View Full Version : UMTS Security: A Primer

2008-10-03, 11:00 AM
By Zahid Ghadialy

Date: 11/06/2004

</tr></tbody><colgroup valign="top" width="1500">
<!-- Begin Google Code -->
<table align="left" border="0"><tbody><tr><td>
<script type="text/javascript"><!--
google_ad_client = "pub-4136234335250116";
google_ad_width = 336;
google_ad_height = 280;
google_ad_format = "336x280_as";
google_ad_type = "text_image";
google_ad_channel ="";
google_color_border = "FFFFFF";
google_color_bg = "FFFFFF";
google_color_link = "0066CC";
google_color_url = "000000";
google_color_text = "000000";
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><script> window.google_render_ad(); </script><iframe name="google_ads_frame" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-4136234335250116&amp;dt=1222991976203&amp;lmt=1158352770&amp;prev_fmts=728x90_as&amp;format=336x280_as&amp;output=html&amp;correlator=1222991976169&amp;url=http%3A%2F%2Fwww.3g4g.co.uk%2FTutorial%2FZG%2Fzg_security.html&amp;color_bg=FFFFFF&amp;color_text=000000&amp;color_link=0066CC&amp;color_url=000000&amp;color_border=FFFFFF&amp;ad_type=text_image&amp;ea=off&amp;ref=http%3A%2F%2Fwww.3g4g.co.uk%2FTutorial%2F&amp;frm=0&amp;cc=100&amp;ga_vid=323665733.1222991976&amp;ga_sid=1222991976&amp;ga_hid=924694230&amp;flash=9.0.124&amp;u_h=768&amp;u_w=1024&amp;u_ah=738&amp;u_aw=1024&amp;u_cd=32&amp;u_tz=300&amp;u_his=1&amp;u_java=true&amp;u_nplug=30&amp;u_nmime=112" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" width="336" frameborder="0" height="280"></iframe>
<!-- End Google Code -->
<i>Introduction: </i>
Security is one of the most important feature of
the Third Generation Wireless System. At the same time it is one of the
least understood topics. The aim of this primer is to provide some
information about this feature. Interested reader can refer to the
documents provided in the references for detailed understanding.
The 3G security is built on the 2G (GSM)
Security architecture. The 2G architecture has been proved to be robust
and effective. It was hence decided that the 3G security architecture
will be based on this. At the same time it was decided that the
shortcomings present in the second generation systems will have to be
removed. Also it was planned that new features will need to be added
and the voice and data services will have to be treated the same way. [4] provides a long list of shortcomings in the second generation security architecture. The main among them are:
<ul><li>active attacks using false BTS are possible
</li><li>cipher keys and authentication data are transmitted in clear between and within networks

[3] provides a list of objectives that need to be
acheived with the security architecture. It also provides with list of
Security threats, etc that makes an interesting reading for the
theoretical minded people.
Before we move onto the details, one last point
to remember is that the security in 3G systems comprises of two things.
One is the "Data Integrity" and other is "Ciphering". "Data Integrity"
is the feature that makes sure that no rogue Network will be able to
send unnecessary signalling messages with the intention or causing any
undesired effect in an ongoing call. "Ciphering" is the feature that
makes sure that all Signalling and Data messages are ciphered over the
air interface so that no one can eavesdrop on them. In case of UMTS
Integrity Protection is mandatory while Ciphering is optional.
Integrity protection is done only on Signalling Radio Bearers whereas
Ciphering is done on Signalling as well as Data Radio Bearers. They
will be detailed in later sections.
<i>Overview of Security Architecture:</i>
There are five security feature groups that are
defined. Each of these feature groups meets certain threats and
accomplishes certain security objectives:
<ul><li><i>Network access security</i>: The set of security features that
provide users with secure access to 3G services, and which in
particular protect against attacks on the (radio) access link </li><li><i>Network domain security</i>: The set of security features
that enable nodes in the provider domain to securely exchange
signalling data, and protect against attacks on the wireline network
</li><li><i>User domain security</i>: The set of security features that secure access to mobile stations
</li><li><i>Application domain security</i>: The set of security features that enable applications in the user and in the provider domain to securely exchange messages
</li><li>Visibility and configurability of security: The set of
features that enables the user to inform himself whether a security
feature is in operation or not and whether the use and provision of
services should depend on the security feature

In this primer we will discuss only about Network Access Security. Readers interested in other features can refer [5].
<img src="http://www.3g4g.co.uk/Tutorial/ZG/Security/image001.gif"><br>
Figure 1: Overview of the ME registration and connection principles within UMTS for the separate CS and PS CN. (Taken from [7])</font>
Figure 1 gives an overview of the ME registration
and connection principles within UMTS with a CS service domain and a PS
service domain. As in GSM/GPRS, user (temporary) identification,
authentication and key agreement will take place independently in each
service domain. User plane traffic will be ciphered using the cipher
key agreed for the corresponding service domain while control plane
data will be ciphered and integrity protected using the cipher and
integrity keys from either one of the service domains.
<i>User Confidentiality </i>
Every user provided with a USIM is also provided
with a IMSI (International Mobile Subscriber Identity). It should be
possible that not one should be able to eavesdrop what services is
being used by which IMSI on the radio link (air interface). Along with
User identity confidentiality, it should be possible that user location
confidentiality is also maintained. Nobody should be able to trace the
movements of a particular user and also which users are arriving or
leaving a particular area. The user should also be untraceable. By this
we mean that it should not be able for anybody to find out what
services are being used by a particular user. To achieve these objectives, the following steps are taken:
<ul><li>The user is allocated a temporary identity (TMSI or P-TMSI) and is identified by that.
</li><li>After a small duration, this temporary identity is changed.
</li><li>In addition to this, the user data that might reveal the user's identity is ciphered.

The Temporary Mobile Subscriber Identity (TMSI) or
Packet TMSI (P-TMSI) has local significance only in the location area
or the routing area in which user is registered. Outside that area it
should be accompanied by appropriate LAI (Location Area Identification)
or RAI (Routing Area Identification). Whenever the TMSI/P-TMSI is
available, it is used to identify the user for Paging Requests,
Location Update Requests, Attach Requests, Service Requests, Connection
Re-Establishment and Detach Requests.
TMSI Reallocation procedure is performed to
allocate new TMSI/LAI pair to a user by which he mnay subsequently be
identified over the radio link. This procedure is performed after
ciphering has been started (discussed in later sections). The
allocation can be explained with the MSC below:
UE RNC VLR/SGSN<br>------ --------- ----------<br> | | |<br> | | Direct Transfer |<br> | |&lt;------------------------------|<br> | Downlink Direct Transfer | (TMUI Allocation Command, |<br> |&lt;---------------------------------| TMUIn, LAIn ) |<br> | (TMUI Allocation Command) | |<br> | | |<br> | Uplink Direct Transfer | |<br> |---------------------------------&gt;| |<br> | (TMUI Allocation Complete) | Direct Transfer |<br> | |------------------------------&gt;|<br> | | (TMUI Allocation Complete) |<br> | | |<br></pre>

Before VLR initiates this procedure, it generates
new TMSI and stores the association between IMSI and TMSI in the
database. It then sends the new TMSI using the <i>Temporary Mobile User Identification</i>
(TMUI) Allocation Command. Once the mobile receives this message, it
deletes the old TMSI and sends a response back to the VLR. Upon
reception of TMUI Allocation Complete, VLR removes the associatino
between the IMSI and the old TMSI