Got it
Huawei Enterprise Support Community
Community Forums Wireless & Microwave
LTE Security

LTE Security

Created: Mar 8, 2020 03:08:54Latest reply: Aug 4, 2021 04:39:26 682 5 18 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#
How does LTE security work?

BR,

Like (18) Dislike (0) Favorite(0) Share Report
Previous: Which of the following PRACH preamble formats can be used only for TDD random access ?
Next: Tracing LTE users by MSISDN or IMSI
Featured Answers

Best answer

(3) (0)
BetterMing
Created Mar 8, 2020 03:42:44

Hello, Unicef.
To ensure data security, technologies such as Internet Protocol Security, Public key infrastructure, Security Socket Laye, and Access Control based on 802.1x are used to transmit data to ensure data integrity and security.

The following briefly introduces related technologies for your reference:

4 Transmission Security Features

4.1 Introduction

Transmission security features include IPsec, 802.1x, SSL, and PKI-CMPv2, as shown in Figure 4-1.

Figure 4-1 Transmission security features
4.png

4.2 IPsec

IPsec is a security framework defined by the IETF. It can provide end-to-end secure data transmission on untrusted networks, such as the Internet. On IP networks, IPsec provides transparent, interoperable, and cryptography-based security services to ensure confidentiality, integrity, and authenticity of data and to provide anti-replay protection.

IPsec operates at the IP layer of the TCP/IP protocol stack and provides transparent security services for upper-layer applications. (TCP stands for Transmission Control Protocol.)

For details about IPsec, see IPsec Feature Parameter Description for SingleRAN.

4.3 Access Control Based on 802.1x

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard for port-based network access control. Access control based on 802.1x involves the following NEs:

  • Client, such as a base station

  • Authentication access equipment, such as a local area network (LAN) switch

  • Authentication server, such as an AAA server

Access control based on 802.1x is implemented as follows:

  • After a base station initially accesses the network and before it is authenticated, only 802.1x authentication packets can be transmitted over a port on the authentication access equipment.

  • After the authentication server authenticates the base station and authorizes the port, data can be transmitted over the authorized port. This ensures that only authorized users can access the network.

For details about access control based on 802.1x, see Access Control based on 802.1x Feature Parameter Description for SingleRAN.

4.4 SSL

SSL is a security protocol developed by Netscape. The latest standard version of SSL is Transport Layer Security version 1.2 (TLSv1.2), which aims to provide authentication, confidentiality, and integrity protection for two communication applications.

SSL enables an end-to-end secure connection to be established between two pieces of equipment. The details are as follows:

  • SSL operates between the transport and application layers. It is carried over reliable transport layer protocols but is independent of application layer protocols.

  • Before any communication using application-layer protocols, negotiation of the encryption algorithm and key and authentication have to be completed.

  • Application layer protocols such as HTTP, FTP, and Telnet can be transparently carried over SSL. All data transmitted using the application layer protocols is encrypted to ensure confidentiality.

SSL also protects O&M data transmitted between the base station or base station controller and the U2000 to provide secure remote maintenance.

For details about SSL, see SSL Feature Parameter Description for SingleRAN.

4.5 PKI

PKI uses an asymmetric cryptographic algorithm to provide information security. It mainly manages keys and digital certificates. The functionalities and interfaces related to PKI comply with X.509 and 3GPP TS 33.310.

A PKI system consists of the following elements: CA, RA (optional), certificate & CRL database, and end entity.

PKI defines a certificate management system, which uses CPMv2 to exchange management information between NEs in a PKI system. CMPv2 provides the following functions:

  • Certificate registration, application, and revocation

  • Key update and recovery

  • Cross-certification

  • CA key update announcement

  • Certificate issuing and revocation announcements

Using CMPv2, the base station and the PKI system exchange information about applying for, issuing, and updating a certificate to implement certificate management.

For details about PKI, see PKI Feature Parameter Description for SingleRAN.

5 Reference Documents

  1. ITU-T X.800, "Security architecture for Open Systems Interconnection for CCITT applications", March 1991

  2. ITU-T X.805, "Security architecture for systems providing end-to-end communications", October 2003

  3. NGMN Alliance, "Security in LTE backhauling – A white paper", V1.0, February 2012

  4. 3GPP TS 33.102 V11.3.0 (2012-06): "3G security; Security architecture"

  5. 3GPP TS 33.210 V11.3.0 (2011-12): "3G security; Network Domain Security (NDS); IP network layer security"

  6. 3GPP TS 33.310 V10.5.0 (2011-12): "Network Domain Security (NDS); Authentication Framework (AF)"

  7. 3GPP TS 33.401 V11.4.0 (2012-06): "3GPP System Architecture Evolution (SAE); Security architecture"

  8. IETF RFC 4303, "IP Encapsulating Security Payload (ESP)", December 2005

  9. IETF RFC 4306, "Internet Key Exchange (IKEv2) Protocol"

  10. IPsec Feature Parameter Description

  11. Access Control based on 802.1x Feature Parameter Description

  12. SSL Feature Parameter Description

  13. PKI Feature Parameter Description

Thanks!

