WO2014067541A1 - Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile - Google Patents

Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile Download PDF

Info

Publication number
WO2014067541A1
WO2014067541A1 PCT/EP2012/071349 EP2012071349W WO2014067541A1 WO 2014067541 A1 WO2014067541 A1 WO 2014067541A1 EP 2012071349 W EP2012071349 W EP 2012071349W WO 2014067541 A1 WO2014067541 A1 WO 2014067541A1
Authority
WO
WIPO (PCT)
Prior art keywords
handover
access node
security key
interface
local
Prior art date
Application number
PCT/EP2012/071349
Other languages
English (en)
Inventor
Guenther Horn
Hinrich Eilts
Original Assignee
Nokia Solutions And Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions And Networks Oy filed Critical Nokia Solutions And Networks Oy
Priority to PCT/EP2012/071349 priority Critical patent/WO2014067541A1/fr
Publication of WO2014067541A1 publication Critical patent/WO2014067541A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to methods, apparatuses and computer program products enabling to improve handover security in mobile communication networks.
  • the proposed methods, computer program products and apparatuses are for example applicable to scenarios within such networks, e.g. within an evolved packet system EPS network, in order to improve security of handovers HO taking place on a particular interface within such system.
  • EPS network evolved packet system
  • LTETM or LTETM-A e.g. the framework of LTETM or LTETM-A and e.g. the EPS system and interfaces thereof, such as the so-called S1 interface between a network mobility entity e.g. also known as a mobility management entity, MME, and an access node providing (wireless) network access to a terminal such as a user equipment UE, the access node being e.g. also known as evolved NodeB, eNB.
  • MME mobility management entity
  • eNB evolved NodeB
  • the present invention relates in particular but without limitation to mobile communications, for example to environments under LTETM (Long Term Evolution) or LTETM-A (LTETM Advanced), or any other communication scenario, potentially standardized by 3GPP (3 rd Generation Partnership Project), ETSI (European Telecommunication Standards Institute) and/or other local or regional standardization bodies e.g. NGMN (Next Generation Mobile Networks), and can advantageously be implemented as or in chipsets, or modules, or units, or apparatuses of devices (e.g. network entities such as a transceiver device also known as base station, or NodeB, or evolved NodeB eNB, or e.g. a mobility management entity MME) forming part of those networks, as well as related terminal devices such as a so-called user equipment UE (e.g. smart-phones, a network-access enabled computers or laptops, or the like).
  • UE user equipment
  • the present invention relates to those apparatuses / units of devices or network entities that are applied in such communication networks or a part thereof, e.g. known as evolved packet system, EPS, network.
  • EPS evolved packet system
  • security of handovers HO in such EPS network and security of handovers taking place with involvement of particular interfaces in such system, such as the so-called S1 interface between a MME and a eNB, are being considered.
  • the present invention relates to the security of handovers in LTE, and more specifically to failures of so-called S1 handovers, i.e. handovers, in which not only the eNBs, but also the MME are involved.
  • Security of handovers is for example specified in 3GPP TS 33.401 , more specifically in clause 7.2.8. thereof.
  • Fig. 1 illustrates some typical scenario for explanatory purposes.
  • a network mobility entity referred to as mobility management entity MME is denoted by numeral 1 .
  • the MME has an interface /connection to other entities of the EPS (not shown in Fig.1 ). Further, the MME has an interface known as S1 interface (S1 -I/F) towards each of a plurality of access nodes referred to as evolved NodeBs, eNBs.
  • S1 interface S1 interface
  • eNBs evolved NodeBs
  • Such access node eNB provides network access based on e.g. a wireless access technology for one or more terminals referred to as user equipments U E and denoted by numeral 4 and 4', respectively.
  • a source eNB denoted by numeral 2 is labeled as eNB #A.
  • a target eNB denoted by numeral 3 is labeled as eNB #B.
  • the expression source and target pertains to an assumed mobility of a terminal UE (4, 4'). Namely, with a moving UE, a UE is at a time t1 served by eNB #A, but after a handover HO served by a eNB #B.
  • An interface between eNBs is referred to a X2 interface, X2 l/F.
