Phil Medd of Racal Instruments Wireless Solutions — an Aeroflex Company — examines the vital components of Inter-System Hand Over — regarded as an essential requirement for all 3G UMTS networks

After all the hype and speculation regarding the ‘killer features’ that 3G networks may bring, one of the basic features seems to have been taken for granted: the ability to place and hold voice calls wherever the mobile is located. When GSM networks were first introduced about 10 years ago, the ability to handover a call from the current analogue networks to the new digital ones was not considered necessary. Given the success of the digital networks, and GSM in particular, the situation is now quite different, and the ability to hand over a voice call between 2G and 3G networks will remain essential until the geographical coverage of the 3G infrastructure has expanded to match. The capability to handover between 2/2.5G and 3G technologies has been designed into the standards, but as the new networks are rolled out, will the early offerings provide this essential feature?

3G will be a success

That the WCDMA 3G network will succeed is not in doubt. There are too many major players involved with large vested interests for it to fail. Even if users don’t yet need all the new features offered, the network operators will gain from reduced costs and increased capacity. The data services being introduced in the 2.5G networks will readily migrate to 3G, where they can be improved over time with, for example, MMS superseding SMS. 3G will succeed — it’s just a question of when.

Networks are being installed at a rapid rate — Vodafone has installed over 1000 base stations in the UK alone — and the first networks have been in commercial service for a number of months. However, although early adopters tend to be tolerant, the mass market will stay away until the service is reliable, the coverage is good and value for money is reasonable. Any perceived problems will inevitably delay mass adoption. Also, if a price premium is to be charged, the quality of service will have to be higher than current services — no backward performance step will be tolerated.

As the new technology is introduced, it will take some time for the geographical coverage of the network to match that achieved by the existing 2/2.5G networks. Where 3G coverage is absent, the user will need to make use of the 2/2.5G network, bringing with it the requirement for the mobile to be able to support both Radio Access Technologies (RATs). For this reason, all 3G mobiles currently being introduced are ‘dual-RAT’. Not only does the mobile need to be able to search for either type of network at power-on, but also re-select the network type when moving out of the 3G coverage area. When a mobile is in a call, it needs to be able to be handed over from one network type to the other without the user being aware of it happening. For GPRS terminals, the packet service connection also needs to be transferred to the other network.

The assumption has been made that 2/2.5G coverage will be ubiquitous, so handover from 2/2.5G to 3G has been given a lower priority. However, this assumption will become less safe as 3G network coverage increases. Thus it is essential that current mobiles are capable of supporting 2/2.5G to 3G inter-system handover if a future performance problems are to be avoided.

Early teething problems

Current networks do not support reliable inter-system handover during voice calls, and is not even attempted for 2G to 3G transitions on the assumption that the 2G network is always available. This unreliability, due mainly to protocol errors, results in calls unexpectedly being dropped, and there can be a temporary loss of any service, sometimes requiring the handset to be power-cycled to recover.

Early evidence indicates that some users are not happy with their first experience of 3G technology. Price reductions are attracting subscribers, but retaining them is proving difficult due to poor network performance. One disgruntled user reports difficulty making calls, while another has had difficulty sustaining a call after moving out of 3G coverage area.

The 2G networks have set expectations, and the natural assumption is that the new service will be at least as good, and certainly not worse. The key message is that a backward step in service quality will not be acceptable.

Technical challenges

Integrating a dual-RAT handset represents some significant technical challenges for the handset designer. The handset needs to incorporate two different RF sections. The 3G bands extend up to 2.1GHz and have very demanding linearity characteristics due to the high crest-factor of WCDMA signals. Two different baseband processors are needed to support the fundamentally different WCDMA and TDMA modulation and channel coding schemes. To support both 2G and 3G, two quite different protocol stacks need to be integrated. In practice, existing, well-tried 2/2.5G protocol stacks are updated to work in parallel with new UMTS stacks.

Fitting all this into one handset, while retaining acceptable battery life represents just part of the problem. In the 2/2.5G network, the hand over mechanism relies on measurements made by the mobile, feeding back information about the neighbouring cells to the network, where the hand over decision is made. The pulsed nature of the TDMA air interface leaves spare slots when the mobile is able to rapidly search for, decode and measure the level and quality neighbouring cells, feeding this information back to the network in regular measurement reports. However, in a pure 3G network, the WCDMA technology uses constant transmission and reception, with no free slots available for the mobile to re-tune and search for 2/2.5G networks.

