LTE SN Serving Network HE Home Environment AN

LTE之安全架構概要 縮寫說明 SN: Serving Network HE: Home Environment AN: Access Network ME: Mobile Equipment USIM: Universal Subscriber Identity Module 5

LTE之安全架構說明 • 上頁的安全架構圖定義五種原件間連線之集合的安全特性 – 網路存取安全 Network access security (I) – 網路域安全 Network domain security (II) – 用戶域安全 User domain security (III) – 應用域安全 Application domain security (IV) – 安全的可視性及可配置性 Visibility and configurability of security (V) 6

EPS加密演算法 • 使用 128位元的金鑰 (Null ciphering algorithm除外) • 以 4位元的識別碼去決定EPS加密演算法(EPS Encryption Algorithm；EEA) 識別碼 EPS加密演算法 0000 EEA 0 0001 128 -EEA 1 SNOW 3 G based algorithm 0010 128 -EEA 2 AES based algorithm 0011 128 -EEA 3 ZUC based algorithm 說明 Null ciphering algorithm 12

EPS完證性演算法 • 使用 128位元的金鑰 (Null integrity protection algorithm除外) • 以 4位元的識別碼去決定EPS完整性演算法(EPS Integrity Algorithm；EEA) 識別碼 EPS完整性演算法 0000 EIA 0 0001 128 -EIA 1 SNOW 3 G based algorithm 0010 128 -EIA 2 AES based algorithm 0011 128 -EIA 3 ZUC based algorithm 說明 Null integrity protection algorithm 13

UE與EPC原件之間的安全程序 • • Authentication and key agreement EPS Key hierarchy LTE保密性機制 LTE完整性機制 18

AKA之流程概要(1/2) ME/USIM e. NB MME NAS attach request HSS/Au. C Authentication data request NAS authentication request (AUTN, RAND, KSIASME) NAS authentication response (RES) 20 Authentication data response

AKA之流程概要(2/2) ME/USIM e. NB MME NAS Security Mode Command (confidentiality and integrity algorithms) NAS Security Mode Complete S 1 AP Initial Context Setup RRC Security Mode Command (confidentiality and integrity algorithms) RRC Security Mode Complete 21 HSS/Au. C

Successful EPS AKA authentication ME/USIM MME User authentication request (RAND, AUTN, KSIASME ) User authentication response (RES) 22

Distribution of authentication data from HE to MME HE Authentication data request IMSI, SN identity, Network Type Authentication data response EPS-Authentication Vector (s) 23

User identity query MME HE Identity Request Identity Response (IMSI) 24

Distribution of IMSI and authentication data within one serving network domain MMEo GUTIo || Complete TAU message IMSI || authentication data 縮寫說明 GUTI: Globally Unique Temporary Identity IMSI: International Mobile Subscriber Identity TAU: Tracking Area Update 25

Distribution of IMSI and authentication data within one serving network domain (Cont. ) • 此 程 序 的 目 的 在 讓 previously visited MME (MMEn)提 供 authentication data給 同 一 個 serving network domain 下 的 newly visited MME (MMEn) • MMEn首 先 傳 送 ME/USIM的 GUTIo與 所 收 到 的 TAU message. • MMEo由資料庫搜尋使用者的資訊，並回傳對應的IMSI與 authentication data給MMEn • MMEn即可使用authentication data後續與ME/USIM做身份 認證與金鑰協定 26

EPS金鑰的產生 (for network nodes) 縮寫說明 KDF: Key Derivation Function NH: Next Hop 29

EPS金鑰的產生 (for ME) 縮寫說明 KDF: Key Derivation Function NH: Next Hop 30

非存取層安全模式命令程序 MME ME Start integrity protection NAS Security Mode Command (e. KSI, UE security capabilities, Ciphering algorithm, Integrity algorithm, [IMEISV request, ] [NONCEUE , NONCEMME, ] NAS-MAC) Start uplink ciphering Verify NAS SMC integrity. If successful, start ciphering/ deciphering and integrity protection and send NAS Security Mode Complete ([IMEISV, ] NAS-MAC) Start downlink ciphering 35

存取層安全模式命令程序 e. NB ME Start RRC integrity protection AS Security Mode Command (Integrity algorithm, Ciphering algorithm, MAC-I) Start RRC/UP downlink ciphering Verify AS SMC integrity. If successful, start RRC integrity protection, RRC/UP downlink deciphering, and send AS Security Mode Complete (MAC-I) Start RRC/UP uplink ciphering 39 Start RRC/UP uplink deciphering

換手之金鑰處理 縮寫說明 NH: Next Hop parameter NCC: NH Chaining Counter PCI: Physical Cell Identity 43

週期性的區域驗證之訊號程序 ME e. NB Counter Check Response Optionally release connection or report to MME or O&M server 45

週期性的區域驗證之訊號程序 (Cont. ) • e. NB首 先 送 出 Counter check request訊 息 ， 此 訊 息 包 括 PDCP COUNT values • 當UE收到 Counter check request， UE比對e. NB所傳送的 PDCP COUNT values與 其 radio bearers的 PDCP COUNT values，然後回傳回傳Counter Check Response 訊息 • 若e. NB收到的counter check response訊息不含任何PDCP COUNT values，就結束此程序 • 若e. NB收到的counter check response 包含一個或多個PDCP COUNT values時 ， e. NB就 會 釋 放 連 結 或 將 不 同 PDCP COUNT values的資訊回報給serving MME或O&M伺服器。 此回報可用來做流量分析以偵測是否有遭受到攻擊 47

參考資料 • ETSI TS 133 102 V 12. 2. 0 (2015 -01). Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3 G security; Security architecture (3 GPP TS 33. 102 version 12. 2. 0 Release 12) • ETSI TS 133. 401 V 13. 1. 0 (2016 -01). Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; 3 GPP System Architecture Evolution (SAE); Security architecture (3 GPP TS 33. 401 version 13. 1. 0 Release 13) 48

附錄： 3 GPP之安全性標準參考 LTE Security Lawful Interception Key Derivation Function: Backhaul Security Relay Node Security Home e. Node. B Security: 3 GPP TS 33. 401 3 GPP TS 33. 106 3 GPP TS 33. 220 3 GPP TS 33. 310 3 GPP TS 33. 816 3 GPP TS 33. 320 3 GPP TS 33. 402 3 GPP TS 33. 107 3 GPP TS 33. 108 49