On the Security of 3GPP Networks

(Extended Abstract) Later this year we shall see the release of the Third Generation Partnership Project (3GPP) specifications for WCDMA – the first third generation standard for mobile communications. This 3G system combines elements of both a radical departure and a timid evolution from the 2G system known as GSM. It is radically different from GSM in having a wide-band CDMA system for its air-interface, but it hangs on to the GSM/GPRS core switching network with its MAP based signalling system. In this paper we consider the security features in WCDMA, taking a critical look at where they depart from those in GSM, where they are still very much the same and how they may develop as the core switching network is replaced by an IP based infrastructure. Three principles underpinned the approach adopted for security in WCDMA: build on 2G by retaining security features from GSM that have proved to be needed and robust; address the weaknesses in 2G, both the real and the perceived ones; introduce new features where new 3G architectures and services demand them. In addition there was the desire to retain as much compatibility with GSM as possible in recognition of the fact that many WCDMA networks would be rolled out alongside GSM networks, with them sharing a core switching network, and with handover of calls between the two. The problems with GSM security derive not so much from intrinsic problems with the mechanisms (although we will consider the algorithms separately) but rather from deliberate restrictions on the design. The most significant restriction was that GSM only needed to be as secure as the fixed networks. This was interpreted to mean that wherever fixed network technology was used cryptographic features were not needed. After all, they were not, and still are not, used by fixed carriers to protect consumer services. Fixed links in a mobile network were excluded from consideration, as was mobile signalling data when transferred over fixed networks. Protection against attacks involving impersonating a network element was not addressed. All this has led to three real security concerns for GSM: the use of false base stations to intercept mobile originated calls, interception of microwave links between base stations and the core network, and the vulnerability of signalling to interception and impersonation. We will consider each of these concerns and explain how they have been addressed in WCDMA. The GSM algorithms were designed at …