EPS Security Features

This subsection lists the security features provided by the EPS security architecture.

Some of the crucial security features came along with the security design for the LTE architecture. These design decisions are explained in more detail in Section 6.3. For most

92 LTE Security

of these features, a more detailed description of the feature is given in the remaining chapters of the book.

Confidentiality of the User and Device Identities

This feature addresses privacy requirements P-1 and P-3. The purpose of the feature is to prevent eavesdroppers from getting information to identify the communicating par-ties. There are two different identities involved. The subscriber identity IMSI is stored in the UICC. The device identity, which comes in two variants – International Mobile Equipment Identity (IMEI) and the International Mobile Equipment Identity and Soft-ware Version number (IMEISV) – is stored in the Mobile Equipment (ME), as explained in Chapter 7. There are no straightforward ways of generally linking any of these iden-tities to the identity of the actual person. On the other hand, as a phone and a UICC are used for a long time, a person may be identified by any of these identities during this time once the link to the person has been established.

This feature is copied from 3G and GSM security. The details of the mechanism are defined in [TS33.102]. It is also discussed in Sections 3.3 and 4.2 of this book. For the device confidentiality there are some enhancements created for EPS: the device identity is not sent to the network before security measures for traffic protection have been activated.

Authentication between the UE and the Network

This feature addresses the high-level requirements H-2, H-4 and H-6. The purpose of the feature is to verify the identities of the communicating parties. This is a cornerstone of the correct functioning of the whole system because, without authentication, it would be impossible to securely connect users to each other. The feature provides also the possibility for the UE to verify the identity of the network that it is connected to.

This feature is also mainly copied from the 3G security architecture – see [TS33.102]

and Section 4.2. The authentication of subscribers is already present for GSM – see [TS43.020] and Section 3.3. There is an enhancement property in EPS authentication that provides means for the UE to directly verify the serving network identity. 3G authentica-tion only provides assurance that the serving network is authorized by the home network to serve the user. This enhancement partially addresses the requirement H-2.

There is another important security function tightly integrated with authentication: in addition to verifying identities of each other the terminal and the network also agree shared secret keys that can be subsequently used for the features of confidentiality and integrity protection of data. Chapter 7 is devoted to the feature of EPS AKA.

Confidentiality of User and Signalling Data

This feature addresses the high-level requirement H-5 and privacy requirements P-1 and P-2. The purpose of the feature is to encrypt (another word is cipher) the digital commu-nication in order to make it incomprehensible to eavesdroppers, especially on the radio interface. A similar feature exists in the 3G security architecture. However, the different system architecture of EPS, compared to that of 3G, imposes differences also for this

feature. Most notably, the endpoint of the encryption on the network side (for user data and radio network signalling data) is in the base station for EPS, while it is the radio network controller (RNC) in 3G. The reason for this change is explained in Section 6.3.

Another big change is that an additional confidentiality protection mechanism is intro-duced for signalling between the UE and the core network. Similar to the situation with GSM and 3G, providing data confidentiality is optional for the network operator. This feature is described in detail in Chapters 8 and 10.

Integrity of Signalling Data

This feature addresses the high-level requirements H-4, H-5 and H-6. The purpose of this feature is to verify the authenticity of each signalling message separately; that is, to ensure that the signalling message is not modified in transit but instead received in exactly the same form in which it has been sent. As in 3G, no integrity protection is provided for user data, for the same reasons. (This is no longer true for an architecture with relay nodes; cf. Chapters 7 and 14.) In both cases, 3G and EPS, it was felt that the risk of successfully exploiting any modification of encrypted user data sent over the air was relatively small, and the overhead added by integrity protection would have been significant, especially for services with short packet sizes, such as voice. Furthermore, the security gain provided by the ‘proof-of-origin’ part of integrity protection (see Chapter 2) would have been relatively small unless integrity protection was provided in true end-to-end fashion between the endpoints of the user data communication (e.g. between two terminals). Supporting this would have required major extensions in the key management.

Similar to the confidentiality feature, certain changes have been necessary when com-pared to the corresponding feature in 3G. This feature is also covered in Chapters 8 and 10.

Visibility and Configurability of Security

This feature is present already in both 3G and GSM. The purpose is to give the user some options to benefit from information about the security features. For the visibility purpose, there is aciphering indicatorin the UE that shows whether the feature of data confidential-ity is applied by the network or not. For the configurabilconfidential-ity purpose, the user has the option of applying Personal Identification Number (PIN)–based access control to the UICC.

