3G Security in UMTS Networks: A Comprehensive Overview

In UMTS (Universal Mobile Telecommunications System), the security mechanism is designed to address the shortcomings of GSM (Global System for Mobile Communications) security. UMTS security is often referred to as 3G security.

Five security groups exist within 3G networks, as illustrated below:

• Network Access Security
• Network Domain Security
• User Domain Security
• Application Domain Security
• Visibility and Configurability of Security

Network Access Security

Network Access Security focuses on protecting the air interface and ensuring secure access to the 3G network for subscribers. In UMTS authentication, a secret key ‘K’ is shared between the network and the User Equipment (UE).

The network transmits a randomly generated number ‘RAND’ and an authentication token ‘AUTN’ in the message authentication challenge to the UE. The ‘AUTN’ parameter allows the UE to authenticate the 3G network, which is a significant improvement over GSM.

The USIM (Universal Subscriber Identity Module) generates a response back to the network, including ciphering and integrity keys. This enables the network to authenticate the UE.

A primary difference between GSM and 3G security is the ability of the UE to authenticate the network in UMTS. This was not possible with GSM-compliant UEs.

The cipher key ($K_c$) in 3G security has a length of 128 bits, which is double the 64 bits used in GSM.

In GSM, ciphering was limited to the air interface only, without ciphering between the Mobile Station (MS) and the Base Transceiver Station (BTS). In UMTS, security is extended between the UTRAN (UMTS Terrestrial Radio Access Network) and the Radio Network Controller (RNC). Consequently, 3G security is provided end-to-end between the UE and the RNC.