Overview

The Universal Mobile Telecommunication System (UMTS) 3G Mobile Telephony provides full support and a Radio Net Subsystem (RNC) enhancement for existing 2G/2.5G/2.75G GSM/HSCSD/GPRS/EDGE technologies. UMTS operates the frequency ranges 1920-1980 for uplink and 2110-2170 MHz for downlink. UMTS enables high bit rates - up to 384 kbit/s for circuit switched data communication and up to 2 Mbit/s for packet switched data communication and multimedia services.

Standards
3G TS 23.110 3G TS 25.301 3G TS 25.321 3G TS 25.322 3G TS 25.323 3G TS 25.324 3G TS 25.331 3G TS 25.401 3G TS 25.410 3G TS 25.411 3G TS 25.413 3G TS 25.420 3G TS 25.423 3G TS 25.430 3G TS 25.433 3G TS 29.060 UMTS Access Stratum Services and Functions Radio Interface Protocol Architecture Medium Access Control (MAC) Protocol Specification Radio Link Control (RLC) Protocol Specification Packet Data Convergence Protocol (PDCP) protocol Radio Interface for Broadcast/Multicast Services Radio Resource Control (RRC) Protocol Specification UTRAN Overall Description UTRAN Iu Interface: General Aspects and Principles UTRAN Iu interface Layer 1 UTRAN Iu Interface: RANAP Signaling UTRAN Iur Interface: General Aspects and Principles UTRAN Iur interface RNSAP Signaling UTRAN Iub Interface: General Aspects and Principles UTRAN Iub interface NBAP Signaling GPRS tunneling protocol (GPT) across the Gn and Gp interface, CCITT Rec. E.880, field data collection and evaluation on the performance of equipment, network, and services

System Architecture
Figure umts1 shows the system architecture of UMTS. The NSS, the OSS, and the GPRS support nodes SGSN and GGSN of the GSM/GPRS system constitute the Core Network (CN) in the UMTS system. CN has two logial domains 1. the Circuit Switched Domain (CSD) connected to PSTN 2. the Packet Switched Domain (PSD) connected to a Packet Data Network (PDN), usually an IP or an X.25 network.

Components and interfaces of the CN architecture are shown in Figure umts2.

Figure umts1. UMTS system architecture

Figure umts2. Components and interfaces of the CN architecture.

The UMTS enhancement of the BSS in GSM/GPRS is a Radio Network Subsystem (RNS) called Universal Terrestrial Radio Access Network (UTRAN). The UTRAN architecture with external and internal interfaces is shown in Figure umts3. Four new open interfaces are defined:

Uu: UE to Node B (UTRA, the UMTS WCDMA air interface Iu: RNC to GSM Phase 2+ CN interface (MSC/VLR or SGSN) i. Iu-CS for circuit-switched data ii. Iu-PS for packet-switched data

Iub: RNC to Node B interface Iur: RNC to RNC interface, not comparable to any interface in GSM.

The Iu, Iub, and Iur interfaces are based on ATM transmission principles.

Figure umts3. Architecture of interfaces for UTRAN.

A UTRAN Radio Net Controller (RNC) controlling connections is called a Serving RNC (SRNC). A RNC offering additional resources, for example in soft handover is called a Drift RNC (DRNC). The functions of RNC are:

o o o o o o o o

Radio Resource Control Admission Control Channel Allocation Power Control Settings Handover Control Macro Diversity Ciphering Segmentation / Reassembly

o o

Broadcast Signalling Open Loop Power Control

A UTRAN Node B is the physical unit for radio transmission/reception with cells. One or more cells may be served by a Node B which also can be co-located with a GSM BTS. The UMTS enhancement of the SIM in a GSM/GPRS Mobile Station (MS) is the Universal SIM (USIM) in a User Equipment (UE). A UMTS UE can operate in one of three modes of operation. The different UMTS UE operation modes are defined as follows:

PS (Packet Switched) mode: The UE/MS is attached to the PSD only and may only operate services on the PSD. However, this does not prevent the offering of CS-like services over PS (e.g., voice over IP). CS (Connection Switched) mode: The UE/MS is attached to the CSD only and may only operate services of the CSD. However, this does not prevent the offering of PS-like services over CS. PS/CS mode: The UE/MS is attached to both the PSD and the CSD. The MS is capable of simultaneously operating both PS and CS services. All combinations of different operation modes as described for GSM and UMTS UE/MSs will be allowed for GSM and UMTS multisystem terminals.

