I. Field
The following description relates to wireless communications, in general, and to facilitating handover security in wireless communication systems, in particular.
II. Background
Wireless communication systems are widely deployed to provide various types of communication. For instance, voice and/or data can be provided via such wireless communication systems. A typical wireless communication system, or network, can provide multiple users access to one or more shared resources (e.g., bandwidth, transmit power). For instance, a system can use a variety of multiple access techniques such as Frequency Division Multiplexing (FDM), Time Division Multiplexing (TDM), Code Division Multiplexing (CDM), Orthogonal Frequency Division Multiplexing (OFDM), and others.
Generally, wireless multiple access communication systems can simultaneously support communication for multiple user equipment (UEs). Each UE can communicate with one or more base stations (BSs) via transmissions on forward and reverse links. The forward link (or downlink (DL)) refers to the communication link from BSs to UEs, and the reverse link (or uplink (UL)) refers to the communication link from UEs to BSs.
In various embodiments, the BS can be placed in untrusted locations posing risk of security breaches during communication with the UE for handover and other processes. Existing handover techniques have at least one security vulnerability: the repetition of the same keystream used during different processes (e.g., handover and other processes). For example, with regard to existing Long-Term Evolution (LTE)/Evolved Universal Terrestrial Radio Access Network (UTRAN) (collectively, E-UTRAN) security architecture (as defined in 3GPP TS 33.401 v8.4.0, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE): Security architecture (Release 8)”), the possibility of keystream repeat for access stratum (AS) security during Inter-Radio Access Technology (IRAT) Handover scenarios is a security vulnerability.
One such example is handover from a Global System for Mobile Communications (GSM) Enhanced Data rates for GSM Evolution (EDGE) Radio Access Network (collectively, GERAN)/UTRAN to a E-UTRAN. Specifically, when the UE is on an active mode in GERAN/UTRAN, AS security is provided using keys derived from one or more security contexts previously-established between the UE and the network. The UE performs handover to new cell in active mode and key, KeNB, derived with a Key Derivation Function (KDF) from a mapped security context. The KDF uses a value indicative of a number of instances of computing the key KeNB, and/or non-access stratum (NAS) COUNT information as inputs to avoid keystream repeat for a given security context. The computation of KeNB is performed according to the following equation: KeNB=KDF (KASME, S), where S is an input string to the KDF along with key KASME. S can include FC (with an FC value of 0x11)|UL NAS COUNT (with a value of 0x00 0x00)|length of the UL NAS COUNT (with a value of 0x00 0x04). FC can be an octet used to distinguish between different instances of the same algorithm. The instances can be indicative of the different types of algorithms performed. For example, different FC values are used depending on the parameter being derived. The current FC values can be in the range 0x10-0x1F. KASME is a 256-bit key derived by the UE and by the Access Security Management Entity (ASME) called Mobility Management Entity (MME). The UE goes to idle mode in the new cell, for example, after a call has ended. The KDF function is also applied when a cryptographically protected E-UTRAN radio bearer is established and when a key change on-the-fly is performed.
After the passage of time, the UE performs a NAS Service Request to the same cell using idle to active mode procedures. As such, the KeNB is again derived using the same formula as the formula used to derive KeNB for handover, e.g., KeNB=KDF (KASME, S), where S is FC (with an FC value of 0x11)|UL NAS COUNT (with a value of 0x00 0x00)|length of the UL NAS COUNT (with a value of 0x00 0x04). Because the UE has not sent any NAS messages before the NAS service request, the UL NAS COUNT is still zero. As a result, the same KeNB value is computed. Computation of the same KeNB value results in a keystream repeat in AS level security. A keystream repeat can result in a serious security breach. As such, systems, methods and apparatus for improving handover security are desirable.