An introduction to access security in UMTS
Geir Køien2004, IEEE Wireless Communications
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The first generation of cellular mobile communications systems contained few if any security measures to protect the system operator and users. The second generation generally did a lot better, and contained entity authentication and confidentiality protection. Although this was a major improvement, security protection in the second generation left a lot to be desired. With the advent of 3G mobile systems a serious effort has been made to create a consistent security architecture based on the threats and risks a 3G system faces.
Related papers
Security Architecture Standardization and Services in UMTS
2002
Security is a primary concern in mobile communication systems. Wireless access is inherently less secure, and mobility implies higher security risks than static operation. The security framework for 3G mobile systems is considered, and its principles and security requirements are discussed. Furthermore, the security features that are currently being standardized in 3GPP, as well as the emerging 3G-security architecture are elaborated. The focus is on the various mechanisms and protocols, which are employed to provide security at different levels, and on their effect on network operation.
Access security in CDMA2000, including a comparison with UMTS access security
IEEE Wireless Communications, 2004
One of the principal 3G systems developed is the CDMA2000 cellular mobile communications system. Like its UMTS 3G cousin, CDMA2000 is also based on an existing system core. This article gives a description of the access security mechanisms found in CDMA2000. Access security in 3G systems face many of the same design challenges and constraints. It is therefore no surprise that many aspects and features are shared between CDMA2000 and UMTS. The article will therefore also compare and contrast the approaches to access security taken in the CDMA2000 and UMTS systems.
Survey of Network Access Security in UMTS/LTE Networks
Mobile communications have known an impressive development in recent years, and are characterized by a trend towards broadband communications and extremely diverse applications. For some of these applications, such as financial transactions, shopping or online social networks, security is of extreme importance. This paper presents a survey of the most important and most vulnerable part of the security of wireless networks: network access. The study includes the protocols used by UMTS and LTE standards as well as some of the latest protocols proposed in the literature.
Security architecture in the UMTS network - A comparison with the FPLMTS network
Proceedings of 2nd IEEE International Conference on Universal Personal Communications, 2000
Second generation mobile networks, as the Global System for Mobile Communications (GSM) and the Digital European Cordless Telecommunications (DECT) have been studied in the environment of the European mobile communications. These networks will be used for the nineties. However, third generation for mobile communications are being developed in order to join these networks and to provide a single access. This paper claims to give a description of the Universal Mobile Telecommunication System (UMTS) and the Future Public Land Mobile Telecommunications Systems (FPLMTS) and to make a comparison between them with regards to security. For this purpose, several aspects of security mainly related to functional entities, security architecture, call handling and location management are specially studied for both systems. The UMTS network is being developed within the European Commission's Research on Advanced Communications in Europe (RACE) in order to give telephonic mobile support in Europe and the rest of the world in the 2000s. In the UMTS network planning, an interface with other networks like the Universal Personal Telecommunications (UPT) has been defined and its integration with Broadband Integrated Services Digital Networks (BISDN) is being studied. Likewise it would be advisable to establish the compatibility between UMTS and FPLMTS. *
Security in third Generation Mobile Networks
Computer Communications, 2004
In the last few years, we have witnessed an explosion in demand for security measures motivated by the proliferation of mobile/wireless networks, the fixed-mobile network convergence, and the emergence of new services, such as e-commerce. 3G-systems play a key role in this network evolution, and, thus, all stakeholders are interested in the security level supported in the new emerging mobile environment. This paper elaborates on the security framework in 3G mobile networks. The security requirements imposed by the different types of traffic, and by the different players involved (mobile users, serving network and service providers) are investigated. The security architecture, which comprises all the security mechanisms that are projected for the Universal Mobile Telecommunication System (UMTS) network, is analyzed. The employment of traditional security technologies, originally designed for fixed networking, such as firewalls, and static Virtual Private Network (VPN), in order to safeguard the UMTS core network from external attacks, as well as to protect user data when conveyed over the network are examined. Critical points in the 3G-security architecture that may cause network and service vulnerability are identified and discussed. Furthermore, proposals for the enhancement of the 3G-security architecture, and the provision of advanced security services to end-user data traffic within and outside the UMTS core network are discussed. The proposed enhancements can be easily integrated in the existing network infrastructure, and operate transparently to the UMTS network functionality. q IPsec IP security KAC key administration center MAC message authentication code MAP mobile application part MAPsec MAP security MS mobile station MT mobile terminal MSC mobile switching centre NE network entities NDS network domain security PS packet switched Rel-4 release 4 Rel-5 release 5 R99 release '99 RAND random challenge RES user response to challenge RNC radio network controller
Security architecture in the third generation networks
Proceedings of IEEE Singapore International Conference on Networks/International Conference on Information Engineering '93, 2000
