ImageVerifierCode 换一换
格式:PDF , 页数:13 ,大小:281.76KB ,
资源ID:540837      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-540837.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ATIS 0100001-2004 User Plane Security Guidelines and Requirements.pdf)为本站会员(李朗)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ATIS 0100001-2004 User Plane Security Guidelines and Requirements.pdf

1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-0100001.2004(R2013) User Plane Security Guidelines and Requirements As a leading technology and solutions development organization, ATIS brings together the top global ICT companies to advance the industrys most-pressing business priorities. Th

2、rough ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, quality of service, billing support, operations, and more. These priorities follow a fast-track development lifecycle f

3、rom design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredited by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for the 3rd

4、 Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit. AME

5、RICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review,

6、substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made towards their resolut

7、ion. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The Amer

8、ican National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National S

9、tandards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institu

10、te require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards by calling or writing the American National Standards Institute. Notice of Disclaimer changes cannot be prevented un

11、less the system is perfect (error-free) and no malicious user has access. However, a system that offers data integrity service might also attempt to correct and recover from changes. Relationship between data integrity service and authentication services: Although data integrity service is defined s

12、eparately from data origin authentication service and peer entity authentication service, it is closely related to them. Authentication services depend, by definition, on companion data integrity services. Data origin authentication service provides verification that the identity of the original sou

13、rce of a received data unit is as claimed; there can be no such verification if the data unit has been altered. Peer entity authentication service provides verification that the identity of a peer entity in a current association is as claimed; there can be no such verification if the claimed identit

14、y has been altered. 10 2ATIS-0100001.2004 3.1.8 Emergency Telecommunications Service: A telecommunications service offering available on public communications networks that facilitates the work of authorized emergency personnel in times of disaster, national emergency, or for executive/governmental

15、communications relating to National Security/Emergency Preparedness (NS/EP). 3.2 Acronyms & Abbreviations 3GPP 3rd Generation Partnership Project AES Advanced Encryption Standard ANSI American National Standards Institute ATIS Alliance for Telecommunications Industry Solutions EPA Environmental Prot

16、ection Agency ETS Emergency Telecommunications Service FEMA Federal Emergency Management Agency FIPS Federal Information Processing Standards GETS Government Emergency Telecommunications Service HAZMAT Hazardous Materials HMAC Keyed-Hash Message Authentication Code NS/EP National Security / Emergenc

17、y Preparedness PIN Personal Identification Number PLMN Public Land Mobile Network PSTN Public Switched Telephone Network SHA Secure Hash Algorithm SHS Secure Hash Standard WPS Wireless Priority Service 4 BASIC GUIDELINES FOR SECURITY AND CRYPTOGRAPHIC MECHANISMS AND THEIR IMPLEMENTATION 1. Wherever

18、possible, security protocols will be open source and standardized. 2. Where encryption is used, AES (in its current FIPS equivalent) will be utilized wherever it applies. 3. Where encryption is used for integrity, HMAC (SHA-1) will be used. 4. Simplicity, reliability, and wide-spread implementabilit

19、y will be valued over the inclusion of a plethora of options. 5. Security mechanisms for ETS communications (other than AES and HMAC-SHA1) will be reviewed by qualified security/cryptographic experts before selection. The selected mechanisms (beyond those already provided in the public network) shou

20、ld be implemented by qualified security/cryptographic experts. It should be noted that certain FIPS Standards will be required in applications contracted by the U.S. Government (e.g., AES, HMAC-SHA). 3ATIS-0100001.2004 5 SECURITY LEVELS FOR ETS COMMUNICATIONS In developing security guidelines for ET

21、S, it is useful to ascertain the level of security that is needed for a particular ETS communication. It is recognized that different users of this service will require differing levels of security. While authentication is needed in all cases, some cases may not need data confidentiality. In Annex A

22、, 5 levels (1 is highest) of emergency users/priorities are listed in Table A.1. Annex A also offers descriptive scenarios to further clarify the distinctions between the different levels. These levels are supported in the Wireless Priority Service2. It is expected that the number of priority levels

23、 might be different for other networks (e.g., the Internet). Because they are already part of an existing ETS, the 5 levels defined in Annex A are used to delineate the different levels of security needed for an ETS communication. Even though some network types (e.g., the Internet) may only offer on

24、e priority level for ETS communications, the network may provide different security mechanisms to different classes of users. From a user-plane perspective, security will be end-to-end. 6 SECURITY REQUIREMENTS FOR ETS COMMUNICATIONS 6.1 Authentication Requirements ETS users must be able to be authen

25、ticated by at least one method. Ideally, at least two authentication mechanisms should be supported: one that will be available on any users equipment (generic) and one that will require a specialized piece of user equipment (hardware specific). Once authenticated, the call or session could in some

26、way be labeled as an ETS communication to facilitate ETS handling. Other methods for providing security without labels may be possible. Any call/session entering an ETS enabled network with an ETS label (e.g., from the PSTN) will be authorized by default if it is from a trusted network and the call/

27、session will receive the appropriate priority treatment in the network. Trusted networks are networks that are trusted at the level of security needed for the particular communication session. The recognition of trusted networks will be accomplished in the signaling and control plane and is for furt

28、her study. For networks that are not trusted, one or more of the authentication methods described below will be used. The behavior of ETS labels (if used) on international networks is not part of this Standard. This important topic is for further study. 6.1.1 Generic Authentication Generic authentic

