gogogo
Syndetics cover image
Image from Syndetics

LTE security / Dan Forsberg ... [et al.].

Contributor(s): Material type: TextTextPublication details: Chichester, West Sussex : Wiley, 2013.Edition: 2nd edDescription: xx, 345 p. : ill. ; 26 cmISBN:
  • 9781118355589 (hardback)
  • 111835558X (hardback)
Subject(s): DDC classification:
  • 621.3845 FOR
Online resources:
Contents:
Overview of the book -- Background -- GSM security -- Third-generation security (UMTS) -- 3G-WLAN interworking -- EPS security architecture -- EPS authentication and key agreement -- EPS protection for signalling user data -- Security in Intra-LTE state transitions and mobility -- EPS cryptographic algorithms -- Interworking security between EPS and other systems -- Security for voice over LTE -- Security for home base station deployment -- Relay node security -- Security for machine-type communications -- Future challenges.
Holdings
Item type Current library Call number Status Date due Barcode
Standard Loan Moylish Library Main Collection 621.3845 FOR (Browse shelf(Opens below)) Available 39002100480095

Enhanced descriptions from Syndetics:

A concise, updated guide to the 3GPP LTE Security Standardization specifications

A welcome Revised Edition of the successful LTE Security addressing the security architecture for SAE/LTE, which is based on elements of the security architectures for GSM and 3G, but which needed a major redesign due to the significantly increased complexity, and different architectural and business requirements of fourth generation systems. The authors explain in detail the security mechanisms employed to meet these requirements. The specifications generated by standardization bodies only inform about how to implement the system (and this only to the extent required for interoperability), but almost never inform readers about why things are done the way they are. Furthermore, specifications tend to be readable only for a small group of experts and lack the context of the broader picture. The book fills this gap by providing first hand information from insiders who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP, and can therefore explain the rationale for design decisions in this area.

A concise, fully updated guide to the 3GPP LTE Security Standardization specifications Describes the essential elements of LTE and SAE Security, written by leading experts who participated in decisively shaping SAE/LTE security in the relevant standardization body, 3GPP Explains the rationale behind the standards specifications giving readers a broader understanding of the context to these specifications Includes new chapters covering 3GPP work on system enhancements for MTC, plus application layer security in ETSI TC M2M and embedded smart card in ETSI SCP; Security for Machine-type Communication, Relay Node Security, and Future Challenges, including Voice over LTE, MTC, Home base stations, LIPA/SIPTO, and New Cryptographic Algorithms

Essential reading for System engineers, developers and people in technical sales working in the area of LTE and LTE security, communication engineers and software developers in mobile communication field.

Previous ed.: 2011.

Includes bibliographical references (p. [327]-336) and index.

Overview of the book -- Background -- GSM security -- Third-generation security (UMTS) -- 3G-WLAN interworking -- EPS security architecture -- EPS authentication and key agreement -- EPS protection for signalling user data -- Security in Intra-LTE state transitions and mobility -- EPS cryptographic algorithms -- Interworking security between EPS and other systems -- Security for voice over LTE -- Security for home base station deployment -- Relay node security -- Security for machine-type communications -- Future challenges.

