Global ICT Standardisation Forum for India; s2

Draft 1 GISFI TR SP.108 V1.0.0 (2014-06)

GISFI TR SP.108 V1.0.0 (2014-06) Technical Report Global ICT Standardisation Forum for India; Technical Working Group Security and Privacy; Security Testing - MME (Mobility Management Entity); (Draft)

GISFI Draft 2 GISFI TR SP.108 V1.0.0 (2014-06)

GISFI office address Suite 303, 3rd Floor, Tirupati Plaza, Plot No. 4, Sector 11, Dwarka, New Delhi- 110075, India Tel.: +91-11-47581800 Fax: +91-11- 47581801

Internet http://www.gisfi.org E-mail: [email protected]

Copyright Notification

No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media.

Contents

Foreword

This Technical Report has been produced by GISFI.

The contents of the present document are subject to continuing work within the Technical Working Group (TWG) and may change following formal TWG approval. Should the TWG modify the contents of the present document, it will be re-released by the TWG with an identifying change of release date and an increase in version number as follows:

Version x.y.z

where:

x the first digit shows the release to which the document belongs y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document.

Introduction

The MME (Mobility Management Entity) is one of the core network elements of the LTE (Long Term Evolution) Evolved Packet Core (EPC) architecture. The MME handles a number of functionalities in the LTE architecture so securing it is crucial for the network. The MME contains a lot of sensitive data which needs to be protected from being exposed as it might lead to compromising the configuration of the MME platform and architecture. This document covers the various interfaces of an MME which are exposed to the network and how they communicate among themselves. The main focus of this document is on the threats posed on an MME from its exposed interfaces. The nature of threats perceived from such interfaces and the security requirements of the MME that are under study within the 3GPP SA3 work group. In this document, these threat scenarios have been studied and based on which the security requirements for MME have been identified.

1 Scope

3GPP LTE is a wireless communication standard providing high-speed data for mobile phones and other user devices. One of the key control nodes in the LTE EPC architecture is the MME which is responsible for managing and tracking the User Equipment (UE) in idle mode and other paging procedures including retransmissions. It has a number of other responsibilities including authentication of the user (by interacting with Home Subscriber Server (HSS)), authorization of UE with Public Land and Mobile Network (PLMN), implementing roaming restrictions, etc. Section 4 discusses the main assets and interfaces of an MME which are exposed to other network elements and need to be protected. Section 5 discusses the various threat models for an attack on an MME, threats scenarios and requirements of an MME to protect against the identified threats.

2 References

Below reference are available in 3GPP website (Checked as on 04th March 2014) (http://www.3gpp.org/ftp/tsg_sa/wg3_security/TSGS3_74_Taipei/TdocList_2014-01-27_11h30.htm)

1. S3-140094 - Assets and external interfaces of MME

2. S3-140095 - Security threat and requirements with respect to internal attacks on MME

3. S3-140096 - Security threats of disclosure of sensitive information and security requirement on MME

4. S3-140097 - Security threats on MME from the compromised or misbehaving UE and related requirements

5. S3-140145 - SECAM MME attacker model

6. S3-140164 - Security threats and requirements on MME software package integrity and anti-virus

7. S3-140168 - Security threats and requirements on MME management and maintenance access

8. S3-140170 - Security threats and requirements on MME user account and password management

3 Definitions, symbols and abbreviations 3.1 Definitions

[Editor’s Note: To be filled]

3.2 Abbreviations

3GPP 3rd Generation Partnership Project ASME Access Security Management Entity AuC Authentication Centre CA Certificate Authority CMP Certificate Management Protocol CK Cipher Key CP Control Plane eNB Evolved Node B enc Encryption

EPC Evolved Packet Core ePDG Evolved Packet Data Gateway EPS Evolved Packet System ESP Encapsulating Security Payload GRX GPRS Roaming eXchange Network GTP-C GPRS Tunnelling Protocol - Control GW Gateway HeNB Home eNB HNB Home Node B HSS Home Subscriber Server IK Integrity Key IMS IP Multimedia System IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity int Integrity K Key LEA Law Enforcement Agency LI Lawful Interception LTE Long Term Evolution MME Mobility Management Entity NAS Non Access Stratum PCRF Policy and Charging Rules Function PDN Packet Data Network PKI Public Key Infrastructure PLMN Public Land Mobile Network RRC Radio Resource Control SAE System Architecture Evolution SEG Security Gateway SeGW Security Gateway Serv.GW Serving Gateway UMTS Universal Mobile Telecommunication System UP User Plane USIM UMTS Subscriber Identity Module

4 General

This section describes the functionality of MME from standards as well as practical perspective. 4.1. Functionality of the MME

[Editor’s Note: To be filled with functionality of MME from standard]

4.2. Standards based network architecture showing the interfaces of MME

[Editor’s Note: To be filled with standard based network architecture showing MME interfaces from standard]

4.3. Protocols in MME

[Editor’s Note: To be filled with the protocols used in MME interfaces]

5 Security Threats and Requirements

This section will discuss security threats and requirements of MME as per applicable 3GPP standards 5.1. General security requirements

[Editor’s Note: To be filled with general security requirements from standard]

5.2. Attacker Models 5.2.1 Inside Attacker

An inside attacker is one who has privileged access to the target MME. There are various methods by which an inside attacker can target the MME [5]:

• Access and modify configuration files

• Access and modify subscriber data

• Access and modify logs files

• Modify software, firmware and OS

• Modify MME functionality by an attacker’s modified functionality

• Make physical modifications to the hardware (eg. Splitters ),etc.

