To build on the work already undertaken for 2nd and 3rd generation systems by ETSI, ARIB, T1P1, TTA and TTC in order to:
Determine the objectives and priorities for UMTS security taking into account the needs and aspirations of users, operators, regulators and manufacturers.
Accommodate, as far as is practicable, any regional regulatory variations in security objectives and priorities for 3GPP partners.
Accommodate, as far as is practicable, regional regulatory requirements that are related to the processing of personal data and privacy.
Ensure that a threat analysis for UMTS is conducted.
Detail the security requirements for UMTS - this to include, but not necessarily be limited to, security requirements for services, user access to services, billing and accounting, operations and maintenance, and fraud control.
Detail the security requirements for the physical elements of UMTS - this to include, but not necessarily be limited to, security requirements for the radio access network, the core network and its interfaces to non-UMTS networks, terminals, user identity module (UIM) and interfaces between UMTS networks .
Define a security architecture for UMTS which will satisfy the security requirements and align with the UMTS system architecture.
Produce specifications for all the elements in the security architecture.
Produce specifications for the operations and management of the security elements.
Produce requirements specifications for any cryptographic algorithms needed for the security elements.
Ensure the availability of any cryptographic algorithms which need to be part of the common specifications.
Define how the specifications for the security elements are to be integrated into the radio access, core network, terminal, UIM, O&M and other relevant specifications produced by 3GPP, and to assist with that integration.
Detail the requirements for lawful interception in UMTS, and produce all specifications needed to meet those requirements. This work shall be performed in conjunction with the regional standards bodies.
Produce a time and milestones plan for the introduction of the various elements of the security architecture which is in line with the security priorities and the phasing of UMTS.
Produce guidelines on the use of the UMTS security elements, including any requirements for operator specific algorithms.
Produce guidelines on the limitations of UMTS security, and of the implications of not activating the security elements that are provided.
Liaisons may be established with the following bodies: ETSI SMG10, ETSI SAGE, ETSI TC Security, ARIB security group, 3GPP working groups and other bodies as required.