During the last decade, mobile telecommunications has become the predominant form of communications and further growth is expected in the years to come. Mobile telecommunications relies on the existence of a radio access network system providing radio coverage by means of base stations (e.g. (e)NodeBs) in areas through which mobile user devices can move. The base stations are connected to a core network system of a telecommunications network of a telecommunications provider in order to allow communication services to be established. The core network system comprises several further telecommunications nodes.
One such node is the Home Subscriber System (HSS). The HSS has two functions, viz. (1) storing user subscription information and updating this information when necessary and (2) generating security information from one or more secret keys. The secret keys are normally shared between the HSS and the (U)SIM in the user device and should be kept secret, i.e. a shared secret key. Security information is derived using the secret key. The security information is used for device authentication and/or, in 3G and 4G networks, network authentication and to ensure that data transferred over the radio path is encrypted. For 3G networks, a detailed description of the security can be found in 3GPP TS 33.102; for 4G networks in 3GPP TS 33.401.
A new project has been launched in 3GPP to study Isolated E-UTRAN operation for Public Safety (3GPP TR 22.897). The core network system may be unavailable to the radio access network system (i.e. the radio access network system is isolated) for a variety of reasons. A catastrophic event may have occurred (e.g. an earthquake, flooding, explosion) or hardware or software failures may occur in the telecommunications system. In one particular example, the connection link between one or more base stations (that as such are still able to provide radio coverage for the user devices for one or more communication services) and the core network system may be broken. In one other example, the connection link with the base station is operational, but other parts of the core network do not operate appropriately such that the central database cannot be accessed.
Other cases wherein the core network system is not or not continuously available include stand-alone networks providing coverage or additional capacity in some areas that are not or not sufficiently covered by the primary radio access network. A specific example includes military missions where a truck could carry a radio access network enabling communication amongst the military personnel in the area covered by the mobile radio access network.
WO 2011/134039 discloses a method of establishing communication lines during a failure within a mobile communications network. A base station may assume a survivability mode if disruptions are detected. In the survivability mode, survivability components may be activated within a base station that enable communications and services to be provided by the base stations. One survivability component includes an authenticator providing authentication and authorization for mobile devices in the coverage area of the base stations. The authenticator survivability component performs the function of the authentication centre AuC of the core network system and stores the secret keys.
This method is disadvantageous from a security perspective. Whereas the AuC element or AuC part of a core network system is a highly secure and rigorously protected environment, this is less so for base stations. Storing the original secret key in each base station may therefore endanger communication security. If the authenticator survivability component gets compromised, the security of all user devices for which the shared secret key is stored in the base station is compromised.
There exists a need in the art for a more secure solution to provide a local authentication function for a base station or set of base station.