Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 33.809
Study on 5G Security enhancements against False Base Stations (FBS)

3GPP‑Page  
V18.1.0 (Wzip)  2023/09  131 p.
Rapporteur:
Ms. Guo, Ivy
Apple Computer Trading Co. Ltd

full Table of Contents for  TR 33.809  Word version:  18.1.0

Here   Top

0  Introductionp. 11

The present document uses the term "false base station" in general to denote wireless devices that impersonate genuine base stations.
False base stations are also popularly known as IMSI catchers. While one of their initial attacks was to catch subscribers' IMSIs, more advancements have happened since - not only to the false base stations technologies, but also to the mobile network security.
Today, the capabilities of false base stations vary depending upon whether the mobile network is GPRS, UMTS, LTE, or 5G. The 5G system in particular has already made significant improvements to combat false base stations, the improvements like SUPI concealment, guaranteed GUTI refreshment, protected redirections, and a general informative detection framework. There are also other security features that the 5G security inherited from earlier generations like mutual authentication between UE and network, integrity protected signalling, and secure algorithm negotiations.
Some of the security solutions, constraints, and requirements studied in TR 33.969 "Study on Security aspects of Public Warning System (PWS)" may also be useful when considering security enhancement against false base stations specifically, the protection of the System Information (SI) broadcasts used for the PWS warning messages.
Up

1  Scopep. 12

The present document studies the potential threats and privacy issues associated with false base station scenarios.
The present document identifies the potential solutions for mitigating the risks caused by false base station.

