What is included with this book?
Günther Horn, Nokia Siemens Networks, Germany
Dr Horn is a senior standardization expert at Nokia Siemens Networks. The focus of his work is on the standardization of 3G and SAE/LTE security in the 3GPPP security group (SA3), of which he has been a member since it started in 1999.
Wolf-Dietrich Moeller, Nokia Siemens Networks, Germany
Wolf-Dietrich Moeller is a senior researcher with Nokia Siemens Networks.
Valtteri Niemi, University of Turku, Finland and Nokia Corporation, Finland
Dr Niemi is a Professor of Mathematics in University of Turku, Finland and also a Nokia Fellow, for which role he is based at the Nokia Research Center in Helsinki, Finland. Prof. Niemi’s work has been on security and privacy issues of future mobile networks and terminals, the main emphasis being on cryptological aspects. He participated in the 3GPP SA3 (security) standardization group from the beginning, and during 2003-2009 he was the chairman of the group.
Foreword to the First Edition
Preface
Acknowledgements
Copyright Acknowledgements
1 Overview of the Book
2 Background
2.1 Evolution of Cellular Systems
2.1.1 Third-Generation Network Architecture
2.1.2 Important Elements of the 3G Architecture
2.1.3 Functions and Protocols in the 3GPP System
2.1.4 The EPS System
2.2 Basic Security Concepts
2.2.1 Information Security
2.2.2 Design Principles
2.2.3 Communication Security Features
2.3 Basic Cryptographic Concepts
2.3.1 Cryptographic Functions
2.3.2 Securing Systems with Cryptographic Methods
2.3.3 Symmetric Encryption Methods
2.3.4 Hash Functions
2.3.5 Public-Key Cryptography and PKI
2.3.6 Cryptanalysis
2.4 Introduction to LTE Standardization
2.4.1 Working Procedures in 3GPP
2.5 Notes on Terminology and Specification Language
2.5.1 Terminology
2.5.2 Specification Language
3 GSM Security
3.1 Principles of GSM Security
3.2 The Role of the SIM
3.3 Mechanisms of GSM Security
3.3.1 Subscriber Authentication in GSM
3.3.2 GSM Encryption
3.3.3 GPRS Encryption
3.3.4 Subscriber Identity Confidentiality
3.4 GSM Cryptographic Algorithms
4 Third-Generation Security (UMTS)
4.1 Principles of Third-Generation (3G) Security
4.1.1 Elements of GSM Security Carried over to 3G
4.1.2 Weaknesses in GSM Security
4.1.3 Higher Level Objectives
4.2 Third-Generation Security Mechanisms
4.2.1 Authentication and Key Agreement
4.2.2 Ciphering Mechanism
4.2.3 Integrity Protection Mechanism
4.2.4 Identity Confidentiality Mechanism
4.3 Third-Generation Cryptographic Algorithms
4.3.1 KASUMI
4.3.2 UEA1 and UIA1
4.3.3 SNOW3G, UEA2 and UIA2
4.3.4 MILENAGE
4.3.5 Hash Functions
4.4 Interworking between GSM and 3G Security
4.4.1 Interworking Scenarios
4.4.2 Cases with SIM
4.4.3 Cases with USIM
4.4.4 Handovers between GSM and 3G
4.5 Network Domain Security
4.5.1 Generic Security Domain Framework
4.5.2 Security Mechanisms for NDS
4.5.3 Application of NDS
4.6 Architectures with RNCs in Exposed Locations
5 3G–WLAN Interworking
5.1 Principles of 3G–WLAN Interworking
5.1.1 The General Idea
5.1.2 The EAP Framework
5.1.3 Overview of EAP-AKA
5.2 Security Mechanisms of 3G–WLAN Interworking
5.2.1 Reference Model for 3G–WLAN Interworking
5.2.2 Security Mechanisms of WLAN Direct IP Access
5.2.3 Security Mechanisms of WLAN 3GPP IP Access
5.3 Cryptographic Algorithms for 3G–WLAN Interworking
6 EPS Security Architecture
6.1 Overview and Relevant Specifications
6.1.1 Need for Security Standardization
6.1.2 Relevant Nonsecurity Specifications
6.1.3 Security Specifications for EPS
