The document evaluates the security model of 3G wireless networks. It begins with an overview of 1G and 2G wireless technologies and their limitations. It then describes the key security principles of 3G networks, which were designed to address issues with previous generations like weak encryption algorithms and lack of data integrity. The document outlines both the security architecture and new features of 3G, such as network authentication and stronger encryption, that provide improved security compared to earlier standards.

1. SECURITY MODEL
EVALUATION OF 3G
WIRELESS NETWORKS
MERCY J
ABINAYA K
1

2. OVERVIEW
• Abstract
• Wireless Network
• 3G Wireless Network
• Security Principles for 3 G
• References
• Conclusion
2

3. ABSTRACT
• 3G mobile phone networks are currently the most widely used
wireless telephone networks in the world.
• While being an improvement over earlier analog
systems, active attacks, authentication, encryption, channel
hijack, inflexibility
• 3G mobile phone standards have been designed to address the
issues in 2G and provide a better security model.
• Overview of security in 3G networks along with pointing out
the known problems.
• Security features of 3G systems are presented and solved .
3

4. 1G WIRELESS TECHNOLOGY
 Developed in 1980s and completed in early 1990’s
 1G was old analog system and supported the 1st generation of
analog cell phones speed up to 2.4kbps
 Advance mobile phone system (AMPS) was first launched
by the US and is a 1G mobile system
 Allows users to make voice calls in 1 country
4

5. 2G phones using global system for mobile communications
(GSM) were first used in Europe.
 GSM provides voice and limited data services and uses digital
modulation for improved audio quality.
Digital AMPS , CDMA were some of the 2G systems.
5

6. To meet the growing demand in network
capacity, rates required for high speed data transfer
and multimedia applications , 3G standards started
evolving.
It is based on the International
Telecommunication Union (ITU) family of standards.
3G technologies enable network operators to offer users
a wider range of more advanced services.
Services include wide-area wireless voice
telephony, video-calls and broadband wireless data , all
in a mobile environment.
The data are sent through the technology called
Packet switching.Voice calls are interpreted
through circuit switching.
6

7. FEATURES INCLUDES
7

8. 3G Network Security Architecture
Circuit
Network Circuit/
Signaling
Gateway Mobility
Manager
Feature
Circuit
IN Services Server(s)
Switch
RNC Call
Agent
Voice Data +
Packet IP Core
Voice
RAC Network Packet Network
(Internet)
Packet
Gateway
IP RAN
2G 2G/2.5G 3G
8

9. 3G Security Principles
• Build on GSM security
• Correct problems with GSM security
• Add new security features
Source: 3GPP
9

10. GSM Security Architecture
10
10

11. GSM Security Elements, 1
Key functions: privacy, integrity and confidentiality
 Authentication
Protect from unauthorized service access
Based on the authentication algorithm A3(Ki, RAND)=> SRES
Problems with inadequate algorithms
 Encryption
Scramble bit streams to protect signaling and user data
Ciphering algorithm A8(Ki, RAND) => Kc
A5(Kc, Data) => Encrypted Data
Need stronger encryption
 Confidentiality
Prevent intruder from identifying users by IMSI
Temporary MSI
Need more secure mechanism
11

12. GSM Security Elements, 2
 SIM
A removable hardware security module
Manageable by network operators
Terminal independent
 Secure Application Layer
Secure application layer channel between subscriber module and
home network
 Transparency
Security features operate without user assistance
Needs greater user visibility
 Minimized Trust
Requires minimum trust between HE and SN
12

13. Problems with GSM Security, 1
 Active Attacks
Impersonating network elements such as false BTS is possible
 Key Transmission
Cipher keys and authentication values are transmitted in clear within and
between networks (IMSI, RAND, SRES, Kc)
 Limited Encryption Scope
Encryption terminated too soon at edge of network to BTS
Communications and signaling in the fixed network portion aren’t
protected
Designed to be only as secure as the fixed networks
 Channel Hijack
Protection against radio channel hijack relies on encryption.
However, encryption is not used in some networks.
13

