umts security aspects n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
UMTS Security aspects PowerPoint Presentation
Download Presentation
UMTS Security aspects

Loading in 2 Seconds...

play fullscreen
1 / 9

UMTS Security aspects - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

UMTS Security aspects. UMTS Forum ICTG Chair Bosco Fernandes Siemens AG E-mail:bosco.fernandes@siemens.com Tel.+49 89 722 25524. Brussels July 14th, 2003. Overview. Introduction Security architecture Security implementations Security technologies

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UMTS Security aspects' - latika


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
umts security aspects

UMTS Security aspects

UMTS Forum ICTG Chair

Bosco Fernandes

Siemens AG

E-mail:bosco.fernandes@siemens.com

Tel.+49 89 722 25524

Brussels July 14th, 2003

www.umts-forum.org

overview
Overview
  • Introduction
  • Security architecture
  • Security implementations
  • Security technologies
  • Security in the cellular networks
  • Security and regulatory aspects
  • Conclusion
introduction 3g networks security analysis is a challenging issue
Introduction3G networks security analysis is a challenging issue

Integrity

Non-repudiation

Confidentiality

Authentication

Network protection

Network

security?

Legal requirements

Availability

  • Evaluation of security requirements from legislation, standardization, providers, and end-customers
  • Threat and risk analysis of networks, services and applications
  • Choice of adequate technical and organizational security solutions
slide4

End-to-End Security

Modification of

transmitted data

Unauthorized access

to servers

VPN router

VPN router

1

Corporate

network

Corporate

network

Transport network

Eavesdropping

of transmitted data

User masquerade

2

Internet

3

GSM/UMTS

Peer-to-Peer Security

Security architecture Different types of network security have to interoperate: corporate/WLAN,Internet, public PLMN

security implementation additional security at different levels implies additional costs

Content Provider Layer

Service Creation Layer

Network management

Security Functions

Network Element Layer

Physical Transmission Layer

Security implementationAdditional security at different levels implies additional costs
  • Security levels and security scalability
    • security functions can be added at one or more different network levels and generally are realised in network, end systems and applications in parallel.
    • additional security at different levels implies additional costs.
security technologies there are lots of security products and more will come
Infrastructure: PKI, firewalls...

Algorithms: public key and secret key

cryptosystems

Protocols: IPsec, TLS, WTLSP…

Applications: AAA, Certificates, PTD…

Terminal: anti-virus, biometrics…

Privacy: P3P, Location based services…

Security technologies There are lots of security products and more will come
security in cellular networks specifications on security
Security in cellular networksSpecifications on Security
  • UMTS relevant security mechanisms are mainly standardised by 3GPP and IETF.
  • The increasing use of IP-based protocols and applications in mobile networks expose those to additional threats and opens possible new security gaps;
  • There are functional entities in UMTS operator’s networks that are not UMTS specific and therefore not within of the 3GPP specs (e.g. routers, DHCP servers, e.t.c.).
  • standardisation is a major contributor for security functions but there are areas not within standardisation scope that need further investigation (e.g. network design, protection of network nodes, security analysis of IETF protocols in the UMTS context)
regulatory aspects the network is global regulation is not
Regulatory aspectsThe network is global, regulation is not
  • Lawful interception
  • Anti-fraud policy
  • Regional policy
  • Privacy
conclusion
Conclusion
  • The UMTSFhas completed a detailed analyses of implication of security requirements on 3G network, user device, content, service provider and applications.
  • The report generated a number of questions to promote an understanding of the level of security and where it needs to be implemented.
  • One of the most common mistakes that one can make when implementing security solutions is sub-optimising one part and neglecting another.