Project Overview

 

Introduction

The communications industry has been developing a strategic vision of the 3rd generation of digital mobile systems referred to in Europe as the Universal Mobile Telecommunications System (UMTS). This has gained momentum, and the interest within the industry has increased. An indication of this is the formation of the UMTS Forum, an association of telecommunications operators, manufacturers and regulators, to promote the work on UMTS; another indication is the increased activity in the pertinent standards groups.
It is clear that UMTS cannot be operated in a commercially successful way and will not meet with the users' acceptance if reliable and effective security measures are not implemented from the start. A lot of groundbreaking work was done in critical parts of this area in the collaborative research projects ASPeCT (ACTS), MONET (RACE) and ‘3GS3 - Third Generation Mobile Telecommunications System Security Studies’ (UK LINK programme).  However, there was still a long way to go to establish a security architecture covering all relevant aspects of security, to ensure that the UMTS security standards would be completed on time, to enable manufacturers to start product development and to enable operators to plan their UMTS networks.  This was partly due to the fact that the specifications of UMTS framework in areas other than security had not progressed sufficiently to enable security for UMTS to be specified in all the necessary detail. Work in these other areas has progressed faster recently, and it became imperative to take on the task of resolving the problems in UMTS security which might have hindered the timely introduction of UMTS.The UMTS standardisation process altered dramatically during the first year of the project, with the establishment of Third Generation Partnership Project, 3GPP, as the central standards body, taking on the responsibility, for the time being at least, of other actors such as ETSI.
3GPP is an alliance between ETSI, ARIB and TTC (Japan), T1P1 (US) and TTA (Korea) to develop global standards for third generation mobile communications.

The USECA project has played a leading role in the development of the security architecture in the first release – Release’99 – of the specifications for third generation mobile communications from the 3GPP organization.

Project Goals

The goal of USECA has remained that of ensuring the development of industry standards for a UMTS security architecture.  To this end it was essential that the project remained flexible in its planning, so that timely inputs could be made to standards bodies.
The main objective of the project was defined as
   to ensure that a viable and complete UMTS security architecture was developed as a basis for standardisation by ETSI.
At the outset of the project the mobile telecommunications world was undergoing rapid transformation as GSM technology reached maturity and the plans for the next generation - UMTS - firmed up.  Mobile usage and the resultant customer base accelerated world-wide, with corresponding increased expectations of the benefits that 3G and would provide.
The provision of economic security measures and facilities was seen as crucial to the success of 3G.  A key event was the establishment of 3GPP as an initiative to co-operate in the production of globally applicable Technical Specifications and Technical Reports for a 3rd Generation Mobile System based on evolved GSM core networks and the radio access technologies that they support.
The work of ETSI in the field of security, which was seen as the original focus of USECA, was subsumed under this new organisation, allowing much wider dissemination and influence of the results of the project.  The project workplan was adjusted at the end of its first year to take account of this shift in emphasis.  The consequence has been that USECA has been able to play a leading role in the generation of the specifications of the 3GPP Release’99 specifications, the foundation of UMTS.

Consequent sub-objectives of the project were defined

-      to provide a focal point for UMTS security work;

 

this was successfully achieved through the project’s relationship with 3GPP;

4

-      to provide a sound and validated technical basis for the definition of UMTS security standards by ETSI;

 

as above, this was successfully achieved, but for the global platform afforded by 3GPP;

4

-      to build on the work of and collaborate with relevant ACTS projects (in particular with FRAMES) to provide the required security expertise;

 

no appropriate collaborations could be identified; however the project played an active role in the concertation process and its activities;

 

-      to review the security requirements arising from the set of services defined for UMTS and define a comprehensive set of security features for UMTS;

 

Section 1 of Part 1 of this report sets out the requirements in terms of services and features;
Part 2 examines the legal framework and constraints that need to be observed;

4

-      to define a comprehensive set of security mechanisms, protocols and procedures (with the exception of encryption algorithms) for UMTS;

