You are on page 1of 43

Chapter 6 3G/4G Security

Chapter 6 3G/4G Security TABLE OF CONTENTS

LIST OF TABLES : Not Available LIST OF FIGUERS: Not Available

xll xlll

1. Introduction to 3G/4G..3 1.1 3G/3GPP System Overview.........3 1.2 4G Features....9

2. 3G Security.........12 2.1 3G/3GPP Security Architecture............12 2.2 3G/3GPP Network Access Security........14 2.2.1 User identity confidentiality15 2.2.2 Authentication/Key Agreement.15 2.2.3 Data Confidentiality.23 2.2.4 Data Integrity26 2.3 3G Network Domain Securit y.......28 2.4 3G Us er/Appl icatio n Dom ai n S ecurit y . . .. 30 2.4.1 User Domain security ..30 2.4.2 Application Domain security..30 2.5 3G securit y weakness and Securit y Issues .......32 3. 4 G S e c u r i t y I n v e s t i g a t i o n R e s u l t s 3 4 3.1 Security Issues on 4G.......34 3.2 The Research Results of 4G Security ....34 4. Discussion & Conclusion .....41 5. References ...........42

Chapter 6 3G/4G Security


6.1 Introduction to 3G/4G
This section briefly introduces the overviews of 3G and 4G communication system. With our wireless service needs of wireless network, it causes wireless network service and its technologies rapidly growing, and becomes a basic appliance for contemporary people. This report will provide a brief introduction to the security of 3G and 4G. In this report, we introduce the system overview of 3G and 4G. We also introduce the security of 3G and 4G including security architecture, network security, security weakness, etc. More details information can be referred to the 3GPP related documents [3GPPTS121] [3GPPTS102] [3GPPTR900] [3GPPTS205]. As to the 4G, some of current research results from papers are introduced in this report [Fu04] [Celentano06] [Zheng 05a][Zheng 05c]. Some issues of 4G are also suggested for our future further study [Fu04][ODrama04] [Dell'Uomo02] [Hui03] [Celentano06]. 4G (also known as Beyond 3G), an abbreviation for Fourth-Generation Communications System, is a term used to describe the next complete evolution in wireless communications. A 4G system will be able to provide a comprehensive IP solution where voice, data and streamed multimedia can be given to users on an "Anytime, Anywhere" basis, and at higher data rates than previous generations. There is no formal definition for what 4G is; however, there are certain objectives that are projected for 4G. These objectives include: that 4G will be a fully IP-based integrated system. This will be achieved after wired and wireless technologies converge and will be capable of providing between 100 Mbit/s and 1 Gbit/s speeds both indoors and outdoors, with premium quality and high security. 4G will offer all types of services at an affordable cost. According to the 4G working groups, the infrastructure and the terminals of 4G will have almost all the standards from 2G to 4G implemented. Although legacy systems are in place to adopt existing users, the infrastructure for 4G will be only packet-based (all-IP). Some proposals suggest having an open platform where the new innovations and evolutions can fit. The technologies which are being considered as pre-4G are the following: WiMax, WiBro, iBurst, 3GPP Long Term Evolution and 3GPP2 Ultra Mobile Broadband.

3GPP LTE (Long Term Evolution) is the name given to a project within the Third Generation Partnership Project (3GPP) to improve the UMTS mobile phone standard
3

to cope with future requirements. Goals include improving efficiency, lowering costs, improving services, making use of new spectrum opportunities, and better integration with other open standards. The LTE project is not a standard, but it will result in the new evolved release 8 of the UMTS standard, including mostly or wholly extensions and modifications of the UMTS system. The architecture that will result from this work is called EPS (Evolved Packet System) and comprehends E-UTRAN (Evolved UTRAN) on the access side and EPC (Evolved Packet Core) on the core side. Universal Mobile Telecommunications System (UMTS) is one of the third-generation (3G) cell phone technologies, which is also being developed into a 4G technology. Currently, the most common form of UMTS uses W-CDMA as the underlying air interface. It is standardized by the 3GPP, and is the European answer to the ITU IMT-2000 requirements for 3G cellular radio systems. 6.1.1 3G/3GPP System Overview 3G is the next generation wireless network which is to provide a world wide standard and a common communication for mobile networking. 3G standard is defining on 3GPP bodies. 3G features exceeding over 2G provide higher data rate, massive network capacity, interactive multimedia service, QoS, global roaming [3GPPTS121] [3GPPTS102]. Initially, there are several communication technologies as WCDMA, TDMA, CDMA2000 applied for 3G. Up to 3GPP be organized, UMTS included WCDMA is proposed as 3GPP communication standard. In 3GPP, All IP becomes an important feature. The services associated with 3G include wide-area wireless voice telephony and broadband wireless data, all in a mobile environment. In marketing 3G services, video telephone has often been suggested as the killer application for 3G. 3G support higher network access rate than 2G system. Because of the enhancement of bandwidth, mobile application can make much application than before, such as video phone, some real-time services. The main technology used in 3G system is Code division multiple access (CDMA) which a form of multiplexing and a method of multiple access that divides up a radio channel not by time, nor by frequency, but instead by using different pseudo-random code sequences for each user [wiki, CDMA]. There are several types of CDMA exist, WCDMA, TD-SCDMA, CDMA2000. In Asia, Europe, and the USA and Canada, telecommunication companies use W-CDMA [wiki, 3G].

Fig. 1.1 3G service architecture 3G service architecture is illustrated as Fig. 1.1 [3GPPTS121]. A subscriber connects to another connected user through Node B (base transceiver station BTS), Radio Network Controller (RNC), Mobile Service Switching Center (MSC) and GMSC (Gateway Mobile Switching Centre) of core network to the PSTN. The BSC or RNC control the resource allocations and QoS. The RNC is charged of the switching and control in UTRAN. UTRAN, short for UMTS Terrestrial Radio Access Network, is a collective term for the Node B's (base transceiver station BTS) and Radio Network Controllers which make up the UMTS radio access network. The UTRAN allows connectivity between the UE (user equipment) and the core network. A Gateway Mobile Switching Centre (GMSC) provides an edge function within a PLMN Public Land Mobile Network). It terminates the PSTN (Public Switched Telephone Network) signalling and traffic formats and converts this to protocols employed in mobile networks. For mobile terminated calls, it interacts with the HLR (Home Location Register) to obtain routing information. MSC and GMSC transmit communication signal to PSTN. On the other hand, 3G also supports the GPRS service through SGSN and GGSN to internet. 6.1.1.1 UMTS Network The core technology of universal mobile telecommunication system (UMTS) network is Code Division Multiple Access (CDMA). It is different from the technology used in 2G system. The main advantage of CDMA coding technique can enlarge usage of wireless channel and reduce the inference of noise. In other words, it
5