Table of contents provided by Syndetics

  • Preface (p. xiii)
  • Foreword to the First Edition (p. xv)
  • Acknowledgements (p. xix)
  • Copyright Acknowledgements (p. xix)
  • 1 Overview of the Book (p. 1)
  • 2 Background (p. 5)
  • 2.1 Evolution of Cellular Systems (p. 5)
  • 2.1.1 Third-Generation Network Architecture (p. 6)
  • 2.1.2 Important Elements of the 3G Architecture (p. 7)
  • 2.1.3 Functions and Protocols in the 3GPP System (p. 8)
  • 2.1.4 The EPS System (p. 9)
  • 2.2 Basic Security Concepts (p. 10)
  • 2.2.7 Information Security (p. 10)
  • 2.2.2 Design Principles (p. 11)
  • 2.2.3 Communication Security Features (p. 12)
  • 2.3 Basic Cryptographic Concepts (p. 13)
  • 2.5.7 Cryptographic Functions (p. 14)
  • 2.3.2 Securing Systems with Cryptographic Methods (p. 16)
  • 2.3.3 Symmetric Encryption Methods (p. 17)
  • 2.3.4 Hash Functions (p. 18)
  • 2.3.5 Public-Key Cryptography and PKI (p. 19)
  • 2.3.6 Cryptanalysis (p. 20)
  • 2.4 Introduction to LTE Standardization (p. 21)
  • 2.4.7 Working Procedures in 3GPP (p. 22)
  • 2.5 Notes on Terminology and Specification Language (p. 26)
  • 2.5.7 Terminology (p. 26)
  • 2.5.2 Specification Language (p. 27)
  • 3 GSM Security (p. 29)
  • 3.1 Principles of GSM Security (p. 29)
  • 3.2 The Role of the SIM (p. 30)
  • 3.3 Mechanisms of GSM Security (p. 31)
  • 3.3.1 Subscriber Authentication in GSM (p. 32)
  • 3.3.2 GSM Encryption (p. 32)
  • 3.3.3 GPRS Encryption (p. 33)
  • 3.3.4 Subscriber Identity Confidentiality (p. 34)
  • 3.4 GSM Cryptographic Algorithms (p. 34)
  • 4 Third-Generation Security (UMTS) (p. 37)
  • 4.1 Principles of Third-Generation (3G) Security (p. 37)
  • 4.1.1 Elements of GSM Security Carried over to 3G (p. 37)
  • 4.1.2 Weaknesses in GSM Security (p. 38)
  • 4.1.3 Higher Level Objectives (p. 39)
  • 4.2 Third-Generation Security Mechanisms (p. 40)
  • 4.2.1 Authentication and Key Agreement (p. 40)
  • 4.2.2 Ciphering Mechanism (p. 45)
  • 4.2.3 Integrity Protection Mechanism (p. 46)
  • 4.2.4 Identity Confidentiality Mechanism (p. 48)
  • 4.3 Third-Generation Cryptographic Algorithms (p. 49)
  • 4.3.1 KASUMI (p. 50)
  • 4.3.2 UEA1 and UIA1 (p. 51)
  • 4.3.3 SNOW3G, UEA2 and UIA2 (p. 51)
  • 4.3.4 MILENAGE (p. 54)
  • 4.3.5 Hash Functions (p. 54)
  • 4.4 Interworking between GSM and 3G Security (p. 55)
  • 4.4.1 Interworking Scenarios (p. 55)
  • 4.4.2 Cases with SIM (p. 56)
  • 4.4.3 Cases with USIM (p. 57)
  • 4.4.4 Handovers between GSM and 3G (p. 58)
  • 4.5 Network Domain Security (p. 59)
  • 4.5.1 Generic Security Domain Framework (p. 59)
  • 4.5.2 Security Mechanisms for NDS (p. 62)
  • 4.5.3 Application of NDS (p. 64)
  • 4.6 Architectures with RNCs in Exposed Locations (p. 65)
  • 5 3G-WLAN Interworking (p. 67)
  • 5.1 Principles of 3G-WLAN Interworking (p. 67)
  • 5.1.1 The General Idea (p. 67)
  • 5.1.2 The EAP Framework (p. 69)
  • 5.1.3 Overview of EAP-AKA (p. 72)
  • 5.2 Security Mechanisms of 3G-WLAN Interworking (p. 75)
  • 5.2.1 Reference Model for 3G- WLAN Interworking (p. 75)
  • 5.2.2 Security Mechanisms of WLAN Direct IP Access (p. 76)
  • 5.2.3 Security Mechanisms of WLAN 3GPP IP Access (p. 78)
  • 5.3 Cryptographic Algorithms for 3G-WLAN Interworking (p. 81)
  • 6 EPS Security Architecture (p. 83)
  • 6.1 Overview and Relevant Specifications (p. 83)
  • 6.1.1 Need for Security Standardization (p. 85)
  • 6.1.2 Relevant Nonsecurity Specifications (p. 87)
  • 6.1.3 Security Specifications for EPS (p. 88)
  • 6.2 Requirements and Features of EPS Security (p. 89)
  • 6.2.1 Threats against EPS (p. 90)
  • 6.2.2 EPS Security Features (p. 91)
  • 6.2.3 How the Features Meet the Requirements (p. 95)
  • 6.3 Design Decisions for EPS Security (p. 97)
  • 6.4 Platform Security for Base Stations (p. 103)
  • 6.4.1 General Security Considerations (p. 103)
  • 6.4.2 Specification of Platform Security (p. 103)
  • 6.4.3 Exposed Position and Threats (p. 103)
  • 6.4.4 Security Requirements (p. 104)
  • 7 EPS Authentication and Key Agreement (p. 109)
  • 7.1 Identification (p. 109)
  • 7.1.1 User Identity Confidentiality (p. 110)
  • 7.1.2 Terminal Identity Confidentiality (p. 111)
  • 7.2 The EPS Authentication and Key Agreement Procedure (p. 112)
  • 7.2.1 Goals and Prerequisites of EPS AKA (p. 112)