 

Section 2, below, gives the results of this work together with the extension which includes a preliminary investigation into the use of IP-based protocols in the core network;

4

-      to define a complete functional and physical security architecture for UMTS;

 

Section 3, below, reviews the developments of the UMTS security architecture;

4

-      to define a public key infrastructure for UMTS;

 

PKI is reviewed in Section 4, below; scope was limited by there being no requirement for the initial 3GPP specifications

4

-      to define the security features and procedures involving the USIM;

 

results of work on USIM security features and facilities are described in Section 6, below;

4

-      to validate critical concepts in demonstrators.

 

the demonstration has been given successfully at a number of events and to clients including the Commission; the specification and description are given in Section 7, below.

4

Section 5 describes work on terminal security, which has not been adopted.

 

Project structure

The work of the project was organised as a number of workpackages, grouped into two workpackage groups, as shown below.

Work Package Group 1 is concerned with the external relations of the project and with management at the project level and at the work package level.  In particular, management has to ensure that the work in work package group 2 is closely co-ordinated among the work packages.

The technical work is done in Workpackage Group 2.
The technical work packages can be split into two further groups: those focused towards the development of the comprehensive UMTS security architecture and those that address specific issues or parts of the system. Each of the latter group impact on each stage of the architecture development, as shown below.

 

Overall project conclusions

The project has successfully completed the planned work, and made many essential contributions to the progress of security aspects of the first specifications of third generation mobile communications - UMTS - mainly through liaison with 3GPP.

The project has enabled the partners to act as a coherent technical focus for the security work leading the specification of 3G mobile globally.  The successful individual results are indicated above, but the overall success of the project can be seen in the influence that has been achieved at the worldwide level. 

 

Summaries of USECA Deliverables

 

D01    Linkages with other ACTS projects

 

One of the objectives of the ACTS Programme is to look for synergy and shared benefits in collaborative research and technical development. The first deliverable of USECA aims to achieve this by identifying bi-directional linkages between related projects both within and outside the ACTS Programme. Mutual co-operation is seen to be beneficial both during the initial conceptual phases and during the later development and trial phases. This report identifies liaisons and dependencies and outlines which results of other projects might be used and when certain results from the USECA project will become available to other projects. It is envisaged that as the project progresses, new interactions and relationships will emerge and existing relationships will change. This report should therefore be viewed as a ‘living’ document.

Since third call projects are all at an early stage, analysis has been based on project summaries and material that has been exchanged informally. Relevant results from second call projects which are coming to a close are also identified. Section 1 of this report gives an overview of the USECA project including a summary of the project’s objectives, an outline of the areas of activity, and descriptions of the expected deliverables. Section 2 contains linkages with other ACTS projects. Section 3 contains linkages with projects outside the ACTS program and Section 5 contains linkages with standardisation organisations. Section 6 contains a description of the USECA demonstrations. At the end a list of abbreviations is given.

 

D02     Security Features and Requirements for UMTS

The main objective of WP2.1 is to produce a comprehensive list of UMTS security requirements and features. These lists of features and requirements can be used as inputs to the other USECA work packages and to validate the requirements and features specifications being produced within ETSI. These lists have been produced and were derived from an examination of ETSI UMTS service requirements specifications and other types of document, ITU recommendations and the output of research projects such as ACTS ASPeCT.

It was hoped that these lists could be compared with the ETSI UMTS report on security principles for UMTS, 33.20, [30]. However, 33.20 was found to be unclear in its specification of what was actually required for UMTS as oppose to what should just be considered. A considerable amount of effort was therefore put into developing a document that contained definite requirements only. This is the UMTS Security Requirements specification, ETR 33.21, [31]. The production of 33.21 should be considered a significant and commendable achievement which has been developed with significant input from USECA WP2.1.

The list of security requirements derived from service requirements specifications and other sources was compared with 33.21 to see what requirements are missing from 33.21 and where 33.21 contains requirements that cannot be justified by service requirements. These two sets of requirements will be used to advance the work of developing 33.21.