Platform Security of the eNodeB

The importance of platform security for base stations (i.e. eNBs) is emphasized in EPS for two reasons:

• eNodeB is a termination point for major EPS security mechanisms.

• eNodeBs are expected to be installed in more vulnerable locations than 3G base stations when EPS is deployed.

Similar trends are also present in the most recent evolution of 3G technology. The High Speed Packet Access (HSPA) architecture contains an option where RNC and node B

94 LTE Security

functionalities are in the same node. For this option, platform security requirements similar to those for eNBs (cf. Section 6.4.4) were added to [TS33.102] in Release 11.

Also, the concept of home base station applies to both UTRAN and E-UTRAN base stations. It is clear that base stations in people’s homes (for example) are in a more vulnerable location than macro cell base stations controlled by the operator. In order to address these issues, requirements on the secure implementation of eNodeBs are included in [TS33.401]. They are described in more detail in Section 6.4. For the case of home base stations, there is a complete security specification in [TS33.320]. Home base station specific security features are described in detail in Chapter 13.

Lawful Interception

This feature addresses the service requirement S-4. The purpose of the feature is to provide access for law enforcement to the content of communications and related information, such as identities of the communicating parties and times of the communications. Lawful interception (LI) has a special role among the security features because it constrains the choice of the other security mechanisms in the system. There is a certain contradiction between the service requirement S-4 of providing lawful interception and the privacy requirements. In this sense, the interception goes against the other security features and should rather be seen as a controlled exception to the other security features.

The conditions under which the lawful interception can be activated by the law enforce-ment side are out of scope of the 3GPP specifications. They are a matter of the legislation of the country where the interception is to be done. A typical way is to require a court order before the lawful interception can be started.

Lawful interception is one of the EPS security features that are present also for 3G and GSM. The 3GPP specifications for lawful interception have been arranged in such a manner that, for every new feature, the existing lawful interception specifications are extended to cover the arrangements needed for providing lawful interception aspects for the new feature. This is a handy practice from a referencing point of view. The stage 1 specification [TS33.106] contains lawful interception requirements for all 3GPP features, the stage 2 specification [TS33.107] contains the lawful interception architecture and the stage 3 specification [TS33.108] contains the bit-level description of the interface by which the needed information could be handed over to the law enforcement side.

The LTE radio technology as such does not bring many new issues from the lawful interception point of view. The information that falls into the LI scope is still roughly the same as for GSM and 3G.

Emergency Calls

This is another feature that, in a certain sense, interferes with other security features. In some countries, the legislation requires that ECs should be possible even in cases where security measures mandatory for normal calls are not present. An example case is when there is no UICC inserted in the terminal. The feature addresses the service requirement S-7. Special arrangements done for ECs, and emergency sessions in general, are described in Sections 8.6 and 13.6.

Interworking Security

This feature is rather an enabler for the other security features but that does not make it less important than the other features. The purpose is to ensure that security holes do not appear in situations where there is a change from one system to another, such as when moving from EPS to 3G or vice versa. Equally important are situations inside EPS where coordination between several network entities is needed, possibly being under different administrative domains, such as handovers between two different operator networks. The features of data confidentiality and data integrity are based on the existence of shared secret keys. In the interworking situations a big part of this feature is in key management, ensuring that the correct keys are in the correct places at the correct time. Security for transitions and mobility inside EPS is described in Chapter 9. The interworking secu-rity with other systems, including both other 3GPP systems and non-3GPP systems, is described in Chapter 11.

Network Domain Security (NDS)

This feature is inherited from 3G. Its purpose is to protect the traffic between network elements. Mutual authentication between the communicating parties, data confidentiality and integrity are all ingredients of this feature. The details of the feature are described in [TS33.210] and [TS33.310]; see also Sections 4.5, 8.4 and 8.5 of this book.

IMS Security for Voice over LTE

The EPS is an IP packet-based system. This implies that the voice calls have to be provided by some means other than what has been customary for GSM and 3G; that is, other than by a circuit-switched solution. There is a ready-made solution for this issue already in Release 5 of 3GPP, namely, the IMS which is based on the Session Initiation Protocol (SIP) protocol [RFC3261]. The IMS is an overlay system that works for any access technology, including LTE.

The fact that IMS is independent of the access technology has implications for security:

there have to be security features that guarantee correct functioning of IMS regardless of the security functions that the access technology (potentially) provides. The 3GPP security specification for IMS is [TS33.203]. Chapter 12 addresses the IMS-based security features for voice over LTE.