  • 7.2.2 Distribution of EPS Authentication Vectors from HSS to MME (p. 114)
  • 7.2.3 Mutual Authentication and Establishment of a Shared Key between the Serving Network and the UE (p. 118)
  • 7.2.4 Distribution of Authentication Data inside and between Serving Networks (p. 122)
  • 7.3 Key Hierarchy (p. 123)
  • 7.3.1 Key Derivations (p. 124)
  • 7.3.2 Purpose of the Keys in the Hierarchy (p. 125)
  • 7.3.3 Cryptographic Key Separation (p. 127)
  • 7.3.4 Key Renewal (p. 128)
  • 7.4 Security Contexts (p. 129)
  • 7.4.1 EPS Security Context (p. 129)
  • 7.4.2 EPS NAS Security Context (p. 130)
  • 7.4.3 UE Security Capabilities (p. 130)
  • 7.4.4 EPS AS Security Context (p. 130)
  • 7.4.5 Native versus Mapped Contexts (p. 130)
  • 7.4.6 Current versus Non-current Contexts (p. 131)
  • 7.4.7 Key Identification (p. 131)
  • 7.4.8 EPS Security Context Storage (p. 131)
  • 7.4.9 EPS Security Context Transfer (p. 132)
  • 8 EPS Protection for Signalling and User Data (p. 133)
  • 8.1 Security Algorithms Negotiation (p. 133)
  • 8.1.1 Mobility Management Entities (p. 134)
  • 8.1.2 Base Stations (p. 135)
  • 8.2 NAS Signalling Protection (p. 136)
  • 8.2.1 NAS Security Mode Command Procedure (p. 136)
  • 8.2.2 NAS Signalling Protection (p. 137)
  • 8.3 AS Signalling and User Data Protection (p. 138)
  • 8.3.1 AS Security Mode Command Procedure (p. 138)
  • 8.3.2 RRC Signalling and User Plane Protection (p. 138)
  • 8.3.3 RRC Connection Re-establishment (p. 140)
  • 8.4 Security on Network Interfaces (p. 141)
  • 8.4.1 Application of NDS to EPS (p. 141)
  • 8.4.2 Security for Network Interfaces of Base Stations (p. 142)
  • 8.5 Certificate Enrolment for Base Stations (p. 143)
  • 8.5.1 Enrolment Scenario (p. 143)
  • 8.5.2 Enrolment Principles (p. 144)
  • 8.5.3 Enrolment Architecture (p. 147)
  • 8.5.4 CMPv2 Protocol and Certificate Profiles (p. 148)
  • 8.5.5 CMPv2 Transport (p. 149)
  • 8.5.6 Example Enrolment Procedure (p. 150)
  • 8.6 Emergency Call Handling (p. 151)
  • 8.6.1 Emergency Calls with NAS and AS Security Contexts in Place (p. 153)
  • 8.6.2 Emergency Calls without NAS and AS Security Contexts (p. 153)
  • 8.6.3 Continuation of the Emergency Call When Authentication Fails (p. 154)
  • 9 Security in Intra-LTE State Transitions and Mobility (p. 155)
  • 9.1 Transitions to and from Registered State (p. 156)
  • 9.1.1 Registration (p. 156)
  • 9.1.2 Deregistration (p. 156)
  • 9.2 Transitions between Idle and Connected States (p. 157)
  • 9.2.1 Connection Initiation (p. 158)
  • 9.2.2 Back to Idle State (p. 158)
  • 9.3 Idle State Mobility (p. 158)
  • 9.4 Handover (p. 161)
  • 9.4.1 Handover Key Management Requirements Background (p. 161)
  • 9.4.2 Handover Keying Mechanisms Background (p. 162)
  • 9.4.3 LTE Key Handling in Handover (p. 166)
  • 9.4.4 Multiple Target Cell Preparations (p. 168)
  • 9.5 Key Change on the Fly (p. 169)
  • 9.5.1 K eN B Rekeying (p. 169)
  • 9.5.2 K eN B Refresh (p. 169)
  • 9.5.3 NAS Key Rekeying (p. 170)
  • 9.6 Periodic Local Authentication Procedure (p. 170)
  • 9.7 Concurrent Run of Security Procedures (p. 171)
  • 10 EPS Cryptographic Algorithms (p. 175)
  • 10.1 Null Algorithms (p. 176)
  • 10.2 Ciphering Algorithms (p. 177)
  • 10.3 Integrity Algorithms (p. 180)
  • 10.4 Key Derivation Algorithms (p. 180)
  • 11 Interworking Security between EPS and Other Systems (p. 183)
  • 11.1 Interworking with GSM and 3G Networks (p. 183)
  • 11.1.1 Routing Area Update Procedure in UTRAN or GERAN (p. 186)
  • 11.1.2 Tracking Area Update Procedure in EPS (p. 187)
  • 11.1.3 Handover from EPS to 3G or GSM (p. 190)
  • 11.1.4 Handover from 3G or GSM to EPS (p. 191)
  • 11.2 Interworking with Non-3GPP Networks (p. 193)
  • 11.2.1 Principles of Interworking with Non-3GPP Networks (p. 193)
  • 11.2.2 Authentication and Key Agreement for Trusted Access (p. 201)
  • 11.2.3 Authentication and Key Agreement for Untrusted Access (p. 205)
  • 11.2.4 Security for Mobile IP Signalling (p. 208)
  • 11.2.5 Mobility between 3GPP and Non-3GPP Access Networks (p. 211)
  • 12 Security for Voice over LTE (p. 215)
  • 12.1 Methods for Providing Voice over LTE (p. 215)
  • 12.1.1 IMS over LTE (p. 216)
  • 12.1.2 Circuit Switched Fallback (CSFB) (p. 218)
  • 12.1.3 Single Radio Voice Call Continuity (SRVCC) (p. 218)
