1

3GPP SA3 status

Valtteri Niemi, SA3 Chairman

Nokia Research Center

Lausanne, Switzerland

ITU-T security workshop

Geneva, Switzerland, 9-10 February 2009

2

Outline

• Some history and background• SAE/LTE security: some highlights• Home (e)NodeB security• Other work items

3

Some history and background

4

Some history (1/2)• For 3GPP Release 99 (frozen 2000), WG SA3 created 19 new

specifications, e.g. – TS 33.102 “3G security; Security architecture”– 5 specifications (out of these 19) originated by ETSI SAGE,

e.g. TS 35.202 “KASUMI specification”• For Release 4 (frozen 2001), SA3 was kept busy with GERAN

security while ETSI SAGE originated again 5 new specifications, e.g.– TS 35.205-208 for MILENAGE algorithm set

• Release 5 (frozen 2002): SA3 added 3 new specifications, e.g.:– TS 33.203 “IMS security”– TS 33.210 “Network domain security: IP layer”

5

Some history (2/2)• Release 6 (frozen 2005): SA3 added 17 new specifications, e.g.:

– TS 33.246 “Security of MBMS”– TS 33.220-222 “Generic Authentication Architecture”

• Release 7 (frozen 2007): SA3 added 13 new specifications– ETSI SAGE created 5 specifications for UEA2 & UIA2 (incl.

SNOW 3G spec) (TS 35.215-218, TR 35.919)• Release 8 (frozen 2008): SA3 has added 5 new specifications,

e.g.:– TS 33.401 “SAE: Security architecture”– TS 33.402 “SAE: Security with non-3GPP accesses”– (1-2 more TR’s maybe still be included in Rel-8)

6

SAE/LTE security (Rel-8): some highlights

7

SAE/LTE: What and why?SAE = System Architecture Evolution

LTE = Long Term Evolution (of radio networks)

• LTE offers higher data rates, up to 100 Mb/sec• SAE offers optimized (flat) IP-based architecture

• Technical terms:– E-UTRAN = Evolved UTRAN (LTE radio network)– EPC = Evolved Packet Core (SAE core network)– EPS = Evolved Packet System ( = RAN + EPC )

8

Implications on security• Flat architecture:

– All radio access protocols terminate in one node: eNB– IP protocols also visible in eNB

• Security implications due to – Architectural design decisions– Interworking with legacy and non-3GPP networks– Allowing eNB placement in untrusted locations– New business environments with less trusted networks

involved– Trying to keep security breaches as local as possible

• As a result (when compared to UTRAN/GERAN):– Extended Authentication and Key Agreement– More complex key hierarchy– More complex interworking security– Additional security for eNB (compared to NB/BTS/RNC)

9

Home (e) Node B security

10

Home (e)NB architecture

Figure from draft TR 33.820

One of the key concepts: Closed Subscriber Group

UE HeNB SGWinsecure linkOperator’s core network

OAM

11

Threats• Compromise of HeNB credentials

– e.g. cloning of credentials• Physical attacks on HeNB

– e.g. physical tampering• Configuration attacks on HeNB

– e.g. fraudulent software updates• Protocol attacks on HeNB

– e.g. man-in-the-middle attacks• Attacks against the core network

– e.g. Denial of service• Attacks against user data and identity privacy

– e.g. by eavesdropping• Attacks against radio resources and management

12

Other features in past releases of 3GPP

13

IMS home

IMS visited

PS domain

R99 access security

authentication & key agreement security

mechanism agreement

integrity protection

network domain security

IMS (SIP) security (Rel-5)

14

Release 6 highlights

15

WLAN interworking in 3GPP

• WLAN access zone can be connected to cellular core network

• Shared subscriber database & charging & authentication (WLAN Direct IP access)

• Shared services (WLAN 3GPP IP Access)

• Service continuity is the next step

16

MBMS Security Architecture (node layout)

BM-SC

BSFContentServer

BGW

BGW: Bearer Gateway (first hop IP-router)BM-SC: Broadcast/Multicast Service CenterBSF: Bootstrapping Server Function

Mobile Operator Network ContentServer

Internet

BM-SC can reside in home or visited network

17

Generic Authentication Architecture (GAA)

• GAA consists of three parts (Rel-6):• TS 33.220 Generic Bootstrapping

Architecture (GBA) offers generic authentication capability for various applications based on shared secret. Subscriber authentication in GBA is based on HTTP Digest AKA [RFC 3310].

• TS 33.221 Support of subscriber certificates: PKI Portal issues subscriber certificates for UEs and delivers an operator CA certificates. The issuing procedure is secured by using shared keys from GBA.

• TS 33.222 Access to Network Application Function using HTTPS is also based on GBA.

NE

GBA

AP

Certificates

HSS

UE

GAA

Figure from 3GPP TR 33.919

18

Release 7 & 8 highlights

19

Release 7 & 8: security enhancements

• Key establishment for secure UICC-terminal channel (TS 33.110)– Applies, e.g. for secure UICC-terminal channel specified

by ETSI SCP– Built on top of GBA

• Key establishment between UICC hosting device and a remote device (TS 33.259)

• Liberty-3GPP security interworking• GBA push (TS 33.223, Rel-8)

– Applies to several OMA specified features (e.g. BCAST)• Network domain security: Authentication Framework (TS

33.310) enhanced for TLS support• Withdrawal of A5/2 algorithm

20

Work in progress: Rel-9

21

Rel-9 work items

• SAE/LTE: emergence call security• Media security

– End-to-end and end-to-middle protection of media independently of access technology

• Protection against unsolicited communications in IMS

• Remote management of USIM/ISIM for machine-to-machine communications

• Security of Earthquake and Tsunami Warning System

22

For more information:

www.3gpp.org