Security for the Third Generation (3G) Mobile System

[attachment=17989]
1 Introduction
When considering security in mobile systems, in common with most other systems, our main
objectives are in preventing:
· Access and use of service to avoid or reduce a legitimate charge.
· Loss of confidentiality or integrity of a user’s or operator’s data
· Denial of a specific user’s access to their service or denial of access by all users to a service
However, user expectations for instant communication and ease of use, as well as terminals which are
easily lost or stolen, present a number of unique challenges in the mobile environment.
The original first generation analogue mobile employed a simple electronic serial number to confirm
that the terminal should be allowed access to the service. It was not long before the protection afforded
to this number was broken. Eventually, devices appeared that could read these electronic serial
numbers from the air, and access an unsuspecting user’s account for a short time, before moving on to
the next, in the hope that the small charges on each bill would not be noticed. So why was this not
predicted at the time? Unfortunately, there always seems to be an assumption, with any new
development in communications technology, that complexity alone will protect such services from
abuse.



2 3G Security Principles
It was agreed that any new security architecture must be based on an evolution of GSM and must adopt
four basic principles:
· It will take into account the additional features needed for actual or predicted change in the
operating environment
· It will maintain compatibility with GSM wherever possible
· It will retain those features of GSM that have proved to be robust and useful to the user and
network operator
· It will add or enhance features to overcome actual or perceived weaknesses in 2G system

2.1 Additional features
One of the main reasons for the development of the 3G system to make higher value services available
to as many users as possible world wide, using a universal design of the handset. However, this
increases the number of relationships, as the number of Users, Service Providers, and Network
Operators in the market expands. This increased level of service interaction increases the number of
potential attackers and the opportunities open to them. This was not too much of a problem in the initial
roll out of GSM, as there were a relatively small number of operators and the risk of compromise was
low. For 3G, the networks are getting smaller and more numerous, so opportunities for hackers and
other abusers of networks will increase. Even if deliberate abuse is not considered likely, unintentional
mishaps may occur as a result of the complexity and the rate of new service introduction.
2.2 Maintaining compatibility with GSM
A major contributor to the success of GSM has been the availability of a full system specification with
standard service sets and automatic integrated roaming. An important consideration was to make as
much use of the existing infrastructure as possible, while gradually enhancing the network as required
meeting the demand for the new services. An example of this in GSM, has been the introduction of the
General Packet Radio Service (GPRS) by the overlay of an IP core network and an additional Serving
GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN) network elements. The
existing radio system is virtually unchanged retaining the Home Location Registers /Visited Location
Register (HLR/VLR) concept and operator control of security via SIM. This HLR/VLR concept
provides rapid call set up and the retention of this was considered essential for evolution of 2G to 3G.
The concept of authentication using a shared secret key was also retained.


2.3.1 SIM based Authentication
One of the most important features is that of the SIM as a removable security module which is issued
and managed by the Home Environment (HE) operator and is independent of the terminal. It was felt
that this concept had been the most significant in maintaining the security of GSM, while retaining
general user acceptance of the service. There is no need for any user action, other than perhaps entering
an optional 4 digit PIN into the terminal. User guidance on security is no more than what they are
familiar with from their bank: take care of your card, report its loss immediately and do not write the
PIN down or disclose it to anyone.