DIN ETS 300791-1998 Universal Personal Telecommunication (UPT) - Security architecture for UPT phase 2 - Conformance Test Specification English version ETS 300791 1997《通用个人电信(UPT) .pdf

1、STD.DIN DIN ETS 300791-GERM 1998 279Y44b 0719250 bTT Netzaspekte (NA) Universelle persnliche Telekommunikation (UPT) Sicherheitsarchitektur fr UPT-Phase 2 Spezifikation der Konformittsprfung (CTS) Englische Fassung ETS 300791 : 1997 DIN - ETS 300791 STD.DIN DIN ETS 300791-GERM 1998 279444b 07L925L 5

2、36 EUROPEAN T 1 ELECOMMUNICATION STANDARD ETS 300 791 October 1997 Source: NA Reference: DUNA-O64007 ICs: 33.020 Key words: UPT, security, card, CTS Network Aspects (NA); Universal Personal Telecommunication (UPT); Security architecture for UPT Phase 2; Conformance Test Specification (CTS) ETSI Euro

3、pean Telecommunications Standards Institute ETSI Secretariat Postal address: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - Sophia Antipoiis - Vaibonne - FRANCE X.400: c=fr, a=atlas, p=etsi, c=secretariat - Internet: secretariatetsi.fr Tel.: +33 4 92 94 42 O0 - Fax:

4、 +33 4 93 65 47 16 Copyright Notification: No pari may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. O European Telecommunications Standards Institute 1997. All rights reserved. STD-DIN DIN ETS 300791-GERM 1

5、998 = 279YYYb 0739252 472 Page 2 ETS 300 791 : October 1997 Whilst every care has been taken in the preparation and publication of this document, errors in content, typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to “ETSI Editing and Committee Suppor

6、t Dept.“ at the address shown on the title page. STD-DIN DIN ETS 300791-GERM 1978 2794446 0739253 307 Page 3 ETS 300 791 : October 1997 Contents Foreword 5 Introduction . 5 1 Scope . 7 2 Normative references . 7 3 Abbreviations 8 4 Test Suite Structure (TSS) . 8 5 Test purposes 9 Terminal test group

7、 . 9 5.1 5.1.1 CHV test purposes 9 5.1.2 Two-pass strong authentication test purposes 10 5.1.3 Timer test purposes 10 UPT card test group 10 5.2.1 CHV test purposes 11 5.2.2 Two-pass strong authentication test purposes 11 5.2.3 Timer test purposes 12 Authentication Entity (AE) test group . 12 5.3.1

8、5.3.2 Two-pass strong authentication test purposes 13 5.3.3 SAPIN verification test purposes . 14 5.3.4 OCPIN verification test purposes 14 5.3.5 PIN change test purpose . 15 5.2 5.3 PU1 check test purposes . 13 6 Test methods and configurations . 15 6.1 Card reading terminal . 15 6.2 UPT card . 16

9、6.3 AE . 16 7 Test cases 17 7.1.1 CHV . 18 7.1 UPT card reading terminal . 1 7.1.2 Two-pass strong authentication 19 7.1.3 Timer . 20 7.2 UPT card . 21 7.2.1 CHV . 21 7.2.2 Two-pass strong authentication 23 7.2.3 Timer . 23 7.3 AE . 24 7.3.1 PU1 check 24 7.3.2 Two-pass strong authentication 24 7.3.3

10、 SAPIN check . 25 7.3.4 OCPIN check . 25 7.3.5 Change PIN check 26 History . 27 STD.DIN DIN ETS 300791-GERN 1998 m 279444b 071725q 245 m Page 4 ETS 300 791 : October 1997 1 Blank page _ STD.DIN DIN ETS 300773-GERM 1778 277444b 0739255 LB3 Page 5 ETS 300 791 : October 1997 Foreword This European Tele

11、communication Standard (ETS) has been produced by the Network Aspects (NA) Technical Committee of the European Telecommunications Standards Institute (ETSI). This ETS, in association with ETS 300 790 l, forms the specification of the security architecture for UPT Phase 2. Transposition dates Date of

12、 adoption: Date of latest announcement of this ETS (doa): 3 October 1997 31 January 1998 Date of latest publication of new National Standard or endorsement of this ETS (dop/e): 31 July 1998 Date of withdrawal of any conflicting National Standard (dow): 31 July 1998 Introduction Universal Personal Te

13、lecommunication (UPT) is a service that enables improved access to telecommunication service by allowing personal mobility. It enables each UPT user to participate in a user defined set of subscribed services, and to initiate and receive calls on the basis of a unique, personal, network independent

14、UPT number across multiple networks at any terminal, fixed, movable or mobile. ETS 300 790 l specifies the additions of UPT Phase 2, compared to UPT Phase 1, as specified in ETS 300 391-1 3. The Conformance Test Specification (CTS) for ETS 300 391-1 3 is specified in ETS 300 391-3 4. This ETS specif

15、ies the conformance tests for ETS 300 790 l only. In ETS 300 790 l a card, two-pass strong authentication, a mechanism for extra authentication for outgoing calls, authentication for secure answer and storage of a timer value in the card have been introduced. The conformance tests for these new feat

