|János A. Csirik's Web Site Research papers A guide to 3GPP security documents|
You can always come back here and read the whole page if you get confused.
This page is here for people who want to learn about and study cryptographic aspects of 3GPP security documents. Please email me at user janos located at the site pobox.com with suggestions. Because of the obsolete status of this page, just about the only kind of suggestion I will consider is inserting a pointer to newer or better Web pages of this type.
3GPP, the 3rd Generation Partnership project, serves to produce standards for 3rd generation wireless phones. It kind of grew out of GSM.
In the last few years, GSM took a lot of flak for their approach to crypto algorithm design, which relied on keeping the algorithms secret. In fact, their various algorithms have been broken, as described here. (A person knowledgeable about GSM provided an alternative point of view on this: GSM broke entirely new ground in its use of cryptography in a mass market product - and the first steps were a bit tentative. It was also designed at a time when export restrictions on cryptographic products were a good deal tighter than they are now - which amongst other things meant that the algorithms were kept secret and could not benefit from public scrutiny. The result is a system which has generally done a good job of protecting its subscribers and operators, but in which some holes have appeared, and which is definitely showing its age today. Several pieces of cryptanalysis have been published.)
3GPP has chosen a superior approach to their crypto requirements. They are making open to the public all of their drafts, standards and recommendations, and rely on their algorithms withstanding the scrutiny of any interested researchers.
My aim in producing this page was to make it clear to any such "interested researchers" where and how these algorithms are published.
This page has nothing to do with North American wireless crypto standards promulgated by TIA. For more information on those algorithms, please refer to this FTP site.
You can find out a lot about 3GPP by going to their Web site. You can probably find out anything that is on this page by going over to their Web site instead. Nevertheless, here are a few more concise hints.
3GPP is quite fond of acronyms. The parts of the organization that produce documents (that we are interested in) are called TSGs, which stands for Technical Specification Groups. The TSGs have names like SA, CN, RAN, etc. This explains a lot of the subdirectories in the root directory of their FTP server, ftp://ftp.3gpp.org.
The TSG of interest here is called SA, which stands for Services and System Aspects (I think). It corresponds to ftp://ftp.3gpp.org/TSG_SA.
The TSG SA has various working groups, also known as WGs. The WGs are called simply SA1, SA2, SA3, SA4, SA5. The one of interest to us is SA3 (also known as S3), which is responsible for Security. It corresponds to ftp://ftp.3gpp.org/TSG_SA/WG3_Security/.
Here is how S3 operates. They meet every couple of months. Each meeting has a number. For example, S3 had their meeting #14 in Oslo, Norway, from August 1 to August 4 of 2000. This meeting is often referred to as S3#14. Documents from this meeting are to be found in ftp://ftp.3gpp.org/TSG_SA/WG3_Security/TSGS3_14_Oslo/. This directory, and other meetings directories, have various subdirectories, the two most interesting ones of them are Report, and Docs. The former contains a report that summarizes what happened at the meeting and what documents were considered/produced there.
The actual documents are stored in the Docs directory. They have names like S3-000404.pdf, which denotes S3 document number "0404" in the year 20"00". Now you can see why you need to look at the report to find your way around.
S3 is generally responsible for the maintenance and developement of a certain set of 3GPP documents, which fall into two groups: TSes (technical standards) and TRs (technical reports). However, the S3 is not allowed to make changes in these documents itself. Instead, it has to produce CRs (change requests) which are forwarded for approval up one level, to the TSG SA, at their next plenary meeting. TSG SA will usually, but not always, approve the CR and agree to make the changes.
Another designation that often occurs in the WG meeting documents is LS, which stands for Liaison Statement. These are produced if S3 reaches a point in their discussion where it becomes necessary to consult another WG for guidance. This can happen, for example, if some document produced by that other WG is not clear on something. Since the other WG will not be in session at the same time, an LS is drafted and sent to them to deal with at their next meeting. The other WG will produce another LS in turn to answer the question, and send it back to S3 for its next meeting, and so on.
TSG SA plenary meetings occur somewhat less frequently than S3 meetings. They are also numbered, e.g., meeting #8 took place in Duesseldorf, Germany, from June 26 to June 28, 2000. You can find documents about their meetings in ftp://ftp.3gpp.org/TSG_SA/TSG_SA/.
Two other organizations that are sometimes mentioned are ETSI and SAGE. ETSI stands for European Telecommunications Standards Institute, which had close ties with GSM and is still somehow connected to 3GPP. SAGE stands for Security Algorithms Group of Experts, and either belongs to or has been established by ETSI. SAGE tends to produce algorithms and algorithm evaluations for 3GPP, or, more specifically, for S3.
MILENAGE was introduced at S3#16, which was held in December 2000. It has been made official by SA#11 in March 2001. It is based on Rijndael.
SAGE has released an evaluation of MILENAGE. This can be found right here.
These documents can generally be found under ftp://ftp.3gpp.org/Specs/. The latest versions of the specifications can be found in the subdirectory corresponding to the latest SA meeting, for example ftp://ftp.3gpp.org/Specs/2000-12/.
Here are the pointers to the Release 99 versions
from the December 2000 meeting.
Principles, objectives and requirements
That concludes the list of algorithms that I think would be particularly good to look at, but I would be more than happy to provide a link to BEANO if someone tells me what the link is etc.
If you have written, or otherwise know about, research papers about these algorithms, please let me know! I will provide a link to them from here.
And now, gentle reader, go forth and study those algorithms!
Yours, Janos A. Csirik
This page was last edited on 28th August 2003, but pages linked from here might have been edited more recently. Also, these edits must have been minor formatting changes since I stopped maintaining the contents back in 2001. HTML 4.01.