An identified security weakness in 2G systems is the absence of security in the core network. This was formerly
perceived not to be a problem, since the 2G networks previously were the provinces of a small number of large
institutions. This is no longer the case, and so there is now a need for security precautions. Another significant
development has been the introduction of IP as the network layer in the GPRS backbone network and then later in the
UMTS network domain. Furthermore, IP is not only used for signalling traffic, but also for user traffic. The introduction
of IP therefore signifies not only a shift towards packet switching, which is a major change by its own accounts, but also
a shift towards completely open and easily accessible protocols. The implication is that from a security point of view, a
whole new set of threats and risks must be faced.
For 3G and fixed broadband systems it is a clear goal to be able to protect the core network signalling protocols, and by
implication this means that security solutions must be found for both SS7 and IP based protocols.
The security services that have been identified as being needed are confidentiality, integrity, authentication and antireplay protection. These will be ensured by standard procedures, based on cryptographic techniques.
This TS defines the security architecture for network domain IP based control planes, which shall be
applied to NDS/IP-networks (i.e. 3GPP and fixed broadband networks). The scope of network domain control plane
security is to cover the control signalling on selected interfaces between network elements of NDS/IP networks.