Some conceived attack scenarios for inside attackers are as follows:

• Attacks during the manufacturing process of MME(eg. Backdoors, rootkits)

• Attacks on MME connections and interfaces within the core network components (eg. S6a interface to HSS)

• Attacks by authorized and authenticated personnel with access and permission to modify the MME configuration and data.

From the above it can be concluded that attacks from inside cannot be countered against. We can only try to sufficiently specify access to the various personnel so that it is possible to timely isolate such incidents using various counter measures for protection and detection (e.g. Access control on the interfaces and logging mechanisms for configuration changes). 5.2.2. External Attacker

External attackers are those who don’t have privileged access to the target. Any attacks in such scenarios are via the exposed interfaces of the MME in the earlier section. The approach of such an attacker varies with every individual based on interface vulnerabilities and access to MME. 5.2.3. Hybrid Attacker

An attacker can use a combination of the two attacks to make a more effective attack. By using means like bribing and blackmailing people on the inside and using them to gain access from the outside. Like any inside

GISFI Draft 12 GISFI TR SP.108 V1.0.0 (2014-06) attack it is not possible to protect against such attacks except for properly vetting the personnel in the management.

5.3 Security requirements from specifications

[Editor’s Note: To be filled with general security requirements from standard]

5.4 Threats and requirements from threats 5.4.1. Threats on an MME

Protocol/Network based attacks T1. Internal Attacks[2]

An employee having internal access to the network misuses his privileges to attack the MME intentionally or coercively. Such an employee poses serious threat to the MME data and/or configuration.

T2. Sensitive Information Disclosure[3]

The MME stores a lot of sensitive information which if available to the attacker can lead to access violations, failed authentication, fake signaling etc. All such sensitive information like communication keys (i.e KNASenc, KNASint, KeNB) and administrator password on MME needs to be protected from such tampering by using effective encryption techniques.

T3. Compromised/Misbehaving UE[4]

The attacker can use a UE or a number of compromised UEs to gain access to one MME at the same time thus draining all its resources and effectively blocking the MME. The same can also be done by using a fuzzing engine to send attach/detach requests to the MME and disrupting the MME service This leads to the loss of service or a degraded service for a legitimate user.

OAM based Attacks T4. Software package integrity and anti-virus[6]

Software packages/upgrades which are installed in an MME may contain harmful viruses, tampered code, malware or other such attack vectors. Using such tampered packages can make the LTE core network vulnerable to attacks and information leakage.

T5. MME management and maintenance[7]

If an attacker can gain unauthorized access to the MME then he can control all the sensitive information including user and system data. He can also use it to gain access to other core network elements thus compromising the whole network.

T6. User account and password management[8]

Like any other password protected system the MME user account and password policy needs to be made secure from the various common case threats like

 Default user password may be leaked to gain low privileged access.

 Low strength of user password

 Brute force attack

 Secure storage for passwords using encryption.

 Multiple login conflicts and configuration collisions

5.4.2. Requirements for securing MME

Protocol/Network based attacks R1. Internal Attacks[2]

Such an attack cannot be stopped but steps can be taken to mitigate the damage.

 Using strong and unique authentication mechanisms

 Effective logging and auditing of users and configuration changes in MME

R2. Sensitive Information Disclosure[3]

To protect such sensitive information in the MME the following requirements have been identified:

 The keys should be physically protected in a secure environment with authorized access

 It should be encrypted when stored in files on MME

 The password should not be transmitted or stored as clear text values.

R3. Compromised/Misbehaving UE[4]

To protect the MME from such threats:

 MME should implement effective signal congestion prevention techniques.

 It should include functionality to detect such misbehaving UEs and take preventive action.

OAM based Attacks R4. Software package integrity and anti-virus[6]

Proper steps need to be followed to mitigate any threats on the MME caused due to software package integrity and anti-virus updates

 Protect software package/patch integrity by using appropriate mechanisms (e.g. hash based check to find tampering, Digital Signatures to authenticate source, etc.)

 Scan the package/updates using multiple anti-virus scanners and maintain logs of the same.

R5. MME management and maintenance interface[7]

Some steps required to protect the management console are:

 Mutual authentication between the MME and other network entities for communicating over the network.

 All communication between the MME and other network elements will use TLS(Transport Layer Security) for authentication and secure tunnel established communication.

 Use access control mechanisms to limit MME access control to selective users and terminals.

R6. User account and password management[8]

The various security requirements identified to secure the MME user account are as follows:

 A consistent security policy for user accounts and password management

 Password management policy (e.g. Initial forced password modification, Password strength level, password characters permitted, duration for password change, salting of password hashes, etc.)

 Password lock-out policy (Maximum number of login attempts, duration till next attempt, timeout, etc.)

Annex A: Heading levels in an annex

Annex B: Change history:

Change history Date TSG TSG Doc. CR Rev Subject/Comment Old New # 2014-28-05 Initial Draft -