通信人家园

标题: 哪位大哥给翻译一下,拜托了  [查看完整版帖子] [打印本页]

时间:  2010-11-26 13:42
作者: 张掖搓鱼子     标题: 哪位大哥给翻译一下,拜托了

13
Mobility and Key Management in SAE/LTE
Anand R. Prasad1, Julien Laganier1, Alf Zugenmaier1, Mortaza S. Bargh2,
Bob Hulsebosch2, Henk Eertink2, Geert Heijenk3, and Jeroen Idserda3
1 DoCoMo Communications Labs Europe GmbH, Germany
2 Telematica Instituut, The Netherlands
3 Twente University, The Netherlands
Summary. Often in wireless communications the cryptographic algorithm is considered
as ‘the security solution’ but actually it is only the nucleus. The means for
using the cryptographic algorithm is the ‘key’ used by the algorithm. Thus management
of keys and security there-of is an important issue. The security of the key
management solution should not impede mobility of devices by adding undue delays.
Thus, secure and fast key management during mobility is an important issue for
the third generation partnership project (3GPP) activity on system architecture
evolution/long-term evolution (SAE/LTE). In this paper we review mobility and
security issues with the focus of key management in SAE/LTE and present possible
existing solutions together with their analysis.
1 Introduction
At times, it is said that security is the holy grail of any communications system.
True or false, practice shows that solutions developed without security
in mind from the beginning leads to solutions that have severe issues in due
course. To avoid such situations it was necessary that the third generation
partnership project (3GPP) activity on their system architecture evolution
and long term evolution (SAE/LTE) includes security from the very beginning.
The first step for SAE/LTE activity was taken in 2004 and it is expected
that the specifications will be available around September 2007. Details of
3GPP time-plan and specification can be found in [1].
The SAE part of the 3GPP activity focuses on the core network (CN) of a
mobile network and the LTE part focuses on the radio access network (RAN).
SAE assumes the core network will be migrated to IP as the basis communication
protocol. SAE allows integration of radio access networks based on
different radio access technologies into the network, e.g., UMTS, LTE, wireless
LAN and WiMAX. LTE specifies a radio access technology (RAT) that
is aimed at peak data-rates of 100 Mbps downlink and 50 Mbps uplink. The
goal of both SAE and LTE is also to decrease the overall complexity and cost
for both operators and end-users. The security goal of the SAE/LTE activity
166 A.R. Prasad et al.
was to provide security that is at least of the level of UMTS today. Of course,
the security measures should not impede mobility support that is the essence
of a mobile operator’s business.
Looking at the security aspect, of the three common security goals confidentiality,
integrity and availability, the first two are achieved using cryptography,
which in turn requires keys to function. Key management includes key
establishment and key distribution besides key generation and key management
policies. The usage of the system defines the requirements for the keys.
An insecure key management solution can lead to leakage of keys that can
cause attack on the system or network. In such a situation the strength of the
cryptographic algorithm is irrelevant.
It is of utmost importance that the mobile network is able to provide fast
handovers such that there is no impact on perceived service quality by the
user. These handovers need to consider security too. It should not happen
that a mobile user hooks up to a rogue base station or there is hijack of the
session by an intruder. This means that mobility related security requirements
should be fulfilled, which includes re-keying when the user moves. Re-keying
is also part of the key management and should fulfil the related requirements.
In this paper we will first discuss LTE and SAE development by 3GPP
and their goals in Sects. 2 and 3 respectively. Possible mobility and key management
related solutions are discussed in Sects. 4 and 5 with an analysis and
comparison of the solutions in Sect. 6 leading to the conclusions in Sect. 7.
2 Long Term Evolution
LTE or the Evolved UMTS Terrestrial Radio Access (E-UTRA) and Evolved
UMTS Terrestrial Radio Access Network (E-UTRAN) aims at developing
standards that will ensure competitiveness of 3GPP in long-term (10 years or
more) [5]. There are several scenarios for LTE deployment, but at a high-level
one could expect two scenarios [2]. The first one is the standalone deployment
and the second scenario is integration and handover with UTRAN and/or
GERAN. Further it is expected [1] that in LTE there will be support for (1)
shared networks during mobility and initial access, (2) various cell sizes and
planned or ad-hoc deployments, and (3) efficient mobility with an intra-LTE
handover interruption time of 30 ms. An overview of LTE is given in this
section [2–4].
2.1 Requirements
Some of the major requirements for LTE are given in Table 1 [2, 10].
Although the concern of cost for operators is addressed in the requirements
there is no mention about security. Further the requirements set for handover
with legacy solution does not allow seamless perception of service [6].
13 Mobility and Key Management 167
Table 1. LTE major requirements
1 Bandwidth (MHz) Scaleable bandwidths of 1.25, 2.5, 5, 10, 15, 20
2 Data rate (Mbps) Peak of 100 Mbps for downlink (5 bps/Hz
−1)
50 Mbps for uplink (2.5 bps/Hz) at 20MHz, with
2 Rx antennas and 1Tx antenna at the terminal
3 Latency (ms) C-plane 100 ms for camped to active state and
50 ms between active and dormant state. Transit
time between IP layers of UE and RAN less than
5ms
4 Capacity (users per cell) C-plane 200 users per cell in active state for 5MHz
and at least 400 users for higher spectrum allocation
Much higher for dormant and camped state
5 Throughput Compared to Rel 6 average user throughput per
MHz: downlink 3–4 times and uplink is 2–3 times
6 Mobility Optimized for 0–15 kmph. High performance
for 15–120 kmph. Support upto 350 kmph or
500 kmph
Rel 6 voice and real-time CS services provided
over PS in LTE with interruption time less than
or equal to CS domain handovers in GERAN
7 QoS End-to-end QoS shall be supported
VoIP with at least as good radio and backhaul efficiency
and latency as voice traffic over the UMTS
CS
2.2 Physical Layer Parameters
Details of current work on physical layer can be found in [7]. In brief, the
downlink (DL) part of LTE uses orthogonal frequency division multiplexing
OFDM in which the data is multiplexed onto a number of subcarriers. This
number scales with bandwidth. There is frequency selective scheduling in DL
(i.e. OFDMA) and adaptive modulation and coding (up to 64-QAM). In the
uplink SC-FDMA (Single Carrier-Frequency Division Multiple Access) is used
with fast Fourier transform-based transmission scheme like OFDM. The total