can allow more users employ wireless channel at the same time. UMTS comprises a realization of 3G-mobile systems, which is compatible with the evolved Global System for Mobile communication/General Packet Radio Services (GSM/GPRS) [GSM03.60]. UMTS network is the core network of 3G. Its main objective is to provide high access rate than 2G system which can be used to provide a wide range of real-time service with different levels of quality of service (QoS). There are several releases in UMTS, including Release 1999 (R99), Release 4 (Rel-4) and Release 5 (Rel-5). R99 is the earliest release version of 3G. The fundamental difference between GSM/GPRS and UMTS R99 is that the latter supports higher access rates (up to 2 Mbps) [3GPPTS002a]. But UMTS R99 is just a logical evolution from 2G-system architecture. There is not exist huge differences from GPRS. UMTS Rel-4 and Rel-5 are revolutionary versions [3GPPTS002b] [3GPPTS002c]. Both of them introduce all-IP network architecture that eventually replace by circuit-switched transport technology. On the other hand, it introduces Open Service Architecture. It allows third party service provider could access UMTS service architecture. 6.1.1.2 UMTS Network Architecture The architecture of UMTS network is very similar to GPRS network architecture. We will briefly introduce UMTS Network entities and its functions. Finally, a basic call control example makes reader know the control flow. <UMTS Network Entities> There are several entities on UMTS network as Fig. 1.2. Lets introduce every entities and its functionality. User Equipment (UE) The user equipment is the end device of UMTS network. The user can make a phone call through user equipment. It always contains mobile phone and USIM card. Node B The functionality of Node B is very similar to Base Station in 2G system. UE cannot communicate directly with each other but have to communicate with the Node B. Radio Network Controller (RNC)
6

The functionality of RNC is responsible for control of the Node-Bs. RNC carries out radio resource management. Some of the mobility management functions and is the point where encryption is done before user data is sent to and from the mobile. Home Location Register (HLR) The HLR is the database that holds subscription information for every subscriber. HLR holds two types of data, permanent and temporary data. Permanent data, such as International Mobile Subscriber Identify (IMSI), International Mobile Equipment Identify (IMEI), authentication parameters, and whether a static IP address is allocated to the MS. The temporary data refer to the data changed when time goes by, such as mobile users location (the MSC where mobile user located in). We could seem HLR is a global database. When some entities need information but do not know how to get it, just ask the HLR. Visitor Location Register (VLR) The VLR database contains information about the UEs who subscribed in MSC related to VLR and temporary subscriber information needed by the MSC to provide services for visiting subscribers. VLR also provide Temporary Mobile Station Number (TMSI) which could substitute IMSI in communication between MSC and UE. Because of TMSI is generated randomly, it can prevent IMSI from eavesdropping. Mobile Switching Centre (MSC) MSC provides four main abilities, including Paging, Handoff and Roaming, Update UE information on HLR, service type control and authenticate with mobile user. When signaling to the UE which is covered by MSC, MSC will forward paging signal to UE. Gateway Mobile Switching Centre (GMSC) It provides the interface which makes UE could make a phone call to other type of communication network, such as PSTN. It is the gateway to transform different network signal format to adapt network. Serving GPRS Support Node (SGSN) The SGSN forwards incoming and outgoing IP packets to/from a mobile station and provides packet routing and transfer to and from the SGSN service
7

area. It also provides improved ciphering, authentication, session management, and mobility management.

Gateway GPRS Support Node (GGSN) The interface is towards the external IP packet networks. It contains access functionality that interfaces external ISP functions like Gateway. In IPv4 circumstance, the IP address is not sufficient for every UE who wants to reach the Internet. So SGSN have to provide the functionality like NAT. The GGSN exchanges routing information with the external network and provides GPRS session management, Functionality for associating the subscribers to the right SGSN.

Fig.1.2

UMTS Network Architecture

<A Basic Call Control Example> We assume UEa under MSCa and make a call to UEb under MSCb. First of all, UEas signal transfers to RNC through Node B. The RNC check the signal format and make sure its a call signal, then forward the signal to MSCa. Whenever MSCa received the signal, MSCa have to ask HLR where the UEb located in. After MSCa received HLRs answer, it forward the signal to MSCb where the UEb located in. As a result, MSCb forward the signal to UEb. UEb knows someone is calling me when signal received. This is the basic call signal forwarding.

Fig. 1.3 IPv6 in 3G 6.1.1.3 IPv6 and 3G

3G systems introduce All-IP network but the lack of IP addresses may be the bottleneck for toward all-IP network as Fig. 1.3. However, GGSN support NAT to address this problem. But NAT still has many problems to be addressed. The best solution that can address the issues is IPv6. The sufficient of IP addresses and enhancement of IPv4 weakness makes IPv6 on 3G system more powerful. As a result, IPv6 was integrated in 3G Rel-5. More specifically, UE and NE in core network have to support IPv6. In 3G network system, IP address has two main purposes. User-level IP address is used in communication between mobile terminal and application host. Transport-Level IP address is used in communication among network entities in 3G network.

6.1.2 4G Features 4G has not yet reached in industry and standard. Illustration of Fig. 1.4 is a 4G service architecture from Agora Co. Always-Best-Connected service on heterogeneous network is hoped to achieve. In order to provide Always-Best-Connected service in the future, a universal consensus on features of 4G is achieved. In the understanding, main important characteristics and features are [Fu04][Hui03] [Zheng05a]: All-IP Based network architecture Higher bandwidth (than 3G) Heterogeneous Network (3G/UMTS, Wireless LAN, DVB-T, etc.) QoS, Security, . Full integration of hot spot and cellular Support for multimedia applications

DTV Services Content DTV Bill ing Portabi lity Delivery SAS /S MS MP E

Content A/V Protection Stream ing EPG Manage ment ISP Gateway ESG Services Services Aggregation Provis ion

Satellite (DVB-S2)

Inter net

IP Backbone IP Backbone
Context-aware Infor mation Centre

Broadcast Net wor ks (DMB, DVB-T/H)


GS M / GPRS

UMTS

IP-base d micro- mo bilit y

Wireless LANs

Fi g. 1.4 4G service architecture

10

4G Architecture
Others Bluetooth CMDS BWAN GPRS 802.11a WLAN 802.11b GSM 2G/2.5G WCDMA TDSCDMA CDMA2000 3G

CDMA1x

IP Bone Network
CDMA

Fig. 1.5 Architecture of 4G wireless systems, Ref. [Zheng05a] 4G standard is defining in the countries such as Japan, China, Korea, Europe. Main leading institute of standard defining consists of IMT-Advanced, 3GPP , 3GPP2. For providing 4G service, new technologies and architectures are still on developing at different programs such as NTT DoCoMo, Nokia, Motorola, etc.

