4
Third-Generation Security (UMTS)
4.1 Principles of Third-generation Security
The design work for 3G security was based on the practical experiences with GSM security and, to a lesser extent, experiences with the security of other second-generation cellular systems. Before 3GPP was created in 1998, there was a subgroup of the ETSI SMG 10 working group that did preliminary work for UMTS security, but the actual design work was done in the 3GPP security working group SA3. Principles of 3G security, together with design objectives for security work, have been documented [TS33.120].
The major principles for 3G security are:
- it builds on those elements of 2G security that have proven to be both robust and needed;
- it addresses and corrects real and perceived weaknesses in 2G security;
- it adds new security features to address security needs of all new 3G services.
The first two principles were given priority in the beginning of the design work, whereas the third principle became the most important for later releases of 3GPP where more and more features have been added to the 3GPP system.
4.1.1 Elements of GSM Security Carried Over to 3G
Here we list the security features and design principles that were identified as worth retaining in 3G systems. In most areas, further development was done for 3G security. The elements of 2G security considerably strengthened for 3G are as follows.
- Subscriber Authentication. This was extended to become mutual authentication between subscribers and ...