Monthly Archives: March 2011

LTE Security Architecture

Posted on by

LTE security architecture defines the security mechanism for both NAS layer and AS layer. No HO related security is covered in this document.

LTE Security Distribution

NAS security

  • Carried out for NAS messages and belongs to the scope of UE and MME.
  • In this case NAS message communication between UE and MME are Integrity protected and Ciphered with extra NAS security header.

AS security

  • Carried out for RRC and user plane data and belongs to the scope of UE and eNB.
  • PDCP layer in UE and eNB side is responsible for the ciphering and integrity protection.
  • RRC messages are integrity protected and ciphered but U-Plane data is only ciphered.

Different Security algorithms (integrity/ciphering)

Integrity

  • “0000″ EIA0 Null Integrity Protection algorithm
  • “0001″ 128-EIA1 SNOW 3G
  • “0010″ 128-EIA2 AES

Ciphering

  • “0000″ EEA0 Null ciphering algorithm
  • “0001″ 128-EEA1 SNOW 3G based algorithm
  • “0010″ 128-EEA2 AES based algorithm

 

Pre Shared Keys

  • UE Security Key – Configured in operator’s DB in Authentication center and USIM.
  • AMF - Configured in operator’s DB in Authentication center and USIM.
  • OP – This is optional and configured in operator’s DB in Authentication center and USIM.

Generated Keys

  • SQN – It is the 4 Octet sequence no which should be refreshed each time NW tries to re authenticate the UE. It is generated as below.

    • SQN1-n = SEQ1-n || IND1-n
    SEQ is the Prefix with value in the range of 27 bits (0-2^27) and IND is the index of 5 bits (0-31).
    If 0 If IND=0, generate SEQ using random rules (ex – modular addition)

    Ex- SQN is generated using modular addition

    SQN 1 =SEQ || IND
    SQN 2 =SEQ+ 1 || IND
    SQN 3 =SEQ+ 2 || IND
    SQN 4 =SEQ+ 3 || IND
    SQN 5 =SEQ+ 4 || IND

  • RAND – It is the random no generated through some random no generation algorithm.

Derived Authentication vectors

  • IK – Is the integrity key generated with input (K, RAND)->f4->IK. It is generated at authentication center and USIM.
  • CK – It is the ciphering key generated with input (K, RAND)->f3->CK. It is generated at authentication center and USIM.
  • AK – It is the anonymity key generated with input (K, RAND)->f5->AK. It is generated only at authentication center.
  • XRES – Expected response generated with input (K, RAND)->f2->XRES. It is generated only at authentication center. Corresponding parameter RES is generated at USIM.
  • MAC - Message authentication code generated with input (K, SQN, RAND, AMF)->f1->MAC. It is generated only at authentication center. Corresponding parameter XMAC is generated at USIM.
  • AUTN - authentication token generated with AUTN = SQN * AK || AMF || MAC. It is generated only at authentication center.

When MME receives Attach Request from an UE to get the initial access to the network, MME send the authentication data request to AuC/HSS. After derivation of RAND, XRES, CK, IK, AUTN Authentication center combines them in to authentication vector (AV = RAND || XRES || CK || IK || AUTN) and sends it to MME with authentication data response.

Derived Keys

These keys are derived using the key derivation function (KDF) = HMAC-SHA-256 (Key, S) where

Key = Input key
Input string S = FC || P0 || L0 || P1 || L1 || P2 || L2 || P3 || L3 ||… || Pn || Ln
FC= function code
P0 = parameter 0
L0 = length of parameter 0

  • KASME – To calculate KASME following steps are required.

    • Key = CK||IK
    S = FC(0×10) || SN Id || Length of SN id || SQN  AK || length of SQN  AK
    KASME = HMAC-SHA-256 (Key, S)

  • KeNB - To calculate KeNB following steps are required.

    • Key = KASME
    S = FC(0×11) || UL NAS Count || Length of UL NAS Count
    KeNB = HMAC-SHA-256 (Key, S)

  • Algorithm Key generation function – It covers the derivation of Knas-int, Knas-enc, Krrc-int, Krrc-enc, Kup-enc.

