Figure 1 gives an overview of the complete 3G security architecture.

Five security feature groups are defined. Each of these feature groups meets certain threats and accomplishes certain security objectives:

• Network access security (I): the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link;
• Network domain security (II): the set of security features that enable nodes in the provider domain to securely exchange signalling data, and protect against attacks on the wireline network;
• User domain security (III): the set of security features that secure access to mobile stations;
• Application domain security (IV): the set of security features that enable applications in the user and in the provider domain to securely exchange messages;
• Visibility and configurability of security (V): the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.

Figure 2 gives an overview of the ME registration and connection principles within UMTS with a CS service domain and a PS service domain. As in GSM/GPRS, user (temporary) identification, authentication and key agreement will take place independently in each service domain. User plane traffic will be ciphered using the cipher key agreed for the corresponding service domain while control plane data will be ciphered and integrity protected using the cipher and integrity keys from either one of the service domains. In clause 6 the detailed procedures are defined and when not otherwise stated they are used in both service domains.