29、ation of calls/sessions originating on an ETS enabled access network, if offered, will be available to an ETS user on any given users equipment. This might be accomplished, for example, by calling a special number and entering a PIN, or accessing a special website and downloading an applet that prom

30、pts for a username and password. If a PIN is used, the length should be at least twelve3characters (numerals and/or letters). For the generic authentication, no special hardware is required nor is any special hardware expected to be in the communications equipment. The intent of this method is that

31、authentication can be accomplished using access to the public network using common consumer premises equipment. 2 See for more information. 3Twelve numerals are used in the current GETS system. ETS must have at least that level of security. This level of security is considered the lowest acceptable

32、level. 4ATIS-0100001.2004 The recognition of ETS enabled networks and how ETS communications will be established across one or more network sections that are not ETS-enabled are for further study and will probably be addressed in the signaling and control plane. 6.1.2 Hardware Specific Authenticatio

33、n Hardware specific methods of authentication may be dependent upon the ETS users equipment. This authentication will only be available on particular pieces of equipment (e.g., phones, computers, etc.), and may additionally require a smartcard, and/or biometrics, and/or a PIN. 6.2 Authorization Requ

34、irements An authenticated ETS user will be authorized to receive special handling of his/her communications consistent with that users priority level. The authorization level determination usually takes place during the authentication process. The authorization level will determine, among other thin

35、gs, the kind of security required for that call/session (i.e., the level of confidentiality and integrity validation needed). 6.3 Data Confidentiality Requirements Authenticated ETS users authorized at certain levels will have their communications encrypted. The required method will incorporate the

36、AES in its current FIPS equivalent using a minimum 256-bit key 8. The encryption for data confidentiality will be done by the user equipment. 6.4 Data Integrity Requirements Authenticated ETS users authorized at certain levels will have their non-realtime (i.e., other than interactive voice and vide

37、o) communications checked for data integrity. The required method will incorporate the HMAC-SHA-256 in its current FIPS equivalent. Security for signaling and control is not addressed in this Standard. 5ATIS-0100001.2004 Annex A (informative) A PRIORITIES FOR NS/EP USERS This Annex defines 5 levels

38、(1 is highest) of emergency users or priorities and offers descriptive scenarios to further clarify the distinctions. These levels will be used in the classification of ETS users regarding their security needs. These levels are supported in the Wireless Priority Service. It is expected that the numb

39、er of priority levels might be different for other networks. For example, some applications may provide 5 levels of priority and security at the access to the network but may support only 1 (or even 0) levels of priority over certain network portions (e.g., backbone networks). Table A.1 - Priorities

40、 for NS/EP Users Priority Level Responsibility Qualifying Criteria 1 Executive Leadership and Policy Makers Users who qualify for the Executive Leadership and Policy Makers priority will be assigned Priority 1. A limited number of PLMN technicians who are essential to restoring the PLMN networks sha

41、ll also receive this highest priority treatment. Wireless carrier may assign Priority 1 to its technicians with operational responsibilities. 2 Disaster Response / Military Command and Control Users who qualify for the Disaster Response/Military Command and Control priority will be assigned Priority

42、 2. Individuals eligible for Priority 2 include personnel key to managing the initial response to an emergency at the local, State, regional, and Federal levels. Personnel selected for this priority should be responsible for ensuring the viability or reconstruction of the basic infrastructure in an

43、emergency area. In addition, personnel essential to the continuity of government and national security functions (e.g., conducting international affairs and intelligence activities) are included. 3 Public Health, Safety, and Law Enforcement Command Users who qualify for the Public Health, Safety, an

44、d Law Enforcement Command priority will be assigned Priority 3. Eligible for this priority are individuals who direct operations critical to life, property, and maintenance of law and order immediately following an event. 4 Public Services / Utilities and Public Welfare Users who qualify for the Pub

45、lic Services/Utilities and Public Welfare priority will be assigned Priority 4. Eligible for this priority are those users whose responsibilities include managing public works and utility infrastructure damage assessment and restoration efforts and transportation to accomplish emergency response act

46、ivities. 5 Disaster Recovery Users who qualify for the Disaster Recovery priority will be assigned Priority 5. Eligible for this priority are those individuals responsible for managing a variety of recovery operations after the initial response has been accomplished. Table 1 is taken from an informa

47、tive annex of a 3GPP draft Technical Report, 3GPP TR 22.9050 V6.2.0 (2003-03) of the 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Priority Service feasibility study, Release 6, GSM. The following subsections offer illustrative examples of the 5 level

48、s. 6ATIS-0100001.2004 A.1 Level 1 Executive Leadership and Policy Makers In the aftermath of a devastating earthquake in San Francisco, the U.S. President, at an undisclosed location, needs to telephone the Vice President, who is also at an undisclosed location. The substance of the discussion and t

49、he identities of the participants must be cloaked in the strictest confidentiality. A.2 Level 2 Disaster Response/Military Command and Control A huge multi-megawatt power station is incapacitated by a series of upstream accidents and a resulting overload. Bringing it back online successfully requires the coordination of several regional power company facilities. Initial communications among these entities is done over the PSTN using Level 2 priority. If the PSTN congestion increases, the communication is done using WPS. Drawings of the power grid and the sequence of s

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1