bandwidth is divided into a small number of frequency blocks to be assigned
to the UEs (e.g., 15 blocks for a 5MHz bandwidth). Multiple antenna are
used (two at eNodeB and two receive antennas at UE) for beam-forming and
multiple input–multiple output (MIMO).
2.3 Architecture
The LTE architecture interconnects the network side termination points of
the wireless link (called eNodeBs, eNBs) with each other, the interface for
this is called X2 interface [2]. The eNBs are also connected by means of the
168 A.R. Prasad et al.
eNB eNB
eNB
MME/UPE MME/UPE
S1
X2
X2
X2
SAE
LTE
Fig. 1. LTE architecture
S1 interface to the core network called Evolved Packet Core (EPC). This
EPC includes Mobility Management Entities (MME) and User Plane Entities
(UPE) together also known as access gateway (aGW). The LTE architecture
is illustrated in Fig. 1. The LTE architecture differentiates between user plane
U-plane (carrying the user’s applications generated traffic, e.g., voice, mail,
web, etc.) and control plane C-plane (carrying the terminal’s signalling protocols
traffic, e.g., paging, call set-up, etc.). The U-plane and C-plane protocol
stack are shown in Fig. 2.
The eNB hosts the radio resource management unit that includes radio
bearer control, radio admission control, connection mobility control, and dynamic
resource allocation (scheduling) functions. The S1-C (control plane)
interface supports, among others, intra- and inter-system mobility of UE; and
the S1-U (user plane) interface supports the tunneling of end user packets
between the eNB and the UPE as a means to minimize packet losses due to
e.g. mobility. The X2–C interface supports UE mobility between eNBs. The
X2–U interface supports the tunneling of end user packets between the eNBs
as a means to minimize packet losses due to e.g., mobility.
There are several handover scenarios for LTE, dependent on the state of
the mobile device, C-plane or U-plane handover, and whether the MME/UPE
is involved. In terms of security the RAN and security group specifications [8,9]
discuss the termination point that is naturally dependent on the end-point of
a given protocol. The Non Access Stratum (NAS) signalling requires confidentiality
and integrity protection. U-plane must be confidentiality protected
(between UE and eNB), but it is still under study whether or not its integrity
shall be protected. For Access Stratum (AS) signalling, MAC security and requirement
for confidentiality protection of RRC signalling is yet to be studied,
while RRC signalling integrity protection is required.
13 Mobility and Key Management 169
(a) C-Plane protocol stack
(b) U-Plane protocol stack
Fig. 2. C-plane and U-plane protocol stacks
3 System Architecture Evolution
System architecture evolution SAE focuses on enhancing the capability of
the 3GPP system’s core network to cope with the rapid growth in IP data
traffic. This 3GPP system enhancement includes reduced latency, higher user
data rates, improved system capacity and coverage, and reduced overall cost
for the operator. IP based 3GPP services will be provided through various
access technologies together with mechanisms to support seamless mobility
between heterogeneous access networks. In this section the current work of
3GPP regarding SAE are presented from [10–14].
3.1 Requirements
The main objectives to address are [14]:
1. The architectural developments should take into account the LTE targets
for the evolution of the radio-interface. It should address efficient support
of services especially from the PS domain (e.g. VoIP).
2. Overall architecture impacts from support of different RAN/RATs and
access selection based on combinations of operator policies, user preferences
and RAN conditions; improving the basic system performance e.g.
170 A.R. Prasad et al.
communication delay; maintaining the negotiated QoS across the whole
system; etc. [12].
3. Overall architecture aspects of supporting mobility between heterogeneous
RANs (including service continuity in PS domain); how to maintain and
support the same capabilities of access control (authentication, authorization);
and privacy and charging between different RATs.
4. Migration aspects should be taken into account for the above, i.e. how to
migrate from the existing architecture.
3.2 Architecture
It was decided in 3GPP to proceed with two specifications; one that utilizes
the existing protocol (i.e., GPRS transport protocol GTP [10]), and the other
that is based on IETF solutions [11]. SAE also sets a few high level architectural
principles in [4, 15] A few principles regarding security and mobility
are: subscriber security procedures in SAE/LTE shall assure at least the same
level of UMTS security; access to network should be possible using Release 99
UMTS subscriber identity module USIM; authentication framework should be
independent of the RAT; mobility management should not degrade security.
The architecture for non-roaming case is given in Fig. 3. Due to lack of
space only a brief explanation of network elements and interfaces is given in
this section: The MME provides NAS signalling and its security, inter CN node
Trusted/Untrusted*
Non-3GPP IP Access
or 3GPP Access
SGi
PCRF
S7
S6a
HSS
ePDG
S2b
Serving
Gateway
Wn*
3GPP AAA
Server
Operator’s IP
Services
(e.g. IMS, PSS
etc.)
Wm*
Wx*
Untrusted
Non-3GPP IP
Access
Trusted
Non-3GPP IP
Access
Wa*
Ta*
HPLMN
Non-3GPP
Networks
S1-U
S1-MME
EUTRAN
2G/3G
SGSN
S4
S3
S5
S6c
Rx+
S2a
PDN
Gateway
MME
S11
S10
UE
S2c
* Untrusted non-3GPP access requires ePDG in the data
Fig. 3. Non-roaming architecture for SAE
13 Mobility and Key Management 171
signalling for mobility between 3GPP access networks, etc. The Serving GW
is the gateway which terminates the interface towards E-UTRAN. For each
UE, at a given point of time, there is a single Serving GW with the function
of Local Mobility Anchor point for inter-eNB handover, mobility anchoring
for inter-3GPP mobility, lawful Interception, packet routing and forwarding.
The PDN GW functions include policy enforcement, per-user packet filtering,
charging support, lawful interception and UE IP address allocation.
There are several different mobility management concepts in SAE which
are dependent not only on the access technology and network layer protocols
but also on the state of the UE. Other mobility issues that SAE has to
cater for are inter-RAT mobility, dependence of paging/tracking area, context
information availability, power saving, etc.
4 Mobility Solutions
There are several network layer mobility protocols that could be utilized in
SAE/LTE to support mobility within LTE and to/from other RANs. We now
know that 3GPP has made a choice of protocols. Anyhow in this section we
present the different choices that were possible together with their differences
and similarities. In later section we give an analysis.
