Research Project Title
Analysis of 2G and 3G Mobile Security

Principal Investigators
Roy H. Campbell
M. Dennis Mickunas

Unit #12
Project Overview

Wireless data, multimedia applications and integrated services will be among the major driving forces for 3G. However, security of the wireless link is still a concern. In addition to regular security threats for data in wired networks, wireless communications rely on open and public transmission media that may raise additional security vulnerabilities. Fortunately, the 3GPP draft technical specification 33.102 for 3G security promises an increased level of security that features mutual authentication, integrity verification and stronger keys.

Further, with the advent of IP enabled 3G devices that deploy Mobile IP set of protocols to provide mobility and IP connectivity, new security threats arise. The triangular routing that is introduced by Mobile IP can be utilized to launch effective denial of service attacks by providing the home agent with bogus care-of addresses or abusing remote resources and route setup protocols. To address some of these problems, the IETF has produced a draft specification that defines mechanisms for authenticating mobile hosts and ensuring their legitimacy, controlling access to resources and defining billing relationships a mobile user will have with remote service providers. This standard is called Authentication, Authorization and Accounting (AAA) [RFC2977].