Chapter 4

Third-Generation Security (UMTS)

4.1 Principles of Third-Generation (3G) Security

The design work for 3G security was based on the practical experiences with Global System for Mobile Communications (GSM) security and, to a lesser extent, experiences with the security of other second-generation (2G) cellular systems. Before 3rd Generation Partnership Project (3GPP) was created in 1998, there was a subgroup of the European Telecommunications Standards Institute (ETSI) SMG 10 working group (WG) that did preliminary work for Universal Mobile Telecommunications System (UMTS) security, but the actual design work was done in the 3GPP security WG (SA3). Principles of 3G security, together with design objectives for security work, have been documented [TS33.120].

The major principles for 3G security are:

• It builds on those elements of 2G security that have proven to be both robust and needed.
• It addresses and corrects real and perceived weaknesses in 2G security.
• It adds new security features to address security needs of all new 3G services.

The first two principles were given priority in the beginning of the design work, whereas the third principle became the most important for later releases of 3GPP where more and more features have been added to the 3GPP system.

4.1.1 Elements of GSM Security Carried over to 3G

Here we list the security features and design principles that were identified as worth retaining in 3G systems. In most areas, further development was done for 3G ...