LTE (4G) network security model and its drawbacks covered in 5G network
Wireless connectivity is spurring a wave of digital transformation which is not just changing our way of working with IT, office tools, and administrative systems; but also paving the path for new business opportunities. One-to-one relations between vendors, suppliers, operators, and end users are being remade as ecosystems of partners and co-creators. This cross-industry transformation has led to the involvement of the concept of wireless connectivity for the fifth generation of mobile technology (5G), to enable new ways of defining performance monitoring and assurance as well as the quality of service and user experience.
5G includes the entire ecosystem of the IoT industry, cloud, internet services, digitalization, and supporting technology. Telecommunication networks, both fixed and mobile, are set to play an important role in the 5G era, ultimately providing the necessary low-latency connectivity to the internet. In telecommunications, LTE refers to Long Term Evolution and is a standard for wireless broadband communication between mobile devices and data terminals. It is based on GSM/EDGE and UMTS/HSPA technologies. The standard comprises some security standards known as the LTE security model. These security standards are used for providing integrity, confidentiality, and authenticity to mobile data and server data in the LTE network.
The LTE security uses a shared secret key, K algorithm. In this, a unique secret key K (“master key”) is shared between service providers and their subscribers. It is called a master key because all other intermediate keys which are used in communication are derived from this key. The master key is kept by both the service provider and the subscriber and is not shared over the network.
Both the service provider and the subscriber use the shared key K and some random numbers (which are shared initially before setup of connection) to derive intermediate keys which are used in secured communication in the different layers of the network. During the exchange of mobile data, these intermediate keys are used instead of the master key in encryption, authentication, and integrity in the LTE network and this network can be further divided into LTE radio network and LTE core network. LTE radio network includes elements such as UE and eNodeB while LTE core network includes elements such as MME/ASME and HSS.
LTE (4G) network comprising LTE radio and LTE core network
LTE security model comprises the following four major elements
UE – It refers to User Equipment (UE) such as a user's mobile phone which is connected to eNodeB in the LTE radio network.
eNodeB or eNB – It refers to Evolved Node B in the mobile phone network that communicates directly wirelessly with mobile handsets, like a base transceiver station in GSM networks. Its functions are ciphering packet reliable delivery and header compression. It is part of the LTE radio network and is further connected to MME.
MME – It refers to Mobility Management Entity (MME), its function is to manage sessions, authentication, paging, mobility, bearers, and roaming. It is connected to HSS and is part of the LTE core network. Access Security Management Entity (ASME) is an entity connected to MME that receives top-level key(s) from HSS. The top-level key is used in an access network. In EPS, MME serves as ASME, and KASME is used as the top-level key to be used in the access network. The MME, on behalf of an HSS, conducts mutual authentication with a UE using the KASME key.
HSS – It refers to Home Subscriber Server (HSS) and is a key element of the LTE network. It comprises a master user database that allows Communications Service Providers (CSPs) to manage customers in real-time and in a cost-effective manner. It stores the secret key K which is shared between mobile operators and their subscribers. HSS allows CSPs to perform specialized functions such as barring of certain services and functions, activation and deactivation of SIM cards, and the creation of hierarchical segregation of subscribers based on their subscriptions. It is part of the LTE core network.
LTE network comprises two level of security
Access Stratum (AS) security – This security is established in the Data Link Layer (layer 2) of the Open Systems Interconnection (OSI) layers between UE and eNodeB. In this security, both UE and eNodeB use keys that are derived from the shared secret key K between the subscriber (UE) and nodes in the LTE radio network.
Non-Access Stratum (NAS) security – This security is established in the Network Layer (layer 3) of the Open Systems Interconnection (OSI) layers between UE and MME. In this security, both UE and MME use keys that are derived from the shared secret key K between the subscriber (UE) and nodes in the LTE core network.
Types of traffics and keys in the LTE network
NAS traffic - It refers to Non-Access Stratum (NAS) in which data packets are exchanged between UE and MME in the LTE core network. Keys used in this traffic are encryption key, KNASenc, and integrity key, KNASint.
RRC traffic - It refers to Radio Resource Control (RRC) in which data packets are exchanged between eNodeB and UE. Keys used in this traffic are encryption key, KRRCenc, and integrity key, KRRCint. RRC messages are transported via Packet Data Convergence Protocol (PDCP) in the IP level (Layer 3/Network Layer) of the OSI model
UP traffic - It refers to User Plane traffic in which data packets are exchanged between UE and eNodeB. UP traffic or application data packets in the user plane side are processed by protocols such as TCP, UDP, and IP. Keys used in this traffic are only encryption key, KUpenc, and no user side integrity key is used (limitation).
Flow diagram of keys derivation in the LTE network.
Following are the steps which are performed in the LTE network
UE sends an initial NAS message to the MME. The initial NAS message comprises International Mobile Subscriber Identity (IMSI) number. Upon receiving the request from UE it sends an authentication information request to HSS.