11

Basically, 3G is on developing communication networks, 4G is on defining standards. In spite of some 4G features exceeding over 3G, the future developments are worth our further investigating. In the Table 1, the comparison of 3G and 4G from different features is illustrated. Table 1. Comparison of 3G and 4G
3G 4G

General topics

Many different standards w orldwide Combination of real and dev eloped equipment Backward compatible to2G Channel and Packet sw itching Wide area cell-based

Global mobility Serv ice compatibility All netw ork elements are digital Adv anced 3G-capacity (an order of magnitude) All digital with packetized v oice Hybrid Integration of Wireless LAN (WiFi, Bluetooth, hot spots) and w ide area Higher frequency band (2-8 GHz) OFDM and MC-CDMA (Multi Carrier CDMA) 100 MHz (or more) 20 up to 100 Mbit/s

Compatibility Sw itching Design Basis Netw ork architecture

Frequency band Access Technologies Bandw idth Data rate

Regionally different (1800-2400 MHz) W-CDMA, 1xRTT, Edge 5-20 MHz 384KBit/s up to 2Mbit/s

Source: www.mobileinfo.com

12

6.2 3G Security
This section describes the security architecture of 3G. In the architecture, the security features also described. The detailed features and definitions can refer to the 3G-related documents [3GPPTS102] 3GPPTS121] [3GPPTS102] [3GPPTR900] [3GPPTS205]. For convenience, we follow 3GPP security architecture to describe the security features. 6.2.1 3G/3GPP Security Architecture 3G security concerns is raised from some issues as wireless access is inherently less secure, mobility implies higher security risks, IP-based technologies brings new vulnerabilities, , etc. 3G Security requires consideration of several aspects such as mobility, the particular security threats, the types of information to be protected and the complexity of network architecture over 2G. An overview of 3G security architecture is illustrated as follow [3GPPTS102]. When 3G was developed, security issues were taken into consideration. The whole 3G security architecture was designed based on three fundamental principles [3GPPTS120]. (1). The architecture for 3G will build on the security features of 2G system. (2). The 3G security will improve on the security of the 2G system. (3). 3G security will offer new features and will secure new services offered by 3G. The following are listed security enhancements in 3G security [3GPPTS120]: -Key lengths were increased to allow for the possibility of stronger algorithms for encryption and integrity. -Mechanisms were included to support security within and between networks. -Security is based within the switch rather than the base station as in GSM -Integrity mechanisms for the terminal identity (IMEI) have been designed in from the start, rather than that introduced late into GSM. -When roaming between networks, such as between a GSM and 3GPP, only the level of protection supported by the smart card will apply.

13

Application stratum
(IV)

User Application

Provider Application

(I) (III)

(I)

USIM
(II) ( I) ( I)

HE

Home stratum/Ser ving Stratum

SN
(I)

Transport stratum

ME

AN

HE: Home Environment SN: Serving Network ME: Mobile Equipment USIM: Universal Subscriber Identity Module

Fig. 2.1 3G Security Architecture 3G security architecture on 3GPP is illustrated in Fig 2.1 as five major classes [3GPPTS102]: Network access security (I), Network domain security (II), User domain security (III), Application domain security (IV) and Visibility and configurability of security (V).

HLR
C S location CS location P S location P S location

Common subscr iption data base T wo C N ser vice domains P S ser vice domain

C S ser vice 3 G M SC/VL R domain

3 G SGSN P S state P S state

Circuit Switching

C S state C S state

Packet Switching

Two lu signalling connections (two RAN instances) AP UTRA N with distribution functionality O ne RRC connection CS state C S state H LR: Home L ocation Register CS: Circuit Switching P S: P acket Switching SGSN: Serving GPRS Suppor t Node P S state P S state

UTRAN

UE

Fig. 2.2: Overview of the ME registration and connection principles within UMTS
14

Because legacy inherited from GSM/GPRS, 3GPP have to deal with the both connections between Circuit Switching (CS) domain and Packet Switching (PS) domain, as Fig. 2.2. In 3G, registration and connections within UMTS, such as user identification, authentication and key agreement will process independently in each service domain. 3GPP conduct the authentication and key generation by a share key name as k. Basically, authentication and key agreement of 3G/3GPP are conducted by f1, f2, f3, f4, f5; data integrity is conducted by f9; and confidentiality is conducted by f8. 6.2.2 3G/3GPP Network Access Security Network access security is a mechanism to provide a secure access 3G services and to protect against attacks on the radio interface. In order to provide a secure 3G service, the security features of network access security required for 3G are listed as follows [3GPPTS102]. User identity confidentiality -User identity confidentiality -User location confidentiality -User untraceability Entity authentication -User authentication -Network authentication Confidentiality -Cipher algorithm agreement -Cipher key agreement -Confidentiality of user data -Confidentiality of signalling data Data Integrity -Integrity Algorithm Agreement -Integrity key agreement -Data integrity and origin authentication of signalling data Mobile equipment identification -IMEI In order to achieve the security features of network access security, 3GPP defines several mechanisms to achieve these features. The mechanism mainly process the function of the secure access such as (i) user identity confidentiality, (ii) authentication and key agreement, (iii) data confidentiality and (iv) integrity protection of signaling messages.

15

6.2.2.1 User identity confidentiality The user identity confidentiality of 3GPP allows user identification to access services by a temporary Mobile Subscriber Identity (TMSI). In initial registration, the network system registered a permanent identity of user. When a user raises a service request, the network system assigned a TMSI to user for his services. The TMSI implies that confidentiality of user identity is protected almost always against passive eavesdroppers. TMSI can also avoid user traceability by changing TMSI in the short time period. 6.2.2.2 Authentication/Key Agreement In this section, we discuss the 3GPP Authentication/Key Agreement illustrated as Fig. 2.3. Firstly, VLR/SGSN send authentication data request to HE/HLR [3GPPTS102]. More details can refer to 3GPP standard TS 33.102 [3GPPTS102]. After the receipt of a request from the VLR/SGSN, the HE/AuC sends an ordered array of n authentication vectors to the VLR/SGSN. The authentication vectors are ordered based on sequence number. Each authentication vector consists of several components such as a random number RAND, an expected response XRES, a cipher key CK, an integrity key IK and an authentication token AUTN. Each authentication vector is important for one authentication and key agreement between the VLR/SGSN and the USIM.

