The mobile telecommunications industry is undergoing a continuing transformation as an increasing number of services, offered by more and more network operators and service providers, becomes available to a growing number of users. The main objective of ASPeCT is to study the feasibility and acceptability of new and advanced security features for these new services in existing and future personal communication networks, based on trials and demonstrations. The issues of performance, ease of integration and compatibility of new security systems in UMTS are being addressed. This means investigating, implementing and testing solutions in the following areas:
Migration of security features from existing mobile systems to UMTS;
Fraud detection and management in UMTS;
Trusted Third Parties (TTPs) for end-to-end security services in UMTS;
Capabilities of future User Identity Modules (UIMs);
Security and integrity of billing in UMTS.
ASPeCT is providing valuable input to the standardisation of UMTS security by ETSI.
Demonstration of fraud detection using neural networks with supervised learning, neural networks with unsupervised learning, and rule-based techniques;
Demonstration of escrowed key establishment using a Trusted Third Party scheme;
Demonstration of secure billing of value-added information services using micropayment techniques;
Significant inputs to ETSI on the UMTS authentication framework and on the standardisation of Trusted Third Party services.
In addition to the results already achieved and listed above, the project expects to make significant progress in:
Establishment of a secure migration path to UMTS;
Comparison of different techniques of fraud detection;
Investigation of the legal and presentation issues relating to fraud detection;
The first demonstration of a User Identity Module for UMTS;
Advances in user-to-UIM authentication based on biometric techniques;
Demonstration of the use of end-to-end security services by users;
Trials of secure billing of mobile users for access to value-added services.
The proof of feasibility of end-to-end security will have a clearly beneficial effect on operators and providers of future European mobile telecommunications networks.
The economic benefits of fraud prevention to European network providers are clear and immediate. The development of secure billing solutions offers significant benefits to all parties involved.
Finally, manufacturers of terminals and smart cards will benefit from the experimentation and demonstrations which will be performed by the project.
Main contributions to the programme objectives:
Development and test of new security features and migration scenarios for UMTS
Contribution to the programme
ASPECT supports the evolution to UMTS through enhanced security, fraud prevention and secure billing.
The main issue that ASPeCT addresses is the provision of UMTS security features for an ever-increasing number of services and users. The technical work is carried forward in five parallel strands as follows:
Ensuring that migration from the second generation systems to UMTS occurs in a secure way without jeopardising the quality of service or security of new or existing services. Secure interworking of different networks is being considered to allow for safe roaming throughout Europe. A framework for authentication in UMTS will be established to facilitate flexible implementation of authentication protocols.
Developing methods to detect fraud in UMTS. Fraud scenarios and indicators are being investigated and developed. Legal and presentational aspects are also being considered.
Proposing a European-wide solution to the problem of managing keys to provide security services for mobile telecommunication use. This involves using a Trusted Third Party to deal with the secure management of cryptographic keys.
Developing new ideas about, and assisting the smooth migration to, future User Identity Modules. This involves promoting improvements to smartcard technology and investigating user-to-UIM authentication based on biometric techniques.
Developing services supporting the security and integrity of billing in UMTS.
Summary of Trial
The issues of performance, ease of integration and compatibility are investigated in the following demonstrations and trials:
Migration to UMTS from GSM is being investigated firstly by assessing the validity of a joint authentication protocol and, secondly, by investigating the implementation of a migratory UIM, which will be compatible with both networks. The trial will be carried out in conjunction with the AC013 EXODUS project.
Evaluation and comparison of different fraud detection techniques. Both rule-based and neural network-based approaches are being investigated. In each case user profiles, based on previous behaviour, can be built up so that unusual behaviour can be detected and automatically labelled as suspicious.
Verification that the TTP concept is viable and can be introduced safely and effectively. The TTP will be used to support secure billing and escrowed key establishment between a user and a value-added service provider. The trial will be carried out in conjunction with the AC013 EXODUS project.
Investigation of user-to-UIM verification using biometric techniques.
Trial platform architecture
An authentication framework for UMTS;
Fraud detection in future mobile networks;
Trusted Third Party services in mobile networks;
Capabilities of future UIMs;
Billing security and integrity in UMTS;
Collaboration with other ACTS projects such as AC013 EXODUS.