The Universal Mobile Telecommunications System (UMTS) is currently being specified by 3GPP. To achieve the 2002 work plan specified for initial commercial deployment, the Phase-1 UMTS specifications had to be finalised by 1999. This was an ambitious goal. The USECA project was specifically concerned with the security architecture of UMTS. Its aim was to support the specification process by developing a viable and complete UMTS security architecture that could then be used as a basis for standardization.
The main areas under investigation:
a) Security Features and Requirements
The first task of USECA is to determine a current set of requirements for UMTS security. To compile such a list the sources used are existing ETSI technical standards and reports as defined in UMTS 30.00, FPLMTS/IMT-2000 documents, the Link 3GS3 project, and the ASPeCT project. Once compiled, this list will be reviewed, and then offered up to SMG10 for consideration.
Once the security features and requirements list is compiled, it will be continuously reviewed and modified as required. Any changes will be distributed throughout the project and to SMG10.
b) Security Mechanisms
Security mechanisms provide the building blocks for the realisation of security features. Using the list of security features and requirements, this work area will determine and develop the appropriate security mechanisms required for the UMTS security architecture. These will include both technical and organisational mechanisms.
The criteria used to determine which mechanisms are appropriate include fitness for purpose, proof of security, algorithm maturity, communications, administration, processing and hardware overheads, and adherence to international standards.
c) Security Architecture
The starting point of this work is the general UMTS architecture as described at a high level in UMTS ETS 23.01. The physical aspects are modelled using the domain concept and the logical aspects are modelled using the stratum concept.
The relevant domains considered are USIM, Terminal, Access Network, Serving Network, Home Network and Application Network. The Core Network is currently used to reference the Serving Network and the Home Network. Once the required security functions are defined they will be assigned to the appropriate domain.
d) Public Key Infrastructure (PKI)
Public key cryptography allows parties to communicate securely without prior exchange of secret key material. It is expected to be an essential part of UMTS security. The supporting infrastructure for public key cryptography consists of a network of Trusted Third Parties (TTPs) who provide key management and certification services.
An effective public key infrastructure requires appropriate standards to be in place. Hence the first part of the work will be the analysis of existing standards, and the results of collaborative research programmes such as the INFOSEC project. These will then be used to propose a full set of standards against which the UMTS PKI can be developed.
In addition to the technical issues surrounding PKI, the legal aspects of PKI are being studied, with particular reference to the use of digital signatures.
e) The USIM
As part of the development of UMTS, the functional capabilities of the USIM that is expected to control access to networks and services needs to be defined. In defining these, the USIM is expected to have a broader use than just authentication and the storing of some personal data, as it may also be host to electronic payment systems and other applications. Clearly the current specifications of smartcards are too restrictive for such a proposal, but major manufacturers have announced memory ranges of up to 70k within the next two years. Therefore, not only the requirements for UMTS have to be looked at, but also what is possible with the expected card specifications. The project will propose required USIM specifications accordingly.
f) Terminal Security
The work on terminal security is concerned with both logical and physical security. The logical security is to do with the division of the authentication and other functionality between the USIM and the terminal, whilst the physical security is concerned with issues such as theft, terminal cloning, terminal abuse, defective terminals, and non-type approval.
In addition to the six main areas of technical work, a demonstrator was developed that will provide an initial validation of the results of the USIM and Terminal Security groups.
The goal of this project was to develop a complete and viable security architecture,
and present this for use in the standardisation process. The success of the project can
clearly be measured in its impact on the UMTS Security Specification. With such ambitious
time schedules, USECA had the ability to provide a parallel development and analysis path,
which could greatly enhance the chance of producing a robust security specification.
Dr Nigel Jefferies
Technical Manager - Future, Networks, Security and Modelling
Vodafone Group Research and Development
Tel: +44 1635 673883
Fax: +44 1635 233440
|Giesecke & Devrient GmbH||DE|
|Katholieke Universiteit Leuven||BE|