MS

VLR/S GS N

HE/HLR

Authentication data request Gener ate authentication vector s AV (1 ..n) Authentication data response
AV(1..n)

Distr ibution of authentication vector s fr om HE to SN

Store authentication vectors

Select authentication vector AV (i)

User authentication request


RAND(i) || AUTN(i)

V er ify AUT N (i) C ompute RES (i) User authentication response


RES(i) Compare RES (i) and XRES (i)

Authentication and key establishment

Compute CK (i) and IK (i)

Select CK (i) and IK (i)

Fig. 2.3 Authentication and key agreement for 3G


16

When the VLR/SGSN initiates an authentication and key agreement, it selects the next authentication vector from the ordered array, and then it sends the parameters RAND and AUTN to the user. The USIM verify whether AUTN can be accepted or not. If it is yes, the USIM produces a response RES which is sent back to the VLR/SGSN. The USIM also computes CK and IK. The VLR/SGSN compares the RES with XRES when VLR/SGSN received the RES. If they are matched, the VLR/SGSN considers the authentication and key agreement exchange to be successfully completed. The established keys CK and IK then are transferred by the USIM and the VLR/SGSN to the entities which perform ciphering and integrity functions. -. Distribution of Authentication data from HE to SN Distribution of authentication data procedure is to provide the VLR/SGSN with an array of fresh authentication vectors to perform a number of user authentications [3GPPTS102]. The VLR/SGSN invokes the distribution procedures by requesting authentication vectors to the HE/AuC [3GPPTS102]. In this procedure, VLR/SGSN first issues an authentication data request including the IMSI and the requesting node type (Packet Switching:PS or Circuit Switching:CS). Upon the receipt of the authentication data request, the HE may have pre-computed authentication vectors and retrieve them from the HLR database or compute them on demand. The HE/AuC sends an authentication response back to the VLR/SGSN with an ordered array of n authentication vectors AV(1..n).

17

Generate SQN
Gener ate RAND V LR/SGSN Authentication data r equest IM SI K HE SQ N RAND AMF

Authentication data r esponse AV (1 ..n)

f1

f2

f3

f4

f5

MAC

XRES

CK

IK

AK

AUT N:=SQ N AKAM F MAC AV:=RA ND XRES CK

IK A UTN

IK: Integr ity Key C K: Cipher Key AUT N: A uthentication Token AMF: A uthentication M essage Field

Fig. 2.4: Distribution of authentication data and the generation of an authentication vector We can figure out the generation of an authentication vector AV by the HE/AuC in Fig. 2.4. Basically, the mechanism of the generation of an authentication vector in Fig. 2.4 is an Cipher mode operations using f1, f2, f3, f4 and f5 function included Rijndael [3GPPTS102]. The mechanism as in Fig. 2.4 inputs SQN (Sequence Number), RAND (Random Number), AMF (Authentication Management Field) and shared secrete key K to generate the authentication code and keys of MAC, XRES, CK, IK, AK by computing with f1, f2, f3, f4, f5. The mechanism combines the authentication code and key into an authentication vector. By the generation of an authentication, HE/AuC generate the authentication vector AV and the authentication token AUTN.

18

-. Authentication and key agreement In this paragraph, we discuss the user authentication and key agreement as illustrated as fig. 2.5. The purpose of this Authentication and key agreement procedure is to authenticate the user and establish a new pair of cipher and integrity keys between the VLR/SGSN and the USIM. During the authentication, the USIM verifies the validity of the authentication vector that is used.

RAND f5 USIM VLR/SG SN AK SQNAK

AUTN AMF MAC

User authentication request RAND || AUTN


K

SQN

User authentication response RES


f1 f2 f3 f4

User authentication reject CAUSE


XMAC RES CK IK

V er ify MAC = XMAC


Verify that SQN is in the co rrect range

Fig. 2.5 User authentication function in the USIM At user end, the mechanism of Fig. 2.5 input SQN, RAND, AMF and share secrete key K generate the authentication code and keys of XMAC, RES, CK, IK by computing with f1, f2, f3, f4, f5. The mechanism make a comparison of the authentication code for VLR/SGSN authentication . -. Key function f1, f1*, f2, f3, f4, f5 and f5* As the distribution of authentication data and Authentication and key agreement use key function f1, f1*, f2, f3, f4, f5 and f5*, we will briefly describe how they work well about the key function f1, f1*, f2, f3, f4, f5 and f5* [3GPPTS205]. The Fig. 2.6 illustrated the function of f1, f1*, f2, f3, f4, f5 and f5*.

19

RAND (SQN, AMF) expanded to 128 bits OP C rotate by r1 c1 EK OP C f1 f1* OP C f5 f2 OP C rotate by r2 c2 EK OP C f3 OP C EK

OP C rotate by r3 c3 EK

OP C rotate by r4 c4 EK OP C f4

OP C rotate by r5 c5 EK OP C f5*

Fig. 2.6

f1,f1*,f2,f3,f4,f5,f5* functions

The value OPC is derived from the subscriber key K and the operator dependent value OP by OPC = OP E(OP)K ; c1, .., c5 are five fixed addition constants. Rijndael was chosen as being then one of the five remaining AES candidates, was well studied, could be efficiently implemented in S/W or H/W. The mechanism of Fig. 2.6 generate the f1, f1*, f2, f3, f4, f5, f5* value for key generation and authentication. -. Re-synchronisation procedure [3GPPTS102] After USIM verify the SQN in the correct range, If SQN is not in the range, then UE of user send a synchronization failure message to VLR/SGSN. The synchronization failure message consists of RAND and AUTS. The AUTS message is also constructed by f1* and f5*. Upon receiving synchronization failure message, VLR/SGSN sends the message to HLR/AuC to re-compute and re-generate authentication vector with {Qi}. After the new authentication is re-constructed, HLR/AuC send back to the VLR/SGSN for re-synchronization. The re-synchronisation procedure and integrity function can refer to the Fig. 2.7.

20

SQNMS K RAND AMF f1* f5* xor

MAC-S

AK

SQNMS AK

AUTS = SQNMS AK || MAC-S

UE/USIM RAND, AUTN AUTS

VLR/SGSN

HLR/AuC

RAND, AUTS {Qi}

Fig. 2.7 Re-synchronisation mechanism -. Local authentication and connection establishment When an user set-up on a network, an entity authentication have to be conducted [3GPPTS102]. Two mechanisms have been included: an authentication mechanism using an authentication vector, and a local authentication mechanism [3GPPTS102]. Local authentication employs the integrity key established between the user and serving network during the previous execution of the authentication and key establishment procedure [3GPPTS102].

21

MS

SRNC

VLR/SGSN

1. RRC connection establishment including transfer of the HFNs START values and the UE security capability from MS to SRNC 1. Storage of HFNs START values and UE security capability 2. Initial L3 message with user identity, KSI etc. 3. Authentication and key generation

4 Decide allowed UIAs and UEAs 5. Security mode command (UIAs, IK, UEAs, CK, etc.) 6. Select UIA and UEA, generate FRESH Start integrity 7. Security mode command (CN domain, UIA, FRESH, UE security capability, UEA, MAC-I, etc.) 8. Control of UE security capability, Verify message, Start of integrity 9. Security mode complete (M AC-I, etc.) 10. Verify received message 11. Security mode complete (selected UEA and UIA) Start ciphering/deciphering Start ciphering/deciphering

UE security capability indicates UIAs and UEAs supported by MS

Fig. 2.8 Local authentication and connection set-up In the procedure, CK and IK are stored in the VLR/SGSN and USIM, Local authentication is obtained by integrity protection function by UIA, UEA as f9/SNOW and f8. The message integrity of the procedure is achieved from f8 and f9. -. Authentication and key agreement of UMTS subscribers In 3GPP, in order to provide backward compatible, Interoperation and handover between UMTS and GSM have to be handled properly [3GPPTS102]. An UMTS user connects to the VLR/SGSN through ME/UMTS and UTRAN; a GSM user connects to VLR/SGSN through ME and GSM BSS.

