LTE security

LTE security

Addressing the security solutions for LTE, a cellular technology from Third Generation Partnership Project (3GPP), this book shows how LTE security substantially extends GSM and 3G security. It also encompasses the architectural aspects, known as SAE, to give a comprehensive resource on the topic. A...

Descripción completa

Detalles Bibliográficos
Otros Autores: Horn, Günther, author (author), Forsberg, Dan, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Chichester, West Sussex, England : Wiley 2010.
Edición:1st edition
Materias:
Long-Term Evolution (Telecommunications)
Global system for mobile communications.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627777206719
Tabla de Contenidos:
  • Cover
  • Contents
  • Foreword
  • Acknowledgements
  • 1 Overview of the Book
  • 2 Background
  • 2.1 Evolution of Cellular Systems
  • 2.1.1 Third-generation Network Architecture
  • 2.1.2 Important Elements of the 3G Architecture
  • 2.1.3 Functions and Protocols in the 3GPP System
  • 2.1.4 The EPS System
  • 2.2 Basic Security Concepts
  • 2.2.1 Information Security
  • 2.2.2 Design Principles
  • 2.2.3 Communication Security Features
  • 2.3 Basic Cryptographic Concepts
  • 2.3.1 Cryptographic Functions
  • 2.3.2 Securing Systems with Cryptographic Methods
  • 2.3.3 Symmetric Encryption Methods
  • 2.3.4 Hash Functions
  • 2.3.5 Public-key Cryptography and PKI
  • 2.3.6 Cryptanalysis
  • 2.4 Introduction to LTE Standardization
  • 2.4.1 Working Procedures in 3GPP
  • 2.5 Notes on Terminology and Specification Language
  • 2.5.1 Terminology
  • 2.5.2 Specification Language
  • 3 GSM Security
  • 3.1 Principles of GSM Security
  • 3.2 The Role of the SIM
  • 3.3 Mechanisms of GSM Security
  • 3.3.1 Subscriber Authentication in GSM
  • 3.3.2 GSM Encryption
  • 3.3.3 GPRS Encryption
  • 3.3.4 Subscriber Identity Confidentiality
  • 3.4 GSM Cryptographic Algorithms
  • 4 Third-generation Security (UMTS)
  • 4.1 Principles of Third-generation Security
  • 4.1.1 Elements of GSM Security Carried Over to 3G
  • 4.1.2 Weaknesses in GSM Security
  • 4.1.3 Higher Level Objectives
  • 4.2 Third-generation Security Mechanisms
  • 4.2.1 Authentication and Key Agreement
  • 4.2.2 Ciphering Mechanism
  • 4.2.3 Integrity Protection Mechanism
  • 4.2.4 Identity Confidentiality Mechanism
  • 4.3 Third-generation Cryptographic Algorithms
  • 4.3.1 KASUMI
  • 4.3.2 UEA1 and UIA1
  • 4.3.3 SNOW3G, UEA2 and UIA2
  • 4.3.4 MILENAGE
  • 4.3.5 Hash Functions
  • 4.4 Interworking between GSM and 3G security
  • 4.4.1 Interworking Scenarios
  • 4.4.2 Cases with SIM
  • 4.4.3 Cases with USIM.
  • 4.4.4 Handovers between GSM and 3G
  • 4.5 Network Domain Security
  • 4.5.1 Generic Security Domain Framework
  • 4.5.2 Security Mechanisms for NDS
  • 4.5.3 Application of NDS
  • 5 3G-WLAN Interworking
  • 5.1 Principles of 3G-WLAN Interworking
  • 5.1.1 The General Idea
  • 5.1.2 The EAP Framework
  • 5.1.3 Overview of EAP-AKA
  • 5.2 Security Mechanisms of 3G-WLAN Interworking
  • 5.2.1 Reference Model for 3G-WLAN Interworking
  • 5.2.2 Security Mechanisms of WLAN Direct IP Access
  • 5.2.3 Security Mechanisms of WLAN 3GPP IP Access
  • 5.3 Cryptographic Algorithms for 3G-WLAN Interworking
  • 6 EPS Security Architecture
  • 6.1 Overview and Relevant Specifications
  • 6.1.1 Need for Security Standardization
  • 6.1.2 Relevant Non-security Specifications
  • 6.1.3 Security Specifications for EPS
  • 6.2 Requirements and Features of EPS Security
  • 6.2.1 Threats against EPS
  • 6.2.2 EPS Security Features
  • 6.2.3 How the Features Meet the Requirements
  • 6.3 Design Decisions for EPS Security
  • 6.4 Platform Security for Base Stations
  • 6.4.1 General Security Considerations
  • 6.4.2 Specification of Platform Security
  • 6.4.3 Exposed Position and Threats
  • 6.4.4 Security Requirements
  • 7 EPS Authentication and Key Agreement
  • 7.1 Identification
  • 7.1.1 User Identity Confidentiality
  • 7.1.2 Terminal Identity Confidentiality
  • 7.2 The EPS Authentication and Key Agreement Procedure
  • 7.2.1 Goals and Prerequisites of EPS AKA
  • 7.2.2 Distribution of EPS Authentication Vectors from HSS to MME
  • 7.2.3 Mutual Authentication and Establishment of a Shared Key Between the Serving Network and the UE
  • 7.2.4 Distribution of Authentication Data Inside and Between Serving Networks
  • 7.3 Key Hierarchy
  • 7.3.1 Key Derivations
  • 7.3.2 Purpose of the Keys in the Hierarchy
  • 7.3.3 Cryptographic Key Separation
  • 7.3.4 Key Renewal
  • 7.4 Security Contexts.
  • 8 EPS Protection for Signalling and User Data
  • 8.1 Security Algorithms Negotiation
