FIG. 1 is an illustration of elements of a fourth generation (4G) cellular network 100 according to prior art. The 4G cellular network 100 may comprise an access part (e.g., a radio access network (RAN)), which may be referred to herein as an evolved universal terrestrial radio access network (E-UTRAN) 102 and a core part (e.g., a core network), which may be referred to herein as an evolved packet core (EPC) 104. The E-UTRAN 102 and EPC 104 together form an evolved packet system (EPS).
The EPS may communicate with a client device 106 (e.g., mobile device, mobile terminal, user equipment (UE), terminal). The client device 106 may include a universal subscriber identity module (USIM) 108 (commonly referred to as a SIM card). The USIM 108 may be an integrated circuit chip that securely stores, for example, an international mobile subscriber identity (IMSI) number and its related key, K. The key, K, may be a root key.
Communication in the EPS is divided into planes, namely a user-plane (UP) and a control-plane (CP). In FIG. 1, one particular control-plane signaling path is identified by a dashed line 110 between an access node 112 (e.g., eNodeB) and a mobility management entity (MME) 114, while one particular user-plane data traffic path is identified by a solid line 116 between the access node 112 and a serving gateway (S-GW) 118. Those of skill in the art know additional and alternative paths for control-plane signaling and user-plane data traffic. The illustration of FIG. 1 is exemplary and not meant to be limiting.
The E-UTRAN 102 includes an access node 112, which includes hardware that wirelessly communicates with the client device 106. In Long Term Evolution (LTE) networks, the access node 112 may be referred to as an evolved Node B (eNodeB). By way of example, a single LTE access node may serve one or more E-UTRAN 102 cells.
The EPC 104 includes a packet data network (PDN) gateway (P-GW) 120. The P-GW 120 serves as a gateway to a packet data network 122 such as the Internet and/or private corporate networks. A P-GW 120 may be considered as a passageway to the packet data network 122; it is a point of network policy enforcement. An access node 112 may be considered as a passageway for over-the-air access of a client device 106 to a core network (e.g., EPC 104). An access node 112 may be collocated with a P-GW 120 but the function of the access node 112 is different from that of the P-GW 120. In other words, even if they are collocated, an access node 112 and a P-GW 120 are separate entities with separate functions.
The EPC 104 further includes a home subscriber server (HSS) 124. The HSS 124 stores the unique identities of each client device 106. An authentication center (AuC) 126 may be coupled to the HSS 124. The AuC 126 may serve to authenticate the USIM 108 when the client device 106 attempts to connect to the EPC 104. The AuC 126 may store the same key (e.g., root key K) as that stored in the USIM 108. In other words, the AuC 126 may store a second instance of the root key K that is stored in the USIM 108. The root key is not transmitted over the air. Authentication of the USIM 108 by the AuC 126 may typically occur when the client device 106 is powered on.
The EPC 104 also includes an S-GW 118. The S-GW 118 executes functions related to the transportation of user-plane IP messages to and from a client device 106. It is generally understood that a message may include one or more packets. Packets and messages may have different formats and be encapsulated by different headers. For ease of reference herein, the term message is used throughout.
The EPC 104 also includes an MME 114. The MME 114 executes functions related to setting up, maintaining, and releasing various physical channels. The MME 114 may prepare bearers for message communication. The MME 114 is involved in the control-plane, while the client device 106, access node 112, S-GW 118, P-GW 120, and HSS 124 are involved in both the control and user-planes.
When a client device 106 communicates with a network (e.g., EPC 104), it is identified using a Temporary Mobile Subscriber Identity (TMSI) that is allocated by the MME 114 during an attach procedure. The client device 106 is also identified by an IP address, which is allocated by the P-GW 120 as soon as the client device 106 is powered on.
Control-Plane
In the control-plane, when a client device 106 seeks to attach to a network, it will contact an access node 112. The access node 112 will select an MME 114 for the client device 106. The MME 114 will select the S-GW 118 and P-GW 120. The P-GW 120 may be selected according to an Access Point Name (APN), which is typically provided by the user or the user's operator. The client device 106 is allocated an IP address from the selected P-GW 120 and is thus attached to the cellular network 100.
