View RSS Feed

Charging SIngh

LTE Security Architecture

Rating: 2 votes, 3.50 average.
LTE security architecture defines the security mechanism for both NAS layer and AS layer. No HO related security is covered in this document.
LTE Security Distribution

NAS security
• Carried out for NAS messages and belongs to the scope of UE and MME.
• In this case NAS message communication between UE and MME are Integrity protected and Ciphered with extra NAS security header.
AS security
• Carried out for RRC and user plane data and belongs to the scope of UE and eNB.
• PDCP layer in UE and eNB side is responsible for the ciphering and integrity protection.
• RRC messages are integrity protected and ciphered but U-Plane data is only ciphered.
Different Security algorithms (integrity/ciphering)
Integrity
• “0000” EIA0 Null Integrity Protection algorithm
• “0001” 128-EIA1 SNOW 3G
• “0010” 128-EIA2 AES
Ciphering
• “0000” EEA0 Null ciphering algorithm
• “0001” 128-EEA1 SNOW 3G based algorithm
• “0010” 128-EEA2 AES based algorithm


Pre Shared Keys
• UE Security Key – Configured in operator’s DB in Authentication center and USIM.
• AMF – Configured in operator’s DB in Authentication center and USIM.
• OP – This is optional and configured in operator’s DB in Authentication center and USIM.
Generated Keys
• SQN – It is the 4 Octet sequence no which should be refreshed each time NW tries to re authenticate the UE. It is generated as below.
SQN1-n = SEQ1-n || IND1-n
SEQ is the Prefix with value in the range of 27 bits (0-2^27) and IND is the index of 5 bits (0-31).
If 0 If IND=0, generate SEQ using random rules (ex – modular addition)
Ex- SQN is generated using modular addition
SQN 1 =SEQ || IND
SQN 2 =SEQ+ 1 || IND
SQN 3 =SEQ+ 2 || IND
SQN 4 =SEQ+ 3 || IND
SQN 5 =SEQ+ 4 || IND
• RAND – It is the random no generated through some random no generation algorithm.
Derived Authentication vectors
• IK – Is the integrity key generated with input (K, RAND)->f4->IK. It is generated at authentication center and USIM.
• CK – It is the ciphering key generated with input (K, RAND)->f3->CK. It is generated at authentication center and USIM.
• AK – It is the anonymity key generated with input (K, RAND)->f5->AK. It is generated only at authentication center.
• XRES – Expected response generated with input (K, RAND)->f2->XRES. It is generated only at authentication center. Corresponding parameter RES is generated at USIM.
• MAC – Message authentication code generated with input (K, SQN, RAND, AMF)->f1->MAC. It is generated only at authentication center. Corresponding parameter XMAC is generated at USIM.
• AUTN – authentication token generated with AUTN = SQN * AK || AMF || MAC. It is generated only at authentication center.
When MME receives Attach Request from an UE to get the initial access to the network, MME send the authentication data request to AuC/HSS. After derivation of RAND, XRES, CK, IK, AUTN Authentication center combines them in to authentication vector (AV = RAND || XRES || CK || IK || AUTN) and sends it to MME with authentication data response.



Derived Keys
These keys are derived using the key derivation function (KDF) = HMAC-SHA-256 (Key, S) where
Key = Input key
Input string S = FC || P0 || L0 || P1 || L1 || P2 || L2 || P3 || L3 ||… || Pn || Ln
FC= function code
P0 = parameter 0
L0 = length of parameter 0
• KASME – To calculate KASME following steps are required.
Key = CK||IK
S = FC(0x10) || SN Id || Length of SN id || SQN Ε AK || length of SQN Ε AK
KASME = HMAC-SHA-256 (Key, S)
• KeNB – To calculate KeNB following steps are required.
Key = KASME
S = FC(0x11) || UL NAS Count || Length of UL NAS Count
KeNB = HMAC-SHA-256 (Key, S)
• Algorithm Key generation function – It covers the derivation of Knas-int, Knas-enc, Krrc-int, Krrc-enc, Kup-enc.
Key = KASME/Kenb (KASME is for Knas-int, Knas-enc and KeNB is for Krrc-int, Krrc-enc, Kup-enc)
S = FC(0x15) || algorithm type distinguisher || length of algorithm type distinguisher || algorithm identity || length of algorithm identity
Knas-int/Knas-enc/Krrc-int/Krrc-enc/Kup-enc = HMAC-SHA-256 (Key, S)
State diagram for Authentication and key generation

Submit "LTE Security Architecture" to Digg Submit "LTE Security Architecture" to del.icio.us Submit "LTE Security Architecture" to StumbleUpon Submit "LTE Security Architecture" to Google

Tags: None Add / Edit Tags
Categories
LTE

Comments

  1. budiprast007's Avatar