A comprehensive review of the legal aspects surrounding UMTS security is also given. The legal aspects of establishing a public key infrastructure (PKI), data protection and encryption are examined in particular.  

D03     Requirements on a PKI for UMTS

 

The purpose of this report is to give an initial view on the likely public key infrastructure requirements in UMTS. These requirements arise from the potential use of public key techniques in the provision of certain UMTS security features.

We start in Section 4 by making various assumptions about the use of public key cryptography in UMTS.

We focus on three types of UMTS security feature where public key techniques may be used. These are: (a) network access authentication and key establishment, (b) end-to-end security between a user and a value-added service provider, and (c) end-to-end security between users.

In Section 5 we review some of the application toolkit developments in second generation mobile systems which may have an impact on the development of a public key infrastructure for future systems such as UMTS.

In Section 6 the report looks at some of the architectural considerations which need to be taken into consideration when designing a public key infrastructure for UMTS.

Section 7 describes three example public key mechanisms which may be used to provide security features in each of the three categories defined in Section 6.

This is followed in Section 8 by a study of the requirements arising from the use of the example mechanisms.

Section 9 then presents an initial list of selection criteria which may be used to help choose the signature schemes and hash functions which will form part of the infrastructure.

This is followed in Section 10 with a preliminary list of candidate security standards which may be of use in helping to build the infrastructure.

The report ends in Section 11 with a summary of the main conclusions of the report.

 

D04 Intermediate report on the UMTS USIM

In work package 2.5 the USIM, the smart card for UMTS, is investigated. Results of WP2.5 will influence WP2.7, "Demonstrations". The main objective of the USIM part of these work packages is to give a viable specification for the USIM.

When work for WP2.5 (in particular for this deliverable) started, it was still assumed that authentication in UMTS could be based on a public key infrastructure with new features compared to GSM. Among other advantages, a great flexibility of authentication procedures could have been achieved using public key techniques. For this, a protocol description language was developed. Using this language, all participating parties of UMTS will be able to communicate on protocols for authentication in UMTS in a standardised way. Moreover, it will be easy to develop and implement new protocols. Even if the protocol description language focuses on public key techniques, it includes symmetric key techniques as a special case. Thus, it is feasible to apply it also for UMTS phase 1. This will allow a smooth migration to later phases which might be based on public key techniques. Furthermore, USECA anticipates the use of PK for application security and e-commerce.

This deliverable gives a high-level description of the protocol description language and of a proposal for the smart card in UMTS. In later papers and deliverables a low-level specification will follow.

 

D05 Intermediate report on terminal security

 

This report provides a preliminary investigation of terminal security for UMTS as part of Work Package 2.6 of USECA. Since UMTS security will evolve from GSM security a brief review GSM security is provided. GPRS will provide packet data capabilities to GSM as part of the phase 2 + extensions, a summary of GPRS security is presented. Proposals that were studied by SMG10 to enhance terminal security for GSM phase 2+ are also presented.

UMTS terminal security issues are discussed in detail; the threats to and requirements for terminal security are discussed according to the currently available specifications.

Finally, possible solutions for UMTS terminal security are discussed including the current 3GPP UMTS phase 1 standardisation activities.

Several conclusions were reached as a result of this paper. It is considered that the whole approach to terminal security needs to be revised. This might be based on the proposals presented in this paper and should, in any case, consider the capabilities of the terminals and the role of the network.   

D06 Intermediate report on UMTS security mechanisms

 

The objectives of this intermediate report of WP2.2 are to review security mechanisms available to realise the security features elaborated in WP1.2 and documented in deliverable D02, to evaluate these mechanisms with respect to the special UMTS requirements and to select a preliminary set of security mechanisms. It should be emphasised that this deliverable is the only document so far where the evaluation of the UMTS security mechanisms is laid down in a comprehensive and systematic fashion. This could be helpful when one later wishes to recall the reasons for certain decisions taken in the standardisation process.

