Chng 9
AN NINH TRONG 4G LTE/SAE
Cc ch c trnh by trong chng ny bao gm:
An ninh ca ngi s dng trong EPS
An ninh trong chuyn giao
Cc th tc an ninh khi UE khi xng kt ni n EPS
Th tc an ninh mng truy nhp khng phi 3GPP
Tng kt cc th tc an ninh v to kha trong EPS
An ninh min mng
. An ninh ca ngi s dng LTE trong IMS
Mc ch chng nhm cung cp cho sinh vin cc kin thc v an ninh trong
mng 4G LTE bao gm: giao din v tuyn, mng li v IMS.
hiu c chng ny sinh vin cn c k t liu c trnh by trong chng,
tham kho thm cc ti liu [35] , [42]
307
LTE-Uu
PCRF
Gx
Gxc
TE
S1-U
eNodeB
P-GW
S-GW
S5/S8
ME
Cu
Rx
X2
MME
eNodeB
USIM
SAE GW
S11
SGi
Mng
ngoi: cc
dch v ca
nh khai
thc (IMS)
v Internet
HSS
S6a
S1-MME
S10
NAS
UE
E-UTRAN
EPC
Cc dch v
E-UTRAN: Evolved UMTS Terrestrial Radio Access Network: Mng truy nhp v tuyn UMTS pht trin, EPC: Evolved Packet
Core: Li gi pht trin, MME: Mobility Management Entity: Thc th qun l di ng, SAE: System Architecture Evolution: Pht
trin kin trc h thng, PCRF: Policy and Charging Rules Function: chc nng cc quy tc tnh cc v chnh sch, HSS: Home
Subsscriber Server: Server thu bao nh, S-GW: Serving Gateway: Cng phc v, P-GW: Packet Data Network Gateway: Cng
mng s liu gi
SAE-GW: SAE Gateway: Cng SAE. IMS: IP Multimedia Subbsystem: Phn h a phng tin IP
NAS: Non Access Stratum: tng khng truy nhp. AS: Access Stratum: tng truy nhp. RRC: Radio Resource Control: iu khin
ti nguyn v tuyn, UP: User Plane: mt phng ngi s dng
Hnh 9.1. Kin trc h thng cho mng 4G LTE/SAE ch cho EUTRAN ca
LTE.
Hnh 9.1 cho thy kin trc bao gm bn min chnh: (1) thit b ngi s
dng (UE: User Equipment), (2) mng truy nhp v tuyn UMTS pht trin (EUTRAN), (3) mng li gi pht trin (EPC) v (4) min cc dch v.
Cc min kin trc mc cao c chc nng ging nh cc chc nng hin
c trong cc h thng 3GPP. Pht trin kin trc mi ch yu tp trung ln mng
truy nhp v tuyn v mng li: E-UTRAN v EPC. Cc min UE v dch v
khng i v mt kin trc.
UE, E-UTRAN v EPC cng nhau th hin lp kt ni giao thc internet
(IP). Phn ny cng cn c gi l H thng gi pht trin (EPS: Evolved Packet
System). Chc nng chnh ca lp ny l cung cp kt ni da trn IP. Tt c cc
dch v u c cung cp trn nh IP. Cc cng ngh IP cng l cc cng ngh
ng tr trong truyn ti, ti y tt c u c thit k hot ng trn nh ca
truyn ti IP.
Cng SAE GW bao gm hai cng: (1) cng phc v (Serving Gateway) v
cng mng s liu gi (P-GW) c nh ngha x l mt phng ngi s dng
(UP) trong EPC. Cng c th thc hin chng chung nh l mt SAE-GW, nhng
chng cng c th hot ng tch bit v ni vi nhau qua mt giao din chun.
308
Hnh 9.2 cho thy kin trc IMS (IP Multimedia Subsystem: phn h a
phng tin IP) s dng cho LTE/SAE trong cc CSCF (Connection State
Control Function: Chc nng iu khin trng thi kt ni) ng vai tr ht nhn.
Cc CSCF bao gm:
S-CSCF (Serving CSCF: CSCF phc v) c t trong mng nh ca ngi
s dng, chu trch nhim ng k UE v duy tr trng thi phin.