2  Referencesp. 12

3  Definitions of terms, symbols and abbreviationsp. 13

3.1  Termsp. 13

3.2  Symbolsp. 13

3.3  Abbreviationsp. 13

4  Security overviews of 5G system against false base stationsp. 14

5  Key Issuesp. 14

5.1  Key Issue #1: Security of unprotected unicast messagesp. 14

5.1.1  Key issue detailsp. 14

5.1.2  Security Threatsp. 15

5.1.3  Potential Requirementsp. 15

5.2  Key Issue #2: Security protection of system informationp. 16

5.2.1  Key issue detailsp. 16

5.2.2  Security Threatsp. 16

5.2.3  Potential Requirementsp. 16

5.3  Key Issue #3: Network detection of false base stationsp. 17

5.3.1  Key issue detailsp. 17

5.3.2  Security Threatsp. 17

5.3.3  Potential Requirementsp. 17

5.4  Key Issue #4: Protection against SON poisoning attemptsp. 17

5.4.1  Key issue detailsp. 17

5.4.2  Security Threatsp. 18

5.4.3  Potential Requirementsp. 18

5.5  Key Issue #5: Mitigation against the authentication relay attackp. 19

5.5.1  Key issue detailsp. 19

5.5.2  Security Threatsp. 19

5.5.3  Potential Requirementsp. 19

5.6  Key Issue #6: Resistance to radio jammingp. 19

5.6.1  Key issue detailsp. 19

5.6.2  Security Threatsp. 20

5.6.3  Potential Requirementsp. 20

5.7  Key Issue #7: Protection against Man-in-the-Middle false gNB attacksp. 20

5.7.1  Key issue detailsp. 20

5.7.2  Security Threatsp. 20

6  Candidate Solutionsp. 21

6.0  Mapping between key issues and solutionsp. 21

6.1  Solution #1: Protection for the UE Capability Transferp. 22

6.1.1  Introductionp. 22

6.1.2  Solution detailsp. 22

6.1.3  Evaluationp. 22

6.2  Solution #2: Protection of RRCReject message in RRC_INACTIVE statep. 22

6.2.1  Introductionp. 22

6.2.2  Solution detailsp. 22

6.2.3  Evaluationp. 23

6.3  Solution #3: Protection of uplink UECapabilityInformation RRC messagep. 23

6.3.1  Introductionp. 23

6.3.2  Solution detailsp. 24

6.3.3  Evaluationp. 24

6.4  Solution #4: Enriched measurement reportsp. 24

6.4.1  Introductionp. 24

6.4.2  Solution detailsp. 25

6.4.2.1  Enrichment of measurement reportp. 25

6.4.2.2  Verification of the MIB/SIBs Hashesp. 25

6.4.3  Evaluationp. 26

6.5  Solution #5: Mitigation against the authentication relay attackp. 27

6.5.1  Introductionp. 27

6.5.2  Solution detailsp. 27

6.5.3  Evaluationp. 29

6.6  Solution #6: Avoiding UE connecting to false base station during HOp. 29

6.6.1  Introductionp. 29

6.6.2  Solution detailsp. 29

6.6.2.1  Backgroundp. 29

6.6.2.2  Procedurep. 31

6.6.2.2.0  Generalp. 31
6.6.2.2.1  Always on Featurep. 31
6.6.2.2.2  On demand Featurep. 33

6.6.3  Evaluationp. 33

6.7  Solution #7: Verification of authenticity of the cellp. 33

6.7.1  Introductionp. 33

6.7.2  Solution detailsp. 34

6.7.2.1  System Information verification using Digital Signaturesp. 34

6.7.2.2  System Information verification using Identity Based Cryptographyp. 35

6.7.2.3  Optimization of SI verification using the other SIp. 36

6.7.2.4  Capability negotiationp. 36

6.7.3  Evaluationp. 37

6.7.4  Assessment using clause A.3p. 37

6.7.4.1  UE aspectsp. 37

6.7.4.2  UE actions upon detection of invalid signaturep. 38

6.7.4.3  Threats that are mitigated by signed SI messagesp. 38

6.7.4.4  Threats that are not mitigated by signed SI messagesp. 38

6.7.4.5  Provisioning of keysp. 38

6.7.4.6  RAN aspectsp. 39

6.7.4.7  VPLMN aspectsp. 39

6.7.4.8  HPLMN aspectsp. 40

6.7.4.9  Network sharing aspectsp. 40

6.7.4.10  Roaming aspectsp. 40

6.7.4.11  Regulatory aspectsp. 40

6.7.4.12  Signature schemesp. 40

6.7.4.13  Signature lengthp. 40

6.7.4.14  Resistance against Quantum Computingp. 40

6.8  Solution #8: Network detection of nearby false base stations from call statistics and measurementsp. 40

6.8.1  Introductionp. 40

6.8.2  Solution detailsp. 41

6.8.2.1  Detection of false base Stations from Active UE Measurement reportp. 41

6.8.2.2  Detection of false base stations from duplicate Cell IDs in Active UE Measurement reportp. 41

6.8.3  Evaluationp. 41

6.9  Solution #9: Using symmetric algorithm with assistance of USIM and home networkp. 41

6.9.1  Introductionp. 41

6.9.1.1  Generalp. 41

6.9.1.2  Mitigate replayed broadcast attackp. 42

6.9.2  Solution detailsp. 42

6.9.2.1  Frameworkp. 42

6.9.2.1.1  Generalp. 42
6.9.2.1.2  Principle of dynamic provisioningp. 43

6.9.2.2  Provisioningp. 44

6.9.2.2.1  Protection Key Agreement (PKA) and Protection Key Transfer (PKT) procedurep. 44
6.9.2.2.2  Protection areap. 45
6.9.2.2.3  Protection Area Information Provisioning (PAIP) procedurep. 46

