AC095:ASPECT

ADVANCED SECURITY FOR PERSONAL COMMUNICATIONS TECHNOLOGIES

Welcome, visitor #

Main Objective

The mobile telecommunications industry is undergoing a continuing transformation as an increasing number of services, offered by more and more network operators and service providers, becomes available to a growing number of users. The main objective of ASPeCT is to study the feasibility and acceptability of new and advanced security features for these new services in existing and future personal communication networks, based on trials and demonstrations. The issues of performance, ease of integration and compatibility of new security systems in UMTS are being addressed. This means investigating, implementing and testing solutions in the following areas:

Migration of security features from existing mobile systems to UMTS;
Fraud detection and management in UMTS;
Trusted Third Parties (TTPs) for end-to-end security services in UMTS;
Capabilities of future User Identity Modules (UIMs);
Security and integrity of billing in UMTS.

ASPeCT is providing valuable input to the standardisation of UMTS security by ETSI.

Other information:

Technical Approach

Summary of Trial

Key Issues

Expected Achievements

Expected Impact

Publicly available documents (pdf or zipped ps)

(D01) Project linkages (pdf / ps.Z)
(D02) Initial report on security requirements (pdf / ps.Z)
(D03) Project trial plan (pdf / ps.Z)
(D04) Report on the use of UIMs for UMTS (pdf / ps.Z)
(D05) Migration scenarios (pdf / ps.Z)
(D06) Definition of Fraud Detection Concepts (pdf / ps.Z)
(D08) Fraud Management Tools: First Prototype (pdf / ps.Z)
(D09) Trusted Third Parties: First Implementation (pdf / ps.Z)
(D10) Secure billing: First Implementation (pdf / ps.Z)
(D11) Report on limiting smart card constraints on UIMs (pdf / ps.Z)
(D12) Migration scenarios: first implementation (pdf / ps.Z)
(D13) Fraud management tool: evaluation report (pdf / ps.Z)
(D14) Trusted third parties: evaluation report (pdf / ps.Z)
(D16) Secure billing: evaluation report (pdf / ps.Z)
(D17) Migration scenarios: final version (pdf / ps.Z)
(D18) Fraud Detection Concepts: Final Report (pdf / ps.Z)
(D19) Report on final trial and demonstration (pdf / ps.Z)
(D20) Project final report and results of trials (pdf / ps.Z)
(D23) Vocal password-based user authentication demonstration (pdf / ps.Z)
(D24) Vocal password-based user authentication report (pdf)
(D25) Legal aspects of fraud detection (pdf / ps.Z)

APRR Presentation (29 January 1998)

