Evaluation of UMTS security architecture and services

Abstract: Abstract-This paper presents an in-depth analysis and evaluation of the security of UMTS. Four classes of attacks and threats are discussed in detail. Thereafter, the available security mechanism and services of UMTS are reviewed and evaluated. It is found that most of the potential attacks and threats can be thwarted by the available security services and mechanisms of UMTS.

“…To achieve this purpose the user is identified by means of a TMSI on the radio interface which has local importance and is combined with Location Area Identifier (LAI) or Routing Area Identifier (RAI), for the circuit switched and packet switched domain respectively. Whenever a UE tries to access 3G services, it identifies itself by means of the TMSI/LAI or TMSI/RAI [3].…”

“…Partial integrity protection of user data UMTS also has a mechanism which prevents the insertion or deletion, but not the modification, of user data. This characterize is meant to prevent certain bandwidth hijacking attacks while avoiding the cost of full-blown integrity protection mechanisms for user data [1,3]. The integrity security service is comprehended by means of a MAC mechanism that provides both message authentication and integrity protection against intentional modifications.…”

“…The final output from the KASUMI used in f9 is a 64-bit cipher block, which is truncated to become the 32-bit MAC value [12]. Figure 4 illustrates the use of integrity algorithm f9 to authenticate the data integrity of an RRC signalling message [3,4].…”

“…It operates on a 64 bit data block under control by a 128 bit key. The security architecture of UMTS allows for 16 different encryption algorithms and 16 different integrity algorithms specified through the UMTS Encryption Algorithm (UEA) and UMTS Integrity Algorithm (UIA) identifier [3,12].…”

“…After that, the Second Generation (2G) mobile system (for instance GSM) was designed and presented such that it provides security similar to that of eavesdropping in fixed phones, and to protect against cloning of mobile identities. The GSM allows its network operator to verify the identity of a user such that it is fundamentally impossible for attacker to masquerade as a valid user [3].…”

Evaluation of Security Attacks on UMTS Authentication Mechanism

“…To achieve this purpose the user is identified by means of a TMSI on the radio interface which has local importance and is combined with Location Area Identifier (LAI) or Routing Area Identifier (RAI), for the circuit switched and packet switched domain respectively. Whenever a UE tries to access 3G services, it identifies itself by means of the TMSI/LAI or TMSI/RAI [3].…”

“…Partial integrity protection of user data UMTS also has a mechanism which prevents the insertion or deletion, but not the modification, of user data. This characterize is meant to prevent certain bandwidth hijacking attacks while avoiding the cost of full-blown integrity protection mechanisms for user data [1,3]. The integrity security service is comprehended by means of a MAC mechanism that provides both message authentication and integrity protection against intentional modifications.…”

“…The final output from the KASUMI used in f9 is a 64-bit cipher block, which is truncated to become the 32-bit MAC value [12]. Figure 4 illustrates the use of integrity algorithm f9 to authenticate the data integrity of an RRC signalling message [3,4].…”

“…It operates on a 64 bit data block under control by a 128 bit key. The security architecture of UMTS allows for 16 different encryption algorithms and 16 different integrity algorithms specified through the UMTS Encryption Algorithm (UEA) and UMTS Integrity Algorithm (UIA) identifier [3,12].…”

“…After that, the Second Generation (2G) mobile system (for instance GSM) was designed and presented such that it provides security similar to that of eavesdropping in fixed phones, and to protect against cloning of mobile identities. The GSM allows its network operator to verify the identity of a user such that it is fundamentally impossible for attacker to masquerade as a valid user [3].…”

Evaluation of Security Attacks on UMTS Authentication Mechanism

Confidential initial identification and other improvements for UMTS security

Secure UMTS/EPS Authentication and Key Agreement