EPS Security Architecture
6.3 Design Decisions for EPS Security
Section 6.2 presented the requirements placed on EPS security and their reasons. This section highlights a few of the major design decisions that 3GPP took when deciding how to satisfy the requirements. These decisions led to the EPS security architecture being quite different from the 3G security architecture.
The allocation of security functions to functional entities and protocol layers is a fun-damental task to be performed when designing a security architecture. Let us briefly recapitulate the major elements of the 3G security architecture, as described in Chapter 4, and then explain why the EPS security architecture had to be extended compared to the 3G security architecture. As stated earlier, in view of the success of the 3G security architecture, 3GPP endeavoured to deviate from it only where it was made necessary by differences in the overall EPS architecture compared with the overall 3G architecture, and by differences in the security requirements (due to, for example, changing business requirements or deployment scenarios).
Permanent Security Association
The 3G security architecture is anchored in a permanent security association between a USIM application on a UICC in the UE and the Authentication Centre (AuC) in the Home Location Register (HLR). The corresponding permanent key is never visible outside the security module and the AuC. This permanent key is used in the AKA protocol. This principle of a permanent security association is kept in EPS.
Interfaces in UE and HSS/HLR
The interface between the ME on the one side and the UICC and the USIM on the other is fully standardized to allow interoperability between MEs, produced by handset vendors, and UICCs with USIMs, produced by smart card vendors. The standardization of this interface also ensures that the lifetimes of handsets and smart cards are completely decoupled, which is an important business consideration. The picture is different on the HLR side: here it was not felt necessary to standardize the interface between AuC and
98 LTE Security
the (rest of) the HLR, rather the AuC is considered part of the HLR. These principles are kept in EPS, with the obvious modification that an Home Subscriber Server (HSS) is used instead of an HLR.
Reuse of 3G USIMs
As we will see in this chapter, the AKA protocol in EPS, called EPS AKA, has evolved from UMTS AKA, which is used in 3G. Although the differences are not very big, they exist and raise the valid question, discussed in 3GPP, whether special support from an evolved USIM is needed, or desirable, for EPS AKA. The decision in 3GPP was that EPS AKA must be designed in such a way that the reuse of USIMs as used in 3G handsets (i.e. USIMs according to Release 99 specifications) is possible. There is an overwhelming business case that can be made to support this decision: a very large number of 3G USIMs have already been shipped to subscribers, and it would incur significant cost to operators if they had to exchange all these 3G USIMs for EPS-enabled ones before subscribers could enjoy EPS services. Furthermore, when a 3G USIM can be reused for EPS then all a subscriber needs to do for being able to use EPS is buy a new handset and insert his old 3G USIM (provided the conditions of his subscription are compatible with it).
Nevertheless, security advantages of allocating certain security functions and keys to an EPS-enabled USIM, and not the ME, were cited in the discussion in 3GPP; and indeed such advantages exist. The main advantage is that certain cryptographic keys are not available in the ME, but only in the more secure environment of the UICC, when the UE is in the deregistered state. However, while in registered state, these keys must be available in the ME anyway, so the advantage of storing them on the USIM is quite limited.
So, 3GPP had to trade off a clear business advantage against a moderate gain in security. The 3GPP decision was that, while the reuse of 3G USIMs had to be possible, EPS-enabled USIMs were also specified. In this way, operators are given the possibility to perform the trade-off between business requirements and security according to their particular requirements. We also mention here that there are enhancements to the USIM for EPS that are not related to security.
This approach is quite similar to the one taken in the introduction of 3G security.
Although the differences between GSM authentication and UMTS AKA are much more substantial than the ones between UMTS AKA and EPS AKA, at the time of 3G stan-dardization it was decided to allow access to 3G radio access networks using 2G security modules (SIMs).
No Reuse of 2G SIMs in EPS
We have seen now that both 3G and EPS allow the reuse of the security modules of the respective previous system generation. However, 3GPP decided that it was not allowed for EPS to go back even two generations, so 3GPP forbade the reuse of SIMs for access to LTE radio networks.
Obviously, with SIMs, only the GSM AKA protocol is possible; and the security disadvantages of GSM AKA over EPS AKA are quite significant. On the other hand, the
business case for reusing SIMs for LTE radio access networks is much weaker now than the business case for reusing SIMs for 3G was 10 years ago (when 3G was introduced), because now significant numbers of USIMs are in the field.
Delegated Authentication
In both GSM and 3G, it is the Visitor Location Register (VLR) (for the circuit-switched domain) and the Serving GPRS Support Node (SGSN) (for the packet-switched domain), respectively, not the HLR, that runs the actual authentication procedure with the UE.
The VLR or the SGSN fetches authentication vectors from the HLR, and, at some later time chosen at the discretion of the VLR or the SGSN, the VLR or the SGSN sends an authentication request to the UE and checks the correctness of the response. The VLR or the SGSN is also responsible for the distribution of the session keys to the endpoints of protection. In this sense, the HLR delegates the control of authentication checking and session key distribution to the VLR or the SGSN. This implies that, in the roaming case, the home network delegates these tasks even to the visited network.
