· Introduction
Mobile Networks are
telecommunication networks where we do not have any physical link between the
end-user devices and the base transceiver station. The medium between these two
is a wireless link through which the end-user gets connected to a mobile
network. The device that radiates frequencies is called RF Antenna which can
receive the traffic from the end devices.
The major concern in mobile
networks is the security of the end-user data and the proper recognition of
authorized devices to access the network. Therefore, certain authentication
procedures are used to authenticate the desired devices.
We will discuss the importance of
authentication and procedures in LTE and 5G in the following paragraphs.
·
Why do we need authentication
in mobile networks?
Mobile networks have made our
lives very easy in terms of communication, video, voice, and data sharing. We
are connected to each other via our mobile sets and sharing live activities and
may be enjoying a cricket match from our favorite location. The time to get
tied to Television sets is history now.
But with these facilities, we have
encountered privacy and security issues related to privacy and data
security. Therefore, the providers are using security technologies to protect our
data and privacy.
Authentication is one of the most
important aspects that every mobile network must support whether that is a 3G,
4G or, 5G network. Every company prefers the authentication of its users to
enable security. In the case of mobile networks, we have a central database
where we create a profile for every user in our network. When the user tries to
access the network, the device information is forwarded to a dedicated server
which matches the profile information with the incoming connection request.
When the received information is accurate the node allows the user to access
network resources.
So, the core purpose of
authentication is to ensure security by either forwarding the user request to
access the network or rejecting the unauthorized request for network access.
Through the authentication procedure, mobile networks make sure that the
traffic transferred over the wireless links is secure and not manipulated by a
man in the middle between the device and the base station.
·
Authentication in 4G
Networks.
The term LTE is used for “Long
term Evolution” which is a form of wireless broadband communication. This
technology was designed to provide high-speed data internet only, voice calls
are not supported by LTE rather VOIP or VoLTE is used for voice calls over
internet protocol. LTE uses a group of transmitting and receiving antennas at
both the mobile site and at the base station side. The base station is known as
eNodeB in LTE which supports multiple parallel streams to send and receive
data.
Below is the LTE architecture and the node that is related to authentication is the home subscriber server (HSS) which is connected to the mobility management entity for receiving and sending subscriber information.
If we study the call flow of LTE,
it starts from the UE, which sends attach request towards the enodeB, which directs
the attach request towards the MME. Then MME verifies the authenticity of the
connection request.
Below are the authentication
procedures that LTE uses for ensuring the security and authentication of incoming connection requests.
LTE Networks are using two
security procedures for customer and network information security at two
different levels.
·
RRC and User Plane Security
between the UE and EUTRAN.
The RRC
security association ensures security between the UE and EUTRAN before the
subscriber accesses the core network and reaches HSS.
·
NAS Security association
between UE and MME.
NAS is
the non-access stratum that ensures the security of data transmission between
the UE and MME it uses ciphering and protects the integrity of subscriber’s
data.
After the association of the device
with the core network below are the security procedures parameter that is used
for authentication of the subscriber request.
·
RAND: Random Challenge
It is a
random value generated by MME and provided to the UE to decode and UE runs an
algorithm. The length of the random number is 16 octets.
·
AUTN: Authentication Token
An authentication
token is used to provide the authentication information to UE. This is a way to
authenticate the network by the UE to check if the network is the one it wanted
to get connected.
·
XRES: Expected response
XRES is a
parameter that is generated by the MME and sent to HSS and UE, it monitors if
both can generate the response that MME expects.
·
EPS-AKA (Evolved Packet
System Authentication and Key Management)
This
procedure triggers when the UE gets through the initial attach procedure at the
EUTRAN end. When it reached the core network MME sends an authentication
request message to the HSS. This authentication message consists of UE-related identities
like IMSI, PLMN ID, GUTI, etc. The information also contains some
authentication vector information which is decoded by HSS and send back to MME
and this message is called the Authentication response message.
MME then sends an authentication request to the UE with some authentication vectors and expects a response that MME already generated. When the same response is generated by UE also, this procedure gets completed and both device
·
Authentication in 5G
5G is the
latest wireless broadband technology that targets three main things that can’t
be provided by current technologies.
ü eMMB: Enhanced Mobile broadband
ü URLLC, Ultra reliable low latency less than 1ms.
ü mMTC, Massive machine type
communication.
5G is the ideal technology that supports IOT and smart cities and large industrial requirements.
UDM or unified data management is
the main node associated with the authentication and database of the 5G
networks.
5G is a service-based
architecture and uses three main security procedures.
·
5G AKA: Authentication and Key
Management
·
EAP-AKA: Extensible
Authentication Protocol-AKA
·
EAP-TLS: Extensible
Authentication Protocol-Transport layer security.
In 5G both AUSF and UDM support
authentication functions where the first two procedures are the mandatory
authentication procedures and the third one is an optional function. 5G
authentication is completed in two phases.
ü Phase-1: Selection and Initiation of authentication method.
ü Phase-2: The authentication procedure starts between UE and Network.
After the Selection of the
authentication procedure, a few authentication vectors are exchanged and
validated at AUSF and UDM. Below is the block diagram showing authentication.
Below are the necessary
authentication vectors used in 5G networks.
EAP-AKA:
It is an authentication procedure
in 5G where a cryptographic key is a share between the network and the UE. In
the procedure, both network and the UE authenticates each other to ensure the
security of information transfer between the network and device.
Here the unified data manager
(UDM) generates an authentication vector (AV). Separation for the application
management function aka AMF generates a separation bit 1, IK & CK. Then
these AV are sent to the AUSF with the instructions to use these authentication
vectors for EAP-AKA. The UDF alters these AV (RAND, AUTN, XRES, CK, IK) before
it sends them to AUSF.
Conclusion
|
4G |
5G |
|
In 4G
authentication HSS & MME plays main role |
Entities
in 5G are different from 4G particularly SIDF which does not exist in 4G |
|
UE
identity over the radio access network is sent unencrypted |
The
UE permanent ID is always encrypted in 5G |
|
4G
authentication is less secure than 5g |
5G
offers better security with more separation keys |
Abbreviation
RF
Radio Frequency
LTE Long term Evolution
VOIP Voice
over IP
VoLTE
Voice over LTE
HSS Home subscriber Server
UE
User equipment
ENodeB
4G base station
MME
Mobility Management Entity
SGW
serving Gateway.
PCRF Packet and
Charging rule function.
Pgw
Packet Gateway
SAE
Service Architecture Evolution
RRC Radio
resource Control
EUTRAN
Evolved Universal terrestrial Radia access network.
NAS
Network access stratum
IMSI International
mobile subscriber’s identity
gNB
5G Base station
AMF
Application management function
SEAF
Security
Anchor Function
AUSF
Authentication
server function
UDM Unified data management
GUTI Globally unique temporary identity.
CK Cipher
key
IK
integrity Key
No comments:
Post a Comment