Cover Image

LTE security / Dan Forsberg [and others].

Show other versions (1)

"The book will address the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. T...

Full description

Saved in:
Bibliographic Details
Online Access: Full Text (via Skillsoft)
Other Authors: Forsberg, Dan
Other title:Long term evolution security
Format: Electronic eBook
Language:English
Published: Hoboken, N.J. : Wiley, 2010.
Subjects:
Long-Term Evolution (Telecommunications)
Global system for mobile communications.
Global system for mobile communications
Table of Contents:
  • Cover
  • Contents
  • Foreword
  • Acknowledgements
  • 1 Overview of the Book
  • 2 Background
  • 2.1 Evolution of Cellular Systems
  • 2.1.1 Third-generation Network Architecture
  • 2.1.2 Important Elements of the 3G Architecture
  • 2.1.3 Functions and Protocols in the 3GPP System
  • 2.1.4 The EPS System
  • 2.2 Basic Security Concepts
  • 2.2.1 Information Security
  • 2.2.2 Design Principles
  • 2.2.3 Communication Security Features
  • 2.3 Basic Cryptographic Concepts
  • 2.3.1 Cryptographic Functions
  • 2.3.2 Securing Systems with Cryptographic Methods
  • 2.3.3 Symmetric Encryption Methods
  • 2.3.4 Hash Functions
  • 2.3.5 Public-key Cryptography and PKI
  • 2.3.6 Cryptanalysis
  • 2.4 Introduction to LTE Standardization
  • 2.4.1 Working Procedures in 3GPP
  • 2.5 Notes on Terminology and Specification Language
  • 2.5.1 Terminology
  • 2.5.2 Specification Language
  • 3 GSM Security
  • 3.1 Principles of GSM Security
  • 3.2 The Role of the SIM
  • 3.3 Mechanisms of GSM Security
  • 3.3.1 Subscriber Authentication in GSM
  • 3.3.2 GSM Encryption
  • 3.3.3 GPRS Encryption
  • 3.3.4 Subscriber Identity Confidentiality
  • 3.4 GSM Cryptographic Algorithms
  • 4 Third-generation Security (UMTS)
  • 4.1 Principles of Third-generation Security
  • 4.1.1 Elements of GSM Security Carried Over to 3G
  • 4.1.2 Weaknesses in GSM Security
  • 4.1.3 Higher Level Objectives
  • 4.2 Third-generation Security Mechanisms
  • 4.2.1 Authentication and Key Agreement
  • 4.2.2 Ciphering Mechanism
  • 4.2.3 Integrity Protection Mechanism
  • 4.2.4 Identity Confidentiality Mechanism
  • 4.3 Third-generation Cryptographic Algorithms
  • 4.3.1 KASUMI
  • 4.3.2 UEA1 and UIA1
  • 4.3.3 SNOW3G, UEA2 and UIA2
  • 4.3.4 MILENAGE
  • 4.3.5 Hash Functions
  • 4.4 Interworking between GSM and 3G security
  • 4.4.1 Interworking Scenarios
  • 4.4.2 Cases with SIM
  • 4.4.3 Cases with USIM.
  • 4.4.4 Handovers between GSM and 3G
  • 4.5 Network Domain Security
  • 4.5.1 Generic Security Domain Framework
  • 4.5.2 Security Mechanisms for NDS
  • 4.5.3 Application of NDS
  • 5 3G-WLAN Interworking
  • 5.1 Principles of 3G-WLAN Interworking
  • 5.1.1 The General Idea
  • 5.1.2 The EAP Framework
  • 5.1.3 Overview of EAP-AKA
  • 5.2 Security Mechanisms of 3G-WLAN Interworking
  • 5.2.1 Reference Model for 3G-WLAN Interworking
  • 5.2.2 Security Mechanisms of WLAN Direct IP Access
  • 5.2.3 Security Mechanisms of WLAN 3GPP IP Access
  • 5.3 Cryptographic Algorithms for 3G-WLAN Interworking
  • 6 EPS Security Architecture
  • 6.1 Overview and Relevant Specifications
  • 6.1.1 Need for Security Standardization
  • 6.1.2 Relevant Non-security Specifications
  • 6.1.3 Security Specifications for EPS
  • 6.2 Requirements and Features of EPS Security
  • 6.2.1 Threats against EPS
  • 6.2.2 EPS Security Features
  • 6.2.3 How the Features Meet the Requirements
  • 6.3 Design Decisions for EPS Security
  • 6.4 Platform Security for Base Stations
  • 6.4.1 General Security Considerations
  • 6.4.2 Specification of Platform Security
  • 6.4.3 Exposed Position and Threats
  • 6.4.4 Security Requirements
  • 7 EPS Authentication and Key Agreement
  • 7.1 Identification
  • 7.1.1 User Identity Confidentiality
  • 7.1.2 Terminal Identity Confidentiality
  • 7.2 The EPS Authentication and Key Agreement Procedure
  • 7.2.1 Goals and Prerequisites of EPS AKA
  • 7.2.2 Distribution of EPS Authentication Vectors from HSS to MME
  • 7.2.3 Mutual Authentication and Establishment of a Shared Key Between the Serving Network and the UE
  • 7.2.4 Distribution of Authentication Data Inside and Between Serving Networks
  • 7.3 Key Hierarchy
  • 7.3.1 Key Derivations
  • 7.3.2 Purpose of the Keys in the Hierarchy
  • 7.3.3 Cryptographic Key Separation
  • 7.3.4 Key Renewal
  • 7.4 Security Contexts.
  • 8 EPS Protection for Signalling and User Data
  • 8.1 Security Algorithms Negotiation
  • 8.1.1 Mobility Management Entities
  • 8.1.2 Base Stations
