Norsk Telefoningeniørmøte 1992 - Telenor
Norsk Telefoningeniørmøte 1992 - Telenor
Norsk Telefoningeniørmøte 1992 - Telenor
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Sikkerhetskrav og realisering av disse i mobile nettverk<br />
RUNE HAGEN<br />
Denne artikkelen er en del av et samarbeid<br />
der også Alcatel-enheter i andre<br />
land har deltatt. Den er derfor på engelsk.<br />
1 Introduction<br />
Mobility of users and their equipment<br />
will imply new security requirements in<br />
addition to the ones existing for ordinary<br />
network services. The users must be protected<br />
against each other and against<br />
illegal operations of the network. Experience<br />
also shows that mobile equipment is<br />
exposed to theft. The network operators<br />
and service providers will like to ensure<br />
that only legitimate customers get access<br />
to their services, and that the right person<br />
is billed for use of the services. This<br />
causes an obvious need for authentication<br />
of users and their terminals that want to<br />
access the network. The users and the<br />
network must exchange security related<br />
information when a network connection<br />
is established. This requires in turn that<br />
there must exist a way to personalise user<br />
equipment with e.g. a smart card, and to<br />
distribute and maintain security parameters<br />
in the network. Reliable operation<br />
of mobile networks will require a certain<br />
level of security management to control<br />
and distribute security parameters. This<br />
security management must support rules<br />
for operation and storage of secret keys<br />
and algorithms.<br />
2 Security Considerations<br />
This paper will only discuss mobile services<br />
where users and terminals move<br />
around and not look at services with<br />
mobile users accessing terminals at fixed<br />
locations (7).<br />
The terminals in a mobile network may<br />
be able to prove the identity of the user.<br />
As seen from the network different levels<br />
of binding between user and terminal can<br />
be thought of:<br />
- The user is to be authenticated; the terminal-id<br />
entity unknown to the<br />
network<br />
- The terminal is authenticated; a user-id<br />
is assumed implicitly from terminal id<br />
- The terminal and the user are two independent<br />
entities, both to be authenticated<br />
by the network.<br />
The European GSM network is an<br />
example of a mobile network where the<br />
user terminal must use radio transmission<br />
to reach an entry point to the network,<br />
the Base Transceiver Station. It is<br />
assumed that the network will need to<br />
authenticate the users and not really be<br />
concerned with terminal identities.<br />
Several references have given a systematic<br />
listing of the threats to a communication<br />
network (8, 6). Examples of generic<br />
threats are:<br />
- masquerading entities<br />
- illegitimate access to information<br />
- disclosure of data<br />
- modification of information<br />
- denial of service, etc.<br />
The generic threats also apply to mobile<br />
networks. The nature of mobile networks<br />
will in fact make some of these threats<br />
particularly relevant.<br />
User needs for security can relate to<br />
keeping privacy or to protecting against<br />
illegitimate use of their resources. Illegitimate<br />
use includes protection against<br />
impersonation of a user and against<br />
utilisation of stolen equipment. Security<br />
services and mechanisms will be added<br />
to the network to fulfil user needs and<br />
counter security threats.<br />
The brief list below shows possible use<br />
of the security services in ISO’s reference<br />
model (8). The security services are<br />
generic by nature and can implement<br />
user requirements for security as well as<br />
securing management and operation of<br />
the network.<br />
Authentication: The user terminal must<br />
prove its identity when it will access the<br />
network. In addition there can also exist<br />
methods implemented locally in the terminal<br />
equipment that prevent use of the<br />
terminal by unauthorised persons.<br />
Authentication is an essential requirement<br />
for protection against fraudulent<br />
use and to ensure correct billing. The<br />
authentication procedure can be either<br />
one-way or two-way where the user terminal<br />
also verifies the authenticity of the<br />
network. Peer-entity authentication is in<br />
many cases also a fundamental requirement<br />
for management of a network.<br />
The network element that is to be<br />
managed, may need to verify that the<br />
access request originates from a valid<br />
operations system.<br />
Access control: The user should at subscription<br />
time get access to a set of<br />
actions and services. The network must<br />
ensure that the subscriber gets access to<br />
what he is entitled to, while attempts of<br />
unauthorised actions must be rejected.<br />
The network can also provide incoming<br />
access control; protecting users from<br />
getting unwanted calls.<br />
Data confidentiality: Relevant aspects of<br />
confidentiality are:<br />
a Confidentiality of a user’s subscription<br />
data and service profile<br />
b Confidentiality of a user’s actual<br />
physical location<br />
c Confidentiality of user information<br />
sent over open radio links<br />
d Confidentiality of security parameters<br />
transferred over the management<br />
network.<br />
Data integrity: Data integrity services<br />
can be applied to management data,<br />
signalling information and to user data to<br />
prevent, detect or take recovery from<br />
unauthorised or unintended modification.<br />
Non-repudiation: Non-repudiation services<br />
can be useful for billing purposes<br />
and for resolving disputes between subscribers,<br />
service providers and network<br />
operators.<br />
Pervasive mechanisms: In addition to<br />
these services the network will need to<br />
operate pervasive mechanisms for event<br />
handling and logging. Examples are:<br />
a A way to handle security relevant<br />
events in the network and possibly<br />
take immediate actions against subscribers,<br />
service providers or network<br />
operators.<br />
b Provision of a security audit trail for<br />
storage of event records defined as<br />
security relevant.<br />
Network providers and subscribers are<br />
likely to stress different service requirements.<br />
A good security system should<br />
cater for the needs of both groups. In<br />
addition to these service related requirements,<br />
the security solution of a mobile<br />
network shall also fulfil the following<br />
generic properties:<br />
a It should as far as possible be based<br />
upon international standards and drafts<br />
for security. Use of standard mechanisms<br />
and methods open for competition<br />
between vendors. A practical<br />
concern here, however, is that many of<br />
the most well-known algorithms are<br />
covered by patents or export<br />
regulations.<br />
35