How can 5G security improve on earlier generations? Steve Babbage Vodafone Distinguished Engineer C1 Unrestricted
Who am I? • Vodafone Distinguished Engineer – Cryptography, security, mathematics • Chair of ETSI SAGE – Security Algorithms Group of Experts – Specifies all new standardised crypto algorithms for 3GPP, amongst other things • Co- chair of NGMN’s 5G security workstream – Making pre-standardisation recommendations on 5G security • On GSMA’s Fraud and Security Advisory Panel These views are mine – not the official views of any of the companies or bodies above C1 Unrestricted 2 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Evolution of security 2G 3G 4G Key length Increased to 128 bits Mutual authentication, tamper- One-way authentication Proves which network proof signalling Authentication and key Much better example algorithm agreement algorithms Encryption algorithms Full strength public algorithms Different cipher key depending Same cipher key, whatever the algorithm on choice of algorithm C1 Unrestricted 3 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
So 4G security is very good … … but in some ways, fragile SC Magazine > News > Report: SS7 flaws enable listening to cell phone calls, reading texts C1 Unrestricted 4 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
How can the long term secret key leak? Sending the keys SIM vendor Mobile operator Weak algorithm Insider attack Weak Hack Insider attack implementation Hack Hack C1 Unrestricted 5 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Creating shared session keys Visited Home network network SIM RAND K i AKA RAND, K C RAND K C RAND K i AKA K C K C ENCRYPT USING K C C1 Unrestricted 6 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Can do key agreement differently … Authentication Visited centre network nodes Node X K C K C Home network nodes Key exchange K E K E … when time allows C1 Unrestricted 7 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Giving the device more control over security Carry on using the same session keys you’ve Update session keys now been using for the last month Carry on using the same temporary identity Update temporary identity now you’ve been using for the last year Can we update session keys now, please? C1 Unrestricted 8 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Performance constraints on security • Call set-up time matters to customers – Running a full key exchange protocol would take noticeably longer – So does that mean we can’t do it? • Fast handover between cells is important for some services – Key derivation on handover is optimised for speed, not for security • Some devices need to run on batteries for years – So do we need to keep security protocol transmissions to a minimum? • Some services need very high availability – So we mustn’t risk false positives when policing network access? C1 Unrestricted 9 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Network slices Optimise for integrity and availability Optimise for battery life Optimise for speed Optimise for security and privacy C1 Unrestricted 10 26 Apr 2016 Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED
Thank you 11 C1 Unrestricted 26 Apr 2016
Recommend
More recommend