3G-Mobile

Security

Shashishekar R
1ST02EC048
INTRODUCTION :
Third generation mobile systems such as UMTS
[universal mobile telecommunication system]
revolutionized telecommunications technology by
offering mobile users content rich services, wireless
broadband access to Internet, and worldwide
roaming. The users will be able to enjoy Voice-
over-IP, multimedia messaging, and video
conferencing services with up to 2 Mbps data rate.
However the broadcast nature of the wireless
communication and increased popularity of wireless
devices introduce serious security vulnerabilities.
Mobile users and providers must be assured of the
correct identity of the communicating party; user and
signaling data must be protected with confidentiality
and integrity mechanisms. The main aim is to evaluate
current 3G security protocols, implement security
features outlined in these protocols
1G Systems-Features

 Introduced in the 1980s .

 Employed cellular technology .
 Analog radio technology.
 800-900 MHz frequency band .
 voice communication service.

 No data service.
2G Systems-Features
 Introduced in early 1990s.
 Data rates 9.6 Kbps – 14.4 Kbps..
 Uses Circuit Switching.
 800-900 MHz band .
 Digital radio technology .
 International roaming services.
 Caller Id & SMS.
Comparison between 2G and 3G
wireless networks
 Core Network Used in 2G is TDM and Frame relay
transport as compared with IP and ATM transport in
3G

 2G handsets did not provide multimedia support

whereas 3G provided

 Data Rates of 2G are Up to

10 To 50 kbps
384 Kbps (EDGE whereas 3G provided data rate
upto 2MBps
3G Network Architecture
Circuit
Network Circuit/
Signaling
Gateway Mobility
Manager
Feature
Circuit
IN Services Server(s)
Switch

RNC Call
Agent
Voice Data +
Packet
Voice
IP Core
Radio Access Packet Network
Control
Network (Internet)
Packet
Gateway
IP RAN

2G 2G/2.5G 3G
 objectives for 3G security
To ensure that information generated by or relating to a
user is adequately protected

To ensure that the security features standardised are

compatible with world-wide availability

To ensure that the level of protection

To ensure that the implementation of 3G security

features and mechanisms can be extended and enhanced
as required by new threats and services.
 GSM and TDMA offer a path of 3G migration
employing Enhanced Data-rates for Global Evolution
(EDGE).

EDGE :

Enhanced Data-rates for Global Evolution (EDGE) is a

narrowband (200 kHz channels) radio technology that
allows operators to offer 3G services without the
necessity of purchasing a 3G license. EDGE is suitable
for narrower frequency allocations, and can be
deployed in just 2.4 MHz of spectrum
Basic Security Features
 Mutual Authentication

 Data Integrity

 Network to Network Security

 Wider Security Scope

 Secure IMSI (International Mobile Subscriber

Identity) Usage
3G Security Features
 User – Mobile Station Authentication

 Secure Services

 Secure Applications

 Fraud Detection

 Flexibility
 Authentication and Key Agreement

128 bit secret key K is shared between the home

network and the mobile user

Home Network Mobile User

Generate SQN

RAND AUTN
Generate RAND

f5 SQN ⊕AK AMF MAC

SQN
RAND
AMF AK ⊕

K
SQN
K
f1 f2 f3 f4 f5
Serving Network
AV f1 f2 f3 f4
MAC XRES CK IK AK

RAND, AUTH XMAC RES CK IK

AUTN := SQN ⊕ AK || AMF || MAC

AV := RAND || XRES || CK || IK || AUTN RES Verify MAC = XMAC

Verify that SQN is in the correct range

Problems with 3G Security
 A user can be enticed to camp on a false BS. Once the user camps
on the radio channels of a false BS, the user is out of reach of the
paging signals of SN

 Hijacking outgoing/incoming calls in networks with disabled

encryption is possible. The intruder poses as a man-in-the-middle
and drops the user once the call is set-up

 All that can happen to a fixed host attached to the Internet could
happen to a 3G terminal
Future Research Direction
 Extend current simulation implementation
More complicated, perhaps fully loaded, network scenario
Add video conferencing and multimedia streaming traffic
Observe variations in bit error rate and packet drop rate,
among other things

 Network-to-network security
How to establish trust between different operators
Is IPsec a feasible solution for secure communication
between networks?
 End-to-end security
Can two mobile nodes establish secure communication
channel without relying too much on their serving
network?
How can they exchange certificates or shared secret keys?
 Possible solution to existing 3G security
problems
Thank--You

Shashishekar R