This specification defines the security architecture, i.e., the security features and the security mechanisms, for the third generation mobile telecommunication system.
A security feature is a service capability that meets one or several security requirements. The complete set of security features address the security requirements as they are defined in "3G Security: Threats and Requirements" (TS 21.133) and implement the security objectives and principles described in TS 33.120. A security mechanism is an element that is used to realise a security feature. All security features and security mechanisms taken together form the security architecture.
An example of a security feature is user data confidentiality. A security mechanism that may be used to implement that feature is a stream cipher using a derived cipher key.
This specification defines 3G security procedures performed within 3G capable networks (R99+), i.e. intra-UMTS and UMTS-GSM. As an example, UMTS authentication is applicable to UMTS radio access as well as GSM radio access provided that the serving network node and the MS are UMTS capable. Interoperability with non-UMTS capable networks (R98-) is also covered.
GSM security functions are defined in the TS 43.020.
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
TS 21.133 "3G Security; Security Threats and Requirements".
TS 33.120 "3G Security; Security Principles and Objectives".
TR 21.905 "Vocabulary for 3GPP Specifications (Release 1999)".
TS 23.121 "Architecture Requirements for Release 99".
TS 31.101 "UICC-terminal interface; Physical and logical characteristics".
TS 22.022 "Personalisation of UMTS Mobile Equipment (ME); Mobile functionality specification".
TS 23.048 "Security Mechanisms for the (U)SIM application toolkit; Stage 2".
TS 43.020 "Security related network functions".
TS 23.060 "General Packet Radio Service (GPRS); Service description; Stage 2".
 ISO/IEC 9798-4: "Information technology - Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function".
TS 35.201 "Specification of the 3GPP confidentiality and integrity algorithms; Document 1: f8 and f9 specifications".
TS 35.202 "Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi algorithm specification".
TS 35.203 "Specification of the 3GPP confidentiality and integrity algorithms; Document 3: Implementers' test data".
TS 35.204 "Specification of the 3GPP confidentiality and integrity algorithms; Document 4: Design conformance test data".
TS 31.111 "USIM Application Toolkit (USAT)".
TS 22.048 "Security Mechanisms for the (U)SIM Application Toolkit; Stage 1".
TS 25.331 "Radio Resource Control (RRC); Protocol specification".
TS 25.321 "Medium Access Control (MAC) protocol specification".
TS 25.322 "Radio Link Control (RLC) protocol specification".
TS 31.102 "Characteristics of the Universal Subscriber Identity Module (USIM) application".
TS 22.101 "Service aspects; Service principles".
TS 23.195 "Provision of User Equipment Specific Behaviour Information (UESBI) to network entities".
TS 43.129 "Packed-switched handover for GERAN A/Gb mode; Stage 2".
TS 35.215 "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2 and UIA2 specifications".
TS 35.216 "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2: SNOW 3G specification".
TS 35.217 "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 3: Implementors' test data".
TS 35.218 "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 4: Design conformance test data".
TS 33.401 "3GPP System Architecture Evolution: Security architecture".
TS 33.402 "3GPP System Architecture Evolution: Security aspects of non 3GPP accesses".
TS 33.220 "Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
TS 25.413 "UTRAN Iu interface RANAP signalling".
TS 22.003 "Circuit Teleservices supported by a Public Land Mobile Network (PLMN)".
TS 22.101 "Service aspects; Service principles".
TS 23.167 " IP Multimedia Subsystem (IMS) emergency sessions".
TS 24.008 " Mobile radio interface Layer 3 specification; Core network protocols; Stage 3".
 3GPP TS 43.020: "Security related network functions".
TS 23.216 "Single Radio Voice Call Continuity (SRVCC); Stage 2".
TS 25.420 "UTRAN Iur interface general aspects and principles".
TS 33.210 "3G security; Network Domain Security (NDS); IP network layer security".
TS 33.310 "Network Domain Security (NDS); Authentication Framework (AF)".
RFC 4301: "Security Architecture for the Internet Protocol".
TS 33.501 "Security architecture and procedures for 5G system".
In addition to the definitions included in TR 21.905 and TS 22.101, for the purposes of the present document, the following definitions apply:
The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
The property that data has not been altered in an unauthorised manner.
Data origin authentication:
The corroboration that the source of data received is as claimed.
The provision of assurance of the claimed identity of an entity.
A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
UMTS Entity authentication and key agreement:
Entity authentication according to this specification.
GSM Entity authentication and key agreement:
The entity Authentication and Key Agreement procedure to provide authentication of a SIM to a serving network domain and to generate the key Kc in accordance to the mechanisms specified in TS 43.020.
Within the context of this specification a user is either a UMTS subscriber (clause 6.8.1) or a GSM Subscriber (clause 6.8.2) or a physical person as defined in TR 21.905 (clause 5.3 and 5.5).
a Mobile Equipment with a UICC inserted and activated USIM-application.
a Mobile Equipment with a SIM inserted or a Mobile Equipment with a UICC inserted and activated SIM-application.
UMTS security context:
a state that is established between a user and a serving network domain as a result of the execution of UMTS AKA or as a result of inter RAT mobility from E-UTRAN  to UTRAN or GERAN. At both ends "UMTS security context data" is stored, that consists at least of the UMTS cipher/integrity keys CK and IK and the key set identifier KSI. One is still in a UMTS security context, if the keys CK/IK are converted into Kc to work with a GSM BSS.
GSM security context:
a state that is established between a user and a serving network domain usually as a result of the execution of GSM AKA. At both ends "GSM security context data" is stored, that consists at least of the GSM cipher key Kc and the cipher key sequence number CKSN.
Quintet, UMTS authentication vector:
temporary authentication and key agreement data that enables an VLR/SGSN to engage in UMTS AKA with a particular user. A quintet consists of five elements: a) a network challenge RAND, b) an expected user response XRES, c) a cipher key CK, d) an integrity key IK and e) a network authentication token AUTN.
Triplet, GSM authentication vector:
temporary authentication and key agreement data that enables an VLR/SGSN to engage in GSM AKA with a particular user. A triplet consists of three elements: a) a network challenge RAND, b) an expected user response SRES and c) a cipher key Kc.
either a quintet or a triplet.
Temporary authentication data:
either UMTS or GSM security context data or UMTS or GSM authentication vectors.
Refers to a network node or ME that conforms to R97 or R98 specifications.
Refers to a network node or ME that conforms to R99 or later specifications.
Refers to a ME that conforms to Rel-4 or R99 specifications.
Refers to a ME that conforms to Rel-5 or later specifications.
ME capable of UMTS AKA:
either a Rel4- ME that does support USIM-ME interface or a Rel5+ ME.
ME not capable of UMTS AKA:
a Rel4- ME that does not support USIM-ME interface or a R98- ME.
All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.