ETSI EN 300 392-7-2017 Terrestrial Trunked Radio (TETRA) Voice plus Data (V+D) Part 7 Security (V3 4 1)《陆地集群无线电(TETRA) 声音加数据(V+D) 第7部分 安全(V3 4 1)》.pdf

1、 ETSI EN 300 392-7 V3.4.1 (2017-01) Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security EUROPEAN STANDARD ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 2 Reference REN/TETRA-06184 Keywords security, TETRA, V+D ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.:

2、 +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made availa

3、ble in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only p

4、revailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other

5、ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utili

6、zed in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to re

7、production in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of

8、the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 3 Contents Intellectual Property Rights 11g3Foreword . 11g3Modal verbs terminology 12g31 Scope 13g32 References 13g32.1 Normative references . 1

9、3g32.2 Informative references 14g33 Definitions and abbreviations . 15g33.1 Definitions 15g33.2 Abbreviations . 18g34 Air Interface authentication and key management mechanisms 20g34.a General . 20g34.0 Security classes 20g34.1 Air interface authentication mechanisms . 21g34.1.1 Overview 21g34.1.1a

10、Authentication and key management algorithms 21g34.1.2 Authentication of an MS . 21g34.1.3 Authentication of the infrastructure 22g34.1.4 Mutual authentication of MS and infrastructure . 23g34.1.5 The authentication key 25g34.1.6 Equipment authentication . 25g34.1.6a Request for information related

11、to an MS . 26g34.1.7 Authentication of an MS when migrated 26g34.1.8 Authentication of the home SwMI when migrated . 27g34.1.9 Mutual Authentication of MS and infrastructure when migrated . 28g34.2 Air Interface key management mechanisms . 29g34.2.0 General 29g34.2.1 The DCK . 29g34.2.2 The GCK . 30

12、g34.2.2.0 General 30g34.2.2.1 Session key modifier GCK0 31g34.2.3 The CCK . 32g34.2.4 The SCK . 33g34.2.4.0 General 33g34.2.4.1 SCK association for DMO use 35g34.2.4.1.0 General 35g34.2.4.1.1 DMO SCK subset grouping . 35g34.2.5 The GSKO 37g34.2.5.0 General 37g34.2.5.1 SCK distribution to groups with

13、 OTAR 38g34.2.5.2 GCK distribution to groups with OTAR . 38g34.2.5.3 Rules for MS response to group key distribution 39g34.2.6 Encrypted Short Identity (ESI) mechanism 39g34.2.7 Encryption Cipher Key . 40g34.2.8 Summary of AI key management mechanisms . 40g34.3 Service description and primitives . 4

14、2g34.3.1 Authentication primitives . 42g34.3.2 SCK transfer primitives 42g34.3.3 GCK transfer primitives 43g34.3.4 GSKO transfer primitives . 44g34.4 Authentication protocol 45g34.4.1 Authentication state transitions . 45g34.4.2 Authentication protocol sequences and operations . 48g34.4.2.0 General

15、48g34.4.2.1 MSCs for authentication . 49g3ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 4 4.4.2.2 MSCs for authentication and security type-3 elements . 55g34.4.2.3 Control of authentication timer T354 at MS . 58g34.4a Information request protocol 59g34.5 OTAR protocols . 62g34.5.1 CCK delivery - protocol

16、 functions 62g34.5.1.0 General 62g34.5.1.1 SwMI-initiated CCK provision . 63g34.5.1.2 MS-initiated CCK provision with U-OTAR CCK demand. 65g34.5.1.3 MS-initiated CCK provision with announced cell reselection 65g34.5.2 OTAR protocol functions - SCK 66g34.5.2.0 General 66g34.5.2.1 MS requests provisio

17、n of SCK(s) 67g34.5.2.2 SwMI provides SCK(s) to individual MS . 68g34.5.2.3 SwMI provides SCK(s) to group of MSs 70g34.5.2.4 SwMI rejects provision of SCK 71g34.5.3 OTAR protocol functions - GCK 72g34.5.3.0 General 72g34.5.3.1 MS requests provision of GCK . 72g34.5.3.2 SwMI provides GCK to an indivi

18、dual MS 74g34.5.3.3 SwMI provides GCK to a group of MSs . 75g34.5.3.4 SwMI rejects provision of GCK 77g34.5.4 Cipher key association to group address . 78g34.5.4.0 General 78g34.5.4.1 SCK association for DMO 79g34.5.4.2 GCK association . 82g34.5.5 Notification of key change over the air . 84g34.5.5.