  • An interface between an eNB, 2 and 3, respectively, and a terminal UE, 4 or 4', is referred to as Uu interface.
  • the HO typically takes place via the X2 interface.
  • the HO involves the S1 interface.
  • the MME derives, inter alia, parameters and/or keys such as ⁇ NH, NCC ⁇ and informs at least the NCC thereof to the target eNB which forwards it to the UE handed over in a handover command that is sent from the target eNB to the UE via the source eNB.
  • NCC is forwarded to UE in a handover command that is sent from the target eNB to the UE via the source eNB, i.e. target eNB does not directly send NCC to UE over Uu.
  • a key K as a master or base key is stored permanently in an authentication centre AuC and universal subscriber identity module USIM.
  • AKA Authentication and Key Agreement
  • plural other keys in the hierarchical EPS system are generated and/or derived.
  • Keys used at a specific entity or at a level of similar entities are also referred to herein as local level keys, whereas keys used to derive those may be referred to as higher level keys (determined/kept at hierarchically higher entities or nodes).
  • a key KeNB for example, is a eNB base key and set up / derived as intermediate key in a MME and UE based on other keys, e.g. upon a state transition of a terminal and/or by the UE and a target eNB upon handover of the terminal.
  • NCC Next Hop Chaining Counter
  • NH Next Hop parameter
  • NCC Only NCC is transmitted to the UE in a handover for efficiency reasons.
  • the UE can correctly derive a new NH from the currently stored ⁇ NH, NCC ⁇ pair and a newly received NCC only if that newly received NCC relates to an NH that was computed in the MME by at most seven iterations from the NH equal to the one stored in the UE. (This is a simple consequence of the fact that NCC has only three bits.)
  • the MME computes a new NH parameter, thereby increasing NCC by 1 - with the exception marked with ( ** ) below - and sends the ⁇ NH, NCC ⁇ pair to the target eNB.
  • both UE and MME will have the same ⁇ NH, NCC ⁇ pair stored.
  • the S1 handover fails the MME will have increased NCC by 1 while the NCC in the UE will remain the same.
  • the MME computes a new NH parameter, thereby increasing NCC by 1 - but see exception ( ** ) above - , and sends the ⁇ NH, NCC ⁇ pair to the target eNB, in the Path Switch Acknowledge message, i.e. only after the handover had been successfully completed between UE, source eNB and target eNB.
  • NCC does not change in the UE; the difference between the NCC values in UE and MME after the current X2 handover increases by 1 ;
  • NCC in the UE is set to the value of the NCC sent by the MME in that preceding handover; the amount by which the NCC value increases in the UE depends on the history even before that preceding handover; but the difference between the NCC values in UE and MME after the current X2 handover is more amenable to computation: it is equal to the number of failed S1 handovers between the current and the preceding X2 handovers plus 1.
  • the NCC value was increased by 1 in the MME while it remained the same in the UE, because the new NCC value could not propagate from the MME via the new target eNB towards the UE due to the handover failure, or, stated in other words, because the new NCC will only be propagated to UE if the handover actually happens.
  • the radio conditions permitted the UE to remain connected to the source eNB. As the laptop did not move any further the radio conditions did not change any further, and, after some time, another S1 handover attempt was made, failing again (and increasing the NCC value in the MME again), while the UE still remained connected to the source eNB. When finally a successful (S1 or X2) handover was made this then led to a condition (according to the 'background' information above) where a UE and an MME would compute different NH parameters and, hence, the UE and the eNB would compute different AS level cryptographic keys, leading to a connection failure.
  • KeNB re-keying as specified in 3GPP TS 33.401 , clause 7.2.9.2. This could be used to re-synchronize the NH parameter in MME and UE.
  • the big disadvantage of this re-keying procedure is that it requires a run of the EPS AKA authentication protocol. This, however, is undesirable as operators are currently looking for ways to reduce the load on the home subscriber server, HSS, caused by authentications, which is considered too high already.
  • the concepts as presented in line with aspects of the invention are in particular applicable for a MME, for example; - more particularly, the concepts as presented in line with aspects of the invention will also be applicable to e.g. a follow-up version of 3GPP TS 33.401 , "Security of handovers" as e.g. specified in particular in its clause 7.2.8., and lead to an updated version thereof;