  • 12.2 Security Mechanisms for Voice over LTE (p. 220)
  • 12.2.1 Security for IMS over LTE (p. 220)
  • 72.2.1 Security for Circuit Switched Fallback (p. 228)
  • 12.2.1 Security for Single Radio Voice Call Continuity (p. 228)
  • 12.3 Rich Communication Suite and Voice over LTE (p. 230)
  • 13 Security for Home Base Station Deployment (p. 233)
  • 13.1 Security Architecture, Threats and Requirements (p. 234)
  • 13.1.1 Scenario (p. 234)
  • 13.1.2 Threats and Risks (p. 237)
  • 13.1.3 Requirements (p. 239)
  • 13.1.4 Security Architecture (p. 240)
  • 13.2 Security Features t (p. 241)
  • 13.2.1 Authentication (p. 241)
  • 13.2.2 Local Security (p. 243)
  • 13.2.3 Communications Security (p. 244)
  • 13.2.4 Location Verification and Time Synchronization (p. 244)
  • 13.3 Security Procedures Internal to the Home Base Station (p. 244)
  • 13.3.1 Secure Boot and Device Integrity Check (p. 245)
  • 13.3.2 Removal of Hosting Party Module (p. 245)
  • 13.3.3 Loss of Backhaul Link (p. 245)
  • 13.3.4 Secure Time Base (p. 246)
  • 13.3.5 Handling of Internal Transient Data (p. 246)
  • 13.4 Security Procedures between Home Base Station and Security Gateway (p. 247)
  • 13.4.1 Device Integrity Validation (p. 247)
  • 13.4.2 Device Authentication (p. 247)
  • 13.4.3 IKEv2 and Certificate Profiling (p. 250)
  • 13.4.4 Certificate Processing (p. 253)
  • 13.4.5 Combined Device-Hosting Party Authentication (p. 255)
  • 13.4.6 Authorization and Access Control (p. 256)
  • 13.4.7 IP sec Tunnel Establishment (p. 258)
  • 13.4.8 Verification of HeNB Identity and CSG Access (p. 258)
  • 13.4.9 Time Synchronization (p. 260)
  • 13.5 Security Aspects of Home Base Station Management (p. 261)
  • 13.5.1 Management Architecture (p. 261)
  • 13.5.2 Management and Provisioning during Manufacturing (p. 264)
  • 13.5.3 Preparation for Operator-Specific Deployment (p. 266)
  • 13.5.4 Relationships between HeNB Manufacturer and Operator (p. 267)
  • 13.5.5 Security Management in Operator Network (p. 267)
  • 13.5.6 Protection of Management Traffic (p. 268)
  • 13.5.7 Software Download (p. 270)
  • 13.5.8 Location Verification (p. 272)
  • 13.6 Closed Subscriber Groups and Emergency Gall Handling (p. 275)
  • 13.6.1 UE Access Control to HeNBs (p. 275)
  • 13.6.2 Emergency Calls (p. 276)
  • 13.7 Support for Subscriber Mobility (p. 277)
  • 13.7.1 Mobility Scenarios (p. 277)
  • 13.7.2 Direct Interfaces between HeNBs (p. 278)
  • 14 Relay Node Security (p. 281)
  • 14.1 Overview of Relay Node Architecture (p. 281)
  • 14.1.1 Basic Relay Node Architecture (p. 281)
  • 14.1.2 Phases for Start-Up of Relay Nodes (p. 283)
  • 14.2 Security Solution (p. 284)
  • 14.2.1 Security Concepts (p. 284)
  • 14.2.2 Security Procedures (p. 288)
  • 14.2.3 Security on the Un Interface (p. 290)
  • 14.2.4 USIM and Secure Channel Aspects (p. 290)
  • 14.2.5 Enrolment Procedures (p. 291)
  • 14.2.6 Handling of Subscription and Certificates (p. 291)
  • 15 Security for Machine-Type Communications (p. 293)
  • 15.1 Security for MTC at the Application Level (p. 294)
  • 15.1.1 MTC Security Framework (p. 295)
  • 15.1.2 Security (Kmr) Bootstrapping Options (p. 298)
  • 15.1.3 Connection (Kmc) and Application-Level Security Association (Kma) Establishment Procedures (p. 301)
  • 15.2 Security for MTC at the 3GPP Network Level (p. 301)
  • 15.2.1 3GPP System Improvements for MTC (p. 301)
  • 15.2.2 Security Related to 3GPP System Improvements for MTC (p. 303)
  • 15.3 Security for MTC at the Credential Management Level (p. 306)
  • 15.3.1 Trusted Platform in the Device (p. 307)
  • 15.3.2 Embedded UICC (p. 307)
  • 15.3.3 Remote Management of Credentials (p. 308)
  • 16 Future Challenges (p. 309)
  • 16.1 Near-Term Outlook (p. 309)
  • 16.1.1 Security for Relay Node Architectures (p. 309)
  • 16.1.2 Security for Interworking of 3GPP Networks and Fixed Broadband Networks (p. 310)
  • 16.1.3 Security for Voice over LTE (p. 310)
  • 16.1.4 Security for Machine-Type Communication (p. 311)
  • 16.1.5 Security for Home Base Stations (p. 311)
  • 16.1.6 New Cryptographic Algorithms (p. 312)
  • 16.1.7 Public Warning System (p. 313)
  • 16.1.8 Proximity Services (p. 314)
  • 16.2 Far-Term Outlook (p. 314)
  • Abbreviations (p. 319)
  • References (p. 327)
  • Index (p. 337)