16、ures are all specified in this ETS. STDmDIN DIN ETS 300791-GERM 1998 m 2794446 071925b 018 m Page 6 ETS 300 791 : October 1997 Blank page STD-DIN DIN ETS 300791-GERM 1998 = 2794446 0729257 T54 Page 7 ETS 300 791 : October 1997 1 Scope This European Telecommunication Standard (ETS) provides a Conform

17、ance Test Specification (CTS) specifying the tests which are necessary to veri the conformance of UPT cards, UPT card reading terminals and Authenticating Entities (AEs) with ETS 300 790 l. In particular, the following issues are considered: - test suite and test purposes; - test methods and configu

18、rations; - test steps and test cases. The Tree and Tabular Combined Notation (TCN) description of test cases is outside the scope of this ETS. However, the TTCN description may be part of the CTSs of the overall Universal Personal Telecommunication (UPT) protocol specifications. A partial Protocol I

19、mplementation extra Information for Testing (PIXIT) proforma is not identified as applicable for this CTS. The conformance testing methodology and framework used in this ETS is given in ISO/IEC 9646 Parts 1- 5 2 and ETS 300 406 5. 2 Normative references This ETS incorporates by dated and undated ref

20、erence, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions of any of these publications apply to this ETS only when incorporated in it by

21、 amendment or revision. For undated references the latest edition of the publication referred to applies. prETS 300 790: “Universal Personal Telecommunication (UPT); Security architecture for UPT Phase 2; Specification“. Pl ISOAEC 9646, Parts 1-5: “Conformance Testing Methodology and Framework“. 31

22、41 ETS 300 391 -1 : “Universal Personal Telecommunication (UPT); Specification of the security architecture for UPT Phase 1 ; Part 1 : Specification“. ETS 300 391 -3: “Universal Personal Telecommunication (UPT); Specification of the security architecture for UPT Phase 1; Part 3: Conformance Test Spe

23、cification (CTS)“. ETS 300 406: “Methods for Testing and Specification (MTS); Protocol and profile conformance testing specifications; Standardization methodology“. STD-DIN DIN ETS 300791-GERM L998 279444b 0719258 990 Page 8 ETS 300 791 : October 1997 3 Abbreviations For the purposes of this ETS, th

24、e following abbreviations apply: AC AE CHV CT IUT K OCPIN PCO PIN PIXIT Pul SAPIN SDF TSS TTCN UPT Authentication Code, calculated in the UPT card Authenticating Entity Card Holder Verification Command Type Implementation Under Test Key Outgoing Call PIN Point of Control and Observation Personal Ide

25、ntification Number Protocol Implementation extra Information for Testing Personal User Identity Secure Answer PIN Service Data Function Test Suite Structure Tree and Tabular Combined Notation Universal Personal Telecommunication 4 Test Suite Structure (TSS) A full conformance test of a UPT Phase 2 i

26、mplementation shall be based on both ETS 300 391-3 4 and this ETS. Figure 1 shows the Test Suite Structure (TSS). Security feature Authentication Implernentatlon under test I I I Terminal (T) UPT Card (C) Authenticating Entity (A) Major functions Nature of test I I I I I I Card Timer Two pass Strong

27、 SAPIN OCPIN PIN Change Holder (TI) Authentication Verification Verification Check Verification (SA) (SV) (OV) (PC) (HV) I I I I Capability Valid Invalid Data tests (CA) Behaviour Behaviour Protection tests (BV) tests (BI) tests (DP) Figure 1 : The TSS The characters within parenthesis in figure 1 a

28、re used in the mnemonics identifying each test purpose in the following clauses. Every mnemonic consists of four fields: a) (implementation under test); b) (major function); c) (nature of test); d) (number within the test group). EXAMPLE: Capability test number 1 of the two-pass strong authenticatio

29、n of the terminal is coded TSACA1. - STDmDIN DIN ETS 300791-GERM 1998 2774446 0719259 827 Page 9 ETS 300 791 : October 1997 5 Test purposes Three entities in the UPT security architecture have been identified to need testing: - the terminal; - the UPT card; - andtheAE. There are two objectives to be

30、 met: - to ensure that both entities have been implemented in accordance with the requirements stated in ETS 300 790 l; to achieve interoperability between products from different manufacturers. - The references made in this clause can be found in ETS 300 790 l. 5.1 Terminal test group The terminal

31、is tested with respect to the following aspects: - - - Card Holder Verification (CHV) is supported by the terminal; the data for strong authentication is correctly sent; the timer is correctly implemented. 5.1.1 CHV test purposes THVCA1: Initial conditions: Reference: Check that the terminal support

32、s CHV. The card is not blocked. Subclause 5.2.2 Authentication of the user to the UPT card. THVBV1 Initial conditions: Reference: Subclause 7.3 User interface. Check that changing of the CHV is supported by the terminal. The card is not blocked. The card is reset. THVBVS: Initial conditions: Referen

