How a mobile network is connected to the Internet
How a mobile network is connected to the Internet
Have you ever wonder how you can get an internet access using only your phone, even without a WiFi connection ?
First of all, the way to connect is not the same for 4G and 5G networks (I will only talk about these two technologies here), indeed, 5G brings a lot of new features and the “5G Core” is changing from the “4G Core”.
4G Network
In 4G you are using a chip which is called a SIM (Subscriber Identification Module) card, this card contains your IMSI (International Mobile Subscriber Identity). Usually, you put this card in your mobile phone (can also be an IoT device, tablet, etc…). This device is called a UE (User Equipment), or terminal but I am gonna use the anme UE for this topic.
The UE has to connect to an eNodeB to access the network, which is an antenna with some emitters and receivers in a box next to the mast.
Diagram of a base station (eNB)
These eNodeB’s are close enought to each other to ensure a permanent connection to an UE, even if the device is moving. They are all connected to the mobile network operator’s IP network (or 4G Core). This network is composed of different interfaces, such as:
- HSS (Home Subscriber Server)
- Main database which contains all the data related to the users subscription, their IMSI to identify them on the network, and some data related on the location, security, status and profile of the user.
- MME (Mobility Management Entity)
- Database which is connected with some of the eNB’s, they store the inforamtions from the users in their area, to not overload the HSS of requests.
- EIR (Equipment Identity Register)
- Database to blacklist cloned or stolen phones by their IMEI.
- PGW (Packet Data Network Gateway or Packet Gateway)
- It constitutes a single gateway between the operator’s IP network and the Internet. It also provides some security functions.
- SGW (Serving Gateway)
- Its main function is routing and forwarding of user data packets. It is the entry point of data traffic for UE’s and it connects UE’s and PGW’s
- PCRF (Policy and Charging Rules Function)
- For Quality of Service (i.e. manage how much data an user is able to use)
These equipments are connected as follows:
Most of the interfaces I described are visible here, and you can see how they are connected to each other.
It’s important to make a difference between the user plane traffic, which are the profile, status, location of an user and the control plane traffic which are the packets of a video, or a web page. These different data never communicate which each other.
User plane traffic is represented with the blue lines, and control plane traffic is represented with the yellow lines, above.
On your first connection the MME doesn’t know you yet, only the HSS stores your information, and you don’t have an IP address.
Here you can see what is happening at your first connection.
4G Security
I wanna talk a little bit about security, because it is extremely important. Let’s see different solutions for the following potential issues:
- Fraudulent use of the network
- Solution: authentication
- Traffic sniffing
- Solution: Encryption
- Data changes (changing the IP address on the attachment)
- Solution: Integrity
- Follow/Locate an UE
- Solution: Temporary identity
Authentication
A number k is stored on both SIM card and HSS, and this number is only known by these.
On authentication, the IMSI is sent to the HSS in clear text, then the HSS creates a challenge with k and a random number defined by the HSS.
With the encryption function f(RAND, k) the HSS creates the expected response (XRES).
The HSS sends the XRES and the random number (RAND) to the MME, which saves XRES and sends RAND to the UE.
Then, using f(RAND, k) the UE creates a response (RES) using the provided RAND and k.
(If the number k of that SIM card is the same number k that the one stored in the database of the HSS, RES equals to XRES).
But using only this technique will result in some security issues. That’s why there are some additionnal protections.
Assume that an attacker created a fake network to be trusted by the UE, in this case the authentication method used so far isn’t strong enough. We have to add an extra layer of security, which is to check on the UE side that the mobile network operator’s IP network is a trusted network.
In order to do that, we will need an Authentication Token (AUTN) which is generated by the HSS using the function “g(RAND, K)“ (which is not the same that the function used to create XRES !).
AUTN is sent with XRES and RAND to the MME, which sends AUTN and RAND to the UE.
The UE is able to perform g(RAND, K), which means that it is able to verify the IP network. If the network is identified as safe, the UE sends the RESponse to the MME to be verified, and authenticated.
But… this configuration is vulnerable to a MITM (Man In The Middle) attack. Indeed, the attacker can easily listen to the Network, save the values of RAND and AUTN and pretend to be the real Network while sending these values to the victim’s UE. To prevent that, two successive authentications must lead to two different results. So we are gonna use a new parameter called SQN (SeQuence Number) in our request.
(This is done two times, to be sure that SQN changed)
Now, g() = g(RABD, K, SQN).
This parameter is gonna increment, and the UE can verify that SQN, which is provided in AUTN using the function g(), doesn’t have the same value than before.
