Arsitektur 5G: Security dan Mobility - Revision history

Onnowpurbo at 09:41, 26 October 2022

2022-10-26T09:41:51Z

Onnowpurbo at 09:41, 26 October 2022

2022-10-26T09:41:21Z

Onnowpurbo at 09:21, 26 October 2022

2022-10-26T09:21:26Z

Onnowpurbo at 09:11, 26 October 2022

2022-10-26T09:11:10Z

Onnowpurbo at 07:19, 26 October 2022

2022-10-26T07:19:38Z

Onnowpurbo at 07:15, 26 October 2022

2022-10-26T07:15:13Z

Onnowpurbo: Created page with "We now take a closer look at two unique features of the cellular network—its support for security and mobility—both of which differentiate it from WiFi. The following also..."

2022-10-26T03:25:17Z

Created page with "We now take a closer look at two unique features of the cellular network—its support for security and mobility—both of which differentiate it from WiFi. The following also..."

New page

We now take a closer look at two unique features of the cellular network—its support for security and mobility—both of which differentiate it from WiFi. The following also serves to fill in some details about how each individual UE connects to the network.

We start with the security architecture, which is grounded in two trust assumptions. First, each Base Station trusts that it is connected to the Mobile Core by a secure private network, over which it establishes the tunnels introduced in Figure 11: a GTP/UDP/IP tunnel to the Core’s User Plane (Core-UP) and a SCTP/IP tunnel to the Core’s Control Plane (Core-CP). Second, each UE has an operator-provided SIM card, which uniquely identifies the subscriber (i.e., phone number) and establishes the radio parameters (e.g., frequency band) needed to communicate with that operator’s Base Stations. The SIM card also includes a secret key that the UE uses to authenticate itself.

_images/Slide34.png
Figure 16. Sequence of steps to establish secure Control and User Plane channels.

With this starting point, Figure 16 shows the per-UE connection sequence. When a UE first becomes active, it communicates with a nearby Base Station over a temporary (unauthenticated) radio link (Step 1). The Base Station forwards the request to the Core-CP over the existing tunnel, and the Core-CP (specifically, the MME in 4G and the AMF in 5G) initiates an authentication protocol with the UE (Step 2). 3GPP identifies a set of options for authentication and encryption, where the actual protocols used are an implementation choice. For example, Advanced Encryption Standard (AES) is one of the options for encryption. Note that this authentication exchange is initially in the clear since the Base Station to UE link is not yet secure.

Once the UE and Core-CP are satisfied with each other’s identity, the Core-CP informs the other components of the parameters they will need to service the UE (Step 3). This includes: (a) instructing the Core-UP to initialize the user plane (e.g., assign an IP address to the UE and set the appropriate QCI parameter); (b) instructing the Base Station to establish an encrypted channel to the UE; and (c) giving the UE the symmetric key it will need to use the encrypted channel with the Base Station. The symmetric key is encrypted using the public key of the UE (so only the UE can decrypt it, using its secret key). Once complete, the UE can use the end-to-end user plane channel through the Core-UP (Step 4).

There are three additional details of note about this process. First, the secure control channel between the UE and the Core-CP set up during Step 2 remains available, and is used by the Core-CP to send additional control instructions to the UE during the course of the session.

Second, the user plane channel established during Step 4 is referred to as the Default Bearer Service, but additional channels can be established between the UE and Core-UP, each with a potentially different QCI value. This might be done on an application-by-application basis, for example, under the control of the Mobile Core doing Deep Packet Inspection (DPI) on the traffic, looking for flows that require special treatment.

_images/Slide35.png
Figure 17. Sequence of per-hop tunnels involved in an end-to-end User Plane channel.

Third, while the resulting user plane channels are logically end-to-end, each is actually implemented as a sequence of per-hop tunnels, as illustrated in Figure 17. (The figure shows the SGW and PGW from the 4G Mobile Core to make the example more concrete.) This means each component on the end-to-end path terminates a downstream tunnel using one local identifier for a given UE, and initiates an upstream tunnel using a second local identifier for that UE. In practice, these per-flow tunnels are often bundled into an single inter-component tunnel, which makes it impossible to differentiate the level of service given to any particular end-to-end UE channel. This is a limitation of 4G that 5G has ambitions to correct.

