ImageVerifierCode 换一换
格式:PDF , 页数:26 ,大小:1.37MB ,
资源ID:727392      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727392.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI 3G TS 21 133-1999 3rd Generation Partnership Project Technical Specification Group Services and System Aspects 3G Security Security Threats and Requirements《第3代合作伙伴项目 技术规范组业务和_1.pdf)为本站会员(lawfemale396)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI 3G TS 21 133-1999 3rd Generation Partnership Project Technical Specification Group Services and System Aspects 3G Security Security Threats and Requirements《第3代合作伙伴项目 技术规范组业务和_1.pdf

1、3G TS 21 . I33 V3.0.0 (1999-05) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Threats and Requirements (3G TS 21.133 version 3.0.0) The present document has been developed within the 3d Generation Partners

2、hip Project (3GPPm) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Organisational Partners and shall not be implemented. This Specification is provided for future development work within 3GPPonly. The Organisation

3、al Partners accept no liability for any use of this Specification. Specifications and reports for implementation of the 3GPPm system should be obtained via the 3GPP Organisational Partners Publications Offices. 3G TS 21 .I33 version 3.0.0 2 Reference DTS/TSGS0321133U Keywords Security, Threats, Requ

4、irements 3GPP Postal address 3GPP support office address 650 Route des Lucioles - Sophia Antipolis Valbonne - FRANCE Tel.: +33 4 92 94 42 O0 Fax: +33 4 93 65 47 16 internet htp:lhnrww.3gpp.org 3G TS 21.133 V3.0.0 (1999-05) 3G TS 21 . 133 version 3.0.0 3 36 TS 21.133 V3.0.0 (1999-05) Contents Forewor

5、d 5 1 Scope . 6 2 References . 6 3 Definitions and Abbreviations . 7 3.1 Definitions . 7 3.2 Abbreviations . 8 4 General objectives for 3G security features 8 5 Security context . 9 5.1 System assumptions . 9 5.1.1 Type of services and service management . 9 5.1.2 Access to services . 10 5.1.3 Servi

6、ce provision 10 5.1.4 System architecture 10 5.1.5 Security management . 10 5.1.6 Interworking and compatibility 10 5.1.7 Charging and billing . 11 5.1.8 Supplementary services 11 5.2 3G roles 11 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.3 5.4 5.5 5.5.1 5.5.1.1 5.5.1.2 5.5.1.3 5.5.2 5.5.2.1 6 6.1 6.1.1 6.1.2

7、6.1.3 6.1.4 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 User domain . 11 Mastructure domain . 11 Non3G infrastructure domain . 12 Off-line parties . 12 Inuders . 12 3G architecture . 12 3G identities . 13 3G data types and data groups . 13 3G data types 13 User traffic 13 Signalling data 13 Control data 1

8、3 3G data groups . 14 User-related data . 14 Security threats 14 Threats associated with attacks on the radio interface . 15 Unauthorised access to data . 15 Threats to integrity . 15 Denial of service attacks 16 Unauthorised access to services . 16 Threats associated with attacks on other parts of

9、the system . 16 Unauthorised access to data . 16 Threats to integrity . 17 Denial of service attacks 17 Repudiation 17 Unauthorised access to services . 18 Threats associated with attacks on the terminal and UICCUSIM . 18 7 Risk Assessment 19 7.1 Evaluation of threats 19 7.1.1 8 Security Requirement

10、s . 20 8.1 Requirements derived from threat analysis 20 Threats evaluated to be of major or medium value 19 _ - 3G TS 21.133 version 3.0.0 4 36 TS 21.133 V3.0.0 (1999-05) 8.1.1 8.1.1.1 8.1 . 1 . 2 8.1.2 8.1.3 8.1.3.1 8.1.3.2 8.1.4 8.1.4.1 8.1.4.2 8.2 8.2.1 8.2.1.1 Requirements on security of3GPP ser

11、vices . 20 Requirements on secure service access 20 Requirements on system integrity 21 Requirements on protection of personal data . 21 Security of user-related transmitted data 21 Requirements on secure service provision 21 Security of user-related stored data 22 Requirements on the termhal/USIM .

