Common requirements for femtocell

Common requirements for femtocell

Based on this menace analysis, the security demands for Femtocell can be summarized as follows:

1 ) Merely strong hallmark algorithms shall be used for ( Threats 1, 12 ) .

2 ) Link protection mechanism between the Security Gateway and the Femtocell shall be of equal cryptanalytic strength. All traffic shall be unity protected and should be confidentiality protected. ( Threat 1, 5 ) .

3 ) Femtocell hallmark certificates shall be stored inside a secure sphere i.e. from which foreigner can non recover or clone the certificates ( Threats 2, 3, 4, 12 ) .

4 ) The UE should bespeak to the user when it camps on Femtocell. User should be notified ( or give his/her expressed credence ) when he/she is added to the entree list of a closed Femtocell ( Threats 3, 4, 9, 10 ) .

5 ) Femtocell and the Security Gateway shall reciprocally authenticate each other, including the first initial contact ( Threat 1, 5, 12 ) .

6 ) The booting procedure of the Femtocell shall be to boot secured by cryptanalytic agencies ( Threat 6 ) .

7 ) Software updates and constellation alterations for the Femtocell shall be cryptographically signed ( by operator or Femtocell supplier ) and verified constellation alterations shall be authorized by Femtocell operator or provider ( Threat 7 ) .

8 ) Unprotected sensitive informations should ne’er go forth a secure sphere indoors Femtocell ( Threats 8, 9, 10 ) .

9 ) It shall be possible for the operator to lock the Femtocell service to a specific geographical location. It shall be possible to disenable the Femtocell if it has been detected to be located at an unauthorised location. ( Threat 4, 11 )

10 ) UE ‘s shall, unless executing an exigency call, be authenticated and authorized by the user place web before having service from the Femtocell ( Threat 5, 13 ) .

11 ) The security solution shall be compatible withcommon web reference and port translationvariations, every bit good as support firewall traverse ( Threat 14 ) .

12 ) Unauthorized traffic shall be filtered out on the links between the Security Gateway and the Femtocell ( Threats 15, 16 ) .

13 ) Femtocell should be run with minimised web services ( handicapped or firewalled ) , and trial habitue for a firmly verifiable system province ( Threat 17 )

14 ) Entree to Femtocell remote direction interface by the operator, shall necessitate hallmark and mandate and shall non let alteration to user controlled information unless the user gives their permission ( Threat 19 ) .

15 ) ACL ( Access Control lists ) should be created and modified by authorised party merely ( Threat 20 ) .

16 ) The operator shall hold agencies to command the CSG constellation ( Threat 22 ) .

17 ) It shall non be possible to overrule the operator ‘s policy at a Femtocell ( Threat 23 )

18 ) It shall non be possible to pull strings location information of a Femtocell ( Threat 24 ) .

19 ) The hallmark certificate ( s ) of each Femtocell shall be alone ( Threat 5 ) .

20 ) Angstrom mechanism shall be provided to curtail the figure of coincident connexions between a particular Femtocell individuality and the Femtocell place Network. ( Threat 4 )

21 ) Merely authorized end-users shall be able to bespeak alterations to rank of the Closed Subscriber Group. Operator cheques those petitions and implements alterations if accepted. Merely the Femtocell operator shall be able to enable “open mode” ( if supported ) . ( Threat 3, 4, 9, 10 )

22 ) Enforcement of Femtocell entree to Closed Subscriber Group members shall non trust entirely on entree control methods implemented within the Femtocell itself. Alternatively the nucleus web shall be able to look into that merely nomadic users in the relevant Closed Subscriber Group can entree services via a specific Femtocell. ( Threat 12 )

23 ) Entree to Femtocell local direction interface by the Femtocell proprietor if allowed by the operator, shall necessitate hallmark and mandate and shall non let alteration to operator controlled information, e.g. Femtocell licensed wireless interface parametric quantities. If the operator allows local direction entree by the Femtocell proprietor, The Femtocell proprietor shall be able to choose the mandate watchword. ( Threat 6, 7, 21 )

24 ) Femtocell enclosure should supply indicant of physical meddling ( e.g. ocular or hearable ) . ( Threat 8 )

25 ) IMSI of users connected to Femtocell affiliated users must non be revealed to the Hosting party of the Femtocell ( Threat 18 )

26 ) a. Communication between clip waiter and Femtocell should be provided equal protection. ( Threat 25 )

B. The TrE should be able to verify both freshness and unity of clip information from the web. ( Threat 25 )

Editors Note: Addition of demand 26b is FFS. This demand needs to be revisited one time the TrE definition is agreed.

27 ) The execution of a Femtocell must be robust against Environmental onslaughts ( Threat 26 )

28 ) Confidentiality and unity protection shall be provided to OAM traffic between Femtocell and the OAM Server in the operator web ( Threat 27 ) .

29 ) OAM waiter and/or operator web should be able to measure the trustiness of the Femtocell ‘s province and its capablenesss for secure communicating with OAM ( Threat 27 ) .

30 ) IMSI petition over the air in clear ( without encoding ) should merely be performed when no other agencies are available to bring UE individuality ( Threat 18 ) .

31 ) The Femtocell SeGW or other web entity in CN should obtain the related profile information to look into whether the Femtocell can entree the web. ( Threat 28 )

32 ) Access control should be performed even during handover. ( Threat 29 )

Specific Requirements For HeNB

3GPP TS 33.401 [ 15 ] introduces in clause 5.3 general security demands for all types of eNBs. These are basic demands which shall be fulfilled by all types of eNBs. Thus this papers has to see all demands given in that clause and more elaborate in clauses 11, 12 and 13 of [ 15 ] for eNB security.

foliages it explicitly to other paperss to stipulate more rigorous demands, if seen appropriate at that place. Thus this mention to [ 15 ] does non curtail the current papers, every bit long as all demands of [ 15 ] are still kept.

Note: To avoid duplicate of text from [ 15 ] in this papers, the elaborate demands of [ 15 ] are non repeated here.

Countermeasures For Femtocell

Based on these demands, the countermeasures can carry through the demands can be summarized as follows:

1 ) Mutual hallmark and Security tunnel constitution mechanisms

2 ) TrE of Femtocell

3 ) Access Control mechanisms

4 ) Location Locking mechanisms

5 ) Clock Synchronization Security mechanisms

6 ) Security mechanisms for OAM

7 ) Protections mechanisms for Environmental Security of Femtocell

8 ) User hallmark mechanism

9 ) HPM hallmark ( If used )