Commercial UMTS Phase 1 services are expected to commence in Europe by 2002. Accordingly, standardisation work for phase 1 is progressing very fast and has to be completed by the end of this year. USECA has made major contributions to the ongoing standardisation work for UMTS phase 1 in the relevant standardisation bodies within ETSI and 3GPP. This intermediate report contains a description and evaluation of security mechanisms discussed for UMTS phase 1, within the standards bodies or within USECA. In particular, it contains the mechanisms discussed in ETSI SMG10 WPC and 3GPP WG3 and documents the reasons for the decisions taken there.

All mechanisms described are based on secret key cryptography. One reason for this is that UMTS, as specified by 3GPP [WWW.3GPP.ORG], is to be based on the evolved GSM core networks. Another reason is that the additional benefits of public key mechanisms do not seem to justify the additional effort involved in their deployment in the early phase of UMTS.

In chapters 0 and 0 the underlying threat model, on which the selection of the security mechanisms is based, and the appropriate countermeasures are discussed. Chapter 4 describes new attacks that were not possible when GSM was designed, but are now or are perceived to be possible in the near future, because intruders have more computational capabilities or new equipment has become available to attackers. The description of these attacks, together with the description of appropriate countermeasures are shifted to a confidential annex, due to the public nature of this deliverable and the necessity not to educate potential attackers.

Chapter 0 on access network security contains the discussion on four different items: On the confidentiality of the user identity and location, on authentication and key agreement protocols, on integrity protection of certain signalling messages and on user traffic confidentiality.

Subsection 0 discusses four methods for the provision of user identity and location confidentiality. A recommendation for one of the mechanisms is given, which seems to be the most appropriate one. It is based on the mechanism used in GSM today and defines an optional add-on mechanism in specific (failure) situations where today GSM transmits the user identity in the clear. A symmetric group key is introduced for distinct groups of users to provide identity confidentiality even in these cases.

Subsection 0 describes the authentication and key agreement (AKA) mechanisms which were under discussion for a UMTS security architecture. The section at first lists the protocol goals to be fulfilled by an AKA mechanism for UMTS in order to counter the threats discussed in the previous sections. It contains a detailed description of seven security protocols, namely of the existing systems GSM, DECT, TETRA, IS-41 but also three other proposals (RHUL, SEQ, TETRA-3) which were also discussed in the standardisation bodies as candidates for UMTS systems. Only the latter three are evaluated according to a set of selection criteria as they are the only ones which fulfil all the required protocol goals.

In subsection 0 and 0 mechanisms for integrity protection of certain signalling messages and for user traffic confidentiality are discussed. The work on integrity protection has not progressed as far as some of the other work, therefore only a number of general candidate mechanisms is discussed so far.

Chapter 0 provides a first analysis of the proposals for core network security. The goal of core network security is to protect the security related signalling messages (e.g. authentication vectors) which have to be sent within the SS7 network. Candidate security mechanisms have been proposed. Chapter 0 contains the conclusions of this intermediate report and an outlook on the future work of WP2.2. Besides the final decisions on security mechanisms for UMTS phase 1 the final report is aimed to contain a discussion of the advantages and consequences of utilising public key mechanisms in later UMTS phases.

D07 The UMTS USIM: Specification of a demonstrator

 

This deliverable specifies the demonstrator for the USIM - the equivalent of the SIM in UMTS - and provides the low-level specification of the USIM, based on the high-level description given in deliverable D04. The major objective of this specification is to provide a stable basis for the implementation of the demonstrator (which will be realised as USECA deliverable D10).