In traditional IP networks, the IP address of a node is usually bound to
its topological location within the network to permit route aggregation. For
a mobile node, that means that moving and changing its location implies
that it changes its IP address. In the traditional TCP/IP communications
paradigm, IP addresses of a node were expected to remain stable. It was thus
possible to: (a) reach an IP node knowing only its IP address, (b) bind upper
layer communications (e.g. TCP conations) to IP addresses of communication
endpoints. With the advent of mobile nodes, this change of IP address role
has thus the following implications:
1. It is no longer possible to reach a mobile node knowing only its IP address
since it changes when the mobile node moves.
2. Upper layer communications will break with movement of one of the
communication endpoint since they are bound to IP addresses that will
change.
Because of that, network layer mobility protocols have been designed to
restore the two basic properties that were broken by apparition of mobile
nodes. In addition, these protocols might, depending on their architecture
and mechanisms, offer additional mobility-related functionalities such as:
• Route optimisation between a mobile node and its correspondent nodes.
• Reduction of communication disruption latency upon movement via proactive
configuration of care-of address before movement, buffering of
packet received at old access router (AR) and tunnelling to new AR,
and/or local anchoring.
172 A.R. Prasad et al.
• Reduction of packet loss upon movement via pro-active configuration of
care-of address before movement, buffering of packet received at old access
router (AR) and tunnelling to new AR, and/or local anchoring.
Additionally, these protocols may also offer functionalities which are not
directly related to mobility such as:
• Network layer multi-homing: Ability to switch between different providerassigned
subnet prefixes to cope with ISP failures. Such prefixes might be
assigned on a single interface, or each prefix to a different interface.
• Network layer security: Ability to protect integrity and confidentiality of
communications.
With the focus on IPv6 the protocols given below were considered in this
paper for which a comparison is given in Table 2.
• Mobile IP version 6 (MIPv6)
• Fast Handover for Mobile IP version 6 (FMIPv6)
• Hierarchical Mobile IP version 6 (HMIPv6)
• Network-based Localized Mobility (NETLMM)
• IKEv2 Mobility and Multi-homing Protocol (MOBIKE)
• Host Identity Protocol (HIP)
5 Key Management Solutions
Authentication process is one of the major latency sources that prevents seamless
handovers. This latency is mainly due to the signalling overhead that is
needed to authenticate a user and for making the association with the new Access
Point (AP) secure. Both aspects involve proper key management. Therefore,
solutions for fast authentication are dearly needed in order to realize
seamless handovers and thereby to improve the user’s experience. These solutions
boil down to effective and efficient key management schemes that are
suitable for intra- and inter-domain handovers as well as for horizontal and
vertical handovers.
The Extensible Authentication Protocol (EAP) [16] is a generic framework
for network access authentication. The EAP framework allows an authenticator
to authenticate a peer (and possibly mutual authentication) and
establishes between them two keys, the Master Session Key (MSK) and the
Extended MSK (EMSK), which are used to secure communications of EAP
lower layers. At the moment only the MSK is used by different lower layers
and protocols. The most common usage is in the IEEE 802.11i lower layer to
derive the Transient Session Key (TSK) to provide access link security. For
instance in 802.11i the first 512 bits of the MSK are used for TSK derivation,
802.11r uses the second 256 bits to derive Pair-wise MKs (PMKs-R1)
for fast BSS transition, and 802.16 uses the first 320 bits. The Internet Key
13 Mobility and Key Management 173
Table 2. Differences in the mobility protocols
MIPv6 MIPv6 HMIPv6 HMIPv6 NETLMM MOBIKE HIP
+ +
FMIPv6 FMIPv6
Scope of mobility Global, local Global, local Local Local Local Global, local Global
Location of
rendezvous point
On routing
path to home
address
On routing
path to home
address
On routing
path to regional
care-of-address
On routing
path to regional
care-of-address
On
routing
path to
regional
care-ofaddress
On routing
path to IPsec
inner address
Anywhere
Trust model SA with
rendezvous
point
SA with
rendezvous
point
SA with
rendezvous
point
SA with
rendezvous
point
SA with
access
router
SA with
rendezvous
point
SA with
rendezvous
point and
correspondent
node
Route optimization Yes Yes No No No No Required
Reduction of
communication
disruption latency
and packet loss
Yes if local
anchor
Yes Yes Yes Yes Yes if local
anchor
No
Rendezvous point Home agent (HA) Mobility anchor point (MAP) Localized
mobility
anchor
(LMA)
Security
gateway
(SGW)
Rendezvous
server (RVS)
Routing update Binding update (BU) Local binding update (LBU) Routing
update
(RU)
Update SA
address
(USA)
Locator update
(UPD)
174 A.R. Prasad et al.
Exchange protocol (IKEv2) has an authentication mode where one of the IKE
peer is authenticated via EAP, thus making use of the MSK as well. IKEv2,
however, uses it for entity authentication purposes. This disparate usage of
the MSK makes it less suitable for a root key of a key hierarchy that supports
fast re-authentication for seamless handovers. For this reason, the IETF
HOKEY working group tries to define an EMSK-based key hierarchy for authenticated
seamless handovers [17]. Since the EMSK has never been used in
any specifications it can be specified in such manner that it is acceptable to
all lower layers. A Usage Specific Root Key (USRK) can be derived from the
EMSK and used for efficient re-authentication within the EAP framework.
In HOKEY terminology this key is called re-authentication Root Key (rRK).
The rRK on its turn is used to derive the re-authentication Integrity Key (rIK)
and a re-authentication MSKs (rMSK) that is specific to each authenticator
that the MN associates with. The rIK is used to prove being a party to the
full EAP method-based authentication and is used in a proof of possession
exchange between the MN and the AAA-server. Finally, the rMSK is used for
deriving the TSK after each re-authentication phase (see Fig. 4).
One of the most important features of the HOKEY key hierarchy is that it
doesn’t require the MN to interact with the home domain for authentication
purposes when roaming within a foreign domain.
Since HOKEY is still work in progress, a number of issues with its usage
in 3GPP SAE/LTE haven’t been addressed yet. One of them is related to
dealing with the heterogeneity of the authentication mechanisms. Different
network technologies use different authentication mechanisms. For instance,
