© 3GPP 2012
3GPP Security Update
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 1
© 3GPP 2012
© 3GPP 2013
Bengt Sahlin
3GPP TSG SA WG3 ChairmanEricsson Research NomadicLab
© 3GPP 2012
Outline
About SA3
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 2
© 3GPP 2012
© 3GPP 2013
About SA3
Security work in Rel-11
Ongoing security work in Rel-12
© 3GPP 2012
3GPP TSG SA WG3 (Security)
The WG has the overall responsibility for security and
privacy in 3GPP systems
• performs analysis of potential threats to these systems
• determines the security and privacy requirements for 3GPP
systems
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 3
© 3GPP 2012
© 3GPP 2013
systems
• specifies the security architectures and protocols
• ensures the availability of cryptographic algorithms which
need to be part of the specifications
© 3GPP 2012
SA3 Document Statistics 2010 -
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 4
© 3GPP 2012
© 3GPP 2013
© 3GPP 2012
Security Work in Rel-11
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 5
© 3GPP 2012
© 3GPP 2013
Stage 2 frozen in March 2012
© 3GPP 2012
Machine Type Communication Security
MTC
Application
Server
CDF/ CGF
SMS-SC/GMSC/IWMSC
SMETsms
Tsp
Gi/SGi
T4
IP-SM
GWLegacy SMS
infrastructure
Internet
Trigger SMS
filtering
Trigger SMS
filtering
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 6
© 3GPP 2012
© 3GPP 2013
RAN
MSCMTC UE
MTC
Application
Server
MME
SGSN
S-GW
GGSN / P-GW
Gi/SGi
Control planeUser planeUm
/Uu
/LTE Uu
MTC
application
Home PLMN
Visited PLMN
MTC – Machine Type Communications
© 3GPP 2012
SSO Applications Security for IMS: GBA
Digest
HSS
BSF
Zh Zn
NAF SLF
Dz
For use in environments where a
UICC or SIM card is not available to
the subscriber
Differences from AKA-based GBA
• mutual authentication procedures
between the UE and the BSF
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 7
© 3GPP 2012
© 3GPP 2013
UE
Ua Ub
GBA
GAA
TLS
HTTP
digest
• UE authenticated with SIP Digest
Credentials using HTTP Digest
• BSF authenticated by TLS server
certificate
• Authentication process protected by a
TLS tunnel
• same key derivation function as
for AKA-based GBA, but different
input parameters
• TLS Master Key used in these
derivations
© 3GPP 2012
EEA3 and EIA3
New integrity and confidentiality algorithms for LTE• based on ZUC
• optional to implement in UEs and eNBs
• specifications found at:
• http://gsmworld.com/our-work/programmes-and-
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 8
© 3GPP 2012
© 3GPP 2013
• http://gsmworld.com/our-work/programmes-and-initiatives/fraud-and-security/gsm_security_algorithms.htm#nav-
General structure of ZUC
© 3GPP 2012
Other Areas
H(e)NB security features for UE mobility scenarios
• - Support of UE mobility scenarios utilizing direct interface between
H(e)NB and H(e)NB
Work on Minimization of Drive Tests (MDT) privacy
Generic security corrections
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 9
© 3GPP 2012
© 3GPP 2013
Corrections to earlier releases
Study on UTRAN Key Hierarchy Enhancements
• TR 33.859 completed
Unsolicited Communication for IMS
• TR 33.838 completed
Study on IMS P2P security
• TR 33.844 completed
© 3GPP 2012
Rel-12
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 10
© 3GPP 2012
© 3GPP 2013
© 3GPP 2012
Architecture: Key Strategic Areas
prioritized for Rel-12
1 New business opportunities in the following areas
• Public Safety and Critical Communications
• Group Communications
• Proximity Services, including both Public Safety and Commercial aspects
• Machine Type Communications
• UE Power Consumption, Small Data and Device Triggering
2 WiFi integration
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 11
© 3GPP 2012
© 3GPP 2013
2 WiFi integration
• Network Selection aspects
• S2a Mobility with GTP for WLAN
• Optimized Offloading to WLAN in 3GPP-RAT mobility
3 System capacity and stability
• User Plane congestion
• Core Network Overload
Security work needed for these areas handled by SA3
© 3GPP 2012
Extended IMS Media Plane Security
Support for real-time
media in Rel-9
Current work on security
for:
• IMS Messaging, and in IMS signalling and media plane entities relevant to e2ae security
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 12
© 3GPP 2012
© 3GPP 2013
• IMS Messaging, and in
particular MSRP/TCP
based media
• IMS Conferencing
• Communications diversion
Reference model for key management for the KMS based solution
© 3GPP 2012
Public Warning System (PWS) Security
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 13
© 3GPP 2012
© 3GPP 2013
Objective to provide security for PWS
• Availability, integrity and authentication of the warning
messages
Work still ongoing
© 3GPP 2012
Tunnelling of UE Services over
Restrictive Access Networks
The objective of this work
item is to provide stage-2
specifications to meet the
service requirements for IMS
and PLMN IP based traffic
over restrictive access
Some examples of candidate solutions (draft TR 33.830)
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 14
© 3GPP 2012
© 3GPP 2013
over restrictive access
networks
Study work on IMS part
started in November 2011
Work item approved in
December 2012
© 3GPP 2012
Study Item on Security Assurance
Methodology for 3GPP Network
ElementsConsensus that 3GPP needs to look into the area of
security assurance
SA3 tasked to lead the work
Study ongoing for choosing a methodology to
progress the work
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 15
© 3GPP 2012
© 3GPP 2013
progress the work
• Started in November 2012
© 3GPP 2012
Other Studies
Close to completion
• Security enhancements for usage of GBA from the browser
Ongoing
• Study on Security aspects of Integration of Single Sign-On
(SSO) frameworks with 3GPP networks
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 16
© 3GPP 2012
© 3GPP 2013
(SSO) frameworks with 3GPP networks
• Security Study on Spoofed Call Detection and Prevention
© 3GPP 2012
Thank You !
8 t h E T S I S e c u r i t y W o r k s h o p , 1 6 - 1 7
J A N U A R Y 2 0 1 3 17
© 3GPP 2012
© 3GPP 2013
www.3gpp.org
More
Information
about 3GPP: