Presentation is loading. Please wait.

Presentation is loading. Please wait.

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

Published byAshley McNulty Modified over 10 years ago

Similar presentations

Presentation on theme: "U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG"— Presentation transcript:

1 U M T S F o r u m www.umts-forum.org © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG E-mail:bosco.fernandes@siemens.com Tel.+49 89 722 25524 Brussels July 14th, 2003

2 U M T S F o r u m 2 © UMTS 2002 Overview Introduction Introduction Security architecture Security architecture Security implementations Security implementations Security technologies Security technologies Security in the cellular networks Security in the cellular networks Security and regulatory aspects Security and regulatory aspects Conclusion Conclusion

3 U M T S F o r u m 3 © UMTS 2002 Introduction 3G networks security analysis is a challenging issue Network security? Evaluation of security requirements from legislation, standardization, providers, and end-customers Threat and risk analysis of networks, services and applications Choice of adequate technical and organizational security solutions Authentication Legal requirements Network protection Availability Confidentiality Non-repudiation Integrity

4 U M T S F o r u m 4 © UMTS 2002 VPN router Corporate network Corporate network Transport network Unauthorized access to servers Modification of transmitted data User masquerade Eavesdropping of transmitted data Internet 1 2 End-to-End Security GSM/UMTS Peer-to-Peer Security 3 Security architecture Different types of network security have to interoperate: corporate/WLAN,Internet, public PLMN

5 U M T S F o r u m 5 © UMTS 2002 Security implementation Additional security at different levels implies additional costs Security levels and security scalability Security levels and security scalability security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel. security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel. additional security at different levels implies additional costs. additional security at different levels implies additional costs. Content Provider Layer Service Creation Layer Network Element Layer Physical Transmission Layer Network management Security Functions

6 U M T S F o r u m 6 © UMTS 2002 Security technologies There are lots of security products and more will come Infrastructure: PKI, firewalls... Infrastructure: PKI, firewalls... Algorithms: public key and secret key Algorithms: public key and secret key cryptosystems cryptosystems Protocols: IPsec, TLS, WTLSP… Protocols: IPsec, TLS, WTLSP… Applications: AAA, Certificates, PTD… Applications: AAA, Certificates, PTD… Terminal: anti-virus, biometrics… Terminal: anti-virus, biometrics… Privacy: P3P, Location based services… Privacy: P3P, Location based services…

7 U M T S F o r u m 7 © UMTS 2002 Security in cellular networks Specifications on Security UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF. UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF. The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps; The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps; There are functional entities in UMTS operators networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.). There are functional entities in UMTS operators networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.). standardisation is a major contributor for security functions but there are areas not within standardisation scope that need further investigation (e.g. network design, protection of network nodes, security analysis of IETF protocols in the UMTS context)

8 U M T S F o r u m 8 © UMTS 2002 Regulatory aspects The network is global, regulation is not Lawful interception Lawful interception Anti-fraud policy Anti-fraud policy Regional policy Regional policy Privacy Privacy

9 U M T S F o r u m 9 © UMTS 2002 Conclusion The UMTSF has completed a detailed analyses of implication of security requirements on 3G network, user device, content, service provider and applications. The report generated a number of questions to promote an understanding of the level of security and where it needs to be implemented. One of the most common mistakes that one can make when implementing security solutions is sub- optimising one part and neglecting another.

Download ppt "U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG"

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
0 0 0 BBWF Madrid October 2005 Access-independent Core Networks: Converging towards all-IP Andy Jones Head of Transmission & Interconnectivity Vodafone.

0 0 0 BBWF Madrid October 2005 Access-independent Core Networks: Converging towards all-IP Andy Jones Head of Transmission & Interconnectivity Vodafone.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
Doc.: IEEE 802.11-04/0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.
Evaluation of an internet protocol security based virtual private network solution Thesis written by Arto Laukka at TeliaSonera Finland Oyj SupervisorProfessor.

Evaluation of an internet protocol security based virtual private network solution Thesis written by Arto Laukka at TeliaSonera Finland Oyj SupervisorProfessor.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Similar presentations

Ads by Google