A GSM/EDGE BSS must however be modified in order to be used as a radio access network to a 3G UMTS CN. Real time services are not supported in a 2G CN. The GSM/EDGE Radio Access Network (GERAN) standard ETSI TS 143 051 (3GPP TS 43.051) specifies a BSS with the ability to interface also with a 3G UMTS core network over the lu interface used in UTRAN, see Figure umts4. The same GERAN can thus support separate 2G and 3G CNs, see Figure umts5

Figure umts4. Functional architecture and interfaces of a GERAN BSS.

Figure umts5. GERAN support for separate 2G and 3G CNs

Protocol Architecture
The UMTS Protocol Architecture for the user plane is shown in Figure umts6 for CSD and in Figure umts7 for PSD. UTRAN RNCs have Asynchronous Transfer Mode (ATM) communication links with 3G-MSCs and 3G-SGSNs. In an ATM link the information to be transmitted is divided into fixed-size cells (53 octets), multiplexed, and transmitted. The UMTS Protocol Architecture for CSD uses ATM Adaptation Layer 2 (AAL2). The AAL2 layer is divided into two sublayers, the Convergence Sublayer (CS), shown as AAL2 in Figure umts6, and the Segmentation And Reassembly (SAR) sublayer. AAL2 enables low bitrate and delay sensitive applications, such as Voice over ATM, to share a common ATM Virtual Channel Connection (VCC). Thus the network bandwidth utilization is improved and voice/data call establishment times are reduced. The UMTS Protocol Architecture for PSD uses ATM Adaptation Layer 5 (AAL5), see Figure umts7. This adaptation layer protocol provides support for variable bit rate connection-oriented, or connectionless data and services.

Figure umts6. User Plane UMTS Protocol Architecture in CSD. The Radio Link Control (RLC) protocol is used for the radio interface Uu.

In Figure umts7 it can be seen that some layers are the same as GPRS layers. The new layers are

Packet Data Convergence Protocol (PDCP), which maps higher-level characteristics onto the characteristics of the underlying radio interface protocols. PDCP supports IPv4, PPP, and IPv6, among other protocols. GPRS Tunneling Protocol for the User Plane (GTP-U), which tunnels user data between UTRAN and the 3G-SGSN, and between the GSNs in the backbone network.

Figure umts7. UMTS User Plane Protocol Architecture in PSD.

The UMTS Control Plane Protocol Architecture for PSD is shown in Figure umts8. SCCP is the SS7 signaling protocol in the GSM protocol architecture for the control plane (see Figure gsm11). New protocols are Radio Resource Control (RRC) and Radio Access Network Application Part (RANAP). Packet switched services of the 3G-SGSN are

GPRS Mobility Management (GMM) Session Management (SM) SMS. The UMTS Control Protocol Architecture for CSD is the same as in Figure umts8 but for the services

Mobility Management (MM) UMTS Mobility Management (UMM) Call Control (CC) Signalling Subsystem (SS)

of the 3G-MSC.

Figure umts8. UMTS Control Plane Protocol Architecture in PSD.

The User Plane Protocol Architecture for GERAN is shown in Figure umts9. The most noticeable differences of the packet switching mode are, that

the packet data convergence protocol (PDCP) is used as a radio link layer protocol for operation over the Iu-ps interface instead of the SNDCP/LLC protocols, which are used for operation over the Gb interface

to a GSM/GPRS/EGPRS CN

a transparent RLC layer has been introduced.

In the circuit switching mode, the Iu-cs interface partly uses the same protocol stack as the Iu-ps interface, but operates with RLC/MAC protocol layers in transparent mode. The protocol stack for the A interface to a GSM/HSCSD/ECSD CN is unchanged.

