Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.816
Feasibility Study on
LTE Relay Node Security

3GPP‑Page   fToC   Partial Content
V10.0.0 (Wzip)  2011/03  94 p.
Rapporteur:
Dr. Escott, Adrian
Qualcomm CDMA Technologies

full Table of Contents for  TR 33.816  Word version:  10.0.0

each clause number in 'red' refers to the equivalent title in the Partial Content
Here   Top
1Scope  p. 8
2References  p. 8
3Definitions, symbols and abbreviations  p. 9
3.1Definitions  p. 9
3.2Abbreviations  p. 9
4Relay Architecture  p. 10
5Threats  p. 12
5.1General  p. 12
5.2Assumptions for threat analysis  p. 12
5.3Security threats  p. 12
6Requirements  p. 15
6.1 General Requirements  p. 15
6.2Security Requirements  p. 15
6.3Requirements on enrolment and RN start-up procedure  p. 16
6.3.1General  p. 16
6.3.2Enrolment  p. 16
6.3.3Start of IPsec  p. 16
6.4Access restrictions for the RN  p. 17
6.5RN Management  p. 17
7Security Architecture  p. 17
7.1Security protection type for relay node on User UE's S1 interface and X2 interface  p. 17
7.1.1Analysis  p. 17
7.1.2Security protection architecture  p. 18
7.2Security protection type for relay node about OAM communication  p. 18
7.2.1Analysis  p. 18
7.2.2Security protection architecture  p. 18
8Security Procedures  p. 19
8.1Analysis of Un interface security  p. 19
8.1.1General aspect on Un security for Relay architecture  p. 19
8.1.2Analysis of options for Un interface security  p. 19
8.1.2.1Option 1: NDS/IP and AS security over the Un interface  p. 20
8.1.2.1.1General  p. 20
8.1.2.1.2Residual Threats for Option 1  p. 20
8.1.2.1.2.1NDS/IP for all user plane traffic on Un  p. 20
8.1.2.1.2.2NDS/IP for part of the user plane traffic on Un  p. 21
8.1.2.1.2.3Conclusion of option 1  p. 21
8.1.2.2Option 2: AS security over the Un interface  p. 21
8.1.2.2.1General  p. 21
8.1.2.2.2Residual Threats for Option 2  p. 22
8.1.2.3Option 3: NDS/IP over the Un interface  p. 22
8.1.2.3.1General  p. 22
8.1.2.3.2Residual Threats for Option 3  p. 22
8.1.3Comparison of Options  p. 22
8.2Security for the RN NAS traffic  p. 23
8.3Security for the RN RRC traffic  p. 23
8.4Mutual Authentication  p. 23
8.5Enrolment procedures for RNs  p. 23
8.6Location verification  p. 24
8.7Security handling in handover  p. 24
8.7.1UE Handover scenario  p. 24
8.7.2Security handling for UE Handover from/to RN  p. 25
8.7.2.1General  p. 25
8.7.2.2Security handling on the source node  p. 25
8.7.2.3Security handling on the target node  p. 25
8.8Analysis of key interaction on Un interface  p. 26
8.8.1Key relationship on Un interface  p. 26
8.8.2Analysis of the key interaction on Un interface  p. 26
8.9Differentiation the RN and UE by the DeNB  p. 26
8.10NAS signalling security  p. 27
8.11Algorithm negotiation for RBs on Un interface  p. 27
9Device Security  p. 28
9.1Security requirements on Relay Nodes  p. 28
9.2Device Integrity check  p. 29
9.3RN Platform Validation  p. 29
9.4UICC aspects  p. 29
10Proposed Solutions  p. 31
10.1Solution 1 - IPsec for control and user plane  p. 31
10.1.1General  p. 31
10.1.2Security Procedures  p. 31
10.1.3UICC Aspects in RN scenarios  p. 31
10.1.4Enrolment procedures for RNs for backhaul link security  p. 31
10.1.5Analysis of Solution 1  p. 32
10.2Solution 2 - IPsec for control and user plane with certificate and AKA authentication in IKE  p. 32
10.2.1General  p. 32
10.2.2Security Procedures  p. 32
10.2.3UICC Aspects in RN scenarios  p. 32
10.2.4Enrolment procedures for RNs for backhaul link security  p. 32
10.2.5Analysis of Solution 2  p. 33
10.3Solution 3 - AKA credentials embedded in RN  p. 33
10.3.1General  p. 33