It defines a set-up to be used for the demonstrations describing the employed hard- and software. The USECA demonstrator consists of a smart card – the UICC, which contains the USIM – a card reader and a PC. The PC simulates the terminal and the network. The USIM itself will be based on a real SIM smart card for GSM. The deliverable also describes the split of work between these components. The demonstrated authentication procedure is now focussed on symmetric key systems but involves a public key system as well, namely it includes the symmetric SEQ protocol and the asymmetric MDH protocol. Besides USIM - network authentication, terminal authentication and PIN functionality will be implemented.  

D08 Intermediate report on UMTS security architecture

 

This report provides a snapshot of the current state of the 3rd generation mobile telecommunications system security architecture as it is developing in the Third Generation Partnership Project (3GPP). It describes the preliminary April release; it identifies the open issues which have been identified subsequently, and provides further proposals on a number of them. A initial view of the integration of the security mechanisms into the network architecture is given.

The security architecture consists of four major security feature classes:

         network access security: protecting the (radio) access link between user and provider domain;

         provider domain security: protecting fixed links in the provider domain;

         user domain security: protecting access to the equipment in the user domain (user equipment and access module);

         application layer security: protecting communication between applications in the user and the provider domain.

UMTS security features and mechanisms are carried over from GSM features and mechanisms where possible and sufficient. Modifications and enhancements are included only in the feature classes network access security and provider domain security. In release ’99 however new mechanisms are only introduced in network access security.

The network access security mechanisms are:

         conventional user identity confidentiality mechanism: a mechanism using temporary identities known to the MS and the SN/VLR (carried over from GSM);

         mechanism for enhanced user identity confidentiality: a mechanism between using encryption of the permanent user identities between the user access module and a home environment network entity (a small part of which - the transport mechanism - is standardised);

         authentication and key agreement: in addition to the protocol goals achieved by the GSM mechanism, an integrity key is derived alongside a cipher key, both keys are considerably longer than in GSM; assurance of the freshness of the derived cipher and integrity keys is provided by means of an authentication token that is sent alongside the random challenge containing a signed sequence number;

         encryption mechanism: a symmetric-key encryption mechanism between user equipment and radio network controller applied to user and signalling data;

         data integrity mechanism: a symmetric-key message authentication mechanism between user equipment and radio network controller applied to signalling data;

         network-wide encryption mechanism: a mechanism using symmetric-key encryption re-using the algorithms available for access link encryption.

These mechanisms are described in detail and open issues and scope for improvement are identified.

The core of this deliverable is formed by a number of further proposals on the open issues. For the mechanism for enhanced user identity confidentiality we propose a solution that protects the identity not only for mobileoriginated but also for mobile-terminated connection establishment. For authentication and key agreement we propose a) modifications to the integration of the re-synchronisation mechanism, b) a sequence number mechanism that assures freshness and at the same protects against long-time lock-up of USIMs and c) a modification to the re-synchronisation procedure that ensures the accuracy of the information received by the home environment on the counter in the USIM. Then follow two contributions on interoperation between UMTS and two 2G mobile communications systems. For GSM both inter-system registration and handover are discussed, for IS-41 based networks only registration is discussed. Further, for data confidentiality and data integrity an overview is provided of the discussions within the RAN-2 group and between SA-3 and RAN-2.

Finally some alternative key management schemes for network-wide encryption are proposed and their properties discussed.

The April release of the security architecture together with the modifications and additions proposed here are taken as a basis for a functional network architecture: for each functional network entity, i.e., for each network entity and for each security mechanism, the requirements concerning data storage and implementation of cryptographic functions are given.

A start is made of the description of the modifications to the different network protocols required to support the new and enhanced network access security mechanisms.

D09 Intermediate report on a PKI architecture for UMTS

 

The purpose of this report is to give an initial view on the specification of appropriate public key infrastructure components to support selected security features in UMTS. The report builds on the requirements work presented in USECA D03 [USECA D03].

The report is split into two main sections corresponding to public key infrastructure specifications to support security features in two of the five security domains defined for UMTS [3G 33.102].