14. Problems with GSM Security, 2
• Implicit Data Integrity
No integrity algorithm provided
• Unilateral Authentication
Only user authentication to the network is provided.
No means to identify the network to the user.
• Weak Encryption Algorithms
Key lengths are too short, while computation speed is increasing
Encryption algorithm COMP 128 has been broken
Replacement of encryption algorithms is quite difficult
• Unsecured Terminal
IMEI is an unsecured identity
Integrity mechanisms for IMEI are introduced late
14

15. Problems with GSM Security, 3
 Lawful Interception & Fraud
Considered as afterthoughts
 Lack of Visibility
No indication to the user that encryption is on
No explicit confirmation to the HE that authentication
parameters are properly used in SN when subscribers roam
 Inflexibility
Inadequate flexibility to upgrade and improve security
functionality over time
15

16. New Security Features, 1
 Network Authentication
The user can identify the network
 Explicit Integrity
Data integrity is assured explicitly by use of integrity algorithms
Also stronger confidentiality algorithms with longer keys
 Network Security
Mechanisms to support security within and between networks
 Switch Based Security
Security is based within the switch rather than the base station
 IMEI Integrity
Integrity mechanisms for IMEI provided from the start
16

17. New Security Features, 2
 Secure Services
Protect against misuse of services provided by SN and HE
 Secure Applications
Provide security for applications resident on USIM
 Fraud Detection
Mechanisms to combating fraud in roaming situations
 Flexibility
Security features can be extended and enhanced as required by new
threats and services
 Visibility and Configurability
Users are notified whether security is on and what level of security is
available
Users can configure security features for individual services
17

18. New Security Features, 3
 Compatibility
Standardized security features to ensure world-wide interoperability and
roaming
At least one encryption algorithm exported on world-wide basis
 Lawful Interception
Mechanisms to provide authorized agencies with certain information
about subscribers
18

19. Evolution to 3G
Drivers: Capacity, Data Speed, Cost
Expected market share
TDMA EDGE
EDGE Evolution
3GPP Core
GSM GPRS Network 90%
WCDMA HSDPA/HSUPA
PDC
cdmaOne CDMA2000 10%
1x CDMA2000 CDMA2000
1x EV/DO EV/DO Rev A
2G First Step into 3G 3G phase 1 Evolved 3G
19

20. CONCLUTION
 This paper presented a survey of three generations of mobile phone
systems from a security perspective
 3G networks standards were evaluated within availability
confidentiality- integrity framework and found to not be secure
 Hence New Security Features has been presented and solved.
 Finally, there is no experimental data supporting the claim that 3G
systems aren’t secure.
 Future work can be geared toward filling those gaps.

21. References
• 3G TS 33.120 Security Principles and Objectives
http://www.3gpp.org/ftp/tsg_sa/WG3_Security/_Specs/33120-300.pdf
• 3G TS 33.120 Security Threats and Requirements
http://www.arib.or.jp/IMT-2011/ARIB-spec/ARIB/21133-310.PDF
• Michael Walker “On the Security of 3GPP Networks”
http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/mike_walker.pdf
• Redl, Weber, Oliphant “An Introduction to GSM”
Artech House, 2010
• Joachim Tisal “GSM Cellular Radio Telephony”
John Wiley & Sons, 2009
• Lauri Pesonen “GSM Interception”
http://www.dia.unisa.it/ads.dir/corso-security/www/CORSO-9900/a5/Netsec/netsec.html
• 3G TR 33.900 A Guide to 3rd Generation Security
ftp://ftp.3gpp.org/TSG_SA/WG3_Security/_Specs/33900-120.pdf
• 3G TS 33.102 Security Architecture
ftp://ftp.3gpp.org/Specs/2000-12/R1999/33_series/33102-370.zip
• 3G TR 21.905 Vocabulary for 3GPP Specifications
http://www.quintillion.co.jp/3GPP/Specs/21905-010.pdf
21

22. Are Their Any Questions??