CSI Mobile Workshop CSICC 20222457846.pdf
banazjalil59
50 views
87 slides
Jul 26, 2024
Slide 1 of 87
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
About This Presentation
Core ip
Slide Content
Mobile Network Architecture & Security
(From 2G to 5G)
Dr. Ali Soleymani, Assistant Professor at Iranians University, [email protected]
Dr. HamidrezaBolhasani, PhD Candidate at SRB-IAU Branch, [email protected]
27
th
International Computer Conference, Computer Society of Iran
(CSICC 2022)
(From 2G to 5G)
Dr. Ali Soleymani, Assistant Professor at Iranians University, [email protected]
Dr. HamidrezaBolhasani, PhD Candidate at SRB-IAU Branch, [email protected]
27
th
International Computer Conference, Computer Society of Iran
(CSICC 2022)
Global System for Mobiles (GSM)
◼Cellular Network or Mobile Network is a communication network where the last link is
wireless.The network is distributed over land areas called cells, each served by at least
one fixed-location transceiver, known as a cell or base station.
◼Cellular Network or Mobile Network is a communication network where the last link is
wireless.The network is distributed over land areas called cells, each served by at least
one fixed-location transceiver, known as a cell or base station.
2G / 3G Overview
GSM /GPRS BSS
BTS
BSC
NodeB
RNC
PCU
UTRAN
SCP
SMS
SCE
PSTN
ISDN
Internet,
Intranet
MSC/VLR
GMSC
HLR/AUC
SGSN
CG
BG
GGSN
GPRS
Other PLMN
IPBB
GSM /GPRS BSS
BTS
BSC
NodeB
RNC
PCU
UTRAN
SCP
SMS
SCE
PSTN
ISDN
Internet,
Intranet
MSC/VLR
GMSC
HLR/AUC
SGSN
CG
BG
GGSN
GPRS
Other PLMN
IPBB
2G Radio
◼BTS (Base Station Transceiver)
BTSisapieceofequipmentthatfacilitateswireless
communicationbetweenuserequipment(UE)andanetwork.
UEsaredeviceslikemobilephones(handsets),WLLphones,
computerswithwirelessInternetconnectivity.
◼BSC (Base Station Controller)
BSCisacriticalmobilenetworkcomponentthatcontrolsone
ormorebasetransceiverstations(BTS),alsoknownasbase
stationsorcellsites.KeyBSCfunctionsincluderadionetwork
management(suchasradiofrequencycontrol),BTShandover
managementandcallsetup.Italsocarriestranscodingof
speechchannels.
◼BTS (Base Station Transceiver)
BTSisapieceofequipmentthatfacilitateswireless
communicationbetweenuserequipment(UE)andanetwork.
UEsaredeviceslikemobilephones(handsets),WLLphones,
computerswithwirelessInternetconnectivity.
◼BSC (Base Station Controller)
BSCisacriticalmobilenetworkcomponentthatcontrolsone
ormorebasetransceiverstations(BTS),alsoknownasbase
stationsorcellsites.KeyBSCfunctionsincluderadionetwork
management(suchasradiofrequencycontrol),BTShandover
managementandcallsetup.Italsocarriestranscodingof
speechchannels.
3G Radio
◼NodeB
NodeBisatermusedinUMTSequivalenttotheBTS
(basetransceiverstation)descriptionusedinGSM.
◼RNC (Radio Network Controller)
RNCisagoverningelementintheUMTSradioaccess
network(UTRAN)andisresponsibleforcontrollingthe
NodeBsthatareconnectedtoit.TheRNCcarriesout
radioresourcemanagement,someofthemobility
managementfunctionsandisthepointwhereencryption
isdonebeforeuserdataissenttoandfromthemobile.
◼NodeB
NodeBisatermusedinUMTSequivalenttotheBTS
(basetransceiverstation)descriptionusedinGSM.
◼RNC (Radio Network Controller)
RNCisagoverningelementintheUMTSradioaccess
network(UTRAN)andisresponsibleforcontrollingthe
NodeBsthatareconnectedtoit.TheRNCcarriesout
radioresourcemanagement,someofthemobility
managementfunctionsandisthepointwhereencryption
isdonebeforeuserdataissenttoandfromthemobile.
Terminologies -IMSI
MCC MNC MSIN
3 digits 2/3 digits
Not more than 15 digits
IMSI (International Mobile Subscriber Identity)
NMSI
MCC:Mobile Country Code
MNC:Mobile Network Code
MSIN:Mobile Station Identification Number
NMSI:National Mobile Station Identity
MCC MNC MSIN
3 digits 2/3 digits
Not more than 15 digits
IMSI (International Mobile Subscriber Identity)
NMSI
MCC:Mobile Country Code
MNC:Mobile Network Code
MSIN:Mobile Station Identification Number
NMSI:National Mobile Station Identity
TMSI
TMSI: Temporary Mobile Subscriber Identity
Inordertoensuresubscriberidentityconfidentiality,theVLR(VisitingLocationRegister)andSGSN
(ServingGPRSSupportNode)mayallocateTMSItovisitingmobilesubscribers.
TMSI: Temporary Mobile Subscriber Identity
Inordertoensuresubscriberidentityconfidentiality,theVLR(VisitingLocationRegister)andSGSN
(ServingGPRSSupportNode)mayallocateTMSItovisitingmobilesubscribers.
