[内容简介]
A concise, updated guide to the 3GPP LTE Security Standardization specifications
A welcome Revised Edition of the successful LTE Security addressing the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but which needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. The authors explain in detail the security mechanisms employed to meet these requirements. The specifications generated by standardization bodies only inform about how to implement the system (and this only to the extent required for interoperability), but almost never inform readers about why things are done the way they are. Furthermore, specifications tend to be readable only for a small group of experts and lack the context of the broader picture. The book fills this gap by providing first hand information from insiders who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP, and can therefore explain the rationale for design decisions in this area.
- A concise, fully updated guide to the 3GPP LTE Security Standardization specifications
- Describes the essential elements of LTE and SAE Security, written by leading experts who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP
- Explains the rationale behind the standards specifications giving readers a broader understanding of the context to these specifications
- Includes new chapters covering 3GPP work on system enhancements for MTC, plus application layer security in ETSI TC M2M and embedded smart card in ETSI SCP; Security for Machine-type Communication, Relay Node Security, and Future Challenges, including Voice over LTE, MTC, Home base stations, LIPA/SIPTO, and New Cryptographic Algorithms
Essential reading for System engineers, developers and people in technical sales working in the area of LTE and LTE security, communication engineers and software developers in mobile communication field.
[目录]
Preface xiii
Foreword to the First Edition xv
Acknowledgements xix
Copyright Acknowledgements xix
1 Overview of the Book 1
2 Background 5
2.1 Evolution of Cellular Systems 5
2.1.1 Third-Generation Network Architecture 6
2.1.2 Important Elements of the 3G Architecture 7
2.1.3 Functions and Protocols in the 3GPP System 8
2.1.4 The EPS System 9
2.2 Basic Security Concepts 10
2.2.1 Information Security 10
2.2.2 Design Principles 11
2.2.3 Communication Security Features 12
2.3 Basic Cryptographic Concepts 13
2.3.1 Cryptographic Functions 14
2.3.2 Securing Systems with Cryptographic Methods 16
2.3.3 Symmetric Encryption Methods 17
2.3.4 Hash Functions 18
2.3.5 Public-Key Cryptography and PKI 19
2.3.6 Cryptanalysis 20
2.4 Introduction to LTE Standardization 21
2.4.1 Working Procedures in 3GPP 22
2.5 Notes on Terminology and Specification Language 26
2.5.1 Terminology 26
2.5.2 Specification Language 27
3 GSM Security 29
3.1 Principles of GSM Security 29
3.2 The Role of the SIM 30
3.3 Mechanisms of GSM Security 31
3.3.1 Subscriber Authentication in GSM 32
3.3.2 GSM Encryption 32
3.3.3 GPRS Encryption 33
3.3.4 Subscriber Identity Confidentiality 34
3.4 GSM Cryptographic Algorithms 34
4 Third-Generation Security (UMTS) 37
4.1 Principles of Third-Generation (3G) Security 37
4.1.1 Elements of GSM Security Carried over to 3G 37
4.1.2 Weaknesses in GSM Security 38
4.1.3 Higher Level Objectives 39
4.2 Third-Generation Security Mechanisms 40
4.2.1 Authentication and Key Agreement 40
4.2.2 Ciphering Mechanism 45
4.2.3 Integrity Protection Mechanism 46
4.2.4 Identity Confidentiality Mechanism 48
4.3 Third-Generation Cryptographic Algorithms 49
4.3.1 KASUMI 50
4.3.2 UEA1 and UIA1 51
4.3.3 SNOW3G, UEA2 and UIA2 51
4.3.4 MILENAGE 54
4.3.5 Hash Functions 54
4.4 Interworking between GSM and 3G Security 55
4.4.1 Interworking Scenarios 55
4.4.2 Cases with SIM 56
4.4.3 Cases with USIM 57
4.4.4 Handovers between GSM and 3G 58
4.5 Network Domain Security 59
4.5.1 Generic Security Domain Framework 59
4.5.2 Security Mechanisms for NDS 62
4.5.3 Application of NDS 64
4.6 Architectures with RNCs in Exposed Locations 65
5 3G–WLAN Interworking 67
5.1 Principles of 3G–WLAN Interworking 67
5.1.1 The General Idea 67
5.1.2 The EAP Framework 69