19、0 General 84g34.5.5.1 Change of DCK . 85g34.5.5.2 Change of CCK . 86g34.5.5.3 Change of GCK . 86g34.5.5.4 Change of SCK for TMO 86g34.5.5.5 Change of SCK for DMO . 86g34.5.5.6 Synchronization of Cipher Key Change 87g34.5.6 Security class change 87g34.5.6.0 General 87g34.5.6.1 Change of security clas

20、s to security class 1 88g34.5.6.2 Change of security class to security class 2 88g34.5.6.3 Change of security class to security class 3 88g34.5.6.4 Change of security class to security class 3 with GCK . 88g34.5.7 Notification of key in use 89g34.5.8 Notification of GCK Activation/Deactivation 89g34

21、.5.9 Deletion of SCK, GCK and GSKO . 89g34.5.10 Air Interface Key Status Enquiry 91g34.5.11 Crypto management group 93g34.5.12 OTAR retry mechanism 94g34.5.13 OTAR protocol functions - GSKO . 94g34.5.13.0 General 94g34.5.13.1 MS requests provision of GSKO . 95g34.5.13.2 SwMI provides GSKO to an MS .

22、 95g34.5.13.3 SwMI rejects provision of GSKO . 96g34.5.14 OTAR protocol functions - interaction and queuing . 96g34.5.15 KSOv for OTAR operations in visited SwMI . 96g34.5.16 Transfer of AI cipher keys across the ISI . 100g35 Enable and disable mechanism . 100g35.0 General . 100g35.1 General relatio

23、nships 101g35.2 Enable/disable state transitions . 101g35.3 Mechanisms 102g35.3.0 General 102g35.3.1 Disable of MS equipment . 103g35.3.2 Disable of an subscription . 103g3ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 5 5.3.3 Disable of subscription and equipment . 103g35.3.4 Enable an MS equipment 103g35

24、.3.5 Enable an MS subscription . 103g35.3.6 Enable an MS equipment and subscription . 103g35.4 Enable/disable protocol 104g35.4.1 General case 104g35.4.2 Status of cipher key material. 105g35.4.2.1 Permanently disabled state 105g35.4.2.2 Temporarily disabled state 105g35.4.3 Specific protocol exchan

25、ges . 106g35.4.3.0 General 106g35.4.3.1 Disabling an MS with mutual authentication 106g35.4.3.2 Enabling an MS with mutual authentication . 107g35.4.3.3 Enabling an MS with non-mutual authentication 108g35.4.3.4 Disabling an MS with non-mutual authentication . 110g35.4.4 Enabling an MS without authe

26、ntication 111g35.4.5 Disabling an MS without authentication . 111g35.4.6 Rejection of enable or disable command 111g35.4.6a Expiry of Enable/Disable protocol timer 112g35.4.7 MM service primitives 112g35.4.7.0 General 112g35.4.7.1 TNMM-DISABLING primitive 113g35.4.7.2 TNMM-ENABLING primitive . 113g3

27、6 Air Interface (AI) encryption . 113g36.1 General principles. 113g36.2 Security class 114g36.2.a General 114g36.2.0 Notification of security class 115g36.2.0.0 General 115g36.2.0.1 Security Class of Neighbouring Cells . 116g36.2.0.2 Identification of MS security capabilities . 116g36.2.1 Constraint

28、s on LA arising from cell class . 116g36.3 Key Stream Generator (KSG) 116g36.3.0 General 116g36.3.1 KSG numbering and selection 117g36.3.2 Interface parameters 117g36.3.2.1 Initial Value (IV) . 117g36.3.2.2 Cipher Key 118g36.4 Encryption mechanism . 118g36.4.0 General 118g36.4.1 Allocation of KSS to

29、 logical channels 118g36.4.2 Allocation of KSS to logical channels with PDU association 120g36.4.2.1 General 120g36.4.2.2 KSS allocation on phase modulation channels 121g36.4.2.3 KSS allocation on QAM channels 122g36.4.2.3.0 General 122g36.4.2.3.1 Fixed mapping . 122g36.4.2.3.2 Offset mapping 123g36

30、.4.3 Synchronization of data calls where data is multi-slot interleaved . 124g36.4.4 Recovery of stolen frames from interleaved data . 125g36.5 Use of cipher keys 126g36.5.0 General 126g36.5.1 Identification of encryption state of downlink MAC PDUs . 127g36.5.1.0 General 127g36.5.1.1 Class 1 cells .