6.9.2.3  Authenticityp. 47

6.9.2.3.1  Security procedure for broadcast messagesp. 47
6.9.2.3.2  Security procedure for unicast messagesp. 48

6.9.3  Evaluationp. 49

6.10  Solution #10: Protection on the unicast message based on ECDHp. 49

6.10.1  Introductionp. 49

6.10.2  Solution detailsp. 49

6.10.2.1  General descriptionp. 49

6.10.2.2  Pre-provisionp. 50

6.10.2.3  Message used to send ePK uplinkp. 50

6.10.2.4  Replay resistantp. 50

6.10.2.5  Proceduresp. 50

6.10.3  Assessment using clause A.3p. 51

6.10.3.1  UE aspectsp. 51

6.10.3.2  UE actions upon detection of invalid signaturep. 51

6.10.3.3  Threats that are mitigated by signed SI messagesp. 51

6.10.3.4  Threats that are not mitigated by signed SI messagesp. 51

6.10.3.5  Provisioning of keysp. 51

6.10.3.6  RAN aspectsp. 51

6.10.3.7  VPLMN aspectsp. 51

6.10.3.8  HPLMN aspectsp. 51

6.10.3.9  Network sharing aspectsp. 51

6.10.3.10  Roaming aspectsp. 52

6.10.3.11  Regulatory aspectsp. 52

6.10.3.12  Signature schemesp. 52

6.10.3.13  Signature lengthp. 52

6.10.3.14  Resistance against Quantum Computingp. 52

6.11  Solution #11: Certificate based solution against false base stationp. 52

6.11.1  Introductionp. 52

6.11.2  Solution detailsp. 52

6.11.2.1  Pre-provision and certificate distributionp. 52

6.11.2.2  Signature algorithmp. 53

6.11.2.3  Proceduresp. 54

6.11.2.4  Certificate format:p. 54

6.11.3  Assessment using clause A.3p. 54

6.11.3.1  UE aspectsp. 54

6.11.3.2  UE actions upon detection of invalid signaturep. 55

6.11.3.3  Threats that are mitigated by signed SI messagesp. 55

6.11.3.4  Threats that are not mitigated by signed SI messagesp. 55

6.11.3.5  Provisioning of keysp. 55

6.11.3.6  RAN aspectsp. 55

6.11.3.7  VPLMN aspectsp. 55

6.11.3.8  HPLMN aspectsp. 56

6.11.3.9  Network sharing aspectsp. 56

6.11.3.10  Roaming aspectsp. 56

6.11.3.11  Regulatory aspectsp. 56

6.11.3.12  Signature schemesp. 56

6.11.3.13  Signature lengthp. 56

6.11.3.14  Resistance against Quantum Computingp. 57

6.12  Solution #12: ID based solution against false base stationp. 57

6.12.1  Introductionp. 57

6.12.2  Solution detailsp. 57

6.12.2.1  Pre-provisionp. 57

6.12.2.2  Procedurep. 58

6.12.2.3  Revocationp. 58

6.12.3  Assessment using clause A.3p. 59

6.12.3.1  UE aspectsp. 59

6.12.3.2  UE actions upon detection of invalid signaturep. 59

6.12.3.3  Threats that are mitigated by signed SI messagesp. 59

6.12.3.4  Threats that are not mitigated by signed SI messagesp. 59

6.12.3.5  Provisioning of keysp. 59

6.12.3.6  RAN aspectsp. 59

6.12.3.7  VPLMN aspectsp. 59

6.12.3.8  HPLMN aspectsp. 60

6.12.3.9  Network sharing aspectsp. 60

6.12.3.10  Roaming aspectsp. 60

6.12.3.11  Regulatory aspectsp. 60

6.12.3.12  Signature schemesp. 60

6.12.3.13  Signature lengthp. 60

6.12.3.14  Resistance against Quantum Computingp. 60

6.12.4  Evaluationp. 60

6.13  Solution #13: Protecting RRCResumeRequest against MiTMp. 61

6.13.1  Introductionp. 61

6.13.2  Solution detailsp. 61

6.13.3  Evaluationp. 61

6.14  Solution #14: Shared key based MIB/SIBs protectionp. 62

6.14.1  Introductionp. 62

6.14.2  Solution detailsp. 62

6.14.3  Evaluationp. 63

6.15  Solution #15: Mitigation against the authentication relay attack with different PLMNsp. 63

6.15.1  Introductionp. 63

6.15.2  Solution detailsp. 63

6.15.3  Evaluationp. 66

6.16  Solution #16: Protection of RRC Reject Messagep. 66

6.16.1  Introductionp. 66

6.16.2  Solution detailsp. 67

6.16.2.1  Protection of RRC Reject Message in RRC_IDLE statep. 67

6.16.2.2  Protection of RRC Reject Message in RRC_INACTIVE statep. 67

6.16.3  Evaluationp. 67

6.17  Solution 17: Integrity protection of the whole RRCResumeRequest messagep. 68

6.17.1  Introductionp. 68

6.17.2  Solution Detailsp. 68

6.17.3  Evaluationp. 69

6.18  Solution #18: Avoiding UE connecting to False Base Station during Conditional Handoverp. 69

6.18.1  Introductionp. 69

6.18.2  Solution detailsp. 69

6.18.2.1  Generalp. 69

6.18.2.2  Always on Featurep. 70

6.18.2.3  On Demand Featurep. 71

6.18.3  Evaluationp. 71

6.19  Solution #19: AS security based MIB/SIBs integrity information provided by gNBp. 71

6.19.1  Introductionp. 71

6.19.2  Solution detailsp. 72

6.19.3  Evaluationp. 73

6.20  Solution #20: Digital Signing Network Function (DSnF)p. 73

6.20.1  Introductionp. 73

6.20.2  Solution detailsp. 74

6.20.2.1  Digital Signatures of System Informationp. 74

6.20.2.2  Digital Signing Network Function (DSnF)p. 74

6.20.2.2.1  Digital Signing Requestp. 74
6.20.2.2.2  Digital Signature Computationp. 75
6.20.2.2.3  Digital Signing Responsep. 75
6.20.2.2.4  Short-term Certificate: request and usagep. 75