Figure umts9. The User Plane Protocol Architecture for GERAN.

The Control Plane Protocol Architecture for GERAN is shown in Figure umts10. The PS and CS channels are handled by the Radio Resource Control (RRC) protocol when the Iu interface is used. The radio resource (RR) protocol of GSM/GPRS is reused for the A/Gb interface. The only exception is for common control channels, such as the Broadcast Control Channel (BCCH). For such channels, the RR protocol is used regardless of service.

Figure umts10. The Control Plane Protocol Architecture for GERAN.

Radio Interface and Modulation

The UTRAN air interface Uu is based on Wide band CDMA technology (W-CDMA). UMTS W-CDMA is a Direct Sequence CDMA system where user data is multiplied with quasi-random bits derived from WCDMA Spreading codes. In W-CDMA interface different users can simultaneously transmit at different data rates and data rates can even vary in time. In UMTS, in addition to channelisation, Codes are used for synchronisation and scrambling. W-CDMA has two basic modes of operation: Frequency Division Duplex (FDD) and Time Division Duplex (TDD). Every radio cell receiver, which communicates with UE devices, is served by a Node-B device.

THE FUNCTIONS OF NOD E-B ARE:

i. ii. iii. iv. v. vi.

Air interface Transmission / Reception Modulation / Demodulation CDMA Physical Channel coding Micro Diversity Error Handing Closed loop power control The modulation scheme is Quadrature Phase-Shift Keying (QPSK).

PHYSICAL LAYER PROCEDURES ARE:

i. ii. iii. iv. v.

Cell Search with asynchronous base station operation Random Access Packet Access Paging with discontinuous reception Dedicated channel synchronisation. The physical layer processing chain consists of CRC detection, convolutional coding, turbo coding,

interleaving, radio frame and slot segmentation.

Quality of Service (QoS)

Network Services are considered end-to-end, from a UE to another UE. An End-to-End Service may have a certain Quality of Service (QoS) which is provided for network service users. The user decides whether he/she is satisfied with the provided QoS or not. To realise a certain network QoS a Bearer Service with clearly defined characteristics and functionality is to be set up from the source to the destination of a service. A bearer service includes all aspects to enable the provision of a contracted QoS. These aspects are among others the control signalling, user plane transport and QoS management functionality. A UMTS bearer service layered architecture is depicted in Figure umts11. Each bearer service on a specific layer offers it's individual services using services provided by the layers below.

Figure umts11. QoS Architecture for UMTS.

The QoS classes for UMTS are characterized in Table umts1.

Table umts1. QoS classes for UMTS

Traffic class Conversational class
REAL TIME

Streaming class
REAL TIME

Interactive class
BEST EFFORT

Background class
BEST EFFORT

- Preserves time relation (variation) between information Fundamental entities of the streamcharacteristics Conversational pattern (stringent and low delay) voice

- Preserves time relation (variation) between information entities of the stream

- Request/ response pattern - Preserves data integrity

- Destination is not expecting the data within a certain time- Preserves data integrity

Application

streaming video

web browsing

download of emails

example

UMTS Bearer Service Attributes are

Traffic class ('conversational', 'streaming', 'interactive', 'background') Maximum bit rate (kbps) Guaranteed bit rate (kbps) Delivery order (y/n) Maximum Service Data Unit (SDU) size (octets) SDU format information (bits) SDU error ratio Residual bit error ratio Delivery of erroneous SDUs (y/n/-) Transfer delay (ms) Traffic handling priority Allocation/Retention Priority Source statistics descriptor ('speech'/'unknown')

Security
The security functions of UMTS are based on what was implemented in GSM. Some of the security functions have been added and some existing have been improved. Encryption algorithm is stronger and included in base station (NODE-B) to radio network controller (RNC) interface , the application of authentication algorithms is stricter and subscriber confidentially is tighter. SECURITY FEATURES ADOPTED FROM GSM ARE

Authentication of subscribers for service access. All subscribers have to be authenticated before allowed to use the requested services. The authentication process ensures that the real identity of a subscriber is the same as the one claimed by the subscriber. Sometimes, the authentication process can be optional. In that case, UMTS security clarifies the condition how optional authentication can be used.