33、ce: Subclause 7.3 User interface. Check that unblocking CHV is supported by the terminal. The card is blocked. sTD.DIN DIN ETS 30077L-GERfl 1778 2774446 0737260 547 m Page 10 ETS 300 791 : October 1997 5.1.2 TSACA1: Two-pass strong authentication test purposes I Check that two-pass strong authentica

34、tion is supported. Initial conditions: I Reference: Subclause 5.2.1 Weak authentication 5.1.3 Timer test purposes lTlCA1: Check that the timer is implemented. Covered by lTIBV1, lTiBV2, lTIBV3 and TTIBI1. Initiai condltions: Reference: The timer value T and TM, are known by the tester. Subclause 5.2

35、.2 Authentication of the user to the UPT card. TTIBV1: Initial conditions: Check that the timer is initiated with the timer value T from the card. A successful CHV has been performed. Reference: Subclause 5.2.2 Authentication of the user to the UPT card. lTiBV2: Check that the users access rights, g

36、ranted by the CHV are lost when time-out is reached. A successful CHV has been performed, and the timer has started. Subclause 5.2.2 Authentication of the user to the UPT card. Initial conditions: Reference: lTIBV3: Initial conditions: Check that the user can change the time-out value, T. A successf

37、ul CHV has been performed. Reference: Subclause 5.2.2 Authentication of the user to the UPT card. lTlBI1: Check that T Upper tester in te dace (human operator) i Lower tester (transparent , or computer for input; Implementation Under Test (W 1 transparent for output) (Authenticating Entity (AE) tele

38、phone network Figure 4: Authenticating Entity NOTE: In addition to this, there will be other (possibly local) test configurations when the protocols between the IN entities are specified in detail. Then the security related protocol elements may be tested together with the other UPT protocol element

39、s. The values for PU1 key shall be implemented into the AE by the manufacturer according to the requirements of the test laboratory. The interface for this procedure is not standardized. It will normally be done via an operator terminal. The request for authentication is entered via the keyboard aft

40、er CHV. The result of an authentication attempt (successful or not successful) is given by an appropriate announcement. 7 Test cases The following information is included in the specification of each test case: - - - specification of test steps; - name of the test case; reference to the correspondin

41、g test purpose; expected result (conditions to be fulfilled to pass the test). STDODIN DIN ETS 300791-GERM I1998 W 2794446 0739268 83T Page 18 ETS 300 791 : October 1997 7.1 UPT card reading terminal The following test cases of the UPT card reading terminal are specified: - CHV; - two-pass strong au

42、thentication; - timer. 7.1.1 CHV TC 1: Fulfils the test purpose THVCA1. lest steps: 1) 2) Perform a correct CHV. 3) Insert the UPT reference card in the terminal. Read the response on the terminal display. Expected result after step 3: Successful CHV. TC2: Fulfils the test purpose THVBV1. Test steps

43、: 1) 2) Perform a correct CHV. 3) 4) 5) 5) 6) Insert the UPT reference card in the terminal. Perform a change CHV procedure with a value different from the old one. Remove the UPT reference card. Reinsert the UPT reference card. Perform CHV with the old value. Perform CHV with the new value. Expecte

44、d result after step 6: Unsuccessful CHV. Expected result after step 7: Successful CHV. TC3: Fulfils the test purpose THVBV2. Test steps: 1) 2) 3) 4) 5) Insert the UPT reference card in the terminal. Perform a correct unblocking CHV. Remove the UPT reference card. Perform CHV with an incorrect value.

45、 Perform CHV with a correct value. Expected result after step 4: Unsuccessful CHV. Expected result after step 5: Successful CHV. STD-DIN DIN ETS 300791-GERM 1998 m 2794446 07392bq 776 Page 19 ETS 300 791 : October 1997 7.1.2 Two-pass strong authentication Fulfils the test purposes lTIBV1, lTIBV2 and

46、 TSACA1. T C 4: Test steps: Expected result after step 4 Expected result after step 6: Expected result after Insert the UPT reference card in the terminal. Perform a successful CHV. Initiate the two-pass strong authentication procedure. Record the output data. Before T - 1 second, send a challenge t

47、o the UPT card. Record the output data. After T + 1 second, send a challenge to the UPT card. Record the output data. PU1 and CT shall be sent, all values shall be correct. Pul, CT and AC shall be sent, all values shall be correct. I step 8: No authentication data shall be sent by the terminal. STD-

48、DIN DIN ETS 300791-GERM 1998 279444b 0719270 498 I Page 20 ETS 300 791 : October 1997 7.1.3 Timer In subclause 7.1.2, TC 4 fulfils the test purposes lTIBV1 and lTIBV2. I rc5: rest steps: Fulfils the test purposes TTIBI1 and TTIBV3. Change T value to a value greater than TMM. Perform a successful CHV

49、. Record the output data. After the old T value - 1 second, send a challenge to the terminal. Record the output data. After the old T value + 1 second, send a challenge to the terminal. Record the output data. Change T value to a value greater than TM. Perform a successful CHV. Record the output data. After the old T value - 1 second, send a challenge to the terminal. Record the output data. After the old T value + 1 second, send a challenge to the terminal. Record the output data. Expected result after step 1: Expected result after step 5: Expect