Network Working Group S. Zhang Internet-Draft J. Huang Intended status: Experimental Southeast University Expires: January 05, 2014 July 04, 2013 A recommendation for RRC agreement in 3rd Generation Partnership Project(3GPP) standard draft-zhang-rrc-3gpp-recommend-00 Abstract This document contains a recommendation to the Third Generation Partnership Project(3GPP) community regarding the RRC agreement. Specifically, this document RECOMMENDS that a network credential MUST be attributed to each user, and the user identity MUST be verified in the RRC connection establishment phase. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 05, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Zhang & Huang Expires January 05, 2014 [Page 1] Internet-Draft Abbreviated-Title July 2013 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Overview of the RRC Connection Establishment Process . . 3 1.2. Meaning of Symbols . . . . . . . . . . . . . . . . . . . 4 2. Design Goals . . . . . . . . . . . . . . . . . . . . . . . . 4 3. The Recommendation for the RRC Agreement . . . . . . . . . . 5 3.1. Format of the ANI Credential . . . . . . . . . . . . . . 5 3.2. Improved Process of RRC Connection Establishment . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. Resource Considerations . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . 12 6.2. Informative References . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction RRC is an acronym of the radio resource control protocol, mainly responsible for the radio resource allocation and sending relevant signaling. RRC connection[TR_21.905_3GPP] refers to a point-to-point bi-directional connection between RRC peer entities on the UE and the UTRAN sides, through which the control signaling between UE and UTRAN and some signaling of the NAS(Non Access Stratum ) are transfered. To access a 3G network, the user SHOULD establish a RRC connection with the accesse network and achieve mutual authentication with the core network. 3G network completes the user authentication tasks by Zhang & Huang Expires January 05, 2014 [Page 2] Internet-Draft Abbreviated-Title July 2013 the core network, but there is no mechanism in the RRC protocol to judge the legitimacy of the requesting subscriber, which means that any user who request to access the network will acquire a RRC connection. If radio resources are occupied too much by the attacker, the normal operation of the network MUST be affected. So, in this profile, a user identity verification scheme is proposed for the RRC agreement. 1.1. Overview of the RRC Connection Establishment Process The main flow of RRC connection establishment[TS_25.331_3GPP] is showed as figure 1. MS NodeB RNC | CCCH: RRC CONNECTION REQUEST | | -------------------------|---------------------------->| | | +-----------------------------+ | | | Admission judgement; RNTI | | | |allocation;parameter setting | | | +-----------------------------+ +---|--------------------------|-----------------------------|---+ | +-----------------+ | RADIO LINK SETUP REQUEST | | | |Establish it on | |<----------------------------| | | |dedicated channel| | RADIO LINK SETUP RESPONSE | | | +-----------------+ |---------------------------->| | | +-----------------------------------+ | | | ALCAP SETUP AND ASYNCHRONIZATION | | | +-----------------------------------+ | +---|--------------------------|-----------------------------|---+ | | | +---|--------------------------|-----------------------------|---+ | +-----------------+ | +------------------------+ | | |Establish it on | | | Map the logical channel| | | | public channel | | | to a public channel | | | +-----------------+ | +------------------------+ | +---|--------------------------|-----------------------------|---+ | CCCH/DCCH:RRC CONNECTION SETUP COMPLETE | | <------------------------|---------------------------- | | CCCH/DCCH: RRC CONNECTION SETUP | | -------------------------|---------------------------> | | | | Figure 1 The normal process of RRC connection establishment 1) The MS(Mobile Station) sends a RRC request message RRC CONNECTION REQUEST to the RNC(radio network controller) via the uplink CCCH, requesting to establish a RRC connection. Zhang & Huang Expires January 05, 2014 [Page 3] Internet-Draft Abbreviated-Title July 2013 2) According to the establishment reason and the current resource situation, RNC determines whether to accept the connection request and to establish on a public channel or a dedicated channel. If RNC has accepted the RRC connection request, he will allocate a radio network temporary identifier U-RNTI to MS. After that, if he decides to establish the connection on a public channel, he will also allocate a cell radio network temporary identifier C-RNTI. Otherwise, RNC will send a radio link setup request message RADIO LINK SETUP REQUEST to the NodeB, and use the ALCAP protocol to establish the Iub interface for the user data transmission. 