Therefore, to provide inter-system hand over capability a transmission gap is created to allow the mobile time to search for 2/2.5G signals and provide the measurement reports needed by the network. To provide this transmission gap, in what is known as compressed mode, without affecting normal use of the handset represents another challenge for the designer. Different mechanisms are used to compensate for the gap, such as increasing the data rate either side of the gap so that the overall data rate remains unchanged.

After all this, once the network has decided to make an inter-system hand over, the signalling mechanism is relatively straightforward, with a single message exchange used to start and acknowledge the transfer. The final challenge for the handset designer is to devise a means of testing this procedure. Trying to bring together the resources needed for an in-house solution can be a time-consuming exercise, and is unlikely to result in a system that is suitable for conformance testing.

The way forward

Test equipment that provides rigorous inter-system hand over test capability has been lacking, but is now starting to appear, including formal conformance test capability. Conformance test cases exist in 3GPP documents TS 34.123 (for 3G to 2G cell selections and handovers) and TS 51.010 (for the corresponding 2G to 3G transitions). However, only a small number are being provided at high priority and these mostly use blind handover, where compressed mode is not required and the mobile is not required to perform the measurements during the transmission gap.

None of these dual-RAT test cases have yet been ratified by the Global Certification Forum (GCF), the industry body responsible for prioritising and approving the tests applied during handset certification. It is unlikely that a sufficient number of test cases will have been approved by the GCF until the middle of 2004 for 3G handset certification to become mandatory. Until then, network operators are running the risk that handsets will be released to the public that may fail the conformance tests.

To minimise this risk, handset manufacturers must ensure that their handsets will pass whatever test cases are available. Where necessary this could include early versions of the test cases, for example in the case of the dual-RAT ones.

Conclusion

Lessons have been learnt from the introduction of GSM, but dealing with handover to/from a legacy system was not one of them as there was no analogue/digital handover capability, at least in European networks. Remember that analogue networks struggled to handover from one cell to the next.

The pressure to introduce 3G services must be immense, due to the need to start recovering the investment made in the licence and infrastructure, but there is a danger in introducing the new technology before it is fully tested. Until recently there were no test solutions available, but this is no longer the case.

In the near future, other forms of inter-system handover are likely to be necessary — for example 3G – WiFi — so ensuring that an effective test method is available as a high priority, not an afterthought, is a lesson that needs to be heeded.

In the light of security concerns on fixed IP networks it is clear that operators of 3G networks will need the absolute trust of subscribers if they want multi-media and other services to be successful. Establishing interoperable security protocols will be essential to that. Experts at Huawei Technologies provided Mobile Europe with a full account of the security architecture and structure of WCDMA 3G services — as specified by the 3GPP.

The biggest obstacle that faces the mobile subscriber to second or third generation network services is the perception that radio transmission lacks data security and privacy.

A recent investigation of the Boston Consultation Group showed that in Sweden, where 70% of adults use mobile telephones, 87% of subscribers worry if they transmit a credit card number through the mobile network. Furthermore, the later all-IP 3G network will not only be an environment with open air interfaces, but also a fully open public network, and the security problems will be even more critical.
It is very important to guarantee security of service and information transmission in 3G. Without good security, a large amount of new 3G services such as e-business, electronic trade, and other network services will be made a nonsense of. That is, a true 3G system cannot live without good security.

Solving the 3G security problem has become key to achieving 3G system acceptance. That is also the problem the two standardization organizations, 3GPP and 3GPP2, are being faced with. 3GPP and 3GPP2 have both prepared security standards, but they have not kept step. The 3GPP  set up a special SA3 working group during the initial phase which is responsible for preparing security standards for other groups. However, the early security standards of the 3GPP2 were prepared by each working group themselves, and sorted by the TIA TR-45 group. Since a 3G system has many security problems and different working groups cannot prepare uniform security standards, the 3GPP2 proceeded slowly in its preparation. Then, based on the experience of the 3GPP, the 3GPP2 founded its TSG S4 group in August, 2001 which is responsible for the security problems of the 3GPP2 system. The agenda of the group was established at the 3GPP2 OP/SC meeting early in November, 2001 in Shenzhen of China. As the 3GPP (WCDMA) security standards are relatively mature and comprehensive, this article lays emphasis on the 3GPP security standards.

3G inherits from 2G

3G systems inherit the following security features of 2G systems.
l Encryption on the air interface.  3G inherits the air interface information encryption mechanism of 2G. It also strengthens the air interface encryption algorithm and lengthens the key.
l The subscriber identity is a secret on the air interface.
l Like the 2G SIM card, the 3G USIM card also serves as a mobile hardware security module. It is under the management of the network provider and is independent of the user equipment (UE).
l The USIM application toolkit provides a secure application layer channel between the USIM and the home network.
l Security related operations are independent of the UE. That is, the security application is transparent to the subscriber and provides to the subscriber the highest security visibility.

