Content for TS 21.133 Word version: 4.1.0
7 Risk Assessment p. 19
7.1 Evaluation of threats p. 19
Threats have been analysed and evaluated as regards the combined likelihood of occurrence and severity of impact. The threat analysis and the assessment of risks has followed the procedure outlined in ETSI Technical Report ETR 332 [3]. Extensive use has been made of the collected experiences of operators of first generation (analogue) systems and second generation (especially GSM) systems as regards current and envisaged threats to mobile systems. Note that this evaluation normally emanates from the situation as it is before any security mechanisms have been applied, whereas in some cases threats relate also to the situation where GSM-like security mechanisms have been assumed.
The evaluation results are given here as a list of threats evaluated as being of major or medium (significant) impact. Major threats are indicated, other threats listed are assumed to be medium impact.
7.1.1 Threats evaluated to be of major or medium value p. 19
T1a
Eavesdropping user traffic: Intruders may eavesdrop user traffic on the radio interface. (MAJOR)
T1b
Eavesdropping signalling or control data: Intruders may eavesdrop signalling data or control data on the radio interface. This may be used to access security management data or other information which may be useful in conducting active attacks on the system.
T1c
Masquerading as a communications participant: Intruders may masquerade as a network element to intercept user traffic, signalling data or control data on the radio interface. (MAJOR)
T1d
Passive traffic analysis: Intruders may observe the time, rate, length, sources or destinations of messages on the radio interface to obtain access to information. (MAJOR)
T4a
Masquerading as another user: An intruder may masquerade as another user towards the network.. The intruder first masquerades as a base station towards the user, then hijacks his connection after authentication has been performed.
T5b
Eavesdropping signalling or control data: Intruders may eavesdrop signalling data or control data on any system interface, whether wired or wireless. This may be used to access security management data which may be useful in conducting other attacks on the system.
T6e
Manipulation of the terminal or USIM behaviour by masquerading as the originator of applications and/or data: Intruders may masquerade as the originator of malicious applications and/or data downloaded to the terminal or USIM.
T9a
Masquerading as a user: Intruders may impersonate a user to utilise services authorised for that user. The intruder may have received assistance from other entities such as the serving network, the home environment or even the user himself. (MAJOR)
T9b
Masquerading as a serving network: Intruders may impersonate a serving network, or part of an serving network's infrastructure, perhaps with the intention of using an authorised user's access attempts to gain access to services himself.
T9d
Misuse of user privileges: Users may abuse their privileges to gain unauthorised access to services or to simply intensively use their subscriptions without any intent to pay. (MAJOR)
T10a
Use of a stolen terminal and UICC: Intruders may use stolen terminals and UICCs to gain unauthorised access to services. (MAJOR)
T10c
Use of a stolen terminal: Users may use a valid USIM with a stolen terminal to access services. (MAJOR)
T10d
Manipulation of the identity of the terminal: Users may modify the IMEI of a terminal and use a valid USIM with it to access services. (MAJOR)
T10e
Integrity of data on a terminal: Intruders may modify, insert or delete applications and/or data stored by the terminal. Access to the terminal may be obtained either locally or remotely, and may involve breaching physical or logical controls.
T10f
Integrity of data on USIM: Intruders may modify, insert or delete applications and/or data stored by the USIM. Access to the USIM may be obtained either locally or remotely.
T10k
Confidentiality of authentication data in the UICC/USIM: Intruders may wish to access authentication data stored by the service provider, e.g. authentication key. (MAJOR)
7.2 Results of threat analysis p. 20
Not surprisingly, as the experience from operating mobile systems has shown, most of the significant threats can be categorised into a small number of groups:
- Masquerading: as other users to gain unauthorised access to services (i.e. charged to another user's account),
- Eavesdropping: which may lead to compromise of user data traffic confidentiality, or of call-related information like dialled numbers, location data, etc.
- Subscription fraud: where subscribers exploit the services with heavy usage without any intention to pay.