-CSCF (Intrrogating-CSCF: CSCF hi) c t ti bin ca mng nh, chu
trch nhim tm trng thi ng k ca UE v hoc n nh mt S-CSCF mi
hoc nh tuyn n S-CSCF hin c
P-CSCF (Proxy CSCF: CSCF i din) l nt IMS gn nht m UE tng tc,
chu trch nhim cho tt cc chc nng lin quan n iu khin lp kt ni IP
(EPS).
309
IMS
Cc phn t dch v
AS
MRFC
MRFP
Mb
Mp
ISC
Dh
Mr
Qun l phin v
nh tuyn
ISC,
Sh, Si Ma
Cx
IBCF
Mx
I-CSCF
Mi
Dx
SLF
Ix
IMS
MGW
Mn
AF
Gm
CS
MGCF
Mg
Izi
Min CS
Mj
Proxy
CSCF
Mb
Mk
BGCF
Mw
Cc c s
d liu
TrGW
Mx
Mw
Ut
Mm
Ici
Serving
CSCF
HSS
Cc phn t tng tc
Mb
Rx
SGi
EPC
P-GW
PCRF
Lp kt ni IP
EPS
Gx
S-CSCH (Serving CSCF: CSCF phc v), I-CSCF (Intrrogating-CSCF: CSCF hi),
P-CSCF (Proxy CSCF: CSCF i din), HSS (Home Subscriber Server: Server thu bao
nh), MRFC (Media Resource Function Controller: B iu khin chc nng ti nguyn),
BGCF (Breakout Gateway Control Function: Chc nng iu khin cng ni xuyn),
IBCF ( Interconnection Border Control Function: Chc nng iu khin bin gii kt ni),
TrGW (Transition Gateway: Cng chuyn tip), MGCF (Multimedia Gate Control
Function: Chc nng iu khin cng a phng tin), IMS-MGW (IMS Multimedia
Gate), AS (Application Server: server ng dng), AF (Application Function: chc nng
ng dng), SLF (Subscription Locator Function: Chc nng nh v thu bao), EPS:
Evolved Packet System: h thng gi pht trin)
310
311
MME
UE
eNodeB
S-GW
S11
S1-MME
S1-U
O&M
Bo mt v bo v ton
vn khi chuyn phn mm
Nhn thc tng h gia
eNode v O&M
312
ng dng/IP
NAS
RRC
PDCP
RLC/MAC/L1
im cui (UE l im
cui u kia) bo v b
mt , ton vn RRC v b
mt UP
Qun l cc kha AS
Khi xng an ninh UE AS
UE
AUC/
HSS
S6a
MME
eNodeB
S-GW
S11
S1-MME
S1-U
313
314
Cc kha
NAS
KASME
KeNB
AUC/HSS
MME
Kha gc AS
KeNB
Nhn thc v
tha thun
kha
(AKA)
Cc kha c rt ra AS
Bo v tnh ton vn SBR
Mt m ha SBR v DBR
Cc kha c rt ra cho
Bo v ton vn SBR
Mt m ha SBR v DBR
Cc kha
NAS
eNodeB
UE
Kha gc AS
KeNB
KASME
UE/USIM
315
K
USIM/AuC
CK/IK
KASME
UE/HSS
NAS (Non
Access
Stratum)
UE/MME
KNAS enc
KNAS int
KeNB
KUP enc
KRRC enc
KRRC int
AS
(Access
Stratum)
UE/eNodeB
NAS: Non Access Stratum: tng khng truy nhp
AS: Access Stratum: tng truy nhp
KASME: kha gc thc th qun l an ninh
Bo hiu NAS
KNASint
Ton vn
T S-GW
KNASenc
Mt m
S liu UP
Bo hiu RRC
T eNodeB
KRRCint
Ton vn
KRRCenc
Mt m
PDCP
KUPenc
Mt m
00012
128-EEA1
SNOW 3G
00192
128-EEA2
AES
Cc EIA (EPS Integrity Algorithm: gii thut ton vn EPS) c c t
trong 3GPP 33.401. Mi gii thut c gn mt nhn dng 4 bit cng vi kha
128 bit u vo nh sau:
00012
128-EIA1
SNOW 3G
00192
128-EIA2
AES
9.3. AN NINH TRONG CHUYN GIAO
Lp t eNodeB ti mt v tr ngoi tri dn n ri do t s truy nhp ca
nhng k khng c php, nn cn mt gii php an ninh tng ng. V th khi
nim an ninh trc c a vo LTE. Khi nim ny nh sau, khng cn KASME ,
thm ch ch cn KeNB chia s gia UE v eNodeB hin thi, bng tnh ton phc
tp c th ngn chn k xu on c KeNB tng lai s c s dng gia UE
v eNodeB tng lai m UE s u ni n. V th mt m s khng b ph. M
hnh cho truyn dn kha khi chuyn giao c trnh by trn hnh 9.9.
