A radio communication system is currently proposed in which EUTRAN (Evolved UMTS Terrestrial Radio Access network, where UMTS=Universal Mobile Telecommunication System) and EPC (Evolved Packet Core) are configured as shown in FIG. 1 in LTE (Long Term Evolution) for which standardization is advancing in the 3GPP (3rd Generation Partnership Projects) (see 4.2.1 of Non-Patent Document 1 and FIG. 4 of Non-Patent Document 2). These names are not thus limited, EUTRAN being referred to as LTE, EPC being referred to as SAE (System Architecture Evolution), and EUTRAN together with EPC being referred to as an EPS (Evolved Packet System).
Referring to FIG. 1, eNode B (evolved Node B) 10, which are base stations, are provided on the EUTRAN side. On the EPC side, MME (Mobility Management Entity) 20 that is a mobility management node, S-GW (Serving Gateway) 30 that is a Gateway, P-GW (Packet Data Network Gateway) 40 that is a host gateway, and HSS (Home Subscriber Server) 50 are provided as the CN (Core Network) Node. In addition, eNode B 10 are connected to UE (User Equipment) 60 that is a radio communication apparatus by way of a radio interface.
Here MME 20 is a node equipped with the mobility management (location updating) function and handover control function of UE 60, and the selection function and bearer management function of S-GW 30 and P-GW 40 (4.4.2 of Non-Patent Document 1). In addition, S-GW 30 is a node that transfers packet data of the user plane between eNode B 10 and P-GW 40. P-GW 40 is a node that transfers transmission packet data from its own network (Home PLMN, where PLMN is a Public Land Mobile Network) to an outside network (Visit PLMN) and received packet data from an outside network to its own network. HSS 50 is a server that holds user information that is used in the authentication of UE 60.
In order to ensure the security of a radio communication system, S-GW 30 must know the origination address of eNode B 10 to verify the safety of uplink packet data from eNode B 10.
According to one method that can be considered by which S-GW 30 learns the origination address of eNode B 10, the origination address of eNode B 10 is set in S-GW 30 by the manual operation of an operator beforehand. However, setting by manual operation of an operator is extremely tedious and may entail the problem of an increase in OPEX (Operation Expenditure) when a large number of eNode B 10 are to be installed.
On the other hand, ignoring security and not making settings by manual operation of an operator can also be considered. In this case, even when S-GW 30 receives packet data from eNode B 10, the received packet data are transmitted without alteration to P-GW 40 of the host node without verifying the origination address of eNode B 10.
The security problem is here described with reference to a case of handover (FIG. 5.5.1.2-1 of Non-Patent Document 1) such as shown in FIG. 2.
In FIG. 2, eNode B 10 of the movement origin of UE 60 at the time of handover is referred to as Source eNode B 10-S and the movement destination of eNode B 10 is referred to as Target eNode B 10-T (identical hereinbelow).
Referring to FIG. 2, UE 60 has moved from the area of Source eNode B 10-S to the area of Target eNode B 10-T, whereby Source eNode B 10-S is assumed to have made a handover decision (HO decision) in Step 2301.
Source eNode B 10-S then transmits a message (Handover Request message) requesting handover to Target eNode B 10-T in Step 2302.
After setting radio resources in Step 2303, Target eNode B 10-T next transmits a response message (Handover Response Message) to the Handover Request message to Source eNode B 10-S in Step 2304. In Step 2305, Source eNode B 10-S transmits a message (Handover Command message) commanding handover to UE 60.
Next, after synchronization is established between UE 60 and Target eNode B 10-T in Step 2306, UE 60 transmits uplink packet data in Step 2307.
However, even though S-GW 30 receives packet data from Target eNode B 10-T, S-GW 30 does not know the origination address of Target eNode B 10-T and therefore ignores security and, without verifying the origination address of Target eNode B 10-T, transmits the received packet data without alteration to P-GW 40.
Ignoring security in this way raises the potential for the occurrence of serious problems such as system failures caused by proliferation within the network of illegal packet data that carry the danger of an attack in which the transmission of a large volume of packet data paralyzes the radio communication system and prevents the continuation of service, i.e., the danger of a DoS attack (Denial of Service attack).
When UE 60 subsequently transmits a message (Handover Complete message) indicating the completion of handover to Target eNode B 10-T in Step 2308, Target eNode B 10-T transmits a message (Path Switch Request message) requesting path switching to MME 20 in Step 2309, and MME 20 transmits a message (User Plane Update Request message) requesting updating of the user plane to S-GW 30 in Step 2310. S-GW 30, having received this message, carries out path switching of downlink from Source eNode B 10-S to Target eNode B 10-T in Step 2311.
S-GW 30 then transmits a response message (User Plane Update Response message) to the User Plane Update Request message to MME 20 in Step 2312. MME 20 transmits a response message (Path Switch Request Acknowledgement message) to the path switch request message to Target eNode B 10-T in Step 2313, and Target eNode B 10-T transmits a message (Release Resource message) indicating the release of resources in Step 2314.
Accordingly, the safety of packet data received in S-GW 30 from Target eNode B 10-T must be verified even when handover occurs to ensure the security of a radio communication system, and to this end, S-GW 30 must know the origination address of Target eNode B 10-T. However, setting the origination address of eNode B 10 in S-GW 30 by the manual operation of an operator has the potential of leading to an increase in OPEX.
In addition, the problem of security is also critical in a roaming environment of UE 60.
The problem of security in a roaming environment is here described with reference to FIG. 3 (FIG. 4.2.2-1 of Non-Patent Document 1)
Referring to FIG. 3, eNode B 10, MME 20, and S-GW 30 are provided in the outside network of the roaming destination of UE 60 (Visit PLMN).
S-GW 30 of the outside network and P-GW 40 of the home network (Home PLMN) are normally connected by way of a public network. The public network is, for example, a public Internet network.
When, for example, packet data are received from a public network and transferred to the home network without verifying the safety of these packet data, the danger arises in which serious problems may occur such as proliferation within the home network of packet data having a potential of DoS attacks and system failures.
As a result, P-GW 40 must collate the origination address of the packet data that were received from the public network with the origination address of S-GW 30 that transmitted in these packet data, and, after verifying safety, transfer the received packet data into its own network. For this purpose, P-GW 40 must know the origination address of S-GW 30, but in the event of handover that accompanies change of S-GW 30 in a roaming environment, P-GW 40 cannot learn the origination address of S-GW 30 after the change.
Accordingly, ensuring the security of a radio communication system requires the verification of the safety of packet data received in P-GW 40 of the home network from S-GW 30 of the outside network that is the roaming destination of UE 60 even in the event of handover that accompanies change of S-GW 30 in a roaming environment, and for this purpose, P-GW 40 must know the origination address of S-GW 30 following a change. However, setting of the origination address of S-GW 30 in P-GW 40 by the manual operation of an operator has the potential to increase OPEX.
Summarizing the above, ensuring security in the event of a handover while reducing manual operations by an operator regardless of the roaming environment is a critical issue in a radio communication system.
Non-Patent Document 1: 3GPP TS 23.401, V8.0.0
Non-Patent Document 2: 3GPP TS 36.300, V8.2.0