5.1.3 Overview of EAP-AKA 72
5.2 Security Mechanisms of 3G–WLAN Interworking 75
5.2.1 Reference Model for 3G–WLAN Interworking 75
5.2.2 Security Mechanisms of WLAN Direct IP Access 76
5.2.3 Security Mechanisms of WLAN 3GPP IP Access 78
5.3 Cryptographic Algorithms for 3G–WLAN Interworking 81
6 EPS Security Architecture 83
6.1 Overview and Relevant Specifications 83
6.1.1 Need for Security Standardization 85
6.1.2 Relevant Nonsecurity Specifications 87
6.1.3 Security Specifications for EPS 88
6.2 Requirements and Features of EPS Security 89
6.2.1 Threats against EPS 90
6.2.2 EPS Security Features 91
6.2.3 How the Features Meet the Requirements 95
6.3 Design Decisions for EPS Security 97
6.4 Platform Security for Base Stations 103
6.4.1 General Security Considerations 103
6.4.2 Specification of Platform Security 103
6.4.3 Exposed Position and Threats 103
6.4.4 Security Requirements 104
7 EPS Authentication and Key Agreement 109
7.1 Identification 109
7.1.1 User Identity Confidentiality 110
7.1.2 Terminal Identity Confidentiality 111
7.2 The EPS Authentication and Key Agreement Procedure 112
7.2.1 Goals and Prerequisites of EPS AKA 112
7.2.2 Distribution of EPS Authentication Vectors from HSS to MME 114
7.2.3 Mutual Authentication and Establishment of a Shared Key between the Serving Network and the UE 118
7.2.4 Distribution of Authentication Data inside and between Serving Networks 122
7.3 Key Hierarchy 123
7.3.1 Key Derivations 124
7.3.2 Purpose of the Keys in the Hierarchy 125
7.3.3 Cryptographic Key Separation 127
7.3.4 Key Renewal 128
7.4 Security Contexts 129
7.4.1 EPS Security Context 129
7.4.2 EPS NAS Security Context 130
7.4.3 UE Security Capabilities 130
7.4.4 EPS AS Security Context 130
7.4.5 Native versus Mapped Contexts 130
7.4.6 Current versus Non-current Contexts 131
7.4.7 Key Identification 131
7.4.8 EPS Security Context Storage 131
7.4.9 EPS Security Context Transfer 132
8 EPS Protection for Signalling and User Data 133
8.1 Security Algorithms Negotiation 133
8.1.1 Mobility Management Entities 134
8.1.2 Base Stations 135
8.2 NAS Signalling Protection 136
8.2.1 NAS Security Mode Command Procedure 136
8.2.2 NAS Signalling Protection 137
8.3 AS Signalling and User Data Protection 138
8.3.1 AS Security Mode Command Procedure 138
8.3.2 RRC Signalling and User Plane Protection 138
8.3.3 RRC Connection Re-establishment 140
8.4 Security on Network Interfaces 141
8.4.1 Application of NDS to EPS 141
8.4.2 Security for Network Interfaces of Base Stations 142
8.5 Certificate Enrolment for Base Stations 143
8.5.1 Enrolment Scenario 143
8.5.2 Enrolment Principles 144
8.5.3 Enrolment Architecture 147
8.5.4 CMPv2 Protocol and Certificate Profiles 148
8.5.5 CMPv2 Transport 149
8.5.6 Example Enrolment Procedure 150
8.6 Emergency Call Handling 151
8.6.1 Emergency Calls with NAS and AS Security Contexts in Place 153
8.6.2 Emergency Calls without NAS and AS Security Contexts 153
8.6.3 Continuation of the Emergency Call When Authentication Fails 154
9 Security in Intra-LTE State Transitions and Mobility 155
9.1 Transitions to and from Registered State 156
9.1.1 Registration 156
9.1.2 Deregistration 156
9.2 Transitions between Idle and Connected States 157
9.2.1 Connection Initiation 158
9.2.2 Back to Idle State 158
9.3 Idle State Mobility 158
9.4 Handover 161
9.4.1 Handover Key Management Requirements Background 161
9.4.2 Handover Keying Mechanisms Background 162
9.4.3 LTE Key Handling in Handover 166
9.4.4 Multiple Target Cell Preparations 168
9.5 Key Change on the Fly 169
9.5.1 KeNB Rekeying 169
9.5.2 KeNB Refresh 169
9.5.3 NAS Key Rekeying 170
9.6 Periodic Local Authentication Procedure 170
9.7 Concurrent Run of Security Procedures 171
10 EPS Cryptographic Algorithms 175
10.1 Null Algorithms 176
10.2 Ciphering Algorithms 177
10.3 Integrity Algorithms 180
10.4 Key Derivation Algorithms 180
11 Interworking Security between EPS and Other Systems 183
11.1 Interworking with GSM and 3G Networks 183
11.1.1 Routing Area Update Procedure in UTRAN or GERAN 186
11.1.2 Tracking Area Update Procedure in EPS 187
11.1.3 Handover from EPS to 3G or GSM 190