IMEI
TAC FAC spare
6 digits 2 digits
15 digits
IMEI (International Mobile Equipment Identity)
TAC:Type Approval Code
FAC:Final Assembly Code
SNR:Serial Number
spare:Standby bit
Example:490547403767335
SNR
6 digits 1 digits
TAC FAC spare
6 digits 2 digits
15 digits
IMEI (International Mobile Equipment Identity)
TAC:Type Approval Code
FAC:Final Assembly Code
SNR:Serial Number
spare:Standby bit
Example:490547403767335
SNR
6 digits 1 digits
MSISDN
CC NDC SN
National ( Significant ) Mobile Number
MSISDN:Mobile Station International ISDN number
CC:Country Code, China Country Code is 86
NDC:National Destination Code
SN:Subscriber Number
CC NDC SN
National ( Significant ) Mobile Number
MSISDN:Mobile Station International ISDN number
CC:Country Code, China Country Code is 86
NDC:National Destination Code
SN:Subscriber Number
LAI / GCI / SAI
Location Area Identity
MCC MNC LAC
Cell Global Identity
MCC MNC LAC CI
Service Area Identity
MCC MNC LAC SAC
Location Area Identity
MCC MNC LAC
Cell Global Identity
MCC MNC LAC CI
Service Area Identity
MCC MNC LAC SAC
TAI / TAC
Tracking Area Identity
MCC MNC TAC
Tracking Area Identity
MCC MNC TAC
Intra-cell Handover
13
BTS BTS
Intra-Cell Handover
13
BTS BTS
Intra-Cell Handover
Inter-Cell Intra-BSC Handover
14
BSC
BTS BTS
14
BSC
BTS BTS
Inter-BSC Intra-MSC Handover
15
MSC
VLR
BSC
B
T
S
BSC
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
15
MSC
VLR
BSC
B
T
S
BSC
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
Inter-BSC Inter-MSC Handover
16
MSC1
VLR
MSC2
VLR
BSC
B
T
S
BSC
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
16
MSC1
VLR
MSC2
VLR
BSC
B
T
S
BSC
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
B
T
S
2G / 3G Core Network (CN)
◼CoreNetworkissplitintoCSdomainandPSdomain.CSdomainisbasedon
originalGSMnetwork.PSdomainisbasedonoriginalGPRSnetwork.
◼CSdomain:usedtoprovideCircuit-switchedservice.Networkmodecan
supportTDM,ATMandIP.Physicalentitiesincludeswitchingequipment(such
asMSC/VLR,GMSCs,HSS),andinter-workingequipment(IWF).
◼PSdomain:usedtoprovidePacket-switchedservice.NetworkmodeisIP.
PhysicalentitiesincludeSGSN,GGSN,CG,BGetc.
◼CoreNetworkissplitintoCSdomainandPSdomain.CSdomainisbasedon
originalGSMnetwork.PSdomainisbasedonoriginalGPRSnetwork.
◼CSdomain:usedtoprovideCircuit-switchedservice.Networkmodecan
supportTDM,ATMandIP.Physicalentitiesincludeswitchingequipment(such
asMSC/VLR,GMSCs,HSS),andinter-workingequipment(IWF).
◼PSdomain:usedtoprovidePacket-switchedservice.NetworkmodeisIP.
PhysicalentitiesincludeSGSN,GGSN,CG,BGetc.
2G / 3G Core Network (CN)
◼FunctionentitysharedbyCSdomainandPS:
MSCServer:Controllayer,torealizeMM
(MobilityManagement),CM(CallControl),
MGC(MediaGatewayControl).
MGW:Bearerlayer,torealizetheexchangeof
voiceandmediaflow,andprovideallkinds
sources,suchasTC,EC,playannouncement
andreceiveDTMF.
SG:TorealizesignalingtransferfromMTP(SS7
transmissionlayer)toSCTP/IP(SIGTRAN).
◼FunctionentitysharedbyCSdomainandPS:
MSCServer:Controllayer,torealizeMM
(MobilityManagement),CM(CallControl),
MGC(MediaGatewayControl).
MGW:Bearerlayer,torealizetheexchangeof
voiceandmediaflow,andprovideallkinds
sources,suchasTC,EC,playannouncement
andreceiveDTMF.
SG:TorealizesignalingtransferfromMTP(SS7
transmissionlayer)toSCTP/IP(SIGTRAN).
2G / 3G Core Network (CN)
HLR/HSS:To realize mobile subscriber
management and location information
management.
VLR: To deal with all kinds of data
information of current mobile
subscriber.
AUC:To store authentication
information of mobile subscriber.
EIR: To store IMEI data of mobile
subscriber.
SMS: Short Message Center.
HLR/HSS:To realize mobile subscriber
management and location information
management.
VLR: To deal with all kinds of data
information of current mobile
subscriber.
AUC:To store authentication
information of mobile subscriber.
EIR: To store IMEI data of mobile
subscriber.
SMS: Short Message Center.
Scenario #1 Location Update / AuthenticationMS BSS MSC VLR HLR/AUC
Locating updating
request(IMSI)
Um BSSAP MAP MAP
A B D
Locating updating request
Update location area
(IMSI)
Send parameters(IMSI)
Authentication parameters
(RAND/SRES/Kc,IMSI)
Authenticate
Authentication request
Authentication response
Authentication response
Update location
Inserte subscriber data
Subscriber data insertion ack.
cancel location
cancel location
ack.
PVLR
Update location ack.
(HLR?)
Set cyphering mode
Forward new TMSI
Update location area ack.
CYPHER MODE COMMAND
CYPHER MODE COMPLETE
Location updating accepte
TMSI reallocation complete
TMSI acknowledge
CLEAR COMMAND
CLEAR COMPLETE
imsi/tmsi,old lai,current
lai/gci
Locating updating
request(IMSI)
Um BSSAP MAP MAP
A B D
Locating updating request
Update location area
(IMSI)
Send parameters(IMSI)
Authentication parameters
(RAND/SRES/Kc,IMSI)
Authenticate
Authentication request
Authentication response
Authentication response
Update location
Inserte subscriber data
Subscriber data insertion ack.
cancel location
cancel location
ack.
PVLR
Update location ack.
(HLR?)
Set cyphering mode
Forward new TMSI
Update location area ack.
CYPHER MODE COMMAND
CYPHER MODE COMPLETE
Location updating accepte
TMSI reallocation complete
TMSI acknowledge
CLEAR COMMAND
CLEAR COMPLETE
imsi/tmsi,old lai,current
lai/gci
Scenario #2 Call Flow (1/2)Um A B D
A Um
MSa BSSa MSC VLR HLR
BSSb MSb
channel requestRACH
SDCCHCM service request
(CKSN,IMSI/TMSI)
CM service req.)
