASint, KNASenc
❸ AS Security
 Integrity Protection and Ciphering (Encryption)
for RRC Signaling Message between UE and eNB
 Base Key: KeNB
 Derived Key: KRRCint, KRRCenc
 Ciphering (Encryption) for User IP Packet
between UE and eNB
 Base key: KeNB
 Derived key: KUPenc
IP Packet
Ciphering
① Mutual Authentication
EPS Authentication Vectors
(RAND, AUTN, XRES, KASME)
KNASint/KNASenc
KNASint/KNASenc
KRRCint/KRRCenc KUPenc
KRRCint/KRRCenc KUPenc
RRC Signaling
Integrity Protection/
Ciphering
IMSI, LTE K
IMSI, LTE K
② NAS Signaling
Integrity Protection/
Ciphering
KASME
KASME
KeNB
KeNBUE
eNB
MME
HSS
1
2
3
3
Mandatory
Optional

3
Attach Request (IMSI, UE Network Capability, KSIASME=7)
Authentication Information Request (IMSI, SN ID, Network Type)
Authentication Information Answer
(AVs (1...n))
Authentication Request (RAND, AUTNHSS, KSIASME=1)
[not ciphered; not integrity protected]
Authentication Response (RES) [not ciphered; not integrity protected]
AS Security Mode Complete (MAC-I)
[AS integrity protected]
AS Security Mode Command
(Ciphering Algorithm=EEA1, Integrity
Algorithm=EIA1, MAC-I)
[AS integrity protected]
Attach Accept
<Initial Context Setup Request>
(UE Network Capability, KeNB)
NAS Security Mode Command (KSIASME=1, Replayed UE Network Capability, NAS
Ciphering Algorithm=EEA1, NAS Integrity Algorithm=EIA1, NAS-MAC)
[NAS integrity protected]
NAS Security Mode Complete (NAS-MAC) [NAS ciphered and integrity protected]
Network(HSS) Authentication
( AUTNUE = AUTNHSS )
UE Authentication
( RES = XRES )
Authentication
NAS Security Setup
AS Security Setup
Ciphered and Integrity Protected NAS Signaling
Compute KeNB
Ciphered and Integrity Protected RRC Signaling
Ciphered User Plane (Data Plane)
KNASenc, KNASint
KRRCenc, KRRCint
KUPenc
KRRCenc, KRRCint
KUPenc
eNBUE MME HSS
1
2
3
LTE K RAND
EPS AKA Algorithm
AUTNUE RES KASME
SQN SN ID
LTE K RAND
EPS AKA Algorithm
AUTNHSS XRES KASME
SQN SN ID
Authentication Vector=
(RAND, XRES, AUTNHSS, KASME)
Select encryption/integrity algorithm
KNASenc
KASME
KDF
KNASint
Alg-ID, Alg Distinguisher
KNASenc, KNASint
NAS Uplink Count
KeNB
KASME
KDF
KRRCenc
KeNB
KDF
KRRCint KUPenc
Select encryption/integrity algorithm
NAS Uplink Count
KeNB
KASME
KDF
KNASenc
KASME
KDF
KNASint
KRRCenc
KeNB
KDF
KRRCint KUPenc
LTE Security I - Authentication
LTE Security II
– NAS & AS Security
Overview of LTE Security
After Authentication
 UE and MME share KASME
After NAS Security Setup
 UE and MME share NAS
Security Key (KNASenc, KNASint)
in Control Plane
After AS Security Setup
 UE and eNB share AS
Security Key (KRRCenc, KRRCint)
in Control Plan
 UE and eNB share AS
Security Key (KUPenc) in User
Plan

4
Overview of LTE Authentication Procedure: EPS-AKA
EPS-AKA (Evolved Packet System – Authentication and Key Agreement)
MME HSSAttach Request (IMSI, UE
Network Capability, KSIASME=7)
SQN
Crypto function
LTE K RAND
XRES AUTN CK IK
KDF
SQN
SN ID
KASME
IMSI: Provisioned @AuC
RAND: HSS generates
LTE K: Provisioned @AuC
SQN: HSS generates (increase)
Select an AV (e.g., AV i)
KSIASME AV
1 XRES i, KASME i
Authentication Request
(RAND i, AUTN i, KSIASME i)
SQN
Crypto function
LTE K RAND i
RES AUTNUE CK IK
KDF
SQN
SN ID
KASME (KASME i)
IMSI: Factory Default
RAND: HSS generates
LTE K: Factory Default
SQN: HSS generates
Authentication Response
(RES)
UE uses KASME (KASME i) to
calculates additional keys
MME uses KASME (KASME i) to
calculates additional keys
IMSI
USIM
LTE K
Authentication Vector (AV)
AV = (RAND, AUTN, XRES, KASME)
Authentication Complete
HSS authenticated
if AUTN i = AUTNUE
UE authenticated
if RES = XRES i
KSIASME value is not used for
authentication itself, but used to
generate subsequent key values
(for Encryption & Integrity Check)
KSIASME AV
1 KASME i
1 2
3
4
5
UE MME HSSAuthentication Information Request
(IMSI, SN ID, n, Network Type)
Authentication Information
Answer (Authentication Vectors)
AV 1 = (RAND1, AUTN1, XRES1, KASME1)
…
AV i = (RANDi, AUTNi, XRESi, KASMEi)
…
AV n = (RANDn, AUTNn, XRESn, KASMEn)

