generations? Steve Babbage Vodafone Distinguished Engineer C1 - - PowerPoint PPT Presentation

How can 5G security improve on earlier generations?

Steve Babbage Vodafone Distinguished Engineer

C1 Unrestricted

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

• Vodafone Distinguished Engineer

– Cryptography, security, mathematics

• Chair of ETSI SAGE

– Security Algorithms Group of Experts – Specifies all new standardised crypto algorithms for 3GPP, amongst other things

• Co-chair of NGMN’s 5G security workstream

– Making pre-standardisation recommendations on 5G security

• On GSMA’s Fraud and Security Advisory Panel

Who am I?

C1 Unrestricted

These views are mine – not the official views of any of the companies or bodies above

2 26 Apr 2016

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

Evolution of security

C1 Unrestricted 3 26 Apr 2016

2G 3G 4G

Key length Increased to 128 bits One-way authentication Mutual authentication, tamper- proof signalling Proves which network Authentication and key agreement algorithms Much better example algorithm Encryption algorithms Full strength public algorithms Same cipher key, whatever the algorithm Different cipher key depending

• n choice of algorithm

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

So 4G security is very good … … but in some ways, fragile

C1 Unrestricted 4 26 Apr 2016 SC Magazine > News > Report: SS7 flaws enable listening to cell phone calls, reading texts

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

How can the long term secret key leak?

C1 Unrestricted 5 26 Apr 2016

SIM vendor Mobile operator Sending the keys Hack Insider attack Hack Insider attack Hack Weak algorithm Weak implementation

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

Creating shared session keys

C1 Unrestricted 6 26 Apr 2016

SIM Home network Visited network

RAND, KC RAND

KC RAND AKA Ki

KC

ENCRYPT USING KC

AKA KC Ki RAND

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

Can do key agreement differently …

C1 Unrestricted 7 26 Apr 2016

KC

Node X

Authentication centre Home network nodes Visited network nodes Key exchange

KC KE KE … when time allows

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

Giving the device more control over security

C1 Unrestricted 8 26 Apr 2016

Update session keys now Update temporary identity now Can we update session keys now, please? Carry on using the same session keys you’ve been using for the last month Carry on using the same temporary identity you’ve been using for the last year

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

• Call set-up time matters to customers

– Running a full key exchange protocol would take noticeably longer – So does that mean we can’t do it?

• Fast handover between cells is important for some services

– Key derivation on handover is optimised for speed, not for security

• Some devices need to run on batteries for years

– So do we need to keep security protocol transmissions to a minimum?

• Some services need very high availability

– So we mustn’t risk false positives when policing network access?

Performance constraints on security

C1 Unrestricted 9 26 Apr 2016

Vodafone Proprietary classified as C2 - VODAFONE RESTRICTED

Network slices

C1 Unrestricted 10 26 Apr 2016

Optimise for integrity and availability Optimise for battery life Optimise for security and privacy Optimise for speed

Thank you

C1 Unrestricted 26 Apr 2016 11