UMTS networks use the UMTS-AKA authentication mechanism, and EAPAKA
is used in WLANs. Though UMTS AKA and EAP-AKA are almost
identical, they differ by the transport method of the AKA protocol: PMM
MSK EMSK
rRKOther R…Ks
Long Term Credential
rMSK1r…MSKn
TSK1T…SKn
rIK
PMK-R11 PMK-R1n … TSK
TSK1T…SKn
802.11i
802.11r HOKEY
rRK … Other RKs
rMSK1 …
TSK1 … TSKn
PMK-R0
1 n TSK1 … TSKn
PMK
rMSKn
Fig. 4. Proposed HOKEY EMSK hierarchy for re-authentication, presented during
IETF 66 meeting July 2006
13 Mobility and Key Management 175
protocol in case of UMTS and EAP protocol in case of WLAN, The former
doesn’t have a fast re-authentication function, while EAP-AKA [18] does offer
such functionality, which makes it better suitable to be used in the EAP-ER
framework [19].
Another issue to be solved is the choice of a proper key distribution mechanism.
The rMSK must be delivered to the new authenticator following reauthentication.
Options for key delivery are either based on a pull or a push
model. The push model does not allow randomness contribution by the peer,
is not supported by RADIUS, does not scale well, results in keys on target
authenticators that the peer may never roam to, target authenticators must
store keys, key names, associated nonces, lifetimes, and other attributes for
many peers unnecessarily, peer needs to be involved in a re-authentication
protocol anyway to receive nonces or other attributes. So there is not much
value in the push model. Therefore a peer-initiated, on-demand pull model
makes more sense.
For the inter-domain case, key delivery is not straightforward. How does
the AAA server know the AP in the foreign domain? How to setup a secure
communication channel with the foreign domain? Do the foreign APs communicate
with the home rMSK server directly or via their own rMSK server?
IETF PANA [20] is an network access authentication protocol transported
over IP, and as such independent of the underlying technology. It
authenticates peers with the EAP protocol, and as such is both an EAP
transport and an EAP lower layer, like IEEE 802.1x. The Media Independent
Pre-Authentication (MPA) approach [21] tries to define a solution
for pre-authentication that support both inter-domain and inter-technology
handovers. MPA is a mobile-assisted higher-layer authentication, authorization
and handover scheme that is performed prior to establishing link layer
connectivity to a network where the MN may move in near future. In MPA,
the notion of 802.11i pre-authentication is extended to work at higher layer,
with additional mechanisms to securely perform early acquisition of an IPaddress
from the new network as well as pro-active handover to this network
while the MN is still attached to the current network. MPA provides a secure
and seamless mobility optimization that works for inter-domain heterogeneous
handovers.
6 Analysis
To evaluate the existing solution we consider a number of principles that serve
as guidelines in this paper to evaluate handover solutions. These guiding principles
can be related to the architecture, performance and security aspects of
the solutions. The architectural guidelines considered are reusability (i.e., to
be able to use the solution again to add new functionality with minimum
modifications) and modularity (i.e., the solution is composed of components
with well defined functionality and interfaces). Requiring a handover solution
176 A.R. Prasad et al.
to be fast, we consider the following performance guiding principles for such
a solution: support of different air interface technologies (as mobile devices
are equipped with multiple network interfaces nowadays), compatibility of local
and global mobility solutions (as mobile devices are going to cross over
administrative domain boundaries frequently), and support of multiple air
interfaces being active simultaneously (when possible and appropriate). The
latter requires the solutions to be energy effective. The security related guidelines
include binding L2, L3 and higher layers to the user as identified by its
USIM.
For our analysis we consider three categories of protocols or (partial) solutions
and evaluate them based on our guiding principles mentioned. These
solution categories are: mobility/handover solutions, authentication methods,
and authentication transport protocols. Mobility or handover management
related solutions that we consider are: MIPv6, HMIPv6, FMIPv6, MOBIKE,
NetLMM, MPA, IEEE802.21, IEEE802.16/e and IEEE802.11. For authentication
methods we investigate UMTS-AKA, EAP-AKA, EAP-TLS, 802.11i, and
EAP-ER. Finally, we consider EAP and combined PANA and IPsec as authentication
transport protocols for our analysis. Figure 5 presents a summary
Fig. 5. Comparison of (partial) solutions for supporting mobility in SAE/LTE
13 Mobility and Key Management 177
of our analysis. One should note that key establishment/distribution aspects
that are provisioned in for example IEEE802.11i, IEEE802.11r, IEEE802.16,
EAP-ER, HOKEY, IKE and AKA) are already included in one or more categories
identified above. A close investigation of the results of Fig. 5 reveals that
a complete system architecture is missing to deliver secure and fast handover
management. Such architecture must provide integrated security management
to deal with threats in all handover phases.
7 Conclusions and Future Work
In this paper we have presented an overview of SAE/LTE and IP layer mobility
protocols and key management solutions that can be used for SAE/LTE.
Based on analysis that utilizes principles coming from SAE/LTE requirements
we come to the conclusion that EAP-ER using AKA is the authentication and
key agreement solution that should be utilized for SAE/LTE. The study also
shows that NetLMM and MIP are the mobility solutions that can be used.
The results to some extent are in contradiction to what is currently accepted
in 3GPP.
From network layer protocol perspective 3GPP is focusing on NetLMM
and MIP but also has accepted GTP. Obviously the acceptance of GTP is
due to the fact that existing solutions can be reused. As for key agreement
3GPP has a working assumption of UMTS-AKA. This working assumption
certainly works fine for fast mobility between UMTS and LTE but it does not
cater for future where there will be integration of other RANs.
This work still leaves us with the need to study the integration of mobility
protocol and key management solution in the SAE/LTE architecture. This
integration should be done while considering the security and mobility aspects.
Another point to study is the key hierarchy required for SAE/LTE. This can
easily be concluded by looking at the end-point of different protocols (MAC,
RRC, NAS and U-plane) and the confidentiality/integrity requirement. Once
all is done a study on remaining threats and performance is also required.
时间:  2010-11-26 14:55
作者: sftxys