3) RNC sends the connection establishment message RRC CONNECTION SETUP to the MS through a downlink CCCH channel, containing the information of channels assigned to the user. 4) If the RRC connection has been established successfully, MS will send a RRC connection establishment complete message RRC CONNECTION SETUP COMPLETE to the RNC through the attributed channel and end the RRC connection establishment. It is worth noting that during the channel distribution process, the user can acquire the radio resource without identity verification. 1.2. Meaning of Symbols The meanings of symbols used in this profile are as follow: +------------+------------------------------------------------------+ | symbol | meaning | +------------+------------------------------------------------------+ | RANDm | Random number maintained by MS and RNC | | RANDr | Random number broadcast by RNC | | TANI | Temporary accessing network credential | | CGI | Cell Global Identifier | | Kur | Public key of RNC | | ANI | Accessing network credential | | PKChlr | Public key certificate of the HLR, stored in the | | | USIM card | | f10 | One-way function to generate the authentication data | | | block | | f11 | Function to encrypt IMSI information | +------------+------------------------------------------------------+ Table 1 Short list of the symbol meanings 2. Design Goals Zhang & Huang Expires January 05, 2014 [Page 4] Internet-Draft Abbreviated-Title July 2013 In the RRC(radio resource control) connection establishment phase, upon receipt of a RRC connection request message, the RNC will decide whether to accept this request according to the request reason and the current resource situation, but won't consider whether the user is legal. Once an adversary launches a connection request to the RNC with the intercepted request message, RNC will also allocate radio resources to him. With a large amount of radio resources occupied by the attacker, the legal user MAY be refused by the network because of resource shortage. In addition, the user authentication tasks are completed by the core network, which means that a large amount of bandwidth resources in the core network are consumed and various attacks are easy to be introduced into the core network. The main goal of this profile are outlined below: 1)To reduce radio resource consumption. The radio resource is distributed by the RNC to the user. This profile proposed that in the RRC connection establishment phase, the user identity will be verified to avoid the radio resource being occupied by attackers. If so, the system can reduce plenty of resources consumption. 2)To prevent malious attacks. According to the 3gpp standard, various attacks can be resisted by the core network. However, this scheme will cause a large amount of bandwidth resources being wasted. The method proposed in this profile can avoid malious attacks being introduced into the core network. 3. The Recommendation for the RRC Agreement This profile suggests that when the user launches a RRC connection request, he SHOULD submit a accessing network credential (ANI). Through judging the legitimacy of ANI and its resource situation, RNC decides whether to accept the connection request . 3.1. Format of the ANI Credential +----------------------------------+ | Credential name | +----------------------------------+ | Identification of HlR | +----------------------------------+ | Digital signature of HLR | +----------------------------------+ Figure 2 Format of ANI credential Zhang & Huang Expires January 05, 2014 [Page 5] Internet-Draft Abbreviated-Title July 2013 The format of ANI credential is as figure 2 shows. Each user has an ANI credential which is stored in the USIM card and the attributed HLR, consisting of three different attributes, that is, the credential name, the identification of attributed HLR and the digital signature of HLR. The public key certificate of HLR is stored in USIM card, and HLR signs the credential name and the identification of attributed HLR with its privacy key. When the user launches a RRC connection request to the RNC, his ANI credential and the HLR public key certificate are submitted. The RNC can use the certificate to judge the ANI credential's legitimacy. 