Security architecture

Objective

Main Objective

The main objective of the project is to ensure that a viable and complete UMTS security architecture is developed as a basis for standardisation by ETSI. It is clear that UMTS can only be operated in a commercially successful way and meet with the users' acceptance if reliable and effective security measures are implemented from the start. A lot of ground-breaking work has been done in critical parts of this area by the collaborative research projects ASPeCT (ACTS), MONET (RACE) and '3GS3 - Third Generation Mobile Telecommunications System Security Studies' (UK LINK programme). However, there is still a long way to go to establish a security architecture covering all relevant aspects of security. This is partly because other aspects of the UMTS specification were not sufficiently advanced for all the necessary details of security to be specified. But work in these other areas is progressing faster now, and there is a danger that the specification of security may be lagging behind. It is therefore of great importance to resolve those security problems which may hinder the timely introduction of UMTS.

To achieve the main objective, the following sub-objectives have been identified:

-to provide a focal point for UMTS security work;

-to provide a sound and validated technical basis for the definition of UMTS security standards by ETSI;

-to build on the work of and collaborate with relevant ACTS projects to provide the required security expertise;

-to review the security requirements arising from the set of services defined for UMTS and define a comprehensive set of security features for UMTS;

-to define a comprehensive set of security mechanisms, protocols and procedures (with the exception of encryption algorithms) for UMTS;

-to define a complete functional and physical security architecture for UMTS;

-to define a public key infrastructure for UMTS;

-to define the security features and procedures involving the USIM;

-to validate critical concepts in demonstrators.

Technical Approach

The project will start from the considerable work already done in the area of UMTS. Information can be obtained from two main sources: previous and ongoing collaborative research projects and results from standards groups. This applies to both security-related and non-security related work. For security-related work, the main source of information is the project ASPeCT. In the standards area, ETR UMTS 33.20 'Security Principles for the UMTS' is of particular relevance. In particular, the security-related results have to be compared with the results in the area of service definition and of network architecture to find possible inconsistencies and gaps.

The work on UMTS security in the project will proceed in the following strands:

-Security features and requirements: The list of security features defined in ETR UMTS 33.20 will be reviewed. Furthermore, new UMTS services will be identified, whose impact on security has not yet been thoroughly studied. An example of such a service is the multiple registration of a user on several terminals or of several users on one terminal. This may result in the definition of new or modified security features. The output of this strand will be a consolidated description of the UMTS security features.

-Security mechanisms: The list of security mechanisms available from previous work is expected to be incomplete, even for the existing list of security features. The existing ones will have to be reviewed and evaluated. Mechanisms providing security for the new UMTS services and concepts will be defined.

-Security architecture: A stable UMTS architecture was not available for earlier projects. Therefore, the security mechanisms, which they proposed, could not be integrated in a UMTS security architecture. In addition, new concepts have been introduced in UMTS that were not available in GSM and whose impact on security has not yet been studied. Examples of this are macrodiversity and the air interface. The air interface, in particular, will be studied from a security point of view. The air interface is expected to have considerable impact on the security mechanism for the provision of confidentiality. This is just one of many examples where the work on security mechanisms and on security architecture are mutually dependent. Therefore, there will be close co-operation between the corresponding activities.

-Public key infrastructure: If, as seems likely, public key based security mechanisms are to be used in UMTS then an appropriate public key infrastructure is required. The infrastructure will consist of a network of Trusted Third Parties. The project will propose a PKI architecture for UMTS.

-The USIM: The USIM is a key component of UMTS security. More flexibility regarding the use of security mechanisms will require a new approach to the interface between the USIM and the terminal.

-Terminal security: This work will address the issues related to the terminal side of the interface with the USIM, as well as the issue of how to bar stolen or cloned equipment.

-Demonstrations: Critical concepts developed in the USECA project will be validated in a demonstration that focuses on mobile/USIM interaction.

-Standardisation: Close collaboration with standardisation bodies is needed. This collaboration will be ensured by the participation of project partners in the relevant ETSI groups. The most important group is ETSI SMG 10. The project will provide a sound and validated technical basis for the definition of UMTS security standards by ETSI.

-Collaboration with other ACTS projects: A number of relevant ACTS projects are working on issues concerning various parts of the UMTS architecture, but do not address security issues. The closest collaboration is expected with the FRAMES project.

Summary of Trial

No substantial user trials are planned, although a demonstrator will be produced that will show the validity of the concepts developed for UMTS security architecture with particular focus on the USIM and the Terminal.
Expected Achievements

The expected achievements of USECA are:

-To establish a complete list of Security Requirements and Features for UMTS,

-To incorporate this list into the relevant ETSI documents,

-To define a set of security mechanisms for the new UMTS services and concepts,

-To define a complete and viable security architecture for UMTS,

-To define a Public Key Infrastructure that supports UMTS,

-To determine the role of the USIM within UMTS, and to determine an effective interface between the USIM and the terminal,

-To make available any results of USECA as contributions to the standardisation process.

Expected Impact

The results of USECA are expected to have a major impact on the UMTS security standardisation process through the raising of identified security issues, through the definition of a series of relevant mechanisms including a Public Key Infrastructure, and by making available a viable and complete UMTS security architecture.

In addition, USECA is expected to contribute to other UMTS standards bodies by raising issues that arise out of the security work.

Main contributions to the programme objectives:
Main deliverables
A complete functional and physical security architecture for UMTS, complemented with a demonstrator of critical features, including USIM
Contribution to the programme
A complete functional and physical security architecture for UMTS, complemented with a demonstrator of critical features, including USIM
Key Issues

Before a complete UMTS architecture can be defined the following issues require further work:

-An incomplete list of Security Requirements and Features for UMTS,

-No current list of Security Mechanisms for UMTS,

-No current Security Architecture for UMTS,

-No Public Key Infrastructure defined that will support UMTS,

-No clear definition of the role of the USIM within UMTS.

Fields of science (EuroSciVoc)

CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques.

• natural sciencescomputer and information sciencescomputer securitycryptography
• engineering and technologyelectrical engineering, electronic engineering, information engineeringinformation engineeringtelecommunications

Programme(s)

• FP4-ACTS - Specific programme of research, technological development and demonstration in the area of advanced communications technologies and services, 1994-1998

Topic(s)

• 4 - Mobility, personal & wireless communication
• 5 - Service engineering, security & communications management

Call for proposal

Funding Scheme

Coordinator

Participants (5)