Section 3 reports on the specification of a PKI to support security features in the application security domain. In this area the project has focused on two important technologies which are currently being standardised for use in UMTS, namely MExE and WAP. MExE will use public key cryptography to certify applications and content loaded onto UMTS terminals. In addition, WAP, and related Internet security technologies, will provide public key security for internet access from UMTS terminals. Since a scaleable and flexible security model is desirable, an appropriate PKI must be available to manage and distribute the required public keys.

Section 4 reports on the specification of a PKI to support security features in the provider security domain. Here, the project has focused on signalling security between core network nodes where public key techniques are used to establish the necessary session keys between the various network nodes.

We have continued our investigation into the application of public key cryptography in UMTS by considering the use of PKIs to support selected security features in UMTS. In doing this, the report has made use of, and elaborated upon, the results presented in USECA D03 [USECA D03].

In the first main section of the report we discussed the specification of a PKI to support security features in the application security domain. In this area we focused on two important technologies which are currently being standardised for use in UMTS, namely MExE and WAP. As well as elaborating upon the requirements and reporting on the status of the standardisation work, we have reviewed selected certificate formats and described how they might be applied in WAP and MExE. One of the main achievements of the project in this area has been the way it has helped to influence decisions made in the relevant standards bodies. For MExE in particular, a representative from one of the partners has acted as rapporteur for the security specifications.

In the second section of the report we considered the specification of a PKI to support security features in the provider domain. After analysing the PKI requirements for this security feature, we have provided an initial specification of an example PKI which may be used to support key management between network nodes that need to establish secure signalling links. Core network signalling security is an important new security feature in UMTS and key management is recognised as a key issue which must be addressed before the appropriate security functionality is integrated into the signalling network.

In summary, we have reported on the intermediate results of WP2.4. Further work will continue to develop the ideas presented in this deliverable focusing primarily on these two applications of public key cryptography in UMTS. An important aspect of this work will continue to be the close involvement with relevant standards bodies.

D10 - The UMTS USIM: Implementation of a demonstrator

 In the demonstrator the 3GPP authentication and key agreement protocol - including the management of sequence numbers in case of synchronisation failures - and the asymmetric ASPeCT protocol are implemented. The flows of the authentication protocols as well as the contents of the protocol messages and the state variables of the system instances are visualised on the demonstrator screen. Therefore the demonstrator can be used as a visualisation tool in order to present the 3GPP or the ASPeCT authentication and key establishment mechanisms to an expert audience during conferences.

Since the demonstrator allows exact tracing of the implemented authentication protocols and the intervention of the user in order to manipulate the state variables of the system, it also serves as an analysing tool for authentication in UMTS. The authentication and key establishment mechanisms as well as the behaviour of the protocols under failure conditions or fraud attempts can be analysed.

Due to the time measure functions and logging functions the demonstrator may also serve as tool for evaluating the authentication protocol as well as the performance of the implemented security mechanisms.

D11 Security Architecture for UMTS

Part 1 – Technical results

USECA set out to provide a firm architectural foundation for the security measures that would play a critical role in the establishment of UMTS or third-generation - ‘3G’ - the generation of mobile communications to follow on from GSM.'

It was anticipated that this would be in the context of European standards developed in ETSI, but in the event, the industry set up a new forum concerned solely with the establishment of 3G.  The Third Generation Partnership Project - 3GPP - arrived in time for USECA to switch its focus to the new organisation.  By taking this opportunity, the project was to play a central role in setting in place a number of critical security components for the worldwide industry standard.

The close association with 3GPP developments had major advantages in allowing the project global influence and visibility.  The disadvantage may be seen as a curtailment of scope, for instance concentrating on use of symmetric cryptography for the early releases at the expense of some PKI work,.  The balance is judged to have been very much in favour of the 3GPP path:  real, applicable results contributing to the establishment of third generation versus interesting but possibly premature footnotes in the history of mobile communications.

