1. Field of the Invention
The present invention relates generally to wireless communication systems, and more particularly, to an apparatus for and method of mutual authentication between a User Equipment (UE) and an Evolved Packet Core (EPC).
2. Description of the Related Art
The Third Generation Partnership Project (3GPP) initiated the work on Isolated Evolved Universal Mobile Telecommunications System Terrestrial Radio Access Network (E-UTRAN) Operation for Public Safety (IOPS), where the objective is to ensure continued ability of public safety users to communicate in mission critical situations. IOPS supports recoverable mission critical network operations regardless of the existence of connection (e.g. backhaul link) between an Evolved Node B (eNodeB) and a core network. The main requirement from a security perspective for the public safety use are access of public safety UEs to an Isolated E-UTRAN and secure operation for the UEs in an Isolated E-UTRAN operation mode.
Further, it is difficult to provide authentication for the UEs when the eNodeB has lost connection with the core network. When the eNodeB is not in communication with the core network (e.g. connection disconnected), the Home Subscriber Server (HSS) (Authentication Center (AuC)) is not available (or reachable) for the eNodeB to communicate the access request received from the UE to the core network and obtain the security context for access control and secure communication. When the backhaul link to the core network is unavailable, public safety eNodeB(s) (Local Evolved Packet Core (EPC)) could either operate autonomously or coordinate with other nearby eNodeB(s) to provide locally routed communications near the public safety UEs within a region. The Isolated E-UTRAN mode of operation also provides the ability to create a serving Radio Access Network (RAN) without the backhaul link by deploying one or more standalone Nomadic eNodeBs (NeNBs). The Isolated E-UTRAN operation mode, from the perspective of security, has potentially two modes of operation:
signaling backhaul connection to an EPC is active. Thus, the communication with the AuC or HSS is possible (Mode 1); and
no signaling backhaul connection to the EPC; thus, communication with the AuC or HSS is not possible (Mode 2).
In the case of Mode-1, the normal 3GPP security operation is possible. Further, in the case of Mode-2, the Isolated E-UTRAN must ensure that both user data and network signaling security is to a level comparable with that provided by Mode-1. The provision of the security features are required for the communication to occur between the UE and the NeNB and for the communication among different NeNBs. In conventional systems and methods, including complete subscriber database of potential subscribers in the eNodeBs for authentication and authorization is not a viable solution. Further, there is a high security risk of subscription credentials being exposed by the eNodeB in a compromised state. In addition to secure authentication, secure operation (e.g. integrity protection, replay protection, confidentiality protection) is required to mitigate distribution of unauthorized disaster information and eavesdropping of communication between the public safety UEs.
Thus, there is a need for a simple and robust mechanism for addressing the security issues described above when an eNodeB is not connected to a core network.