10.3.2Security Procedures  p. 33
10.3.3UICC Aspects in RN scenarios  p. 33
10.3.4Enrolment procedures for RNs for backhaul link security  p. 33
10.3.5Analysis of Solution 3  p. 34
10.4Solution 4 - IPsec for control plane and secure channel between RN and USIM with AKA credentials stored in UICC  p. 34
10.4.1General  p. 34
10.4.2Security Procedures  p. 34
10.4.3UICC Binding Aspects in RN scenarios  p. 36
10.4.4Enrolment procedures for RNs  p. 37
10.4.5Secure management procedures for RNs  p. 37
10.4.6Certificate validation  p. 37
10.4.7Profiles of solution 4  p. 38
10.4.7.1Solution profile 4A  p. 38
10.4.7.1.1General  p. 38
10.4.7.1.2Security Procedures  p. 38
10.4.7.1.3USIM Binding Aspects in RN scenarios  p. 39
10.4.7.1.4Enrolment procedures for RNs  p. 39
10.4.7.1.5Secure management procedures for RNs  p. 39
10.4.7.1.6Certificate validation  p. 39
10.4.7.2Solution profile 4B  p. 40
10.4.7.2.1General  p. 40
10.4.7.2.2Security Procedures  p. 40
10.4.7.2.3USIM Binding Aspects  p. 41
10.4.7.2.4Enrolment procedures for RNs  p. 41
10.4.7.2.5Secure management procedures for RNs  p. 41
10.4.7.2.6Certificate and subscription handling  p. 41
10.4.8Analysis of Solution 4  p. 42
10.4.8.1How does solution 4 address the threats in clause 5?  p. 42
10.4.8.2How does solution 4 fulfil the requirements in clause 6?  p. 43
10.4.8.3How does solution 4 address the general Editor's notes and the residual threats in clause 8.1.2.1?  p. 44
10.5Solution 5 - Enhanced AKA to include device authentication  p. 45
10.5.1General  p. 45
10.5.2Security Procedures  p. 45
10.5.2.1General  p. 45
10.5.2.2Enhanced AKA authentication  p. 46
10.5.2.2.1High level description  p. 46
10.5.2.2.2Security Analysis  p. 47
10.5.2.2.3Attach flow and rekeying E-UTRAN keys  p. 48
10.5.2.2.4Changes to NAS messages  p. 49
10.5.2.2.5Profiles of Cryptographic Functions  p. 49
10.5.2.2.6Error cases  p. 50
10.5.3UICC Aspects in RN scenarios  p. 50
10.5.4Enrolment procedures for RNs for backhaul link security  p. 50
10.5.5Analysis of Solution 5  p. 51
10.5.5.1How does solution 5 address the threats in clause 5?  p. 51
10.5.5.2How does solution 5 fulfil the requirements in clause 6?  p. 52
10.5.5.3How does solution 5 address the general Editor's notes and the residual threats in clause 8.1.2.1?  p. 53
10.5.5.4How does solution 5 address the general Editor's notes and the residual threats in clause 8.1.2.2?  p. 54
10.5.5.5Analysis of solution 5 not related to threats  p. 54
10.6Solution 6: AKA for Relay Node UE authentication and secure channel between RN and USIM  p. 54
10.6.1General  p. 54
10.6.2Security Procedures  p. 55
10.6.3UICC Aspects in RN scenarios  p. 55
10.6.4Enrolment procedures for RNs for backhaul link security  p. 55
10.7Solution 7: AKA for Relay Node UE authentication and IPSec protection  p. 55
10.7.1General  p. 55
10.7.2Security Procedures  p. 56
10.7.3UICC Aspects in RN scenarios  p. 56
10.7.4Pre-shared Key Enrolment procedures for RNs for backhaul link security  p. 56
10.7.5Analysis of Solution 7  p. 57
10.7.5.1Countermeasures for the threats in clause 5  p. 57
10.7.5.2How does solution 7 fulfil the requirements in clause 6  p. 58
10.7.5.3Benefits of PSK based IPsec tunnel in solution 7  p. 59
10.8Solution 8 - Enhancing AKA to include device authentication via symmetric key in RN and HSS/MME  p. 59
10.8.1General  p. 59
10.8.2Security Procedures  p. 59
10.8.2.1General  p. 59
10.8.2.2Enhanced EPS-AKA using a relay-node device secret key  p. 59
10.8.2.3Improvement using enhanced authentication data  p. 60
10.8.3UICC Aspects in RN scenarios  p. 62