12、 22 USIM Security 22 Terminal Security . 22 External requirements 22 Regulator requirements 22 Lawful interception . 22 Annex A (Informative): Threats linked to active attacks on the radio access link 23 User identity catching 23 A.1 A.2 A.3 A.4 Annex B: Change history 25 History . 26 Suppression of

13、 encryption between target and intruder 23 Compromise of authentication data . 24 Hijacking of services . 24 3G TS 21.133 version 3.0.0 5 36 TS 21.133 V3.0.0 (1999-05) This Technical Specification has been produced by the 3GPP. The contents of the present document are subject to continuing work with

14、in the TSG and may change following foxmal TSG approval. Should the TSG modi the contents of this TS, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version 3.y.z where: x the first digit: 1 presented to TSG for information;

15、 2 presented to TSG for approval; 3 Indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the

16、 specification; 3G TS 21 .I 33 version 3.0.0 6 - 36 TS 21.133 V3.0.0 (1999-05) A Scope This specification takes notice of the Security Principles and Objectives as set out in l. It contains an evaluation of perceived threats to 3GPP and produces subsequently a list of security requirements to addres

17、s these threats. As teleservices and applications will not, in general, be stanardised, it is difficult to predict their exact nature. Therefore, this specification considers all security threats and aims at listing generic security requirements that shall be applicable irrespective of the actual se

18、rvices offered. The list of threats and requirements may however need to be updated as the 3GPP system evolves. The threat analysis performed relies to a large extent on previous experiences with 2G systems, in particular GSM, and takes into account known problems from that area. The security requir

19、ements listed in this specification shall be used as input for the choice of security features and the design of the 3GPP security architecture as specified in 2. The sructure of this technical specification is as follows: clause 2 iists the references used in this specification; clause 3 lists the

20、definitions and abbreviations used in this specification; clause 4 contains a reference to the general objectives for 3G security; clause 5 contains an overview of the context in which the security architecture of 3G is designed; clause 6 contains a list of identified security threats to 3G, and giv

21、es some results from the threat analyses that have been performed; clause 7 contains an overview of the risk assessment resulting from the threat analyses performed clause 8 contains the resulting list of security requirements for 3G and indicates how these requirements relate to the threats and the

22、 security objectives . Finally, Annex A gives some more detailed information on threats and risks connected to so called false base station attacks. 2 Ref e re n ces The following documents contain provisions which, through reference in this text, constitute provisions of the present document. 0 Ref

23、erences are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. 0 For a specific reference, subsequent revisions do not apply. 0 For a non-specific reference, the latest version applies. A non-specific reference to an ETS shall also be taken to

24、refer to later versions published as an EN with the same number. 111 121 3G TS 33.120: “3G Security; Security Principles and Objectives“. 3G TS 33.102: “3G Security; Security Architecture“. 3G TS 21.133 version 3.0.0 7 36 TS 21.133 V3.0.0 (1999-05) Baseline documents: 3GPP s3-99003: UMTS 33.21, vers

25、ion 2.0.0: Vecurity requirements“. 3GPP s3-99016: ARIB, Requirements and Objectives for 3G Mobile Services and System, Annex 8 - Security Design Principles. ETSI SMG10 99CO19: Countermeasures to active attacks on the radio access link. 31 141 ETSI ETR 332: “Security Techniques Advisory Group; Securi

26、ty requirements capture“. ETSI ETR 33 1 : “Defintion of user Requirements for lawful interception of telecommunications; Requirements of the law enforcement agencies“. IS0 7498-2: “Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture“.

27、 ISO/IEC 10181-2: “Information Technology - Open Systems Interconnection - Security Frameworks in Open Systems“. ISO/IEC 1 1770- 1 : “Information Technology - Security Techniques - Key Management, Part 1 : Key Management Framework“. UMTS 22.00: “Universal Mobile Telecommunications System (UMTS): UMT

28、S Phase 1“. UMTS 22.01: “Universal Mobile Telecommunications System (UMTS): Service aspects; service principles“. UMTS 22.2 1 : “Universal Mobile Telecommunications System (UMTS): Virtual Home Environment“. 151 61 71 181 91 lo1 111 UMTS 23.01 : “Universal Mobile Telecommunications System (UMTS): Gen

29、eral UMTS Architecture“. 1121 UMTS 30.01 : “Universal Mobile Telecommunications System (UMTS): UMTS Baseline Document; Positions on UMTS agreed by SMG“. UMTS 33.20: “Universal Mobile Telecommunications System (UMTS): Security Principles“. i31 3 3.1 Definit ions and Abbreviations D efi n it ions For

30、the purposes of the present document, the following defintions apply: Access Control: The prevention of unauthorised use of a resource, including the prevention of use of a resource in an unauthorised manner 5. Authentication: The provision of assurance of the claimed identity of an entity 6. Clonin

31、g: The process of changing the identiy of one entity to that of an entity of the same type, so that there are two entities of the same type with the same identity. Confidentiality: The property of information that it has not been disclosed to unauthorised parties. Integrity: The property of informat

