The present document provides an analysis of the security issues by including Relay Nodes (RN) into the LTE network. Furthermore it contains several solutions to provide security for the relay architecture chosen by the RAN groups. It also provides a comparison between those solution and the reasoning why a particular solution was chosen.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.
RN subscription authentication:
This form of authentication is performed between the RN in its role as a UE and the MME-RN. It is performed using the EPS AKA protocol as defined in TS 33.401 and involves a USIM on a UICC inserted in the RN.
RN platform authentication:
This form of authentication is performed between a secure environment in the RN platform and a network entity. For the purpose of this definition, the RN platform encompasses both the ME functionality of the RN and the eNB functionality of the RN. As a result of this authentication the network entity (e.g. Donor eNB, HSS or MME-RN) has verified that the secure environment in the RN is in possession of a secret key associated with the RN. RN platform authentication is intended to additionally provide implicit proof of the integrity of the RN platform to the network entity. This is achieved by assuming that the secure environment in the RN engages in RN platform authentication only after a successful autonomous RN platform validation has been performed by the secure environment.
RN-UICC secure channel authentication:
This is any authentication performed as part of the set up of a secure channel between an RN and a UICC, for example according to ETSI TS 102 484 "Smart cards; Secure channel between a UICC and an end-point terminal" where the "end-point terminal" is the RN. The RN-UICC secure channel terminates in the RN secure environment.
RN management authentication:
This form of authentication is performed between a secure environment in the RN platform and a network management entity. For the purpose of this definition, the RN platform encompasses the RN management functionality of the RN. As a result of this authentication a network management entity has verified that the secure environment in the RN is in possession of a secret key associated with the RN. RN management authentication is intended to additionally provide implicit proof of the integrity of the RN platform's management capability to a network management entity. This is achieved by assuming that a secure environment in the RN engages in RN management authentication only after a successful autonomous RN validation of the management capabilities has been performed by the secure environment.
RN authentication:
This term is an umbrella term for the above forms of RN authentication.
Platform Secure Environment:
This follows the definition and requirements as specified in 5.3.5 of TS 33.401.
For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.
DeNB