    • Key = KASME/Kenb (KASME is for Knas-int, Knas-enc and KeNB is for Krrc-int, Krrc-enc, Kup-enc)
    S = FC(0×15) || algorithm type distinguisher || length of algorithm type distinguisher || algorithm identity || length of algorithm identity
    Knas-int/Knas-enc/Krrc-int/Krrc-enc/Kup-enc = HMAC-SHA-256 (Key, S)

State diagram for Authentication and key generation

Note: The above diagram shows only the messages related to the security.

Step-1

  • Attach request from UE.
  • MME requests for the authentication vectors related to that particular IMSI by sending Authentication Data Request.
  • AuC/HSS fetches the Pre shred keys (PSK) against IMSI and calculates the authentication vectors from PSK.
  • AuC/HSS sends back the AV with Authentication Data Response.

Step-2

  • MME retrieves IK, CK, XRES, RAND and AUTN from AV
  • MME sends AUTN and RAND with Authentication Request to UE.

Step-3

  • UE authenticates the NW by checking AUTN received
  • Then calculates IK, CK, RES, XMAC from UE Security key, AMF, (OP), AUTN and RAND as described above.
  • It sends the RES along with Authentication response.

Step-4

  • After receiving RES MME compares it with XRES if it matches then authentication is successful else MME Sends the Authentication failure to UE.
  • MME will reset the DL NAS count
  • Calculate KASME, KeNB, Knas-int, Knas-enc as described above.
  • Sends NAS Security mode command (integrity algo, ciphering algo, NAS key set ID, UE Security capability) with integrity protected but not ciphered, using Knas-inc.

Step-5

  • After receiving NAS Security Mode Command UE will calculate KASME, KeNB, Knas-int, Knas-enc as described above.
  • UE will send the NAS Security mode complete with integrity protected and ciphered.

Step-6

  • After receiving NAS security mode command from UE, MME Sends the KeNB to eNB with S1AP Initial Context Setup Request (Security key)

Step-7

  • After getting keNB eNB will calculate Krrc-int, Krrc-enc, Kup-enc from that as described above.
  • Then it will send RRC Security mode Command with AS integrity algo and AS ciphering algo.

Step-8

  • After receiving RRC security mode command UE will calculate Krrc-int, Krrc-enc, Kup-enc as described above.
  • UE will send RRC security mode complete to eNB

After all the above steps All the NAS and AS messages will be integrity protected and ciphered except user data which will be only ciphered.

Further Studies

LTE Security is very well described in LTE Security book by Günther Horn, Dan Forsberg, Wolf-Dietrich Moeller and Valtteri Niemi. This is a handy book with all the details related to security aspects of LTE.

Post your questions and suggestions in the comments section below for a healthy discussion on LTE Security.

Global System for Mobile Communication (GSM)

Posted on by
GSM (Global System for Mobile Communication) is open digital cellular technology used for transmitting voice and providing data services.
GSM supports voice traffic as well as data traffic in form of CSD (Circuit switched data) or HSCSD (High speed circuit switched data).

Network Architecture

GSM network is logically divided in two parts Access network (AN) and Core Network (CN). Access network deals with communication of Mobile handset with the network over radio interface and Core networks deals with routing of the call within same network or to another network like PSTN.

Network Architecture for GSM is hierarchical i.e. 1 BSC (Base station controller) handles multiple BTS (Base Transceiver Station), 1 MSC (Mobile-service switching centre) handles multiple BSC.

