UMTS security
Encyclopedia
The Universal Mobile Telecommunications System (UMTS) is one of the new ‘third generation’ 3G
mobile cellular communication systems. UMTS builds on the success of the ‘second generation’ GSM system. One of the factors in the success of GSM has been its security features. New services introduced in UMTS require new security features to protect them. In addition, certain real and perceived shortcomings of GSM security need to be addressed in UMTS.
between the UMTS subscriber, represented by a smart card application known as the USIM (Universal Subscriber Identity Module), and the network in the following sense 'Subscriber authentication': the serving network corroborates the identity of the subscriber and 'Network authentication': the subscriber corroborates that he is connected to a serving network that is authorised, by the subscribers home network, to provide him with services.
original message, is included in the new MAP message. To be able to use encryption and message authentication codes, keys are needed. MAPSEC has borrowed the notion of a security association (SA) from IPsec
.
multimedia subsystem (IMS) is a core network subsystem within UMTS. It is based on the use of the Session Initiation Protocol
(SIP)26 to initiate, terminate and modify multimedia sessions such as voice calls, video conferences, streaming and chat. SIP is specified by the Internet Engineering Task Force (IETF)27. IMS also uses the IETF Session Description Protocol (SDP)28 to specify the session parameters and to negotiate the codecs to be used. SIP runs on top of different IP transport protocols such as the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP).
A 3G IMS subscriber has one IP multimedia private identity (IMPI) and at least one IP multimedia public identity (IMPU). To participate in multimedia sessions, an IMS subscriber must register at least one IMPU with the IMS. The private identity is used only for authentication purposes.
3G
3G or 3rd generation mobile telecommunications is a generation of standards for mobile phones and mobile telecommunication services fulfilling the International Mobile Telecommunications-2000 specifications by the International Telecommunication Union...
mobile cellular communication systems. UMTS builds on the success of the ‘second generation’ GSM system. One of the factors in the success of GSM has been its security features. New services introduced in UMTS require new security features to protect them. In addition, certain real and perceived shortcomings of GSM security need to be addressed in UMTS.
Entity authentication
UMTS provides mutual authenticationAuthentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
between the UMTS subscriber, represented by a smart card application known as the USIM (Universal Subscriber Identity Module), and the network in the following sense 'Subscriber authentication': the serving network corroborates the identity of the subscriber and 'Network authentication': the subscriber corroborates that he is connected to a serving network that is authorised, by the subscribers home network, to provide him with services.
Signalling data integrity and origin authentication
- Integrity algorithm agreement: the mobile station and the serving network can securely negotiate the integrity algorithm that they use.
- Integrity key agreement: the mobile and the network agree on an integrity key that they may use subsequently; this provides entity authentication.
User traffic confidentiality
- Ciphering algorithm agreement: the mobile and the station can securely negotiate ciphering algorithm that they use.
- Cipher key agreement: the mobile and the station agree on a cipher key that they may use.
- Confidentiality of user and signalling data: neither user data nor sensitive signalling data can be overheard on the radio access interface.
Network domain security
The term ‘network domain security’ in the 3G covers security of the communication between network elements. In particular, the mobile station is not affected by network domain security. The two communicating network elements may both be in the same network administrated by a mobile operator or they may belong to two different networks.MAPSEC
The basic idea of MAPSEC can be described as follows. The plaintext MAP message is encrypted and the result is put into a ‘container’ in another MAP message. At the same time a cryptographic checksum, i.e. a message authentication code covering theoriginal message, is included in the new MAP message. To be able to use encryption and message authentication codes, keys are needed. MAPSEC has borrowed the notion of a security association (SA) from IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
.
IP multimedia system security
The IPInternet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
multimedia subsystem (IMS) is a core network subsystem within UMTS. It is based on the use of the Session Initiation Protocol
Session Initiation Protocol
The Session Initiation Protocol is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol . The protocol can be used for creating, modifying and terminating two-party or multiparty sessions...
(SIP)26 to initiate, terminate and modify multimedia sessions such as voice calls, video conferences, streaming and chat. SIP is specified by the Internet Engineering Task Force (IETF)27. IMS also uses the IETF Session Description Protocol (SDP)28 to specify the session parameters and to negotiate the codecs to be used. SIP runs on top of different IP transport protocols such as the User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP).
A 3G IMS subscriber has one IP multimedia private identity (IMPI) and at least one IP multimedia public identity (IMPU). To participate in multimedia sessions, an IMS subscriber must register at least one IMPU with the IMS. The private identity is used only for authentication purposes.