1 / 18

SMG10 report to SMG#30 Tdoc SMG P-99-741

This report provides an overview of the discussions and decisions made during the SMG10 meetings at SMG#30, including security enhancements for SS7 and IMEI, recommendations for GEA2 implementation, and updates on WPA and WPB security mechanisms. It also highlights future areas of work for SMG10.

ehiggins
Download Presentation

SMG10 report to SMG#30 Tdoc SMG P-99-741

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SMG10 report to SMG#30Tdoc SMG P-99-741 Michael Walker Chairman ETSI SMG10

  2. SMG10 meetings since SMG#29 • SMG10 plenary #2/99, joint with 3GPP SA3, 3-5 August, Sophia Antipolis • SMG10 ad hoc meeting - to prepare CRs for agreement by correspondence, 26 October, The Hague

  3. Reports for approval • Threat analysis on SS7 security, Tdoc SMG P-99-744

  4. CRs for approval • 02.09(and resulting CRs to 02.16, 03.03 and 11.10), Enhancement of IMEI security, Tdoc SMG P-99-742 • 03.20, Introduction of EDGE variant of A5, Tdoc SMG P-99-743 • 03.20, Clarification on triplet re-use conditions, Tdoc SMG P-99-743

  5. Liaison statements to SMG • LS to SMG (copy GSMA SG) on use of GEA2, Tdoc SMG P-99-745 • LS to SMG (copy GSMA SG) on use of A5 algorithms for EDGE, Tdoc SMG P-99-556 • LS to SMG (copy GSMA SG) on A5 algorithm - use of 64 bit Kc, Tdoc SMG P-99-555 • LS to T1P1 (copy SMG) stating that SMG10 endorses stage 2 but that it has identified two risks, Tdoc SMG P-99-746

  6. Special item for SMG#30IMEI security • CRs to enhance IMEI security, Tdoc SMG P-99-742 • CR to 02.09 to add the line: • “It shall not be possible to change the IMEI after the ME’s final production process. It shall resist tampering by any means (e.g. physical, electrical or software)” • Corresponding CRs to 02.16, 03.03 and 11.10

  7. Special item for SMG#30SS7 security • Messages can be read, altered, injected or deleted i • Threats include denial of service, security triplet replay to compromise authentication and allow eavesdropping of user traffic • Exacerbated by increasing number of connections (and potential to connect to/via Internet) • Report contains list of threats related to “dangerous” messages • Handover work to 3GPP SA3

  8. WPA Security mechanisms 1Chairman Henri Gilbert • GPRS • LS to SMG (copy GSMA SG) on use of GEA2 • SMG10 recommend that GEA2 should be an option in terminal/network from R97 and should become mandatory (EDGE can be mandatory from the outset) • SMG asked to consider appropriate timescales for making GEA2 mandatory • Network should be able to select between GEA1 and GEA2 during migration but network should not be able to set no encryption • If recommendations adopted then exact details need elaboration

  9. WPA Security mechanisms 2 • Use of full length Kc • LS to SMG (copy GSMA SG) on use of 64 bit Kc • SMG#27 wrote to manufacturers - only positive responses were received • Manufacturers to ascertain that their equipment will work with a 64 bit Kc • Cut off date May 2000

  10. WPA Security mechanisms 3 • EDGE • LS to SMG (copy GSMA SG) on use of A5 algorithms for EDGE • CR to 03.20 Annex C.1 on EDGE variant of A5 - for approval • Algorithm should be run to provide 696 bits (instead of 228) • No requirement for additional test data

  11. WPB Security services 1Chairman Simon Collins • Clarification on triplet re-use conditions • CR to 03.20 on security triplet re-use conditions • CR agreed in SMG10 with comments from N2 (SMG3 WPC) • Allows re-use when system failure in HLR, disallows re-use in the event that subscriber unknown or barred • Changes from withdrawn CR at SMG#29 • Removed requirement that re-use should not be performed in case of badly formatted requests • Removed requirement that operator could specify how many times triplets could be re-used in VLR/SGSN • CRs to R96 and R97 withdrawn because of retro-fit issues

  12. WPB Security services 2 • LCS • LS to T1P1 (copy SMG) on LCS • SMG10 endorse LCS stage 2 but have the following concerns • Possibility exists to manipulate MS positioning estimate through • Manipulation of differential GPS data (coming from another source than network) • Software changes to the MS • No changes suggested

  13. WPB Security services 3 • Follow-me • LS was sent to SMG1 asking that the following is added to the specification • A note to the effect that the service shall not be offered in standard GSM releases, and that in any case it must be enabled by the operator • A statement that FIGS can be used where CAMEL is available • Wording on password control should indicate that this is not a very secure solution

  14. WPB Security services 4 • SMS abuse • SMG#29 asked SMG10 for a statement on the nature of SMS abuse • Threats • mass mailing - resulting in denial of service, commercial opportunism • concern over liability for abusive content, damage to third party • Counters • control of direct and indirect access to manage SMS volumes and source

  15. WPB Security services 5 • MExE • The MExE R99 has been handed over to 3GPP S3 • SMG10 shall be informed about progress

  16. WPD Lawful interceptionChairman Bernie McKibben • SMG10 WPD supporting 3GPP LI work

  17. Future scope of SMG10 • After transfer of 3G-related issues to 3GPP, the main areas where work is ongoing in SMG10 are: • Security for location services, CTS changes • Introduction of larger cipher key in GSM (if sufficient support from member companies is offered) • Evaluation of features developed for 3G for applications in GSM • Propose amalgamation with 3GPP SA3 - process to be discussed at next SMG 10 meeting

  18. Future meetings • 16-19 November - SMG 10 plenary, joint with 3GPP S3 (Security)

More Related