Author notes provided by Syndetics

Dan Forsberg, Poplatek Oy, Finland
Dr. Dan Forsberg is currently a development manager at Poplatek Oy where he takes care of the payment terminals area and also works with payment card industry security. Earlier, Dan led the SAE/LTE security standardization work in Nokia. He was also nominated as one of the Nokia top inventors in 2007-2008. Dan started his Ph.D. studies while working in Nokia and has published several scientific papers in the area of "improving and distributing session key management for mobile networks". He joined Helsinki University of Technology in 2009 and finalized his PhD studies there before the end of 2009.

Günther Horn, Nokia Siemens Networks, Germany
Dr Horn is a senior standardization expert at Nokia Siemens Networks. The focus of his work is on the standardization of 3G and SAE/LTE security in the 3GPPP security group (SA3), of which he has been a member since it started in 1999.

Wolf-Dietrich Moeller, Nokia Siemens Networks, Germany
Wolf-Dietrich Moeller is a senior researcher with Nokia Siemens Networks.

Valtteri Niemi, University of Turku, Finland and Nokia Corporation, Finland
Dr Niemi is a Professor of Mathematics in University of Turku, Finland and also a Nokia Fellow, for which role he is based at the Nokia Research Center in Helsinki, Finland. Prof. Niemi's work has been on security and privacy issues of future mobile networks and terminals, the main emphasis being on cryptological aspects. He participated in the 3GPP SA3 (security) standardization group from the beginning, and during 2003-2009 he was the chairman of the group.

Powered by Koha