It was agreed that any new security architecture must be based on an evolution of GSM and must adopt four basic principles:
One of the main reasons for the development of the 3G system to make higher value services available to as many users as possible world wide, using a universal design of the handset. However, this increases the number of relationships, as the number of Users, Service Providers, and Network Operators in the market expands.
This increased level of service interaction increases the number of potential attackers and the opportunities open to them. This was not too much of a problem in the initial roll out of GSM, as there were a relatively small number of operators and the risk of compromise was low.
For 3G, the networks are getting smaller and more numerous, so opportunities for hackers and other abusers of networks will increase. Even if deliberate abuse is not considered likely, unintentional mishaps may occur as a result of the complexity and the rate of new service introduction.
- It will take into account the additional features needed for actual or predicted change in the operating environment
- It will maintain compatibility with GSM wherever possible
- It will retain those features of GSM that have proved to be robust and useful to the user and network operator
- It will add or enhance features to overcome actual or perceived weaknesses in 2G system
One of the main reasons for the development of the 3G system to make higher value services available to as many users as possible world wide, using a universal design of the handset. However, this increases the number of relationships, as the number of Users, Service Providers, and Network Operators in the market expands.
This increased level of service interaction increases the number of potential attackers and the opportunities open to them. This was not too much of a problem in the initial roll out of GSM, as there were a relatively small number of operators and the risk of compromise was low.
For 3G, the networks are getting smaller and more numerous, so opportunities for hackers and other abusers of networks will increase. Even if deliberate abuse is not considered likely, unintentional mishaps may occur as a result of the complexity and the rate of new service introduction.