22

R e le a s e 9 9 +

H L R /A u C
Q u in t e ts

C K , IK Kc RES SR ES T r i p le t s

R e le a s e 9 9 + V L R /S G S N
C K , IK CK IK [K c ] Kc C K , IK Kc RES SR ES [K c]

R e le a se 9 8 V L R /S G S N

[K c]

UTRAN
RAND AU TN RES RAND AUTN RES

GSM BSS
RAND [A U T N ] SR ES
M E not c a p a b le o f U M T S AKA

RAND SRES

M E c a p a b le o f UM TS AK A

ME

C K , IK Kc C K , IK Kc

C K , IK Kc C K , IK Kc

Kc

Kc

C K , IK Kc RES SR ES

C K , IK Kc RES SRES

U S IM U M T S s e c u r it y c o n te x t G S M s e c u rity c o n te x t

Fig.

2.9 authentication and key agreement of UMTS subscribers The UMTS parameters RAND, AUTN and RES are sent transparently through the UTRAN or GSM BSS and that the GSM parameters RAND and SRES are sent transparently through the GSM BSS [3GPPTS102]. In a GSM BSS case, ciphering is employed in the GSM BSS for services delivered via the MSC/VLR, and by the SGSN for services delivered via the SGSN. In the latter case the GSM cipher key Kc is not sent to the GSM BSS. In an UTRAN case, ciphering and integrity are always applied in the RNC, and the UMTS cipher/integrity keys CK an IK are always sent to the RNC [3GPPTS102].

23

6.2.2.3

Data Confidentiality

-. Access Link data confidentiality As the sensitive data of users should be confidentiality protected, 3GPP employs ciphering methods to protect the sensitive data. Fig. 2.10 illustrates the use of the ciphering algorithm f8 to encrypt plaintext [3GPPTS102]. The method ciphers the sensitive data by applying a keystream using a bit per bit binary addition of the plaintext and the keystream.

COUNT-C

DIRECTION LENGTH

COUNT-C

DIRECTION LENGTH

BEARER

BEARER

CK

f8

CK

f8

KEYSTREAM BLOCK

KEYSTREAM BLOCK

PLAINTEXT BLOCK

CIPHERTEXT BLOCK

PLAINTEXT BLOCK

Sender UE or RNC

Receiver RNC or UE

Fig. 2.10 Cipher method For the encryption, the algorithm inputs the parameters as COUNT-C, DIRECTION, LENGTH, BEARER, and the cipher key CK to f8 cipher, then ouputs a keystream block. The plaintext block make a exclusive OR operation with keystream block, then output a ciphertext block. For the decryption, the algorithm do the same procedure as the encryption. The algorithm do an exclusive OR operation between ciphertext block and keystream block.

24

-. Confidentiality Algorithm f8 The operation of Confidentiality Algorithm f8 can refer to Fig. 2.11. The f8 is a stream cipher. The key generator is based on the block cipher KASUMI. The f8 algorithm detail specification can be found at 3GPP TS 35.201 [3GPPTS201]. The Confidentiality Algorithm f8 is briefly described as follow: A=COUNT[0]COUNT[31]BEARER[0]BEARER[4]DIRECTIO N[0]00 A= KASUMI[A] CK KM For each n with 1<= n <= BLOCKS KSBn = KASUMI[A BLKCNT For n=1 to BLOCKS KS[((n-1)*64) + i] = KSBn[i]

KSBn-1]CK

COUNT || BEARER || DIRECTION || 00

CK KM

KASUMI

BLKCNT=0

BLKCNT=1

BLKCNT=2

BLKCNT=BLOCKS-1

CK

KASUMI

CK

KASUMI

CK

KASUMI

CK

KASUMI

KS[0]KS[63]

KS[64]KS[127]

KS[128]KS[191]

Fig. 2.11 f8 Confidentiality function

25

-. KASUMI Algorithm KASUMI is a block cipher. Actually, KASUMI a Feistel cipher with 8 rounds. KASUMI is a cipher algorithm modified from AES, but operated under 8 rounds less than AES. It operates on a 64-bits data-block and use a 128-bits key. The KASUMI detail specification can be found at 3GPP TS 35.202 V3.1.1 [3GPPTS202]. The block cipher with encryption is briefly described as follow:

L0 32
KL1

64

R0 32

16

32 KOi,1 KI i,1

16

9 S9

16

KO1, KI1 FO1 KL2 FL2

9 S9

16

7 S7

16

32

16

FL1


KL4

Fli1

Zero-extend

KO2, KI2 FO2

FI i,1

FI i,2

S7


S9


S7

Fli2


FI i,3

KL3 FL3

KO3, KI3 FO3

KOi,2 KI i,2


KOi,3 KI i,3

truncate KI i,j,1

KI i,j,2

KO4, KI4 FO4 KL5 FL5 FL4

S9

Fli3

Zero-extend

KO5, KI5 FO5 KL6 FL6

S7

KO6, KI6

truncate Fig.3:FI Function

Fig.5:FI Function

Fig.6:FO Function

FO6 KL7 FL7

Fig.2:FO Function 16
KLi, 1

KO7, KI7 FO7 KL8 FL8

32

16 bitwise AND operation bitwise OR operation <<< one bit left rotation

KO8, KI8 FO8


<<<

<<<
KLi, 2

L8 C Fig.1:KASUMI

R8

Fig.4:FL Function

Fig. 2.12 KASIMI algorithm

26

6.2.2.4

Data Integrity

-. Access Link Data integrity protection method The sensitive data between the MS and the network should also protect its integrity. Fig. 2.13 illustrates the use of the algorithm f8 to authenticate the data integrity [3GPPTS102].

COUNT-I

DIREC TIO N

COUNT-I

DIRECTIO N

MESSAGE

FRESH

MESSAGE

FRESH

IK

f9

IK

f9

MAC -I

XMAC -I

Sender UE or RNC

Receiver RNC or UE

Fig. 2.13 Data integrity function At sender site, the algorithm inputs the parameters as COUNT-I, DIRECTION, MESSAGE, LENGTH, and the integrity key IK to f9 function, then outputs the MAC-I code and send to receiver site. At the receiver site, when it received the MAC-I, it inputs the parameters as COUNT-I, DIRECTION, MESSAGE, LENGTH, and the integrity key IK to f9 function, then outputs the XMAC-I code. The receiver compare the XMAC-I with MAC-I received for verifying the data integrity.

