Five basic security building blocks for 3G Networks

There are many security issues relating to mobile systems beyond 3G. A distinction can be made between security for services (like web-browsing, e-commerce, etc.) and security for transport (e.g. IP connectivity, mobility management, Quality of Service, session control). The principle to separate transport from applications in the design and implementation of the system seems to be generally accepted. The use of this principle will reduce the complexity of the overall system and allows for an independent evolution of transport networks and applications. This chapter focuses on security for the transport network; in particular, on the security features and mechanisms required to provide IP connectivity to a globally roaming user. A secondary focus is on security for Quality of Service procedures in a mobile system beyond 3G.

In order to cope with the uncertainties of the detailed architecture of future mobile systems and to further reduce the complexity of the work, a modular approach was chosen. Five basic functional building blocks have been identified that are likely to be required in any type of post-3G mobile system. The different building blocks were selected in such a way that a change in one building block would have a minimal affect on the other building blocks and that it should be possible to create the overall security architecture by combining these building blocks in a suitable way. The five main building blocks identified are:

1. Secure address configuration;
2. Authentication and security association establishment;
3. IP layer security;
4. Link layer security;
5. Network domain security.

Security for Mobility Chris J. Mitchell 2004