From 2G to 3G: a guide to mobile security

A close look at the ETSI (European Telecommunications Standards Institute). GSM standard shows that most of the security features were designed from an operator perspective with a view to preventing fraud and network misuse; the responsibility for implementing features related to user's privacy was delegated to the operators. This approach failed in providing a trusted environment where mobile users felt confident enough to place commercial transactions and exchange sensitive information. As technology matures and mobile data services appear, users are more than ever questioning the security of mobile communications and are becoming more aware of the associated risks. This is particularly true in the area of m-banking, where bank establishments have been reluctant to introduce sophisticated services and users uncomfortable to use their mobile telephones to transmit sensitive information about their accounts. Aware of the need to boost public confidence in mobile data services, the 3GPP (Third Generation Partnership Project) committee in charge of developing the standards for the Universal Mobile Telephony System (UMTS), took a different approach and incorporated more security requirements into the specification. This article looks at the security aspects associated with mobile communications and the way risks are addressed both in GSM and UMTS.