27

-. Integrity Algorithm f9 The operation of integrity algorithm f8 can refer to Fig. 2.14. The f9 algorithm detail specification can also be found at 3GPP TS 35.201 [3GPPTS201]. The Integrity Algorithm f9 is described as follow: Initialization: A=0, B=0, PS=COUNT[0]COUNT[31]FRESH[0]FRESH[31]MESSAGE[0 ]MESSAGE[LENGTH 1] DIRECTION[0]10* PS = PS0 || PS1 ||PS2|| || PSBLOCKS-1 A= KASUMI[A PSn] IK
KM

B=B A B = KASUMI[B] IK MAC-I = lefthalf(B)

COUNT || FRESH

||

M E S S A G E

|| DIRECTION || 1 || 0 0

PS0

PS1

PS2

PSBLOCKS-1

IK

KASUMI

IK

KASUMI

IK

KASUMI

IK

KASUMI

IK KM

KASUMI

MAC-I (left 32-bits)

Fig. 1.14 f9 Integrity function

28

6.2.3

3G Network Domain Security Network Domain Security (NDS) ensures signal exchanges, within core network security. Generally, there are two types of networks, which use different scheme to achieve security. The first one is IP-based, the other one is SS7-based. The former shall be protected by means of IPSec [Kent98]. The later shall be protected in application level. Furthermore, the employment of traditional security technologies, originally designed for fixed networking, such as firewalls, and static VPN, in order to safeguard the UMTS core network from external attacks. IP-based protocol

Fig. 2.15 NDS architecture for IP-based protocols Security gateways (SEGs) are the main entities used in IP-based protocol. It is the core gateway of IPSec. Key administration centers (KACs) negotiate the IPSec security associations (SAs) by using the Internet Key Exchange (IKE) protocol [Harkins98]. The KACs also distribute SAs parameters to the network entities (NEs) or the SEGs through standard interfaces. There are two approaches to secure IP traffic flow between NEs. Either hop-by-hop scheme or end-to-end scheme can be applied. In hop-by-hop scheme, originate NE setup a tunnel to appreciate SEG in the same security domain. NE forwards data to it and then SEG setup another tunnel to the appreciate SEG on other UMTS core network. Similarly, SEG forwards data to the appreciate SEG, setup tunnel to target NE and forward to it. The end-to-end scheme implies that an IPsec SA is established between the two NEs. Node authentication is another important issue on traffic flow which can be accomplished by using either pre-shared symmetric keys, or public keys [Harkins98]. The IPsec protocol shall always be Encapsulation Security Payload, given that it can
29

provide confidentiality and integrity protection as well. SS7-based protocol

Fig. 2.16 NDS architecture for SS7-based and mixed SS7/IP-based protocols NDS for SS7-based protocol is mainly founded at application layer. Application data transport base on SS7 network or SS7 and IP network, it have to provide security features at the application layer. The SAs for signaling protection at application layer are negotiated by KAC, similarly to IP-based architecture. Traditional network security features Inter-network communication may base on the public Internet. Attackers can take many actions when signals flow on Internet which introduces traditional network security issue. Besides the security features in the 3G security architecture, the operators can employ traditional network security tools make core network more security. There are two complementary tools: firewalls and VPNs. Firewalls always established at border of core network. It can just allows specific IP addresses flow in and out. Furthermore, Application firewalls prevent direct access through the use of proxies for services, which analyze application commands, perform authentication, and keeps logs. Firewalls just can filter packets but without providing any confidentiality or privacy, but VPNs are. VPN [Gleeson00] establishes a secure tunnel between two points, encapsulates and encrypts data, and authenticates and authorizes user access of the corporate resources on the network. The low cost and security make VPN much appreciate employ on UMTS network. 6.2.4 3G User/Application Domain Security The purpose of user domain security is to provide user using the UE securely. It
30

uses PIN code for user authentication. Application domain security provides the mechanisms to ensure applications communicate with remote server safely, especially in 3G environment. 6.2.4.1 User Domain security User domain security [3GPPTS102] ensures secure access to the MS. UMTS Integrated Circuit Card (USIM) play the important role on it. USIM represents and identifies a user and is responsible for authentication on home environment. In order to prevent invalid access to USIM, mobile user and USIM must share a secret key (e.g. PIN). The user gets accesses after providing knowledge of the secret. 6.2.4.2 Application Domain security Under 3G circumstance, there are more applications provide network services in order to reach information on Internet. As a result, user application and service provider have to communicate more and more often. The purpose of application domain security is to provide security communication between users and service providers. Besides 3G network security features, application domain security is needed because the lower layer security features may not exist. There are some tools for develop application reside on USIM (e.g. USIM Application Toolkit) [3GPPTS111] which provides a number of basic security mechanisms such as entity authentication, message authentication, replay detection, sequence integrity, confidentiality assurance, and proof of receipt. Wireless Application Protocol (WAP) is a suite of standards for delivery and presentation of Internet services on wireless terminals. Limited bandwidth and capacity of processing take into account when WAP protocol was developed. It is very suitable for development applications on wireless environment. However, there are fewer and fewer programmers employ WAP for development applications. Currently, the WAP architecture has been standardized in two releases (versions 1.2.1 and 2.0) [Wireless Application Forum, WAP].

31

Secure Transmission in WAP 1.2.1

Fig. 2.17 WAP 1.2.1 Architecture In WAP architecture, it needs a WAP gateway to transform wireless side message format into IP network format and vice versa. When WAP device needs to transmit data to Web server, WAP device have to setup a tunnel between WAP device and WAP gateway for secure transmission. On the other hand, WAP gateway also needs to create a tunnel between WAP gateway and Web server. The tunnel between WAP device and WAP gateway employ Wireless Transport Layer Protocol (WTLS) which is based upon the TLS protocol which has been optimized for use over narrow-band communication channels providing also datagram support. It ensures data integrity, privacy, authentication, and denial-of-service protection. The tunnel between WAP gateway and Web server employs the TLS protocol. Because of the different secure mechanisms used in these two tunnels, this scheme does not support end-to-end security.

32

Secure Transmission in WAP 2.0

Fig. 2.18 WAP 2.0 Architecture WAP 2.0 proceeds to the re-design of the WAP architecture by introducing the existing Internet protocol stack, including the Transmission Control Protocol (TCP), into the WAP environment. The tunnel can be established all the way from WAP device to the Web server. It provides end-to-end security features. Another pros is that two TCP versions can be applied on, one for wireless part, the other for wire part which can improve performance in WAP 2.0.