3GPP decided to keep this principle also for EPS. This means that the MME requests authentication vectors from the HSS, checks the authentication response and distributes session keys to the endpoints of cryptographic protection. An advantage of this decision is that the same model of interaction with the HSS as in 3G can be maintained and that the HSS need not keep state during the run of an authentication protocol with the user. It also implies that the Extensible Authentication Protocol (EAP) authentication framework (see Section 5.1) does not apply.
This delegation of an important security task from the home network to the visited network also implies a certain amount of trust of the home network in the visited network.
Any risks arising from the (unlikely) case that there should be a breach of this trust are mitigated in EPS by a new feature enhancing the AKA protocol, namely, cryptographic network separation (discussed in Section 6.3.1.7).
Reuse of the Fundamental Elements of UMTS AKA
3GPP decided to build on UMTS AKA, which has served 3G security well and has stood up to analysis for 10 years now, and enhance it with additional functions only as far as needed. It turned out that only one enhancement was considered necessary, namely, cryptographic network separation.
Cryptographic Network Separation and Serving Network Authentication
This feature limits the effects of any security breach in a network to that network and prevents a spill-over of the effects of the breach to other networks. It therefore addresses requirement H-2 from Section 6.2. This is achieved by binding any EPS-related crypto-graphic keys, which leave the HSS, to the identity of the serving network, to which the keys are delivered. It also enables the UE to authenticate the serving network. In 3G, a UE cannot authenticate the serving network but only ascertain that it communicates with a serving network authorized to do so by the UE’s home network (see Chapter 4).
100 LTE Security
It should be mentioned that the principle of cryptographic network separation is strictly adhered to only in authentication procedures. 3GPP decided that keys obtained by one serving network may be forwarded to another serving network in mobility events (han-dover or idle state mobility) and used there until the next authentication, which then requires new keys bound to the new serving network. This decision is again a trade-off between security and efficiency, in this case the efficiency that results from minimizing the impact on the AuC and reducing delays in mobility events. A more detailed description of this feature can be found in Section 7.2.
Termination Point for Encryption and Integrity Protection Extending from the UE
It is clear for every radio system that the air interface, as the most vulnerable part of the system, needs to be protected by providing confidentiality and, depending on the type of data, also integrity protection. So, as the UE is one endpoint of the air interface, it is clear that the range of this protection extends from the UE. It is less obvious what the network endpoint of this protection should be. This question was answered differently even for the different 3GPP-defined mobile systems, and it turned out to be one of the most crucial security decisions that 3GPP had to take.
In the circuit-switched service of GSM, encryption terminates right at the network termination of the air interface, at the Base Transceiver Station (BTS). The designers of 3G security saw this as one of the weak points of GSM security because the BTS is often placed at an exposed location, and the link to the BSC, the next node further up in the network, is an often unprotected microwave link. Therefore, 3GPP decided in 1999 that encryption (and integrity protection, which is not provided in GSM) should extend further back into the network and terminate at the RNC, which was considered to be at a physically secure location and connected to the core network via a secure link.
In General Packet Radio Service (GPRS), the 2G packet-switched service, encryption extends even further into the network, namely up to the SGSN. However, this was not done for security reasons, but rather for reasons that had to do with particular characteristics of GPRS [Hillebrand 2001].
The difficulty the designers of EPS security were now facing stemmed from the fact that one of the major overall design goals of EPS was to achieve a flat network hierarchy and dispense with intermediate nodes like an RNC. This means that the RRC protocol, which terminates in the RNC in 3G systems, now terminates in the eNB in EPS; that is again right at the edge of the air interface and at an exposed location. But then the protection of RRC messages also has to terminate at the eNB. This is in seeming contradiction to the decision by 3G security designers that such a termination point would constitute a security weakness. The seeming contradiction was resolved in EPS by accepting the priority of having a flat overall architecture, but at the same time acknowledging the particular vulnerability of the eNB and putting (for the first time for a 3GPP-defined network node) stringent platform security requirements on the eNB. These requirements are described in more detail in Section 6.4. Once it was established that the eNB would be physically secured, there was no fundamental objection any more to terminate also UP security at the eNB. This decision made protocol design significantly simpler.
On the other hand, NAS signalling extends between the UE and the MME, a controller in the core network. While it would have been possible to provide protection for NAS signalling in a hop-by-hop fashion, with one hop extending between the UE and the eNB, and a second hop extending between the eNB and the MME, it was decided to provide protection for NAS signalling end-to-end between the UE and the MME. As NAS signalling is required whenever a user registers to a network, or periodically re-registers, this decision also helps to mitigate any potential remaining security risks of terminating protection for RRC and UP in the eNB. Furthermore, the NAS security context remains stored in the UE and the MME while the UE is in idle state. This allows NAS signalling to be secured even before the AS security extending between the UE and the eNB is set up after the transition from idle state to connected state. However, the decision also comes at a cost: as opposed to GSM and 3G, in EPS we now have different endpoints for protection extending from the UE in the network, namely, the eNB and the MME.