  • - aspects of the invention encompass countermeasures which prevent that ⁇ NH, NCC ⁇ pairs in UE and MME get out of synchronization due to a number of S1 handover failures; - aspects of the invention enable prevention of unnecessary NCC increments, e.g. by restoring an "old" NCC, or e.g. by bypassing computation of new ones.
  • Figure 1 illustrates an overview of some entities of an EPS network and interfaces there between
  • Figure 2 (2A and 2B) illustrates a schematic flow chart according to aspects of embodiments of the invention
  • Figure 3 illustrates an example of a basic block circuit diagram of a network mobility entity, e.g. a MME.
  • aspects of the invention encompass an apparatus, comprising a memory unit; and a control unit connected to the memory unit, the apparatus being configured to interface at least one access node wherein the control unit is configured to process one or more higher level security keys received from a network entity to derive at least one local level security key within an established security context for a terminal, forward said derived local security key to at least one access node, detect a handover for a terminal being served by a first access node towards a second access node, wherein the handover concerns the interface between the apparatus and said second access node, responsive thereto, update at least one derived local level security key, store the updated at least one derived local security key in the memory, detect a failure in said handover on the interface between the apparatus and said second access node, verify a restore condition based on a handover failure history, and responsive to the restore condition verified, fetch the stored at least one local level security key from the memory.
  • the at least one local level security key is a next hop, NH, key and a next hop chaining counter, NCC.
  • the control unit in terms of verifying a trigger condition based on a handover failure history, is further configured to detect a subsequent failed handover for said terminal being served by the first access node towards said same second access node on said interface between the apparatus and said second access node. This subsequent handover is the first handover following the handover responsive to which the update and storage of the local level security key was performed. Similar notions as made above with reference to apparatus aspects apply likewise to related method aspects.
  • the MME falls back to the ⁇ NH, NCC ⁇ pair stored or computed before that handover under one of the following trigger conditions (e.g. also referred to as "renewal suppression condition”):
  • a MME related procedure for S1 handover starts at stage 20.
  • stage 21 a copy of the old next hop, NH, key and old next hop chaining counter, NCC will be stored.
  • Stage 22 calculates a new next hop, NH, key and a new next hop chaining counter, NCC according to TS 33.401 clause 7.2.8.4.3. These new parameters will replace the old ones, but not their copies.
  • Stage 23 checks for the "restore condition" mentioned above: If and only if the handover failed and the old (copied) NH and NCC was already derived for same target eNB #B, the NH and NCC will be restored from its copies, as shown in stage 24. Otherwise, the process will proceed from stage 23 to stage 25 and the process will proceed "normally".
  • One possible modification of or alternative for the new procedure is to check for previously failed S1 handover before a new NH and NCC shall be computed.
  • the restore condition becomes replaced by a not-incrementing condition which is refered to herein above also as "bypass" condition, but the basic principle of avoiding unnecessary NCC incrementing is always the same.
  • a MME related procedure for S1 handover starts at stage 26
  • the bypass condition is verified, i.e. it is verified whether the current pair of keys ⁇ NH, NCC ⁇ .was computed for a failed S1 -HO for the same target eNB. If YES, the flow branches and bypasses computation of the new parameter pair and proceeds to stage 29 in which the process proceeds as "normal". If NO, the process proceeds to stage 28 in which a new pair of keys ⁇ NH, NCC ⁇ is computed, and only thereafter, the process proceeds to stage 29.
  • Figure 3 shows, supplementing the above description of aspects of the invention, a basic block circuit diagram of a network entity such as a MME, in which embodiments of the present invention are implemented.
  • the entity 4 can be any kind of a mobility management entity MME.