Support for mobility can now be understood as the process of re-executing one or more of the steps shown in Figure 16 as the UE moves throughout the RAN. The unauthenticated link indicated by (1) allows the UE to be known to all Base Station within range. (We refer to these as potential links in later chapters.) Based on the signal’s measured CQI, the Base Stations communicate directly with each other to make a handover decision. Once made, the decision is then communicated to the Mobile Core, re-triggering the setup functions indicated by (3), which in turn re-builds the user plane tunnel between the Base Station and the SGW shown in Figure 17 (or correspondingly, between the Base Station and the UPF in 5G). One of the most unique features of the cellular network is that the Mobile Core’s user plane (e.g., UPF in 5G) buffers data during the handover transition, avoiding dropped packets and subsequent end-to-end retransmissions.

In other words, the cellular network maintains the UE session in the face of mobility (corresponding to the control and data channels depicted by (2) and (4) in Figure 16, respectively), but it is able to do so only when the same Mobile Core serves the UE (i.e., only the Base Station changes). This would typically be the case for a UE moving within a metropolitan area. Moving between metro areas—and hence, between Mobile Cores—is indistinguishable from power cycling a UE. The UE is assigned a new IP address and no attempt is made to buffer and subsequently deliver in-flight data. Independent of mobility, but relevant to this discussion, any UE that becomes inactive for a period of time also loses its session, with a new session established and a new IP address assigned when the UE becomes active again.

Note that this session-based approach can be traced to the cellular network’s roots as a connection-oriented network. An interesting thought experiment is whether the Mobile Core will continue to evolve so as to better match the connectionless assumptions of the Internet protocols that typically run on top of it.

← Older revision		Revision as of 09:41, 26 October 2022
Line 29:		Line 29:

	Perhatikan bahwa pendekatan session-based ini dapat dilacak ke akar jaringan seluler sebagai jaringan connection-oriented. Eksperimen pemikiran yang menarik adalah apakah Mobile Core akan terus berkembang sehingga lebih cocok dengan asumsi connectionless dari protokol Internet yang biasanya berjalan di atasnya.		Perhatikan bahwa pendekatan session-based ini dapat dilacak ke akar jaringan seluler sebagai jaringan connection-oriented. Eksperimen pemikiran yang menarik adalah apakah Mobile Core akan terus berkembang sehingga lebih cocok dengan asumsi connectionless dari protokol Internet yang biasanya berjalan di atasnya.
		+
		+
		+	==Pranala Menarik==
		+
		+	* [[5G]]