CM service req.)
Send parameters
(IMSI/TMSI)
Authentication para.
(IMSI,RAND/SRES/Kc)
Authenticate
(RAND,CKSNn)
Authentication request(RAND,CKSNn)
Authentication response(SRES)
Authen. res.(SRES)
Set cyphering mode
Access req. accepted
(IMSI/MSISDN)
CM service accept
CIPHER MODE COMMAND(Kc)
CIPHER MODE COMPLETE
Setup ( MSISDN)
Send info. for o/g call setup
Complete Call
Call proceeding
ASSIGNMENT REQUEST
ASSIGNMENT COMPLETE
Send routing info req. (MSISDN, supplyment service info )
Provide roaming number req(IMSI)
Provide roaming number Ind
Send Routing infomation acknowledge
send info.for i/c call setup
page MS(LAI)
PAGING(LAI,IMSI)
Page responsePage response(LAI,GCI)
A Um
MSa BSSa MSC VLR HLR
BSSb MSb
channel requestRACH
SDCCHCM service request
(CKSN,IMSI/TMSI)
CM service req.)
CM service req.)
Send parameters
(IMSI/TMSI)
Authentication para.
(IMSI,RAND/SRES/Kc)
Authenticate
(RAND,CKSNn)
Authentication request(RAND,CKSNn)
Authentication response(SRES)
Authen. res.(SRES)
Set cyphering mode
Access req. accepted
(IMSI/MSISDN)
CM service accept
CIPHER MODE COMMAND(Kc)
CIPHER MODE COMPLETE
Setup ( MSISDN)
Send info. for o/g call setup
Complete Call
Call proceeding
ASSIGNMENT REQUEST
ASSIGNMENT COMPLETE
Send routing info req. (MSISDN, supplyment service info )
Provide roaming number req(IMSI)
Provide roaming number Ind
Send Routing infomation acknowledge
send info.for i/c call setup
page MS(LAI)
PAGING(LAI,IMSI)
Page responsePage response(LAI,GCI)
Scenario #2 Call Flow (2/2)Um A B D
A Um
MSa BSSa MSC VLR HLR
BSSb MSb
Process access req.
Send para.
(IMSI/TMSI)
Authen. para.
(IMSI,RAND/SRES/Kc)
Authenticate
(RAND,CKSNn)
Authentication request(RAND,CKSNn)
Authentication(SRES)
Authentication response(SRES)
Set cyphering mode
Access request accepted
Complete call
CIPHER MODE COMMAND(Kc)
CIPHER MODE COMPLETE
Setup (calling MSISDN)
Call confirmed
ASSIGNMENT REQUEST
ASSIGNMENT COMPLETE
Alerting
Connect
Connect acknowledge
Alerting
Connect
Connect acknowledge
A Um
MSa BSSa MSC VLR HLR
BSSb MSb
Process access req.
Send para.
(IMSI/TMSI)
Authen. para.
(IMSI,RAND/SRES/Kc)
Authenticate
(RAND,CKSNn)
Authentication request(RAND,CKSNn)
Authentication(SRES)
Authentication response(SRES)
Set cyphering mode
Access request accepted
Complete call
CIPHER MODE COMMAND(Kc)
CIPHER MODE COMPLETE
Setup (calling MSISDN)
Call confirmed
ASSIGNMENT REQUEST
ASSIGNMENT COMPLETE
Alerting
Connect
Connect acknowledge
Alerting
Connect
Connect acknowledge
GPRS Network Structure
⚫What is GPRS?
General Packet Radio Service
⚫Why GPRS?
In order to provide the data service out the scope of the fixed network
⚫GPRS network classification
GSM GPRS
UMTS GPRS
⚫GPRS network background
GSM GPRS network reuse the existed GSM network
UMTS GPRS network just change the RAN side
⚫What is GPRS?
General Packet Radio Service
⚫Why GPRS?
In order to provide the data service out the scope of the fixed network
⚫GPRS network classification
GSM GPRS
UMTS GPRS
⚫GPRS network background
GSM GPRS network reuse the existed GSM network
UMTS GPRS network just change the RAN side
GPRS Network Structure
FR
EIRHLRSMS-GMSC
SMS-IWMSC
MSC/VLR
BSS
UTRAN
SGSN
SGSN
GGSN
BG
CG
TEPDN
SS7
ATM
DDN
ISDN
Ethernet.etc
GPRS
Backbone
Gs Gd Gr Gf Gc
Gb
Iu
Um
Um
Gp
Gi
Gn
Gn
ATM Ga
SCP GMLC
Ge Lg
Ga
⚫Some Abbreviation
GPRS: General Packet Radio Service
BSS: Base Station Subsystem
UTRAN: UMTS Terrestrial Radio Access Network
SGSN: Service GPRS Support Node
GGSN: Gateway GPRS Support Node
CG: Charging Gateway
BG: Bordering Gateway
PDN: Packet Data Network
FR
EIRHLRSMS-GMSC
SMS-IWMSC
MSC/VLR
BSS
UTRAN
SGSN
SGSN
GGSN
BG
CG
TEPDN
SS7
ATM
DDN
ISDN
Ethernet.etc
GPRS
Backbone
Gs Gd Gr Gf Gc
Gb
Iu
Um
Um
Gp
Gi
Gn
Gn
ATM Ga
SCP GMLC
Ge Lg
Ga
⚫Some Abbreviation
GPRS: General Packet Radio Service
BSS: Base Station Subsystem
UTRAN: UMTS Terrestrial Radio Access Network
SGSN: Service GPRS Support Node
GGSN: Gateway GPRS Support Node
CG: Charging Gateway
BG: Bordering Gateway
PDN: Packet Data Network
GPRS Network Structure
⚫Important Entity Function __ SGSN
Mobility management
−The mobility management functions are used to keep track of the current location of an MS within the PLMN
or within another PLMN.
