COMMUNICATION SECURITY LECTURE 8 LTE Dr Shahriar Bijani
COMMUNICATION SECURITY LECTURE 8: LTE Dr. Shahriar Bijani Shahed University Spring 2016
MAIN REFERENCES Iyappan Ramachandran, A Deeper Look at LTE, Agilent Technologies, 2010.
CELLULAR COMMS EVOLUTION 3 GPP – collaboration for 3 G based on GSM GPRS EDGE WCDMA HSPA+ TDSCDMA TDHSPA+ 3 GPP 2 – collaboration for 3 G based on IS-95 CDMA 2000 EV-DO LTE
3 GPP STANDARDS Release 4 (all IP) Start Date 2001 … Release 7 Release 8 (LTE) Release 10 (LTE Advanced) Release 13 Release 14 2007 -8 2008 -9 2016 2017
5 Extract from ”Towards Global Mobile Broadband” A White Paper from the UMTS Forum
ARCHITECTURE UE – User Equipment e. Node. B – evolved Node. B (BS) S-GW – Serving Gateway P-GW – PDN Gateway MME – Mobility Management Entity HSS – Home Subscriber Server PCRF – Policy Rules and Charging Control Function
ELEMENTS HSS – Home Subscriber Server – stores subscriber information, roaming capabilities, Qo. S profiles, current registration; may integrate AUC functionality P-GW – PDN Gateway – allocates UE IP address, Qo. S enforcement, filters downlink packets in different Qo. S bearers S-GW – Serving Gateway local mobility node as UE switches between e. Node. Bs, buffers downlink data until paging completes, charging for visiting users MME – Mobile Management Entity controls flow between UE and CN (corresponding node) – handles idle mobility PCRF – Policy Control and Charging Rules Function – charging, policy control, Qo. S authorization
4 G (LTE) LTE stands for Long Term Evolution Next Generation mobile broadband technology Promises data transfer rates of 100 Mbps Based on UMTS 3 G technology Optimized for All-IP traffic
ADVANTAGES OF LTE
COMPARISON OF LTE SPEED
MAJOR LTE RADIO TECHNOGIES Uses Orthogonal Frequency Division Multiplexing (OFDM) for downlink Uses Single Carrier Frequency Division Multiple Access (SC-FDMA) for uplink Uses Multi-input Multi-output(MIMO) for enhanced throughput Reduced power consumption Higher RF power amplifier efficiency (less battery power used by handsets)
LTE ARCHITECTURE
LTE VS UMTS Functional changes compared to the current UMTS architecture
LTE PERFORMANCE REQUIREMENTS Data Rate: � Instantaneous downlink peak data rate of 100 Mbit/s in a 20 MHz downlink spectrum (i. e. 5 bit/s/Hz) � Instantaneous uplink peak data rate of 50 Mbit/s in a 20 MHz uplink spectrum (i. e. 2. 5 bit/s/Hz) Cell range � 5 km - optimal size � 30 km sizes with reasonable performance � up to 100 km cell sizes supported with acceptable performance Cell capacity � up to 200 active users per cell(5 MHz) (i. e. , 200 active data clients)
LTE PERFORMANCE REQUIREMENTS Mobility �Optimized for low mobility(0 -15 km/h) but supports high speed Latency � user plane < 5 ms � control plane < 50 ms ØImproved spectrum efficiency Ø Cost-effective migration from Release 6 Universal Terrestrial Radio Access (UTRA) radio interface and architecture ØImproved broadcasting ØIP-optimized ØScalable bandwidth of 20 MHz, 15 MHz, 10 MHz, 5 MHz and <5 MHz Ø Co-existence with legacy standards (users can transparently start a call or transfer of data in an area using an LTE standard, and, when there is no coverage, continue the operation without any action on their part using GSM/GPRS or W-CDMA-based UMTS)
KEY FEATURES OF LTE • Multiple access scheme Ø Downlink: OFDMA Ø Uplink: Single Carrier FDMA (SC-FDMA) • Adaptive modulation and coding Ø DL modulations: QPSK, 16 QAM, and 64 QAM Ø UL modulations: QPSK and 16 QAM Ø Rel-6 Turbo code: Coding rate of 1/3, two 8 -state constituent encoders, and a contention- free internal interleaver. • Bandwidth scalability for efficient operation in differently sized allocated spectrum bands • Possible support for operating as single frequency network (SFN) to support MBMS
KEY FEATURES OF LTE(CONTD. ) § Multiple Antenna (MIMO) technology for enhanced data rate and performance. § ARQ within RLC sublayer and Hybrid ARQ within MAC sublayer. § Power control and link adaptation § Implicit support for interference coordination § Support for both FDD and TDD § Channel dependent scheduling & link adaptation for enhanced performance. § Reduced radio-access-network nodes to reduce cost, protocol-related processing time & call set-up time
3 GPP EVOLUTION Ø Release 99 (2000): UMTS/WCDMA Ø Release 5 (2002) : HSDPA Ø Release 6 (2005) : HSUPA, MBMS(Multimedia Broadcast/Multicast Services) Ø Release 7 (2007) : DL MIMO, IMS (IP Multimedia Subsystem), optimized real-time services (Vo. IP, gaming, push-to-talk). Ø Release 8(2009? ) : LTE (Long Term Evolution) Long Term Evolution (LTE) • 3 GPP work on the Evolution of the 3 G Mobile System started in November 2004. • Currently, standardization in progress in the form of Rel-8. • Specifications scheduled to be finalized by the end of mid 2008. • Target deployment in 2010.