  • 8.2 NAS Signalling Protection
  • 8.2.1 NAS Security Mode Command Procedure
  • 8.2.2 NAS Signalling Protection
  • 8.3 AS Signalling and User Data Protection
  • 8.3.1 AS Security Mode Command Procedure
  • 8.3.2 RRC Signalling and User Plane Protection
  • 8.3.3 RRC Connection Re-establishment
  • 8.4 Security on Network Interfaces
  • 8.4.1 Application of NDS to EPS
  • 8.4.2 Security for Network Interfaces of Base Stations
  • 8.5 Certificate Enrolment for Base Stations
  • 8.5.1 Enrolment Scenario
  • 8.5.2 Enrolment Principles
  • 8.5.3 Enrolment Architecture
  • 8.5.4 CMPv2 Protocol and Certificate Profiles
  • 8.5.5 CMPv2 Transport
  • 8.5.6 Example Enrolment Procedure
  • 8.6 Emergency Call Handling
  • 8.6.1 Emergency Calls with NAS and AS Security Contexts in Place
  • 8.6.2 Emergency Calls without NAS and AS Security Contexts
  • 8.6.3 Continuation of the Emergency Call when Authentication Fails
  • 9 Security in Intra-LTE State Transitions and Mobility
  • 9.1 Transitions to and from Registered State
  • 9.1.1 Registration
  • 9.1.2 Deregistration
  • 9.2 Transitions Between Idle and Connected States
  • 9.2.1 Connection Initiation
  • 9.2.2 Back to Idle State
  • 9.3 Idle State Mobility
  • 9.4 Handover
  • 9.4.1 Handover Key Management Requirements Background
  • 9.4.2 Handover Keying Mechanisms Background
  • 9.4.3 LTE Key Handling in Handover
  • 9.4.4 Multiple Target Cell Preparations
  • 9.5 Key Change on the Fly
  • 9.5.1 KeNB Rekeying
  • 9.5.2 KeNB Refresh
  • 9.5.3 NAS Key Rekeying
  • 9.6 Periodic Local Authentication Procedure
  • 9.7 Concurrent Run of Security Procedures
  • 10 EPS Cryptographic Algorithms
  • 10.1 Null Algorithms
  • 10.2 Ciphering Algorithms
  • 10.3 Integrity Algorithms.
  • 10.4 Key Derivation Algorithms
  • 11 Interworking Security Between EPS and Other Systems
  • 11.1 Interworking with GSM and 3G Networks
  • 11.1.1 Routing Area Update Procedure in UTRAN
  • 11.1.2 Tracking Area Update Procedure in EPS
  • 11.1.3 Handover from EPS to 3G or GSM
  • 11.1.4 Handover from 3G or GSM to EPS
  • 11.2 Interworking with Non-3GPP Networks
  • 11.2.1 Principles of Interworking with Non-3GPP Networks
  • 11.2.2 Authentication and Key Agreement for Trusted Access
  • 11.2.3 Authentication and Key Agreement for Untrusted Access
  • 11.2.4 Security for Mobile IP Signalling
  • 11.2.5 Mobility between 3GPP and non-3GPP Access Networks
  • 12 Security for Voice over LTE
  • 12.1 Methods for Providing Voice over LTE
  • 12.1.1 IMS over LTE
  • 12.1.2 Circuit Switched Fallback (CSFB)
  • 12.1.3 Single Radio Voice Call Continuity (SRVCC)
  • 12.2 Security Mechanisms for Voice over LTE
  • 12.2.1 Security for IMS over LTE
  • 12.2.2 Security for Circuit Switched Fallback
  • 12.2.3 Security for Single Radio Voice Call Continuity
  • 13 Security for Home Base Station Deployment
  • 13.1 Security Architecture, Threats and Requirements
  • 13.1.1 Scenario
  • 13.1.2 Threats and Risks
  • 13.1.3 Requirements
  • 13.1.4 Security Architecture
  • 13.2 Security Features
  • 13.2.1 Authentication
  • 13.2.2 Local Security
  • 13.2.3 Communications Security
  • 13.2.4 Location Verification and Time Synchronization
  • 13.3 Security Procedures Internal to the Home Base Station
  • 13.3.1 Secure Boot and Device Integrity Check
  • 13.3.2 Removal of Hosting Party Module
  • 13.3.3 Loss of Backhaul Link
  • 13.3.4 Secure Time Base
  • 13.3.5 Handling of Internal Transient Data
  • 13.4 Security Procedures between Home Base Station and Security Gateway
  • 13.4.1 Device Integrity Validation
  • 13.4.2 Device Authentication
  • 13.4.3 IKEv2 and Certificate Profiling.
  • 13.4.4 Certificate Processing
  • 13.4.5 Combined Device-Hosting Party Authentication
  • 13.4.6 Authorization and Access Control
  • 13.4.7 IPsec Tunnel Establishment
  • 13.4.8 Time Synchronization
  • 13.5 Security Aspects of Home Base Station Management
  • 13.5.1 Management Architecture
  • 13.5.2 Management and Provisioning during Manufacturing
  • 13.5.3 Preparation for Operator-specific Deployment
  • 13.5.4 Relationships between HeNB Manufacturer and Operator
  • 13.5.5 Security Management in Operator Network
  • 13.5.6 Protection of Management Traffic
  • 13.5.7 Software Download
  • 13.5.8 Location Verification
  • 13.6 Closed Subscriber Groups and Emergency Call Handling
  • 13.6.1 UE Access Control to HeNBs
  • 13.6.2 Emergency Calls
  • 14 Future Challenges
  • 14.1 Near-term Outlook
  • 14.2 Far-term Outlook
  • Abbreviations
  • References
  • Index.

Similar Items