Presentation is loading. Please wait.

Presentation is loading. Please wait.

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

Similar presentations


Presentation on theme: "U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG"— Presentation transcript:

1 U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG Tel Brussels July 14th, 2003

2 U M T S F o r u m 2 © UMTS 2002 Overview Introduction Introduction Security architecture Security architecture Security implementations Security implementations Security technologies Security technologies Security in the cellular networks Security in the cellular networks Security and regulatory aspects Security and regulatory aspects Conclusion Conclusion

3 U M T S F o r u m 3 © UMTS 2002 Introduction 3G networks security analysis is a challenging issue Network security? Evaluation of security requirements from legislation, standardization, providers, and end-customers Threat and risk analysis of networks, services and applications Choice of adequate technical and organizational security solutions Authentication Legal requirements Network protection Availability Confidentiality Non-repudiation Integrity

4 U M T S F o r u m 4 © UMTS 2002 VPN router Corporate network Corporate network Transport network Unauthorized access to servers Modification of transmitted data User masquerade Eavesdropping of transmitted data Internet 1 2 End-to-End Security GSM/UMTS Peer-to-Peer Security 3 Security architecture Different types of network security have to interoperate: corporate/WLAN,Internet, public PLMN

5 U M T S F o r u m 5 © UMTS 2002 Security implementation Additional security at different levels implies additional costs Security levels and security scalability Security levels and security scalability security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel. security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel. additional security at different levels implies additional costs. additional security at different levels implies additional costs. Content Provider Layer Service Creation Layer Network Element Layer Physical Transmission Layer Network management Security Functions

6 U M T S F o r u m 6 © UMTS 2002 Security technologies There are lots of security products and more will come Infrastructure: PKI, firewalls... Infrastructure: PKI, firewalls... Algorithms: public key and secret key Algorithms: public key and secret key cryptosystems cryptosystems Protocols: IPsec, TLS, WTLSP… Protocols: IPsec, TLS, WTLSP… Applications: AAA, Certificates, PTD… Applications: AAA, Certificates, PTD… Terminal: anti-virus, biometrics… Terminal: anti-virus, biometrics… Privacy: P3P, Location based services… Privacy: P3P, Location based services…

7 U M T S F o r u m 7 © UMTS 2002 Security in cellular networks Specifications on Security UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF. UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF. The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps; The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps; There are functional entities in UMTS operators networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.). There are functional entities in UMTS operators networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.). standardisation is a major contributor for security functions but there are areas not within standardisation scope that need further investigation (e.g. network design, protection of network nodes, security analysis of IETF protocols in the UMTS context)

8 U M T S F o r u m 8 © UMTS 2002 Regulatory aspects The network is global, regulation is not Lawful interception Lawful interception Anti-fraud policy Anti-fraud policy Regional policy Regional policy Privacy Privacy

9 U M T S F o r u m 9 © UMTS 2002 Conclusion The UMTSF has completed a detailed analyses of implication of security requirements on 3G network, user device, content, service provider and applications. The report generated a number of questions to promote an understanding of the level of security and where it needs to be implemented. One of the most common mistakes that one can make when implementing security solutions is sub- optimising one part and neglecting another.


Download ppt "U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG"

Similar presentations


Ads by Google