  • the MME comprises a interface, Tx/Rx, cf. numeral 43, for transmission to / reception from another EPS network entity, e.g. an eNB and/or further to a UE.
  • the control module or unit (aka controller) is bidirectional connected to a memory module or unit (aka memory) MEM, denoted by numeral 41.
  • the memory module can be any type of memory to which data can be written and from which data can be read, e.g.
  • the memory module is configured to store at least data necessary for implementation of the invention, e.g. control code, acquired and/or processed data to be used for implementing/realizing at least aspects of the invention.
  • the memory module can be a separate memory module or a partition of a memory module storing also other user/control data handled by the MME.
  • Other memory modules may be present, too, in the entity. Examples of the invention can be embodied in an apparatus or unit of the MME, e.g. denoted by numeral 40, comprising at least the modules 42 and 41 above.
  • embodiments of the present invention may be implemented in software, hardware, application logic or a combination of software, hardware and application logic.
  • the software, application logic and/or hardware generally resides on a module or unit, or chipset or apparatus associated to a device, i.e. mounted/inserted or mountable/insertable to or configured as a part of such a device, such as a network entity like an MSS or similar functionality.
  • the application logic, software or an instruction set is maintained on any one of various conventional computer-readable media.
  • a "computer-readable medium” may be any media or means that can contain, store, communicate, propagate or transport the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer or smart phone, or user equipment.
  • the different functions discussed herein may be performed in a different order and/or concurrently with each other. Furthermore, if desired, one or more of the above- described functions may be optional or may be combined.
  • the present invention proposes computer program products, methods and apparatuses enabling to improve security in handovers in mobile communication networks, and for example, apparatuses, comprising a memory unit; and a control unit connected to the memory unit, the apparatus being configured to interface at least one access node wherein the control unit is configured to process one or more higher level security keys received from a network entity to derive at least one local level security key within an established security context for a terminal, forward said derived local security key to at least one access node.
  • the apparatuses are configured to modify the policy for renewing ⁇ NH, NCC ⁇ pairs in the MME in that the parameters ⁇ NH, NCC ⁇ are conditionally suppressed to be renewed in relation to a failed S1 handover, or instead of new (renewed) ones, previously generated ones which originate from an earlier failed S1 handover are re-used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention propose des produits-programmes d'ordinateur, des procédés et des appareils permettant d'améliorer la sécurité dans les transferts intercellulaires dans des réseaux de communication mobile, et par exemple, des appareils, comprenant une unité de mémorisation; et une unité de commande connectée à l'unité de mémorisation, l'appareil étant configuré pour interfacer au moins un noeud d'accès dans lequel l'unité de commande est configurée pour traiter une ou plusieurs clés de sécurité de niveau plus élevé reçues d'une entité de réseau pour déduire au moins une clé de sécurité de niveau local dans un contexte de sécurité établi pour un terminal, acheminer ladite clé de sécurité locale déduite vers au moins un noeud d'accès. Sur la base de l'apparition d'une condition de suppression de renouvellement, les appareils sont configurés pour modifier la politique pour renouveler {NH, NCC} des paires dans le MME en ce que les paramètres {NH, NCC} sont supprimés de manière conditionnelle pour être renouvelés en relation avec un transfert intercellulaire S1 qui a échoué, ou au lieu de nouveaux (renouvelés), ceux générés précédemment qui proviennent d'un transfert intercellulaire S1 qui a échoué précédemment sont réutilisés.
PCT/EP2012/071349 2012-10-29 2012-10-29 Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile WO2014067541A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/071349 WO2014067541A1 (fr) 2012-10-29 2012-10-29 Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/071349 WO2014067541A1 (fr) 2012-10-29 2012-10-29 Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile

Publications (1)

Publication Number Publication Date
WO2014067541A1 true WO2014067541A1 (fr) 2014-05-08

Family

ID=47290896

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/071349 WO2014067541A1 (fr) 2012-10-29 2012-10-29 Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile

Country Status (1)

Country Link
WO (1) WO2014067541A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190037395A1 (en) * 2016-01-25 2019-01-31 Telefonaktiebolaget Lm Ericsson (Publ) Key Management

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080240439A1 (en) * 2007-03-15 2008-10-02 Interdigital Technology Corporation Methods and apparatus to facilitate data and security context transfer, and re-initialization during mobile device handover
US20100165835A1 (en) * 2008-12-29 2010-07-01 Qualcomm, Incorporated Method and apparatus for synchronization during a handover failure in a wireless communication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080240439A1 (en) * 2007-03-15 2008-10-02 Interdigital Technology Corporation Methods and apparatus to facilitate data and security context transfer, and re-initialization during mobile device handover
US20100165835A1 (en) * 2008-12-29 2010-07-01 Qualcomm, Incorporated Method and apparatus for synchronization during a handover failure in a wireless communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 11.5.0 Release 11)", TECHNICAL SPECIFICATION, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE, vol. 3GPP SA 3, no. V11.5.0, 1 October 2012 (2012-10-01), XP014075735 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190037395A1 (en) * 2016-01-25 2019-01-31 Telefonaktiebolaget Lm Ericsson (Publ) Key Management
US10750361B2 (en) * 2016-01-25 2020-08-18 Telefonaktiebolaget Lm Ericsson (Publ) Key management

Similar Documents

Publication Publication Date Title
US9817720B2 (en) Methods, apparatuses and computer program products enabling to improve handover security in mobile communication networks
US8145195B2 (en) Mobility related control signalling authentication in mobile communications system
US11297492B2 (en) Subscriber identity privacy protection and network key management
US8600385B2 (en) Interface establishing method in radio communication system, management apparatus and radio node apparatus in radio communication system
EP2293610B1 (fr) Procédé et dispositif de prévention de perte de synchronisation de sécurité de réseau
US9350537B2 (en) Enhanced key management for SRNS relocation
US20120129499A1 (en) Method, Apparatus and System for Processing Security Key when Reestablishing Radio Resource Control (RRC) Connection
US8938071B2 (en) Method for updating air interface key, core network node and radio access system
US9172723B2 (en) Method of providing telecommunications network security
BRPI0909124B1 (pt) método e aparelhos para prover separação criptográfica multi-salto para transferências
KR20200083606A (ko) 연결 재개 요청 방법 및 장치
CN109906624B (zh) 支持无线通信网络中的认证的方法以及相关网络节点和无线终端
KR101881712B1 (ko) 키 확장 승수를 이용한 사용자 장비 및 기지국에 의한 복수의 공유 키의 생성
US11799916B2 (en) Handling radio link failure in a narrow bandwidth internet of things control plane
US10917789B2 (en) Radio link recovery for user equipment
US11689922B2 (en) Re-establishing a radio resource control connection
US20200323011A1 (en) Re-establishing a radio resource control connection
US9386448B2 (en) Method for updating air interface key, core network node and user equipment
US20220303763A1 (en) Communication method, apparatus, and system
US8934868B2 (en) Method for updating and generating air interface key and radio access system
WO2012009972A1 (fr) Procédé et système de distribution de clé pour transfert intercellulaire
WO2014067541A1 (fr) Procédés, appareils et produits-programmes d'ordinateur permettant d'améliorer la sécurité des transferts intercellulaires dans des réseaux de communication mobile
JP2024506102A (ja) 進化型パケットシステム非アクセス層セキュリティアルゴリズムを構成する方法、および関連装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12795346

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12795346

Country of ref document: EP

Kind code of ref document: A1