HSS upon receiving the authentication information request identifies a master key corresponding to the IMSI and derives authentication parameters in the authentication vector. The authentication vector comprises KASME, Authentication token (AUTN), Expected response (XRES), Random number (RAND). HSS using DIAMETER protocol sends the authentication vector as a response to the MME.
MME upon receiving the authentication vector from HSS uses KASME to derive keys KNASenc, KNASint, and KeNB.
MME then sends an authentication request comprising RAND and AUTN to the UE. RAND and AUTN are the same values that MME earlier received from HSS in step 2.
UE receives RAND and AUTN values from the MME and uses its master key K in the SIM and the received RAND and AUTN derives response RES. Further, UE sends RES to the MME.
MME upon receiving the Response (RES) from the UE compares it with the Expected response (XRES). If upon comparison the UE response (RES) matches with the expected response (XRES) then the user is authenticated. Hence, in this way the user authentication is performed.
Upon user authentication at the MME, MME sends a NAS security mode command to UE with all the information related to encryption and integrity algorithms. MME uses a NAS layer to send the NAS security mode command. The security mode command comprises KASME, Evolved Packet System (EPS) encryption, and integrity algorithm.
UE using the KASME, EPS encryption algorithm derives KNASenc, and using KASME, EPS integrity algorithm derives KNASint. Till this point, NAS security is established between UE and MME.
Now MME and eNodeB exchange messages between themselves. MME sends an S1AP initiation message to eNodeB. The session initiation message comprises UE security capabilities and KeNB. eNodeB upon receiving the S1AP session initiation message derives keys KRRCenc, KRRCint, and KUPenc which are used in RRC traffic between UE and eNodeB.
eNodeB communicates with UE in the RRC layer. eNodeB sends RRC security mode commands to the UE which includes AS encryption algorithm, AS integrity algorithm, START parameters for encryption, and integrity.
UE upon receiving the RRC security commands derives KRRCenc, KRRCint using earlier received KASME from MME, AS encryption, and AS integrity algorithm from eNodeB. Till this point RRC security mode is complete.
eNodeB sends a message to MME indicating that all tasks have been completed, all layers such as NAS layer, RRC layer, and user plane layer are protected and the user equipment is also authenticated. Hence LTE security is established between the service provider (MME) and their subscribers (UE).
How User Equipment (UE) authenticates the connected LTE network?
UE comprises master key K, which derives authentication token and also receives authentication token (AUTN) from MME and compares both the tokens at the UE end and if both authentication tokens are found equal then network authenticity is established and hence authentic network is connected to the UE.
5G network security vs. LTE (4G) network security
In telecommunications, when service providers transit from LTE (4G) network to 5G network, they either use Non-Stand Alone (NSA) or Stand-Alone (SA) 5G tracks to transmit data packets in the 5G network. In the 5G network security works the same way as in the LTE security model but with some enhancement to encryption algorithms and security for the user side data.
NSA refers to Non-Stand Alone architecture in which the radio part is 5G New Radio (NR) and the core part is 4G Evolved Packet Core (EPC). In short, Non-Stand Alone refers to 5G Radio + 4G Core = NSA. SA refers to Stand-Alone architecture in which the radio part is 5G New Radio (NR) and the core part is 5G core. In short, Stand-Alonerchitecture refers to 5G Radio + 5G Core = SA.
LTE network security drawbacks which are covered in 5G network security
In the LTE network, user’s permanent IDs (such as International Mobile Subscriber Identities - IMSIs) are transmitted in plain text over the air interface. Attackers can exploit this vulnerability using the IMSI catcher. In 5G networks, the user’s permanent IDs (in this case SUPIs) are transmitted in ciphertext to defend against such attacks.
In the LTE network, the EPS key hierarchy uses 128-bit keys while in the 5G network 256-bitey is used. 5G security standards use 256-bit cryptographic algorithms which are sufficient to resist attacks done by any quantum computers.
In the LTE network, only user data encryption is provided to the user data packets while in the 5G network the security standard provides integrity to the user data packets which prevents user data from being tampered by attackers.
In the LTE network, there are chances of a man-in-middle attack between the LTE radio network and LTE core network when the user equipment moves to the roaming network. There are chances that the roaming network may access the core network. This risk was eliminated in the 5G security model.
In the 5G security model, Security Edge Protection Proxy (SEPP) is deployed to implement E2E security protection. The E2E security is used for providing inter-operator signaling and security functions such as topology hiding, message filtering, TLS channels, and application-layer security protection for roaming messages through the IPX networks. These functions prevent a data breach and unauthorized tampering at the transport and application layer.
Conclusion: The security standards implemented in the 5G network comprise more enhanced features that are not only protecting the user’s data but also securing the roaming network in the transport and application layer. Hence, the issue of the data breach and unauthorized tampering of the user data was fully eliminated in the 5G security standards.