Various entities and their functionality is described in following section

  • Core Netowrk
    • MSC (Mobile-service switching centre):MSC acts as interface between radio network and fixed network. MSC acts as exchange which performs all switching and signalling functions for mobile stations located in MSC area i.e. MS attached to one of the BTS handled by particular MSC. MSC is also responsible for location registration and handover procedures for mobile stations.
    • VLR (Visitor Location Register): A mobile station roaming in an MSC area is controlled by the Visitor Location Register in charge of this area. When a Mobile Station (MS) enters a new location area it starts a registration procedure. The MSC in charge of that area notices this registration and transfers to the Visitor Location Register the identity of the location area where the MS is situated. If this MS is no yet registered, the VLR and the HLR exchange information to allow the proper handling of calls involving the MS. A VLR may be in charge of one or several MSC areas.
    • HLR(Home Location Register): This functional entity is a data base in charge of the management of mobile subscribers. A PLMN may contain one or several HLRs: it depends on the number of mobile subscribers, on the capacity of the equipment and on the organisation of the network. The following kinds of information are stored there:
      • the subscription information;
      • some location information enabling the charging and routing of calls towards the MSC where the MS is registered(e.g. the MS Roaming Number, the VLR Number, the MSC Number, the Local MS Identity).
    • AuC(Authentication Centre): AuC is associated with an HLR, and stores an identity key for each mobile subscriber registered with the associated HLR. This key is used to generate:
      • data which are used to authenticate the International Mobile Subscriber Identity (IMSI);
      • a key used to cipher communication over the radio path between the mobile station and the network.
    • EIR(Equipment Identity Register): This functional entity contains one or several databases which store(s) the IMEIs used in the GSM system.The mobile equipment may be classified as “white listed”, “grey listed” and “black listed” and therefore may be stored in three separate lists.
    • GMSC(Gateway MSC): If a network, delivering a call to the PLMN cannot interrogate the HLR, the call is routed to an MSC. This MSC will interrogate the appropriate HLR and then route the call to the MSC where the mobile station is located. The MSC which performs the routing function to the actual location of the MS is called the Gateway MSC (GMSC).
  • Access Network
    • BTS(Base Transceiver Station): A BTS is a network component which serves one cell. BTS is responsible for communication over radio interface with Mobile Station.
    • BSC(Base Station Controller): A BSC is a network component in the PLMN with the functions for control of one or more BTS. BSC is responsible for radio resource management and handovers of mobile station from BTS to BTS.

Radio Frequency Bands

Frequency bands used by GSM are as follows

T-GSM 380 band 380,2 MHz to 389,8 MHz: Uplink
390,2 MHz to 399,8 MHz Downlink
T-GSM 410 band 410,2 MHz to 419,8 MHz: Uplink
420,2 MHz to 429,8 MHz Downlink
GSM 450 band 450,4 – 457,6 MHz: Uplink
460,4 – 467,6 MHz: Downlink
GSM 480 band 478,8 – 486 MHz: Uplink
488,8 – 496 MHz: Downlink
GSM 710 band 728 – 746 MHz: Downlink
698 – 716 MHz: Uplink
GSM 750 band 777 – 793 MHz: Uplink
747 – 763 MHz: Downlink
T-GSM 810 band 806 – 821 MHz: Uplink
851 – 866 MHz: Downlink
GSM 850 band 824 – 849 MHz: Uplink
869 – 894 MHz: Downlink
Primary GSM 900 band 890 915 MHz: Uplink
935 960 MHz: Downlink
E-GSM 900 band 880 915 MHz: Uplink
925 960 MHz: Downlink
R-GSM 900 band 876 915 MHz: Uplink
921 960 MHz: Downlink
DCS 1800 band 1710-1785 MHz: Uplink
1805-1880 MHz: Downlink
PCS 1900 band 1850-1910 MHz: Uplink
1930-1990 MHz: Downlink

RF channel spacing in GSM is 200 kHz, allowing for 41 (T-GSM 380), 41 (T-GSM 410), 35 (GSM 450), 35 (GSM 480), 89 (GSM 710), 74 (GSM 750), 74 (T-GSM 810), 124 (GSM 850), 194 (GSM 900), 374 (DCS 1 800) and 299 (PCS 1900) radio frequency channels, thus leaving a guard band of 200 kHz at each end of the sub-bands.

Interfaces and Protocols

  • Um Interface
    • LAPDm
  • Abis Interface
    • RR
    • LAPD
  • A Interface
    • BSSMAP
    • SCCP
    • MTP
    • CC
    • MM
    • CM
  • B Interface
  • C Interface
    • MAP/C
    • SCCP
    • MTP
  • D Interface
    • MAP/D
    • SCCP
    • MTP
  • E Interface
    • MAP/E
    • SCCP
    • MTP
  • F Interface
    • MAP/F
    • SCCP
    • MTP
  • G Interface
    • MAP/G
    • SCCP
    • MTP

References

[1] 03.02 Cellular telecommunications system (Phase 2+); Network architecture
[2] 23.002 Technical Specification Group Services and System Aspects; Network architecture
[3] 45001 Technical Specification Group GSM/EDGE Radio Access Network; Physical layer on the radio path; General description

LTE UE Initial Access

Posted on by

UE Initial Access is the process between an UE is switched on and before sending UE specific signaling or data. The different steps for initial access are described below.

