Secure device-to-device LTE-A links could offload network traffic
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
Beside femto and pico-cells, there is another method that has yet to be capitalized on, namely direct connectivity between clients in close proximity. A key motivation for D2D connectivity is its potential for operators to offload traffic from the core network as shown in Figure 1, and the framework for a new communication paradigm to support social networking through localization, which cannot be supported by current solutions due to their configuration complexity.
Figure 1: D2D Communication
3GPP recently finished a feasibility study on Proximity Service (ProSe) in the LTE-A release 12. So far, many researches are focused on node discovery, radio resource management, and so on. The issue of security is less well addressed. We propose a D2D security framework including architecture, requirements and potential solutions.
Security architecture
Figure 2 Security architecture for LTE Proximity Service
Based on the security architecture and the Proximity Services (ProSe) reference model as defined in Release-12 of 3GPP, we propose the ProSe security architecture illustrated in Figure 2 including five security feature groups:
· Network access security (1): protection against attacks on the radio access link;
· Network domain security (2): protection against attacks on wire-line network;
· User domain security (3): secures the access to mobile stations;
· Application domain security (4): end-to-end security between the application on users and on servers;
· Visibility and configuration security (5): the set of features controls the availability and configuration of security services.
Security requirements
Since D2D service is an add-on feature of LTE-A, its security solution requires
· (Req-1) Reusing the existing LTE-A security mechanisms as much as possible, so as to reduce the deployment cost.
The major feature of D2D is the new radio link between UEs, which is the most vulnerable part facing eaves-dropping, impersonal attack, active attacks, etc. Hence the second requirement is
· (Req-2) Secure connection between UEs to against any passive or active attacks.
Moreover, D2D service has introduced a new module ProSe Function in the core network, which interacts with other network elements via wire-line and is responsible for storing user-specific configuration, authorize node discovery, etc. Hence, the third requirement is
· (Req-3) Secure connection between ProSe function and other network elements in the core network.
Last but not least, some D2D services (e.g. social networking) are controlled by applications, which introduce two more requirements
· (Req-4) Secure connection between the ProSe application server and the network, between the server and end-user application.
· (Req-5) Protect not only the communication contents, but also user privacy, which may be leaked as side information during the communication. For example, in social networking applications, the security solution should allow users’ to connect with their friends without revealing their friend-relationship to any intruder.
Potential solutions
According to Req-1, by reusing existing network and application domain security schemes such as IPsec, the thread against ProSe function (Req-3) and ProSe application server (Req-4) could be handled. Most existing network access security schemes can be reused to protect the new direct radio link (Req-2) accompanied by new authentication and key distribution schemes Besides, protecting user-privacy (Req-5) will be an interesting research topic. Homomorphic encryption which has been recommended for cloud computing may be a possible solution.
Bio
Shahid Mumtaz is Senior Researcher at the Instituto de Telecomunicações (4Tell Group). He can be reached at smumtaz@av.it.pt
14.00
800×600
Normal
0
false
false
false
EN-GB
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