13
流动性和密钥管理在SAE / LTE技术
阿南德河普拉萨德1,朱利安Laganier1,阿尔夫Zugenmaier1,Mortaza学巴奇2
鲍勃Hulsebosch2,亨克Eertink2,海尔特Heijenk3,和Jeroen Idserda3
一实验室DoCoMo的通信欧洲有限公司,德国
2 Telematica研究院,荷兰
3特文特大学,荷兰
综述。通常在无线通讯的加密算法被认为是
为'安全解决方案',但实际上它仅仅是核心。的手段
使用的加密算法是'关键'所使用的算法。因此,管理
有钥匙和安全,是一个重要的问题。密钥的安全性
管理解决方案不应妨碍加入移动设备的不必要的延误。
因此,安全和快速移动中的密钥管理是一个重要的问题
第三代合作伙伴计划(3GPP)的系统架构活动
演进/长期演进(SAE / LTE)计划。在本文中,我们审查调动和
国家自然科学基金重点管理在SAE / LTE和安全问题目前可能的重点
连同现有的分析解决方案。
1简介
有时,有人说,安全是任何通讯系统的圣杯。
真或假,实践证明,没有安全的解决方案开发
从一开始头脑的解决方案,已经导致了严重的问题在适当的
课程。为了避免这种情况下,它是必要的,第三代
合作伙伴计划(3GPP)的活动对他们的系统架构演进
和长期演进(SAE / LTE)计划,包括从一开始的安全性。
对于SAE的/ LTE的活动采取的第一步是在2004年,预计
该规范将在2007年9月左右提供。详情
3GPP的时间计划和规格中可以找到[1]。
该活动的3GPP SAE的部分集中在核心网络的一个(CN)的
移动网络和LTE的部分集中在无线接入网络(RAN)。
SAE的假设核心网络将被迁移为基础的IP通信
协议。 SAE的允许无线接入网络的基础上整合
不同的无线接入技术进入网络,如UMTS的LTE技术,无线
局域网和WiMAX。指定的LTE无线接入技术(鼠)的
目的是在繁忙的数据为100 Mbps的下行和50 Mbps的上行速率。该
同时SAE和LTE的目的也是为了降低整体的复杂性和成本
为运营商和最终用户。作者的SAE / LTE的活动的安全目标
166 A.R.普拉萨德等。
是提供安全,在今天的UMTS的水平至少是。当然,
保安措施不应妨碍移动性支持,它是本质
一个移动运营商的业务。
在安全方面看,三个共同的安全目标的保密性,
完整性和可用性,前两个是通过使用加密技术,
这反过来又要求到功能键。主要管理人员包括关键
除了建立和密钥分配密钥生成和密钥管理
政策。该系统的使用定义的键的要求。
不安全的密钥管理解决方案可能导致泄漏的密钥,可以
导致在系统或网络攻击。在这种形势下的强度
加密算法是不相关的。
正因为如此,移动网络能够提供快捷,最重要
这种切换有没有知觉服务品质的影响
用户。这些切换也需要考虑安全。它不应该发生
一个移动用户挂接到一个流氓基站或有问题的总劫持
会议由入侵者。这意味着,流动性相关的安全要求
应得到履行,其中包括重新输入,当用户移动。重新输入
也是密钥管理的一部分,应符合相关要求。
在本文中,我们将首先讨论由3GPP LTE和SAE的发展
而且他们的目标在教派。 2和3。可能的流动性和密钥管理
相关解决方案进行了讨论流派。 4和5及分析
教派的比较研究解决方案。 6,导致在教派的结论。 7。
2长期演进
LTE或进化的UMTS陆地无线接入(E -型UTRA)和演进
UMTS陆地无线接入网络(E - UTRAN)的目的是发展
标准,以确保竞争力的3GPP长期(10年或
更多)[5]。 LTE的部署有几个方案,但在高级别
怎么能指望两种情况[2]。第一个是独立部署
第二个方案是融合和移交与UTRAN和/或
GERAN的。此外,预计[1]在LTE将有支持(1)
在流动性和初始访问共享网络,(2)各种细胞的大小和
计划或临时部署,以及(3)一内部LTE的有效流动
切换中断时间为30毫秒。概述了LTE的中给出
部分[2-4]。
2.1需求
对于LTE的一些主要规定载于表1 [2,10]。
虽然运营商关注的是成本的要求处理的
这是毫无安全提。为进一步回归的要求
与传统解决方案不容许服务[6]无缝的看法。
13调动和密钥管理167
表1。 LTE的主要要求
1带宽(MHz)为1.25,2.5,5,10,15,20可扩展带宽
2数据速率(Mbps)的100 Mbps的下行(5个基点山顶/赫兹
-1)
50 Mbps的上行(2.5基点/赫兹)在20MHz,与
2个接收天线和1Tx在终端天线
3延时(毫秒)的C - 100飞机驻扎到转发状态和MS
50主动与休眠状态毫秒。过境
IP层之间的UE和RAN的时间小于
5毫秒
4容量(每单元用户)的C - 200飞机用户在活跃的状态为5MHz的每个细胞
和至少400用户更高的频谱分配
高得多休眠状态,并安营扎寨
5吞吐量相比REL的6平均每用户吞吐量
兆赫:下行3-4倍,上行2-3倍
6移动优化0-15 kmph。高性能
为15-120 kmph。支援高达350 kmph或
500 kmph
REL的6语音和实时提供服务的政务司司长
在LTE的PS超过中断时间小于
或等于在GERAN的CS域切换
7 QoS的端至端服务质量应得到支持
VoIP与至少好电台和传输的效率
为语音流量和延迟超过了UMTS
政务司司长
2.2物理层参数
对物理层当前工作的详情,可参见[7]。简言之,
下行(DL)LTE的一部分使用正交频分复用
OFDM技术在其中的数据复用子载波数目走上了。这
带宽数量级。有频率选择性调度在DL
(如OFDMA)和自适应调制和编码(最多为64 - QAM)。在
上行SC - FDMA技术(单载波频分多址接入)用于
快速傅立叶变换等基于OFDM传输方案。总
带宽分成块的频率分配少量
到UE的(例如,在5MHz带宽为15块)。多天线
使用(两个的eNodeB和两个接收天线,在UE的)的波束形成和
多输入多输出(MIMO)。
2.3建筑
在LTE架构互连网络侧终止点
无线连接(称为eNodeBs,eNBs)相互的接口
这就是所谓的X2接口[2]。该eNBs也连接了的手段
168 A.R.普拉萨德等。
环境局环境局
环境局
MME的/ MME的普及初等教育/普及初等教育
中一
X2的
X2的
X2的
SAE的
LTE技术
图。 1。 LTE的架构
S1的界面为核心的网络称为演进分组核心(EPC)。这
总承包,包括移动性管理实体(MME的)和用户平面实体
(普及初等教育)一起也被称为接入网关(aGW)。在LTE架构
如图所示。 1。 LTE的用户平面之间的结构区别
U型飞机(承载用户的应用程序产生的流量,如语音,邮件,
Web等)和控制平面C -平面(携带终端的信令协议
交通,例如,寻呼,呼叫建立,等等)。 U型飞机和C -面协议
栈如图所示。 2。
环境局主办的无线资源管理单位,包括无线电
承载控制,无线接入控制,连接移动性控制和动态
资源分配(调度)的功能。的S1 - C的(控制平面)
接口支持,除其他外,区域内和跨系统的UE的流动性;和
的S1 - U(用户平面)接口支持最终用户的数据包隧道
环境局之间和普及初等教育为手段,以最大限度地减少数据包造成的损失
例如流动性。的X2 - C接口支持在eNBs UE的流动性。该
的X2 - U接口之间的eNBs支持最终用户的数据包隧道
作为一种手段,最大限度地减少数据包造成的损失,例如,流动性。
有几个LTE的切换场景,对国家的依赖
移动设备和C -平面或U -平面的交接,以及是否MME的/普及初等教育
参与。在安全方面的RAN和安全组的规格[8,9]
讨论终止点,自然是在终点的依赖
一个给定的协议。非接入层(NAS)的信令要求保密
性和完整性保护。 U型平面必须保密制度的保护
(UE和环境局之间),但仍在研究是否有它的完整性
应受到保护。对于接入层(AS)的信号,MAC安全和要求
为保密PRC信令保护仍有待研究,
而PRC信令完整性保护是必要的。
13调动和密钥管理169
(一)c面协议栈
(二)U型面协议栈
图。 2。 c面和U -面协议栈
3系统架构演进
系统架构演进SAE的重点是提高能力的
3GPP系统的核心网络,以应付在IP数据的快速增长
交通。这3GPP系统增强功能包括减少延迟,更高的用户
数据速率,提高系统容量和覆盖范围,并降低整体成本
为操作员。基于IP的3GPP的服务将通过各种
接入技术与机制,共同支持无缝移动
异构接入网络。在本节中的当前工作
3GPP的SAE的提出关于从[10-14]。
3.1要求
解决的主要目标是[14]:
1。建筑的发展应考虑到LTE的目标
对无线电接口的演变。要针对有效的支持
服务,特别是从PS域(如VoIP)。
2。从不同的RAN /鼠和支持总体结构的影响
接入运营商的政策选择上,根据用户的喜好组合
和RAN条件,改善系统的性能,例如基本
170 A.R.普拉萨德等。
通信延迟;维持在整个协商的服务质量
系统等[12]。
3。支持异构的流动性总体结构方面
雷诺平均(包括PS域业务连续性);如何维护和
支持访问控制(认证,授权)相同的功能;
隐私和不同的RAT充电。
4。移民方面应考虑到上述情况以外,即如何
从现有的架构迁移。
3.2建筑
这是在3GPP决定进行两个规格,一个是利用
现有的协议(即GPRS的传输协议的GTP [10]),另
这是IETF的解决方案的基础上[11]。 SAE的还设置一些高层次的建筑
[4,15]几个原则关于安全和流动性原则
包括:在SAE / LTE的应保证用户的安全程序至少相同
UMTS的安全水平;访问网络应该可以使用版本99
UMTS的用户识别模块USIM卡;验证框架应
鼠年独立的移动性管理不应降低安全性。
对于非漫游时的架构图给出。 3。由于缺乏
空间只有一个接口的网络元素和简要的解释是由于在
这个区段:MME的提供的NAS信令和它的安全,除Cn中节点
可信/不可信*
非3GPP IP接入
或3GPP接入
SGI公司
PCRF

