Modem wireless systems, such as those of the third generation and beyond, are being adapted to send and receive packet data at transfer rates of hundreds, and even of thousands, of kilobits per second. By way of illustration, FIG. 1 shows the high-level architecture of one type of third-generation wireless system, referred to as “UMTS” for “Universal Mobile Telecommunications System.” As seen in the figure, mobile user terminal 10 communicates over an air interface with base station 20. A base station may also be referred to in this context as a “Node B”. Base station 20 communicates with a backhaul network 30, which includes Radio Network Controller (RNC) 40, Authentication Center (AuC) 50, Mobile Switching Center (MSC) 60, and element 70, which as shown combines the functions of SGSN and GGSN.
The RNC controls a set of base stations that are connected to it. Its function is to manage radio resources. For example, it controls the set-up and tear-down of calls and the processing of voice and data traffic. It also manages hard and soft handoff between cells.
The AuC authenticates each user who tries to log onto the network. More specifically, the AuC authenticates the SIM card located in the entering user's terminal. For each subscriber, a unique secret key is shared between the subscriber and the AuC. The AuC challenges the entering subscriber by sending him a random number which is to be hashed or encrypted with the shared key, and the result returned to the AuC. If the result that has been returned matches the AuC's own result from the same operation, the user will be admitted to the network. The secret information which is shared between the AuC and the user is also used to create a ciphering key CK which provides security when the user and the base station communicate with each other over the air.
It should be noted in this regard that according to other standards, such as certain North American CDMA standards, the cellphone which operates as a user terminal does not include a SIM card. Instead, an electronic serial number (ESN) is inscribed in the cellphone hardware by the manufacturer. In addition, the wireless carrier may identify the cellphone by a mobile identification number (MIN). The ESN and the MIN may be used together for identification, and may be used in procedures for authentication and security. It should further be noted that according to certain standards, including certain North American standards for 3GPP2, functions similar to those of the AuC may be carried out by a network element referred to as the “AAA server”, in which “AAA” stands for “Authentication, Authorization, and Accounting.”
Turning again to FIG. 1, the MSC is a telephone exchange that supports, among other things, circuit-switched calling and mobility management for users who are roaming within its service area. Data can be delivered directly to the MSC from the wired network in digitally encoded form. As seen in the figure, the MSC connects to the public switched telephone network (PSTN). The AuC acts indirectly through the MSC to perform its authentication function.
The SGSN (“Serving GPRS Support Node”) tracks the locations of the user terminals within its service area, supports billing and security functions, tunnels downlink packets toward the RNC, and detunnels uplink packets from the RNC. The tunneling and detunneling of packets are in accordance with the GPRS Tunneling Protocol (GTP), which among other things makes it possible for mobile users to maintain connection to the internet while moving from place to place.
The GGSN (“Gateway GPRS Support Node”) functions as an IP router with respect to external packet data networks. As seen in the figure, for example, the GGSN connects to the “IP network.” The GGSN also supports security and billing functions. In accordance with GTP, the GGSN makes the conversion between the ordinary IP packets transported on the external packet networks, and the GTP packets that are tunneled within the UMTS core network. To the external packet network, it appears as though the user, although possibly moving from place to place, is fixed at the GGSN.
It should be noted in this regard that according to other standards, such as certain North American CDMA standards, the RNC is connected to a PDSN instead of an SGSN. The PDSN in turn is connected to a Home Agent (HA). Also, the tunneling protocols used for communication between the PDSN and the RNC and over to the Base Station do not involve GTP. Other systems and standards, such as the IEEE 802.16 based WiMAX system, use a different hierarchy consisting of base stations connected to an Access Gateway (AGW). Overall, the functionality is similar although the details are different.
The base station is typically in an exposed location, and therefore relatively insecure against physical intrusion. On the other hand, the RNC, MSC, SGSN, and GGSN are typically situated in central offices, where sensitive network information can be protected against eavesdropping, tampering, sabotage, and theft.
Thus, the execution of security-related functions is confined to those network elements that are physically secure, whereas the base station acts only to forward encrypted data, without decoding the encrypted messages. Because it is assumed that the physically secure network elements are interconnected by a network that is likewise secure, there are generally no mandatory requirements to additionally set up secure tunnels between those network elements.
Various advanced architectures have been proposed, which may lead to greater exposure, and less physical security, at certain network elements. For example, a flat IP architecture such as the BSR (Base Station Router) architecture integrates most of the functionality of the RNC, SGSN, and GGSN into the base station. (Another version of the BSR architecture relates to the SAE/LTE architecture rather than the UMTS architecture. In this second type of BSR, the eNB, MME, and UPE are integrated into the base station. The preceding abbreviations respectively stand for “enhanced Node B”, “Mobility Management Entity”, and “User Plane Entity.”)
Thus, FIG. 2, for example, shows mobile user 80 in radio communication with BSR 90, which connects in turn to a backhaul network including AuC 100, SIP server 110, an IP network, and the PSTN. As seen in the figure, the IP network connects the BSR to the AuC and the SIP server. SIP (“Session Initiation Protocol”) is an internet signaling protocol for VoIP (“Voice over IP”) as well as other types of interactive user sessions involving multiple kinds of media. In the figure, the SIP server block is meant to represent all the support functions for VoIP and the like.
In the BSR and similar architectures, encryption and other security-related functions, and even keys and other sensitive information, may reside at physically exposed locations. Moreover, the BSR might make external connections through a public IP network that is vulnerable to eavesdropping and tampering. Because of such increased exposure, there is a need for new safeguards against malicious activity.
However, because physical protection of the backhaul network cannot be guaranteed, it is desirable for such new safeguards to be logically based, at least in part. On the other hand, a new logically based safeguard may face opposition because, e.g., it is incompatible with some wireless standards, or because while conforming to wireless standards it is incompatible with internet standards.
Thus one need, in particular, is for a safeguard against malicious attacks that is effective end-to-end, i.e. between a wireless user terminal and a node of the IP network, or between two wireless user terminals connected via the IP network, and which moreover can be implemented without major changes to existing IP standards.