3GPP defined the Generic Bootstrapping Architecture (GBA) in Release 6. The Release 6 GBA is based on 3G USIMs
and ISIMs, i.e., TS 33.220
. The security level of 3G Authentication and Key Agreement is higher than the 2G SIM authentication. On the other hand, there are more than one billion people with SIMs in their phones and it will take long time to provision UICCs capable of 3G authentication to such a large population. Meanwhile there should be a way to offer services whose authentication is based on GAA also to 2G subscribers.
Mobile network operators could try first out the success of services without handing out new cards and after successful service usage migrate seamlessly to UICCs. This option leverages the mobile network operators investments into their SIM cards, while still provide easy migration. This could lower the threshold for operators to deploy more sophisticated services that usually would require a UICC from the start. In this way, it might even speed up the process of handing out UICCs to the subscribers.
The initial roll-out phases of services and service success testing would not need to rely on passwords. In addition, the introduction of 2G GBA-based authentication provides a security and operational enhancement for users that rely on SIM. Also, the availability of 2G GBA will allow building services where authentication is performed and managed in an analogous way as using USIM. The protocol wherein the SIM card is used, decides the strength of the security of the whole system. Therefore, the solution described for an early implementation feature in this specifications targets to enhance GSM security to address the known GSM vulnerabilities when using 2G GBA.
It should be noted that the work outlined in this feature does not require any change to the existing SIM specifications, in particular GBA_U as in 3G GBA will not be included in 2G GBA.
ThiS TR describes which change requests are to be implemented in addition to the Release 6
specifications TS 33.220
, TS 29.109
, and TS 24.109
to enable the usage of 2G GBA.