Wednesday 4 May 2011

New Security Algorithms in Release-11

I did mention in my earlier blog post about the new algorithm for 3GPP LTE-A Security. The good news is that this would be out hopefully in time for the Release-11.

The following from 3GPP Docs:

The current 3GPP specifications for LTE/SAE security support a flexible algorithm negotiation mechanism. There could be sixteen algorithms at most to support LTE/SAE confidentiality and integrity protection. In current phase, 3GPP defines that there are two algorithms used in EPS security, i.e. SNOW 3G and AES. The remaining values have been reserved for future use. So it is technically feasible for supporting new algorithm for LTE/SAE ciphering and integrity protection.

Different nations will have different policies for algorithm usage of communication system. The current defined EPS algorithm may not be used in some nations according to strict policies which depend on nation’s security laws. Meanwhile, operators shall implement their networks depending on national communication policies. To introduce a new algorithm for EPS security will give operators more alternatives to decide in order to obey national requirements.

Picture: Zu Chongzi
Picture Source: Wikipedia

Some work has been done to adapt LTE security to national requirements about cryptography of LTE/SAE system, i.e. designing a new algorithm of EPS security, which is named ZUC (i.e. Zu Chongzhi, a famous Chinese scientist name in history). Certainly the new algorithm should be fundamentally different from SNOW 3G and AES, so that an attack on one algorithm is very unlikely to translate into an attack on the other.

The objective of this work item is to standardise a new algorithm in EPS. This will include the following tasks:
To develop new algorithms for confidentiality and integrity protection for E-UTRAN
To enable operators to quickly start to support the new algorithm
Not to introduce any obstacle for R8 roaming UE

The following issues should at least be handled in the WI:
Agree requirement specification with ETSI SAGE for development of new algorithms
Delivery of algorithm specification, test data and design and evaluation reports

The algorithm is provided for 3GPP usage on royalty-free basis.

The algorithm shall undergo a sequential three-stage evaluation process involving first ETSI SAGE, then selected teams of cryptanalysts from academia and finally the general public.

The documents related to the EEA3 and EIA3 algorithm could be downloaded from here.

If you are new to LTE Security, the following can be used as starting point:

No comments: