ImageVerifierCode 换一换
格式:PDF , 页数:89 ,大小:1.10MB ,
资源ID:433539      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-433539.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ATIS 1000060-2014 Emergency Telecommunications Service (ETS) Long Term Evolution (LTE) Access Network Security Requirements for National Security Emergency Preparedness (NS EP.pdf)为本站会员(tireattitude366)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ATIS 1000060-2014 Emergency Telecommunications Service (ETS) Long Term Evolution (LTE) Access Network Security Requirements for National Security Emergency Preparedness (NS EP.pdf

1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-1000060.2014 Emergency Telecommunications Service (ETS): Long Term Evolution (LTE) Access Network Security Requirements for National Security/Emergency Network (NGN) Priority Services As a leading technology and solutions development organizati

2、on, ATIS brings together the top global ICT companies to advance the industrys most-pressing business priorities. Through ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, qua

3、lity of service, billing support, operations, and more. These priorities follow a fast-track development lifecycle from design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredite

4、d by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunication

5、s sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit . AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been m

6、et by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Cons

7、ensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufa

8、cturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the

9、right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American

10、 National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards

11、 by calling or writing the American National Standards Institute. Notice of Disclaimer and security for transport of signaling and user data over LTE interfaces, the Management Plane, Supporting IP Services, and Circuit Switch Fallback (CSFB) Signaling for interworking with Universal Mobile Telecomm

12、unications System (UMTS) and Code Division Multiple Access (CDMA) Single Carrier Radio Transmission Technology (1xRTT). The scope is restricted to security of NS/EP NGN-PS (i.e., NGN Government Emergency Telecommunications Services and Wireless Priority Services, abbreviated as GETS and WPS, respect

13、ively) as defined in ATIS-1000057 that are specific to the LTE access network. The scope of this document is limited to priority voice services for non-roaming scenarios. Figure 1.1 illustrates the approach used to define and organize the security requirements that address protection of NS/EP NGN-PS

14、 for the LTE Access Network. In this document, the LTE Access Network as defined in 3GPP TS 23.002 consists of the: 1NGN Service Providers have elected to reuse CS technology rather than an IMS solution for their initial voice communications solution. The 3GPP specification TS 23.272 covers circuit

15、switch fallback (CS-FB). 2This refers specifically to traversal over various LTE interfaces in order to securely establish bearer channels needed for priority communications. ATIS-1000060.2014 8 air interface, backhaul network, and packet core (Evolved Packet Core EPC). Figure 1. 1 - Approach For ea

16、ch segment of the LTE Access Network Segments (A. Air Interface, B. Backhaul, and C. Packet Core) the security requirements cover the following four areas: 1. Security of LTE Features that are specific to NS/EP NGN-PS: confidentiality, integrity, and availability protection of features such as the a

17、dvance priority features. 2. Security of LTE Features that support NS/EP NGN-PS: confidentiality, integrity, and availability protection of LTE functions and procedures used to support NS/EP NGN-PS (e.g., integrity protection of the special usage of call admission and other features that support NS/

18、EP NGN-PS). 3. Consideration of LTE Security features critical to NS/EP NGN-PS: In cases where the LTE security specifications allow options, specific selections may be needed for NS/EP NGN-PS security. 4. Other: features and feature interworking, such as security of priority CSFB and management of

19、LTE security and risk assessments that do not fit into the other categories. For each of these four areas, the approach is extended through the user, management, and con-trol planes, and when combined with the three network segments, constitutes three dimensions of coverage. A. UE, E-UTRA (Uu) B. EU

20、TRAN (X2 and S1) C. EPC, PCRF, HSS, SPR(Rx, Gx, Sp, SGi and SGx) i. Control Planeii. User Planeiii. Mgmt. PlaneAIRINTERFACEBACKHAULPACKETCORE1. Security of NS/EP PS-specific LTE Features2. Security of LTE Features Used to Support NS/EP PS3. Considerations of LTE Security Options for NS/EP PS 4. Othe

