3 gpp security update ericsson sahlin 20130117

© 3GPP 2012

3GPP Security Update

8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7

J A N U A R Y 2 0 1 3 1

© 3GPP 2012

© 3GPP 2013

Bengt Sahlin

3GPP TSG SA WG3 ChairmanEricsson Research NomadicLab

© 3GPP 2012

Outline

About SA3


J A N U A R Y 2 0 1 3 2

© 3GPP 2012

© 3GPP 2013

About SA3

Security work in Rel-11

Ongoing security work in Rel-12

© 3GPP 2012

3GPP TSG SA WG3 (Security)

The WG has the overall responsibility for security and

privacy in 3GPP systems

• performs analysis of potential threats to these systems

• determines the security and privacy requirements for 3GPP

systems


J A N U A R Y 2 0 1 3 3

© 3GPP 2012

© 3GPP 2013

systems

• specifies the security architectures and protocols

• ensures the availability of cryptographic algorithms which

need to be part of the specifications

© 3GPP 2012

SA3 Document Statistics 2010 -


J A N U A R Y 2 0 1 3 4

© 3GPP 2012

© 3GPP 2013

© 3GPP 2012

Security Work in Rel-11


J A N U A R Y 2 0 1 3 5

© 3GPP 2012

© 3GPP 2013

Stage 2 frozen in March 2012

© 3GPP 2012

Machine Type Communication Security

MTC

Application

Server

CDF/ CGF

SMS-SC/GMSC/IWMSC

SMETsms

Tsp

Gi/SGi

T4

IP-SM

GWLegacy SMS

infrastructure

Internet

Trigger SMS

filtering

Trigger SMS

filtering


J A N U A R Y 2 0 1 3 6

© 3GPP 2012

© 3GPP 2013

RAN

MSCMTC UE

MTC

Application

Server

MME

SGSN

S-GW

GGSN / P-GW

Gi/SGi

Control planeUser planeUm

/Uu

/LTE Uu

MTC

application

Home PLMN

Visited PLMN

MTC – Machine Type Communications

© 3GPP 2012

SSO Applications Security for IMS: GBA

Digest

HSS

BSF

Zh Zn

NAF SLF

Dz

For use in environments where a

UICC or SIM card is not available to

the subscriber

Differences from AKA-based GBA

• mutual authentication procedures

between the UE and the BSF


J A N U A R Y 2 0 1 3 7

© 3GPP 2012

© 3GPP 2013

UE

Ua Ub

GBA

GAA

TLS

HTTP

digest

• UE authenticated with SIP Digest

Credentials using HTTP Digest

• BSF authenticated by TLS server

certificate

• Authentication process protected by a

TLS tunnel

• same key derivation function as

for AKA-based GBA, but different

input parameters

• TLS Master Key used in these

derivations

© 3GPP 2012

EEA3 and EIA3

New integrity and confidentiality algorithms for LTE• based on ZUC

• optional to implement in UEs and eNBs

• specifications found at:

• http://gsmworld.com/our-work/programmes-and-


J A N U A R Y 2 0 1 3 8

© 3GPP 2012

© 3GPP 2013

• http://gsmworld.com/our-work/programmes-and-initiatives/fraud-and-security/gsm_security_algorithms.htm#nav-

General structure of ZUC

© 3GPP 2012

Other Areas

H(e)NB security features for UE mobility scenarios

• - Support of UE mobility scenarios utilizing direct interface between

H(e)NB and H(e)NB

Work on Minimization of Drive Tests (MDT) privacy

Generic security corrections


J A N U A R Y 2 0 1 3 9

© 3GPP 2012

© 3GPP 2013

Corrections to earlier releases

Study on UTRAN Key Hierarchy Enhancements

• TR 33.859 completed

Unsolicited Communication for IMS


Study on IMS P2P security


© 3GPP 2012

Rel-12


J A N U A R Y 2 0 1 3 10

© 3GPP 2012

© 3GPP 2013

© 3GPP 2012

Architecture: Key Strategic Areas

prioritized for Rel-12

1 New business opportunities in the following areas

• Public Safety and Critical Communications

• Group Communications

• Proximity Services, including both Public Safety and Commercial aspects

• Machine Type Communications

• UE Power Consumption, Small Data and Device Triggering

2 WiFi integration


J A N U A R Y 2 0 1 3 11

© 3GPP 2012

© 3GPP 2013

2 WiFi integration

• Network Selection aspects

• S2a Mobility with GTP for WLAN

• Optimized Offloading to WLAN in 3GPP-RAT mobility

3 System capacity and stability

• User Plane congestion

• Core Network Overload

Security work needed for these areas handled by SA3

© 3GPP 2012

Extended IMS Media Plane Security

Support for real-time

media in Rel-9

Current work on security

for:

• IMS Messaging, and in IMS signalling and media plane entities relevant to e2ae security


J A N U A R Y 2 0 1 3 12

© 3GPP 2012

© 3GPP 2013

• IMS Messaging, and in

particular MSRP/TCP

based media

• IMS Conferencing

• Communications diversion

Reference model for key management for the KMS based solution

© 3GPP 2012

Public Warning System (PWS) Security


J A N U A R Y 2 0 1 3 13

© 3GPP 2012

© 3GPP 2013

Objective to provide security for PWS

• Availability, integrity and authentication of the warning

messages

Work still ongoing

© 3GPP 2012

Tunnelling of UE Services over

Restrictive Access Networks

The objective of this work

item is to provide stage-2

specifications to meet the

service requirements for IMS

and PLMN IP based traffic

over restrictive access

Some examples of candidate solutions (draft TR 33.830)


J A N U A R Y 2 0 1 3 14

© 3GPP 2012

© 3GPP 2013

over restrictive access

networks

Study work on IMS part

started in November 2011

Work item approved in

December 2012

© 3GPP 2012

Study Item on Security Assurance

Methodology for 3GPP Network

ElementsConsensus that 3GPP needs to look into the area of

security assurance

SA3 tasked to lead the work

Study ongoing for choosing a methodology to

progress the work


J A N U A R Y 2 0 1 3 15

© 3GPP 2012

© 3GPP 2013

progress the work

• Started in November 2012

© 3GPP 2012

Other Studies

Close to completion

• Security enhancements for usage of GBA from the browser

Ongoing

• Study on Security aspects of Integration of Single Sign-On

(SSO) frameworks with 3GPP networks


J A N U A R Y 2 0 1 3 16

© 3GPP 2012

© 3GPP 2013

(SSO) frameworks with 3GPP networks

• Security Study on Spoofed Call Detection and Prevention

© 3GPP 2012

Thank You !


J A N U A R Y 2 0 1 3 17

© 3GPP 2012

© 3GPP 2013

www.3gpp.org

More

Information

about 3GPP:

[email protected]

3 gpp security update ericsson sahlin 20130117

Documents

Transcript of 3 gpp security update ericsson sahlin 20130117