During the last decade, mobile telecommunications has become the predominant form of communications and further growth is expected in the years to come. Mobile telecommunications relies on the existence of a radio access network system providing radio coverage by means of base stations (e.g.(e)NodeBs) in areas through which mobile user devices can move. The base stations are connected to a core network system of the telecom provider in order to allow communication services to be established. The core network system comprises several further telecommunications nodes.
One such node is the Home Subscriber System (HSS). The HSS has two functions, viz. (1) storing user subscription information and updating this information when necessary and (2) generating security information from one or more secret keys. The secret keys are normally shared between the HSS and the (U)SIM in the user device and should be kept secret, i.e. a shared secret key. Security information is derived using the secret key. The security information is used for device authentication and/or, in 3G and 4G networks, network authentication and to ensure that data transferred over the radio path is encrypted. For 3G networks, a detailed description can be found in 3GPP TS 33.102; for 4G networks in 3GPP TS 33.401.
The existing 3G and 4G telecommunication standards require the availability of the communication identifiers (e.g. an IMSI or MSISDN related to a user device for voice communication services and SMS services or a SIPURI for SIP communication services) and security information from a central database (e.g. a HLR/AuC or the HSS) to establish a communication service with the terminals in the coverage area of the base station.
A new project has been launched in 3GPP to study Isolated E-UTRAN operation for Public Safety (3GPP TR 22.897). The core network system may be unavailable to the radio access network system (i.e. the radio access network system is isolated) for a variety of reasons. A catastrophic event may have occurred (e.g. an earthquake, flooding, explosion) or hardware or software failures may occur in the telecommunications system. In one particular example, the connection link between one or more base stations (that as such are still able to provide radio coverage for the user devices for one or more communication services) and the core network system may be broken. In one other example, the connection link with the base station is operational, but other parts of the core network do not operate appropriately such that the central database cannot be accessed.
WO 2011/134039 discloses a method of establishing communication lines during a failure within a mobile communications network. A base station may assume a survivability mode if disruptions are detected. In the survivability mode, survivability components may be activated within a base station that enable communications and services to be provided by the base stations. One survivability component includes an authenticator providing authentication and authorization for mobile devices in the coverage area of the base stations. The authenticator survivability component performs the function of the authentication centre AuC of the core network system and stores the secret keys.
This method is disadvantageous from a security perspective. Whereas the AuC element or AuC part of a core network system is a highly secure and rigorously protected environment, this is less so for base stations. Storing the secret key in each base station may therefore endanger communication security.