Method of Security Adaptation with LTE QoS
Original Publication Date: 2012-Feb-21
Included in the Prior Art Database: 2012-Feb-21
Cheng, Heilung: INVENTOR [+3]
The invention provides a method of security adaption for different bearers of QCIs in LTE in which cryptographic processing is considered in order to deliver the optimal performance. This method will also provide the benefit of power saving in a LTE handset to enhance the device availability and usability.
Method of Security Adaptation with LTE QoS and IPSEC
By Heilung Cheng, Ethan Chen, Sidney Tang
The invention provides a method of security adaption for different bearers of QCIs in LTE in which cryptographic processing is considered in order to deliver the optimal performance. This method will also provide the benefit of power saving in a LTE handset to enhance the battery life.
1. State the problem(s) solved by the invention.
The 4G LTE provides both high throughput performance and strong security at each system interface. It has specific performance requirements toward bearer packets of different QCIs (QoS Class Identifiers). The end-to-end system security is achieved through IPSEC tunnel among different network interfaces, such as S1-u between eNB and S-GW, X2 between eNB and eNB, etc. 
This introduces the problem on how to adapt the security requirement with the QoS requirement in the LTE network. The current LTE specification does not differentiate the security requirement toward packets with different QCIs and manage the packet delay incurred by cryptographic processing on different QCI packets. Considering the packet delays incurred by the LTE eNB scheduling as well as core network routing are inevitable, the delay caused by cryptographic processing becomes more significant since it incurs over all interfaces between LTE network components. Reducing the IPSEC related delay becomes more imminent as well as beneficial, in which it contributes to end-to-end packet delay in 4G LTE.
Specially, IPSEC security algorithm has different cryptographic processing performance in key renewal with Diffie-Hellman. The Diffie-Hellman key exchange used in IKE is an exponentiation of very large numbers (between 768 and 1024 bytes) and can take up to seconds with multiple simultaneous calculations going on. For example, based on the studies on Diffie-Hellman performance with a 1.7GHz Intel Pentium 4 CPU, the processing latency for various DH groups is as follows:
§ DH Group 1: 768-bit group, 21 ms
§ DH Group 2: 1024-bit group, 42 ms
§ DH Group 5: 1536-bit group, 123 ms
As shown above, the cryptographic process time is increased double or even triple, which will correspond to the overall end-to-end packet delay eventually.
Moreover, cryptographic processing is relatively CPU intensive and is likely to reduce the battery lasting time of an end-user device (e.g. LTE handset).
2. Describe the invention, including its operation, purpose and environment.
We present a solution in which the security algorithm/configuration is adaptively determined based on:
• Different packet delay budget requirements of QCI flows,
• Different resource type, i.e., GBR vs. non-GBR of QCI flows.
Based on LTE 3GPP standard 23.203:
One of the most significant characteristics listed above is the “Packet Delay Budget” for each QCI category, as circled out in the table. In spite of nine different QCIs, we can group them into four tiers...