Security of the access interface

The access interface between the user equipment and the network element should be protected against eavesdropping and all attacks on the security-relevant information. Sufficient cryptographic mechanisms should be employed to ensure adequate security, and at least 128 bit encryption keys should be used for the security system. The interaction between the different endpoints of the local interface should be properly authenticated and authorised. Also the keys used for the security should not be shared across the local interface links and each interface should use unique keys.

Access of the user terminal and SIM remotely should be monitored such that the user can choose to allow or disallow the connection. Displaying of the information should be provided to the user to enable the user to take the decision. Further, the USIM information should be secured when it is transferred across different networks such as 3G core network, WLAN network or any other networks involved. Link Level Security. Wireless link can be classified as the most vulnerable interface among all the interfaces in the 3G-WLAN integrated network.

The link layer security provided by the WLAN network should be used for ensuring security at this layer. At this layer, the confidentiality and integrity of user data should be protected. In addition, any signalling information between the user equipment and the access point should also be secured. Another area of vulnerability is the key distribution, key validation, key freshness and key ageing. Security of any Tunnelling. UE can tunnel information to other devices in the Visited PLMN or the Home PLMN.

When such tunnelling is employed, the data origin should be authenticated and integrity checks should be supported. Also the confidentiality mechanisms should be in place between the systems. As the 3G systems have defined security roles in tunnelling, the decision on allowing tunnelling is a function of the 3G network. It is essential to implement the right decision parameters such as level of trust in the WLAN access network or the Visited PLMN involved, capabilities supported in the WLAN user equipment in terms of security in tunnelling and whether the user is authorised for such services.

Privacy of User Identity. User identity privacy ensures that none of the permanent subscriber identification information is send across the network in clear. This is based on temporary identities such as pseudonyms or re-authentication identities. Sufficient security procedures should be followed in generating, distributing, using and updating these identities. Also the period of maintaining a temporary identity is also important to prevent tracing of the identity.

Various scenarios need to be considered for design of such a system such as: ? WLAN UE receiving more than one temporary identity from the AAA server ? Tunnel establishment ? If the identity privacy support is not activated by the home network Confidentiality Protection. The confidentiality protection should consider different scenarios and network access options. The key scenarios are: ? In WLAN direct IP access: Here the function is implemented using the WLAN access network link layer.

In WLAN 3GPP IP access: Here the integrity of IP packets that is sent through the tunnel between the user equipment and the network should be protected. Research Points. Authentication, Authorisation and Accounting are the most important factors in ensuring network security. There are various techniques available in various types of network available for AAA. One example is UMTS-AKA in 3G network and EPA in wireless networks. Each of these techniques are suitable for the respective types of networks and considering the security requirements.