top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How H(e)NB are authenticated in LTE/SAE?

+5 votes

How the AKA procedure in H(e)NBs are peformed?

posted Apr 12, 2014 by Hafeth Dawbaa

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+2 votes

Home EnodeB can face the following security threats (listing only few high level)

  1. Compromise of HeNB credentials e.g. cloning of credentials
  2. Physical attacks on HeNB e.g. physical tampering
  3. Configuration attacks on HeNB e.g. fraudulent software updates
  4. Protocol attacks on HeNB e.g. man-in-the-middle attacks
  5. Attacks against the core network e.g. Denial of service
  6. Attacks against user data and identity privacy e.g. by eavesdropping
  7. Attacks against radio resources and management

I would suggest that you go through the section 7.4.2 which describes the AKA procedure in detail and in case if you are not clear about any point please feel free to ask. I am attaching the image from the specification which describes EAP-AKA based Device Authentication followed by EAP-AKA HP Authentication.

EAP-AKA based Device Authentication followed by EAP-AKA HP Authentication

However I would suggest to go through the TS 33.401 also.

answer Apr 13, 2014 by Meenal Mishra
Thank you Meenal for your help. But my question was about the procedure of authenticating an HeNB to a LTE network. How the network decide whether this device is legitimate to access the CN entities or not.
Can you raise a separate question for the same by defining the complete requirement so that bigger crowd can participate.
Similar Questions
+3 votes

I am looking at the EPS authentication, can someone please explain in detail?

+1 vote

I use a git server which requires authentication over https. Git seems determined to always try an unauthenticated request first, slowing down operations by a couple seconds.

Is there a way to configure git to default to authenticated requests?

+2 votes

If the answer is not then list provide the list of features than can be deferred for home eNodeB and what are the reasons not supporting a particular feature at the Home eNodeB ?