Radio interface encryption. The transmission of signalling and user data over the radio interface are encrypted to protect against eavesdrop by unauthorised individuals. In UMTS the encryption schemes intend to be more powerful to provide improved protection against sophisticated attacks. The increasing and available computing power improves the possibilities of cryptanalysis nowadays and in the near future. However, UMTS security addresses the fact that the method of negotiating which encryption algorithm to be used is open to attack.

Subscriber identity confidentiality. The mobile station and the radio interface keeps the permanent identity of a subscriber confidential. The network allocates a temporary identity with no reference to the permanent identity. UMTS aims to providing a more secure mechanism for allocating temporary identities.

Subscriber Identity Module (SIM) to be removable from UE hardware. UMTS uses also like GSM a removable security module in the UE. This User Services Identity Module (USIM) personalises and

implements the security features in the UE. The network operator can manage and program this

module. SIM application toolkit. These security features are retained for providing a secure application layer channel between the USIM and the home network server. Independent operation of security features. The operation of security features is independent of the user. The user does not have to do anything to operate the security features.

ADDITIONAL UMTS SECURITY FEATURES ARE

Security against using false base stations with mutual authentication. Encryption is extended from the radio interface only to include also the Node-B to RNC connection. Radio interface ciphering/deciphering in performed in RNC in the network side and in UE devices. Security data in the network will be protected in data storages and while transmitting ciphering keys and authentication data in the system.

Mechanism for upgrading security features.

Core network traffic between RNCs, MSCs and other networks is not ciphered and operators can implement protections for their core network transmission links, but that is unlike to happen. MSCs will have by design a lawful interception capabilities and access to Call Data Records (SDR), so all switches will have to have security measures against unlawful access.

UMTS SECURITY CATEGORIES ARE

Network access security: the set of security features, i.e. identification, encryption and authentication, providing users with secure access to 3G services. These security features in particular protect against attacks on the (radio) access link; Network domain security: the set of security features that enable nodes in the provider domain to securely exchange signalling data. These security features protect against attacks on the wireline network;

User domain security: the set of security features providing secure user access to UE devices. These features include the user to USIM authentication and the USIM-ME authentication. The user to USIM authentication ensures that the access to the USIM is restricted until the USIM has authenticated the user. The USIM-UE authentication ensures that access to a ME device is restricted to an authorised

USIM. The USIM and the ME must share a secret that is stored securely in the USIM and the ME. Application domain security: the set of security features that enable applications in the user domain and in the provider domain to securely exchange messages. Application domain security includes a security mechanism for accessing the user profile data and IP security. In addition, it includes a mechanism for secure messaging between the network and the USIM, e.g. to protect messages transferred over the network to applications on the USIM.

Visibility and configurability of security: the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.

UMTS SPECIFICATION HAS THE FOLLOWING USER IDENTITY CONFIDENTIALITY SECURITY FEATURES:

User identity confidentiality: the property that the permanent user identity (IMSI) of a user to whom a services is delivered cannot be eavesdropped on the radio access link; User location confidentiality: the property that the presence or the arrival of a user in a certain area cannot be determined by eavesdropping on the radio access link; User untraceability: the property that an intruder cannot deduce whether different services are delivered to the same user by eavesdropping on the radio access link.

6.1 MUTUAL AUTHENTICATION

An Authentication and Key Agreement (AKA) protocol is specified for mutual authentication of a user and a USIM network. An Authentication Vector (AV) used by AKA is calculated both in the UE and in the AuC as shown in Figure umts12. K is the long term subscriber security key shared by the UE USIM card and the AuC of the UMTS network. SQN is a sequence number and AMF is the Authentication Management Field, which supports the use of multiple AKA algorithms. MAC is a Message Authentication Code and AK is an Anonymity Key.