3.2. Improved Process of RRC Connection Establishment According to whether or not the information of the accessed cell is stored in the USIM card, the RRC connection can be divided into two cases. The discussions about the improved method are as follow: (1) when no information about the accessed cell is stored in USIM card, the process is as figure 3 shows. MS NodeB RNC | RRC CONNECTION REQUEST | | [PKChlr,E(Kur,ANI||CGI||RANDr)] | | -------------------------|---------------------------->| | | +-----------------------------+ | | | Admission judgement; RNTI | | | |allocation;parameter setting | | | +-----------------------------+ | | | +---|--------------------------|-----------------------------|---+ | +-----------------+ | RADIO LINK SETUP REQUEST | | | |Establish it on | | <---------------------------| | | |dedicated channel| | RADIO LINK SETUP RESPONSE | | | +-----------------+ | --------------------------->| | | +-----------------------------------+ | | | ALCAP SETUP AND ASYNCHRONIZATION | | | +-----------------------------------+ | +---|--------------------------|-----------------------------|---+ | | | +---|--------------------------|-----------------------------|---+ | +-----------------+ | +------------------------+ | | |Establish it on | | | Map the logical channel| | | | public channel | | | to a public channel | | | +-----------------+ | +------------------------+ | +---|--------------------------|-----------------------------|---+ | RRC CONNECTION SETUP COMPLETE | | [RANDnew,TANI xor hash(ANI||CGI||RANDr)] | | <------------------------|---------------------------- | Zhang & Huang Expires January 05, 2014 [Page 6] Internet-Draft Abbreviated-Title July 2013 | RRC CONNECTION SETUP | | -------------------------|---------------------------> | | | | Figure 3 The process of initial RRC connection establishment 1) The MS sends a initial RRC connection request message to RNC: RRC CONNECTION REQUEST[PKChlr, E(Kur,ANI||CGI||RANDr)]. Kur and RANDr are broadcast by RNC. The RNC verifies the user identity by HLR's public key certificate PKChlr. To prevent the replay of initial RRC connection request message, a timing updated parameter RANDr is used in this message. ANI||CGI||RANDr SHOULD be encrypted with public key Kur to ensure that the ANI credential and RANDr won't be interpolated by attackers. 2) When the RNC receives the RRC connection request message, the request message is decrypted by his private key and is verified. First, we SHOULD judge whether or not the initial RRC connection request message is replayed. So, the RNC will inquire the maintained random number record(RANDlast,RANDnow), RANDlast refers to the last random number broadcast by RNC, and RANDnow refers to the random number broadcast currently. If RANDr=RANDnew, we can define that this message is not replayed. But because of the transmission delay between MS and RNC, the broadcasted random number MAY have been updated before the request message arrives RNC. The RNC will define that this request message is replayed and refuse the connection request because RANDr and RANDnow is not equal. In this profile, if RANDr =RANDlast, but the interval is very short between present moment and the update time, we SHOULD still define this RRC connection request message is not replayed. Next, RNC judges the correctness of the ANI credential. The RNC can verify the digital signature with the public key certificate PKChlr, and determine whether the network credential is correct or not. Finally, the RNC will compare the CGI with the connected cell Identifier. If they match, the RNC considers that the RRC connection request message is legal, never being modified and redirected. Otherwise, the RNC considers the connection request is illegal and reject it. 3) According to the resource situation and the request reason, the RNC determines whether to allocate radio resources to the user and which kind of channel to allocate, dedicated channel or public channel. Zhang & Huang Expires January 05, 2014 [Page 7] Internet-Draft Abbreviated-Title July 2013 If the RNC accepts the connection request, he will allocate radio resources to the user and set all the parameters. Then RNC will assign a temporary accessing network credential TANI and a random number RANDm to the user. When MS access this cell again, TANI will be used to represent the user identity, and RANDm will be used to avoid the replay of initial RRC connection request message. Form1(MS) Form2(RNC) +-------------------+ +----------------------------------------+ | CGI | RANDm| TANI | |ANI credential name| CGI | RANDm | TANI | |-------------------| |----------------------------------------| | CGI1|RANDm1| TANI1| | ANI1 | CGI1| RANDm1| TANI1| |-------------------| |----------------------------------------| | CGI2|RANDm2| TANI2| | ANI2 | CGI2| RANDm2| TANI2| |-------------------| |----------------------------------------| | ... | ... | ... | | ... | ... | ... | ... | |-------------------| |----------------------------------------| | CGIn|RANDmn| TANIn| | ANIn | CGIn| RANDmn| TANIn| |-------------------| |----------------------------------------| Figure 4 Forms of maintained record set by MS and RNC As figure 4, MS and RNC maintain Form1 and Form2 respectively. Form1 includes three attributes, that is, Cell Global Identifier CGI, random number RANDr and the TANI credential, which are used to store the random number and the TANI credential corresponding to a cell. Form2 includes four attributes, that is, credential name of ANI, Cell Global Identifier CGI, random number RANDm and the TANI credential, which are used to store the random number and the TANI credential distributed to each user by RNC. Each record in the Form1 and Form2 has a certain life time. If no update occurs during a stipulated time, the corresponding record will be deleted. To avoid producing two same initial RRC connection request during the update interval of RANDr, the hold time of each record in Form1 and Form2 SHOULD be much longer than the updating interval of RANDr. After the RNC completes the allocation of TANI and RANDm, he will perform logical operation: TANI xor hash(ANI||CGI||RANDr). Then, the RNC sends the RRC CONNECTION SETUP message to MS with the random number RANDm, the information of allocated radio resources and TANI xor hash(ANI||CGI||RANDr). 4) After MS receives a response message of RRC connection establishment, calculating that: Zhang & Huang Expires January 05, 2014 [Page 8] Internet-Draft Abbreviated-Title July 2013 TANI=(TANI xor hash(ANI||CGI||RANDr) ) xor hash(ANI||CGI||RANDr) When MS receives the random number RANDm, he will inquire the Form1 to define if there is the record about this cell. If none, we SHOULD build a new record. Otherwise we SHOULD find the corresponding record and update it. Then the MS sends RRC CONNECTION SETUP COMPLETE message to the RNC, confirming the completion of RRC connection establishment. 5) When the RNC receives the RRC connection establishment complete message, he will update the record in Form2 immediately. (2) if some information about the accessed cell is stored in USIM card, the process is as figure 5 shows. MS NodeB RNC | RRC CONNECTION REQUEST | | [TANI,f10(ANI credential name,RANDm,CGI)ms] | | -------------------------|---------------------------->| | | +-----------------------------+ | | | Admission judgement; RNTI | | | |allocation;parameter setting | | | +-----------------------------+ | | | +---|--------------------------|-----------------------------|---+ | +-----------------+ | RADIO LINK SETUP REQUEST | | | |Establish it on | | <---------------------------| | | |dedicated channel| | RADIO LINK SETUP RESPONSE | | | +-----------------+ | --------------------------->| | | +-----------------------------------+ | | | ALCAP SETUP AND ASYNCHRONIZATION | | | +-----------------------------------+ | +---|--------------------------|-----------------------------|---+ | | | +---|--------------------------|-----------------------------|---+ | +-----------------+ | +------------------------+ | | |Establish it on | | | Map the logical channel| | | | public channel | | | to a public channel | | | +-----------------+ | +------------------------+ | +---|--------------------------|-----------------------------|---+ | RRC CONNECTION SETUP COMPLETE | | [RANDnew] | | <------------------------|---------------------------- | | RRC CONNECTION SETUP | | -------------------------|---------------------------> | | | | Figure 5 The process of non-initializing RRC connection establishment Zhang & Huang Expires January 05, 2014 [Page 9] Internet-Draft Abbreviated-Title July 2013 1) The MS sends a RRC connection request message to the RNC: RRC CONNECTION REQUEST(TANI,f10(ANI credential name, RANDm,CGI)ms). The MS inquires the Form1 and extracts the corresponding random number RANDm. Then the MS computers the authentication data block f10(ANI credential name,RANDm,CGI)ms with the one-way function f10. 2) Upon receipt of the RRC connection request message, the RNC judges the legitimacy of this request message. First, the RNC inquires Form2 corresponding to TANI and computers the authentication block of RNC with f10. Then he will compares the received f10(ANI credential name,RANDm ,CGI)ms with f10(ANI credential name,RANDm ,CGI)rnc, if they match the RNC considers the RRC connection request message to be legal and is produced in real time, never being modified or redirected. Otherwise the RNC will consider the request to be illegal. 