Advanced security for personal communications technologies

Summary : An objective of ASPeCT was to provide a flexible procedure for user-network authentication". This procedure allows a number of different mechanisms and algorithms to be incorporated, with the ability to migrate smoothly from one mechanism to another. The flexibility is achieved by letting the user's smart card based UIM (user identity module), the Network Operator and the Service Provider negotiate the authentication mechanism to be used. A list of acceptable mechanisms will need to be maintained so that different entities can identify and implement the mechanisms they require.

Summary : Compact Certificate format the exploitation path is consensus dependent; the requirement for compact certificates is clear from bandwidth constraints imposed by air interfaces etc.; viability has been demonstrated; this is an important input to further discourse Key Escrow scheme; evaluation and demonstration. take-up of key escrow based key handling is subject to some controversy at this time; the evaluation framework and criteria developed may be used for future assessment of protocols; the basic JMW protocol provided by the demonstration of trusted third party services for key distribution and recovery may be enhanced to provide additional user safeguards

Summary : Fraudulent activity in mobile telecommunications continues to be a major problem. The project set itself the goal of investigating the technical options and then of implementing a FraudDetection Tool combining the most promising concepts. Earlier results of the project were the three FDTs based on separate approaches to the problem of detecting and identifying instances and patterns of possible fraudulent behaviour. -a rule based tool; -a neural network based tool using supervised learning; -an un-supervised learning tool utilizing neural networks. A major result of the project is the integration of these three tools, together with a fourth tool using an unsupervised learning approach to B-number analysis, into a combined tool - BRUTUS - with its own monitoring and management GUI. The project has produced a report which examines the determination of the legal rules of member states applying in the various fields of law affected by the use of fraud detection systems by mobile communications operators or service providers.

The mobile telecommunications industry is undergoing a continuing transformation as an increasing number of services, offered by more and more network operators and service providers, becomes available to a growing number of users. The project concerns the study the feasibility and acceptability of new and advanced security features for these new services in existing and future personal communication networks, based on trials and demonstrations. The issues of performance, ease of integration and compatibility of new security systems in universal mobile telecommunications systems (UMTS) are being addressed. Achievements so far include: demonstration of fraud detection using neural networks with supervised learning, neural networks with unsupervised learning, and rule-based techniques; demonstration of escrowed key establishment using a Trusted Third Party (TTP) scheme; demonstration of secure billing of value-added information services using micropayment techniques; significant inputs on the UMTS authentication framework and on the standardization of TTP services.

Summary : Micropayment scheme: The micropayment system used in ASPeCT is applied to pay for the provision of valued added services which provide information to the user based on WorldWideWeb technology. The novelty is not the payment protocol itself, but the way in which it is integrated with the authentication protocol proposed for the mobile system UMTS and the payment scenario for basic and value added services in UMTS. In particular, the problem had to be solved how to integrate protocol layers realizing the ASPeCT authentication and payment protocols with the standard http over TCP/IP stack. This problem was solved by introducing an ASPeCT security layer in between the http layer and the TCP/IP layer in such a way that the ASPeCT security layer provides the same Winsock interface to the http layer above which it uses from the TCP/IP layer below. Authentication and initialisation: The necessary security features for UMTS include confidentiality on the air interface, anonymity of the user and, most importantly, authentication of the user to the network in order to prevent fraudulent use of the system. In addition, it is a desirable feature of UMTS that the user must also authenticate the network in order to prevent an intruder from masquerading as a network operator or service provider. This becomes increasingly important as the number and variety of competing public and private network operators and service providers grows larger. The resulting potential network complexity also suggests that new techniques of managing the cryptographic keys necessary for the provision of these security features may be required. To overcome these problems a new protocol was developed in ASPeCT for authentication between user and network; it was particularly designed to fit the performance constraints of mobile networks. Its design exploits the advances in two fields: Crypto-controller smart cards and elliptic-curve cryptosystems.