11.1.4 Handover from 3G or GSM to EPS 191
11.2 Interworking with Non-3GPP Networks 193
11.2.1 Principles of Interworking with Non-3GPP Networks 193
11.2.2 Authentication and Key Agreement for Trusted Access 201
11.2.3 Authentication and Key Agreement for Untrusted Access 205
11.2.4 Security for Mobile IP Signalling 208
11.2.5 Mobility between 3GPP and Non-3GPP Access Networks 211
12 Security for Voice over LTE 215
12.1 Methods for Providing Voice over LTE 215
12.1.1 IMS over LTE 216
12.1.2 Circuit Switched Fallback (CSFB) 218
12.1.3 Single Radio Voice Call Continuity (SRVCC) 218
12.2 Security Mechanisms for Voice over LTE 220
12.2.1 Security for IMS over LTE 220
12.2.2 Security for Circuit Switched Fallback 228
12.2.3 Security for Single Radio Voice Call Continuity 228
12.3 Rich Communication Suite and Voice over LTE 230
13 Security for Home Base Station Deployment 233
13.1 Security Architecture, Threats and Requirements 234
13.1.1 Scenario 234
13.1.2 Threats and Risks 237
13.1.3 Requirements 239
13.1.4 Security Architecture 240
13.2 Security Features 241
13.2.1 Authentication 241
13.2.2 Local Security 243
13.2.3 Communications Security 244
13.2.4 Location Verification and Time Synchronization 244
13.3 Security Procedures Internal to the Home Base Station 244
13.3.1 Secure Boot and Device Integrity Check 245
13.3.2 Removal of Hosting Party Module 245
13.3.3 Loss of Backhaul Link 245
13.3.4 Secure Time Base 246
13.3.5 Handling of Internal Transient Data 246
13.4 Security Procedures between Home Base Station and Security Gateway 247
13.4.1 Device Integrity Validation 247
13.4.2 Device Authentication 247
13.4.3 IKEv2 and Certificate Profiling 250
13.4.4 Certificate Processing 253
13.4.5 Combined Device-Hosting Party Authentication 255
13.4.6 Authorization and Access Control 256
13.4.7 IPsec Tunnel Establishment 258
13.4.8 Verification of HeNB Identity and CSG Access 258
13.4.9 Time Synchronization 260
13.5 Security Aspects of Home Base Station Management 261
13.5.1 Management Architecture 261
13.5.2 Management and Provisioning during Manufacturing 264
13.5.3 Preparation for Operator-Specific Deployment 266
13.5.4 Relationships between HeNB Manufacturer and Operator 267
13.5.5 Security Management in Operator Network 267
13.5.6 Protection of Management Traffic 268
13.5.7 Software Download 270
13.5.8 Location Verification 272
13.6 Closed Subscriber Groups and Emergency Call Handling 275
13.6.1 UE Access Control to HeNBs 275
13.6.2 Emergency Calls 276
13.7 Support for Subscriber Mobility 277
13.7.1 Mobility Scenarios 277
13.7.2 Direct Interfaces between HeNBs 278
14 Relay Node Security 281
14.1 Overview of Relay Node Architecture 281
14.1.1 Basic Relay Node Architecture 281
14.1.2 Phases for Start-Up of Relay Nodes 283
14.2 Security Solution 284
14.2.1 Security Concepts 284
14.2.2 Security Procedures 288
14.2.3 Security on the Un Interface 290
14.2.4 USIM and Secure Channel Aspects 290
14.2.5 Enrolment Procedures 291
14.2.6 Handling of Subscription and Certificates 291
15 Security for Machine-Type Communications 293
15.1 Security for MTC at the Application Level 294
15.1.1 MTC Security Framework 295
15.1.2 Security (Kmr) Bootstrapping Options 298
15.1.3 Connection (Kmc) and Application-Level Security Association (Kma) Establishment Procedures 301
15.2 Security for MTC at the 3GPP Network Level 301
15.2.1 3GPP System Improvements for MTC 301
15.2.2 Security Related to 3GPP System Improvements for MTC 303
15.3 Security for MTC at the Credential Management Level 306
15.3.1 Trusted Platform in the Device 307
15.3.2 Embedded UICC 307
15.3.3 Remote Management of Credentials 308
16 Future Challenges 309
16.1 Near-Term Outlook 309
16.1.1 Security for Relay Node Architectures 309
16.1.2 Security for Interworking of 3GPP Networks and Fixed Broadband Networks 310
16.1.3 Security for Voice over LTE 310
16.1.4 Security for Machine-Type Communication 311
16.1.5 Security for Home Base Stations 311
16.1.6 New Cryptographic Algorithms 312
16.1.7 Public Warning System 313
16.1.8 Proximity Services 314
16.2 Far-Term Outlook 314
Abbreviations 319
References 327
Index 337