3G brings a host of new services and with them additional security challenges. For instance, in 3G the multi-service feature will bring new service providers, so 3G systems will not only have to process subscribers’ communication requests better but need to provide higher security than the existing fixed network and mobile network.

The traditional direct charging mode will no longer play a lead role. Various pre-paid and immediate payment services will form new charging rules and the 3G security system will need to provide satisfactory security methods for the new charging systems. In 3G, “active attack” will become the primary attack manner, in which the attacker may disguise the attacking equipment as a part of the network to induce security loopholes.

Additionally, UE will be used for e-business and other application platforms. Multi-application smart cards that include the USIM application will be used in the UE. The smart card and the UE will use environments such as Java to realize those applications and the UE may also have to support personal authentication by biological characteristics.

UMTS Security Technology

UMTS Security Technology
The 3GPP information security systemm includes access network security and core network (CN) security. Access network security refers to subscriber authentication and the encryption and complete privacy of information on the air interface. Core network security includes Mobile Application Part (MAP) security and IP security — which are based on the  MAP application of SS7 and IP. Among the 3GPP security standards, R99 is mainly for access network security and is already secure, R4 is for MAP security and has provided the MAPSec mechanism, and R5 is for all-IP security.

The security architecture is based on  three layers, the application layer, service layer and transport layer. The layers achieve the following security features:
l Network access security. This security feature provides a secure access network for 3G subscriber services, including subscriber identity access authentication in the case of USIM access to HE, access verification in the case of USIM insertion into UE and prevention of attacks on the subscriber service information on the air access link, or radio link).
l Network domain security. This  guarantees that the nodes in the service provider domain can safely exchange signaling data and attack can be prevented on the cable network.
l Subscriber domain security. This ensures that the subscriber can safely access the UE and provide services through the UE.
l Application domain security. This guarantees security of the application layer and ensures that the application layer of the subscriber domain and that of the service provider domain can safely exchange messages.
l Secure configurability and visibility. This is a guarantee of security information provided to the subscriber. It tells the subscriber whether the security features of a system are enabled and whether the application and setting up of services should depend on the security features.

The security standards the 3GPP has prepared, or is preparing, include the air interface security standard and the authentication and key negotiation security standard in R99, MAPSec security standard in R4 and R5, and IP network layer security standard and IMS security standard in R5. Standards for the latter three security features in the list above have not been prepared yet. They will be given in the successive releases.

Air Interface Standard

3G access security includes air interface access security and subscriber access inter-authentication. The former protects subscriber information and signalling information transmitted on the radio link. The latter provides authentication between the subscriber and the network, guaranteeing the security of both the subscriber and the network.

Air interface access security refers to confidentiality protection for service plane information and control plane information (i.e. information encryption and integrity protection for  control plane information). The confidentiality protection is to protect the information from passive attack such as wiretapping and disclosure. Through information encryption, confidentiality protection guarantees the privacy of information.Integrity protection protects the information from active attack such as deletion, modification and addition. The air interface access security methods are implemented at the Radio Network Controller (RNC) and UE.

Air interface security can be achieved using the f8 and f9 algorithms. The f8 algorithm achieves confidentiality protection on the air interface, and f9 achieves integrity protection. According to 3GPP specification, f8 and f9 must be standardized algorithms (i.e. algorithms uniformly realized by each network provider and manufacturer.) Only uniform algorithms can guarantee interconnection and interworking between devices and between systems on the basis of secure information transport.

For confidentiality protection and integrity protection, the 3GPP prepares different standards. Confidentiality protection can be freely selected by network providers, while integrity protection is mandatory. The system may not be subject to confidentiality protection (like 2G systems), but it must be under integrity protection (peculiar to 3G systems). From the aspect of 3G services, it is impossible not to provide confidentiality protection for the subscriber information. For example, the telecommunication operator Vodafone has definitely stated that their future 3G network must support confidentiality protection and that unencrypted communication will not be allowed.

In August, 1999, the 3GPP began to work on a standard encryption algorithm — called the Kasumi algorithm — to achieve interface security. The ETSI SAGE working group, together with the technical personnel from the relevant corporations, was committed to the development. The algorithm was formally released in December, 2000. Achieving the f8 and f9 algorithm functions, the Kasumi algorithm is the first standard encryption algorithm on the air interface.