6.2 Requirements and Features of EPS Security
6.2.1 Threats against EPS
6.2.2 EPS Security Features
6.2.3 How the Features Meet the Requirements
6.3 Design Decisions for EPS Security
6.4 Platform Security for Base Stations
6.4.1 General Security Considerations
6.4.2 Specification of Platform Security
6.4.3 Exposed Position and Threats
6.4.4 Security Requirements
7 EPS Authentication and Key Agreement
7.1 Identification
7.1.1 User Identity Confidentiality
7.1.2 Terminal Identity Confidentiality
7.2 The EPS Authentication and Key Agreement Procedure
7.2.1 Goals and Prerequisites of EPS AKA
7.2.2 Distribution of EPS Authentication Vectors from HSS to MME
7.2.3 Mutual Authentication and Establishment of a Shared Key between
the Serving Network and the UE
7.2.4 Distribution of Authentication Data inside and between Serving
Networks
7.3 Key Hierarchy
7.3.1 Key Derivations
7.3.2 Purpose of the Keys in the Hierarchy
7.3.3 Cryptographic Key Separation
7.3.4 Key Renewal
7.4 Security Contexts
7.4.1 EPS Security Context
7.4.2 EPS NAS Security Context
7.4.3 UE Security Capabilities
7.4.4 EPS AS Security Context
7.4.5 Native versus Mapped Contexts
7.4.6 Current versus Non-current Contexts
7.4.7 Key Identification
7.4.8 EPS Security Context Storage
7.4.9 EPS Security Context Transfer
8 EPS Protection for Signalling and User Data
8.1 Security Algorithms Negotiation
8.1.1 Mobility Management Entities
8.1.2 Base Stations
8.2 NAS Signalling Protection
8.2.1 NAS Security Mode Command Procedure
8.2.2 NAS Signalling Protection
8.3 AS Signalling and User Data Protection
8.3.1 AS Security Mode Command Procedure
8.3.2 RRC Signalling and User Plane Protection
8.3.3 RRC Connection Re-establishment
8.4 Security on Network Interfaces
8.4.1 Application of NDS to EPS
8.4.2 Security for Network Interfaces of Base Stations
8.5 Certificate Enrolment for Base Stations
8.5.1 Enrolment Scenario
8.5.2 Enrolment Principles
8.5.3 Enrolment Architecture
8.5.4 CMPv2 Protocol and Certificate Profiles
8.5.5 CMPv2 Transport
8.5.6 Example Enrolment Procedure
8.6 Emergency Call Handling
8.6.1 Emergency Calls with NAS and AS Security Contexts in Place
8.6.2 Emergency Calls without NAS and AS Security Contexts
8.6.3 Continuation of the Emergency Call When Authentication Fails
9 Security in Intra-LTE State Transitions and Mobility
9.1 Transitions to and from Registered State
9.1.1 Registration
9.1.2 Deregistration
9.2 Transitions between Idle and Connected States
9.2.1 Connection Initiation
9.2.2 Back to Idle State
9.3 Idle State Mobility
9.4 Handover
9.4.1 Handover Key Management Requirements Background
9.4.2 Handover Keying Mechanisms Background
9.4.3 LTE Key Handling in Handover
9.4.4 Multiple Target Cell Preparations
9.5 Key Change on the Fly
9.5.1 KeNB Rekeying
9.5.2 KeNB Refresh
9.5.3 NAS Key Rekeying
9.6 Periodic Local Authentication Procedure
9.7 Concurrent Run of Security Procedures
10 EPS Cryptographic Algorithms
10.1 Null Algorithms
10.2 Ciphering Algorithms
10.3 Integrity Algorithms
10.4 Key Derivation Algorithms
11 Interworking Security between EPS and Other Systems
11.1 Interworking with GSM and 3G Networks
11.1.1 Idle State Signalling Reduction
11.1.2 Routing Area Update Procedure in UTRAN or GERAN
11.1.3 Tracking Area Update Procedure in EPS
11.1.4 Handover from EPS to 3G or GSM
11.1.5 Handover from 3G or GSM to EPS
11.2 Interworking with Non-3GPP Networks
11.2.1 Principles of Interworking with Non-3GPP Networks
11.2.2 Authentication and Key Agreement for Trusted Access
11.2.3 Authentication and Key Agreement for Untrusted Access