Second generation mobile networks, as the Global System for Mobile Communications (GSM) and the Digital European Cordless Telecommunications (DECT) have been studied in the environment of the European mobile communications. These networks will be used for the nineties. However, third generation for mobile communications are being developed in order to join these networks and to provide a singlc access. This paper claims to givc a description of thc Universal Mobile Telecommunication System (UMTS) and the Future Public Land Mobile Telecommunications Systems (EPLMTS) and to make a comparison between them with regards to security. For this purpose, several aspects of security mainly related to security services and security architecture are specially studied for both systems. The UMTS network is being developed within the European Commission's Research on Advanced Communications in Europe (RACE) in order to give telephonic mobile support in Europe and the rest of the world in the 2000s. * The purpose of this article is to explain the security architecture of the third generation mobile networks, basically, UMTS network in relation to the FPLMTS network. It is a requirement of both the UMTS and FPLMTS networks the compatibility between them. In the last years, at least four groups have been developing network architectures in the third generation of mobile networks: Task Group 8/1 of the International Consultative Committee on Radio (CCIR) (with the FPLMTS network),
ES-AKA: An Efficient and Secure Authentication and Key Agreement Protocol for UMTS Networks
The authentication and key agreement (AKA) protocol of the Universal Mobile Telecommunication System (UMTS) was proposed to solve the vulnerabilities found in the Global System for Mobile Communications (GSM) systems. The UMTS-AKA provides mutual authentication, but is still vulnerable to redirection attack, denial of service attack, and man-in-the-middle attack. Apart from various attacks possibilities, the UMTS-AKA has a problem of counter synchronization, generates huge overhead, and utilizes more bandwidth and message exchanges during the authentication. An intruder may apply these attacks to impersonate the network or mischarge the mobile users. In this paper, we propose an efficient and secure AKA protocol namely ES-AKA to prevent the UMTS network against these problems and attacks. This protocol also solves the synchronization problem occurred between a mobile station MS and its home network HLR. The ES-AKA protocol generates lesser communication overhead as compared to UMTS-AKA, EXTAKA, COCKTAIL-AKA, SKA-AKA, AP-AKA, X-AKA, EURASIP-AKA, Full-AKA, and U-AKA protocols. In addition, it also generates less computation overhead than the UMTS-AKA, EXT-AKA, COCKTAIL-AKA, S-AKA, Full-AKA, and U-AKA protocols. On an average, the ES-AKA protocol reduces 62 % of the bandwidth, which is the maximum reduction of the bandwidth by any AKA protocol referred in the paper. This protocol is also able to reduce 6 % of the messages exchanged (in terms of computations) during the authentication in comparison to UMTS-AKA.
Security Architecture for Mobile Communication Systems
This paper presents a proposal of an architecture able to guarantee authentication, confidentiality, integrity and non-repudiation services in cellular mobile telephony communi-cation systems. This architecture has been defined independently from the cellular telephonic network and is built through the analysis of some actually implemented security systems' charac-teristics and deficiencies. Appropriated Cryptographic protocols for the available, computing and technological, resources are shown.
A Review on Security in Mobile Communication Technology
2016
This papers aims to provide an overview of security and its needs in mobile communication technology The objective of mobile communications is to provide truly Anytime, Anywhere communication. The GSM subscriber is provided with a SIM which is used to identify and authenticate the subscriber over the networks. The ME has a unique number coded into it when it is manufactured. This can be checked against a database every time the mobile makes a call to validate the actual equipment. The subscriber is authenticated by use of a smart card known as a Subscriber Identity Module (SIM), again this allows the network to check a MS subscriber against a database for authentication.
Implications of Unlicensed Mobile Access (UMA) for GSM security
2005
Despite its imperfections, GSM security has stood well the test of time. In part, this security success has relied on closed platforms that prevent the end-user from tampering with the GSM protocol stacks. While it is possible to build phones that do not have such restrictions, this is difficult due to, e.g., legislation and technical complexity. Unlicensed Mobile Access (UMA) is a new technology that provides access to GSM services over Wireless LAN or Bluetooth. It also challenges the assumption of closed platforms, since it is relatively easy to implement a UMA phone purely in software running on standard PC hardware and operating systems. This paper examines the security implications of UMA for GSM security, focusing especially on the impact of open terminal platforms. We identify several areas where open platforms may increase risks to both honest users and network operators, and propose countermeasures for mitigating these risks. * Also with Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory Broadband Access UMA Network Controller (UNC) Base Station Controller (BSC) IP access network AP BTS GSM coverage SGSN / MSC GSM core network WLAN/BT coverage Cellular access network
Related topics
Related papers
Evaluation of Security Attacks on UMTS Authentication Mechanism
International Journal of Network Security & Its Applications, 2012
In this study security of internet access over the Third Generation (3G) telecommunication systems is considered and Universal Mobile Telecommunications System (UMTS) is selected as the most popular system among 3G systems. The study then focuses on network access security mechanism of UMTS, called Authentication and Key Agreement (AKA). In addition, twenty types of important attacks and threats in UMTS system are presented and classified based on three major security factors; authentication, confidentiality, and data integrity. The evaluations finally show that the authentication factor is more interesting than other factors for hackers. Then, we describe four attacks named; man-inthe-middle, denial of service, identity catching, and redirection as the most significant attacks against authentication mechanism. Furthermore, we provide some solutions and methods to improve AKA mechanism and prevent these attacks in UMTS system.