@@ Line 22: / Line 22: @@
 [[File:Slide35.png|center|300px|thumb|Gambar 17. Sequence of per-hop tunnels involved in an end-to-end User Plane channel]]
-Third, while the resulting user plane channels are logically end-to-end, each is actually implemented as a sequence of per-hop tunnels, as illustrated in Figure 17. (The figure shows the SGW and PGW from the 4G Mobile Core to make the example more concrete.) This means each component on the end-to-end path terminates a downstream tunnel using one local identifier for a given UE, and initiates an upstream tunnel using a second local identifier for that UE. In practice, these per-flow tunnels are often bundled into an single inter-component tunnel, which makes it impossible to differentiate the level of service given to any particular end-to-end UE channel. This is a limitation of 4G that 5G has ambitions to correct.
+* Ketiga, sementara user plane channel yang dihasilkan secara logis end-to-end, masing-masing sebenarnya diimplementasikan sebagai urutan tunnel per-hop, seperti yang diilustrasikan pada Gambar 17. (Gambar menunjukkan SGW dan PGW dari 4G Mobile Core untuk membuat contoh lebih konkrit.) Ini berarti setiap komponen pada jalur end-to-end mengakhiri downstream tunnel  menggunakan satu pengenal lokal untuk UE tertentu, dan memulai upstream tunnel menggunakan pengenal lokal kedua untuk UE tersebut. Dalam praktiknya, tunnel per-flow ini sering digabungkan menjadi satu tunnel inter-component, yang membuat tidak mungkin untuk membedakan tingkat layanan yang diberikan ke end-to-end UE channel tertentu. Ini adalah batasan 4G yang ingin diperbaiki oleh 5G.
-Ketiga, sementara saluran bidang pengguna yang dihasilkan secara logis end-to-end, masing-masing sebenarnya diimplementasikan sebagai urutan terowongan per-hop, seperti yang diilustrasikan pada Gambar 17. (Gambar menunjukkan SGW dan PGW dari 4G Mobile Core untuk membuat contoh lebih konkret.) Ini berarti setiap komponen pada jalur ujung ke ujung mengakhiri terowongan hilir menggunakan satu pengenal lokal untuk UE tertentu, dan memulai terowongan hulu menggunakan pengenal lokal kedua untuk UE itu. Dalam praktiknya, terowongan per aliran ini sering digabungkan menjadi satu terowongan antar komponen, yang membuat tidak mungkin untuk membedakan tingkat layanan yang diberikan ke saluran UE ujung ke ujung tertentu. Ini adalah batasan 4G yang ingin diperbaiki oleh 5G.
+Dengan kata lain, jaringan seluler mempertahankan sesi UE dalam menghadapi mobilitas (sesuai dengan kontrol dan saluran data yang digambarkan oleh (2) dan (4) pada Gambar 16, masing-masing), tetapi hanya dapat melakukannya ketika Mobile Core yang sama melayani UE (yaitu, hanya Base Station yang berubah). Ini biasanya terjadi pada UE yang bergerak di dalam area metropolitan. Bergerak di antara area metro—dan karenanya, di antara Mobile Cores—tidak dapat dibedakan dari siklus daya UE. UE diberi alamat IP baru dan tidak ada upaya yang dilakukan untuk buffer dan kemudian mengirimkan in-flight data. Terlepas dari mobilitas, tetapi relevan dengan diskusi ini, setiap UE yang menjadi tidak aktif untuk jangka waktu tertentu juga kehilangan sesinya, dengan sesi baru yang dibuat dan alamat IP baru yang ditetapkan ketika UE menjadi aktif kembali.
+Perhatikan bahwa pendekatan session-based ini dapat dilacak ke akar jaringan seluler sebagai jaringan connection-oriented. Eksperimen pemikiran yang menarik adalah apakah Mobile Core akan terus berkembang sehingga lebih cocok dengan asumsi connectionless dari protokol Internet yang biasanya berjalan di atasnya.