物S6A
高速钢
ePDG
S2b
服务
网关
Wn的*
3GPP的AAA级
服务器
运营商的IP
服务
(例如IMS的,PSS的
等)
西医*
蜡质*
不可信
非3GPP的IP
访问
可信
非3GPP的IP
访问
华*
大*
HPLMN营运
非3GPP
网络
中一至中ü
中一至中MME的
EUTRAN
的2G/3G
SGSN的


中五
S6c
接收
S2a
PDN的
网关
MME的
11片段
S10的
UE的
S2C公司
*不可信非3GPP接入,需要在数据ePDG
图。 3。非漫游SAE的架构
13调动和密钥管理171
信令3GPP接入网络之间的流动性等服务毛重
是网关,它终止对é - UTRAN的接口。对于每一个
UE的,在一个特定时间点,有一个单一的服务与功能毛重
地方移动锚跨环境局交接,流动性的固定点
间3GPP的移动性,合法监听,数据包路由和转发。
在PDN毛重职能包括政策执行,每个用户的数据包筛选,
收费支持,合法拦截和UE的IP地址分配。
有几种不同的移动性管理的概念,这些概念在SAE
不仅是依赖于接入技术和网络层协议
而且还对UE的状态。 SAE的其他行动的问题已到
配合是相互鼠流动,传呼/跟踪领域,语境的依赖
信息的可用性,节能等
4移动解决方案
有几个网络层移动性,可以利用协议中
SAE的/ LTE的支持在LTE的流动性和/从其他雷诺平均。我们现在
知道,3GPP已经取得了协议的选择。总之,我们在这一节
目前,这有可能与他们的差异以及不同的选择
和相似之处。在以后的章节中,我们给出一个分析。
在传统的IP网络中,节点的IP地址通常是必然
它在网络的拓扑位置,以允许路由聚合。对于
一个移动节点,这意味着移动和改变它的位置意味着
它改变其IP地址。在传统的TCP / IP通信
典范,一个节点的IP地址,预计将保持稳定。因此,有人
可能是:(一)达到一个IP节点只知道它的IP地址,(二)结合上
通讯层(例如TCP欲望)的通信的IP地址
端点。随着移动节点的到来,这个IP地址的角色转变
因此,有以下问题:
1。它不再是可能达成移动节点只知道它的IP地址
因为它改变了当移动节点移动。
2。上层的通信将打破在一个运动
通信终端,因为他们必然要IP地址将
改变。
正因为如此,网络层移动协议的目的是为了
恢复被破坏的移动幻影两个基本属性
节点。此外,这些协议可能,这取决于他们的建筑
和机制,提供额外的流动性相关的功能,如:
•路线优化之间的移动节点和其相应的节点。
•减少运动后,通过积极主动的通信中断延迟
配置转交地址变动前,缓冲
接收的数据包在旧接入路由器(AR)和新机场铁路隧道,
和/或当地锚泊。
172 A.R.普拉萨德等。
•减少运动时丢失的数据包通过积极的配置
转交地址变动前,在旧的访问收到的数据包缓冲
路由器(AR)和隧道新的AR和/或当地锚泊。
此外,这些协议也可能提供的功能不属于
直接涉及到移动性,例如:
•网络层多寻:能够切换不同的providerassigned
子网前缀,以应付与ISP故障。这样的前缀可能
分配在一个接口,或者每到一个不同的接口的前缀。
•网络层安全:能够保护的完整性和保密性
通讯。
随着基于IPv6协议的重点如下考虑在这
纸的比较见表2。
•移动IP版本6(移动IPv6)
•移动IP版本6快速切换(FMIPv6)
•分层移动IP版本6(HMIPv6中)
•基于网络的本地化移动(NETLMM)
•IKEv2的移动性和多寻协议(MOBIKE)
•主机标识协议(HIP)的
5密钥管理解决方案
认证过程是主要来源之一,防止延迟无缝
切换。这个延迟主要是由于信令开销是
需要验证用户和负责与新的Access协会
点(AP)的安全性。这两个方面涉及到正确的密钥管理。因此,
快速认证解决方案是必要的代价,以实现
无缝切换,从而提高用户的体验。这些解决方案
归结为有效和高效的密钥管理计划,这是
适用于内和域间切换以及用于水平的和
垂直切换。
可扩展身份验证协议(EAP)[16]是一种通用框架
网络接入认证。框架允许的EAP认证
来验证对等(可能相互认证)和
他们之间建立了两个键,主会话密钥(莫斯科)和
扩展的MSK(EMSK),这是用于保护通信的EAP
较低的层。目前只有MSK是使用不同的较低层
和协议。最常见的用法是在IEEE 802.11i的下层
推导出瞬态会话密钥(邓肇坚)提供访问链接的安全性。对于
在802.11i的实例的第一个512位的MSK用于邓肇坚推导,
802.11r标准使用第二个256位,以获得成对MKS公司(PMKs - R1)的
BSS的快速过渡,802.16使用第一个320位。因特网密钥
13调动和密钥管理173
表2。差异在移动性协议
移动IPv6移动IPv6 HMIPv6中HMIPv6中NETLMM MOBIKE静压
   
