Initial Report on Security Requirements

This report collates and analyses initial requirements for fraud management, UMTS security migration, trusted third parties and security of charging and billing. Fraud scenarios and fraud indicators have been identified and described. Details of fraud scenarios are restricted and do not appear in the report. UMTS and migration towards UMTS are briefly summarized. The security mechanisms in use by GSM and DECT are compared with 3 proposed authentication mechanisms for UMTS. The more specific requirements for the different roles on the migration path are summarised. Trusted third parties are studied. An overview of the basic role of a TTP is provided, in order to identify possible UMTS security services that require their support. The corresponding functions to be provided by the TTP are identified. The study of the requirements on secure billing started with an overview of existing methods in GSM. The UMTS defined principles and security issues were studied. Billing scenarios suitable for demonstrations were evaluated, resulting in the TTP services needed being identified. The mobile telecommunications world is undergoing a continuing transformation as increasing numbers of services are being offered to a growing number of users by more and more operators. It is essential for the continuing success of this process that the evolving security requirements of users and service providers are addressed in an appropriate and timely way. ASPeCT aims to ensure that this happens by implementing and running trials of advanced security features to prove their feasibility and acceptability. This deliverable, the first technical one, contains an initial report on security requirements, collating and analysing initial requirements on UMTS security migration, security services and fraud management. These requirements are based on the views of users, service providers, network operators, regulatory bodies and manufacturers. The deliverable contains contributions from 4 work packages: Detection and management of fraud in UMTS networks, Migration towards UMTS security, Trusted third parties and Security and Integrity of billing in UMTS. Fraud scenarios in mobile telecommunication networks have been identified and categorised. This has been done based on the partner Operators' experience of analysing fraud in existing analogue and GSM networks. These scenarios were extended towards the next generation of networks. Fraud indicators have been identified and defined, enabling the detection of important fraud scenarios. A selection has been made of those scenarios which cannot be easily detected using existing tools, but which could be identified using the rule-based or neural network-based approach. …