LTE安全概念与认证英文part2.docx
- 文档编号:10982817
- 上传时间:2023-02-24
- 格式:DOCX
- 页数:30
- 大小:400.90KB
LTE安全概念与认证英文part2.docx
《LTE安全概念与认证英文part2.docx》由会员分享,可在线阅读,更多相关《LTE安全概念与认证英文part2.docx(30页珍藏版)》请在冰豆网上搜索。
LTE安全概念与认证英文part2
LTESecurityII:
NASandASSecurity
SUMMARY
OnceLTEauthenticationiscompleted,UEandMMEsharethesameKASME.ThisdocumentdescribesNASandASsecuritysetupproceduresinwhichNASandASsecuritykeysaregeneratedbasedonKASME,andhowcontrolmessagesanduserpacketsaresecurelydeliveredthereafter.Then,itdiscussessecuritycontextstobestoredinEPSentitiesasaresultoftheNASandASsecuritysetup,followedbyasummaryofthesecuritykeysusedinLTE.
TableofContents
I.Introduction
II.NASSecurity
III.ASSecurity
IV.SecurityContext
V.Closing
References
I.Introduction
InLTESecurityI[1],PartIoftheLTESecuritytechnicaldocument,wehavediscussedLTEauthenticationbasedonEPSAKAprocedureandlearnedaUEandanMMEgettosharetheKASME whenauthenticated.Inthisdocument,wewillexplainNASandASsecuritysetupprocedurestobeperformedbasedonKASME,andhowdataaretransmittedinuserandcontrolplanesafterthesecuritysetupprocedures.
ChapterIIhereinwillexplainNASsecuritysetupprocedureandhowNASmessagesaresentandreceivedaftertheprocedure.ChapterIIIwillcoverASsecuritysetupprocedureandhowRRCmessagesandIPpacketsaretransmittedthereafter.ChapterIVwillprovideadescriptionofEPSsecuritycontextsandsecuritydatatobesetinEPSentities(UE,eNB,MMEandHSS).Finally,ChapterVwillsummarizeallthesecuritykeyscoveredintheLTESecuritytechnicaldocument(LTESecurityIandII).
Beforewemoveontosecuritysetupprocedures,wewilllookintheprotocolstackswhereNASandASsecurityareactuallyappliedto.Figure1showstheprotocolstacksrelatedtoNASandASsecuritysetup.
Figure1. Protocolstacksforsecuritysetup
NASSecurity:
ThepurposeofNASsecurityistosecurelydeliverNASsignalingmessagesbetweenaUEandanMMEinthecontrolplaneusingNASsecuritykeys.TheNASsecuritykeysarederivedfromKASMEandnewkeysaregeneratedeverytimeEPSAKAisperformed(everytimeanewKASME isgenerated).AftertheNASsecuritysetupiscompleted,theUEandtheMMEgettoshareaNASencryptionkey(KNASenc)andaNASintegritykey(KNASint),whichareusedinencryptionandintegrityprotection,respectively,ofNASmessagesbeforetransmitting.
ASSecurity:
ThepurposeofASsecurityistosecurelydeliverRRCmessagesbetweenaUEandaneNBinthecontrolplaneandIPpacketsintheuserplaneusingASsecuritykeys.TheASsecuritykeysarederivedfromKeNB andnewkeysaregeneratedeverytimeanewradiolinkisestablished(thatis,whenRRCstatemovesfromidletoconnected)1.AftertheASsecuritysetupiscompleted,theUEandtheeNBgettoshareanRRCintegritykey(KRRCint),RRCencryptionkey(KRRCenc)anduserplaneencryptionkey(KUPenc).EncryptionandintegrityprotectionusingthesekeysareperformedatthePDCPlayer.KRRCintandKRRCenc areusedtosecurelydeliverRRCmessagesinthecontrolplanethroughanSRB(SignalingRadioBearer)overradiolinks.TheRRCmessagesareintegrityprotectedusingKRRCint andencryptedusingKRRCenc atthePDCPlayerbeforebeingsent.KUPenc isusedtosecurelydeliverIPpacketsintheuserplanethroughaDRB(DataRadioBearer)overradiolinks.TheIPpacketsareencryptedusingKUPenc atthePDCPlayerbeforebeingsent.
II.NASSecurity
AdetaileddescriptionoftheNASsecuritypreviouslymentionedinLTESecurityI[1]willbegivenbelow.ANASsecuritysetupprocedureconsistsofNASsignaling,betweenaUEandanMME,bya SecurityModeCommand messagethattheMMEsendstotheUEanda SecurityModeCommand messagethattheUEsendstotheMME.DescriptionsoftheNASsecuritysetupprocedurebyNASmessagesandhowNASmessagesaredeliveredthereafterwillbeprovidedinSections2.1and2.2,respectively.
2.1NASSecuritySetup
(1)DeliveringaSecurityModeCommandmessage
Figure2showshowa SecurityModeCommand messageisdeliveredduringtheNASsecuritysetupprocedure.TheMME,bysendinga SecurityModeCommand messagetotheUE,informstheUEthatitisauthenticatedbythenetworkandtheNASsecuritysetupprocedureforsecuremessagedeliverybetweenthemisinitiated.The SecurityModeCommand messageisintegrityprotectedandthensenttotheUE,whichthenderivesNASsecuritykeys(acipheringkeyandanintegritykey)andverifiestheintegrityofthemessageusingtheintegritykey.
AsimplifiedLTEauthenticationprocedurethatprecedestheNASsecuritysetupprocedureisshownas
and
inFigure2[1].ThesameKASME issharedbytheUEandtheMMEasaresultoftheLTEauthentication.WewillexplaintheNASsecuritysetupprocedurepresumingtheMMEallocatesaKSIASMEtoidentifyKASME as1("001").