Authentication and key agreement

Authentication and key agreement are implemented on the USIM card in the UE and at the Visitor Location Register (VLR) of the CN. However, on the network side, the authentication parameters are calculated by the Home Location Register (HLR) and sent to the VLR. The VLR saves the information and performs identification between the network and the UE/USIM. The algorithms for the procedure are realized at the USIM and HLR/AuC.

Different from the 2G system, the 3G system performs bidirectional authentication, including authentication of the network by the subscriber and authentication of the subscriber by the network. The inter-authentication procedure is accompanied by key negotiation, i.e. negotiation of the encryption key and integrity key respectively .

According to 3GPP specifications, the f0-f5 algorithms achieve authentication and key negotiation functions. Since subscriber authentication information is determined in the USIM card and HLR/AuC independent of the VLR, the f0~f5 algorithms need be consistent only between the USIM card and the HLR authentication centre and the consistency need be guaranteed by only the communication service provider. That is, the f0~f5 algorithms need not be standardized. Note that such functionality and requirements are completely inherited from the current 2G system.

Despite the non-standardization of the authentication algorithm, 3GPP committed the 3GPP MCC to develop an example algorithm for the AKA function. The MCC put forward a draft of the algorithm in which the AES-Rijndael algorithm serves as a core algorithm. Some corporations are assessing the security of using the Rijndael algorithm as the authentication algorithm. The 3GPP  wants the finally released example algorithm to be the first choice of 3G product manufacturers and 3G network providers.

MAPSec Security

In 3G systems, the MAP signaling message is used to perform location update, supplementary services and call control. It uses the SS7 protocol as its transport layer protocol (it will use the IP transport layer protocol later). Since the SS7 protocol itself does not provide any security methods, the MAP message on the transport layer will inevitably be subject to some security threats and attacks. For example, the MAP message may be modified, added or deleted. The MAP security function protects SS7 signaling in the 3G core network. That function is put forth by the 3GPP, and the 2G system provides no protection for the MAP message.

According to 3GPP’s specification, the complete set of enhancement and extension mechanisms for protecting the MAP is named MAPSec protocol. The MAPSec protocol provides the MAP information transport security and security management procedures. It is based on the application layer and is independent of the network layer and transport layer.

Due to the complexity of the core network architecture, MAPSec needs to perform independent security management and key negotiation. A new network unit — the Key Administration Center (KAC) is introduced to the network in order to achieve MAPSec. The KACs of different networks set up MAPSec Security Associations (SAs) through IKE negotiation. The MAP SAs define the mode, key and ciphering algorithm used for protecting MAP signaling. They are valid within the whole PLMN and are distributed to the Network Entities (NEs) in the PLMN that implement MAPSec. A confirmed SA will serve as the security association for intercommunication between NEs in the same network or in different networks, providing security protection for the communication between NEs. According to core network MAPSec security standards, it is through the KAC that the MAP SAs are negotiated, updated and distributed and provide security protection for the communication between NE nodes.

According to MAPSec security standards, a packet extension header needs to be added to implement the MAP security function. This will increase the load of the MAP message and affect a message that is already overloaded. The 3GPP balances MAP security, MAP message load and security level requirement, and the MAPSec protocol provides three protection modes which are applicable to different situations.
l Mode 0: No protection. In this mode, no security method is provided.
l Mode 1: Integrity protection is provided for the MAP signaling. The f7 algorithm is used to apply a digital signature to the security header and plain text so as to achieve integrity protection.
l Mode 2: Full protection. In this mode, both confidentiality protection and integrity protection are provided. The f6 algorithm encrypts the plain text so as to achieve confidentiality protection. The f7 algorithm is used to apply a digital signature to the security header and plain text to give integrity protection.

Similar to the air interface security,  MAPSec security also provides only confidentiality protection and integrity protection. According to 3GPP specifications, the f6 algorithm achieves the MAPSec confidentiality protection function, and the f7 algorithm achieves the MAPSec integrity protection function. To guarantee MAPSec security protection as well as interconnection and interworking between core networks of different network providers and between different core network devices, f6 and f7 must be standardized algorithms. Currently, the 3GPP has suggested that the Rijndael algorithm should serve as a core algorithm.

IP Network Layer

The IP transport protocol is introduced to the network reference model in the 3GPP system. Generally, the network provider will not own a special transport network but use the public Internet to transport information. This not only saves costs but facilitates interworking with other network or service providers. However, this also brings security threats. The connection to the network becomes a kind of public access in some sense. It is subject to network attack such as wiretapping and deceiving and may lead to re-report, service suspension or other datagram attacks, and consequently damage the routine operations and reputation of the network provider.