PCI
EARFCN-DL
KASME
KeNB
KeNB
(ban u)
PCI
EARFCN-DL
KeNB
KeNB
KeNB
KeNB
PCI
EARFCN-DL
NH
PCI
EARFCN-DL
PCI
EARFCN-DL
KeNB
KeNB
NH
NCC=1
KeNB
NCC=2
PCI
EARFCN-DL
PCI
EARFCN-DL
KeNB
KeNB
KeNB
KeNB
KeNB
KeNB
PCI
EARFCN-DL
NCC=0
KeNB
KeNB
319
320
S1-MME
UE
MME
S6
eNodeB
UE cn ng k mng
Tt c cc chi tit v UE v v
tuyn c gi i
Nhn dng UE c th c kim
tra bi mng
C th c bo v an ninh
SGW
HSS
Yu cunhp mng
S5
PGW
HSS thng bo UE nm
trong MME no
To lp tuyn n P-GW
P-GW n nh a ch IP
n nh
a ch IP
321
Sau SMC, cc kha mt m v ton ven cho NAS v AS c tnh ton. HSS
thng bo UE nm trong MME no, c th thit lp tuyn n P-GW v P-GW
nh a ch IP cho UE.
HSS
MME
Yu cu nhn thc
Tr li nhn thc
(IMSI)
So snh RES v
XRES
322
323
MME so snh RES v XRES nhn thc UE, nu ging nhau, th tc nhn
thc thnh cng, tri li MME t chi yu cu truy nhp.
Tnh ton cc thng s ca EPS AKA c m t trn hnh 9.12. Khi MME
bit c IMSI, n yu cu vect nhn thc t HSS/AUC. Da trn IMSI,
HSS/AUC tra cu kha K v mt s trnh t (SQN: Sequence Nember) i km vi
IMSI. AUC tng mt bc SQN v to ra mt h lnh ngu nhin (RAND:
Random Number: s ngu nhin). Nhn cc thng s ny cng vi kha K, cc
hm mt m to ra EPS AV, AV bao gm nm thng s: XRES (tr li k vng),
th nhn thc mng (AUTN) hai kha CK (Ciphering Key: kha mt m) v IK
(Integrity Key: kha ton vn) cng vi RAND.
i vi E-UTRAN tuy nhin CK v IK khng c gi n MME. Thay
vo , HSS/AUC tao ra mt kha mi KASME da trn cc kha CK, IK v cc
thng s khc, chng hn SNID (Seving Network Identity: nhn dng mng phc
vu). SNID gm MCC (Mobile Country Code: m nc di ng) v MNC (Mobile
Network Code: m mng di ng). S dng SNID m bo rng kha c rt
ra t mng phc v khng th s dng trong cc mng khc. Nhn thc tng h
c thc hin bng cch s dng cc thng s RAN, AUTN v XRES. Nhng
ch RAND v AUTN l c gi n UE (hnh 9.13a).
HSS/AUC
MME
IMSI
SQN
LTE K
RAND
Cc hm mt m
XRES
IMSI
AUTNHSS CK
IK
RAND
SQN SNID
KDF
KASME
IMSI: International Mobile Subsscriber Identity: s nhn dng thu bao di ng quc t
SNID (=MCC+MNC): Serving Network Identity: s nhn dng mng phc v
MCC: Mobile Country Code: m nhn dng nc di ng
MNC: Mobile Network Code: m nhn dng mng di ng
KDF: Key Derivation function: hm rt ra kha
Hnh 9.12. Tnh ton cc thng s cho EPS AV trong qu trnh AKA.
