UMTS security
   HOME

TheInfoList



OR:

{{unreferenced, date=January 2010 The Universal Mobile Telecommunications System (
UMTS The Universal Mobile Telecommunications System (UMTS) is a third generation mobile cellular system for networks based on the GSM standard. Developed and maintained by the 3GPP (3rd Generation Partnership Project), UMTS is a component of the In ...
) is one of the new ‘third generation’ 3G mobile cellular communication systems. UMTS builds on the success of the ‘second generation’
GSM The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation ( 2G) digital cellular networks used by mobile devices such ...
system. One of the factors in the success of GSM has been its security features. New services introduced in UMTS require new security features to protect them. In addition, certain real and perceived shortcomings of GSM security need to be addressed in UMTS.


Entity authentication

UMTS provides mutual
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
between the UMTS subscriber, represented by a smart card application known as the USIM (
Universal Subscriber Identity Module A typical SIM card (mini-SIM with micro-SIM cutout) A GSM mobile phone file:Simkarte NFC SecureElement.jpg, T-Mobile nano-SIM card with NFC capabilities in the SIM tray of an iPhone 6s file:Tf sim both sides.png, A TracFone Wireless SIM card ha ...
), and the network in the following sense 'Subscriber authentication': the serving network corroborates the identity of the subscriber and 'Network authentication': the subscriber corroborates that he is connected to a serving network that is authorized, by the subscribers home network, to provide security


Signalling data integrity and origin authentication

* Integrity algorithm agreement: the mobile station and the serving network can securely negotiate the integrity algorithm that they use. * Integrity key agreement: the mobile and the network agree on an integrity key that they may use subsequently; this provides entity authentication.


User traffic confidentiality

* Ciphering algorithm agreement: the mobile station and the network can securely negotiate ciphering algorithm that they use. * Cipher key agreement: the mobile station and the network agree on a cipher key that they may use. * Confidentiality of user and signalling data: neither user data nor sensitive signalling data can be overheard on the radio access interface.


Network domain security

The term ‘network domain security’ in the 3G covers security of the communication between network elements. In particular, the mobile station is not affected by network domain security. The two communicating network elements may both be in the same network administrated by a mobile operator or they may belong to two different networks.


MAPSEC

The basic idea of MAPSEC can be described as follows. The plaintext MAP message is encrypted and the result is put into a ‘container’ in another MAP message. At the same time a cryptographic checksum, i.e. a message authentication code covering the original message, is included in the new MAP message. To be able to use encryption and message authentication codes, keys are needed. MAPSEC has borrowed the notion of a security association (SA) from
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
.


IP multimedia system security

The IP multimedia subsystem (IMS) is a core network subsystem within UMTS. It is based on the use of the Session Initiation Protocol (SIP)26 to initiate, terminate and modify multimedia sessions such as voice calls, video conferences, streaming and chat. SIP is specified by the Internet Engineering Task Force (IETF)27. IMS also uses the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
Session Description Protocol (SDP)28 to specify the session parameters and to negotiate the codecs to be used. SIP runs on top of different IP transport protocols such as the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP). A 3G IMS subscriber has one IP multimedia private identity (IMPI) and at least one IP multimedia public identity (IMPU). To participate in multimedia sessions, an IMS subscriber must register at least one IMPU with the IMS. The private identity is used only for authentication purposes. UMTS Security