11.2.4 Security for Mobile IP Signalling
11.2.5 Mobility between 3GPP and Non-3GPP Access Networks
12 Security for Voice over LTE
12.1 Methods for Providing Voice over LTE
12.1.1 IMS over LTE
12.1.2 Circuit Switched Fallback (CSFB)
12.1.3 Single Radio Voice Call Continuity (SRVCC)
12.2 Security Mechanisms for VoLTE
12.2.1 Security for IMS over LTE
12.2.2 Security for Circuit Switched Fallback
12.2.3 Security for Single Radio Voice Call Continuity
12.3 Rich Communication Suite and Voice over LTE
13 Security for Home Base Station Deployment
13.1 Security Architecture, Threats and Requirements
13.1.1 Scenario
13.1.2 Threats and Risks
13.1.3 Requirements
13.1.4 Security Architecture
13.2 Security Features
13.2.1 Authentication
13.2.2 Local Security
13.2.3 Communications Security
13.2.4 Location Verification and Time Synchronization
13.3 Security Procedures Internal to the Home Base Station
13.3.1 Secure Boot and Device Integrity Check
13.3.2 Removal of Hosting Party Module
13.3.3 Loss of Backhaul Link
13.3.4 Secure Time Base
13.3.5 Handling of Internal Transient Data
13.4 Security Procedures between Home Base Station and Security Gateway
13.4.1 Device Integrity Validation
13.4.2 Device Authentication
13.4.3 IKEv2 and Certificate Profiling
13.4.4 Certificate Processing
13.4.5 Combined Device-Hosting Party Authentication
13.4.6 Authorization and Access Control
13.4.7 IPsec Tunnel Establishment
13.4.8 Verification of HeNB Identity and CSG Access
13.4.9 Time Synchronization
13.5 Security Aspects of Home Base Station Management
13.5.1 Management Architecture
13.5.2 Management and Provisioning during Manufacturing
13.5.3 Preparation for Operator-Specific Deployment
13.5.4 Relationships between HeNB Manufacturer and Operator
13.5.5 Security Management in Operator Network
13.5.6 Protection of Management Traffic
13.5.7 Software Download
13.5.8 Location Verification
13.6 Closed Subscriber Groups and Emergency Call Handling
13.6.1 UE Access Control to HeNBs
13.6.2 Emergency Calls
13.7 Support for Subscriber Mobility
13.7.1 Mobility Scenarios
13.7.2 Direct Interfaces between HeNBs
14 Relay Node Security
14.1 Overview of Relay Node Architecture
14.1.1 Basic Relay Node Architecture
14.1.2 Phases for Start-Up of Relay Nodes
14.2 Security Solution
14.2.1 Security Concepts
14.2.2 Security Procedures
14.2.3 Security on the Un Interface
14.2.4 USIM and Secure Channel Aspects
14.2.5 Enrolment Procedures
14.2.6 Handling of Subscription and Certificates
15 Security for Machine-Type Communications
15.1 Security for MTC at the Application Level
15.1.1 MTC Security Framework
15.1.2 Security (Kmr) Bootstrapping Options
15.1.3 Connection (Kmc) and Application-Level Security Association
(Kma) Establishment Procedures
15.2 Security for MTC at the 3GPP Network Level
15.2.1 3GPP System Improvements for MTC
15.2.2 Security Related to 3GPP System Improvements for MTC
15.3 Security for MTC at the Credential Management Level
15.3.1 Trusted Platform in the Device
15.3.2 Embedded UICC
15.3.3 Remote Management of Credentials
16 Future Challenges
16.1 Near-Term Outlook
16.1.1 Security for Relay Node Architectures
16.1.2 Security for Interworking of 3GPP Networks and Fixed Broadband
Networks
16.1.3 Security for Voice over LTE
16.1.4 Security for Machine-Type Communication
16.1.5 Security for Home Base Stations
16.1.6 New Cryptographic Algorithms
16.1.7 Public Warning System
16.2 Far-Term Outlook
Abbreviations
References
Index
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.