Subject: Mobile Computing

Difficulty: Medium

Marks: 8 Marks

3GPP

It is 3rd Generation Partnership Project.3rd Generation Partnership Project (3GPP) is a collaborative project aimed at developing globally acceptable specifications for third generation (3G) mobile systems.

It is a collaboration between groups of telecommunications associations, to make a globally applicable third generation (3G) mobile phone system.

3GPP Specifications are also referred to as UTRAN, UMTS (in Europe) and FOMA (in Japan). The telecommunications standards bodies that make up the 3GPP are known as Organizational Partners (OP) and those are:

• Japan‟s Association of Radio Industries and Businesses (ARIB)
• Japan‟s Telecommunications Technology Committee (TTC),
• China Communications Standards Association (CCSA),
• South Korea‟s Telecommunications Technology Association (TTA),
• European Telecommunications Standards Institute (ETSI), and
• Alliance for Telecommunications Industry Solutions (ATIS).

The Four Technical Specification Groups (TSG) in 3GPP are:

• Radio Access Networks (RAN),
• Service and SystemsAspects (SA),
• Core Network and Terminals (CT) and
• GSM EDGE Radio Access Networks (GERAN).

3GPP caters to the following technologies:

• GSM: Global System for Mobile
• GSM includes GPRS (General Packet Radio Service) and EDGE (Enhanced Data rates for Global Evolution)
• WCDMA -Wideband Code Division Multiple Access
• HSPA -High Speed Packet Access
• LTE -Long Term Evolution

This specification defines the security architecture, i.e., the security features and the security mechanisms, for the third generation mobile telecommunication system. A security feature is a service capability (e.g. user data confidentiality) that meets one or several security requirements.

Overview of the security architecture:

Fig gives an overview of the complete 3G security architecture

From Fig, four security feature groups are defined. Each of these feature groups meets certain threats, accomplishes certain security objectives:

1. Network access security (I): The set of security features that provide users with secure access to 3Gservices, and which in particular protect against attacks on the (radio) access link.

2. Network domain security (II): The set of security features that enable nodes in the provider domain to securely exchange signaling data, and protect against attacks on the wireline network.

3. User domain security (III): The set of security features that secure access to mobile stations.

4. Application domain security (IV): The set of security features that enable applications in the user and in the provider domain to securely exchange messages.

Smart Card Security:

Smart card is called smart because it contains a computer chip. Indeed, smart card is often referred to as chip card ̳or‘integrated circuit card. It provides not only memory capacity, but computational capability as well. The self-containment of smart card makes it resistant to attack, as it does not need to depend upon potentially vulnerable external resources. Because of this characteristic, smart cards are often used in different applications, which require strong security protection and authentication.

Where are smart cards used?

There are different types of smart cards used in various application scenarios like: Smart card can act as an identification card, which is used to prove the identity of the card holder. It can also be a medical card, which stores the medical history of a person. Furthermore, the smart card can be used as a credit/debit bank card which allows off-line transactions. All of these applications require sensitive data to be stored in the card, such as biometrics information of the card owner, personal medical history, and cryptographic keys for authentication, etc.

In same way, one more example of smart card is SIM in mobile phone. SIM card (also known as a subscriber identity module) is a smart card with a microprocessor and it consists of the following modules:

• CPU
• Program memory (ROM) Working memory (RAM)
• Data memory (EPROM or E2PROM) Serial communication module
• SIM stores subscriber data that includes user identity, network authorization data, personal security
• keys, contact lists and stored text messages.

Smart Card Security:

Factors which make SIM secure are:

1.Cryptographic algorithm: The presence of cryptographic algorithm and secret key in SIM card makes the SIM card secure.

The most sensitive information of SIM card is the cryptographic algorithm A3, A8, secret Ki, PIN, PUK and Kc. A3, A8 algorithm were written into the SIM card in the producing process, and most people could not read A3, A8 algorithm. HN code could be settled by the phone owners. PUK code is held by the operator. Kc was derived in the process of encryption from Ki. Many of SIMS have RSA, DES, 3DES cryptographic algorithms implemented.

2.Secret key:

PIN and PUK

• PIN –Personal Identification Number.2 PINs exist (PIN1 and PIN2). Limited attempts on PIN access.
• PUK-PIN Unblocking Code.resetting PUK, resets PIN and the attempt counter.Too many attempts on PUK blocks use permanently.

3.SIM files system:

SIM is organized in a hierarchical tree structure; it consists of the following three types of elements:

• Master File (MF).
• Dedicated File (DF).
• Elementary File (EF).These file systems have stringent security controls.

These files are even protected through password known to user or operator.