In addition to its technical results, the project produced a review of the relevant aspects of the legal environment – both European and national legislation - as it affects core processes in a business model involving mobile communications.  As this is so comprehensive, it now seems fit to treat it as a separate document that may be of wider general interest and use in, say, development of regulatory frameworks governing the take-up of electronic commerce.  It forms Part 2 of this report.

Part 1 of the report deals with the technical work.  The numbered sections give the results of the technical workpackages of the project.

Section 1   Workpackage 2.1 – covers the the work to establish the requirements for 3g security;
the intended update to the existing document
[ETSI 33.20] had to be superseded by a complete rework;  the results was a new version of ETSI standard.

Section 2   Workpackage 2.2 – deals with the work on security mechanisms for 3G;
the principal results here were the authentication and key agreement
(AKA) protocol, which has been adopted worldwide, and a major contribution to user traffic confidentiality and also to integrity protection of signalling data.

Section 3   Workpackage 2.3 – describes the overall security architecture

Section 4   Workpackage 2.4 – provides a survey of the use of public key cryptographic infrastructure (pki) in UMTS; the work provides a useful foundation for subsequent developments where pki will be a necessary component although the scope for innovation was limited by the 3GPP’s priorities for its early releases.

Section 5   Workpackage 2.5 – documents an approach to terminal security that at the outset appeared to have practical possibilities; in the event this has not been taken up by the industry.

Section 6   Workpackage 2.6 – gives a specification for the Universal Subscriber Identity Module (usim) that was implemented and demonstrated in WP2.7.

Section 7   Workpackage 2.7 – specifies the demonstrator.

Conclusions and recommendations are given in the Overview section that follows.

The major specifications that the project has played an key role in are highlighted in the references section, below.

Part 2 – Legal issues

The future mobile telecommunications standard UMTS, due to launch commercially in 2002, is representative of a new generation of e-commerce environments. Creating a unique commercial platform, UMTS will provide mobility, media convergence, and transactional efficiency for a maturing information society with little respect for jurisdictional borders and an increasing appetite for flexible and efficient content provision.

Because the security challenges are vast and unknown, authentication strategies are paramount in ensuring the platform's accountability, reliability, and effectively its commercial viability. Accordingly, the UMTS industry aspires to develop complex security mechanisms drawing upon PKI technology in combination with "brokerage" functionalities supplied by a UMTS network provider. To portray the various legal issues that arise from the diversified design of a UMTS PKI, this report carves out "sliding scale" of tools employing a PKI. The analysis draws on this taxonomy of mechanisms because it jointly synthesizes the latent security features of the broker model.

-          An Alternative for the Handwritten Signature: authentication may relate to an alternative for the handwritten signature, a concept under which the user's legal or natural personality as well as the user's association with an electronically formatted writing is verified so as to satisfy the requirements for handwritten signatures.

-          Terminal Equipment Authentication: Device authentication represents a conceptual counterpart to an electronic alternative for the handwritten signature. Rather than substituting for a handwritten signature, the user hardware is authenticated while performing certain on-line activity by virtue of its using a socalled Universal Subscriber Identity Module (USIM).

-          Online Payment Tokens: Payment tokens are digital payment units for which authentication is based on data sent by the user. As is the case for terminal equipment, this mechanism does not as such purport to be equivalent to a handwritten signature.

Moreover, the distinction between basic tele- and bearer-services (voice telephony, video telephony or high speed data services) and services offering "added value" (examples include data retrieval or more mobilespecific services, such as road transport telematic services providing traffic information and guidance to drivers) is determinative of the way in which existing legislation applies to the UMTS service providers