@@ Line 10: / Line 10: @@
 * (a) menginstruksikan Core-UP untuk menginisialisasi bidang pengguna (misalnya, menetapkan alamat IP ke UE dan mengatur parameter QCI yang sesuai);
 * (b) menginstruksikan Base Station untuk membuat saluran terenkripsi ke UE; dan
-* (c) memberikan UE kunci simetris yang diperlukan untuk menggunakan saluran terenkripsi dengan Base Station. Kunci simetris dienkripsi menggunakan kunci publik UE (jadi hanya UE yang dapat mendekripsinya, menggunakan kunci private-nya). Setelah selesai, UE dapat menggunakan end-to-end user plane channel melalui Core-UP (Langkah 4).
+* (c) memberikan UE kunci simetris yang diperlukan untuk menggunakan saluran terenkripsi dengan Base Station. Kunci simetris dienkripsi menggunakan kunci publik UE (jadi hanya UE yang dapat mendekripsinya, menggunakan kunci private-nya).
-There are three additional details of note about this process. First, the secure control channel between the UE and the Core-CP set up during Step 2 remains available, and is used by the Core-CP to send additional control instructions to the UE during the course of the session.
+* Kedua, user plane channel yang dibuat selama Langkah 4 disebut sebagai Default Bearer Service, tetapi channel tambahan dapat dibuat antara UE dan Core-UP, masing-masing dengan nilai QCI yang berpotensi berbeda. Ini mungkin dilakukan berdasarkan aplikasi demi aplikasi, misalnya, di bawah kendali Mobile Core melakukan Deep Packet Inspection (DPI) pada lalu lintas, mencari aliran yang memerlukan perlakuan khusus.
@@ Line 22: / Line 23: @@
 Third, while the resulting user plane channels are logically end-to-end, each is actually implemented as a sequence of per-hop tunnels, as illustrated in Figure 17. (The figure shows the SGW and PGW from the 4G Mobile Core to make the example more concrete.) This means each component on the end-to-end path terminates a downstream tunnel using one local identifier for a given UE, and initiates an upstream tunnel using a second local identifier for that UE. In practice, these per-flow tunnels are often bundled into an single inter-component tunnel, which makes it impossible to differentiate the level of service given to any particular end-to-end UE channel. This is a limitation of 4G that 5G has ambitions to correct.
 Support for mobility can now be understood as the process of re-executing one or more of the steps shown in Figure 16 as the UE moves throughout the RAN. The unauthenticated link indicated by (1) allows the UE to be known to all Base Station within range. (We refer to these as potential links in later chapters.) Based on the signal’s measured CQI, the Base Stations communicate directly with each other to make a handover decision. Once made, the decision is then communicated to the Mobile Core, re-triggering the setup functions indicated by (3), which in turn re-builds the user plane tunnel between the Base Station and the SGW shown in Figure 17 (or correspondingly, between the Base Station and the UPF in 5G). One of the most unique features of the cellular network is that the Mobile Core’s user plane (e.g., UPF in 5G) buffers data during the handover transition, avoiding dropped packets and subsequent end-to-end retransmissions.
 In other words, the cellular network maintains the UE session in the face of mobility (corresponding to the control and data channels depicted by (2) and (4) in Figure 16, respectively), but it is able to do so only when the same Mobile Core serves the UE (i.e., only the Base Station changes). This would typically be the case for a UE moving within a metropolitan area. Moving between metro areas—and hence, between Mobile Cores—is indistinguishable from power cycling a UE. The UE is assigned a new IP address and no attempt is made to buffer and subsequently deliver in-flight data. Independent of mobility, but relevant to this discussion, any UE that becomes inactive for a period of time also loses its session, with a new session established and a new IP address assigned when the UE becomes active again.
 Note that this session-based approach can be traced to the cellular network’s roots as a connection-oriented network. An interesting thought experiment is whether the Mobile Core will continue to evolve so as to better match the connectionless assumptions of the Internet protocols that typically run on top of it.