Session management
−Session Management (SM) function manages the PDP context of MS.
Routing and transfer
−SGSN performs routing and forwarding of service data between MS and GGSN.
Charging
−SGSN can generate, store, convert and send CDRs.
Lawful Interception
NTP
⚫Important Entity Function __ SGSN
Mobility management
−The mobility management functions are used to keep track of the current location of an MS within the PLMN
or within another PLMN.
Session management
−Session Management (SM) function manages the PDP context of MS.
Routing and transfer
−SGSN performs routing and forwarding of service data between MS and GGSN.
Charging
−SGSN can generate, store, convert and send CDRs.
Lawful Interception
NTP
GPRS Network Structure
⚫Important Entity Function __ GGSN
Session management
−Session Management (SM) function manages the PDP context of MS.
Routing and transfer
−GGSN performs routing and forwarding of service data between MS and internet.
Charging
−GGSN can generate, store, convert and send CDRs.
Dynamic IP allocation
Service management
−Manage APN
⚫Important Entity Function __ GGSN
Session management
−Session Management (SM) function manages the PDP context of MS.
Routing and transfer
−GGSN performs routing and forwarding of service data between MS and internet.
Charging
−GGSN can generate, store, convert and send CDRs.
Dynamic IP allocation
Service management
−Manage APN
4G/LTE
4G/LTE
4G/LTE Attach
5G –Primitives
5G –Near Future
2G →5G Roadmap
Towards →5G
2G →5G Roadmap
5G Motivations
5G IMT-2020
5G –Primitives
5G –Network Architecture
5G –Interoperable Network
5GC –Interoperable Network
5GNR –New Radio
5G Spectrum –mmWave
5G Network Slicing
5G Network Slicing
5G Network Slicing
5G Network Slicing
5G & AR / VR
5G & AR / VR
5G & Artificial Intelligence (AI)
5G & Artificial Intelligence (AI)
5G & V2X /Connected Cars
5G & Health
5G & Health
5G & Health
BSC
RAND
generator
IMSIK
i
A3
A8
AUC
Triplets req. Triplets sent
(Sent via HLR)
K
c
SRES
RAND
Triplet
K
c
SIM
MS
K
i
A3
A8
RAND
K
c
SRES
A5A5
MSC
VLR
Authentication!
IMSISRES
K
c
RAND
Call Establishment Request
Authentication Request (RAND)
Ciphering Command (Kc)Ciph. Command ( )
Ciphering CompleteCiphering Complete
Ciphered
Traffic and Signalling
Traffic and Signalling
Authentication Response (SRES)
Ciphering OK!
AUC Authentication Centre
Ki Subscriber Authentication Key (128 Bit)
Kc Ciphering Key (64 Bit)
RAND Random number(128 Bit)
SRES Signed Response (32 Bit)
GSM Security
RAND
generator
IMSIK
i
A3
A8
AUC
Triplets req. Triplets sent
(Sent via HLR)
K
c
SRES
RAND
Triplet
K
c
SIM
MS
K
i
A3
A8
RAND
K
c
SRES
A5A5
MSC
VLR
Authentication!
IMSISRES
K
c
RAND
Call Establishment Request
Authentication Request (RAND)
Ciphering Command (Kc)Ciph. Command ( )
Ciphering CompleteCiphering Complete
Ciphered
Traffic and Signalling
Traffic and Signalling
Authentication Response (SRES)
Ciphering OK!
AUC Authentication Centre
Ki Subscriber Authentication Key (128 Bit)
Kc Ciphering Key (64 Bit)
RAND Random number(128 Bit)
SRES Signed Response (32 Bit)
GSM Security
A3 Algorithm(Compress Function: COMP128)
•Input:
•128-bit RAND random number
•128-bit K
iprivate key
•Output:
•32-bit RES/SRES
Authentication
•Input:
•128-bit RAND random number
•128-bit K
iprivate key
•Output:
•32-bit RES/SRES
Authentication
A8 Algorithm (Compress Function: COMP128)
•Input:
•128-bit RAND random number
•128-bit K
iprivate key
•Output:
•64-bit K
cCipher Key
Key Generation
•Input:
•128-bit RAND random number
•128-bit K
iprivate key
•Output:
•64-bit K
cCipher Key
Key Generation
A5 Algorithms
•A5/0 : used by countries under UN Sanctions, comes with no encryption.
•A5/1 : LFSR-based stream cipher, 64-bit key, broken, the strongest version and is used in Europe and America
•A5/2 : LFSR-based stream cipher, 64-bit key, broken,(prohibited to use), a weaker version used mainly in Asia.
•A5/3 : KASUMI in OFB mode, 64-bit key
•A5/4 : same as A5/3, 128-bit key
Ciphering
•A5/0 : used by countries under UN Sanctions, comes with no encryption.
•A5/1 : LFSR-based stream cipher, 64-bit key, broken, the strongest version and is used in Europe and America
•A5/2 : LFSR-based stream cipher, 64-bit key, broken,(prohibited to use), a weaker version used mainly in Asia.
•A5/3 : KASUMI in OFB mode, 64-bit key
•A5/4 : same as A5/3, 128-bit key
Ciphering
A5/1 Algorithm
Ciphering
Thebestpublishedattackstoitrequire2
40
and
2
45
stepswhichmakesitvulnerableto
hardware-basedattacksoforganizationsbut
nottosoftwarebasedattacks.Itsmain
weaknessisthatitskeyistheoutputoftheA8
algorithmwhichhasalreadybeencracked.The
actualsizeofitskeyisnot64but54,because
thelast10bitsaresetto0,whichmakesit
muchweaker.