31、 127g36.5.1.2 Class 2 cells . 128g36.5.1.3 Class 3 cells . 128g36.5.2 Identification of encryption state of uplink MAC PDUs 128g36.6 Mobility procedures . 129g36.6.1 General requirements 129g36.6.1.0 Common requirements 129g3ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 6 6.6.1.1 Additional requirements f

32、or class 3 systems . 129g36.6.2 Protocol description 129g36.6.2.0 General 129g36.6.2.1 Negotiation of ciphering parameters . 129g36.6.2.1.0 General 129g36.6.2.1.1 Class 1 cells . 130g36.6.2.1.2 Class 2 cells . 130g36.6.2.1.3 Class 3 cells . 130g36.6.2.2 Initial and undeclared cell re-selection 130g3

33、6.6.2.3 Unannounced cell re-selection 131g36.6.2.4 Announced cell re-selection type-3 . 132g36.6.2.5 Announced cell re-selection type-2 . 132g36.6.2.6 Announced cell re-selection type-1 . 132g36.6.2.7 Key forwarding . 132g36.6.3 Shared channels 133g36.7 Encryption control 134g36.7.0 General 134g36.7

34、.1 Data to be encrypted . 134g36.7.1.1 Downlink control channel requirements . 134g36.7.1.2 Encryption of MAC header elements 134g36.7.1.3 Traffic channel encryption control 134g36.7.1.4 Handling of PDUs that do not conform to negotiated ciphering mode . 135g36.7.2 Service description and primitives

35、 135g36.7.2.0 General 135g36.7.2.1 Mobility Management (MM) 136g36.7.2.2 Mobile Link Entity (MLE) 137g36.7.2.3 Layer 2 139g36.7.3 Protocol functions . 139g36.7.3.0 General 139g36.7.3.1 MM . 139g36.7.3.2 MLE 139g36.7.3.3 LLC . 139g36.7.3.4 MAC . 140g36.7.4 PDUs for cipher negotiation . 140g3Annex A (

36、normative): PDU and element definitions 141g3A.0 General . 141g3A.1 Authentication PDUs 141g3A.1.1 D-AUTHENTICATION demand . 141g3A.1.2 D-AUTHENTICATION reject . 141g3A.1.3 D-AUTHENTICATION response 142g3A.1.4 D-AUTHENTICATION result . 142g3A.1.5 U-AUTHENTICATION demand . 142g3A.1.6 U-AUTHENTICATION

37、 reject . 143g3A.1.7 U-AUTHENTICATION response 143g3A.1.8 U-AUTHENTICATION result . 144g3A.2 OTAR PDUs 144g3A.2.1 D-OTAR CCK Provide 144g3A.2.2 U-OTAR CCK Demand . 144g3A.2.3 U-OTAR CCK Result 145g3A.2.4 D-OTAR GCK Provide 145g3A.2.5 U-OTAR GCK Demand . 146g3A.2.6 U-OTAR GCK Result 147g3A.2.6a D-OTA

38、R GCK Reject 147g3A.2.7 D-OTAR SCK Provide . 148g3A.2.8 U-OTAR SCK Demand 149g3A.2.9 U-OTAR SCK Result . 149g3A.2.9a D-OTAR SCK Reject . 150g3A.2.10 D-OTAR GSKO Provide 150g3A.2.11 U-OTAR GSKO Demand 151g3ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 7 A.2.12 U-OTAR GSKO Result 151g3A.2.12a D-OTAR GSKO Re

39、ject 151g3A.3 PDUs for key association to GTSI . 152g3A.3.1 D-OTAR KEY ASSOCIATE demand . 152g3A.3.2 U-OTAR KEY ASSOCIATE status . 153g3A.4 PDUs to synchronize key or security class change 153g3A.4.1 D-CK CHANGE demand . 153g3A.4.2 U-CK CHANGE result . 154g3A.4.2a U-OTAR KEY DELETE result 155g3A.4.2

