Top   in Index   Prev   Next

TR 33.817
Feasibility study on
(Universal) Subscriber Interface Module (U)SIM security reuse
by peripheral devices on local interfaces

3GPP‑Page   ToC  
V6.1.0 (Wzip)  2004/12  39 p.
Dr. Yaqub, Raziq

full Table of Contents for  TR 33.817  Word version:  6.1.0

Here   Top

0  Introductionp. 5

Wireless Local Area Networks (WLANs), first envisioned as a way to offer convenient access within enterprise networks, has now become popular installations in public spaces, and residences alike. This drift has dramatically altered the landscape of wireless data access. Not only their emergence, but also the potential interworking of public WLANs with 3G systems has become a topic of increasing importance and urgency for the entire wireless community.
The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WLAN access environment. Thus the WLAN effectively becomes a complementary radio access technology to the 3GPP system. Potential areas of interworking between a 3GPP system and WLAN include common authentication, authorization, and accounting functions. Under these state of affairs the User Equipment used to access different networks (3GPP, WLAN) may be implemented over a number of physical devices e.g. PC or PDA reusing (U)SIM Security on Local Interfaces.
The 3G-WLAN interworking requirements specified in TR 22.934 requires the ability for a SIM or USIM to be used for providing common access control and charging for WLAN and 3G services using the 3GPP system infrastructure. The current specifications of SIM and USIM in 3GPP assume a one-to-one association between the UICC and the Mobile Equipment (ME) to constitute the User Equipment (UE). Though this assumption holds in some UE architecture models, but do not hold in some models that are derived from the 3G-WLAN interworking requirements TR 22.934. Here are some examples where such a one-to-one association is not possible when we consider WLAN to be a separate MT function.
  • (U)SIM inside a GPRS/UMTS PC card module is used for WLAN authentication on a Laptop or PDA in addition to its use for GPRS/UMTS authentication.
  • (U)SIM inside a GSM/UMTS terminal is used for WLAN authentication on a Laptop or PDA over a Bluetooth local link, in addition to its use for GSM/UMTS authentication.
  • (U)SIM inside Dual-mode GPRS and WLAN terminal is used for WLAN authentication in addition to GSM authentication (Assuming WLAN and GPRS are separate MT functions).
  • (U)SIM inside a Triple-Mode UMTS, GPRS, WLAN terminal used for WLAN authentication in addition to UMTS and GPRS authentication.
  • (U)SIM inside a USB or PC Card UICC reader module is used to authenticate a WLAN session using a Laptop or PDA.
For these diverse usage models the specific security threats and issues need to be studied and appropriate security requirements need to be specified to counteract the threats. This document studies the specific security threats, issues and appropriate security requirements to counteract the threats and surmount the issues.

1  Scopep. 6

This Feasibility Study report conducts a threat analysis and determines the feasibility of Reuse of a Single SIM, USIM, or ISIM by peripheral devices on local interfaces to access multiple networks. Most important for this Reuse is the authentication and key agreement (AKA) function provided by these applications. The peripheral devices include 3GPP and WLAN devices that function as integrated or attachable peripherals on Laptops or PDAs or other mobile data devices. The multiple access networks of interest correspondingly include 3GPP and WLAN type networks. The objective of this study is to realize the diverse usage models with multiple external (wired or wireless) interfaces from a security point of view, without incorporating significant changes to the 3GPP and WLAN infrastructure. It also studies the impact on current security specifications for 3GPP, especially given that some issues have already been identified surrounding key setting procedures, USIM sequence number synchronization, UICC presence detection/UICC application presence detection and termination of the UICC usage etc. It also studies additional user authentication requirements (e.g. PINs) when used over local interfaces like Bluetooth, IR or USB. Further more it studies the impact on having many entities using the same security mechanism and any 3GPP core network elements. Reuse of security functions provided by applications on the UICC does not have an impact on ownership and control of the UICC, which remains with the issuer of the UICC. This Feasibility Study may be used as a basis for future CRs to TS 33.234 as and when any of the proposals are developed by SA WG3.

2  Referencesp. 6

3  Definitions and abbreviationsp. 7

4  General Aspectsp. 8

5  Threat Analysisp. 19

6  Potential Requirementsp. 21

7  Feasibility of diverse usage modelsp. 24

8  Conclusionp. 25

A  Additional Information on Issue No. 2p. 27

B  Additional Information on Bluetoothp. 29

C  Bibliographyp. 38

$  Change historyp. 39

Up   Top