Beruflich Dokumente
Kultur Dokumente
Hello and welcome, my topic today is authentication in LTE technology. I want to start
off by a brief introduction and then I’ll develop some aspects of LTE security.
So, wireless communication, in its nature, is always at a risk of eavesdropping and
manipulation because, data originally sent to a specific user can be received and
unlawfully used by an unintended user. Also locations of a user can be easily tracked
by tracing which cell the user is connected. And this can result in privacy infringement.
Due to that, mobile communication networks has to provide security features to ensure
integrity of the data received and protect the privacy of users.
Lucky for us, LTE offers authentication, NAS security and AS security. Which will be
discussed later on.
SECURITT CONCEPT
Moving on to the crux of the matter, how does all of it works? Well, the next slide
contains a figure which indicate three areas:
1. LTE Authentication
2. NAS (Non Access Stratum) security performs integrity and ciphering of
signaling between a UE and an MME.
3. While AS (Access Stratum) security performs integrity protection and ciphering
of RRC signaling between UE and eNB (RRC being Radio Resource Control).
And performs ciphering of user traffic between a UE and eNB.
AUTHENTICATION IN LTE
The purpose of the EPS authentication and key agreement (AKA) (which is this whole
network, it’s called EPS-AKA) well its purpose is to provide mutual authentication
between the user and the network and to agree on the same Access Security
Management Entity key (the KASME).
Now I refer you to the left of the slide which illustrate mutual authentication.
1. The EPS AKA procedure is always initiated and controlled by the network. However,
the UE shall proceed with an EPS authentication challenge only if a USIM is present.
2. The UE initiates the authentication procedure by sending an attach request message
to the MME (which contains the IMSI and KASME).
3. The MME forwards it to the HSS and waits for it to generate a vector called
authentication vector (that has a random number RAND used to challenge the user,
an authentication token AUTN, an expected response XRES calculated by the HSS
using a cryptographic function, and finally the KASME) The MME downloads it via
a protocol called Diameter. Then sends it back to the UE and adds a sequence
number “i” to differentiate it from other attempts.
4. Now the UE’s job is to compute the authentication response parameter RES which
is done by the USIM using RAND, AUTN and the secret key K. And while he’s
doing that he also has to authenticate the network by comparing AUTN with the
expected one, once done he can send the authentication response to the MME.
5. Now the MME compares the UE’s response RES with the one computed by the HSS
XRES, if they aren’t the same the UE is rejected, and if they are equal the UE is
authenticated and MME updates the HSS with its location and the user can start
sending data which will be encrypted by certain algorithms.
At the end of the day, the goals are simple: safety and security. Thank you and I’ll be
happy to take any question.