Figure umts12. AV calculation in a UE USIM and in the home network AuC.

An AV has the following components:

a random challenge RAND, 128 bit an expected response XRES, variable length a cipher key CK, 128 bit an integrity key IK, 128 bit

an authentication token AUTN.

RAND and XRES are utilized by the network to authenticate the UE as a MS is authenticated by a GSM/GPRS network. AUTN, a concatenation of three individual parameters, AUTN = SQN AK || AMF || MAC is utilized by the UE to authenticate the UMTS network. An overview of the AKA protocol is shown in Figure umts13.

Figure umts13. Authentication and Key Agreement (AKA) in UMTS (Chatzinotas, 2006).

After the mutual authentication, the UE and the UMTS network can agree on the calculated Ciphering Key (CK) and the Integrity Key (IK). These keys will be used throughout the rest of the session

6.2 INFORMATION CONFIDENTIALITY

UMTS employs the UMTS Encryption Algorithm (UEA) in order to provide information confidentiality. Figure umts14 depicts the encryption process of UEA which is based on the f8 algorithm. One of the main improvements of UMTS is that the link layer encrypted channel is established between the UE and the RNC. Furthermore, UEA is utilized to protect not only the data channels but also certain signalling channels.

Figure umts14. UMTS Encryption Algorithm (UEA) (Chatzinotas, 2006).

6.3 DATA INTEGRITY

Data integrity is assured explicitly through the UMTS Integrity Algorithm (UIA).

Figure umts15 depicts the operation of UIA which is based on the f9 algorithm. UIA is utilized to protect both communication and signalling.

Figure umts15. UMTS Integrity Algorithm (UIA) for UE/RNC as sender/receiver (Chatzinotas, 2006).

6.4 USER CONFIDENTIALITY UMTS utilizes the same mechanism as GSM to provide user confidentiality. Instead of the IMSI, a temporary identity (TMSI) assigned by VLR is used to identify the subscriber in the communication messages exchanged with the BS. However, the IMSI is still transmitted in cleartext over the air while establishing the TMSI. This has been proved to be a starting point for security attacks against UMTS. 6.5 GSM COMPATIBILITY UMTS has been designed to be backwards compatible with GSM. It includes standardized security features in order to ensure world-wide interoperability and roaming. More specifically, GSM user parameters are derived from UMTS parameters using a set of predefined conversion functions. However, GSM subscribers roaming in UMTS networks are supported by the GSM security context, which is vulnerable to the aforementioned GSM vulnerabilities. 6.6 SECURITY VULNERABILITIES Although UMTS security has been greatly improved in comparison with GSM, there are still some vulnerabilities, which are related to the backwards compatibility UMTS with GSM. (Meyer & Wetzel, 2004a; Meyer & Wetzel, 2004b) have presented a man-in-the-middle attack which can be mounted even if the subscriber utilizes a UMTS enabled device within a UMTS coverage area. Furthermore, for an attack described in this paper, UMTS subscribers are vulnerable to what is called a false base station attack, even if subscribers are roaming in a pure UMTS network and even though UMTS authentication is applied. This attack can be c ategorized as a rollback attack. This category of attacks exploits weaknesses of old versions of algorithms and protocols by means of the mechanisms defined to ensure backward compatibility of newer and stronger versions. According to this technique, the attacker acts on behalf of the victim mobile station in order to obtain a valid authentication token AUTN from any real network. It is assumed that the attacker has already retrieved the IMSI of the targeted subscriber, since the latter is sent in cleartext when establishing a TMSI. The attacker can capture the AUTN by

initiating the AKA procedure with any legitimate network. The next step is to impersonate a valid GSM base station to the victim mobile station. The mobile station connects and verifies the rogue BS, since it posses a valid AUTN. Furthermore, the rogue BS is configured by the attacker to utilize no encryption or weak encryption. Finally, the attacker can send to the mobile station the GSM cipher mode command including the chosen encryption algorithm. The man-in-the-middle attack is mounted and the attacker can use passive or active eavesdropping without being detected.