21、r: CSFB, Management of LTE Security, Risk AssessmentsATIS-1000060.2014 9 1.1 Relationship of Concepts Vocabulary for 3GPP Specifications (Release 10). 3rd Generation Partnership Project TS 124 301 ETSI TS 124 301 V8.3.0 (2009-09), Universal Mobile Telecommunications System (UMTS); LTE; Non-Access-St

22、ratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 8.3.0 Release 8). 3rd Generation Partnership Project. TS 22.011 3GPP TS 22.153 V9.4.0 (2010-06), Technical Specification Group Services and System Aspects; Service accessibility (Release 9). 3rd Generation Partners

23、hip Project TS 23.002 3GPP TS 23.002 V10.2.0 (2011-03), Technical Specification Group Services and System Aspects; Network architecture (Release 10). 3rd Generation Partnership Project TS 23.401 3GPP TS 23.401 V10.7.0 (2012-03), Technical Specification Group Services and System Aspects; General Pack

24、et Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) Access (Release 10). 3rd Generation Partnership Project TS 23.402 3GPP TS 23.402 V10.7.0 (2012-03), Technical Specification Group Services and System Aspects; Architecture enhancements for non-3GPP

25、Accesses (Release 10). 3rd Generation Partnership Project 5This document is available from the Alliance for Telecommunications Industry Solutions (ATIS) at 6This document is available from the Alliance for Telecommunications Industry Solutions (ATIS) at 7This document is available from the Alliance

26、for Telecommunications Industry Solutions (ATIS) at 8This document is available from the International Telecommunications Union. 9This document is available from the Internet Engineering Task Force (IETF). 10This document is available from the Third Generation Partnership Project (3GPP) at . ATIS-10

27、00060.2014 12 TS 24.301 3GPP TS 24.301 V8.1.0 (2009-03), Technical Specification Group Core Network and Terminals; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (Release 8). 3rd Generation Partnership Project TS 32.372 3GPP TS 32.372 V9.0.0 (2009-12), Technical Specifica

28、tion Group Services and System Aspects; Telecommunication Management; Security services for Integration Reference Points (IRP); Information Service (IS) (Release 9). 3rd Generation Partnership Project TS 33.102 3GPP TS 33.102 V10.0.0 (2010-12), Technical Specification Group Services and System Aspec

29、ts; 3G Security; Security architecture (Release 10). 3rd Generation Partnership Project. TS 33.210 3GPP TS 33.210 V9.0.0 (2009-12). Technical Specification Group Services and System Aspects; 3G Security; Network Domain Security; IP Network Layer Security (Release 9). 3rd Generation Partnership Proje

30、ct TS 33.220 3GPP TS 33.220 V10.1.0 (2012-03). Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); generic Bootstrapping Architecture (GBA) (Release 10). 3rd Generation Partnership Project TS 33.221 3GPP TS 33.221 V10.0.0 (2011-03). Technical Specifi

31、cation Group Services and System Aspects; Generic Authentication Architecture (GAA); Support for Subscriber Certificates (Release 10). 3rd Generation Partnership Project TS 33.310 3GPP TS 33.310 V11.1.0 (2012-09), Technical Specification Group Services and System Aspects; Network Domain Security (ND

32、S); Authentication Framework (AF) (Release 11). 3rd Generation Partnership Project TS 33.401 3GPP TS 33.401 V10.2.0 (2011-09), Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security Architecture (Release 10). 3rd Generation Partnership Project T

33、S 36.331 3GPP TS 36.331 V8.2.0 (2008-05), Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA) Radio Resource Control (RRC); Protocol Specification (Release 8). 3rd Generation Partnership Project TS 36.423 3GPP TS 36.423 V8.0.0 (2007-12), Technical

