2003/12/29 1
Security Aspects ofSecurity Aspects of3G-WLAN Interworking3G-WLAN Interworking
組別:組別: 22組員:組員:
陳俊文 691410048, 李奇勇 691410051,
黃弘光 691430045, 林柏均 489410080
2003/12/292003/12/29 22
Why 3G-WLAN InterworkingWhy 3G-WLAN Interworking
WLAN systems offer WLAN systems offer bit ratesbit rates surpassing those of 3G systems and surpassing those of 3G systems and are great for are great for hot spot hot spot coveragecoverage ,, while 3G systems while 3G systems provide provide global coverageglobal coverage and the and the necessary network and management necessary network and management infrastructure to cater for infrastructure to cater for securitysecurity ,,roamingroaming ,, and and chargingcharging requirements. requirements.
2003/12/292003/12/29 33
3G-WLAN Interworking3G-WLAN Interworking
We want the We want the subscription subscription managementmanagement,, roamingroaming,, and securityand security facilities of a 3G system and the facilities of a 3G system and the hot spot hot spot capacity and low investment costcapacity and low investment cost of WLAN of WLAN systems.systems.
An important challenge is to reconcile and An important challenge is to reconcile and consolidate the consolidate the security architecturesecurity architecture of the of the systems.systems.
2003/12/292003/12/29 44
Wireless Local Area NetworkWireless Local Area Network
IEEE 802.11bIEEE 802.11b deploys confidentiality and integ deploys confidentiality and integrity protection through a scheme called WEP. rity protection through a scheme called WEP. WEP suffers from manual key management anWEP suffers from manual key management and is also cryptographically broken.d is also cryptographically broken.HYPERLAN/HYPERLAN/22 and and HiSWAN HiSWAN have more advanced confidentihave more advanced confidentiality and encryption mechanisms.ality and encryption mechanisms.
2003/12/292003/12/29 55
The 3GPP SystemThe 3GPP System
Cellular systems such as UMTS and Cellular systems such as UMTS and GSM have excellent characteristics in GSM have excellent characteristics in terms of coverage and roaming.terms of coverage and roaming.
2003/12/292003/12/29 66
Interworking SolutionInterworking Solution
In ETSI Project BRAN resulted in two funIn ETSI Project BRAN resulted in two fundamentally different solutions regarding damentally different solutions regarding the level of interworking.the level of interworking.
Tight and Loose interworkingTight and Loose interworking according according to the level of integration required betwto the level of integration required between the systems.een the systems.
2003/12/292003/12/29 77
Tight interworkingTight interworking
The tight interworking solution was based on tThe tight interworking solution was based on the idea of making use of the WLAN radio interfhe idea of making use of the WLAN radio interface as a bearer for UMTS with all network contace as a bearer for UMTS with all network control entities in the core network integrated.rol entities in the core network integrated.
A tight interworking solution would mandate tA tight interworking solution would mandate the full 3GPP security architecture and require the full 3GPP security architecture and require the 3GPP protocol stacks and interfaces to be phe 3GPP protocol stacks and interfaces to be present in the WLAN system.resent in the WLAN system.
2003/12/292003/12/29 88
Loose interworkingLoose interworking
There was little need to make changes to the There was little need to make changes to the WLAN standard.This solution has the benefit oWLAN standard.This solution has the benefit of not needing a convergence layerf not needing a convergence layer ,, which is awhich is an important factor in development time and sn important factor in development time and so on.o on.
The loose interworking options merely require The loose interworking options merely require the 3GPP authentication method to be implethe 3GPP authentication method to be implemented.mented.
Loose interworking was therefore adopted as tLoose interworking was therefore adopted as the preferred solution in both the WLAN and 3Ghe preferred solution in both the WLAN and 3GPP communities.PP communities.
2003/12/292003/12/29 99
Loose interworkingLoose interworking
To avoid link layer To avoid link layer modificationsmodifications ,, the authentication the authentication protocol is allowed to run at the link protocol is allowed to run at the link layer using Internet protocols ─ EAP layer using Internet protocols ─ EAP and AAA ─ as transport mechanisms.and AAA ─ as transport mechanisms.
2003/12/292003/12/29 1010
3GPP-WLAN Interworking Architecture3GPP-WLAN Interworking Architecture
2003/12/292003/12/29 1111
Security concerns in 3G-WLAN InterworkingSecurity concerns in 3G-WLAN Interworking
A fundamental requirement in 3GPP has been A fundamental requirement in 3GPP has been that 3GPP-WLAN interworking shall not comprthat 3GPP-WLAN interworking shall not compromise the UMTS security architecture.omise the UMTS security architecture.
ThereforeTherefore ,, it is required that the authenticatit is required that the authentication and key distribution be based on the UMTS ion and key distribution be based on the UMTS AKA challenge-response procedureAKA challenge-response procedure..
2003/12/292003/12/29 1212
UICC & USIMUICC & USIM
The UMTS AKA procedure relies on the aThe UMTS AKA procedure relies on the availability of a tamper-resistant smartcavailability of a tamper-resistant smartcard at the terminal.rd at the terminal.
The smartcardThe smartcard ,, called a UICCcalled a UICC ,, in UMin UMTSTS ,, will run an application called USIM.will run an application called USIM.
The USIM application that runs the cryptThe USIM application that runs the cryptographic algotithms during the executioographic algotithms during the execution of the UMTS AKA.n of the UMTS AKA.
