LTE-Advanced, recently standardized as 4G, brings about a paradigm shift in the way real-time data-driven wireless applications are conducted since it enables speeds up to 1 Gbit/s for data transfers. Its frequency-division multiple access (FDMA) radio access, along with a packet-switched radio interface optimized for packet data, enables such higher data rates and lower latency.

These new real-time data-driven wireless applications bring about a greater need to ensure certain security features that cover various vulnerabilities including network access security, network domain security, user domain security, application domain security, and visibility of configurability of security features. Fortunately, designers can take advantage of the security features, mechanisms used to implement these features, and the security procedures performed within the LTE-Advanced mobile communication standard, as specified by the relevant 3GPP specifications.

Overview of LTE-Advanced Security Features

Security features need to cover the following areas of vulnerability to meet related threats and accomplish certain objectives: 

• Network access security features provide users with secure access to mobile services and protect against attacks on the radio access link.
• Network domain security features enable nodes in the provider domain to securely exchange signaling data and protect against attacks on the wireline network.
• User domain security features facilitate access to mobile stations.
• Application domain security features enable applications in both the user and provider domains to securely exchange messages.
• Visibility and configurability enable the user to determine whether or not a security feature is (or should be) in operation.

Security Procedures for User Identity Confidentiality on Network Access Link 

Three features protect data from eavesdropping on the radio access link. First, user identity confidentiality protects the permanent user identity (IMSI). Second, user location confidentiality masks the presence or arrival of a user in a certain area. Finally, user untraceability prevents an intruder from detecting whether different services are delivered to a user.

To avoid user traceability, which may lead to the compromise of user identity confidentiality, the user is identified by a temporary identity (GUTI) provided by the serving network. This mechanism can be used to identify a user on the radio path in location update requests, service requests, detach requests, connection re-establishment requests, and other requests. Any signaling or user data that can reveal the user’s identity is ciphered on the radio access link.

Security Procedures for Entity Authentication on Network Access Link

Entity authentication comprises two steps and should occur at each connection setup between the user and the network. First, user authentication ensures that the serving network corroborates the user identity of the user. Next, network authentication ensures that the user’s connection is to a serving network with an up-to-date authorization from the user’s home environment (HE) to provide services.

The mechanism of entity authentication is based on the authentication vector delivered by the user’s HE to the serving network. This authentication-and-key mechanism establishes a secret cipher key and integrity key between the user and the serving network. The serving network should invoke this mechanism after a first registration of a user in a serving network and after a service request, location update request, attach request, detach request, or connection reestablishment request when the maximum number of local authentications using the derived integrity key have been conducted.

The local authentication mechanism uses the integrity key established between the user and serving network during the previous execution of the authentication and key establishment procedure. This mechanism should be invoked by the serving network after a service request, location update request, attach request, detach request, or connection re-establishment request, provided that the maximum number of local authentications using the same derived integrity key has not been reached yet.

Security Procedures for Data Confidentiality on Network Access Link

The confidentiality of user data and signaling data ensures that neither type can be overheard on the radio access interface. The cipher algorithm agreement ensures that the mobile station (MS) and the serving network (SN) can securely negotiate the algorithm that they should use subsequently. 

The cipher algorithm agreement is achieved via a mechanism for security mode negotiation between the user and the network. The cipher key agreement, which is established in the course of the execution of the mechanism for authentication and key agreement, ensures that the MS and the SN agree on a cipher key that they may use subsequently.

Security Procedures for Data Integrity on Network Access Link

Data integrity and origin authentication of signaling data allow the receiving entity to verify two key facts; first, that the signaling data was not modified in an unauthorized way after it was transmitted by the sending entity (SN or MS); second, that the origin of the signaling data received is indeed the one claimed.

The integrity algorithm agreement ensures that the MS and the SN securely negotiate the integrity algorithm that they will use subsequently. The integrity algorithm agreement is realized via a mechanism for security mode negotiation between the user and the network. The integrity key agreement, which is also established in the course of the execution of the mechanism for authentication and key agreement, ensures that the MS and the SN agree on an integrity key that will be used subsequently.

Security Procedures for USIM Authentications in the User Domain

User-to-USIM authentication ensures that access to the universal subscriber identity module (USIM) is restricted until the USIM has authenticated the user. The user and the USIM must share a secret PIN that is stored securely in the USIM. Users get access to the USIM only if they prove knowledge of the secret PIN. This prevents unauthorized access to the user’s account and the resulting fraudulent charges.

USIM-terminal link authentication ensures that access to terminal or other user equipment (UE) is restricted to an authorized USIM. The USIM and the terminal must share a secret that is stored securely in the USIM and the terminal. If a USIM fails to prove its knowledge of the secret, it will be denied access to the terminal.