Keystream
Ciphering
Thebestpublishedattackstoitrequire2
40
and
2
45
stepswhichmakesitvulnerableto
hardware-basedattacksoforganizationsbut
nottosoftwarebasedattacks.Itsmain
weaknessisthatitskeyistheoutputoftheA8
algorithmwhichhasalreadybeencracked.The
actualsizeofitskeyisnot64but54,because
thelast10bitsaresetto0,whichmakesit
muchweaker.
Keystream
A5/2 Algorithm
Ciphering
Ciphering
A5/3 Algorithm
Ciphering
KASUMIappliesa64-bitblockwitha128-bit
key.TheprocessofKASUMIhaseightrounds
ofFeistelCiphers.Eachroundrequire32-bit
inputcorrespondingwith32-bitoutput.
Ciphering
KASUMIappliesa64-bitblockwitha128-bit
key.TheprocessofKASUMIhaseightrounds
ofFeistelCiphers.Eachroundrequire32-bit
inputcorrespondingwith32-bitoutput.
RNC
RAND
generator
IMSIK Algorithms
AUC
Quintets req. Quintets sent
(Sent via HLR)
RAND
Quintet
CK IK
USIM
UE
K
Algo-
rithms
Ciphering and
Integrity
Algorithms
MSC /SGSN
Authentication!
Call/Session Establishment Request
Authentication Request (RAND, AUTN)
Sec Mode
Command (CK,IK)Security Mode Command ( )
Sec Mode
Complete
Security Mode Complete
Traffic : Ciphering
Signalling: Ciphering & Integrity
Authentication Response (RES)
Ciphering OK!
AKA Authentication and Key Agreement
AUC Authentication Centre
CK Ciphering Key(128 Bit)
IK Integrity Key (128 Bit)
K Subscriber Authentication Key (128 Bit)
RANDRandom number(128 Bit)
XRESExpected Response (32-128 Bit)
CK
XRES
AUTN
IK
IMSI
XRES
CK
RAND
IK
AUTN
RAND
CK
IK
RES
AUTN
Ciphering and
Integrity
Algorithms
Authentication:
AUTN=AUTN
Traffic and Signalling
CK IK
UMTS Security
RAND
generator
IMSIK Algorithms
AUC
Quintets req. Quintets sent
(Sent via HLR)
RAND
Quintet
CK IK
USIM
UE
K
Algo-
rithms
Ciphering and
Integrity
Algorithms
MSC /SGSN
Authentication!
Call/Session Establishment Request
Authentication Request (RAND, AUTN)
Sec Mode
Command (CK,IK)Security Mode Command ( )
Sec Mode
Complete
Security Mode Complete
Traffic : Ciphering
Signalling: Ciphering & Integrity
Authentication Response (RES)
Ciphering OK!
AKA Authentication and Key Agreement
AUC Authentication Centre
CK Ciphering Key(128 Bit)
IK Integrity Key (128 Bit)
K Subscriber Authentication Key (128 Bit)
RANDRandom number(128 Bit)
XRESExpected Response (32-128 Bit)
CK
XRES
AUTN
IK
IMSI
XRES
CK
RAND
IK
AUTN
RAND
CK
IK
RES
AUTN
Ciphering and
Integrity
Algorithms
Authentication:
AUTN=AUTN
Traffic and Signalling
CK IK
UMTS Security
UMTS Security
•UMTSusesasetoffunctionf1tof9forsecuritypurposes.Derivation
functionsf1tof5arenotstandardized.Therearemorethan16
algorithms.Someexampleintegrityandcipheringalgorithms:
•MILENAGEbasedonAES(3GPPTS35.206)
•TUAKbasedonSHA3(3GPPTS35.231)
•KASUMIinOFBmode-SimilartoA5/3(3GPPTS35.201)
•SNOW3G(3GPPTS35.216)
•UMTSusesasetoffunctionf1tof9forsecuritypurposes.Derivation
functionsf1tof5arenotstandardized.Therearemorethan16
algorithms.Someexampleintegrityandcipheringalgorithms:
•MILENAGEbasedonAES(3GPPTS35.206)
•TUAKbasedonSHA3(3GPPTS35.231)
•KASUMIinOFBmode-SimilartoA5/3(3GPPTS35.201)
•SNOW3G(3GPPTS35.216)
Function Description Input Parameters Output Parameters
F0 The random challenge generating function RAND RAND
F1 The network authentication function AMF, K, RAND
MAC-A (AuCside) /XMAC-A
(UE side)
F2 The user authentication function K, RAND
RES (UE side) /XRES (AuC
side)
F3 The cipher key derivation function K, RAND CK
F4 The integrity key derivation function K, RAND IK
F5 The anonymity key derivation function K, RAND AK
F8 The confidentiality key stream generating function
Count-C, Bearer, Direction,
Length, CK
<Keystream block>
F9 The integrity stamp generating function
IK, FRESH, Direction, Count-I,
Message
MAC-I (UE side) /XMAC-I
(RNC side)
Authentication
F0 The random challenge generating function RAND RAND
F1 The network authentication function AMF, K, RAND
MAC-A (AuCside) /XMAC-A
(UE side)
F2 The user authentication function K, RAND
RES (UE side) /XRES (AuC
side)
F3 The cipher key derivation function K, RAND CK
F4 The integrity key derivation function K, RAND IK
F5 The anonymity key derivation function K, RAND AK
F8 The confidentiality key stream generating function
Count-C, Bearer, Direction,
Length, CK
<Keystream block>
F9 The integrity stamp generating function
IK, FRESH, Direction, Count-I,
Message
MAC-I (UE side) /XMAC-I
(RNC side)
Authentication
SNOW 3G
LTE Security Key Hierarchy
Ciphering + Integrity check
CK IKAKRESXMAC
K
f1 f2 f3 f4 f5
USIM
AUTENTICATION REQUEST
RAND, AUTN
AUTHENTICATION RESPONSE
RES
MME HSS
UE
Calculate AUTNfrom MAC and AK
Derive KASME from CK, IK
Check RES against XRES
UE authorised!