2003/12/292003/12/29 1313
The Entities and Domains of 3GPP-WLAN The Entities and Domains of 3GPP-WLAN architecturearchitecture
HEHE‧‧HSSHSS‧‧3GPP AAA Server3GPP AAA Server
SNSN‧‧3GPP AAA proxy3GPP AAA proxy‧‧NASNAS‧‧APAP
UEUE‧‧UICC/USIMUICC/USIM‧‧MSMS‧‧Computing deviceComputing device
2003/12/292003/12/29 1414
Simplified 3GPP-WLAN architectureSimplified 3GPP-WLAN architecture
2003/12/292003/12/29 1515
Trust IssuesTrust Issues
Which entities do we trust ?Which entities do we trust ? On what basis do we trust these On what basis do we trust these
domains/entities ?domains/entities ? What type of security features are What type of security features are
needed to “enforce” the trust ?needed to “enforce” the trust ? What would be the goal of an What would be the goal of an
adversary ? adversary ?
2003/12/292003/12/29 1616
Trust relationshipTrust relationship
User HEUser HE HE UICC/USIMHE UICC/USIM HE SNHE SN SN WLAN access networkSN WLAN access network User user equipmentUser user equipment
2003/12/292003/12/29 1717
User Identity PrivacyUser Identity Privacy
Location PrivacyLocation Privacy is problematic since there is problematic since there is often a strong connection between the is often a strong connection between the logical identity of the user and the logical identity of the user and the routable address associated with the user routable address associated with the user device.device.
To mitigate this problemTo mitigate this problem ,, one often turns one often turns to protected temporary identities.to protected temporary identities.
2003/12/292003/12/29 1818
Lawful InterceptionLawful Interception
Lawful interceptionLawful interception functionality is a ma functionality is a mandatory requirement for most 3G operatndatory requirement for most 3G operators.There is no reason to expect the 3GPors.There is no reason to expect the 3GPP-WLAN interworking architecture to be P-WLAN interworking architecture to be exempt from lawful interception requireexempt from lawful interception requirements.ments.
2003/12/292003/12/29 1919
Authentication,Confidentiality,and Authentication,Confidentiality,and IntegrityIntegrity
3GPP-WLAN architecture shall use the 3GPP-WLAN architecture shall use the UMTS AKA UMTS AKA procedureprocedure ,, the issue of authentication and key the issue of authentication and key distribution is already taken care of.distribution is already taken care of.
Confidentiality is targeted at protecting the Confidentiality is targeted at protecting the system and user data against passive system and user data against passive attacks.3GPP-WLAN confidentiality services are attacks.3GPP-WLAN confidentiality services are provided by provided by symmetric key encryptionsymmetric key encryption..
Cryptographic integrity protection is a security Cryptographic integrity protection is a security service aimed at protecting data against active service aimed at protecting data against active attacks.3GPP-WLAN integrity service is attacks.3GPP-WLAN integrity service is implemented by implemented by symmetric keyed cryptographic symmetric keyed cryptographic checksum functionschecksum functions..
2003/12/292003/12/29 2020
UMTS AKA sequenceUMTS AKA sequence
2003/12/292003/12/29 2121
3GPP-WLAN interworking AKA procedure3GPP-WLAN interworking AKA procedure
For the 3GPP-WLAN interworking scenario the For the 3GPP-WLAN interworking scenario the AKA procedure is executed AKA procedure is executed globallyglobally..
The drawback is that the The drawback is that the signaling paths and tsignaling paths and thus the round-trip delay may increasehus the round-trip delay may increase..
The advantage is improved home control sincThe advantage is improved home control since there is e there is no need to distribute AVs or authentino need to distribute AVs or authentication control to the SNcation control to the SN..
2003/12/292003/12/29 2222
UMTS AKA challenge-response mechanismUMTS AKA challenge-response mechanism
2003/12/292003/12/29 2323
3GPP-WLAN security architecture3GPP-WLAN security architecture
The two key glue components of the inteThe two key glue components of the interworking solution are the rworking solution are the AAA AAA and and EAPEAP t technologies.These are used to execute technologies.These are used to execute the UMTS AKA protocol from the 3G systehe UMTS AKA protocol from the 3G system’s home domain toward the WLAN usm’s home domain toward the WLAN user equipment.er equipment.
2003/12/292003/12/29 2424
A successful UMTS AKA procedure
2003/12/292003/12/29 2525
The Role of the EAPThe Role of the EAP
EAP is a key element in the 3GPP-EAP is a key element in the 3GPP-WLAN security architecture.WLAN security architecture.
EAP provides a EAP provides a generic peer-to-peer generic peer-to-peer based request-response transaction based request-response transaction environmentenvironment for authentication for authentication dialogsdialogs ,, and supports and supports multiple multiple authentication mechanismsauthentication mechanisms. .
2003/12/292003/12/29 2626
AAAAAA
To manage roaming trafficTo manage roaming traffic ,, the the AAA framewAAA frameworkork is chosen as the basis for the 3GPP-WLAN a is chosen as the basis for the 3GPP-WLAN architecture.rchitecture.
Both Both DiameterDiameter and and RADIUSRADIUS are generic protoc are generic protocols and are intended to provide support for a dols and are intended to provide support for a diverse set of AAA applicationsiverse set of AAA applications ,, including netincluding network accesswork access ,, IP mobilityIP mobility ,, and interoperatoand interoperator roaming.r roaming.
2003/12/292003/12/29 2727
Summary and ConclusionSummary and Conclusion
The idea of interworking between mobile systThe idea of interworking between mobile systems and WLANs holds great promise.Security-ems and WLANs holds great promise.Security-wise the interworking is mostly unproblematicwise the interworking is mostly unproblematic ,,but there are areas identified that contain weabut there are areas identified that contain weaknesses.knesses.
Identity privacyIdentity privacy is important and will probably is important and will probably become even more important in the future as tbecome even more important in the future as technology advances.echnology advances.