Evaluation of UMTS security architecture and services
2006 IEEE International Conference on Industrial Informatics, 2006
This paper presents an in-depth analysis and evaluation of the security of UMTS. Four classes of attacks and threats are discussed in detail. Thereafter, the available security mechanism and services of UMTS are reviewed and evaluated. It is found that most of the potential attacks and threats can be thwarted by the available security services and mechanisms of UMTS.
Privacy enhanced cellular access security
Proceedings of the 4th ACM workshop on Wireless security - WiSe '05, 2005
The 3G cellular access security architectures do not provide satisfactorily user privacy and fail to fully include all three principal entities involved in the security context. In this paper we propose a beyond-3G Privacy Enhanced 3-Way Authentication and Key Agreement (PE3WAKA) protocol that provides substantially improved user privacy and a 3-way security context. By integrating selected Mobility Management procedures and the PE3WAKA protocol this is achieved with fewer round-trips than the 3G equivalent.
Towards securing 3G mobile phones
Proceedings. Ninth IEEE International Conference on Networks, ICON 2001., 2001
Third-generation (3G) mobile phones are capable of high data rate Internet connection and promise seamless connectivity for a free roaming user. They can provide an "always on" Internet, and make a range of services, traditionally available on desktop computers, accessible to mobile users, irrespective of their location. Providing adequate security for these phones and the services that they offer is a central concern for their acceptability and uptake. We briefly review the security of second generation mobile phones and then discuss security architecture proposed for 3G phones. The new security issues that are of importance because of the combination of their advanced capabilities and limitations are discussed.
Security architectures for B3G mobile networks
Telecommunication Systems, 2007
This paper analyses the security architectures employed in the interworking model that integrates third-generation (3G) mobile networks and Wireless Local Area Networks (WLANs), materializing Beyond 3G (B3G) networks. Currently, B3G networks are deployed using two different access scenarios (i.e., WLAN Direct Access and WLAN 3GPP IP Access), each of which incorporates a specific security architecture that aims at protecting the involved parties and the data exchanged among them. These architectures consist of various security protocols that provide mutual authentication (i.e., user and network authentication), as well as confidentiality and integrity services to the data sent over the air interface of the deployed WLANs and specific parts of the core network. The strengths and weaknesses of the applied security measures are elaborated on the basis of the security services that they provide. In addition, some operational and performance issues that derives from the application of these measures in B3G networks are outlined. Finally, based on the analysis of the two access scenarios and the security architecture that each one employs, this paper presents a comparison of them, which aims at highlighting the deployment advantages of each scenario and classifying them in terms of: a) security, b) mobility, and c) reliability.
A new authentication protocol for UMTS mobile networks
EURASIP Journal on wireless …, 2006
This paper analyzes the authentication and key agreement (AKA) protocol for universal mobile telecommunications system (UMTS) mobile networks, where a new protocol is proposed. In our proposed protocol, the mobile station is responsible for generating of authentication token (AUTN) and random number (RAND). The home location register is responsible for comparison of response and expected response to take a decision. Therefore, the bottleneck at authentication center is avoided by reducing the number of messages between mobile and authentication center. The authentication time delay, call setup time, and signalling traffic are minimized in the proposed protocol. A fluid mobility model is used to investigate the performance of signalling traffic and load transaction messages between mobile database, such as home location register (HLR) and visitor location register (VLR) for both the current protocol and the proposed protocol. The simulation results show that the authentication delay and current load transaction messages between entities and bandwidth are minimized as compared to current protocol. Therefore, the performance and the authentication delay time have been improved significantly.
Authentication Vector Management for UMTS
IEEE Transactions on Wireless Communications, 2007
In Universal Mobile Telecommunication System (UMTS), the security function provides mutual authenticity and key agreement between the core network and the Mobile Station (MS). Specifically, the Serving GPRS Support Node (SGSN) in the core network obtains an array of Authentication Vectors (AVs) from the Home Subscriber Server/Authentication Center (HSS/AuC), and consumes one AV for each mutual authentication. After the departure of the MS, the SGSN may keep the unused AVs for a time interval called the Reservation Timeout (RT) period. If the MS returns within the RT period, the SGSN uses the stored AVs for mutual authentication instead of obtaining new AVs from the HSS/AuC. Note that a long RT period results in fewer accesses to the HSS/AuC at the cost of extra AV storage in the SGSN. In this paper, we propose an analytic model to investigate the impact of the RT period on the system performance. Our study provides the guidelines for the mobile operators to select an appropriate RT period.
SPUR: A secured protocol for UMTS registration
e-Business and Telecommunication Networks
This paper presents a new scheme for mobile identification and registration in UMTS networks. Our approach attempts to alleviate different limitations observed with the current solutions (such as the 3GPP). It guarantees the protection of the data transmitted on the SIP messages during the registration procedure. Our method provides the authentication of the main entities involved in the registration procedure. It develops a mechanism for the management of relating security associations.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.