3gpp rel-12 security, and future 3gpp security work
DESCRIPTION
From the 9th ETSI Security Workshop, 15 - 16 JANUARY 2014 Presented by Bengt Sahlin, 3GPP TSG SA WG3 Chairman 2010 -2013, Ericsson Research NomadicLabTRANSCRIPT
© 3GPP 2012
3GPP Rel-12 Security, and
Future 3GPP Security Work
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 1
© 3GPP 2012
© 3GPP 2014
Bengt Sahlin
3GPP TSG SA WG3 Chairman 2010 -2013Ericsson Research NomadicLab
© 3GPP 2012
Outline
About SA3
Security work in
Rel-12
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 2
© 3GPP 2012
© 3GPP 2014
Rel-12
Future 3GPP
Security work
http://www.3gpp.org/news-events/partners-news/1514-tcca-joins-3gpp-for-critical-work
© 3GPP 2012
3GPP TSG SA WG3 (Security)
The WG has the overall responsibility for security and
privacy in 3GPP systems
• performs analysis of potential threats to these systems
• determines the security and privacy requirements for 3GPP
systems
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 3
© 3GPP 2012
© 3GPP 2014
systems
• specifies the security architectures and protocols
• ensures the availability of cryptographic algorithms which
need to be part of the specifications
http://www.3gpp.org/Specifications-groups/sa-
plenary/54-sa3-security
© 3GPP 2012
Elections at SA3 #73 (November 2013)
Old SA3 Leadership
• Chair: Bengt Sahlin (Ericsson)
• Vice-chairs
• Magnus Aldén (TeliaSonera)
• Anand Prasad (NEC)
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 4
© 3GPP 2012
© 3GPP 2014
• Anand Prasad (NEC)
New SA3 Leadership
• Chair: Anand Prasad (NEC)
• Vice-chairs:
• Alf Zugenmaier (NTT DOCOMO)
• Judy Zhu (China Mobile Com Corporation)
© 3GPP 2012
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 5
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 6
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Document Statistics 2010 -
150
200
250
300
350
Number of Documents
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 7
© 3GPP 2012
© 3GPP 2014
0
50
100
SA
3 #
58
SA
3 #
59
SA
3 #
60
SA
3 #
61
SA
3 #
62
SA
3 #
63
SA
3 #
64
SA
3 #
65
SA
3 #
66
SA
3 #
67
SA
3 #
68
SA
3 #
69
SA
3 #
70
SA
3 #
71
SA
# #
72
SA
3 #
73
CRs Approved
© 3GPP 2012
Rel-12
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 8
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Extended IMS Media Plane Security
Support for real-time
media in Rel-9
Work completed in Rel-
12:
• IMS Messaging, and in IMS signalling and media plane entities relevant to e2ae security
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 9
© 3GPP 2012
© 3GPP 2014
• IMS Messaging, and in
particular MSRP/TCP
based media
• IMS Conferencing
• Communications diversion
• Secure fax
Reference model for key management for the KMS based solution
© 3GPP 2012
Tunnelling of UE Services over
Restrictive Access Networks (I)
For IMS in TS 33.203 Annex W
• Tunnelling of IMS Services over Restrictive Access Networks
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 10
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Tunnelling of UE Services over
Restrictive Access Networks (II)
For non-3GPP access in TS 33.402 annex B
• Tunnelling of UE Services over Restrictive Access Networks
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 11
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Generic Bootstrapping Architecture
(GBA)
Security enhancements
for usage of GBA from
the browser
• specified in Annexes of TS
33.222
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 12
© 3GPP 2012
© 3GPP 2014
33.222
© 3GPP 2012
Small Cell Enhancements
Dual connectivity
Security analysis
started at SA3 #73 in
November
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 13
© 3GPP 2012
© 3GPP 2014
November
SA #63 (March 2014)
will evaluate in which
time frame this can
be specified
© 3GPP 2012
Exceptions for Rel-12
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 14
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Machine Type Communication
Security procedures for secure connection
• provide key material for securing the application protocol between UE
and a SCS (indirect model) or between UE and a MTC Application Server
(direct model)
• GBA for a UE initiated Secure Connection
• GBAPush for a network initiated Secure Connection
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 15
© 3GPP 2012
© 3GPP 2014
• GBAPush for a network initiated Secure Connection
Exception for continuing work on “Security procedures for
restricting the USIM to specific UEs” until March 2014
© 3GPP 2012
Proximity-based Services (ProSe)
Work on security for ProSe discovery, configuration
and communication
Exception granted until June 2014
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 16
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Group Communication System Enablers
for LTE (GCSE_LTE)
Work on security aspects for group communication
over LTE
Exception granted until June 2014
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 17
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Security for WebRTC IMS Client access
to IMS
Work on authentication and required enhancements to IMS
media plane security
Exception granted until June 2014
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 18
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
WLAN Network Selection
Working assumption:
• Information provided by a WLAN access point is considered
untrusted from 3GPP point of view
Exception granted until March 2014
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 19
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
TUAK
New authentication and
key agreement algorithm
• Alternative to MILENAGE
• Based on Keccak (SHA-3
winner)
Specified by ETSI SAGE
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 20
© 3GPP 2012
© 3GPP 2014
Specified by ETSI SAGE
Algorithm specifications
approved by SA #62 in
December
Exception granted until
March 2014
© 3GPP 2012
Rel-13
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 21
© 3GPP 2012
© 3GPP 2014
© 3GPP 2012
Security Assurance Specification for
3GPP Network Products
Study started in 3GPP SA3 #68 in July 2012
Goal to identify a Security Assurance Methodology
The study was finished at SA3 #73 in November 2013
and a new work item was agreed to start normative
work
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 22
© 3GPP 2012
© 3GPP 2014
work
News article published on the 3GPP site:
• http://www.3gpp.org/news-events/3gpp-news/1569-
secam_for_3gpp_nodes
© 3GPP 2012
Security Assurance Methodology
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 23
© 3GPP 2012
© 3GPP 2014
http://www.3gpp.org/DynaReport/33805.htm
© 3GPP 2012
Security Assurance: Next Steps
3GPP
• Technical Report describing the process
• Security Assurance scheme for 3GPP Network Products
• Security Assurance Specifications (SAS)
• The first SAS will be specified for the MME network product class
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 24
© 3GPP 2012
© 3GPP 2014
GSM Association
• Will accredit evaluators
• The evalutators can be vendors or 3rd parties
• Will evaluate and accredit vendor development process
• NESAG is the sub-WG of GSMA SG that will create the vendor
development process
© 3GPP 2012
Public Warning System (PWS) Security
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 25
© 3GPP 2012
© 3GPP 2014
Conclusion reached on the way forward at SA3 #73:
• Create a 900 series TR (public TR) to document the
candidate solutions and their characteristics
© 3GPP 2012
Work expected to continue
ProSe
GCSE
Study on Subscriber Privacy Impact in 3GPP
• Started at SA3 #73
Security Study on Spoofed Call Detection and Prevention
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 26
© 3GPP 2012
© 3GPP 2014
Security Study on Spoofed Call Detection and Prevention
• Close to completion
Study on Security aspects of Integration of Single Sign-On (SSO)
frameworks with 3GPP networks
• ongoing
© 3GPP 2012
Thank You !Bengt Sahlin
3GPP TSG SA WG3 Chairman 2010 -2013
9 t h E T S I S e c u r i t y W o r k s h o p , 1 5 - 1 6 J A N U A R Y 2 0 1 4 27
© 3GPP 2012
© 3GPP 2014
www.3gpp.org
More
Information
about 3GPP: