Content for TS 33.102 Word version: 16.0.0
Figure 1 gives an overview of the complete 3G security architecture.
Figure 1: Overview of the security architecture
Five security feature groups are defined. Each of these feature groups meets certain threats and accomplishes certain security objectives:
Network access security (I): the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link;
Network domain security (II): the set of security features that enable nodes in the provider domain to securely exchange signalling data, and protect against attacks on the wireline network;
User domain security (III): the set of security features that secure access to mobile stations;
Application domain security (IV): the set of security features that enable applications in the user and in the provider domain to securely exchange messages;
Visibility and configurability of security (V): the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.
Figure 2 gives an overview of the ME registration and connection principles within UMTS with a CS service domain and a PS service domain. As in GSM/GPRS, user (temporary) identification, authentication and key agreement will take place independently in each service domain. User plane traffic will be ciphered using the cipher key agreed for the corresponding service domain while control plane data will be ciphered and integrity protected using the cipher and integrity keys from either one of the service domains. In clause 6
the detailed procedures are defined and when not otherwise stated they are used in both service domains.
Figure 2: Overview of the ME registration and connection principles within UMTS for the separate CN architecture case when the CN consists of both a CS service domain with evolved MSC/VLR, 3G_MSC/VLR, as the main serving node and an PS service domain with evolved SGSN/GGSN, 3G_SGSN and 3G GGSN, as the main serving nodes (Extract from TS 23.121  - Figure 4-8)