View more
  • x
  • convention:

smileymind
smileymind Created Aug 4, 2021 04:39:11 (0) (0)
 
All Answers
(3) (0)
2#
BetterMing
BetterMing Created Mar 8, 2020 03:42:44

Hello, Unicef.
To ensure data security, technologies such as Internet Protocol Security, Public key infrastructure, Security Socket Laye, and Access Control based on 802.1x are used to transmit data to ensure data integrity and security.

The following briefly introduces related technologies for your reference:

4 Transmission Security Features

4.1 Introduction

Transmission security features include IPsec, 802.1x, SSL, and PKI-CMPv2, as shown in Figure 4-1.

Figure 4-1 Transmission security features
4.png

4.2 IPsec

IPsec is a security framework defined by the IETF. It can provide end-to-end secure data transmission on untrusted networks, such as the Internet. On IP networks, IPsec provides transparent, interoperable, and cryptography-based security services to ensure confidentiality, integrity, and authenticity of data and to provide anti-replay protection.

IPsec operates at the IP layer of the TCP/IP protocol stack and provides transparent security services for upper-layer applications. (TCP stands for Transmission Control Protocol.)

For details about IPsec, see IPsec Feature Parameter Description for SingleRAN.

4.3 Access Control Based on 802.1x

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard for port-based network access control. Access control based on 802.1x involves the following NEs:

  • Client, such as a base station

  • Authentication access equipment, such as a local area network (LAN) switch

  • Authentication server, such as an AAA server

Access control based on 802.1x is implemented as follows:

  • After a base station initially accesses the network and before it is authenticated, only 802.1x authentication packets can be transmitted over a port on the authentication access equipment.

  • After the authentication server authenticates the base station and authorizes the port, data can be transmitted over the authorized port. This ensures that only authorized users can access the network.

For details about access control based on 802.1x, see Access Control based on 802.1x Feature Parameter Description for SingleRAN.

4.4 SSL

SSL is a security protocol developed by Netscape. The latest standard version of SSL is Transport Layer Security version 1.2 (TLSv1.2), which aims to provide authentication, confidentiality, and integrity protection for two communication applications.

SSL enables an end-to-end secure connection to be established between two pieces of equipment. The details are as follows:

  • SSL operates between the transport and application layers. It is carried over reliable transport layer protocols but is independent of application layer protocols.

  • Before any communication using application-layer protocols, negotiation of the encryption algorithm and key and authentication have to be completed.

  • Application layer protocols such as HTTP, FTP, and Telnet can be transparently carried over SSL. All data transmitted using the application layer protocols is encrypted to ensure confidentiality.

SSL also protects O&M data transmitted between the base station or base station controller and the U2000 to provide secure remote maintenance.

For details about SSL, see SSL Feature Parameter Description for SingleRAN.

4.5 PKI

PKI uses an asymmetric cryptographic algorithm to provide information security. It mainly manages keys and digital certificates. The functionalities and interfaces related to PKI comply with X.509 and 3GPP TS 33.310.

A PKI system consists of the following elements: CA, RA (optional), certificate & CRL database, and end entity.

PKI defines a certificate management system, which uses CPMv2 to exchange management information between NEs in a PKI system. CMPv2 provides the following functions:

  • Certificate registration, application, and revocation

  • Key update and recovery

  • Cross-certification

  • CA key update announcement

  • Certificate issuing and revocation announcements

Using CMPv2, the base station and the PKI system exchange information about applying for, issuing, and updating a certificate to implement certificate management.

For details about PKI, see PKI Feature Parameter Description for SingleRAN.

5 Reference Documents

  1. ITU-T X.800, "Security architecture for Open Systems Interconnection for CCITT applications", March 1991

  2. ITU-T X.805, "Security architecture for systems providing end-to-end communications", October 2003

  3. NGMN Alliance, "Security in LTE backhauling – A white paper", V1.0, February 2012

  4. 3GPP TS 33.102 V11.3.0 (2012-06): "3G security; Security architecture"

  5. 3GPP TS 33.210 V11.3.0 (2011-12): "3G security; Network Domain Security (NDS); IP network layer security"

  6. 3GPP TS 33.310 V10.5.0 (2011-12): "Network Domain Security (NDS); Authentication Framework (AF)"

  7. 3GPP TS 33.401 V11.4.0 (2012-06): "3GPP System Architecture Evolution (SAE); Security architecture"

  8. IETF RFC 4303, "IP Encapsulating Security Payload (ESP)", December 2005

  9. IETF RFC 4306, "Internet Key Exchange (IKEv2) Protocol"

  10. IPsec Feature Parameter Description

  11. Access Control based on 802.1x Feature Parameter Description

  12. SSL Feature Parameter Description

  13. PKI Feature Parameter Description

Thanks!

View more
  • x
  • convention:

smileymind
smileymind Created Aug 4, 2021 04:39:11 (0) (0)
 
(0) (0)
3#
Unicef
Unicef MVE Created Mar 8, 2020 16:51:41

Very good sharing
View more
  • x
  • convention:
(0) (0)
4#
Al_amery
Al_amery Created Mar 8, 2020 19:33:11

Thanks
View more
  • x
  • convention:
(0) (0)
5#
smileymind
smileymind Created Aug 4, 2021 04:39:26

Great
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.