40、b U-OTAR KEY STATUS response . 156g3A.4.3 D-DM-SCK ACTIVATE DEMAND . 157g3A.4.4 U-DM-SCK ACTIVATE RESULT . 158g3A.4a PDUs to delete air interface keys in MS 159g3A.4a.1 D-OTAR KEY DELETE demand 159g3A.4a.2 U-OTAR KEY DELETE result 159g3A.4b PDUs to obtain Air Interface Key Status . 160g3A.4b.1 D-OTA

41、R KEY STATUS demand 160g3A.4b.2 U-OTAR KEY STATUS response . 161g3A.5 Other security domain PDUs 162g3A.5.1 U-TEI PROVIDE . 162g3A.5.2 U-OTAR PREPARE 163g3A.5.3 D-OTAR NEWCELL . 163g3A.5.4 D-OTAR CMG GTSI PROVIDE . 163g3A.5.5 U-OTAR CMG GTSI RESULT . 164g3A.5.6 U-INFORMATION PROVIDE 164g3A.6 PDUs fo

42、r Enable and Disable . 166g3A.6.1 D-DISABLE . 166g3A.6.2 D-ENABLE 166g3A.6.3 U-DISABLE STATUS . 167g3A.7 MM PDU type 3 information elements coding 167g3A.7.0 General . 167g3A.7.1 Authentication downlink 167g3A.7.2 Authentication uplink . 168g3A.7.3 Security downlink. 168g3A.8 PDU Information element

43、s coding . 169g3A.8.0 General . 169g3A.8.1 Acknowledgement flag . 169g3A.8.1a Additional information present . 169g3A.8.2 Address extension. 169g3A.8.2a AI algorithm information present . 169g3A.8.2b AI algorithm information request flag 170g3A.8.3 Authentication challenge 170g3A.8.4 Authentication

44、reject reason . 170g3A.8.5 Authentication result 170g3A.8.6 Authentication sub-type . 170g3A.8.7 CCK identifier 171g3A.8.8 CCK information 171g3A.8.9 CCK Location area information . 171g3A.8.10 CCK request flag 172g3A.8.11 Change of security class . 172g3A.8.12 Ciphering parameters . 172g3A.8.13 CK

45、provision flag . 173g3A.8.14 CK provisioning information . 173g3A.8.15 CK request flag . 173g3A.8.16 Class Change flag . 173g3A.8.17 DCK forwarding result . 173g3A.8.18 Disabling type 174g3ETSI ETSI EN 300 392-7 V3.4.1 (2017-01) 8 A.8.19 Enable/Disable result 174g3A.8.20 Encryption mode 174g3A.8.20.

46、1 Class 1 cells 174g3A.8.20.2 Class 2 cells 175g3A.8.20.3 Class 3 cells 175g3A.8.21 Equipment disable 175g3A.8.22 Equipment enable . 175g3A.8.23 Equipment status 175g3A.8.23a Explicit response 176g3A.8.24 Frame number 176g3A.8.24a Future information present . 176g3A.8.25 Future key flag . 176g3A.8.2

47、6 GCK data 177g3A.8.27 GCK key and identifier 177g3A.8.28 GCK Number (GCKN) 177g3A.8.28a GCK Provision result . 177g3A.8.28b GCK rejected 178g3A.8.29 GCK select number 178g3A.8.29a GCK Supported 178g3A.8.30 GCK Version Number (GCK-VN) . 178g3A.8.31 Group association . 179g3A.8.31a Group Identity Sec

48、urity Related Information . 179g3A.8.32 GSKO Version Number (GSKO-VN) 179g3A.8.33 GSSI . 179g3A.8.33a HW SW version request flag 180g3A.8.33b HW version number present . 180g3A.8.34 Hyperframe number . 180g3A.8.35 Intent/confirm . 180g3A.8.36 Void 180g3A.8.37 Key association status 180g3A.8.38 Key a

49、ssociation type . 181g3A.8.39 Key change type . 181g3A.8.39a Key delete type . 181g3A.8.39b Key status type . 181g3A.8.39c Key delete extension 182g3A.8.40 Key type flag 182g3A.8.41 KSG-number 182g3A.8.42 Location area 182g3A.8.43 Location area bit mask . 183g3A.8.44 Location area selector . 183g3A.8.45 Location area list 183g3A.8.46 Location area range 183g3A.8.46a Max response timer value . 183g3A.8.47 Mobile country code . 184g3A.8.48 Mobile network code 184g3A.8.48a Model number information present 184g3A.8.48b Model number request flag . 184g3A.8.49 Multiframe number. 184g