Can you afford not to read this book?........ The Universal Mobile Telecommunication System (UMTS) offers a consistent set of services to mobile computer and phone users and numerous different radio access technologies will co-exist within the UMTS system's core network - security is, therefore, of the utmost importance. UMTS Security focuses on the standardized security features of UMTS and brings together material previously only available in specifications, design documents and presentations in one concise form. In addition, this unique volume also covers non-standard implementation specific features that allow differentiation between operators and manufacturers. * Describes the security solutions specified for UMTS * Provides a comprehensive presentation of the UMTS security specifications and explains the role of the security functionality in the UMTS system * Presents the UMTS security system in its totality from the theoretical background through to the design process * Discusses the new security features included in Release 4 and 5 By providing a unified treatment of the security services provided by the UMTS system, this volume will provide invaluable information and have instant appeal to planners, constructers and implementers of UMTS networks, and developers and analysts of application oriented security services that make use of UMTS communication networks. It will also be of considerable interest to postgraduates and researchers of modern communication security technology.

Valtteri Niemi received a PhD degree in Mathematics from the University of Turku, Finland in 1989. After serving in various positions at University of Turku, he became an Associate Professor in Mathematics at the University of Vaasa, Finland, during 1993-97. He joined Nokia Research Center, Helsinki in 1997 where he has contributed in several roles for Nokia research in the wireless security area, including cryptological aspects. In 2008, he moved to the new NRC laboratory in Lausanne, Switzerland, where his main focus is on privacy-enhancing technologies. He was nominated as a Nokia Fellow in January 2009. He has participated to the 3GPP SA3 standardization group from the beginning. During 2003-2009 he was the chairman of the group. Before 3GPP, Niemi took part in ETSI SMG 10 for GSM security work. He has published more than 40 scientific articles and he is a co-author of three books.

Kaisa Nyberg is the author of UMTS Security, published by Wiley.

Preface xi

PART I: SECURITY ARCHITECTURE FOR UMTS 1

1 Introduction to Security and to UMTS 3

1.1 Security in Telecommunications 3

1.1.1 General security principles 4

1.1.2 GSM security 7

1.2 The Background to 3G 11

1.3 The 3G Partnership Project (3GPP) 12

1.4 3GPP Network Architecture 14

1.4.1 Elements in the architecture 15

1.4.2 Protocols in the 3GPP system 18

1.5 WCDMA Radio Technology 20

1.5.1 CDMA: an example 22

1.5.2 Basic facts of WCDMA 23

1.5.3 Handovers 25

1.5.4 Power control 25

2 UMTS Security Features in Release 1999 29

2.1 Access Security to UMTS 29

2.1.1 Mutual authentication 30

2.1.2 Temporary identities 42

2.1.3 UTRAN encryption 44

2.1.4 Integrity protection of RRC signalling 54

2.1.5 Set-up of UTRAN security mechanisms 59

2.1.6 Summary of access security in the CS and PS domains 63

2.2 Interworking with GSM 63

2.2.1 Interworking scenarios 65

2.2.2 Cases with SIM 66

2.2.3 Cases with USIM 67

2.2.4 Handovers from one system to another 68

2.3 Additional Security Features in Release 1999 69

2.3.1 Ciphering indicator 69

2.3.2 Identification of the UE 69

2.3.3 Security for Location Services (LCs) 70

2.3.4 User-to-USIM authentication 70

2.3.5 Security in the USIM application toolkit 70

2.3.6 Mobile Execution Environment (MExE) 70

2.3.7 Lawful interception 71

3 Security Features in Releases 4 and 5 73

3.1 Network Domain Security 73

3.1.1 MAPsec 74

3.1.2 IPsec 81

3.1.3 IPsec-based mechanisms in UMTS 84

3.1.4 Role of firewalls 86

3.2 IMS Security 87

3.2.1 Basics of SIP 87

3.2.2 IMS architecture 90

3.2.3 Architecture for securing access to the IMS 91

3.2.4 Principles for IMS access security 93

3.2.5 Use of HTTP Digest AKA 95

3.2.6 Security mode set-up 100

3.2.7 Integrity protection with ESP 101

3.2.8 Error case handling 104

3.3 Other Security Systems 106

3.3.1 Higher layer security systems 106

3.3.2 Link layer security systems 108

PART II: CRYPTOGRAPHIC ALGORITHMS 111

4 Introduction to Cryptography 113

4.1 The Science of Cryptology 113

4.1.1 Cryptographic systems 113

4.1.2 Security and vulnerability 115

4.1.3 Developing cryptology into a publicly available science 116

4.1.4 Public cryptographic development efforts 118

4.2 Requirements and Analysis of Cryptographic Algorithms 119

4.2.1 Block ciphers 120

4.2.2 Stream ciphers 125

4.2.3 Message authentication codes 127

5 3GPP Algorithm Specification Principles 131

6 Confidentiality and Integrity Algorithms 135

6.1 Requirements for the Confidentiality Algorithm 135

6.1.1 Functional requirements 135

6.1.2 Algorithm operation 136

6.1.3 Interfaces to the algorithm 137

6.2 Requirements for the Integrity Algorithm 139

6.2.1 Overview 139

6.2.2 Interface 140

6.3 Design Task Force 142

6.4 Getting Started 142

6.4.1 SAGE contribution to SA3 143

6.4.2 Modes around MISTY1 143

6.4.3 Particular security criteria 144

6.5 Design Process 144

6.5.1 The teams 145

6.5.2 Design documentation 145

6.5.3 Conclusion of evaluation 148

6.6 Confidentiality Algorithm 149

6.6.1 The f8 stream cipher mode 149

6.6.2 Description of f8 149

6.6.3 Security 151

6.7 Extension of the UMTS Confidentiality Algorithm 152

6.7.1 Background 152

6.7.2 List of…