3GMS

Third Generation Mobile Communications System

Security
Introduced in Rel-8
3GMS refers to the comprehensive security architecture and mechanisms defined for 3G (UMTS) networks. It provides a framework for authentication, confidentiality, and integrity protection, establishing the foundation for secure mobile communications beyond 2G systems. Its principles influenced later generations.

Description

The Third Generation Mobile Communications System (3GMS) security architecture is a comprehensive framework defined in 3GPP specifications, primarily TS 33.106 and TS 33.107. It was designed to address the security shortcomings of 2G (GSM) systems and provide a robust security foundation for Universal Mobile Telecommunications System (UMTS) networks. The architecture is built on a set of security features and mechanisms that protect the network, the user, and the services offered.

The core of 3GMS security is the Authentication and Key Agreement (AKA) protocol. Unlike GSM's one-way authentication (network authenticates the user), UMTS AKA provides mutual authentication between the User Equipment (UE) and the network. The protocol is based on a challenge-response mechanism using a pre-shared secret key (K) stored on the USIM and in the Authentication Centre (AuC) within the Home Environment (HE). The serving network requests authentication vectors (quintuplets) from the HE, which consist of a random challenge (RAND), an expected response (XRES), a cipher key (CK), an integrity key (IK), and an authentication token (AUTN). The UE uses the AUTN to authenticate the network and the RAND to compute its response (RES), which is sent back for verification.

Key security services provided by 3GMS include user identity confidentiality, entity authentication, data confidentiality, and data integrity. User identity confidentiality is achieved by using a temporary identity (TMSI) on the radio interface instead of the permanent International Mobile Subscriber Identity (IMSI). Data confidentiality (encryption) is applied to user data and certain signaling messages on the radio access link (between UE and RNC) using the cipher key (CK) and the UEA (UMTS Encryption Algorithm). Data integrity protection, a new feature compared to GSM, is applied to critical signaling messages using the integrity key (IK) and the UIA (UMTS Integrity Algorithm), preventing message modification and replay attacks.

The architecture defines five security feature groups: Network Access Security (I), Network Domain Security (II), User Domain Security (III), Application Domain Security (IV), and Visibility and Configurability of Security (V). Group I, the most critical, covers the security mechanisms for the radio access link, including AKA, encryption, and integrity. Group II secures the signaling and user data exchanges between network nodes (e.g., between RNC and core network) using protocols like MAPSec and IPSec. This layered approach ensures end-to-end security principles across different domains of the 3G network.

Purpose & Motivation

3GMS security was created to address the well-documented security weaknesses of its predecessor, the 2G GSM system. GSM had several critical vulnerabilities: it only provided one-way authentication (network authenticating the user), leaving it open to false base station attacks; the encryption algorithms (A5/1, A5/2) were eventually found to be weak; and there was no integrity protection for signaling, making it susceptible to manipulation. The primary motivation for 3GMS was to design a security architecture from the ground up that would be robust against known and foreseeable attacks, thereby enabling secure mobile data services and building user trust for new applications like mobile commerce.

The historical context was the transition from primarily voice-centric 2G networks to 3G networks designed for multimedia, internet access, and richer data services. These new services carried higher value and greater privacy concerns, necessitating stronger security. Furthermore, the regulatory and commercial landscape demanded better protection of user data and identity. 3GMS aimed to provide a future-proof foundation, with features like algorithm agility (the ability to introduce new cryptographic algorithms) and enhanced key lengths to withstand increasing computational power available to attackers.

It solved the problem of insecure radio links and untrusted serving networks by introducing mutual authentication, ensuring the user could verify they were connecting to a legitimate network. It also separated ciphering and integrity keys, allowing for independent strength and lifecycle management for these two functions. By defining a clear security architecture across multiple domains, it provided network operators and equipment manufacturers with a standardized blueprint for implementing interoperable and high-assurance security, which was essential for the global rollout of UMTS.

Key Features

  • Mutual Authentication via UMTS AKA protocol
  • Data confidentiality (encryption) for user and signaling data on Uu interface
  • Data integrity protection for signaling messages
  • User identity confidentiality using temporary identities (TMSI)
  • Algorithm agility for encryption (UEA) and integrity (UIA)
  • Separation of cipher key (CK) and integrity key (IK)

Evolution Across Releases

Rel-8 Initial

Introduced as the foundational security architecture for 3G (UMTS) networks. It defined the five security feature groups, the UMTS AKA protocol for mutual authentication, and the framework for encryption (UEA) and integrity (UIA) algorithms. Established the use of temporary identities (TMSI/P-TMSI) and the separation of cipher and integrity keys (CK/IK).

TS 33.106TS 33.107

Defining Specifications

SpecificationTitle
TS 33.106 3GPP TR 33.106
TS 33.107 3GPP TR 33.107