  • 8.1.1 Mobility Management Entities
  • 8.1.2 Base Stations
  • 8.2 NAS Signalling Protection
  • 8.2.1 NAS Security Mode Command Procedure
  • 8.2.2 NAS Signalling Protection
  • 8.3 AS Signalling and User Data Protection
  • 8.3.1 AS Security Mode Command Procedure
  • 8.3.2 RRC Signalling and User Plane Protection
  • 8.3.3 RRC Connection Re-establishment
  • 8.4 Security on Network Interfaces
  • 8.4.1 Application of NDS to EPS
  • 8.4.2 Security for Network Interfaces of Base Stations
  • 8.5 Certificate Enrolment for Base Stations
  • 8.5.1 Enrolment Scenario
  • 8.5.2 Enrolment Principles
  • 8.5.3 Enrolment Architecture
  • 8.5.4 CMPv2 Protocol and Certificate Profiles
  • 8.5.5 CMPv2 Transport
  • 8.5.6 Example Enrolment Procedure
  • 8.6 Emergency Call Handling
  • 8.6.1 Emergency Calls with NAS and AS Security Contexts in Place
  • 8.6.2 Emergency Calls without NAS and AS Security Contexts
  • 8.6.3 Continuation of the Emergency Call when Authentication Fails
  • 9 Security in Intra-LTE State Transitions and Mobility
  • 9.1 Transitions to and from Registered State
  • 9.1.1 Registration
  • 9.1.2 Deregistration
  • 9.2 Transitions Between Idle and Connected States
  • 9.2.1 Connection Initiation
  • 9.2.2 Back to Idle State
  • 9.3 Idle State Mobility
  • 9.4 Handover
  • 9.4.1 Handover Key Management Requirements Background
  • 9.4.2 Handover Keying Mechanisms Background
  • 9.4.3 LTE Key Handling in Handover
  • 9.4.4 Multiple Target Cell Preparations
  • 9.5 Key Change on the Fly
  • 9.5.1 KeNB Rekeying
  • 9.5.2 KeNB Refresh
  • 9.5.3 NAS Key Rekeying
  • 9.6 Periodic Local Authentication Procedure
  • 9.7 Concurrent Run of Security Procedures
  • 10 EPS Cryptographic Algorithms
  • 10.1 Null Algorithms
  • 10.2 Ciphering Algorithms
  • 10.3 Integrity Algorithms.
  • 10.4 Key Derivation Algorithms
  • 11 Interworking Security Between EPS and Other Systems
  • 11.1 Interworking with GSM and 3G Networks
  • 11.1.1 Routing Area Update Procedure in UTRAN
  • 11.1.2 Tracking Area Update Procedure in EPS
  • 11.1.3 Handover from EPS to 3G or GSM
  • 11.1.4 Handover from 3G or GSM to EPS
  • 11.2 Interworking with Non-3GPP Networks
  • 11.2.1 Principles of Interworking with Non-3GPP Networks
  • 11.2.2 Authentication and Key Agreement for Trusted Access
  • 11.2.3 Authentication and Key Agreement for Untrusted Access
  • 11.2.4 Security for Mobile IP Signalling
  • 11.2.5 Mobility between 3GPP and non-3GPP Access Networks
  • 12 Security for Voice over LTE
  • 12.1 Methods for Providing Voice over LTE
  • 12.1.1 IMS over LTE
  • 12.1.2 Circuit Switched Fallback (CSFB)
  • 12.1.3 Single Radio Voice Call Continuity (SRVCC)
  • 12.2 Security Mechanisms for Voice over LTE
  • 12.2.1 Security for IMS over LTE
  • 12.2.2 Security for Circuit Switched Fallback
  • 12.2.3 Security for Single Radio Voice Call Continuity
  • 13 Security for Home Base Station Deployment
  • 13.1 Security Architecture, Threats and Requirements
  • 13.1.1 Scenario
  • 13.1.2 Threats and Risks
  • 13.1.3 Requirements
  • 13.1.4 Security Architecture
  • 13.2 Security Features
  • 13.2.1 Authentication
  • 13.2.2 Local Security
  • 13.2.3 Communications Security
  • 13.2.4 Location Verification and Time Synchronization
  • 13.3 Security Procedures Internal to the Home Base Station
  • 13.3.1 Secure Boot and Device Integrity Check
  • 13.3.2 Removal of Hosting Party Module
  • 13.3.3 Loss of Backhaul Link
  • 13.3.4 Secure Time Base
  • 13.3.5 Handling of Internal Transient Data
  • 13.4 Security Procedures between Home Base Station and Security Gateway
  • 13.4.1 Device Integrity Validation
  • 13.4.2 Device Authentication
  • 13.4.3 IKEv2 and Certificate Profiling.
  • 13.4.4 Certificate Processing
  • 13.4.5 Combined Device-Hosting Party Authentication
  • 13.4.6 Authorization and Access Control
  • 13.4.7 IPsec Tunnel Establishment
  • 13.4.8 Time Synchronization
  • 13.5 Security Aspects of Home Base Station Management
  • 13.5.1 Management Architecture
  • 13.5.2 Management and Provisioning during Manufacturing
  • 13.5.3 Preparation for Operator-specific Deployment
  • 13.5.4 Relationships between HeNB Manufacturer and Operator
  • 13.5.5 Security Management in Operator Network
  • 13.5.6 Protection of Management Traffic
  • 13.5.7 Software Download
  • 13.5.8 Location Verification
  • 13.6 Closed Subscriber Groups and Emergency Call Handling
  • 13.6.1 UE Access Control to HeNBs
  • 13.6.2 Emergency Calls
  • 14 Future Challenges
  • 14.1 Near-term Outlook
  • 14.2 Far-term Outlook
  • Abbreviations
  • References
  • Index.

Ejemplares similares