324
UE
RAND
AUTNHSS, RAND
AUTNHSS
USIM
(vi LTE K)
RES
RES
CK
IK
IMSI
SQN SNID
KDF
KASME
UE s dng KASME tnh ton cc
kha b sung
LTE K
RAND
MME
RES
AUTNHSS
Cc hm mt m
RES
IMSI
AUTNUE CK
IK
RAND
=?
=?
SQN SNID
KDF
XRES
AUTNUE
KASME
UE (USIM)
eNodeB
MME
Chn cc gii thut
u tin cao nht
Bt u gii
mt m/ mt
m NAS
NAS EEA: NAS E-UTRAN Encryption Algorithm: gii thut mt m E-UTRAN NAS,
NAS EIA: E-UTRAN Integrity Algorithm: gii thut ton vn E-UTRAN NAS, IMEI:
International Mobile Equipement Identity: s nhn dng thit b quc t, NONCEue v
NONCEmme: cc s ngu nhin nhn thc gia UE v MME, NAS-MAC: (NASMessage Authetication Code: m nhn thc bn tin). eKSI ch th KASME hin thi..
Hnh 9.14. NAS SMC (Non Access Stratum Security Mode Command: lnh ch
an ninh tng khng truy nhp): la chn gii thut ton vn v tnh ton cc kha
cho NAS.
UE
MME
eNodeB
Thit lp ng cnh an ninh UE AS
Cc kh nng UE c gi n MME
trong qu trnh thit lp kt ni cng vi
gi tri START. Gi tr ny c thng bo
li cho UE c bo v ton vn. UE tr
li li cng gi tri c bo v ton vn.
Tt c trong NAS
Bt u gii mt m
ha RRC/UP
Hnh 9.15. AS SMC (Access Stratum Security Mode Command: lnh ch an ninh
tng truy nhp): la chn gii thut ton vn v tnh ton cc kha cho AS.
kha mt m cho s liu (UP: mt phng ngi s dng): KUPenc. Lnh AS SMC
c bo v ton vn bng con du MAC-I (Message Authentication CodeIntegrity: m nhn thc bn tin-ton ven).
9.4.4. Tnh ton cc kha ton vn v mt m
EPS AKA m bo nhn thc, bo mt v ton vn cho mng LTE. Hnh
9.16 cho thy cc ID v cc thng s an ninh, cc kha tham gia nhn thc v bo
mt, ton vn i vi NAS v AS cho LTE.
HSS
IMSI. LTE K
MME
Bt buc
Ty chn
KNASint/KNASenc
mt m ha
eNodeB
KRRCint/KRRCenc KUPenc
Bo hiu RRC c:
bo v ton vn/
mt m ha
IMSI. LTE K
UE
Mt m ha mt
phng ngi s dng
KNASint/KNASSenc KRRCint/KRRCenc
KUPenc
328
COUNT
BEARER
KEY
LENGTH
BEARER
KEY
EEA
LENGTH
EEA
KEYSTREAM
BLOCK
PLAINTTEXT
BLOCK
DIRECTION
COUNT
KEYSTREAM
BLOCK
PLAINTTEXT
BLOCK
CIPHERTEXT
BLOCK
Sender
Receiver
b) Ton vn
COUNT
DIRECTION
BEARER
KEY
LENGTH
EIA
Sender
COUNT
MAC-I/NAS-MAC
DIRECTION
BEARER
KEY
LENGTH
EIA
Receiver XMAC-I/XNAS-MAC
COUNT: m. BEARER: knh mang; DRECTION: phng, LENGTH: di, KEY: kha, Sender: pht, Reciever:
thu, KEYSTREAM BLOCK: khi lung kha, PLAINTEXT BLOCK: khi vn bn th, CIPHERTEXT BLOCK: khi
vn bn mt m, MAC: Message Authentication Code: m nhn thc bn tin, XMAC: Expected MAC: m nhn thc
bn tin k vng. I: Integrity: ton vn, NAS: Non Access Security: an ninh tng khng truy nhp, Sender: my pht,
Receiver: my thu, EEA: EPS Encryption Algorithm: gii thut mt m EPS, EIA: EPS Integrity Algorithm: gii thut
ton vn EPS.
329
php nhn thc. Bn thn giao thc EAP rt ging vi UMTS AKA xt t gc
chc nng.