If eveything is okay, the UE and the Network are authenticated by each other and they can now communicate.
Encryption
The best way to prevent an attacker to get our messages is to encrypt them, so he cannot read them. Here the data is encrypted using XOR () which has two parameters as input.
- The data to encrypt
- An encryption sequence, generated by a strong encryption algorithm using a key called Kenc
If there is a lot of data to send, this data is sliced into different packets.
The encryption sequence is the result of a strong encryption algorithm, such as SNOW 3G for 3G, or AES (which is the best choice). No encryption can also be used, but it has to be for network testing ONLY !
For some security reasons, each packet has to be encrypted with a different encryption sequence.
To never have the same encryption sequence, five parameters that can change from a packet to another are given to the encryption algorithm:
- Kenc (RAND, key k)
- Packet Number
- Bearer
- Direction (Ascending, Descending)
- Packet size
The algorithm to use and the encryption key are negociated during the UE’s authentication process. This key is the same during the whole data exchange (i.e. a web session).
The data is encrypted by the eNB and decrypted by the UE.
Or, it is encrypted by the UE and decrypted by the eNB.
Integrity
It is important to verify the integrity of a message to be sure that it comes from the right place (i.e. facebook.com) and not from a malicious person. Also, it permits to verify if the message was not modified on his way between the server (facebook in my example) and the client (you, me). Due to a MITM attack for example.
To do this, for each data frame we add some bytes of information to it. These bytes are calculated with a hashing algorithm. They are called Message Authentication Code (MAC, but this has nothing to do with the MAC address of the physical layer of the OSI model). This code is coded on 21 bits for LTE networks.
This Code is calculated using the message to transmit, and then it is attached at the end of the message.
After that the message is checked by re-calculating the MAC code, and comparing it to the sended MAC code inside the received data.
Note that this process is only used for control plane traffic (such as the data from a website going through a SGW/PGW) and never for user plane traffic (data from the HSS).
But, just like the Encryption Sequence, the MAC must be always different. In order to do that, an encryption algorithm is used again.
But this time, the key is called Kint and one of the parameters is the message (instead of the packet length).
The encryption algorithm can be SNOW 3G, for 3G networks, but usually it is AES.
The MAC code is added to the Packet, encrypted, and sent.
Secret Key Generation
As you can see, the are some different secret keys for encryption. And there are a lot.
Let’s see how these are generated, and what they are for.
We have only one unique key K (constant) which is only stored inside the UE’s SIM card and the HSS. The HSS gives a key called Kasme (Access Security Management Entity) to the MME, so it isn’t asked everytime someone needs to calculate a new key, this is now the responsibility of the MME’s. Of course, during this process the HSS asks for the identity of the network which is asking him a key.
Kasme is now the main key for all the other keys, they are calculated using this key and some other parameters, with an encryption algorithm.
Temporary Identity
The very first connection transfers (authentication) the IMSI in clear text, because at that moment it is not yet possible to encrypt the data transfer (between the UE and the eNB).
After the authentication and when the encryption is set, an identifier called TMSI (Temporary Mobile Subscriber Identity) is sent to the UE, which is his new identifier for all the upcomming communications. The TMSI is allocated by the current MME and the mobile operator can choose when this identifier is renewed. The TMSI is changed when a new MME is used, or when the SIM card is removed, for example.
The TMSI is coded on 4 bytes (32 bits), but is not unique, two different MME’s can use the same TMSI to identify two different UE’s. That’s why the GUTI was created, it is the Globally Unique Temporary Identifier and is larger than the TMSI. The GUTI permits to the network to get the MME which allocated the TMSI.
Here’s what the GUTI looks like :
Due to these parameters, the GUTI is a worldwide unique identifier for an UE, and can be changed at any time by an MME.
On a connection between the UE and the Network, the UE sends the GUTI and the MME is the only one which can link the GUTI and the IMSI of the subscriber. When When the UE wants to connect to the network, he sends his GUTI with his message, the MME checks the GUTI with the IMSI and then the MME checks the sended message to verify it’s integrity. If everything is okay, the UE is successfully authenticated. The MME activates the encryption and generates all the necessary keys on the eNB to ensure a secure connection.
Note that during this process, the HSS is not solicited and it suffers less traffic.
If the UE changes his position and has to use a new MME, this new MME can identify and find the previous used MME using the GUTI and find the TMSI. And the UE can have a secure connection and doesn’t have to establish a whole new authentication process. And the HSS is not solicited.
5G Networks
Now we have seen how a 4G network works (globally), we can compare it to the fifth generation network.
But this article is long enough, and I wanna talk about 5G in a dedicated post.
See you!