How H(e)NB are authenticated in LTE/SAE?

Question

How the AKA procedure in H(e)NBs are peformed?

Answer 1

Home EnodeB can face the following security threats (listing only few high level)

1. Compromise of HeNB credentials e.g. cloning of credentials
2. Physical attacks on HeNB e.g. physical tampering
3. Configuration attacks on HeNB e.g. fraudulent software updates
4. Protocol attacks on HeNB e.g. man-in-the-middle attacks
5. Attacks against the core network e.g. Denial of service
6. Attacks against user data and identity privacy e.g. by eavesdropping
7. Attacks against radio resources and management

I would suggest that you go through the http://www.3gpp.org/ftp/Specs/archive/33_series/33.820/33820-820.zip section 7.4.2 which describes the AKA procedure in detail and in case if you are not clear about any point please feel free to ask. I am attaching the image from the specification which describes EAP-AKA based Device Authentication followed by EAP-AKA HP Authentication.

However I would suggest to go through the TS 33.401 also.

Comments

Thank you Meenal for your help. But my question was about the procedure of authenticating an HeNB to a LTE network. How the network decide whether this device is legitimate to access the CN entities or not.

---

Can you raise a separate question for the same by defining the complete requirement so that bigger crowd can participate.