3G Design Decisions Quiz

Questions and Answers

What was the deliberate design decision in 3G regarding user traffic and signaling traffic?

Both user and signaling traffic were considered equally security critical.

User traffic was considered more security critical than signaling traffic.

User traffic was not considered at all in terms of security.

Signaling traffic was considered more security critical than user traffic. (correct)

How is a security breach in an SGSN or RNC in one 3G network different from EPS?

Both 3G and EPS networks are equally vulnerable to security breaches.

There is no difference between the impact of a breach in 3G and EPS networks.

In 3G, a breach affects all 3G networks, while in EPS, the impact is limited to the breached network.

In 3G, a security breach has no impact on other 3G networks, while in EPS, it may affect other networks. (correct)

What was the key improvement introduced in EPS to address the issue of session keys being handed from one RNC to another?

Cryptographic network separation of authentication material (correct)

Introduction of session keys CK, IK

Handling session keys at the edge of access networks

Assumption that an RNC compromise would be rare

What is the primary security focus under Network access security in 5G?

Authentication, Integrity, and Ciphering of Signaling and data

How does handling of session keys differ between 3G and EPS networks?

Session keys are handled by eNBs at the edge of access networks in EPS but not in 3G.

What was the reason for introducing forward security in handovers in EPS networks?

To mitigate risks associated with handling session keys at vulnerable locations

What are the temporary identifiers used in 3G systems and 4G/5G systems respectively?

TMSI and GUTI

In which situation is authentication through temporary identifiers not possible?

During the first-time registration with a network

What kind of attacks are known as 'IMSI catching' attacks?

Attacks that force revealing long-term identity

What has the 3GPP decided to address regarding IMSI Catchers in 5G?

To address the privacy problem despite backward compatibility impacts

In 5G security specifications, what is not allowed over the radio interface?

Plain-text transmissions of SUPI

What does an active man-in-the-middle adversary aim to achieve in relation to temporary identifiers?

Preventing the disclosure of long-term identity

Why is the use of a digital air interface important in GSM?

It enables tighter frequency re-use patterns and minimizes interference problems.

What security feature in GSM identifies the Mobile Equipment (ME) uniquely?

Unique number coded into the ME

In GSM, how is the Mobile Subscriber authenticated?

By a smart card known as a Subscriber Identity Module (SIM)

What is the main function of the VLR in GSM networks?

Allocation of new Temporary Mobile Subscriber Identity (TMSI) numbers

Why is the frequent updating of Temporary Mobile Subscriber Identity (TMSI) important for GSM subscribers?

To enhance privacy and security by making it difficult for calls to be traced.