5
LTE Authentication Procedure (1)
 Provisioning Information @HSS/AuC
 K: provisioned to AuC at subscription time
 IMSI: provisioned to HSS & AuC at subscription time
 Storing Information @USIM
 K & IMSI: stored to USIM at manufacturing time
1. Authentication Request from UE
❶ [UE  MME] UE Requests Registration to Network
 UE sends Attach Request (IMSI, UE Network Capability, KSIASME=7) message to MME
 IMSI: Subscriber ID
 UE Network Capability: supported security algorithms by UE
 KSIASME=7: indicates no key is available
EEA and EIA in “UE Network Capability” Information [4]
Algorithm ID Description
128-EEA0 Null Ciphering Algorithm
128-EEA1 SNOW 3G
128-EEA2 AES
Algorithm ID Description
- -
128-EIA1 SNOW 3G
128-EIA2 AES
EEA EIA

6
2. Transfer of Authentication Vector(s) from HSS to MME
❷ [MME  HSS] Requesting Authentication Vector(s)
 MME sends Authentication Information Request (IMSI, SN ID, n, Network Type)
message to HSS to request authentication vector(s) for the UE
 IMSI: Subscriber ID
 SN ID: Serving Network ID. Identified by PLMN ID (MCC + MNC)
 n: number of requested Authentication Vector(s)
 Network Type: here, E-UTRAN
 HSS
 Generates RAND and SQN
 Calculates XRES, AUTN, CK and IK using AKA Algorithm with inputs,
LTE Key (K), SQN and RAND
 Calculates local master key KASME using KDF with inputs,
CK, IK, SQN and SN ID
 Constitutes Authentication Vector(s), AV=(RAND, AUTH, XRES, KASME)
❸ [MME  HSS] Distributing Authentication Vector(s)
 HSS sends Authentication Information Answer (AVs) message including
AVs back to MME
 MME
 Stores AVs and selects an AV (here the ith AV, AVi=(RANDi, AUTHi, XRESi, KASMEi))
SQN
Crypto function
LTE K RAND
XRES AUTN CK IK
KDF
SQN
SN ID
KASME
IMSI: Provisioned @AuC
RAND: HSS generates
LTE K: Provisioned @AuC
SQN: HSS generates (increase)
Authentication Vector (AV)
AV = (RAND, AUTN, XRES, KASME)
HSS

7
3. Mutual Authentication between UE and MME
 KASME : MME Base Key (local master key). Stored only in MME, not delivered to the UE
 UE authenticates the Network (HSS) by comparing AUTN with AUTHUE
 MME (on behalf of HSS) authenticates the UE by comparing RES with XRES
❹ [UE  MME] Requesting User Authentication
 MME sends Authentication Request (KSIASMEi, RANDi, AUTNi) message to UE
 Keeps KASMEi and XRESi
 Allocates KSIASMEi to uniquely identify KASMEi (KSIASMEi is shared in the UE and MME)
 Sends KSIASMEi, RANDi, AUTNi to UE
 UE
 Calculates Authentication Vector, AV=(RAND, AUTHUE, RES, KASME)
using the same AKA algorithm as in HSS
 Authenticates the Network (HSS) by comparing AUTHi with AUTHUE
❺ [UE  MME] Responding User Authentication
 UE sends Authentication Response (RES) message back to MME
 MME
 Authenticates the UE by comparing RES with XRESi
SQN
Crypto function
LTE K RAND
RES AUTNUE CK IK
KDF
SQN
SN ID
IMSI: Factory Default
RAND: HSS generates
LTE K: Factory Default
SQN: HSS generates
Sent to MME
Used to authenticate HSS
KASME (KASME i)
KSIASME AV
1 KASME i
UE

8
Summary of LTE Security Key: Authentication
LTE Security Keys related to the LTE Authentication (EPS-AKA)
Key Length Location Derived from Description
K 128 bits USIM, AuC - EPS master key
CK 128 bits USIM, HSS K Cipher key
IK 128 bits USIM, HSS K Integrity key
KASME 256 bits UE, HSS, MME CK, IK MME base key

9
References and Abbreviations
[1] Netmanias Technical Document, “LTE Network Architecture”, September 2010,
http://www.netmanias.com/bbs/zboard.php?id=1x_TechdocsForum_4G
[2] NMC Consulting Group Report, “E2E LTE Network Design”, August 2010.
[3] 3GPP TS 24.301, “Non-Access-Stratum (NAS) Protocol for Evolved Packet System (EPS); Stage 3”.
[4] 3GPP TS 33.401, “3GPP System Architecture Evolution (SAE); Security Architecture”.
AES
AKA
AS
ASME
AuC
AUTN
AV
CK
EEA
EIA
EPS
HSS
IK
IMSI
KSI
LTE
: Advanced Encryption Standard
: Authentication and Key Agreement
: Access Stratum
: Access Security Management Entity
: Authentication Center
: Authentication Token
: Authentication Vector
: Cipher Key
: EPS Encryption Algorithm
: EPS Integrity Algorithm
: Evolved Packet System
: Home Subscriber Server
: Integrity Key
: International Mobile Subscriber Identity
: Key Set Identifier
: Long Term Evolution
Abbreviations
MCC
MME
MNC
NAS
PLMN
RAND
RES
RRC
SN ID
SQN
UE
UP
USIM
XRES
: Mobile Country Code
: Mobility Management Entity
: Mobile Network Code
: Non Access Stratum
: Public Land Mobile Network
: RANDom number
: Response
: Radio Resource Control
: Serving Network ID
: Sequence Number
: User Equipment
: User Plane
: Universal Subscriber Identity Module
: Expected Response

Netmanias.2012.08.22 [en] lte security i-security concept and authentication

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Viewers also liked

Viewers also liked (12)

Similar to Netmanias.2012.08.22 [en] lte security i-security concept and authentication

Similar to Netmanias.2012.08.22 [en] lte security i-security concept and authentication (20)

Recently uploaded

Recently uploaded (20)

Netmanias.2012.08.22 [en] lte security i-security concept and authentication