@@ Line 1: / Line 1: @@
-Sekarang kita melihat lebih dekat dua fitur unik dari jaringan seluler—dukungannya untuk keamanan dan mobilitas—keduanya membedakannya dari WiFi. Berikut ini juga berfungsi untuk mengisi beberapa detail tentang bagaimana masing-masing UE terhubung ke jaringan.
+Sekarang kita melihat lebih dekat dua fitur unik dari jaringan seluler—dukungannya untuk keamanan dan mobilitas—kedua fitur ini yang akan membedakan jaringan selular dengan WiFi. Berikut ini juga berfungsi untuk mengisi beberapa detail tentang bagaimana masing-masing UE terhubung ke jaringan.
-Kita mulai dengan arsitektur keamanan, yang didasarkan pada dua asumsi kepercayaan. Pertama, setiap Base Station percaya bahwa ia terhubung ke Mobile Core oleh private network yang aman, di mana ia membangun tunnel yang diperkenalkan pada Gambar 11: terowongan GTP/UDP/IP ke Core's User Plane (Core-UP) dan SCTP/IP tunnel ke Core's Control Plane (Core-CP). Kedua, setiap UE memiliki kartu SIM yang disediakan oleh operator, yang secara unik mengidentifikasi pelanggan (yaitu, nomor telepon) dan menetapkan parameter radio (misalnya, pita frekuensi) yang diperlukan untuk berkomunikasi dengan Base Station operator tersebut. Kartu SIM juga menyertakan kunci rahasia yang digunakan UE untuk mengautentikasi dirinya sendiri.
+Kita mulai dengan arsitektur keamanan, yang didasarkan pada dua asumsi kepercayaan. Pertama, setiap Base Station percaya bahwa ia terhubung ke Mobile Core oleh private network yang aman, di mana ia membangun tunnel yang diperkenalkan pada Gambar 11: tunnel GTP/UDP/IP ke Core User Plane (Core-UP) dan tunnel SCTP/IP ke Core Control Plane (Core-CP). Kedua, setiap UE memiliki kartu SIM yang disediakan oleh operator, yang secara unik mengidentifikasi pelanggan (yaitu, nomor telepon) dan menetapkan parameter radio (misalnya, pita frekuensi) yang diperlukan untuk berkomunikasi dengan Base Station operator tersebut. Kartu SIM juga menyertakan kunci rahasia yang digunakan UE untuk mengautentikasi dirinya sendiri.
 [[File:Slide34.png|center|200px|thumb|Gambar 16. Sequence of steps to establish secure Control and User Plane channels]]
-With this starting point, Figure 16 shows the per-UE connection sequence. When a UE first becomes active, it communicates with a nearby Base Station over a temporary (unauthenticated) radio link (Step 1). The Base Station forwards the request to the Core-CP over the existing tunnel, and the Core-CP (specifically, the MME in 4G and the AMF in 5G) initiates an authentication protocol with the UE (Step 2). 3GPP identifies a set of options for authentication and encryption, where the actual protocols used are an implementation choice. For example, Advanced Encryption Standard (AES) is one of the options for encryption. Note that this authentication exchange is initially in the clear since the Base Station to UE link is not yet secure.
+Pada Gambar 16 menunjukkan urutan koneksi per-UE. Ketika UE pertama kali menjadi aktif, UE berkomunikasi dengan Base Station terdekat melalui radio link sementara (tidak diautentikasi) (Langkah 1). Base Station meneruskan permintaan ke Core-CP melalui tunnel yang ada, dan Core-CP (khususnya, MME di 4G dan AMF di 5G) memulai protokol otentikasi dengan UE (Langkah 2). 3GPP mengidentifikasi serangkaian opsi untuk otentikasi dan enkripsi, di mana protokol aktual yang digunakan adalah pilihan implementasi. Misalnya, Advanced Encryption Standard (AES) adalah salah satu opsi untuk enkripsi. Perhatikan bahwa pertukaran autentikasi ini pada awalnya sudah jelas karena sambungan Base Station ke UE masih belum aman.
-Dengan titik awal ini, Gambar 16 menunjukkan urutan koneksi per-UE. Ketika UE pertama kali menjadi aktif, UE berkomunikasi dengan Base Station terdekat melalui radio link sementara (tidak diautentikasi) (Langkah 1). Base Station meneruskan permintaan ke Core-CP melalui tunnel yang ada, dan Core-CP (khususnya, MME di 4G dan AMF di 5G) memulai protokol otentikasi dengan UE (Langkah 2). 3GPP mengidentifikasi serangkaian opsi untuk otentikasi dan enkripsi, di mana protokol aktual yang digunakan adalah pilihan implementasi. Misalnya, Advanced Encryption Standard (AES) adalah salah satu opsi untuk enkripsi. Perhatikan bahwa pertukaran autentikasi ini pada awalnya sudah jelas karena tautan Stasiun Pangkalan ke UE belum aman.
+Setelah UE dan Core-CP puas dengan identitas masing-masing, Core-CP menginformasikan komponen lain tentang parameter yang mereka perlukan untuk melayani UE (Langkah 3). Ini termasuk:
+* (a) menginstruksikan Core-UP untuk menginisialisasi bidang pengguna (misalnya, menetapkan alamat IP ke UE dan mengatur parameter QCI yang sesuai);
+* (b) menginstruksikan Base Station untuk membuat saluran terenkripsi ke UE; dan
+* (c) memberikan UE kunci simetris yang diperlukan untuk menggunakan saluran terenkripsi dengan Base Station. Kunci simetris dienkripsi menggunakan kunci publik UE (jadi hanya UE yang dapat mendekripsinya, menggunakan kunci private-nya). Setelah selesai, UE dapat menggunakan end-to-end user plane channel melalui Core-UP (Langkah 4).