User-Plane
Once attached, the client device 106 can send and receive messages (e.g., data traffic for voice and data) over the user-plane, via the access node 112, to and from the P-GW 120. In order to secure the user-plane link between the client device 106 and the access node 112, these two nodes presently derive an encryption key known as a KUPenc key. An explanation of the derivation of the KUPenc key is provided in connection with the KUPenc key 316 presented in the key hierarchy described in FIG. 3. In order to secure the user-plane backhaul link between the access node 112 and the P-GW 120, these two nodes rely on Internet Protocol Security (IPSEC). IPSEC is a protocol suite to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. It is noted that backhaul security is not defined in a bearer basis, but defined by Network Domain Security (NDS).
The cellular network 100 provides security for user-plane data traffic flowing to and from the access node 112 in both the downlink and uplink directions. In a downlink direction, when an IP message carrying user data traffic reaches the P-GW 120 (e.g., from a packet data network 122, such as the Internet), the message may be encrypted and securely transferred to the access node 112 using IPSEC. The message may be decrypted at the access node 112. Unencrypted message data may therefore exist on the access node 112. The message may then again be encrypted and securely transferred from the access node 112 to the client device 106 using the KUPenc key. In an uplink direction, when an IP message carrying user data is set to be sent over-the-air, from the client device 106 to the access node 112, the message may be encrypted and securely transferred to the access node 112 using the KUPenc key. The message may be decrypted at the access node 112. Again, unencrypted message data may therefore exist on the access node 112. The message may then again be encrypted and securely transferred from the access node 112 to the P-GW 120 using IPSEC.
The security provided by the encryption should preferably keep messages safe from attacks by third parties or even access nodes compromised or deployed in an untrusted location. As will be described later, the client device 106 and the access node 112 both derive the KUPenc key used to secure data traffic traveling over the air in the uplink and downlink directions between the client device 106 and the access node 112. User-plane security terminates at the access node 112. User-plane security is dependent upon the correct behavior of the access node 112, which, as described, holds unencrypted message data as that data awaits its turn to be transferred from the access node 112 on its way to either the P-GW 120 or the client device 106.
It is noted that security is defined separately as between the Non-Access Stratum (NAS) and the Access Stratum (AS). The NAS provides for processing of communications between a core network node, such as the MME 114, and a client device 106. The AS provides for communication between the access node 112 and a client device 106. Additionally, security on the control-plane is defined separately from security on the user-plane.
Several examples illustrate the importance of maintaining security on the user-plane. For example, if a third party compromises the security of an access node 112, the third party may be able to capture unencrypted data directly from the access node 112. By way of a second example, an attacker could replace a user's data with its own data. The receiving party would not be able to tell that the data was not from the user. By way of a third example, the attacker might flip bits in a user's messages, which would result in the transmission of messages that could not be properly decrypted, therefore wasting valuable resources.
The access node 112 may be a target for attack because the access node 112 may be located in a public place (e.g., untrusted or insecure location), making it more vulnerable to an adversarial attack. Additionally, many access nodes (e.g., similar to access node 112) are shared by multiple mobile network operators (MNOs). The mobile network operators may not each operate according to the same levels of security and oversight, making it possible for one malicious entity to gain access to an access node 112 via a mobile network operator with lax security practices.
In 4G networks, user-plane security terminates at the access node 112, which is where client device 106 messages are sent and received. Consequently, client device 106 privacy of user-plane data is dependent upon the integrity (or security status) of the access node 112. If the access node 112 is compromised or is deployed in an untrusted location, the security of the user-plane data traffic of the client device 106 is in danger of being compromised.
This reliance on the access node 112 for user-plane security may be in tension with the design philosophy of 4G security architecture, which sought to place less trust, and therefore less reliance, on the access node 112. In proposed next generation cellular networks (such as 5G), the access node 112 may be even less trusted than in 4G networks due to the need for network densification to support higher capacity and/or bandwidth, mesh nodes, or relay nodes which encompass access node or access node functionality.
Accordingly, it would be beneficial to remove the access node 112 as a trusted entity for purposes of secure communication between the P-GW 120 and the client device 106.