Derive IKNAS andCKNAS
Derive IKNAS andCKNAS
eNB
CK IKAKXRESMAC
RANDIMSI →K
f1 f2 f3 f4 f5
RAND
NAS security(UE –MME)
-NW authorisesUE (RES)
-UE authorisesNW (MAC)
-Integritycheck ofsign, (IK
NAS)
-Cipheringofsign, (CK
NAS)
Authentication Vector
Store received
Authentication
Vector(s)*)
AUTH DATA RESPONSE
RAND, AUTN, XRES, KASME
AUTN
MAC
Check MAC against XMAC
NW authorised!
Derive KASMEfrom CK, IK
LTE Security
NAS SECURITY MODE COMPLETE
NAS SECURITY MODE COMMAND
UE sec capabilities, selectedNAS algo:s
Derive KeNB
KeNB, permitted algorithms
Ordered algorithms
DeriveIKCP,CKCP,CKUP
Select algorithms
Derive KeNB
K
CK, IK
Never leaves Home Domain
KASME
IKNASCKNAS
Only used in NAS
KeNB
CKUP CKCP IKCP
Only used in AS
DeriveIKCP,CKCP,CKUP
AS security(UE –eNB)
-Integritycheck ofsign, (IK
CP)
-Cipheringofsign. (CK
CP)
-Cipheringoftraffic(CK
UP)
Ciphering +
Integrity check
It is FFS ifNAS Security Mode Command
is a stand-aloneprocedure, or canbe combinedwith
othermessages.
NAS MESSAGE
UE securitycapabilities
AUTH DATA REQUEST
IMSI, SN id, nw type
CK IKAKRESXMAC
K
f1 f2 f3 f4 f5
USIM
AUTENTICATION REQUEST
RAND, AUTN
AUTHENTICATION RESPONSE
RES
MME HSS
UE
Calculate AUTNfrom MAC and AK
Derive KASME from CK, IK
Check RES against XRES
UE authorised!
Derive IKNAS andCKNAS
Derive IKNAS andCKNAS
eNB
CK IKAKXRESMAC
RANDIMSI →K
f1 f2 f3 f4 f5
RAND
NAS security(UE –MME)
-NW authorisesUE (RES)
-UE authorisesNW (MAC)
-Integritycheck ofsign, (IK
NAS)
-Cipheringofsign, (CK
NAS)
Authentication Vector
Store received
Authentication
Vector(s)*)
AUTH DATA RESPONSE
RAND, AUTN, XRES, KASME
AUTN
MAC
Check MAC against XMAC
NW authorised!
Derive KASMEfrom CK, IK
LTE Security
NAS SECURITY MODE COMPLETE
NAS SECURITY MODE COMMAND
UE sec capabilities, selectedNAS algo:s
Derive KeNB
KeNB, permitted algorithms
Ordered algorithms
DeriveIKCP,CKCP,CKUP
Select algorithms
Derive KeNB
K
CK, IK
Never leaves Home Domain
KASME
IKNASCKNAS
Only used in NAS
KeNB
CKUP CKCP IKCP
Only used in AS
DeriveIKCP,CKCP,CKUP
AS security(UE –eNB)
-Integritycheck ofsign, (IK
CP)
-Cipheringofsign. (CK
CP)
-Cipheringoftraffic(CK
UP)
Ciphering +
Integrity check
It is FFS ifNAS Security Mode Command
is a stand-aloneprocedure, or canbe combinedwith
othermessages.
NAS MESSAGE
UE securitycapabilities
AUTH DATA REQUEST
IMSI, SN id, nw type
LTE Security
Key
Function
Length or
Size
Derived From Basic Description
K Master Base Key for GSM/UMTS/EPS128 - Secret key stored permanently in USIM and AuC
(CK,IK) Cipher key and Integrity Key 128 'K' Key Pair of Keys derived in AuCand USIM during AKA run.
K
ASME MME (ASME) Base / Intermediate Key256 CK,IK Intermediate key derived in HSS/UE from (CK,IK) using AKA.
K-eNB eNBBase Key 256 K
ASME, K
eNB*
Intermediate Key derived in MME/UE from K
ASMEwhen UE transits to ECM
CONNECTED STATE or by UE and target eNB from K
eNB*during handover
K
eNB* eNB handover transition Key 256 K
eNB(H) , NH(V)
Intermediate Key derived in source eNB and UE during handover when
performing horizontal ( K
eNB) or vertical Key(NH) derivation. Used at target
eNB to derive K
eNB
NH Next Hop 256 K
eNB
Intermediate key derived in MME and UE used to provide forward security
and forwarded to eNB via S1-MME interface.
K
NASint Integrity key for NAS signalling
256 (128
LSB)
K
ASME Integrity key for protection of NAS data derived in MME/UE
K
NASenc Encryption Key for NAS signalling256(128 LSB) K
ASME Encryption key for protection of NAS data derived in MME and UE
K
UPenc Encryption key for user plane (DRB)256(128 LSB) K
eNB Encryption key for protection of user plane data derived in eNB and UE
K
RRCint Integrity key for RRC signalling(SRB)256(128 LSB) K
eNB Integrity key for protection of RRC data derived in eNBand UE
K
RRCenc Encryption key for RRC 256(128 LSB) K
eNB Encryption key for protection of RRC data derived in eNBand UE
LTE Security
Key
Function
Length or
Size
Derived From Basic Description
K Master Base Key for GSM/UMTS/EPS128 - Secret key stored permanently in USIM and AuC
(CK,IK) Cipher key and Integrity Key 128 'K' Key Pair of Keys derived in AuCand USIM during AKA run.
K
ASME MME (ASME) Base / Intermediate Key256 CK,IK Intermediate key derived in HSS/UE from (CK,IK) using AKA.
