Content for TS 21.133 Word version: 4.1.0
8 Security Requirements p. 21
8.1 Requirements derived from threat analysis p. 21
This subclause gives a complete list of security requirements as derived from the threat analysis. They have not been ordered according to risk evaluation values. The threat or threats directly leading to the requirement or connected to the requirement are given in brackets for each entry.
8.1.1 Requirements on security of 3GPP services p. 21
8.1.1.1 Requirements on secure service access p. 21
R1a
A valid USIM shall be required to access any 3G service except for emergency calls where the network should be allowed to decide whether or not emergency calls should be permitted without a USIM. (T7d, T9a,d)
R1b
It shall be possible to prevent intruders from obtaining unauthorised access to 3G services by masquerading as authorised users. (T4a, T9a,c)
R1c
It shall be possible for users to be able to verify that serving networks are authorised to offer 3G services on behalf of the user's home environment at the start of, and during, service delivery. (T1c,e, T3c, T4a, T9b,c)
8.1.1.2 Requirements on secure service provision p. 21
R2a
It shall be possible for service providers to authenticate users at the start of, and during, service delivery to prevent intruders from obtaining unauthorised access to 3G services by masquerade or misuse of priorities. (T4a, T8a, T9a,d)
R2b
It shall be possible to detect and prevent the fraudulent use of services. Alarms will typically need to be raised to alert providers to security-related events. Audit logs of security related events will also need to be produced. (T8a,b,c, T9d,e, T10a,b)
R2c
It shall be possible to prevent the use of a particular USIM to access 3G services. (T9a,d, T10a)
R2d
It shall be possible for a home environment to cause an immediate termination of all services provided to certain users, also those offered by serving networks. (T9a,d, T10a,b)
R2e
It shall be possible for the serving network to be able to authenticate the origin of user traffic, signalling data and control data on radio interfaces. (T8a,b,c, T9c)
R2f
It shall be possible to prevent intruders from restricting the availability of services by logical means. (T3b,c, T7e)
R2g
There shall be a secure infrastructure between network operators, designed such that the need for HE trust in the SN for security functionality is minimised.
8.1.2 Requirements on system integrity p. 22
R3a
It shall be possible to protect against unauthorised modification of user traffic. (T2a, T6a,c, T7b,c)
R3b
It shall be possible to protect against unauthorised modification of certain signalling data and control data, particularly on radio interfaces. (T2b, T3b,c, T6b,c, T7a,b,c)
R3c
It shall be possible to protect against unauthorised modification of user-related data downloaded to or stored in the terminal or in the USIM. (T6d,e, T6c, T10f,i)
R3d
It shall be possible to protect against unauthorised modification of user-related data which is stored or processed by a provider. (T6c,f)
R3e
It shall be possible to ensure that the origin and integrity of applications and/or data downloaded to the terminal and/or the UICC can be checked. It may also be necessary to ensure the confidentiality of downloaded applications and/or data. (T6c,d,e,f, T10e,f,i)
R3f
It shall be possible to ensure the origin, integrity and freshness of authentication data, particularly of the cipher key on the radio interface. (T1a,b, T2b, T5c, T6c)
R3g
It shall be possible to secure infrastructure between operators. (T5a,b,c, T6a,b,c, T7a,b,c, T9b,c)
8.1.3 Requirements on protection of personal data p. 22
8.1.3.1 Security of user-related transmitted data p. 22
R4a
It shall be possible to protect the confidentiality of certain signalling data and control data, particularly on radio interfaces. (T1b,d, T5b,c,d)
R4b
It shall be possible to protect the confidentiality of user traffic, particularly on radio interfaces. (T1a, T5a)
R4c
It shall be possible to protect the confidentiality of user identity data, particularly on radio interfaces. (T1b,d, T3b, T5b,c,d,e)
R4d
It shall be possible to protect the confidentiality of location data about users, particularly on radio interfaces. (T1b, T3b, T5b,c,d,e)
R4e
It shall be possible to protect against the unwanted disclosure of location data for a user participating in a particular 3G service to other parties participating in the same 3G service. (T5f)
R4f
It shall be possible for the user to check whether or not his user traffic and his call related information is confidentiality protected. This should require minimal user activity. (T1a,b)
8.1.3.2 Security of user-related stored data p. 22
R5a
It shall be possible to protect the confidentiality of user-related data which is stored or processed by a provider. (T5c,e)
R5b
It shall be possible to protect the confidentiality of user-related data stored by the user in the terminal or in the USIM. (T10h,j)
8.1.4 Requirements on the terminal/USIM p. 23
8.1.4.1 USIM Security p. 23
R6a
It shall be possible to control access to a USIM so that it can only be used to access 3G services by the subscriber to whom it was issued or by users explicitly authorised by that subscriber. (T10a, g)
R6b
It shall be possible to control access to data in a USIM. For instance, some data may only be accessible by an authorised home environment. (T10h,j, k)
R6c
It shall not be possible to access data in a USIM that is only intended to be used within the USIM, e.g. authentication keys and algorithms. (T10h,k)
8.1.4.2 Terminal Security p. 23
R7a
It shall be possible to deter the theft of terminals. (T10a,c,d)
R7b
It shall be possible to bar a particular terminal from accessing 3G services. (T10a,c,d)
R7c
It shall be difficult to change the identity of a terminal to circumvent measures taken to bar a particular terminal from accessing 3G services. (T10a,c,d)
8.2 External requirements p. 23
8.2.1 Regulator requirements p. 23
8.2.1.1 Lawful interception p. 23
R8a
It shall be possible for law enforcement agencies to monitor and intercept every call and call attempt, and other service or call related user actions, in accordance with national laws. This shall apply to devices and/or via interfaces placed by the serving networks or home environments at the disposal of the national law enforcement agencies according to national law, and intended solely for lawful interception purposes. (Derived from Security Principles and Objectives [1]).