This is one of the reasons for the more elaborate key hierarchy in EPS compared to 3G.
New Key Hierarchy in EPS
In GSM and 3G, the key hierarchy is quite simple: there is a permanent key shared between (U)SIM and AuC, and there are the ciphering key Kc (or Kc128) in GSM and the Ciphering Key CK and Integrity Key IK in 3G, which are directly used with the encryption and integrity algorithms. As we will see in Section 7.3 in more detail, the key hierarchy in EPS is considerably more elaborate, which can be easily seen already from a mere glance at the key hierarchy diagram in Section 7.3. We mention only the main reasons for this new key hierarchy here.
There is a local master key KASME at the core network level, which is distributed from the HSS to the MME, and between MMEs, and is also generated in the ME. The introduction of this key became necessary through the decision to reuse 3G USIMs, and hence obtain the pair (CK, IK) from the USIM, and the new requirement of cryptographic network separation, which implies a binding of keys to the serving network identity, a property that is not fulfilled by (CK, IK). The introduction of this local master key KASMEhas another very desirable effect, namely, that it reduces the frequency with which authentication vectors need to be fetched from the HSS. KASME is not directly used in encryption and integrity algorithms, so it does not need to be renewed as often as (CK, IK) in 3G. KASME is less exposed also because it is never transferred to the radio access network – it remains in the core network.
There is another intermediate key at the radio access network level, called KeNB, which is distributed to the serving eNB from the MME. Its introduction was primarily motivated by the fact that keys used for RRC control plane and UP protection in the eNB are bound to certain parameters specific to an individual eNB and that handovers between eNBs should not necessarily involve the MME before the completion of the handover procedure (the so-called X2 handover described in Chapter 9). Therefore, a new level of key hierarchy was required for an intermediate key, which was for use at the eNB level, but was not yet bound to the parameters specific to an individual eNB and hence could be used in handovers without MME involvement. The details of how this is exactly done are tricky.
A part of the complication arises from another security requirement introduced to limit
102 LTE Security
the consequences of a security breach in an eNB, namely, key separation in handovers, discussed in this section below.
At the bottom of the key hierarchy are the keys directly used with the encryption or integrity protection algorithms to protect the NAS, RRC or UP protocols.
Key Separation in Handovers
For efficiency reasons, there are handover preparations that do not involve the core network. For these X2 handovers, the source eNB provides a key of type KeNB to the target eNB for use after the handover. If the KeNB was handed over unchanged then the target eNB would know which KeNB was used by the source eNB. In order to prevent this, not the KeNB used at the source eNB itself, but rather the image of a one-way function applied to KeNB, is forwarded to the next eNB. This ensures so-called backward key separation in handover.
But backward key separation solves only one part of the problem: for a fast-moving user, there may be a whole chain of handovers, and, if the image of a one-way function applied to KeNB was forwarded to the next eNB in this chain of handovers, then all eNBs in that chain would know the KeNB used further downstream in that chain, and one compromised eNB in that chain would put all other downstream eNBs in the chain at risk (although, by the property of backward key separation, not the eNBs upstream from it in the chain, the eNBs the UE visited before the compromised eNB). In order to prevent this, the requirement of forward key separation in handovers (also called forward security in [TS33.401]) was introduced to ensure that the MME provides a fresh key for the next hop immediately after handover if it was not possible during the handover. Details can be found in Chapter 9.
It should be noted here that the terms forward key separation, backward key separation and forward security used in this book and in 3GPP specifications are somewhat at odds with similar terms used in other parts of the security literature. In particular, the term perfect forward secrecy [Menezeset al. 1996] elsewhere can denote a property more akin to backward key separation as defined here.
Homogeneous Security Concept for Heterogeneous Access Networks
EPS provides a framework for connecting heterogeneous access networks to a single core network, the EPC. These include not only access networks defined by 3GPP (i.e. GERAN, UTRAN and LTE) but also access networks defined by other standardization bodies, such as cdma2000HRPD defined by [3GPP2] and WiMAX defined by [WiMAX], and possibly many more to be defined in the future. Also, there is no requirement to restrict access to the EPC only to wireless access networks.
As it would be technically difficult and inefficient to design different procedures for all these different access networks, a framework had to be found that could accommodate the various access technologies. For authentication, this framework is provided by EAP [RFC3748]. EAP allows carrying authentication messages over a variety of transports and,
thus, makes authentication independent of the particular nature of the access networks.
For access networks that are deemed untrusted by the EPC, EAP is combined with the use of IKEv2 [RFC5996] and IPsec ESP [RFC4303] to provide protection against any potential weaknesses in the access network security. Details can be found in Chapter 11.