MOTIVATION §Need for higher data rates and greater spectral efficiency Can be achieved with HSDPA/HSUPA Ø and/or new air interface defined by 3 GPP LTE Ø §Need for Packet Switched optimized system Ø Evolve UMTS towards packet only system §Need for high quality of services Use of licensed frequencies to guarantee quality of services Ø Always-on experience (reduce control plane latency significantly) Ø Reduce round trip delay Ø §Need for cheaper infrastructure Ø Simplify architecture, reduce number of network elements
[Source: Technical Overview of 3 GPP Long Term Evolution (LTE) Hyung G. Myung] LTE NETWORK ARCHITECTURE [Source: Technical Overview of 3 GPP Long Term Evolution (LTE) Hyung G. Myung http: //hgmyung. googlepages. com/3 gpp. LTE. pdf
SAE [Source: http: //www. 3 gpp. org/Highlights/LTE. htm]
EVOLVED PACKET CORE(EPC) MME (Mobility Management Entity): -Manages and stores the UE control plane context, generates temporary Id, provides UE authentication, authorization, mobility management UPE (User Plane Entity): -Manages and stores UE context, ciphering, mobility anchor, packet routing and forwarding, initiation of paging 3 GPP anchor: -Mobility anchor between 2 G/3 G and LTE SAE anchor: -Mobility anchor between 3 GPP and non 3 GPP (I-WLAN, etc)
E-UTRAN ARCHITECTURE [Source: E-UTRAN Architecture(3 GPP TR 25. 813 ]7. 1. 0 (2006 -09))]
USER-PLANE PROTOCOL STACK [Source: E-UTRAN Architecture(3 GPP TR 25. 813 ]7. 1. 0 (2006 -09))]
CONTROL-PLANE PROTOCOL STACK [Source: E-UTRAN Architecture(3 GPP TR 25. 813 ]7. 1. 0 (2006 -09))]
LTE KEY FEATURES § High Spectral Efficiency more customers, less § Co-existence with other standards Flexible radio planning (cell size of 5 km 30/100 km) Reduced Latency less RTT, multi-player gaming, § § costs audio/video conferencing Reduced costs for operators (OPEX & CAPEX) Increased data rates via enhanced air interface (OFDMA, SC-FDMA, MIMO) § All-IP environment SAE or EPC 28 key advantages of SAE
STANDARDIZED QOS CLASS IDENTIFIERS (QCI) GBR – Guaranteed Bit-Rate
USER PLANE PROTOCOL STACK � PDCP – Packet Data Convergence Protocol � RLC – Radio Link Control � GTP-U – GPRS Tunneling Protocol – User Plane
CONTROL PLANE PROTOCOL STACK � NAS – Non-Access Stratum � RRC – Radio Resource Control � PDCP – Packet Data Convergence Protocol � RLC – Radio Link Control � STCP – Stream Transport Control Protocol
LAYER 2 The three sublayers are Medium access Control(MAC) Radio Link Control(RLC) Packet Data Convergence Protocol(PDCP) [Source: E-UTRAN Architecture(3 GPP TR 25. 012 ]
LAYER 2 MAC (media access control) protocol handles uplink and downlink scheduling and HARQ signaling. Ø Performs mapping between logical and transport channels. Ø RLC (radio link control) protocol focuses on lossless transmission of data. Ø In-sequence delivery of data. Ø Provides 3 different reliability modes for data transport. They are Ø § Acknowledged Mode (AM)-appropriate for non-RT (NRT) services such as file downloads. § Unacknowledged Mode (UM)-suitable for transport of Real Time (RT) services because such services are delay sensitive and cannot wait for retransmissions § Transparent Mode (TM)-used when the PDU sizes are known a priori such as for broadcasting system information.
LAYER 2 PDCP (packet data convergence protocol) Ø handles the header compression and security functions of the radio interface RRC (radio resource control) protocol Ø handles radio bearer setup Ø active mode mobility management Broadcasts of system information, while the NAS protocols deal with idle mode mobility management and service setup Ø
LTE ADVANCED Features � 100 MHz Bandwidth supported � 1 Gbps DL, 500 Mbps UL � Carrier Aggregation � Relays
CARRIER AGGREGATION
CARRIER AGGREGATION
ENHANCED TECHNIQUES TO EXTEND COVERAGE AREA AND/OR DATA RATES
LTE VS. LTE-ADVANCED
Fataneh Safavieh, Long Term Evolution and its security infrastructure, Bonn University, 2011.
SECURITY IN THE LTE-SAE NETWORK 53 Security features in the network (from TS 33. 401 - Fig. 4 -1)
SECURITY FEATURES IN THE LTE Five security feature groups defined in TS 33. 401 § (I): Network access security Ø Ø § (II): Network domain security Ø Ø § Provides secure access to mobile stations (IV): Application domain security Ø § enables nodes to exchange signaling- & user- data securely protects against attacks on the wire line network (III): User domain security Ø § provides users with secure access to services protects against attacks on the access interface enables applications in the user & provider domains to exchnage messages securely (V): Visibility and configurability of security Ø allows the users to learn whether a security feature is in operation 54
AUTHENTICATION & KEY AGREEMENT § § HSS generates authentication data and provides it to MME Challenge-response authentication and key agreement procedure between MME and UE 56 4 th ETSI Security Workshop - Sophia-Antipolis , 13 -14 January 2009
- Slides: 44