This subclause gives a complete list of security requirements as derived from the threat analysis. They have not been ordered according to risk evaluation values. The threat or threats directly leading to the requirement or connected to the requirement are given in brackets for each entry.
A valid USIM shall be required to access any 3G service except for emergency calls where the network should be allowed to decide whether or not emergency calls should be permitted without a USIM. (T7d, T9a,d)
It shall be possible to prevent intruders from obtaining unauthorised access to 3G services by masquerading as authorised users. (T4a, T9a,c)
It shall be possible for users to be able to verify that serving networks are authorised to offer 3G services on behalf of the user's home environment at the start of, and during, service delivery. (T1c,e, T3c, T4a, T9b,c)
It shall be possible for service providers to authenticate users at the start of, and during, service delivery to prevent intruders from obtaining unauthorised access to 3G services by masquerade or misuse of priorities. (T4a, T8a, T9a,d)
It shall be possible to detect and prevent the fraudulent use of services. Alarms will typically need to be raised to alert providers to security-related events. Audit logs of security related events will also need to be produced. (T8a,b,c, T9d,e, T10a,b)
It shall be possible to prevent the use of a particular USIM to access 3G services. (T9a,d, T10a)
It shall be possible for a home environment to cause an immediate termination of all services provided to certain users, also those offered by serving networks. (T9a,d, T10a,b)
It shall be possible for the serving network to be able to authenticate the origin of user traffic, signalling data and control data on radio interfaces. (T8a,b,c, T9c)
It shall be possible to prevent intruders from restricting the availability of services by logical means. (T3b,c, T7e)
There shall be a secure infrastructure between network operators, designed such that the need for HE trust in the SN for security functionality is minimised.
It shall be possible to protect against unauthorised modification of user traffic. (T2a, T6a,c, T7b,c)
It shall be possible to protect against unauthorised modification of certain signalling data and control data, particularly on radio interfaces. (T2b, T3b,c, T6b,c, T7a,b,c)
It shall be possible to protect against unauthorised modification of user-related data downloaded to or stored in the terminal or in the USIM. (T6d,e, T6c, T10f,i)
It shall be possible to protect against unauthorised modification of user-related data which is stored or processed by a provider. (T6c,f)
It shall be possible to ensure that the origin and integrity of applications and/or data downloaded to the terminal and/or the UICC can be checked. It may also be necessary to ensure the confidentiality of downloaded applications and/or data. (T6c,d,e,f, T10e,f,i)
It shall be possible to ensure the origin, integrity and freshness of authentication data, particularly of the cipher key on the radio interface. (T1a,b, T2b, T5c, T6c)
It shall be possible to secure infrastructure between operators. (T5a,b,c, T6a,b,c, T7a,b,c, T9b,c)
It shall be possible to control access to a USIM so that it can only be used to access 3G services by the subscriber to whom it was issued or by users explicitly authorised by that subscriber. (T10a, g)
It shall be possible to control access to data in a USIM. For instance, some data may only be accessible by an authorised home environment. (T10h,j, k)
It shall not be possible to access data in a USIM that is only intended to be used within the USIM, e.g. authentication keys and algorithms. (T10h,k)
It shall be possible for law enforcement agencies to monitor and intercept every call and call attempt, and other service or call related user actions, in accordance with national laws. This shall apply to devices and/or via interfaces placed by the serving networks or home environments at the disposal of the national law enforcement agencies according to national law, and intended solely for lawful interception purposes. (Derived from Security Principles and Objectives ).