- to study the feasibility and acceptability of new and advanced security features in existing and future personal communication networks, based on trials and demonstrations.
The project focused on the security aspects related to UMTS. It was intended that the results of the project would provide useful input to the standardisation process throughout the project’s lifetime. Existing personal communications networks were to be taken into account solely from the point of view of the migration of users to UMTS. Concrete solutions would be developed in this project for UMTS only. However, applications of some of the solutions to other systems were expected to be possible. Furthermore, to ensure that the project remained relevant, it needed to concentrate its efforts on a subset of the security features in UMTS that were new and advanced, in the sense that they had no analogue in existing systems and were also expected to be crucial for the success of UMTS.
Enabling the evolving mobile telecommunications infrastructure to provide such new and advanced security functions, whilst addressing the growing problem of fraudulent use of telecommunications services required simultaneous action on a number of fronts. Existing mobile and cordless telecommunications networks, such as those conforming to the ETSI GSM and DECT standards, already provided certain essential security features, primarily designed to address the vulnerability of the air interface. One of the most fundamental problems that would be faced by operators of existing networks would be to evolve the current set of security features towards the more sophisticated and all-embracing set likely to be necessary for UMTS. This would, in particular, raise questions about the possible functionality that can be provided by existing and future User Identity Modules (UIMs) - the smart cards for access to UMTS networks. A further problem was posed by the ever-present threat of fraud, which the DECT and GSM security features only partly addressed. New techniques for detecting fraudulent behaviour would need to be brought into use, following the lead currently being set by large financial organisations. Totally new, and in particular end-to-end, security features would be required to address many new application domains likely to be found for mobile telecommunications networks; the possible ramifications for European business were (and still are) immense, and the likely end-to-end security requirements were wide-ranging. Finally, it could be observed that disputes about bills, often connected with cases of fraud, have increasingly become a problem for users, service providers and network operators with serious economic and legal implications for all parties involved. Therefore, features, guaranteeing the security and integrity of billing, that help to settle these disputes were urgently needed. The issue of the security and integrity of billing was of concern to many other systems besides UMTS. However, UMTS was seen to be a good candidate to implement corresponding measures as the users will already be equipped with a security module (the UIM) and the design of UMTS could still be influenced.
All these major security issues are addressed by the ASPeCT project, so to achieve the main objective, the following sub-objectives were identified:
- to investigate, implement and test in trials, solutions in the following areas:
User trials were used as part of the ASPeCT evaluation and validation. To facilitate this, ASPeCT collaborated with another ACTS project AC013: EXODUS - EXperiments On the Deployment of UMTS, which was concerned with implementing and deploying UMTS platforms.