@@ Line 1: / Line 1: @@
-We now take a closer look at two unique features of the cellular network—its support for security and mobility—both of which differentiate it from WiFi. The following also serves to fill in some details about how each individual UE connects to the network.
+Sekarang kita melihat lebih dekat dua fitur unik dari jaringan seluler—dukungannya untuk keamanan dan mobilitas—keduanya membedakannya dari WiFi. Berikut ini juga berfungsi untuk mengisi beberapa detail tentang bagaimana masing-masing UE terhubung ke jaringan.
-We start with the security architecture, which is grounded in two trust assumptions. First, each Base Station trusts that it is connected to the Mobile Core by a secure private network, over which it establishes the tunnels introduced in Figure 11: a GTP/UDP/IP tunnel to the Core’s User Plane (Core-UP) and a SCTP/IP tunnel to the Core’s Control Plane (Core-CP). Second, each UE has an operator-provided SIM card, which uniquely identifies the subscriber (i.e., phone number) and establishes the radio parameters (e.g., frequency band) needed to communicate with that operator’s Base Stations. The SIM card also includes a secret key that the UE uses to authenticate itself.
+Kita mulai dengan arsitektur keamanan, yang didasarkan pada dua asumsi kepercayaan. Pertama, setiap Base Station percaya bahwa ia terhubung ke Mobile Core oleh private network yang aman, di mana ia membangun tunnel yang diperkenalkan pada Gambar 11: terowongan GTP/UDP/IP ke Core's User Plane (Core-UP) dan SCTP/IP tunnel ke Core's Control Plane (Core-CP). Kedua, setiap UE memiliki kartu SIM yang disediakan oleh operator, yang secara unik mengidentifikasi pelanggan (yaitu, nomor telepon) dan menetapkan parameter radio (misalnya, pita frekuensi) yang diperlukan untuk berkomunikasi dengan Base Station operator tersebut. Kartu SIM juga menyertakan kunci rahasia yang digunakan UE untuk mengautentikasi dirinya sendiri.
-_images/Slide34.png
+[[File:Slide34.png|center|200px|thumb|Gambar 16. Sequence of steps to establish secure Control and User Plane channels]]
 With this starting point, Figure 16 shows the per-UE connection sequence. When a UE first becomes active, it communicates with a nearby Base Station over a temporary (unauthenticated) radio link (Step 1). The Base Station forwards the request to the Core-CP over the existing tunnel, and the Core-CP (specifically, the MME in 4G and the AMF in 5G) initiates an authentication protocol with the UE (Step 2). 3GPP identifies a set of options for authentication and encryption, where the actual protocols used are an implementation choice. For example, Advanced Encryption Standard (AES) is one of the options for encryption. Note that this authentication exchange is initially in the clear since the Base Station to UE link is not yet secure.
 Once the UE and Core-CP are satisfied with each other’s identity, the Core-CP informs the other components of the parameters they will need to service the UE (Step 3). This includes: (a) instructing the Core-UP to initialize the user plane (e.g., assign an IP address to the UE and set the appropriate QCI parameter); (b) instructing the Base Station to establish an encrypted channel to the UE; and (c) giving the UE the symmetric key it will need to use the encrypted channel with the Base Station. The symmetric key is encrypted using the public key of the UE (so only the UE can decrypt it, using its secret key). Once complete, the UE can use the end-to-end user plane channel through the Core-UP (Step 4).
@@ Line 14: / Line 17: @@
 Second, the user plane channel established during Step 4 is referred to as the Default Bearer Service, but additional channels can be established between the UE and Core-UP, each with a potentially different QCI value. This might be done on an application-by-application basis, for example, under the control of the Mobile Core doing Deep Packet Inspection (DPI) on the traffic, looking for flows that require special treatment.
-_images/Slide35.png
-Figure 17. Sequence of per-hop tunnels involved in an end-to-end User Plane channel.
+[[File:Slide35.png|center|300px|thumb|Gambar 17. Sequence of per-hop tunnels involved in an end-to-end User Plane channel]]
 Third, while the resulting user plane channels are logically end-to-end, each is actually implemented as a sequence of per-hop tunnels, as illustrated in Figure 17. (The figure shows the SGW and PGW from the 4G Mobile Core to make the example more concrete.) This means each component on the end-to-end path terminates a downstream tunnel using one local identifier for a given UE, and initiates an upstream tunnel using a second local identifier for that UE. In practice, these per-flow tunnels are often bundled into an single inter-component tunnel, which makes it impossible to differentiate the level of service given to any particular end-to-end UE channel. This is a limitation of 4G that 5G has ambitions to correct.