Browse Prior Art Database

Method of Security Adaptation with LTE QoS

IP.com Disclosure Number: IPCOM000215139D
Original Publication Date: 2012-Feb-21
Included in the Prior Art Database: 2012-Feb-21
Document File: 3 page(s) / 127K

Publishing Venue

Motorola

Related People

Cheng, Heilung: INVENTOR [+3]

Abstract

The invention provides a method of security adaption for different bearers of QCIs in LTE in which cryptographic processing is considered in order to deliver the optimal performance. This method will also provide the benefit of power saving in a LTE handset to enhance the device availability and usability.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 47% of the total text.

Method of Security Adaptation with LTE QoS and IPSEC

 By Heilung Cheng, Ethan Chen, Sidney Tang

Motorola Solutions

 


Abstract

The invention provides a method of security adaption for different bearers of QCIs in LTE in which cryptographic processing is considered in order to deliver the optimal performance. This method will also provide the benefit of power saving in a LTE handset to enhance the battery life.

1.      State the problem(s) solved by the invention.

The 4G LTE provides both high throughput performance and strong security at each system interface. It has specific performance requirements toward bearer packets of different QCIs (QoS Class Identifiers). The end-to-end system security is achieved through IPSEC tunnel among different network interfaces, such as S1-u between eNB and S-GW, X2 between eNB and eNB, etc. [2]

This introduces the problem on how to adapt the security requirement with the QoS requirement in the LTE network. The current LTE specification does not differentiate the security requirement toward packets with different QCIs and manage the packet delay incurred by cryptographic processing on different QCI packets. Considering the packet delays incurred by the LTE eNB scheduling as well as core network routing are inevitable, the delay caused by cryptographic processing becomes more significant since it incurs over all interfaces between LTE network components. Reducing the IPSEC related delay becomes more imminent as well as beneficial, in which it contributes to end-to-end packet delay in 4G LTE.

Specially, IPSEC security algorithm has different cryptographic processing performance in key renewal with Diffie-Hellman. The Diffie-Hellman key exchange used in IKE is an exponentiation of very large numbers (between 768 and 1024 bytes) and can take up to seconds with multiple simultaneous calculations going on.[3]  For example, based on the studies on Diffie-Hellman performance with a 1.7GHz Intel Pentium 4 CPU, the processing latency for various DH groups is as follows:

§  DH Group 1: 768-bit group, 21 ms

§  DH Group 2: 1024-bit group, 42 ms

§  DH Group 5: 1536-bit group, 123 ms

As shown above, the cryptographic process time is increased double or even triple, which will correspond to the overall end-to-end packet delay eventually.

Moreover, cryptographic processing is relatively CPU intensive and is likely to reduce the battery lasting time of an end-user device (e.g. LTE handset).

2.      Describe the invention, including its operation, purpose and environment.

We present a solution in which the security algorithm/configuration is adaptively determined based on:

•      Different packet delay budget requirements of QCI flows,

•      Different resource type, i.e., GBR vs. non-GBR of QCI flows.

Based on LTE 3GPP standard 23.203[1]:

One of the most significant characteristics listed above is the “Packet Delay Budget” for each QCI category, as circled out in the table. In spite of nine different QCIs, we can group them into four tiers...