K-eNB eNBBase Key 256 K
ASME, K
eNB*
Intermediate Key derived in MME/UE from K
ASMEwhen UE transits to ECM
CONNECTED STATE or by UE and target eNB from K
eNB*during handover
K
eNB* eNB handover transition Key 256 K
eNB(H) , NH(V)
Intermediate Key derived in source eNB and UE during handover when
performing horizontal ( K
eNB) or vertical Key(NH) derivation. Used at target
eNB to derive K
eNB
NH Next Hop 256 K
eNB
Intermediate key derived in MME and UE used to provide forward security
and forwarded to eNB via S1-MME interface.
K
NASint Integrity key for NAS signalling
256 (128
LSB)
K
ASME Integrity key for protection of NAS data derived in MME/UE
K
NASenc Encryption Key for NAS signalling256(128 LSB) K
ASME Encryption key for protection of NAS data derived in MME and UE
K
UPenc Encryption key for user plane (DRB)256(128 LSB) K
eNB Encryption key for protection of user plane data derived in eNB and UE
K
RRCint Integrity key for RRC signalling(SRB)256(128 LSB) K
eNB Integrity key for protection of RRC data derived in eNBand UE
K
RRCenc Encryption key for RRC 256(128 LSB) K
eNB Encryption key for protection of RRC data derived in eNBand UE
LTE Security
IPIP
eNB SGW PGW
IP IP
TEID 1 TEID 1
EPS bearer = radio bearer+ S1 tunnel + S5 tunnelEPS bearer = radio bearer+ S1 tunnelEPS bearer = Radio BearerEPS bearer
Original IP packet from user….
…encapsulated in another IP packet.
Encapsulation and Tunneling
eNB SGW PGW
IP IP
TEID 1 TEID 1
EPS bearer = radio bearer+ S1 tunnel + S5 tunnelEPS bearer = radio bearer+ S1 tunnelEPS bearer = Radio BearerEPS bearer
Original IP packet from user….
…encapsulated in another IP packet.
Encapsulation and Tunneling
eNB SGW PGW
Security Domains
SecurityDomain
SecurityDomainsarenetworksthataremanagedbyasingleadministrativeauthority.Withinasecurity
domainthesamelevelofsecurityandusageofsecurityserviceswillbetypical.
Typically,anetworkoperatedbyasinglenetworkoperatororasingletransitoperatorwillconstituteone
securitydomainalthoughanoperatormayatwillsubsectionitsnetworkintoseparatesub-networks.
Security DomainA Security DomainB Security DomainC
Security Domains
SecurityDomain
SecurityDomainsarenetworksthataremanagedbyasingleadministrativeauthority.Withinasecurity
domainthesamelevelofsecurityandusageofsecurityserviceswillbetypical.
Typically,anetworkoperatedbyasinglenetworkoperatororasingletransitoperatorwillconstituteone
securitydomainalthoughanoperatormayatwillsubsectionitsnetworkintoseparatesub-networks.
Security DomainA Security DomainB Security DomainC
5G Security Framework
UDM(UnifiedDataManagement)
SimilartotheHSSona4Gnetwork,storessubscriberrootkeysandauthentication-relatedsubscriptiondata,andgenerates
5Gauthenticationparametersandvectors.
AUSF(AuthenticationServerFunction)
-Derivesakey.-ProvidesthenetworkauthenticationfunctioniftheEAP
-AKA‘authenticationmethodisusedorprovidesthehomenetworkauthenticationfunctionifthe5GAKAauthentication
methodisused.
AMF(Access&MobilityManagementFunction)
-Deriveslower-layerNASandASkeys.
-Providestheservicenetworkauthenticationfunctionifthe5GAKAauthenticationmethodisused.
UDM(UnifiedDataManagement)
SimilartotheHSSona4Gnetwork,storessubscriberrootkeysandauthentication-relatedsubscriptiondata,andgenerates
5Gauthenticationparametersandvectors.
AUSF(AuthenticationServerFunction)
-Derivesakey.-ProvidesthenetworkauthenticationfunctioniftheEAP
-AKA‘authenticationmethodisusedorprovidesthehomenetworkauthenticationfunctionifthe5GAKAauthentication
methodisused.
AMF(Access&MobilityManagementFunction)
-Deriveslower-layerNASandASkeys.
-Providestheservicenetworkauthenticationfunctionifthe5GAKAauthenticationmethodisused.
5G Security
TosolvetheproblemofIMSIdisclosureon4Gnetworks,IMSIson5Gnetworksareencryptedandtransmittedoverair
interfacesforsubscriberprivacyprotection,asshowninthefollowingfigure.
IMSI Encryption (SUPI -> SUCI)
Duringinitialregistration,aUEusesthepublickeyof
thehomenetworktoencryptnon-routing
informationinthesubscriptionpermanentidentifier
(SUPI)andconvertstheSUPIintoasubscription
concealedidentifier(SUCI).Theroutinginformation
isstilltransmittedinplaintext,andisusedto
addressthehomenetwork.AfterobtainingtheSUCI,
thecorenetworkusestheprivatekeytodecryptthe
SUCIintoanSUPI.UE Base station Core network
Registration request
(SUCI)
SUPI SUCI SUCI SUPI
Encryption Decryption
Obtaining fails.
IMSI Catcher
Allocates the 5G-GUTI to the UE after the
registration succeeds.
Registration request
(SUCI)
TosolvetheproblemofIMSIdisclosureon4Gnetworks,IMSIson5Gnetworksareencryptedandtransmittedoverair
interfacesforsubscriberprivacyprotection,asshowninthefollowingfigure.
IMSI Encryption (SUPI -> SUCI)
Duringinitialregistration,aUEusesthepublickeyof
thehomenetworktoencryptnon-routing
informationinthesubscriptionpermanentidentifier
(SUPI)andconvertstheSUPIintoasubscription
concealedidentifier(SUCI).Theroutinginformation
isstilltransmittedinplaintext,andisusedto
addressthehomenetwork.AfterobtainingtheSUCI,
thecorenetworkusestheprivatekeytodecryptthe
SUCIintoanSUPI.UE Base station Core network
Registration request
(SUCI)
SUPI SUCI SUCI SUPI
Encryption Decryption
Obtaining fails.
