1 Scope

21.1333G security3GPPSecurity threats and requirementsTS

This specification takes notice of the Security Principles and Objectives as set out in [1]. It contains an evaluation of perceived threats to 3GPP and produces subsequently a list of security requirements to address these threats.

As teleservices and applications will not, in general, be standardised, it is difficult to predict their exact nature. Therefore, this specification considers all security threats and aims at listing generic security requirements that shall be applicable irrespective of the actual services offered. The list of threats and requirements may however need to be updated as the 3GPP system evolves.

The threat analysis performed relies to a large extent on previous experiences with 2G systems, in particular GSM, and takes into account known problems from that area.

The security requirements listed in this specification shall be used as input for the choice of security features and the design of the 3GPP security architecture as specified in [2].

The structure of this technical specification is as follows:

clause 2 lists the references used in this specification;

clause 3 lists the definitions and abbreviations used in this specification;

clause 4 contains a reference to the general objectives for 3G security;

clause 5 contains an overview of the context in which the security architecture of 3G is designed;

clause 6 contains a list of identified security threats to 3G, and gives some results from the threat analyses that have been performed;

clause 7 contains an overview of the risk assessment resulting from the threat analyses performed

clause 8 contains the resulting list of security requirements for 3G and indicates how these requirements relate to the threats and the security objectives .

Finally, Annex A gives some more detailed information on threats and risks connected to so called false base station attacks.