34、Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access Network (EUTRAN); X2 application protocol (X2AP) (Release 8). 3rd Generation Partnership Project 2.5 3GPP2 References11X.S0057-0 3GPP2 X.S0057-0. April, 2009. E-UTRAN - eHRPD Connectivity and Interworking: Core Netw

35、ork Aspects, Version 1.0. 3 Definitions, Acronyms, a process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities (users, programs, processes, or other systems) according to that policy. 3.1.1.2 Authentication: The process of verif

36、ying the claimed identity of an entity (e.g., User Equipment, Service User, Service Provider, or other data source). 3.1.1.3 Authorization: A process of granting an authenticated entity (e.g., User Equipment, Service User, or Service Provider) access to a service or resource based on access rights a

37、nd privileges. ATIS-1000060.2014 13 3.1.1.4 Availability RFC 2828: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services accordi

38、ng to the system design whenever users request them. 3.1.1.5 Confidentiality TS 33.210: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. 3.1.1.6 Data Integrity TS 33.210: The property that data has not been altered in an unauthoriz

39、ed manner. 3.1.1.7 Integrity: See Data Integrity and System Integrity. 3.1.1.8 System Integrity RFC 2828: The quality that a system has when it can perform its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation. 3.1.2 Security Threats, Definition

40、s, or unauthorized disclosure of information. 3.1.2.3 Vulnerability: Any weakness that could be exploited to violate the integrity of a system or the information it contains. 3.1.2.4 Threat ITU-T X.800: A potential violation of security. Example threats to a communication system include the followin

41、g: a) Destruction of information and/or other resources; b) Corruption or modification of information; c) Theft, removal, or loss of information and/or other resources; d) Disclosure of information; and e) Interruption of services. 3.1.3 Security Attack Descriptions 3.1.3.1 Masquerade ITU-T X.800: A

42、 masquerade is where an entity pretends to be a different entity. A masquerade is usually used with some other forms of active attack, especially replay and modification of messages. For instance, authentication sequences can be captured and replayed after a valid authentication sequence has taken p

43、lace. An authorized entity with few privileges may use a masquerade to obtain extra privileges by impersonating an entity that has those privileges. 3.1.3.2 Replay ITU-T X.800: A replay occurs when a message, or part of a message, is repeated to produce an unauthorized effect. For example, a valid m

44、essage containing authentication information may be replayed by another entity in order to authenticate itself (as something that it is not). 3.1.3.3 Rogue device: Term used to describe an unauthorized device connected to the network that poses security risks and threats. Rogue or misbehaving User E

45、quipment (UE) attaching to the network could allow access-based threats. 3.1.3.4 Modification of messages ITU-T X.800: Modification of a message occurs when the content of a data transmission is altered without detection and results in an unauthorized effect, as when, for example, a message “Allow J

46、ohn Smith to read confidential file Accounts” is changed to “Allow Fred Brown to read confidential file Accounts”. 3.1.3.5 Denial of Service (DoS) ITU-T X.800: Denial of service occurs when an entity fails to perform its proper function or acts in a way that prevents other entities from performing t

47、heir proper functions. The ATIS-1000060.2014 14 attack may be general, as when an entity suppresses all messages, or there may be a specific target, as when an entity suppresses all messages directed to a particular destination, such as the security audit service. The attack may involve suppressing

48、traffic as described in this example or it may generate extra traffic. It is also possible to generate messages intended to disrupt the operation of the network, especially if the network has relay entities that make routing decisions based upon status reports received from other relay entities. 3.1

49、.3.6 Insider attacks ITU-T X.800: Insider attacks occur when legitimate users of a system behave in unintended or unauthorized ways. Most known computer crime has involved insider attacks that compromised the security of the system. NOTE: For NS/EP NGN-PS, the term “legitimate users” in the definition applies to both the Service User (i.e., OEC/DHS employee or contractor responsible for operations procedures such as database updates) and the Service Provider employee (e.g., administrator). 3.1.3.7 Outsider attacks

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1