6.20.2.3  gNB Behavioursp. 77

6.20.2.3.0  Generalp. 77
6.20.2.3.1  Requesting Digital Signaturesp. 77
6.20.2.3.2  Receiving Digital Signaturesp. 78
6.20.2.3.3  Broadcasting Digital Signaturesp. 78

6.20.2.4  Procedures for digital signature request and responsep. 78

6.20.2.5  UE Behavioursp. 80

6.20.2.5a  Generalp. 80

6.20.2.5.0  Introductionp. 80
6.20.2.5.1  Trust Anchors in UEp. 80
6.20.2.5.2  Cell Scanningp. 81
6.20.2.5.3  Verification of Digital Signaturesp. 81
6.20.2.5.4  Verification of Time Counterp. 82
6.20.2.5.5  Cell Selection and Reselectionp. 83

6.20.2.6  Security Analysisp. 84

6.20.2.6.0  Generalp. 84
6.20.2.6.1  Mitigating Replay Attacksp. 84
6.20.2.6.2  Mitigating Denial of Servicesp. 84
6.20.2.6.3  Mitigating downgrading attacksp. 85

6.20.3  Assessment using clause A.3p. 85

6.20.3.1  UE aspectsp. 85

6.20.3.2  UE actions upon detection of invalid signaturep. 85

6.20.3.3  Threats that are mitigated by signed SI messagesp. 86

6.20.3.4  Threats that are not mitigated by signed SI messagesp. 86

6.20.3.5  Provisioning of keysp. 86

6.20.3.6  RAN aspectsp. 86

6.20.3.7  VPLMN aspectsp. 86

6.20.3.8  HPLMN aspectsp. 86

6.20.3.9  Network sharing aspectsp. 86

6.20.3.10  Roaming aspectsp. 86

6.20.3.11  Regulatory aspectsp. 86

6.20.3.12  Signature schemesp. 86

6.20.3.13  Signature lengthp. 86

6.20.3.14  Resistance against Quantum Computingp. 87

6.20.4  Evaluationp. 87

6.21  Solution #21: Certificate based solution against false base station for Non-Public Networksp. 88

6.21.1  Introductionp. 88

6.21.2  Solution detailsp. 89

6.21.2.1  Certificate Provisioningp. 89

6.21.2.2  Procedure for NPN Deploymentsp. 89

6.21.2.2.1  Procedurep. 89

6.21.2.3  Certificate format:p. 90

6.21.3  Assessment using clause A.3p. 90

6.21.3.1  UE aspectsp. 90

6.21.3.2  UE actions without the network's certificatep. 90

6.21.3.3  Threats that are mitigated by protecting system information messages using Digital Signature as well as encrypting unicast signalling messagesp. 91

6.21.3.4  Threats that are not mitigated by protecting system information messages using Digital Signature or encrypting unicast signalling messages.p. 91