10.8.4Enrolment procedures for RNs for backhaul link security  p. 63
10.8.5Analysis of solution 8  p. 63
10.8.5.1How does solution 8 address the threats in clause 5.3?  p. 63
10.8.5.2How does the solution 8 fulfil the requirements in clause 6.2?  p. 64
10.8.5.3How does the solution 8 address the general Editor's notes and the residual threats in clause 8.1.2.1.2?  p. 65
10.8.5.4How does solution 8 address the general Editor's notes and the residual threats in clause 8.1.2.2?  p. 66
10.8.5.5Analysis of solution 8 not related to threats  p. 66
10.9Solution 9 - IPsec or PDCP security for control plane and with key binding for AS security  p. 66
10.9.1General  p. 66
10.9.2Security Procedures  p. 68
10.9.2.1Start up procedure phase II: Attach for RN operation  p. 68
10.9.2.2Binding of RN platform authentication to the AS security context  p. 69
10.9.2.2.1Purpose of the binding  p. 69
10.9.2.2.2Binding KO and the keys from RN subscription authentication  p. 69
10.9.2.2.3Switching to the KO-bound AS security context  p. 70
10.9.2.2.4Establishment of KO  p. 70
10.9.2.2.5KeNB chaining, change of KO and change of IPsec SAs  p. 70
10.9.2.3Analysis of protection against identified threats  p. 71
10.9.3UICC Aspects in RN scenarios  p. 72
10.9.4Enrolment procedures for RNs for backhaul link security  p. 72
10.10Solution 10 - Secure channel between RN and USIM with a one-to-one mapping between RN and UICC  p. 72
10.10.1General  p. 72
10.10.2Security Procedures  p. 72
10.10.3UICC Aspects in RN scenarios  p. 72
10.10.4Enrolment procedures for RNs for backhaul link security  p. 73
10.11Solution 11 - Secure Channel between USIM and RN and AS integrity for S1 /X2; Variant with two USIMs  p. 73
10.11.1General  p. 73
10.11.2Security Procedures  p. 73
10.11.3USIM Binding Aspects in RN scenarios  p. 75
10.11.4Enrolment procedures for RNs  p. 75
10.11.5Secure management procedures for RNs  p. 76
10.11.6Certificate validation  p. 76
10.11.7Profiles of solution 11  p. 76
10.11.7.1Solution profile 11A  p. 76
10.11.7.1.1General  p. 76
10.11.7.1.2Security Procedures  p. 77
10.11.7.1.3USIM Binding Aspects in RN scenarios  p. 78
10.11.7.1.4Enrolment procedures for RNs  p. 78
10.11.7.1.5Secure management procedures for RNs  p. 78
10.11.7.1.6Certificate validation  p. 78
10.11.7.2Solution profile 11B  p. 78
10.11.7.2.1General  p. 78
10.11.7.2.2Security Procedures  p. 79
10.11.7.2.3USIM Binding Aspects  p. 81
10.11.7.2.4Enrolment procedures for RNs  p. 81
10.11.7.2.5Secure management procedures for RNs  p. 81
10.11.7.2.6Certificate and subscription handling  p. 82
10.11.8Analysis of Solution 11  p. 82
10.11.8.1How does solution 11 address the threats in clause 5?  p. 82
10.11.8.2How does the solution 11 fulfill the requirements in clause 6?  p. 84
10.11.8.3How does the solution 11 address the general Editor's notes and the residual threats in clause 8.1.2.1?  p. 85
10.12Solution 12 - Secure Channel between USIM and RN and AS integrity for S1 /X2; Variant with modified KASME  p. 86
10.12.1General  p. 86
10.12.2Security Procedures  p. 86
10.12.3USIM Binding Aspects in RN scenarios  p. 88
10.12.4Enrolment procedures for RNs  p. 88
10.12.5Secure management procedures for RNs  p. 89
10.12.6Certificate validation checks  p. 89
10.12.7Analysis of Solution 12  p. 89
10.12.7.1How does solution 12 address the threats in clause 5?  p. 89
10.12.7.2How does the solution 12 fulfill the requirements in clause 6?  p. 91
10.12.7.3How does the solution 12 address the general Editor's notes and the residual threats in clause 8.1.2.1?  p. 92
11Conclusions  p. 93
$Change history  p. 94

Up   Top