Análisis de correspondencia simple: intervalos frecuencia total,

In mobile networks, different sections of the network have different abilities to defend against attack. This includes encryption and methods of authorization to make sure that information is not read by a third party, as well as ensuring that UEs and base stations are authenticated and encrypted before beginning any communication. These capabilities can limit the effect of existing vulnerabilities to reduce the effect of an attacker on the network.

10.2. Radio Access Network Security Capabilities

10.2.1.

Ciphering

As it is not desirable for others to have easy access to communications, mobile networks employ forms of encryption based on ciphering. This is where the communications, either in voice or text form, are encoded using a predetermined system such as AES which prevents them being easily intercepted, meaning only the end users may successfully read them without having to break the cipher, preventing eavesdropping between the mobile device and base station105_.

110 _{Consumer Watchdog. (2019, July) Kill Switch: Why connected cars can be killing machines and how to turn} them off. USA

10.2.2.

Non-Repeating Random Values

Another form of protection for the RAN is non-repeating random values, which essentially generates a sequence of random numbers that will not have any repeats in them, so that a unique session ID is generated for each communication. This prevents replay attacks, which fraudulently repeat or delay valid data transmissions. This is usually done by an attacker who intercepts the data and retransmits it, essentially performing a type of MitM attack105_.

10.2.3.

Signalling Integrity

This uses integrity keys to ensure that the data transmitted is not modified or deleted in any way, so that there is no interfering with communications between the base station and the mobile device. This consists of an algorithm agreement stage, where the mobile device and base station can securely negotiate the algorithm they will use, followed by integrity key agreement, which allows them to agree on a chosen integrity key, which also provides authentication between the mobile device and the base station (mutual authentication). This authentication also prevents the use of cloned mobile devices and base stations by an attacker105_.

10.2.4.

Mutual Authentication

The mobile device and the base station must verify their identities to one another at the same time before agreeing on security measures. As a result, a fake base station will have much greater difficulty impersonating an existing station as it must verify itself to the mobile device in the same instant101_{. The 11 digit cell global identity (CGI) is a way of insuring a}

unique identifier for every cell in the network, it is made up of a country code (CC), a mobile network code (MNC), location area code (LAC) and cell identity (CI), therefore GCI = CC+MNC+LAC+CI.

10.2.5.

Privacy (TMSI and GUTI)

The TMSI is assigned locally to mask the IMSI of the user as it is possible to track the mobile device based on this. Similarly, the use of the Globally Unique Temporary Identifier (GUTI) 100 _{is assigned to a mobile device on attachment. The GUTI, like the TMSI can be}

periodically changed, meaning that it is harder to follow the traffic of the phone to identify its location, as discussed earlier in this document.

10.3. Core Network Security Capabilities

10.3.1.

End-to-End Encryption

In the core network, the SS7 group of protocols is used, which provide a range of services including number translation, billing and Short Message Service (SMS), but are mainly used for setup and teardown of phone calls. Security is provided for a protocol known as Mobile Application Part (MAP) which is based on SS7, in the form of a security protocol known as MAPSec. MAP provides an application layer for nodes in GSM, as well as core networks in GPRS and UMTS, so that services can be provided to users by accessing key nodes in the core network. When MAP is used with the IP protocol, it becomes IPsec. Both

MAPSec and IPsec are used to protect MAP messages between links by providing service node authentication, as well as message encryption from end to end. This prevents

eavesdropping, as well as corruption or fabrication of MAP messages. It must be noted that both MAPSec and IPsec are optional, but most, if not all network operators enables them, the other providers must also enable it to ensure end-to-end security105_.

10.4. Backhaul Network Security Capabilities

10.4.1.

IPsec and Certificate Handling

3GPP has introduced security by addressing the scenarios with and without IPsec, protecting the user and control traffic where possible. Packets encrypted at the backhaul use Internet Key Exchange 2 (IKEv2) which is used to set up Security Association (SA) protocol of IPsec. The IKEv2 protocol is certified with the use of Certificate Management Protocol 2 (CMPv2) which is used to authenticate links using Public Key Infrastructure (PKI). This form of IPsec was used to develop the 3GPP security standards for the LTE backhaul.

The packets between eNodeB and the core network are controlled by IPsec, which uses an Authentication Header offering integrity and authentication of the data, with the option of anti-replay to avoid a replay attack. The Encapsulating Security Payload offers the same services with confidentiality. The purpose of the S1 interface outlined by 3GPP is to provide end to end encryption and decryption. If the S1 and X1 sections of the network are trusted, IPsec is not mandatory, otherwise it must be used when traversing non trusted networks.

Figure 27: Backhaul security architecture111

111 _{Backhaul Security Mechanisms. (2015) Retrieved from Long Term Evolved Security:} https://longtermevolvedsecurity.wordpress.com/backhaul-security-mechanisms-in-lte/

10.4.2.

CPRI (Common Public Radio Interface)

At the baseband unit of a network, signals will pass through the baseband unit which

controls information and status inside the base station and will encrypt all digital information based on IPsec or MACsec according to the vendor-specific implementations. This means the data leaving the baseband unit is secured by encryption, if the optional security

mechanisms are implemented.

10.5. Summary of Mobile Network Security Capabilities

A summary of the mobile network security capabilities is provided in Table 1757_{, and referenced}

to the appropriate network element where is implemented.

Table 17. CAV security defences

Capability Network Location

Explanation

Ciphering RAN Use of agreed system to encode the data to

avoid others freely reading it. Non-repeating Random

Values

RAN Sequence of random numbers used for each session to avoid attackers interfering with sessions using replay attacks. Signalling Integrity RAN Integrity keys used to prevent the signal

being tampered with and is used by both sides in mutual authentication.

Mutual Authentication RAN Both ends of the communication must identify to each other before agreeing on security.

Privacy RAN TMSI and GUTI used to mask the IMSI and

are periodically changed to avoid using them for ID and tracking.

End-to-End Encryption Core Network

Information encrypted before going between end users to prevent reading of information. IPsec & Certificate

Handling

Backhaul IPsec used when transferring data along untrusted networks and certificate handling used to authenticate links before agreeing on public keys.

CPRI (Common Packet Radio Interface)

Fronthaul Data encrypted at the baseband unit before going to next point of network to allow privacy.