D12 Overview of UMTS architecture

This report provides a concise overview of the UMTS network architecture as far as it is known and described in the ETSI Technical Reports and Technical Specifications up to now. The report will provide the USECA partners with part of the necessary background material required in the definition, development and integration of a UMTS security architecture for the UMTS network architecture. The UMTS network architecture however is still far from complete, stable and entirely defined. Therefore the architecture of the IMT-2000 family of networks that will influence the standardisation of UMTS and the GSM Phase 2+ network architecture from which the UMTS core network will evolve are also treated.
In Chapter 4, the GSM circuit-switched network architecture is presented; first the network subsystems are identified and at a later stage the network entities, their functionality and the interfaces that exist between them.
In Chapter 5 a number of GSM Phase 2+ extensions (excluding GPRS) are presented that have an impact on the network architecture or can be seen as the seeds from which the new UMTS services will evolve. The first topics are the so-called Advanced Speech Call Items (ASCI). One is an enhanced multilevel precedence and pre-emption (eMLPP) service that allows handling precedence levels for subscribers within a PLMN including the possibility of pre-emption of ongoing calls. A second is the voice group call service (VGCS) that allows speech conversation of a predefined group within a predefined area. Another is the voice broadcast service (VBS) that allows to set-up a point to multi-point connection for the distribution of speech to a predefined group of service subscribers located in a predefined geographical area.

Another network feature is high-speed circuit switched data (HSCSD). It will allow higher transmission rates than the current 9.6 kbit/s, up to 64 kbit/s, through channel combining and enhanced channel coding. An architectural novelty is the cordless telephone system (CTS). The CTS is a radio communications system based on a GSM-compatible cellular interface between a private radio base station and a mobile station. The fixed part is connected via a wire-line to the PSTN/ISDN network for which it behaves as a normal telephone terminal.
An overview is given of the GSM Phase 2+ features that provide service differentiation and the creation of a virtual home network, i.e., the provision of an identical user interface independent of the location of the mobile station. A first is the SIM Application Toolkit that provides mechanisms that allow applications on the SIM to interact with the mobile equipment and initiate network actions. The second is the mobile execution environment (MExE) that will provide support for operator-defined services in the mobile equipment. The third is the CAMEL feature that enables the use of operator specific services by a subscriber even when roaming outside the Home PLMN and is based on the Intelligent Network (IN) approach.

The General Packet Data Service (GPRS) is presented in Chapter 6. This is a data service providing a high-speed packet radio access for GSM MSs and requiring the introduction of a packet switched routing functionality in GSM infrastructure with new network entities (GPRS support nodes). These GPRS support nodes and the GPRS backbone network or an evolution thereof is likely to play an important role in UMTS.
Chapter 7 presents the UMTS network architecture, starting from the domain-strata model in ETS 23.01, and subsequently treating different network domains. As UMTS Phase 1 will consist out of the introduction of a new UMTS Terrestrial Radio Access Network (UTRAN) to an evolution of the existing GSM/GPRS 2+ core network, work on the access network is more detailed than that on the core networks.
 Chapter 8 finally presents the network architecture of the IMT-2000 family of networks currently standardized by ITU-T, of which UMTS will be a member.

D13 - Intermediate Progress Report

This document provides an interim report of the results of the USECA project as at the original date for completion - 29 February, 2000.
As a result of the recommendation by the Year 2 Technical Audit that the project should continue for a further six months to 31 August 2000, but within the constraints of the financial budget, certain work items were completed and others are on-going at the end of February.
The final technical report to be provided at the completion of the project is still numbered D11.

This report covers the following:

Completed workpackages which are not continuing in the project extension
- guide to the results of the completed workpackages,
- pointers to the major deliverables

- updates and situation reports
- a summary of the workpackage results
On-going workpackages that make up the extension
- pointers to the deliverables reporting on completed work

- an interim report and summary of work to date

General Summary and Conclusions

The project has successfully completed the work committed to in the Year 1 and Year 2 Technical Annexes [TA].
A very considerable contribution has been made to the security aspects of the first release - Release’99 - of the international standard agreed by 3GPP. The most obvious achievement is the Authentication and Key Agreement protocol (AKA) which has also been adopted elsewhere, making for very real possibility of global roaming. In addition a great deal was achieved in rationalising and codifying the general understanding of the requirements for security facilities in third generation wireless telecommunications.