3) According to the resource situation and the request reason, the RNC determines whether to allocate radio resources to the user and which kind of channel to allocate, dedicated channel or public channel. Upon receipt of the connection request, the RNC allocates radio resources and a new random number RANDm to the legal user. Then he will send the RRC CONNECTION SETUP message to the MS with the RANDm and the information of the allocated radio resources. 4) Upon receipt of the RRC connection establishment message, the MS updates the record in Form1. Then the MS sends RRC CONNECTION SETUP COMPLETE message to the RNC, confirming the completion of the RRC connection establishment. 5) Upon receipt of the RRC connection establishment complete message, the MS updates the record in Form2. 4. Security Considerations Considering the security performance, in this profile, the improved RRC agreement can prevent malicious attack effectively. The specific analyses are as follow: (1) Resistance to replay attack In this profile, MS and RNC maintain a random number RANDm, and a new random number will be distributed to the user by RNC after a successful RRC connection. The MS extracts the random number from Form1 when launches a connection request, and RNC will decide whether Zhang & Huang Expires January 05, 2014 [Page 10] Internet-Draft Abbreviated-Title July 2013 the RRC connection request is replayed through the judgment of equation f10(ANI credential name,RANDm ,CGI)ms= f10(ANI credential name,RANDm,CGI)rnc. Moreover, there is a parameter RANDr in the initial RRC connection request message, which is broadcast by the RNC and updated in real time to ensure the difference of every initial RRC connection request message. (2) Resistance to the man-in-the-middle attack In this paper, the RRC connection request message contains a CGI. If a disguised base station serves as a middleman, the CGI in E(Kur,ANI||CGI||RANDr) or f10(ANI credential name,RANDm,CGI)ms will be different from the CGI which the RNC connects to. Once the RNC detects the attack, he will immediately refuse the connection request. (3)Resistance to the redirection attack If the attacker leads the user data into a network which do not provide encryption protection or the encryption strength is weak, the attack can easily intercept the user data and may also bring a charging attack on the user at the same time. In this profile, the resistance against this kind of attack is also through the CGI. Once the attacker use a disguised base station to redirect the user data, the RNC of foreign serving network will also judge the RRC connection request message. So,different CGI in the authentication data block will makes the network refuse the connection request. (4) Resistance to the Dos attack Previously researchers think that for UMTS network, DoS attack mainly consumes the resources in the core network, so some schemes focus on useing AKA agreement in the core network to prevent the DoS attack. These schemes ignore that when a DoS attack occurs, the attacker has occupied a large number of radio resources, which may lead the legal user not to get service normally. In this profile, we suggest that the identification the MS SHOULD be verified in the RRC connection establishment phase. The RRC connection is only for legal users. Therefore, attacker cannot launch the DoS attack through transmitting NAS information to the core network. Zhang & Huang Expires January 05, 2014 [Page 11] Internet-Draft Abbreviated-Title July 2013 5. Resource Considerations Comparing with the 3gpp standard, in this profile, the improved RRC agreement increases slightly the bandwidth resource consumption in access layer. However, the scheme provides the judgment on user identity in the access layer, which avoids providing radio resources to illegal users and saves the bandwidth resources in core network. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 6.2. Informative References [TR_21.905_3GPP] 3GPP TR 21.905 V11.3.0, "Technical Specification Group Services and System Aspects;Vocabulary for 3GPP Specifications(Release 11)", December 2012. [TS_25.331_3GPP] 3GPP TS 25.331 V11.4.0, "Technical Specification Group Radio Access Network;Radio Resource Control (RRC);Protocol specification(Release 11)", December 2012. Authors' Addresses Sha Zhang Southeast University N0.9, Mo Zhoudong street Nan Jing, Jiang Su Province 210096 RPC China Phone: 15251864199 Email: ShaZhangjs@aliyun.com Jie Huang Southeast University N0.9, Mo Zhoudong street Nan Jing, Jiang Su Province 210096 RPC China Phone: 13675178016 Email: jhuang@seu.edu.cn Zhang & Huang Expires January 05, 2014 [Page 12]