ANSI TIA-102.AAAB-A-1-2014 Project 25 Security Services Overview Addendum 1- Key Management Architecture (Addendum to TIA-102.AAAB-A).pdf

1、 TIA-102.AAAB-A-1 (Addendum to TIA-102.AAAB-A) September 2014Project 25 Security Services Overview Addendum 1- Key Management Architecture ANSI/TIA-102.AAAB-A-1-2014 APPROVED: SEPTEMBER 9, 2014 NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through elimin

2、ating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall no

3、t in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally.

4、Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Sta

5、ndard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its

6、use. Any use of trademarks in this document are for information purposes and do not constitute an endorsement by TIA or this committee of the products or services of the company. (From Project No. ANSI/TIA-PN-102.AAAB-A-1, formulated under the cognizance of the TIA TR-8 Mobile and Personal Private R

7、adio Standards, TR-8.3 Subcommittee on Encryption). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Technology and Standards Department 1320 N. Courthouse Road, Suite 200 Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS A

8、ND ENGINEERING PUBLICATIONS or call IHS, USA and Canada (1-877-413-5187) International (303-397-2896) or search online at http:/www.tiaonline.org/standards/catalog/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents eith

9、er in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this document, please contact the TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission.

10、Details are located at: http:/www.tiaonline.org/standards/catalog/info.cfm#copyright or Telecommunications Industry Association Technology (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be

11、amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or inv

12、estigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investi

13、gate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discrimi

14、natory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged

15、 in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Procedures for American National Standards) then (i) TIA di

16、sclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see TIA Procedures for American National Standards Annex C.1.2.3) of Essential Pat

17、ent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monit

18、or compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WAR

19、RANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAK

20、ES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FO

21、R ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER

22、 BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED

23、 BY TIA WITHOUT SUCH LIMITATIONS. TIA-102.AAAB-A-1 1 FOREWORD This document is being developed by the APCO Project 25 Interface Committee (APIC) Encryption Task Group (ETG) for publication as a TIA standard. TIA Standards are designed to serve the public interest by eliminating misunderstandings bet

24、ween manufacturers and purchasers, facilitating conformance, interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining the proper telecommunications product for their particular need. Existence of such Standards shall not in any respect preclude any Membe

25、r or non-Member of the TIA from manufacturing or selling products not conforming to such Standards. Except as provided in the Engineering Manual, Standards are proposed or adopted by the TIA without regard to whether their proposal or adoption may in any way involve patents or intellectual property

26、on articles, materials, or processes. By such action, the TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting TIA Standards, to parties manufacturing or selling products or services conforming to such Standards or to users of such pro

27、ducts or services. Other TIA rules respecting Standards where patents are involved are contained in the Manual and should be read in conjunction with these Guides-PV. Furthermore, in all cases specific requirements and restraints expressed elsewhere in these Guides must govern. TIA-102.AAAB-A-1 2 PA

28、TENT IDENTIFICATION The readers attention is called to the possibility that compliance with this document may require the use of one or more inventions covered by patent rights. By publication of this document, no position is taken with respect to the validity of those claims or any patent rights in

29、 connection therewith. The patent holders so far identified have, we believe, filed statements of willingness to grant licenses under those rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such licenses. The following patent holders and patents have be

30、en identified in accordance with the TIA intellectual property rights policy: No patents have been identified. TIA shall not be responsible for identifying patents for which licenses may be required by this document of for conducting inquiries into the legal validity or scope of those patents that a

31、re brought to its attention. TIA will neither be a party to discussion of any licensing terms or conditions, which are left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TRADEMARK IDENTIFICATION No trademarks

32、 are referenced in this specification. TIA-102.AAAB-A-1 3 Table of Contents FOREWORD. 1 PATENT IDENTIFICATION 2 TRADEMARK IDENTIFICATION 2 A. Addendum Introduction 5 B. Revision History . 5 C. References 5 C.1 Normative References . 5 C.2 Informative References 6 D. definitions. 6 E. Abbreviations .

33、 6 F. Addendum Modifications . 8 F.1 Section 6 8 F.2 Section 7 9 TIA-102.AAAB-A-1 4 Table of Figures Figure 1 - General System Model . 10 Figure 2 Voice Encryption/Decryption Functional Relationship 13 Figure 3 Encrypted Voice Call Functional Representation 14 Figure 4 Encrypted Group Call Functiona

34、l Representation 15 Figure 5 Voice Encryption Functional Partitioning 16 Figure 6 Voice Encryption Key Manager to Voice Encryption Endpoint Functional Model. 18 Figure 7 Key Management with Cryptonets . 19 Figure 8 Voice Encryption Key Manager to Key Manager Functional Model . 20 Figure 9 Wireline K

