8 Security Aspects
Completion requirements
8 Security Aspects
In
this chapter the security is detailed using GSM expressions. The difference to other
networks is briefly explained afterwards. The security in the more modern
networks is built on and developed from the 2G and 3G networks. GSM still is
the most popular and widespread standard.
The introduction of GSM technology should not bring any additional security risks compared to the traditional cable based telephone network, e.g. protection against billing fraud, confidentiality on the radio path, and user anonymity. Most important is the construction of the new air interface that is more vulnerable than telephone lines, because the physical access to it is very easy. Thus, different mechanisms for security of (confidential) data are implemented. They can be divided into aspects to ensure
Therefore, also the equipment needs to be secure.
Security
features are measures intended to counter security attacks by employing
security mechanisms that detect, prevent or recover from security attacks.
Security threats exist at different levels: In the physical layer it relates to
availability, error rate, denial of service and technical ease of network
attacks. In the MAC layer the shared medium poses a risk having impact on
performance (Throughput, delay, Quality of Service) and encapsulation of
packets. The availability of radio resources and power also needs to be
considered, e.g. with power control, handover decision.
In the network operations and management accounting and billing as well as authorization and authentication are the topics. The mobility of the users poses additional risks at location (tracking) and handover management and the management of the databases involved.
The introduction of GSM technology should not bring any additional security risks compared to the traditional cable based telephone network, e.g. protection against billing fraud, confidentiality on the radio path, and user anonymity. Most important is the construction of the new air interface that is more vulnerable than telephone lines, because the physical access to it is very easy. Thus, different mechanisms for security of (confidential) data are implemented. They can be divided into aspects to ensure
- User identity confidentiality (e.g. masking of ID, TMSI)
- Authentication: Verification and control of user identity
- Confidentiality and integrity of information elements of signaling and data on the air interface (e.g. encryption). Integrity proves that the content has not been modified (reordered, inserted, delayed) by an unauthorized party.
Therefore, also the equipment needs to be secure.
Also
availability is a security issue. It is achieved with adequate network access
point planning, antenna diversity, frequency
hopping, power control,
handover, timing advance to ensure
reception at the correct time slot, channel coding and interleaving
for speech data to shorten distortions at the air interface. This aspect is
dealt with in other chapters.
In the network operations and management accounting and billing as well as authorization and authentication are the topics. The mobility of the users poses additional risks at location (tracking) and handover management and the management of the databases involved.