IP network layer security in 3G provides network security protection based on the control plane. Network control is usually divided into the security domain and Border Gateway (BG). The security domain directly communicates with the core network of an individual network provider. The BG is under the protection of the Security Gateway (SEG). The SEG is a security entity on the border of a network. According to relevant security policies, SEG performs security protection for the control plane data, and monitors and manages the packet stream between the internal private network and the external network. SEG does not protect the user plane data. If the policies allow, it can be used to protect the direct packet exchange with the external host, server or terminal. It can set up a secret session by establishing and negotiating a SA.

IP security architecture

IP-based network security architecture is structured based on the point-to-point security idea — key administration and distribution are both on the basis of IPSec IKE. Typically, the network of an individual network provider will form a secure domain, in which the same security level and security service will be adopted. If the network provider divides the network into multiple subnets, each subnet will own an independent secure domain. With such architecture, the network can adopt independent security policies and even be divided into multiple logically secure domains according to different requirements, independent of the external network. This increases the flexibility of security applications.

In this architecture, the SEG serves as the only entity for direct communication with other network domains. Through the SEG, IPSec security channels are established and maintained between different network domains. Each SEG keeps at least one IPSec channel to the peer SEG at any time. A NE (network element) can also set up IPSec security channels to the SEG or other NEs in the same network domain. In the 3G network domain, the IPSec security protocol is always in ESP rather than AH mode. Therefore, the IPSec security channels are all IPSec ESP security channels. In addition, the security architecture forcedly requires that integrity protection against replay attack must be provided.

One of R5’s important functions is to achieve multimedia services. R5 provides the specifications for achieving an IP Multimedia Subsystem (IMS). The IMS service access security standard is based on the security features and security mechanisms of the 3G system — providing safe access for IMS.

Since the IMS supports IP-based multimedia applications such as video service, audio service, multimedia meeting, etc, 3GPP chose Session Initiation Protocol (SIP) as the signaling protocol for initiating and terminating multimedia sessions. Therefore, guaranteeing the IMS service access security protects the SIP signaling and to perform inter-authentication between the subscriber and the IMS.

For IMS services, the IMS has defined multiple NEs that are different from the NEs in the conventional system. The subscriber has an IM Service Identification Module (ISIM) which functions like the conventional SIM card. The ISIM is responsible for processing the IMS related parameters such as key, sequence number, etc. It is independent of the USIM and is specially applied to the IM service subscriber. The security parameters it processes are also independent of those processed by the USIM.

The Home Subscriber Server (HSS) functions like the conventional HLR. According;y in 3GPP R5 specifications, besides the mandatory capabilities of the HLR, the HSS can also be used for the private account data processing of the IM subscriber in the register network. In some sense, the HLR is a subset of the HSS.

The Call Session Control Function (CSCF) in the IMS processes the session status in the network and provides connection to other entities, including Serving CSCF (S-CSCF), Proxy CSCF (P-CSCF) and Inquiry CSCF (I-CSCF).

IMS service access

The current topic of the 3GPP is mainly the 3G service security problem. Presently, all discussions focus on support of subscriber certificates, multicast/broadcast service (MBMS) security, presence service security and security of interworking between WLAN and 3GPP.

The emphasis of the 3G subscriber certificate is to set up the WPKI frame. It studies the possible protocol adopted on each interface, division of the entity function, generation position of the private key/public key, life cycle, etc. Research on the MBMS security includes multicast subscriber authentication, multicast key administration, develping a hierarchy model of unicast key and multicast keys, key division protocol and traffic flow encryption protocol.

The basic frame of interworking between WLAN and 3GPP is already determined, including authentication for EAP-SIM and EAP-AKA in the case of access of the WLAN to the 3GPP, subscriber identification privacy method, re-authentication procedure, etc. Furthermore, the model of trust between WLAN network providers and 3GPP network providers also needs to be discussed to determine which level of security protection should be provided in each circumstance. Presence service security is also a hot spot. Discussion about this includes authentication of watcher and presentity, authentication protocol, etc. Presence is closely related to the IMS. The IMS related parts in presence tend to be separated and gradually added to the IMS security protocol.

This document generally describes the access and core network security technologies specified in the current 3GPP security standards, prepared mainly for the security of the present WCDMA system. The standards will be developed simultaneously with other technology standards. R6 has been developed up to now. As security is very important in WCDMA, the immature parts in the existing security standards will be improved as far as possible in the future and other security standards will be prepared soon.