4 3G Security Principles

33.1203GPPSecurity Objectives and PrinciplesTS

There are three key principles behind 3G security:

1) 3G security will build on the security of second generation systems. Security elements within GSM and other second generation systems that have proved to be needed and robust shall be adopted for 3G security. These elements are listed in subclause 4.1.

2) 3G security will improve on the security of second generation systems – 3G security will address and correct real and perceived weaknesses in second generation systems. The most important of these are given in subclause 4.2.

3) 3G security will offer new security features and will secure new services offered by 3G.

4.1 Second Generation Security Elements to be retained

3G security shall retain (and in some cases develop) the following security elements of second generation systems:

a) authentication of subscribers for service access.

Problems with inadequate algorithms will be addressed. Conditions regarding the optionality of authentication and its relationship to encryption shall be clarified and tightened;

b) radio interface encryption.

The strength of the encryption will be greater than that used in second generation systems (the strength is a combination of key length and algorithm design). This is to meet the threat posed by the increased computing power available to those attempting cryptanalysis of the radio interface encryption. Problems caused by multiple algorithms will be dealt with (note);

NOTE: The method of negotiating which algorithm to be used is open to attack.

c) subscriber identity confidentiality on the radio interface.

However, a more secure mechanism will be provided;

d) the SIM as:

a removable, hardware security module that is:

– manageable by network operators;

– independent of the terminal as regards its security functionality.

e) SIM application toolkit security features providing a secure application layer channel between the SIM and a home network server.

Other application layer channels may also be provided;

f) the operation of security features is independent of the user, i.e. the user does not have to do anything for the security features to be in operation.

However, greater user visibility of the operation of security features will be provided to the user;

g) HE trust in the SN for security functionality is minimised.

4.2 Weaknesses in Second Generation security

The following weaknesses in the security of GSM (and other second generation systems) will be corrected in 3G security:

1) active attacks using a “false BTS” are possible;

2) cipher keys and authentication data are transmitted in clear between and within networks;

3) encryption does not extend far enough towards the core network resulting in the cleartext transmission of user and signalling data across microwave links (in GSM, from the BTS to the BSC);

4) user authentication using a previously generated cipher key (where user authentication using RAND, SRES and A3/8 is not provided) and the provision of protection against channel hijack rely on the use of encryption, which provides implicit user authentication. However, encryption is not used in some networks, leaving opportunities for fraud;

5) data integrity is not provided. Data integrity defeats certain false BTS attacks and, in the absence of encryption, provides protection against channel hijack;

6) the IMEI is an unsecured identity and should be treated as such;

7) fraud and LI were not considered in the design phase of second generation systems but as afterthoughts to the main design work;

8) there is no HE knowledge or control of how an SN uses authentication parameters for HE subscribers roaming in that SN;

9) second generation systems do not have the flexibility to upgrade and improve security functionality over time.

4.3 New Security Features and the Security of New Service Features

The new service features that will be secured cannot be listed at the time of writing. However, the environment in which these features are likely to be developed can be described. 3G security will secure this environment.

The environment in which new services will be developed can be characterised by (but is not limited to) the following aspects:

– there will be new and different providers of services. For example: content providers, data service providers, HLR only service providers;

– 3G mobile systems will be positioned as the preferred means of communications for users. They will be preferable to fixed line systems;

– there will be a variety of prepaid and pay-as-you-go services which may be the rule rather than the exception. A long-term subscription between the user and a network operator may not be the paradigm. (3G security will provide satisfactory security for such systems and will not be content with insecure systems such as GSM Advice of Charge);

– there will be increased control for the user over their service profile (which they might manage over the Internet) and over the capabilities of their terminal (it will be possible to download new services and functions using systems such as MExE and SAT);

– there will be active attacks on users. (In active attacks, equipment is used to impersonate parts of the network to actively cause lapses in security. In passive attacks, the attacker is outside the system and listens in, hoping security lapses will occur);

– non-voice services will be as important as, or more important than, voice services;

– the terminal will be used as a platform for e-commerce and other applications. Multi-application smartcards where the USIM is one application among many can be used with the terminal. The smartcard and terminal will support environments such as Java to allow this. The terminal may support personal authentication of the user using biometric methods.