35、ey Management using the Key Fill Device Interface 21 Figure 10 Wireline Key Management using the KMF-to-KFD Interface . 22 Figure 11 Wireless Key Management using OTAR 23 Figure 12 Wireline Key Management using the Inter-KMF Interface 24 Figure 13 Combined Wireline and Wireless Key Management 25 Fig

36、ure 14 Wireless OTAR Key Management over ISSI . 26 Figure 15 Data Encryption Functional Model . 27 Figure 16 Data Encryption Functional Flow . 28 Figure 17 Encrypted Data Functional Partitioning 29 Figure 18 SU to FNE CAI Encrypted Data . 31 Figure 19 SU to SU CAI Encrypted Data . 32 Figure 20 CAI D

37、ata Encryption Key Management Functional Model . 33 Figure 21 Wireline Key Management using the Key Fill Device Interface 36 Figure 22 Wireline Key Management using the Key Fill Device Interface 37 Figure 23 Wireless CAI Data Encryption Key Management using OTAR 38 Figure 24 CAI Data Encryption Key

38、Management Architecture Example 39 Figure 25 LLA Endpoints . 40 Figure 26 - Unit Authentication Functional Model . 42 Figure 27 - Mutual Authentication Functional Model . 43 Figure 28 Link Layer Authentication Key Management Functional Model . 45 Figure 29 LLA Key Management of SU . 47 Figure 30 LLA

39、 Key Management of FNE . 47 Figure 31 LLA Key Management between FNEs . 48 TIA-102.AAAB-A-1 5 A. ADDENDUM INTRODUCTION This addendum introduces a high level functional and architectural overview of the security and key management architecture for TIA102 system configurations. It provides an overview

40、 along with the functional and key management architectural models and descriptions. This addendum is meant to provide the reader with a high level understanding of the TIA102 security architecture and key management principles. Detail of these architectures including key management messages and pro

41、tocols are located in the documentation listed in Section C. This addendum provides an overview of the security architecture and does not attempt to address all aspects and details of the possible configurations. B. REVISION HISTORY Revision date Revision comments May 2011 Initial draft of “Security

42、 Services Architecture Overview” with Voice Encryption key management architecture. September 2011 Updated to reflect August 18, 2011 comment resolutions “ETG 11-011-R2 MOT Responses Harris Comment Matrix on ETG 11-010” Document is now 102.AAAB-A-1 (Security Services Overview Addendum 1). August 201

43、2 IP Data Encryption added October 2012 Updated to reflect IP Data encryption comment resolutions in “ETG 12-031-R3 Moto Responses to Combined Comments on ETG 11-010 R4 (SSO IP Data)” July 2013 Updated to reflect Authentication comment resolutions “ETG 13-020 R5 MSI Responses to HRS+SFG Comments on

44、ETG 11-010 R6” September 2013 Final editorial changes for transfer to TR8.3 Encryption Subcommittee. LLE and Encrypted IP Data sections are TBDs. June 2014 Editorial updates to ballot version C. REFERENCES The following normative and informative documents contain provisions, which, through reference

45、 in this text, constitute provisions of this addendum. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this addendum are encouraged to investigate the possibility of applying the most recent editions of the stan

46、dards indicated below. ANSI and TIA maintain registers of currently valid national standards published by them. C.1 Normative References 1 TIA-102.AAAB-A, Project 25 Security Services Overview, January 2005. 2 TIA-102.AACE-A, Project 25 Digital Land Mobile Radio Link Layer Authentication, April 2011

47、 TIA-102.AAAB-A-1 6 3 Project 25 Digital Land Mobile Radio Link Layer Encryption (currently under consideration by ETG) 4 TIA-102.AACA-A, Over the Air Rekeying (OTAR) Messages and Procedures, (date) 5 TIA-102.AACD-A, Project 25 Digital Land Mobile Radio Key Fill Device (KFD) Interface Protocol, (dat

48、e) 6 TIA-102.BAKA, KMF to KMF Interface, April 2012 7 TIA-102.AACD-A-1, Project 25 Digital Land Mobile Radio Key Fill Device (KFD) Interface Protocol Addendum 1, (currently under consideration by ETG) 8 TIA-102.AAAD-A, Project 25 Digital Land Mobile Radio Block Encryption Protocol, August 2009 9 TIA

49、-102.BACA-B, Project 25 Inter-RF Subsystem Interface Messages and Procedures for Voice Services, Mobility Management, and RFSS Capability Polling Services, November 2012 C.2 Informative References 10 TSB 102-B, System and Standards Definition (shell) document, June 2012 11 Rfc 4301, Security Architecture for the Internet Protocol, December 2005 D. DEFINITIONS Cryptonet A cryptonet is a group of SU users that share a common traffic encryption key. Cryptonets may consist of voice encryption keys, data encr