The security functions of UMTS are based on what was implemented in GSM. Some of the security functions have been added and some existing have been improved. Encryption algorithm is stronger and included in base station (NODE-B) to radio network controller (RNC) interface , the application of authentication algorithms is stricter and subscriber confidentially is tighter.
The main security elements that are from GSM:
Authentication of subscribers
Subscriber identity confidentially
Subscriber Identity Module (SIM) to be removable from terminal hardware
Radio interface encryption
Additional UMTS security features:
Security against using false base stations with mutual authentication
Encryption extended from air interface only to include Node-B to RNC connection
Security data in the network will be protected in data storages and while transmitting ciphering keys and authentication data in the system.
Mechanism for upgrading security features.
Core network traffic between RNCs, MSCs and other networks is not ciphered and operators can to implement protections for their core network transmission links, but that is unlike to happen. MSCs will have by design a lawful interception capabilities and access to Call Data Records (SDR), so all switches will have to have security measures against unlawful access.
UMTS specification has five security feature groups:
Network access security: the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link;
Network domain security: the set of security features that enable nodes in the provider domain to securely exchange signalling data, and protect against attacks on the wireline network;
User domain security: the set of security features that secure access to mobile stations
Application domain security: the set of security features that enable applications in the user and in the provider domain to securely exchange messages.
Visibility and configurability of security: the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.
UMTS specification has the following user identity confidentiality security features:
User identity confidentiality: the property that the permanent user identity (IMSI) of a user to whom a services is delivered cannot be eavesdropped on the radio access link;
User location confidentiality: the property that the presence or the arrival of a user in a certain area cannot be determined by eavesdropping on the radio access link;
User untraceability: the property that an intruder cannot deduce whether different services are delivered to the same user by eavesdropping on the radio access link.
Air interface ciphering/deciphering in performed in RNC in the network side and in mobile terminals. Ciphering in function of air interface protocol Radio Link Control (RLC) layer or Medium Access control (MAC) layer.
Further reading: 3GPP TS 33.102