IMSI Catcher
Allocates the 5G-GUTI to the UE after the
registration succeeds.
Registration request
(SUCI)
5G Security Procedure
Key Hierarchy Generation
33.501
KgNB, NH
KRRCenc
KAUSF
K
KAUSF
KAMF
KN3IWF
KNASint KNASenc
KRRCint KUPencKUPint
CK’, IK’
KSEAF
CK, IK
ME
N3IWF ME
gNB
ME
ME
ME
USIM
AMF
SEAF
AUSF
MEARPF
ARPF
5G AKA
EAP-AKA’
K used for primary authentication
K
AUSFserving nw specific
Horizontal key derivation
K
AMFchanges at
AMF change
EAPExtensible Authentication Protocol
NHNext Hop
NH = ”Fresh” param
Source: 33.501 6.2.1-1
33.501
KgNB, NH
KRRCenc
KAUSF
K
KAUSF
KAMF
KN3IWF
KNASint KNASenc
KRRCint KUPencKUPint
CK’, IK’
KSEAF
CK, IK
ME
N3IWF ME
gNB
ME
ME
ME
USIM
AMF
SEAF
AUSF
MEARPF
ARPF
5G AKA
EAP-AKA’
K used for primary authentication
K
AUSFserving nw specific
Horizontal key derivation
K
AMFchanges at
AMF change
EAPExtensible Authentication Protocol
NHNext Hop
NH = ”Fresh” param
Source: 33.501 6.2.1-1
Auth Resp
RES*
5G Authentication & Key Agreement (AKA)
UDM
AUSF
Calculate HXRES*
Calculate KSEAF (anchor key)
AMF
SIDFARPFSEAF
Nausf_UEAuthentication_AuthReq.
RES*
Nudm_UEAuthentication_
_ResultConfirmationResp.
Nudm_UEAuthentication_
_ResultConfirmationReq.
Nausf_UEAuthentication_AuthResp.
NAS message
Auth Req
RAND, AUTN
Nausf_UEAuthentication_AuthReq.
SUCI/SUPI, SN Name...
Nausf_UEAuthentication_AuthResp.
SUPI, 5G AV:
RAND, AUTN, HXRES*, KSEAF
KgNB
Nudm_UEAuthentication_GetReq.
SUCI/SUPI, SN Name...
Nudm_UEAuthentication_GetResp.
SUPI, 5G-AKA usage flag, 5G HE
AV: RAND, AUTN, XRES*, KAUSF
HPLMNVPLMN
K
K
128 or 256 bits
Store UE
Authentication status
KSEAF →KAMF
→KNAS & KgNB
RES* →HXRES*
Check if HRES* = HXRES*
→UE authenticated
Check if RES* = XRES*
→UE authenticated
SUCI →SUPI
Decide auth method :
EAP-AKA' / 5G-AKA
Calculate 5G HE AV
K, RAND
RES*, KAUSF
KAMF
KNAS, KgNB
KSEAF
Calculate
response & keys:
AUTN: Authentication Token
AV:Authentication Vector
RAND: Random number
RES:Response
XRES: Expected Response
ARPFAuthentication credential Repository and Processing Function
HE Home Environment
SEAFSecurity Anchor Function
SIDFSubscriber Identity De-concealing Function
RES*
5G Authentication & Key Agreement (AKA)
UDM
AUSF
Calculate HXRES*
Calculate KSEAF (anchor key)
AMF
SIDFARPFSEAF
Nausf_UEAuthentication_AuthReq.
RES*
Nudm_UEAuthentication_
_ResultConfirmationResp.
Nudm_UEAuthentication_
_ResultConfirmationReq.
Nausf_UEAuthentication_AuthResp.
NAS message
Auth Req
RAND, AUTN
Nausf_UEAuthentication_AuthReq.
SUCI/SUPI, SN Name...
Nausf_UEAuthentication_AuthResp.
SUPI, 5G AV:
RAND, AUTN, HXRES*, KSEAF
KgNB
Nudm_UEAuthentication_GetReq.
SUCI/SUPI, SN Name...
Nudm_UEAuthentication_GetResp.
SUPI, 5G-AKA usage flag, 5G HE
AV: RAND, AUTN, XRES*, KAUSF
HPLMNVPLMN
K
K
128 or 256 bits
Store UE
Authentication status
KSEAF →KAMF
→KNAS & KgNB
RES* →HXRES*
Check if HRES* = HXRES*
→UE authenticated
Check if RES* = XRES*
→UE authenticated
SUCI →SUPI
Decide auth method :
EAP-AKA' / 5G-AKA
Calculate 5G HE AV
K, RAND
RES*, KAUSF
KAMF
KNAS, KgNB
KSEAF
Calculate
response & keys:
AUTN: Authentication Token
AV:Authentication Vector
RAND: Random number
RES:Response
XRES: Expected Response
ARPFAuthentication credential Repository and Processing Function
HE Home Environment
SEAFSecurity Anchor Function
SIDFSubscriber Identity De-concealing Function
•GSMA Official Document FS.35 -Security Algorithm Implementation Roadmap (www.gsma.com)
•The 3
rd
Generation Partnership Project (3GPP) (www.3gpp.org)
•ETSI (European Telecommunications Standards Institute) (www.etsi.org)
•International Telecommunication Union Telecommunication Standardization (ITU-T) (www.itu.int/itu-t)
•HexoutStockholm AB: Telecom Training Courses (www.hexout.se)
References
•The 3
rd
Generation Partnership Project (3GPP) (www.3gpp.org)
•ETSI (European Telecommunications Standards Institute) (www.etsi.org)
•International Telecommunication Union Telecommunication Standardization (ITU-T) (www.itu.int/itu-t)
•HexoutStockholm AB: Telecom Training Courses (www.hexout.se)
References
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 50
- Slides 87
- Age 505 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
38 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
41 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
37 views
14
Fertility awareness methods for women in the society
Isaiah47
35 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
33 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
36 views