This document collects the identified threats and proposed countermeasures, and includes the design choices and rationale for why proposed security mechanisms are accepted or rejected to record the history of the final security solution.
The scope of this 3GPP Technical Report is rationale and track of security decisions in Long Term Evolved (LTE) RAN and 3GPP System Architecture Evolution (SAE) for release 8.
Disclaimer: This TR reflects the discussions held in 3GPP SA3 while 3GPP SA3 was working towards TS 33.401
. This TR is useful to better understand the basis on which decisions in TS 33.401
were taken, and the alternatives that were discussed towards the decision. Some of the text in this TR reflected 3GPP SA3's decision. However 3GPP's position on EPS Security Architecture is reflected in the normative text in TS 33.401
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
"Revised Draft report of 3GPP TSG RAN WG3 meeting #50 & joint RAN WG2/RAN WG3/SA WG3 LTE meeting", S3-060119, 3GPP TSG SA WG3 (Security) meeting #42, Bangalore, India, 6 - 9 Feb 2006.
"LS on the status of the study on LTE/SAE security", 3GPP TSG RAN WG3 Meeting #51, R3-060289, Denver, Colorado, USA, 13 - 17 February 2006.
"Security Vulnerabilities in the E-RRC Control Plane", 3GPP TSG-RAN WG2/RAN WG3/SA WG3 joint meeting, R3-060032, 9-13 January 2006
M. Zhang: "Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol", IEEE Transactions on Wireless Communications, Vol. 4, No. 2, March 2005.
EFF, "Cracking DES", O'Reilly, 1998.
M. Wiener, "Efficient DES Key Search", originally presented at Crypto 93 rumpsession, reprinted in W. Stallings (ed), Practical Cryptography for Data Internetworks.
I. Devlin and A. Purvis, "Assessing the Security of Key Length", SASC 2007 workshop.
"Attacks on Cryptographic Hashes in Internet Protocols"
For the purposes of the present document, the following abbreviations apply:
(Distributed) Denial of Service
Long Term Evolution
Media Access Control
Mobility Management Entity
Non Access Stratum
Packet Data Convergence Protocol
Radio Access Network
Radio Resource Control
System Architecture Evolution
Security Mode Command