6.2.5 3G security weakness and Security Issues 3G security features counteract many security threats in 2G system. 3G is much securing than 2G system. There are many new features introduce in 3G. This section will discuss what security threats were counteracted or not. First of all, denial of service attacks, such as user de-registration request spoofing, location update request spoofing are counteract in 3G circumstances because integrity protection of critical signaling messages mechanism. However, attackers can setup a modified BS/MS to entice mobile user to camp on it. The modified BS/MS relay message between mobile user and real BS. The modified BS/MS can ignore certain messages, such as paging, and make DoS attacks succeed. This attack is very difficult to counteract effectively in any radio system. There are many methods can be used in identity catching, including passive and active identity catching. The attacker requires a modified BS and entices mobile user camp on. The differences between passive and active identity catching is that passive catching just waiting for mobile user send identify in clear text. Active identify
33

catching is that modified BS requests mobile user identify. However, neither passive nor active identify catching methods do not work in 3G system because of identity confidentiality which encryption key shared by a group of users to protect identify. Attackers also can use the modify BS/MS to eavesdrop on user data by suppression of encryption between mobile user and the core network. But, Message authentication and replay inhibition of the mobiles ciphering capabilities allow the network to verify that encryption has not been suppressed by an attacker [3GTR900]. 6.3

4G Security Investigation Results


This section describes the current research results of 4G. Due to the standards of

4G are on defining, we investigate the current research results from papers. By the survey, some the features and issues of 4G can be illustrated, and are helpful to our future studies. Security Issues on 4G Basically, 4G/B3G hope to provide a communication environment with seamless connection service consists of integrating heterogeneous network, All-IP, multimedia applications, and so on. Toward 4G and beyond 3G, there exist many security issues to be resolved [Hui03][Fu04][Celentano06][ODrama04][Dell'Uomo02] [McEvoy05] [Zheng05] [Prasad05]. As follows, we list some important security issues on 4G/B3G. Some of these issues have been investigating and getting some results as an important reference. QoS and Security [Fu04][ODrama04] [Dell'Uomo02] [Hui03] -. Seamless integrated Mobility, QoS and Security -. Delay across different networks for QoS -. Privacy AAA for 4G [McEvoy05][Zheng05] [Dell'Uomo02] -. Heterogeneous Network Mobile IPv6 with inherent problems of IP [Celentano06] [Dell'Uomo02] Security and Handover [Celentano06] [Prasad05] [Dell'Uomo02] 6.3.2 The Research Results of 4G Security As 4G has not yet reached in industry and standard, many researches on security issues on 4G as described in section 3.1 have been doing progressively. Several research results have proposed from prior papers. In this section, we introduce several results about these security issues, specially issues resulted from heterogeneous network. 6.3.1

34

6.3.2.1 An approach on QoS and Security In this section, we introduce an approach on QoS and Security proposed by Xiaoming Fu [Fu04]. He propose a system architecture for QoS and Security in 4G, which integrates QoS and AAA mechanism. As we know, traditional AAA is not suited for mobility. AAA of 4G needs more efficient and scalable; QoS needs hop-by-hop way of dynamic key establishment. He illustrates several QoS and Security issues as Fig. 3.1: . Problems on routing optimization between CN and MN, . How to make sure quality guarantee on delay for QoS, . How to integrate QoS with AAA.

Fig. 3.1 Illustration of routing on for mobility In Fus approach illustrated as Fig. 3.2, his SeaSoS architecture allow modify network attributes using dynamic plug-in, or re-configure parameters in order to interact with heterogeneous networks as : QoS Protocol :RSVP + NSIS-QoS, AAA protocol :Diameter + COPS, HMIPv6 + MIPv6 In the SeaSoS, IETF Authentication protocol :EAP is chosen as authentication protocol with the EAP suited to mobility. The architecture can also achieve the Seamless Access. The architecture can achieve QoS and Security requirements with seamless access. As this architecture applies RSVP, it can prevent Denial of Service
35

(DoS) attack.

MN Start EAP

nA R

AAAL

CR

AAAH

HA

AAA(Diameter)

EAP

RSVP

SeaSoS

Fig. 3.2 The SeaSoS operation procedure 6.3.2.2 An approach of Secure Mobile IPv6 In this section, we introduce an approach of secure Mobile IPv6 for B3G Networks proposed by Celentano, and et. al. [Celentano06]. They propose a system architecture for secure Mobile IPv6 for B3G Networks. They exposed several issues of mobile IPv6 for B3G network. Security Vulnerabilities of Mobile IPv6 and Return Routability Procedure In mobile IPv6, when MN roams away from its HN, Neighbour Discovery mechanism or Dynamic Host Configuration Protocol binds new address by sending Binding Update (BU) message to HA. When handoff occurs in heterogeneous network, Mobile IPv6 acquire a new CoA only, Security Association (SA) between HA and MN is not impacted (MIPv6 Routing Header Type2 and Home address option are transparent to IPSec SA). On the other hand, RRP (Return Routability Procedure) mechanism is vulnerable to attacks along the path between the HA and the CN, where a malicious node, aware of a session between MN and CN, might simulate a handoff of the MN by sending fake HoTI and CoTI messages. Adversary can obtain Kbm and send fake BU to CN or MN. Hence Mobile IPv6 on heterogeneous network will incur an impersonation attack/Man-in-the-middle attack.

36

MN

HA

CN

HoTi CoTi HoT CoT

RRP

Fig. 3.3 A RRP vulnerability Celentano, and et. al. proposed a system architecture to resolve these insecure issues of Mobile IPv6 for B3G Networks. As the SA is not impacted , the solutions to resolve above man-in-the-middle attack are (a) BU should be updated in every handoff , (b) on each path, IPSec or ESP is employed to protected the distribution of keys. They proposed solutions described as follows. (1). At set-up, Kbm distribute to MN and Cn within the body of the SIP 200 OK and ACK message, instead of RRP. (2). Kbm can be generated by AAA Server. (3). The distribution of keys is secured by IPSec and ESP between SIP user (MN and CN) and P-CSCF. 6.3.2.3 A Trusted Computing-Based Security Architecture 4G exists some technology issues as providing great flexibility and mobility which complex the security problem in turn. In this section, a Trusted Computing-Based Security Architecture for 4G based on the PKBP scheme proposed by Zheng [Zheng 05a][Zheng 05c].

37

Fi g. 3.5 An illustration of PKI under different CA As Fig. 3.5 illustrated, several authentication protocols have been proposed for mobile IP, which can not employed directly in 4G with heterogeneous network, for following reason. Symmetric key based protocol can not work for its poor scalability, Pure public key based protocol increase computational load It is impossible to take one CA for heterogeneous networks in 4G Hybrid scheme can not provide non-repudiation and be difficult for ME to verify the signature of FA outside HN. It is very difficult for ME to verify the validity of BSs public-key certificate since ME and BS usually belongs to different CA.

It is hard to achieve mutual authentication between ME and FA, and ME is vulnerable to be cheated by forged BS/FA. A Trusted Computing-Based Security Architecture with PKBP scheme proposed by Zheng can be a feasible solution for 4G with heterogeneous network. In Fig. 3.3, we shows how does the A Trusted Computing-Based Security Architecture work.