Figure2. NASsecuritysetup:
DeliveryofaSecurityModeCommandmessage
[MME]Selectingsecurityalgorithms
TheMMEselectscipheringandintegrityalgorithmtobeappliedtoNASmessagesbasedonUENetworkCapabilityinformationincludedinthereceived AttachRequest messagefromtheUE.Figure2showsanexampleofselectingEEA1foranencryptionalgorithmandEIA1foranintegrityalgorithm,i.e.,SNOW3Galgorithm(seeLTESecurityI[1]).
[MME]DerivingNASsecuritykeys
TheMMEderivesKNASint andKNASenc fromKASME usingthealgorithmIDsandalgorithmdistinguishersoftheselectedsecurityalgorithms.Table1listsalgorithmIDsandalgorithmdistinguishers[2].
∙KNASint =KDF(KASME,NAS-int-alg,Alg-ID)
∙KNASenc =KDF(KASME,NAS-enc-alg,Alg-ID)
Table1. SecurityalgorithmIDsandalgorithmdistinguishers[2]
* Itisappliedwhenusingrelaynodes.Asrelayisoutofthescopeofthisdocument,userplaneintegrityalgorithmsarenotdiscussedherein.
[MME]GeneratingNAS-MACforintegrityprotection
TheMMEformsa SecurityModeCommand messagetosendtotheUEandcalculates NAS-MAC(MessageAuthenticationCodeforNASforIntegrity)usingtheselectedEIAalgorithm(EIA1)withinputparameterssuchasthe SecurityModeCommand messageandKNASint derivedin
.Figure3showshow NAS-MAC iscalculatedusingthefollowingEIAalgorithminputparameters[2]:
∙Count:
32-bitdownlinkNAScount
∙Message:
NASmessage,i.e., SecurityModeCommand messageherein
∙Direction:
1-bitdirectionofthetransmission,0foruplinkand1fordownlink(setto1herein)
∙Bearer2:
5-bitbearerID,constantvalue(setto0)
∙KNASint:
128-bitNASintegritykey
Figure3. CalculationofNAS-MAC[2]
[UE ← MME]SendingaSecurityModeCommandmessage
TheMMEattachesthe NAS-MAC calculatedin
to the SecurityModeCommand messageandsendsittotheUE.Herethemessageisintegrityprotectedbutnotciphered.Messageparametersusedareasfollows:
∙KSIASME:
3-bitvalueassociatedwithaKASME,usedtoidentifytheKASME (KSIASME=1herein)
∙ReplayedUESecurityCapability:
UESecurityCapabilityincludedintheUENetworkCapabilityinthe AttachRequest messagesentbyUE,indicateswhichsecurityalgorithmsaresupportedbytheUE
∙NASCipheringAlgorithm:
NAScipheringalgorithmselectedbytheMME,EEA1herein
∙NASIntegrityProtectionAlgorithm:
NASintegrityprotectionalgorithmselectedbytheMME,EIA1herein
[UE]SettingKASME identifier(KSIASME)
WhentheUEreceivesa SecurityModeCommand messagefromtheMME,itsetsKSIASME inthemessageasitsKSIASME andusesitasanidentifierofthecurrentKASME.
[UE]DerivingNASsecuritykeys
TheUE,recognizingtheNASsecurityalgorithmthattheMMEselected,derivesKNASint andKNASenc fromKASME usingthealgorithmIDsandthealgorithmdistinguishers(seeTable1).
[UE]VerifyingtheintegrityoftheSecurityModeCommandmessage
TheUEcheckstheintegrityofthereceived SecurityModeCommand messagebyverifyingthe NAS-MAC includedinthemessage.ItrecognizestheNASintegrityalgorithmselectedbytheMMEisEIA1andcalculates XNAS-MAC,amessageauthenticationcode,byusingtheselectedEIA1algorithmwiththeSecurityModeCommand messageandKNASint derivedin
.Figure4showshow XNAS-MAC iscalculatedusingthesameEIAinputparametersasin
[2].TheUEverifiestheintegrityofthemessagebyexaminingwhetherthe XNAS-MAC calculatedbyitselfmatchesthe NAS-MAC calculatedbytheMME.Iftheymatch,itisguaranteedthatthe SecurityModeCommand messagehasnotbeenmanipulated(e.g.,insertedorreplaced)ontheway.
Figure4. CalculationofXNAS-MAC[2]
(2)DeliveringSecurityModeCompletemessage
Figure5illustrateshowa SecurityModeComplete messageisdeliveredduringtheNASsecuritysetupprocedure.TheUE,bysendinga SecurityModeComplete messagetotheMME,informstheMMEthatthesameNASsecuritykeysasMME'sarederivedintheUEandthattheintegrityofthe SecurityModeCommand messageisverified.The SecurityModeComplete messageiscipheredandintegrityprotectedfortransmission.
Figure5. NASsecuritysetup:
DeliveryofaSecurityModeCompletemessage
[UE]Encryptingthemessageusingtheselectedencryptionalgorithm(EEA1)
TheUEformsandencryptsthe SecurityModeComplete messagetobesenttotheMME.ThecipheredSecurityModeComplete message(CipherTextBlock)isderivedbyperformingbitwiseXORbetweenthe SecurityModeComplete message(PlaneTextBlock)andtheencryptionkeystream(KeyStreamBlock)generatedusingEEA1algorithmwithNASencryptionkey(KNASenc).Figure6showshowNASmessagesareencrypted[2].EEAalgorithminputparametersusedtogeneratethekeystreamblockareasfollows:
∙Count:
32-bituplinkNAScount
∙Bearer:
5-bitbearerID,constantvalue(setto0)
∙Direction:
1-bitdirectionofthetra
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- LTE 安全 概念 认证 英文 part2