UE (USIM)
Wx
AAA server
HSS
So snh RES
v XRES
EAP thnh cng (cc kha)
Lu cc kha
330
331
eNodeB
UE
KASME
AUTNUE RES
Vect nhn thc AV=
(RAND, XRES, AUTN, KASME)
Nhn thc UE
(RES=XRES)
Chn gii thut /mt m /ton vn
Alg-ID, phn bit Alg
KASME
KDF
KDF
KNASint
KNASenc
LTE
K RAND SQN SN ID
2Thit lp an ninh
NAS
HSS
Yu cu nhp mng
(IMSI/GUTI, kh nng an ninh UE, KSIASME=1)
1 Nhn thc
MME
KNASenc
KNASint
3 Thit lp an ninh
AS
KDF
KeNB
KDF
KRRCenc. KRRCint
Bo hiu RRC c bo v
ton vn v mt m
KUPenc
KRRCenc. KRRCint
KUPenc
332
Zb
Zb
NE
A-2
Min an
ninh B
NE
B-1
Zb
SEG
A
Zb
Za
SEG
B
Zb
Zb
NE
B-2
Phin IKE
Lin kt an ninh ESP
333
Mt m
C
C
C
C
Ty chn
334
S liu
S liu
c mt m
c nhn thc
335
nhn thc v bo v tnh ton vn bng gii thut SHA-1 (bt buc i vi cc
mng 3GPP) hay MD5.
9.7.3. An ninh ng trc eNodeB
ng trc ni n eNode i hi an ninh cao hn v:
Vai tr ca eNodeB trong LTE mnh hn s vi NodeB trong 3G UMTS: LTE
eNodeB bao gm c NodeB v RNC
Vng ph cn m rng lin tc
Chia s h tng
V th khng th lun lun tin cy an ninh lp vt l ca eNodeB v cn phi bo
v lin kt ng trc tt hn. Cc yu cu sau y cng c p dng cho
eNodeB:
Giao thc an ninh: ESP [RFC 4303]
Ch an ninh: tunnel (bt buc) vi truyn ti (ty chn)
Phin bn IKE: IKEv2.
Hnh 9.23 cho thy tin hnh cp chng nhn an ninh cho eNodeB.
SEG
RC/CA
Chng nhn gc ca nh
cung cp thit b c ci
t trc
CMPv2
IPsec
Trm gc
V tuyn
UE
Nt chuyn
tip
V tuyn
ng trc
eNodeB
Mng li
IMS nh
AKA, RFC
3310
Tha thun an
ninh RFC
3329
IMS khch
Min gi
Mng nh
UE
ISIM
HSS
3
3
5
I-CSCF
4/5
UA
S-CSCF
Mng IP a
phng tin
4/5
Mng
khch/ nh
P-CSCF
Truyn ti
Truy nhp
min PS
Min PS
338
S-CSCF
IMS
Mt m/ton vn cho bo hiu SIP
P-CSCF
HSS
Cc vect nhn thc
EPS
MME
Mt m/ton vn NAS
Cung cp kha
Mt m/ton vn
eNodeB
Hnh 9.27. M hnh tng quan an ninh gia ngi s dng v mng v IMS
Ti EPS, trao i s liu gia UE v eNodeB c bo v bi cc c ch
mt m v ton vn (cho s liu ca ngi s dng cng nh bo hiu RRC).
MME s cung cp cc kha an ninh c s dng lm u vo cho cc c ch ny
cho eNodeB sau khi USIM (trong UE ) c MME nhn thc v MME c UE
nhn thc. Ngoi ra bo hiu NAS (Non Access Stratum: tng khng truy nhp)
gia UE v MME c mt m ha v c bo v ton vn bng cc kha ring
bit (iu ny khng c trong 3G UMTS. 3G UMTS ch bo v an ninh trn on
v tuyn gia UE v RNC).
Tng t ti mc IMS, bo hiu SIP c bo v bi cc c ch mt m v
ton vn da trn cc kha do S-SCSF cung cp sau khi thc hin nhn thc
tng h gia UE v S-SCSF. iu ny xy ra khi bo hiu SIP c trao i gia
339
340
UE (ISIM)
S-CSCF
P-CSCF
HSS
Tnh ton CK v IK
341
thut mt m v mt gii thut ton vn bng cch i chiu danh sch gii thut
m n h tr vi cc gii thut c gi n t UE. N gi cc la chn ny n
UE: SPI-P, Port-P, v danh sch gii thut ton vn v mt m trong bn tin SM6
ny.