6.21.3.5  Provisioning of certificates into the UEp. 91

6.21.3.6  RAN aspectsp. 91

6.21.3.7  VPLMN aspectsp. 91

6.21.3.8  HPLMN aspectsp. 91

6.21.3.9  NSPN aspectsp. 91

6.21.3.10  Network sharing aspectsp. 91

6.21.3.11  Roaming aspectsp. 91

6.21.3.12  Regulatory aspectsp. 91

6.21.3.13  Encryption schemesp. 91

6.21.3.14  Signature / Encryption lengthp. 92

6.21.3.15  Resistance against Quantum Computingp. 92

6.22  Solution #22: Detecting false base stations based on UE positioning measurementsp. 92

6.22.1  Introductionp. 92

6.22.2  Solution detailsp. 93

6.22.3  Evaluationp. 95

6.23  Solution #23: Cryptographic CRC to avoid MitM relay nodesp. 96

6.23.1  Introductionp. 96

6.23.2  Solution detailsp. 96

6.23.2.1  Requirementsp. 96

6.23.2.2  Operationp. 97

6.23.2.3  Prevention of MitM attacks:p. 98

6.23.3  Evaluationp. 98

6.24  Solution #24: UE&Network-assisted UE avoidance and Network detection of FBSp. 99

6.24.1  Introductionp. 99

6.24.2  Solution detailsp. 100

6.24.2.1  UE Initializationp. 100

6.24.2.2  UE Operation (IDLE mode)p. 100

6.24.2.3  UE Operation (CONNECTED mode)p. 101

6.24.2.4  Network operationp. 101

6.24.3  Evaluationp. 101

6.25  Solution #25: Detection of Man-in-the-Middle false base stationsp. 102

6.25.1  Introductionp. 102

6.25.2  Solution Detailsp. 103

6.25.3  Evaluationp. 104

6.26  Solution #26: KI#2 with PKC-based and without tight time synchronizationp. 104

6.26.1  Introductionp. 104

6.26.2  Solution detailsp. 104

6.26.2.1  Requirementsp. 104

6.26.2.2  Protocol Operationp. 104

6.26.2.3  Clarifications regarding the protocol operationp. 106

6.26.3  Evaluationp. 107

6.27  Solution #27: Short-lived asymmetric key-based solution for protecting system informationp. 108

6.27.1  Introductionp. 108

6.27.1.1  Generalp. 108

6.27.1.2  Hash-based consistency checksp. 109

6.27.1.3  Symmetric key based MACp. 109

6.27.1.4  Asymmetric key based digital signaturesp. 109

6.27.2  Solution detailsp. 110

6.27.2.1  Authenticity of system informationp. 110

6.27.2.1.1  Signing entitiesp. 110
6.27.2.1.2  Raw public keys or certificatesp. 110
6.27.2.1.3  Trust anchorsp. 111
6.27.2.1.4  PKI trust modelsp. 112
6.27.2.1.5  Trust anchor provisioningp. 112
6.27.2.1.6  Delivering signatures and short-lived public keysp. 113
6.27.2.1.7  System information to be protectedp. 113

6.27.2.2  Replay mitigationp. 114

6.27.2.2.0  Generalp. 114
6.27.2.2.1  Message timelinessp. 114
6.27.2.2.2  gNB unique propertiesp. 116
6.27.2.2.3  Time synchronization issuesp. 117
6.27.2.2.4  Limitationsp. 117

6.27.2.3  Cell selection and reselectionp. 118

6.27.3  Assessment using clause A.3p. 119

6.27.3.1  UE aspectsp. 119

6.27.3.2  UE actions upon detection of invalid signaturep. 119

6.27.3.3  Threats that are mitigated by signed SI messagesp. 120

6.27.3.4  Threats that are not mitigated by signed SI messagesp. 120

6.27.3.5  Provisioning of keysp. 120

6.27.3.6  RAN aspectsp. 120

6.27.3.7  VPLMN aspectsp. 120

6.27.3.8  HPLMN aspectsp. 120

6.27.3.9  Network sharing aspectsp. 120

6.27.3.10  Roaming aspectsp. 120

6.27.3.11  Regulatory aspectsp. 120

6.27.3.12  Signature schemesp. 120

6.27.3.13  Signature lengthp. 120

6.27.3.14  Resistance against Quantum Computingp. 121

6.27.4  Evaluationp. 121

7  Conclusionsp. 121

7.1  Conclusions on Key Issue #1p. 121

7.2  Conclusions on Key Issue #2p. 121

7.3  Conclusions on Key Issue #3p. 121

7.4  Conclusions on Key Issue #4p. 121

7.5  Conclusions on Key Issue #5p. 121

7.6  Conclusions on Key Issue #6p. 122

7.7  Conclusions on Key Issue #7p. 122

A  Assessment of system, architectural and security impacts of signing SI messagesp. 123

A.1  Introductionp. 123

A.2  Example architecturep. 123

A.3  Aspects that need to be addressedp. 123

A.3.1  UE Aspectsp. 123

A.3.2  UE actions upon detection of invalid signaturep. 123

A.3.3  Threats that are mitigated by signed SI messagesp. 124

A.3.4  Threats that are not mitigated by signed Si messagesp. 124

A.3.5  Provisioning of keysp. 124

A.3.6  RAN aspectsp. 124

A.3.7  VPLMN aspectsp. 124

A.3.8  HPLMN aspectsp. 124

A.3.9  Network sharing aspectsp. 124

A.3.10  Roaming aspectsp. 124

A.3.11  Regulatory aspectsp. 124

A.3.12  Signature schemesp. 124

A.3.13  Signature lengthp. 124

A.3.14  Resistance against Quantum Computingp. 125

B  Taxonomy of attacks against 5G UE over radio interfacesp. 125

B.1  Introductionp. 125

B.2  Attack taxonomyp. 125

B.2.0  Generalp. 125

B.2.1  Active Attacksp. 126

B.2.1.0  Generalp. 126

B.2.1.1  Radio Jammingp. 126

B.2.1.2  Signal shadowingp. 126

B.2.1.3  Message attacksp. 127

B.2.2  Passive Attacksp. 128

$  Change historyp. 129

Up   Top