  • Cell Search and Selection
  • Receive System information
  • Random access procedure

Cell Search and Selection

In order to know the cell search and selection first we have to know the physical signals and Physical channels in downlink for cell search and selection.

  • Signals in downlink
    • Primary and secondary Synchronization signal
    • Cell Specific Down Link reference signal
  • LTE Downlink Physical Channels
    • Physical Broadcast Channel(PBCH): Provides essential system information(System Bandwidth)

LTE follows a hierarchical cell search, which means from primary and secondary synchronization signal it extracts the cell id and cell group id respectively. Then it combines both in a hierarchical manor to generate physical cell identity. For details about Physical hierarchy please follow the Note below
Note: Physical Cell id can be any no starting from 0-503. In order to manage this huge amount of cells, LTE has divided them in to 168 groups and in each group there can be 3 cells.
So Physical Cell ID = Cell Group ID * 3 + Cell ID

It may happen that UE is at the interference area of multiple cells; in that case UE may get multiple cell ids. In order to camp on a particular cell it has to decode cell specific reference signals.

Cell specific reference signal contains

  • Downlink channel estimation for coherent demodulation.
  • Channel Quality Indicator (CQI= QPSK/16 QAM/64 QAM depending on the signal strength).

Based on these parameters UE camps on a particular cell, and proceed to the next step “Receiving system information”

System Information Reception

After the cell selection now UE configures the BCCH-BCH channel and maps it on PBCH to receive Master Information Block (MIB).

Master Information Block (MIB)

  • Dl bandwidth
  • PHICH related information

After receiving MIB UE reconfigure the BCCH-DL-SCH channel and map it on PDSCH to receive System Information Block Type1 (SIB1).

System Information Block Type1 (SIB1)

  • PLMN Information
  • TAC
  • Physical Cell ID and specific info
  • Scheduling information of other System Information Blocks(SIB2, SIB3, SIB4….)

After receiving the SIB1 UE gets the scheduling information about other SIBs (In which sub-frame, the subsequent SIBs can be received). But the most important SIB block for basic call in LTE is SIB2. So UE reconfigures the BCCH-DL-SCH to receive the SIB2.

System Information Block 2(SIB2)

  • Common Channel Information
  • Random Access Channel Information
  • Random Access Preamble Info
  • HARQ info

Till now all the things that are happening is on down link. After Sib2 reception UE configures the Random Access Channel and Common shared channel and starts uplink synchronization using Random Access Procedure.

Random Access Procedure:

In LTE all the UE uses the same shared resources to get the initial access. So Random Access Procedure is always contention based. In this procedure UE get the initial UL grant to transmit UE specific UL packets for first time.

Random Access Preamble:

This is generated by MAC layer in uplink on RACH-PRACH. There are two possible groups defined group A and B from which one is optional. If both groups are configured, the size of message 3 and the path loss are used to determine preamble group. The group to which a preamble belongs provides an indication of the size of the message 3(RRC Connection req) and the radio conditions at the UE. The preamble group information and thresholds are already been received in system information block 2.

Random Access Response:

This is generated by MAC in downlink on DL-SCH-PDSCH. After sending the Random Access Preamble UE watches the RA-RNTI in PDCCH. From that it gets the information about the Random Access Response (in which sub frame it is arriving in PDSCH). This response carries the temporary C-RNTI assigned by the eNB and UL grant. C-RNTI is used for transmission and reception of UE specific UL and DL data.
Note: UL and DL transmission and scheduling can be discussed in some other post.

RRC Connection Request :

This is generated by RRC layer on CCCH-UL_SCH. This is called as message3 and first UE specific signalling from L3(RRC). This carries the UE specific identity. The UE identity can me Random or S-TMSI (if UE is already registered to the EPC and S-TMSI is with UE). It also carries the establishment cause.

MAC Contention Resolution:

This is generated by MAC on DL-SCH. It may happen that simultaneously more than one RRC connection request is received at eNB on same shared channel. So in order to separate out the UEs eNB uses the contention resolution much prior to the NAS based contention. Here LTE uses the timer based contention resolution. After receiving the message3 eNB schedules that request and send the information to the UE through MAC contention resolution message.

LTE References

For LTE check out LTE for UMTS: Evolution to LTE-Advanced and LTE Signaling: Troubleshooting and Optimization

Do you have some questions? Use the comment section below.