Slides

Papers

P. Burge, Frameworks for Fraud Detection in Mobile Telecommunication Networks, Mobile and Personal Communication Seminar, Limerick Ireland, 06/06/96.
P. Burge et al, Fraud detection and management in mobile telecommunication networks, 2nd European Conference on Security & Detection - ECOS, Proceedings of the 2nd European Conference on Security and Detection, IEE Conference publication 437, pp. 91-96, London, 28/04/97.
P. Burge, Detecting Cellular Fraud Using Adaptive Prototypes, AAAI-97 Workshop on AI - Approaches to Fraud Detection and Risk Management, Rhode Island, 27/07/97.
P. Burge et al, BRUTUS - A Hybrid Detection Tool, ACTS Mobile Summit 97, Proceedings of ACTS Mobile Summit 97, pp. 722-727, Aalborg, 07/10/97.
L. Chen, D. Gollmann, C.J. Mitchell, Key escrow in Mutually Mistrusting Environments, Cambridge Workshop on Security Protocols, Lecture Notes in Computer Science, 1189, Cambridge UK, 10-12/04/96.
L. Chen, D. Gollmann, C. Mitchell, Tailoring Authentication Protocols to Underlying Mechanisms, ACISP'96, Australian Conference on Information Security and Privacy, LNCS 1172, Wollongong NSW, 24-26/06/96.
L. Chen et al., The Use of Trusted Third Parties and Secure Billing in UMTS, ACTS Mobile Summit, Granada Spain, 27/11/96 (alos presented at Fraud and Security Requirements for Future Mobile Networks Workshop, Hong Kong, December 1996)
J. Degraeve et al., Migration/Evolution Towards UMTS - Security Issues, ACTS Mobile Summit, Granada Spain, 27/11/96.
J.C. Francis, H. Herbrig, N. Jefferies, Secure provision of UMTS services over diverse access networks, IEEE Communications Magazine 36:2, February 1998, pp132-136.
B. Franco, Demonstration of UMTS authentication, 2nd International Distributed Conference on Network Interoperability, pp. 715-721, Madeira, 16/06/97.
B. Franco, Demonstration of the authentication framework for UMTS, 4th International symposium on Communication Theory and applications, Ambleside, 13/07/97.
B. Franco et al., Authentication for UMTS: Description of trial, EPMCC 97, Proceedings, ITG-Fachbericht 145, pp. 351-358, Bonn, 30/09/97.
P. Gossett and M. Hyland, Classification, detection and prosecution of fraud on mobile networks, Proceedings of ACTS Mobile Summit, Sorrento, Italy, June 1999.
H.-J. Hitz and G. Horn, Sicheres bezahlen fuer informationdienste in zukuenftigen mobilnetzen, Proceedings of SIS'98, Stuttgart, 26-27 Maerz, 1998, vdf-Verlag, S. pp. 349-370 (in German).
G. Horn and B. Preneel, Authentication and payment in future mobile systems, Computer Security - ESORICS'98, Lecture Notes in Computer Science, 1485, pp. 277-293, 1998.
G. Horn et al, Trialling secure billing with trusted third party support for UMTS applications, Proceedings of the 3rd ACTS Mobile Communications Summit, Rhodes, June 1998, pp574-579.
N. Jefferies, Optimising enhanced mobile services by incorporating IN functionality into the SIM card, Implementing IN to Optimise Mobile Networks, London, 30/06/97.
N. Jefferies, ASPeCT - securing the future for mobile communications, Proceedings of ACTS Mobile Summit, Sorrento, Italy, June 1999.
L.R. Knudsen and T.P. Pedersen, On the difficulty of software key escrow, Eurocrypt'96, LNCS 1070, pp. 237-244, Zaragoza Spain, 1996.
M. Lapere and E. Johnson, User authentication in mobile telecommunication environments using voice biometrics and smart cards, 4th International Conference on Intelligence in Services and Networks, IS&N'97, Lecture Notes in Computer Science, 1238, pp. 437-444, Cernobbio, 27/05/97.
S. Manning, An update on the latest telecommunications standards for the GSM SIMs, Cards North Asia 97, Hong Kong, 20/11/97 (slides).
K.M. Martin, Increasing efficiency of international key escrow in mutually mistrusting domains, 6th IMA Conference on Cryptography and Coding, Lecture Notes in Computer Science, 1355, pp. 221-232, Cirencester, 1997.
K.M. Martin, Applying Cryptography within the ASPeCT Project, Information Security Technical Report (1998) Vol. 2 No. 4 pp. 41-53.
K.M. Martin and C.J. Mitchell, Analysis of hash function of Yi and Lam, Electronics Letters (1998), Vol.34, No.24, pp.2327-2328.
K.M. Martin and C.J. Mitchell, Comments on an optimized protocol for mobile network authentication and security, Mobile Computing and Communications Review (1999), Vol.3, No.2, pp.37.
K.M. Martin et al., Secure billing for mobile information services in UMTS, Intelligence in Services and Networks: Technology for Ubiquitous Telecom Services, 5th International Conference on Intelligence in Services and Networks, IS&N '98 Antwerp, Belgium, May 1998. LNCS 1430, Springer, 1998, pp535-548.
C.J. Mitchell and L. Chen, Comments on the Secret Key User Authentication Scheme, Operating Systems Review, Vol. 30 No. 4, 10/96.
Y. Moreau et al, Novel Techniques for Fraud Detection in Mobile Telecommunication Networks, ACTS Mobile Summit, Granada Spain, 27/11/96.
Y. Moreau, H. Verrelst and J. Vandewalle, Fraud detection in mobile communications using supervised neural networks, Proceedings of SNN'97: Europe's Best Neural Networks Practice, World Scientific, Amsterdam, May 1997.
Y. Moreau, H. Verrelst and J. Vandewalle, Detection of mobile phone fraud using supervised neural networks: a first prototype, International Conference on Artificial Neural Networks 97, Lecture Notes in Computer Science, 1327, pp. 1065-1070, Lausanne, 1997.
B. Preneel, On the security of two MAC algorithms, Eurocrypt'96, LNCS 1070, pp. 19-32, Zaragoza Spain, 12-16/05/96.
K. Rantos and C.J. Mitchell, Key recovery in ASPeCT authentication and initialisation of payment protocol, Proceedings of ACTS Mobile Summit, Sorrento, Italy, June 1999.
G. Vanneste, ASPeCT UMTS authentication and UIM trial, IS&N'98, Antwerp, May 1998 (slides).
G. Vanneste, N. Jefferies, E. Johnson, UMTS benefiting from public-key authentication, Proceedings of the 3rd ACTS Mobile Communications Summit, Rhodes, June 1998, pp. 185-190.

Participants / Contacts

Vodafone Ltd (UK) (Prime Contractor)	Dr. Nigel Jefferies Vodafone Ltd. The Courtyard 2-4 London Road Newbury Berkshire RG13 1JL UNITED KINGDOM Tel: +44 1635 33251 Fax: +44 1635 583417
Giesecke & Devrient (D)	Eric Johnson
Panafon (GR)	Yannis Vithynos
Siemens ATEA (B)	Geneviève Vanneste
Siemens AG (D)	Dr. Günther Horn
Royal Holloway, University of London (UK)	Prof. J. Shawe-Taylor
Katholieke Universiteit Leuven (B)	Dr. Bart Preneel
Lernout & Hauspie (B)	Hugo Van hamme
Swisscom (CH)	Jo Goedermans

Links to other Web Sites

Internal ASPeCT page

ACTS HOMEPAGE

ACTS PROJECTS BY TITLE

Workplan References: AC 415, AC 602

Areas: A05, A06

This homepage is maintained by wwwcosic@esat.kuleuven.ac.be.