ebook img

EAP-AKA' in 5G PDF

27 Pages·2017·2.04 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview EAP-AKA' in 5G

5G Security: Standard and Technologies Dr. Haiguang Wang, Senior Researcher, Huawei International Oct 18, 2017 HUAWEI TECHNOLOGIES CO., LTD. HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息,未经授权禁止扩散 Page 1 Contents 1 5G Security Standardization in 3GPP 2 Key Technologies for 5G Security 3 Forward Thinking: IoT Security for 5G 4 Summary HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 2 5G: Diverse Use Cases Enhanced Mobile Broadband Gigabytes in a second 3D video and UHD screens Work and play in the cloud Smart Home/Building Augmented reality Industry automation Voice Mission-critical applications Smart City Self-driving cars Massive Machine Type Ultra-Reliable and Low-Latency Communications Communications Source: ITU-R M.[IMT.VISION] HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 3 5G: Stringent Requirements G Latency Throughput Connections Mobility Flexibility 5 1 ms 10 Gbit/s 1M 500 km/h Slicing end-to-end per connection per square for express trains Flexible and on latency kilometer demand 30–50x 100x 100x 1.5x NaaS E T 30–50ms 100 Mbit/s 10,000 350 km/h Inflexible L HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 4 5G Security Timelines in 3GPP 3GPP SA3 5G Security 3GPP 5G Security 1. TR 33.899 (TS33.501) SA3 5G Security Phase 1 Study Item: Technical Report on 5G Security (TS33.401) SA3 5G Security Phase 1 Architecture and (Non-Standalone NR) Functions, Frozen (TR33.899) SA3 Study on 5G Security Phase 1 SA3 Security Study on 5G 2. TS 33.401 Slicing Mgmt Work Item: System Architecture Evolution (SAE); Security architecture 3. TS 33.501 Work Item: Standard on 5G Security Architecture and Functions 4. NEW TR Study Item: Network Slicing Security Management, SBA, IPX http://www.etsi.org/technologies-clusters/technologies/5g HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 5 5G Security Technologies Technologies Specified as of March 2018 TS 33.501 o Security architecture 1 Security Architecture o Primary authentication 2 Security requirement and features • Unified authentication framework with EAP Security procedure between UE and 3 support: 5G-AKA and EAP-AKA’, EAP-TLS 5G Network Functions 4 Security for non-3GPP Access o Secondary Authentication 5 Security of interworking • Authentication with DN: EAP methods Security procedures for non-service 6 based interfaces o Security context management Security aspects of IMS emergency 7 session handling o Mobility support Security procedures between UE and 8 external data networks o Multiple registration Security aspects of network exposure 9 function o Non-3GPP access 10 Service Based Interfaces o Security for Service based architecture Ann For key derivation and authentication ex procedures o Privacy Protection • Public key encryption of subscription permanent identifier (SUPI) HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 6 Contents 1 5G Security Standardization in 3GPP 2 Key Technologies for 5G Security 3 Forward Thinking: IoT Security for 5G 4 Summary HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 7 Security Architecture 4G Security Architecture (TS 33.401) 5G Security Architecture (TS 33.501) Application Application Stratum (IV) stratum User Application (IV) Provider Application User Application Provider Application Home Stratum/ Home (I) (I) (I) Serving Stratum (I) (I) ME USIM (III) stratum/ (III) (V) USIM HE Serving (II) HE (II) Stratum (I) (I) (I) SN SN Transport Transport Stratum 3GPP AN (I) (II) stratum (I) ME AN (I) (II) (I) Non-3GPP AN I. Network access security (I) I. Network access security (I) II. Network domain security(II) II. Network domain security (II) III. User Domain Security(III) III. User Domain Security(III) IV. Application domain security (V) IV. Application domain security (V) V. SBA domain security (V) V. Visibility and configurability of security (VI) VI. Visibility and configurability of security (VI) E n h 1. AN : 3GPP and non-3GPP access network treated more equally in access network. a n ec 2. SN HE(V) : interface for Service-based Architecture m e n t HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential Page 8 Unified Authentication Framework • Build up an unified authentication framework for different access technology, enable security context sharing among different access technology:  ARPF: credential repository  AUSF: authentication server  SEAF: security anchor  EAP framework are supported, a critical step for 5G to become an open network platform  EAP extended type, EAP-5G, is used to carry the NAS signaling over untrusted N3GPP link  EAP-5G is an vendor specific message format to carry NAS signaling between UE and N3IWF. HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 9 Authentication Protocols: EPS-AKA vs. 5G-AKA 4G: EPS-AKA 5G: EPS-AKA UE AMF/SEAF AUSF ARPF UE MME HSS Registration Auth. Req Attach Auth. Get Req Auth. Data Req Generate AV Generate AV Auth. Get Resp Auth. Data Resp Store XRES* Calculate HXRES* XRES Auth. Req Auth. Resp Auth. Resp (RES) Store HXRES* RES ? XRES Auth. Req SMC RES* Auth. Resp Security Context Security Context Calculate HRES* and compare HXRES* RES* RES* verification SMC Security Context Security Context HUAWEI TECHNOLOGIES Co., Ltd. HUAWEI Confidential Page 10

Description:
Public key encryption of subscription permanent identifier EAP framework are supported, a critical step for 5G to become an open network platform.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.