32、ion that it has not been changed by unauthorised parties. Key Management: The administration and use of the generation, registration, certification, deregistration, distribution, installation, storage, archiving, revocation, derivation and destruction of keying material in accordance with a security

33、 policy 7. STD*ETSI 36 TS 21-133-ENGL 1779 3400855 0422b53 Alb W 3G TS 21.1 33 version 3.0.0 a 36 TS 21.133 V3.0.0 (1999-05) Law Enforcement Agency (LEA): An organisation authorised by a lawful authorisation, based on a national law, to receive the results of telecommunication interceptions 4. Lawfu

34、l Authorisation: Permission granted to an LEA under certain conditions to intercept specified telecommunications and requiring co-operation for a network operator or service provider. Typically this refers to a warrant or order issued by a lawfully authorised body 4. Lawful Interception: The action

35、(based on the law), performed by a network operator or service provider, of making available certain information and providing that information to a Law Enforcement Monitoring Facility 4. Non-Repudiation Service: A security service which counters the threat of repudiation. Repudiation: Denial by one

36、 of the parties involved in a communication of having participated in all or part of the communication 151. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: GSM HE IMEI IMT-2000 IMUI IP ISDN ITU N-ISDN PIN PSTN SIM SN TD-CDMA TMN UICC UMTS UPT USIM UTRAN

37、 WIE W-CDMA Global System for Mobile communications Home Environment International Mobile Equipment Identity International Mobile Telecommunications-2000 International Mobile User Identity Internet Protocol Integrated Services Digital Network International Telecommunications Union Narrowband ISDN Pe

38、rsonal Identification Number Public Switched Telephone Network Subscriber Identity Module Serving Network Time Division - Code Division Multiple Access Telecommunications Management Network UMTS Integrated Circuit Card Universal Mobile Telecommunication System Universal Personal Telecommunication Us

39、er Services Identity Module UMTS Terrestrial Radio Access Network Virtual Home Environment Wideband - Code Division Multiple Access 4 General objectives for 3G security features The general objectives for 3G security features have been stated as l: a) to ensure that information generated by or relat

40、ing to a user is adequately protected against misuse 01 misappropriation; b) to ensure that the resources and services provided by serving networks and home environments are adequately protected against misuse or misappropriation; c) to ensure that the security features standardised are compatible w

41、ith world-wide availability (There shall be at least one ciphering algorithm that can be exported on a world-wide basis (in accordance with the Wassenaar agreement); d) to ensure that the security features are adequately standardised to ensure world-wide interoperability and roaming between differen

42、t serving networks; - 36 TS 21 .I 33 version 3.0.0 9 36 TS 21.133 V3.0.0 (1999-05) e) to ensure that the level of protection afforded to users and providers of services is better than that provided in contemporary fmed and mobile networks; f) to ensure that the implementation of 3G security features

43、 and mechanisms can be extended and enhanced as required by new threats and services. Furthermore it has been agreed that the basic security features employed in 2G systems will be retained, or where needed enhanced. These include: - subscriber authentication, - radio interface encryption, - subscri

44、ber identity confidentiality, - use of removable subscriber module, - - transparency of security features, - secure application layer channel between subscriber module and home network, minimised need for trust between HE and SN. In some instances, 3G will need to be equipped with stronger or more f

45、lexible security mechanisms than those which were designed for GSM, due to new or increased threats. These will be treated in the threat analysis. Mechanisms to combating fraud in roaming situations should be included in the 3G specifications from the start. Mechanisms for lawful interception under

46、authorisation should be included in 3G specifications from the start. 5 Security context The purpose of this clause is to describe the context in which the 3G security features are designed. This specification assumes the system assumptions, network architecture and functional roles given in UMTS 23

47、.01 111 and UMTS 30.01 12, the service description given in UMTS 22.01 9 and the UMTS Phase 1 description given in MTS 22.00 Pl. In subclause 5.1 the system assumptions that describe 3G in general and especially those that have a significant bearing on security are listed. in subclause 5.2 roles tha

48、t have a significant bearing on security are defined. In subclause 5.3 various architectural components that have an impact on the design of 3G security features are defined. In subclause 5.4 various identities used in 3G that have an impact on the design of 3G security features are defmed. In subcl

49、ause 5.5 data types and groups that are used to help iden* security threats and requirements are defined. 5. I System assumptions In this subclause 3G system assumptions that have an impact on the design of 3G security features are listed. These assumptions are derived fromUMTS 30.01 12, UMTS 22.01 9 and UMTS 22.00 8. 5.1 .I Type of services and service management a) 3G shall support the full range of services from narrow-band (most important: speech) to wide-band (2 Mbps as target) based upon an advanced highly efficient and

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1