1 / 9

UMTS Security aspects

UMTS Security aspects. UMTS Forum ICTG Chair Bosco Fernandes Siemens AG E-mail:bosco.fernandes@siemens.com Tel.+49 89 722 25524. Brussels July 14th, 2003. Overview. Introduction Security architecture Security implementations Security technologies

latika
Download Presentation

UMTS Security aspects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG E-mail:bosco.fernandes@siemens.com Tel.+49 89 722 25524 Brussels July 14th, 2003 www.umts-forum.org

  2. Overview • Introduction • Security architecture • Security implementations • Security technologies • Security in the cellular networks • Security and regulatory aspects • Conclusion

  3. Introduction3G networks security analysis is a challenging issue Integrity Non-repudiation Confidentiality Authentication Network protection Network security? Legal requirements Availability • Evaluation of security requirements from legislation, standardization, providers, and end-customers • Threat and risk analysis of networks, services and applications • Choice of adequate technical and organizational security solutions

  4. End-to-End Security Modification of transmitted data Unauthorized access to servers VPN router VPN router 1 Corporate network Corporate network Transport network Eavesdropping of transmitted data User masquerade 2 Internet 3 GSM/UMTS Peer-to-Peer Security Security architecture Different types of network security have to interoperate: corporate/WLAN,Internet, public PLMN

  5. Content Provider Layer Service Creation Layer Network management Security Functions Network Element Layer Physical Transmission Layer Security implementationAdditional security at different levels implies additional costs • Security levels and security scalability • security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel. • additional security at different levels implies additional costs.

  6. Infrastructure: PKI, firewalls... Algorithms: public key and secret key cryptosystems Protocols: IPsec, TLS, WTLSP… Applications: AAA, Certificates, PTD… Terminal: anti-virus, biometrics… Privacy: P3P, Location based services… Security technologies There are lots of security products and more will come

  7. Security in cellular networksSpecifications on Security • UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF. • The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps; • There are functional entities in UMTS operator’s networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.). • standardisation is a major contributor for security functions but there are areas not within standardisation scope that need further investigation (e.g. network design, protection of network nodes, security analysis of IETF protocols in the UMTS context)

  8. Regulatory aspectsThe network is global, regulation is not • Lawful interception • Anti-fraud policy • Regional policy • Privacy

  9. Conclusion • The UMTSFhas completed a detailed analyses of implication of security requirements on 3G network, user device, content, service provider and applications. • The report generated a number of questions to promote an understanding of the level of security and where it needs to be implemented. • One of the most common mistakes that one can make when implementing security solutions is sub-optimising one part and neglecting another.

More Related