SM7: REGISTER(Security-setup = SPI_U, Port_U, SPI_P, Port_P, P-CSCF
integrity and encryption algorithms list). UE tr li bng: SPI-U, SPI-U, SPI-P,
Port-P v danh sch gii thut bo v ton vn v bo mt ca P-CSCF s c s
dung.
SM8: REGISTER(Integrity-Protection = Successful, IMPI). Bn tin thng bo
thit lp SA thnh cng n S-CSCF gm c IMPI ( IP Multimedia Private
Identity: nhn dng ring a phng tin IP)
SM10: bn tin thng bo thnh cng t UE n P-CSCF
S-CSCF
P-CSCF
UE
(SM1) ng k
(SM2) ng k
(SM4) H lnh nhn thc 4xx
(SM6) H lnh nhn thc 4xx
(S7) ng k
(S8) ng k
(SM10) OK nhn thc 2xx
(SM12) OK nhn thc 2xx
344
P-CSCF
UE
ng k (SM1)
401 khng nhn thc (SM6)
RAND||AUTN
Port-Uc
ng k (SM7)
Tr li
OK (SM12)
Khng c bo v
Dc bo v bi cp SA1
c bo v bi cp SA2
Port-Ps
Invite (mi)
Port-Us
108 chung
200 OK
Port-Pc
9.9. TNG KT
H thng di ng th h bn LTE/SAE da trn thnh cng ca cc mng
GSM/GPRS, 3GUMTS v a ra cc tnh nng an ninh mi v tng cng ci
thin an ninh v bo v cc dch v mi m cc h thng thng tin di ng trc
khng th c.
c im cc tnh nng an ninh ca LTE/SAE nh sau:
An ninh mt phng ngi s dng kt cui ti eNodeB
Phn cp kha c m rng
Bao gm c tng tc vi cc mng khng phi 3GPP
Cc gii thut mt m da trn AES v SNOW 3G
Ngoi ra 3GPP cng ang c t mt s chun mi ra trn gii thut mt
m mnh hn.
An ninh truy nhp EPS c phn cha thnh NAS (Non Access Stratum: tng
truy nhp khng truy nhp) v AS (Acess Stratum: tng truy nhp). EPS a ra ba
loi bo v an ninh cho NAS v AS rt ging vi an ninh trong cc mng 3G
UMTS:
Mt m ha.
Ton vn.
Nhn thc tng h.
Cc c ch an ninh cho LTE c xy dng trn cc yu cu sau:
346
9.10. CU HI
1. Trnh by cc yu cu an ninh c bn i vi cc phn t v cc giao din
trong EPS
2. Trnh by cc chc nng an ninh trong cc mc giao thc
3. Trnh by cc chc nng an ninh trong cc phn t mng EPS
4. Trnh by m hnh to ra cc kha an ninh
5. Trnh by phn cp kha trong EPS
6. Trnh by s dng kha cho cc lung ng xung
7. Trnh by cc gii thut mt m v ton vn ca E-UTRAN
8. Trnh by m hnh cho truyn dn kha khi chuyn giao
9. Trnh by cc th tc an ninh khi UE khi xng kt ni n EPS
10. Trnh by th tc AKA
11. Trnh by tnh ton cc thng s cho EPS AV trong qu trnh AKA.
12. Trnh by qu trnh dn n la chn gii thut ton vn v tnh ton cc kha
cho NAS
13. Trnh by qu trnh dn n la chn gii thut ton vn v tnh ton cc kha
cho AS.
18. Trnh by kin trc min mng (NDS) cho cc mng da trn IP
19. Trnh by ESP
20. Trnh by qu trnh cp chng nhn an ninh cho eNodeB
21. Trnh by an ninh nt chuyn tip
22. Trnh by in trc an ninh IMS
23. Trnh by th tc an ninh khi UE truy nhp IMS
24. Trnh by th tc IMS AKA IMS
25. Trnh by thu nhn s liu nhn thc v nhn thc tng h IMS
26. Trnh by bo v bo mt v ton vn IMS
27. Trnh by lin kt an ninh v chui bn tin thit lp SA cho IMS
28. Trnh by phn cp kha IMS
348