CDMA2000 Packet Data Network Evolution 2006.4.10 Huawei Technologies Co., Ltd. grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner's name any Organizational Partner's standards publication even though it may include all or portions of this contribution; and at the Organizational Partner's sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner's standards publication. Huawei Technologies Co., Ltd. is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by Huawei Technologies Co., Ltd. to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on Zhong Xin: [email protected]Wang Jie: [email protected]
24
Embed
CDMA2000 Packet Data Network Evolution 2006.4.10 Huawei Technologies Co., Ltd. grants a free, irrevocable license to 3GPP2 and its Organizational Partners.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CDMA2000 Packet Data Network EvolutionCDMA2000 Packet Data Network Evolution
2006.4.10
Huawei Technologies Co., Ltd. grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the
creation of 3GPP2 publications; to copyright and sell in Organizational Partner's name any Organizational Partner's standards publication even though it may include all or portions of this contribution; and at the
Organizational Partner's sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner's standards publication. Huawei Technologies Co., Ltd. is also willing to grant
licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.
This document has been prepared by Huawei Technologies Co., Ltd. to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal
on Huawei Technologies Co., Ltd.. Huawei Technologies Co., Ltd.. specifically reserves the right to amend or modify the material contained herein and to any intellectual property of Huawei Technologies Co., Ltd.. other than
U-plane ciphering and optional integrity protection. C-plane integrity protection and optionally ciphering.C-plane integrity protection and optionally ciphering between AT and RRM
C-plane security associations between AGW and RRM
14
HuaweiSecurity Association in networkSecurity Association in network
Each AT has a SA with AGW
protect User plane traffic of AT
protect signaling between AT and AGW
AGW can assign encrypted temporary ID to AT for preventing AT tracking
Each RRM has a SA with AGW
encrypt and integrity protect signaling between RRM and AGW
protect key( between AT and RRM ) transfer from AGW to RRM
Each AT has a shared key with specific RRM
Against fake RRM attack
integrity and optional encrypt protect signaling between RRM and AT
Note: If RLP is located in BTS, U-plane and C-plane protection is necessary between AT and BTS.
15
HuaweiKey Hierarchy Key Hierarchy
AT and AGW have the MSK (Master Session Key).
MSK is a result of authentication between AT and AAA-server (EAP-AKA etc.). AAA server transfers the MSK to AGW.
AGW derives RRM specific key (i.e. KAT_RRM) form MSK, RRM identity is involved in derivation. AGW can send multiple RRM identity to AT to enable AT computing multiple KAT_RRM simultaneously.
AGW sends KAT_RRM to RRM using SA between them.
Session key is shared between AT and AGW, and is derived from MSK also.
RRM a
BTS BTS
AT
AGW(RLP)
MSK
KAT_RRMa KAT_RRMb
Session key
RRM b
KAT_RRMa
MSK
Note: If RLP is located on BTS, AGW can derive KAT_BTS for BTS, and sends to RRM, then RRM forwards it to BTS.