38

BCA2 BCA1 RCA1 RCA2

BCA3

RCA3

CA11

CA12 CA31 AAA3 CA32

HA4

HA1

AAA1 HA2

AAA2

HA5

AAA4

Fig. 3.6 Hybrid PKI model of PKBP In this scheme, a hierarchical trust model is employed 4G with heterogeneous network.. Every radio networks has a root CA (RCA), and different networks are connected with bridge CA (BCA). Each CA employed PKI and X.509. As Fig. 7 described, every HA broadcast its PKH, IDH, IPv6 address and those parameters by upper layer CA.

PKI Based on Hy brid Trust model

CCAH

CCFA

ME
5

FA (HA5)

AAAH (AAA2)

Fig.
39

3.7 Authentication protocol of PKBP When the ME roams to the area belong HA5 outside from HA, An PKBP authentication communications are performed by upper layer CA. The PKBP scheme achieved : (a). Authentication on heterogeneous networks (b), Against the man-in-the-middle attack (c ).Mutual authentication (d). Anonymity and Non-repudiation (e). Security of key agreement The Trusted Computing-Based Security Architecture linked up PKBP scheme is applicable for 4G. It is convenient to globe mobility and flexible scalability. It will be a feasible solution for 4G with heterogeneous network.

40

6.4 Discussion & Conclusion With our wireless service needs of wireless network, it causes the rapid growth of wireless network service and its technologies, and wireless device becomes basic appliances for contemporary people. As known by this report, 3GPP provided more security mechanisms than 2G such as mutual-authentication, stronger confidentiality and integrity, etc. 3G still exists some security problems, for example, privacy, DoS, plaintext of IMSI, .etc., for providing more secure communication. On the view points of future trend, the convergence of heterogeneous networks, for example, 4G, is an important issues. Some of issues about the convergence, for example, seamless service, high mobility, QoS,, ect, have to be further investigated. All-IP have been a necessary environment in the future communication and network. Some issues about all-IP for 4G also have to be further resolved.

41

References
[3GPPTS120] 3GPP TS 33.120 V4.0.0 Technical Specification. [3GPPTR900] 3GPP TR 33.900 V1.2.0 Technical Specification. [3GPPTS102] 3GPP TS 33.102 V7.1.0 Technical Specification. [3GPPTS202] 3GPP TS 35.202 V3.1.1 Technical Specification. [3GPPTS205] 3GPP TS 35.205 V6.0.0 Technical Specification. [3GPPTS201] 3GPP TS 35.201 V6.1.0 Technical Specification. [3GPPTS121] 3GPP TS 23.121 V3.6.0 Technical Specification. [3GPPTS111] 3GPP TS 31.111 V3.7.0 Technical Specification. [3GPPTS002a] 3GPP TS 23.002 V3.6.0, Network Architecture, Release 99, Sept. 2002. [3GPPTS002b] 3GPP TS 23.002 V4.5.0, Network Architecture, Release 4, Sept. 2002. [3GPPTS002c] 3GPP TS 23.002 V5.8.0, Network Architecture, Release 5, Sept. 2002. [Barba93] Barba, A., Recacha, F. and Melus, J.L., Security architecture in the third generation networks, Proceedings of IEEE Singapore International Conference on Networks, 1993. International Conference on Information Engineering '93. 'Communications and Networks for the Year 2000', Volume 1, PP. 421-425 , Sept. 1993. [Celentano06] D. Celentano, A. Fresa; M. Longo, F. Postiglione, A.L. Robustelli, Secure Mobile IPv6 for B3G Networks, SoftCOM 2006. International Conference on Software in Telecommunications and Computer Networks, PP. 331335, Sept. 2006. [Dell'Uomo02] Dell'Uomo, L.; Scarrone, E., An all-IP solution for QoS mobility management and AAA in the 4G mobile networks, The 5th International Symposium on Wireless Personal Multimedia Communications, 2002, Volume 2, PP. 591 595, Oct. 2002. [Fu04] Xiaoming Fu, Dieter Hogrefe, Sathya Narayanan, Rene Soltwish, Qos and Security in 4G Networks, Proceedings of the first annual global mobile congress, Shanhai, China, Oct. 2004. [Gleeson00] B. Gleeson, A. Lin, J. Heinanen, G. Armitage, A. Malis, A Framework for IP Based Virtual Private Networks, RFC 2764, Feb 2000. [GSM03.60] GSM 03.60, GPRS, Service Description, Stage 2. 1998. [Hui03] Suk Yu Hui; Kai Hau Yeung, Challenges in the migration to 4G mobile systems, IEEE Communications Magazine, Volume 41, PP. 54 59, Dec. 2003. [Harkins98] D. Harkins, D. Carrel, The Internet Key Exchange (IKE), RFC 2409, Nov. 1998. [ITU] ITU:Security in Telecommunications and Information Technology Oct. 2004
42

http://www.itu.int/itudoc/itu-t/86435.html [Joseph06] Joseph, V.C.and Talukder, A.K.; Verifiable AKA for beyond 3G wireless packet services, 2006 IFIP International Conference on Wireless and Optical Communications Networks, pp. 11-13 Apr. 2006. [Kent98] S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, 1998. [O'Droma 04] Ganchev, I., O'Droma, M., Chaouchi, H., Armuelles, I., Siebert, M., Houssos, N., Requirements for an integrated system and service 4G architecture, VTC 2004-Spring. 2004 IEEE 59th Vehicular Technology Conference, 2004, Volume 5, PP. 3029 3034, May 2004. [wiki, Cdma] http://en.wikipedia.org/wiki/Cdma. [wiki, 3G] http://en.wikipedia.org/wiki/3G. [Wireless Application Forum, WAP] Wireless Application Forum (WAP), WAP Specifications, URL: http://www.wapforum.org/what/technical.htm. [Zhang05] Muxiang Zhang and Yuguang Fang; Security analysis and enhancements of 3GPP authentication and key agreement protocol, IEEE Transactions on Wireless Communications, Vol. 4, No. 2, PP. 734-742, Mar. 2005. [Zheng05a] Yu Zheng, Dake He; Lixing Xu and Xiaohu Tang, Security scheme for 4G wireless systems, Proceedings. 2005 International Conference on Communications, Circuits and Systems, Vol. 1, Page(s):397 401, May 2005 . [Zheng05b] Yu Zheng, He, D., Xiaohu Tang and Hongxia Wang, AKA and Authorization Scheme for 4G Mobile Networks Based on Trusted Mobile Platform, 2005 Fifth International Conference on Information, Communications and Signal Processing, PP. 976 980, Dec. 2005. [Zheng05c] Yu Zheng, Dake He, Weichi Yu and Xiaohu Tang, Trusted Computing-Based Security Architecture For 4G Mobile Networks, PDCAT 2005. Sixth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2005, PP. 251 255, Dec. 2005.

43