FMIPv6 FMIPv6
全球范围的流动性,本地全局,局部地方基层本地全局,本地全局
位置
会合点
对路由
回家的路径
地址
对路由
回家的路径
地址
对路由
路径区域
转交地址
对路由
路径区域
转交地址

路由
路径
区域
护理ofaddress
对路由
IPsec的路径
内部地址
任何地方
水杨酸与信任模型
会合

SA配置
会合

SA配置
会合

SA配置
会合

SA配置
访问
路由器
SA配置
会合

SA配置
会合
点和
记者
节点
路线优化是是否否否否要求
减少
通讯
中断延迟
和丢包
如果当地有

是是是是是如果当地


会合点家乡代理(HA)移动锚点(MAP)的本地化
流动性

(LMA)的
安全
网关
(SGW)
会合
服务器技术(RVS)
路由更新绑定更新(布)本地绑定更新(LBU)路由
更新
(茹)
SA的更新
地址
(美国)
定位器更新
(UPD)的
174 A.R.普拉萨德等。
交换协议(IKEv2协议)有一个身份验证模式,其中的IKE
同行的EAP身份验证通过,从而使该MSK的使用以及。 IKEv2的,
然而,使用实体认证的目的。这种不同的使用情况
在莫斯科,不那么重要的一个层次结构,适当支持根键
快速重新认证的无缝切换。出于这个原因,在IETF
做作工作组试图定义一个EMSK为基础的认证密钥层次结构
无缝切换[17]。由于EMSK从未使用
它可以在任何方式指定的规格,它是可以接受的
所有较低层。一个使用特定的根密钥(USRK)可来自
EMSK和使用进行有效的重新验证的EAP框架内。
在这关键是做作的术语称为重认证根密钥(rrk和)。
关于反过来rrk和用于获得重新认证完整的关键(里克多维)
和重新认证MSKs(rMSK),是特定于每个认证
该百万赞同。该里克多维是用来证明作为党的
完整的EAP方法为基础的认证,并在一个所有权证明使用
百万之间的交流和AAA服务器。最后,rMSK用于
在每次重新推导验证阶段邓肇坚(见图。4)。
做作的密钥层次结构的最重要的特点之一是它
不要求百万的互动与主域进行验证
而在国外漫游时域。
由于做作仍在工作的进展,其使用的若干问题
在3GPP SAE的/ LTE技术还没有得到解决。其中之一是有关
处理与异质性的身份验证机制。不同
网络技术使用不同的认证机制。例如,
UMTS网络中使用了UMTS AKA鉴权机制,EAPAKA
用于无线局域网。虽然UMTS的外号和EAP - AKA几乎
相同的,它们的不同由AKA协议传输方法:产品市场管理
莫斯科EMSK
rRKOther ř ... K报表
长期凭据
rMSK1r ... MSKn
陕甘宁TSK1T ...
里克多维
胡椒基甲基酮- R11的胡椒基甲基酮,R1n ...邓肇坚
陕甘宁TSK1T ...
802.11i的
802.11r标准做作
rrk和其他RKs ...
rMSK1 ...
TSK1 ... TSKn
胡椒基甲基酮- R0的
1不适用TSK1 ... TSKn
胡椒基甲基酮
rMSKn
图。 4。建议做作EMSK层次结构,重新验证,提出了在
2006年7月的IETF 66次会议
13调动和密钥管理175
在EAP协议的情况下UMTS和无线局域网的协议中,前案
没有一个快速重认证功能,同时的EAP -外号[18]确实提供
这样的功能,这使得它更适合用在EAP - ER的使用
框架[19]。
另外一个需要解决的问题是一个正确的密钥分配机制的选择。
该rMSK必须传递到新的认证后重新认证。
关键交付选项不是基于拉或推
模型。推模型不允许随机性以伦比的贡献,
由RADIUS不支持,不很好地扩展,在按键结果的目标
鉴定人对端可能永远不会漫游到,目标鉴定人必须
存储密钥,密钥的名称,相关随机数,寿命,以及其他属性
许多不必要的同行,同行需要在重新认证参与
反正协议接收随机数或其他属性。所以没有太大
价值在推模式。因此同行发起,按需拉模型
更有意义。
对于域间的情况下,关键交货并不简单。如何
AAA服务器知道在外国领域的AP?如何设置一个安全的
沟通渠道,与国外域?难道外国的AP进行通信
与民政rMSK服务器直接或通过其本国的rMSK服务器?
IETF的佩纳[20]是一个网络访问身份验证协议传输
通过IP,因此底层技术无关。这
验证同行的EAP协议,因此既是一种EAP
运输和EAP如IEEE 802.1x的较低层。媒体独立
预认证(MPA)的方法[21]试图定义一个解决方案
预身份验证同时支持域间和部门间技术
切换。 MPA是一个移动辅助更高层次的认证,授权
和移交之前完成计划,是建立链路层
连接到一个网络中的百万在不久的将来可能会移动。在精神创伤和痛苦,
对802.11i的预认证的概念延伸到工作在更高的层次,
额外的安全机制来执行一个早期的IPAddress收购
在新的网络,以及积极主动移交到该网络
而百万仍连接到当前的网络。 MPA的提供了一个安全
和无缝移动优化,工程多相域间
切换。
6的分析
要评估现有的解决方案,我们考虑的一些原则服务
正如本文的指引,评估移交的解决方案。这些指导原则
可与体系结构,性能和安全方面的
的解决方案。所考虑的准则是可重用性建筑(如,
能够再次使用该解决方案添加新的功能最低
修改)和模块(即,该解决方案是由组件
具有良好定义的功能和接口)。需要交接的解决方案
176 A.R.普拉萨德等。
要快,我们考虑以下这些指导原则的表现
一个解决方案:支持不同空中接口技术(如移动设备
与现在的多个网络设备接口),兼容性地方
与全球移动解决方案(如移动设备要跨越
行政区域边界的频率),和多种空中支援
同时正积极接口(可能和适当时)。该
后者要求的解决办法是能源有效。安全有关的准则
包括有约束力的L2,L3和更高层次的用户通过其确定为
USIM卡。
对于我们的分析中,我们考虑三个类别的协议或(部分)解决方案
和评估这些基于我们的指导原则提及。这些
解决方案类别包括:移动/切换解决方案,验证方法,
传输协议和认证。移动或移交管理
我们认为相关的解决方案是:移动IPv6,HMIPv6中,FMIPv6,MOBIKE,
NetLMM,精神创伤和痛苦,IEEE802.21,IEEE802.16 / E和IEEE802.11标准。对于身份验证
方法我们研究的UMTS外号和EAP - AKA的EAP - TLS的,802.11i的,并
的EAP - ER的。最后,我们认为EAP和联合佩纳和IPsec身份验证
我们分析的传输协议。图5给出一个总结
图。 5。比较(部分)支持在SAE / LTE的移动解决方案
13调动和密钥管理177
我们的分析。要注意的是密钥建立/分配方面
这是例如IEEE802.11i,IEEE802.11r,IEEE802.16置备,
的EAP - ER的,做作,IKE和外号)已经包含在一个或多个类别
上文确定。阿图的调查结果接近。 5显示,
一个完整的系统架构是缺少提供安全和快速切换
管理。这样的架构必须提供完整的安全管理
以处理所有移交阶段的威胁。
7结论与未来工作
在本文中,我们提出了一个了SAE / LTE和IP层的流动性概述
协议和密钥管理解决方案,可用于SAE的/ LTE技术。
根据分析,利用的原则,从SAE的/ LTE的要求来
我们得出的结论是的EAP - ER的外号是使用身份验证和
密钥协商的解决方案,应该被用来对SAE的/ LTE技术。这项研究还
结果表明NetLMM和MIP是流动性,可以用来解决方案。
在一定程度上是矛盾的结果是什么目前公认
在3GPP。
从网络层协议的角度3GPP是重点NetLMM
和MIP但也有接受的GTP。显然是接受的GTP
由于现有的解决方案可重复使用的事实。至于密钥协商
3GPP已经为UMTS的外号工作设想。这个工作设想
当然工程的UMTS和LTE之间的快速流动性很好,但是它不
为应付未来那里将是其他雷诺平均一体化。
这项工作仍然留下了需要研究我们的流动性整合
协议和密钥管理解决方案,在SAE / LTE的架构。这
整合工作应同时考虑到安全性和流动性方面。
另一项研究的关键点是SAE的层次结构/ LTE的要求。这可以
很容易在最后结束的不同协议(陆委会点来看,
红丝带中心,NAS和U型飞机)和保密性/完整性的要求。一旦
一切都做了研究,对剩余的威胁和性能也是必需的。
时间:  2010-11-26 15:15
作者: twodogs22

膜拜大神!
时间:  2010-11-26 15:45
作者: baby49c

翻译的这位好给力~ 膜拜
时间:  2010-11-26 16:16
作者: 张掖搓鱼子

好像是用google翻译的啊,要这样可以我就不会在这里发帖了!
时间:  2010-11-29 10:46
作者: lwmailt

楼主你也真搞啊。你弄个一小段E文或许有人能给你解决。整这么长一篇E文,发个帖就让人给你专业翻译啊,二楼GOOGLE翻译已经很不错了。你也得打听一下现在市场上专业翻译都是以字数论价的。
时间:  2010-11-29 15:22
作者: jzltxwt

有偿无偿?
时间:  2010-11-29 15:28
作者: langzi172

楼主真搞笑,超过3句话,无偿谁给你翻译
时间:  2010-11-29 15:34
作者: txbao

太厉害了!!
时间:  2010-11-30 22:03
作者: spirit4999

世界太疯狂!




通信人家园 (https://www.txrjy.com/) Powered by C114