ETSI ETR 086-3-1994 Trans European Trunked Radio (TETRA) System Technical Requirements Specification Part 3 Security Aspects《泛欧集群无线电(TETRA)系统 技术要求规范 第3部分 安全方面》.pdf

1、kH N I CAL REPORT ETR 086-3 January 1994 Source: ETSI TC-RES Reference: DTR/RES-06001 UDC: 621.396 Key words: TETRA, security Trans European Trunked Radio (TETRA) system; Technical requirements specification Part 3: Security aspects ETSI European Telecommunications Standards Institute ETSI Secretari

2、at Postal address: 06921 Sophia Antipolis Cedex - FRANCE Office address: Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE Tel.: + 33 92 94 42 O0 - Fax: + 33 93 65 47 16 European Telecornmunications Standards Institute 1 994. All rights reserved, No part may be reproduced except as authorize

3、d by written permission. The copyright and the foregoing restriction on reproduction extend to all media in which the information may be embodied. m 3404583 0096233 530 m Page 2 ETR 086-3: 1 994 Whilst every care has been taken in the preparation and publication of this document, errors in content,

4、typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to “ETSI Editing and Standards Approval Dept.“ at the address shown on the title page. = 3404583 0096234 477 Page 3 ETR 086-3: 1994 Contents Foreword . 7 1 Scope . 9 2 References . 9 3 Definitions and a

5、bbreviations (TETRA 01.04) 9 3.1 Definitions . 9 3.2 General abbreviations . 16 Supplementary service abbreviations . 17 3.3 4 Security aspects (TETRA 02.20) . 18 4.1.1 Introduction., 18 Applicability of the security services 18 4.2 Security policy . 19 The field of application 20 4.4 General archit

6、ecture . 20 The standardization boundaries 22 Methodology and outputs 23 Definition of TETRA players . 24 Principles of security profiles . 25 Threat analysis (TETRA 02.21 ) . 25 5.1 introduction . 25 Classification of threats., . 26 Message related threats 27 5.3.1 Interception 27 5.3.2 Manipulatio

7、n . 29 5.3.3 Repudiation 32 Repudiation of delivery 32 Repudiation of origin . 32 User related threats 32 5.4.1 Traffic analysis . 32 5.4.2 Observability 33 System related threats 33 Un-authorized use of resources . 33 Use of prohibited resources . 34 Use of resources beyond the authorized limits 34

8、 5.6 Summary 34 Security objectives and requirements (TETRA 02.22) . 34 Introduction. 34 Description of objectives and requirements 35 6.2.1 Correct charging . 35 6.2.2 Authenticity . 37 Confidentiality of communication . 39 Integrity of communication . 40 . 4.1 General 18 4.1.2 4.3 4.5 4.6 4.7 4.8

9、5 5.2 5.3 5.3.1.1 5.3.1.2 5.3.2.1 5.3.2.2 5.3.3.1 5.3.3.2 Interception at the radio interface . 27 Interception in the fixed parts of the network . 29 Manipulation at the radio interface 30 Manipulation in the fixed parts of the network 31 5.4 5.5 5.5.1 5.5.2 Denial of service . 33 5.5.2.1 5.5.2.2 6

10、 6.1 6.2 6.2.3 6.2.4 6.2.5 Privacy 41 3404583 0096235 303 Page 4 ETR 086-3:1994 6.2.6 Traffic flow confidentiality . 42 6.2.7 Monitoring 43 6.2.8 6.2.9 Security management . 45 Protection of resources . 44 6.2.1 O Non-repudiation . 46 Survey of objectives 46 Rating of security requirements -48 6.4.1

11、 Correct charging 49 6.4.2 Authenticity 49 6.4.3 Confidentiality of communication . 50 6.4.4 Integrity of communication 50 Privacy . 6.4.5 50 6.4.6 Traffic flow confidentiality . 51 6.4.7 Monitoring 51 6.4.8 Protection of resources -51 6.4.9 Security management . 52 6.4.1 O Classes of identical or a

12、lmost identical requirements . 52 6.3 6.4 7 Security services (TETRA 02.23) . 52 7.1 Introduction 52 7.2 7.3 . Survey of possible areas for the standardization of security 53 Description of security services., -54 7.3.1 Confidentiality services . 54 Relations to other security services . 54 7.3.1 .

13、1 7.3.1.2 7.3.1.3 7.3.1.4 Information confidentiality for voice (air-interface) - 7.3.1.5 7.3.1.6 7.3.1.7 General aspects 54 Information confidentiality for voice (End-to-End) - A . 1 -55 B.l . 55 User identity confidentiality - C . 1 56 Group identity confidentiality - C.2 57 Signalling information

14、 confidentiality - (2.3 57 Authentication 6) and key management services 58 7.3.2.1 General aspects 58 Relations to other security services . 58 Authentication of user (air-interface) - H1 . 59 Air-interface key management service - El . 60 Key management functions for air- interface authentication

15、60 Key management functions for air- interface confidentiality and integrity services . 60 7.3.3 Integrity services . 61 7.3.3.1 General aspects 61 Relations to other security services -61 signalling data - C4 . 61 Annex A (informative): Tables of requirements . 63 7.3.2 7.3.2.2 7.3.2.3 7.3.2.4 7.3.

16、2.5 Authentication of TETRA infrastructure (air-interface) - H2 59 7.3.2.5.1 7.3.2.5.2 7.3.3.2 7.3.3.3 Data integrity and data origin authentication for . A . 1 Correct charging. 63 A.2 Authenticity., 63 A.3 Confidentiality of communication 64 A.4 Integrity of communication -64 A.5 Privacy 64 . . m

17、3404583 00b23b 24T Page 5 ETR 086-3: 1994 A.6 Traffic flow confidentiality 65 A.7 Monitoring . 65 A.8 Protection of resources 65 14.9 Security management 66 A . 1 O Non-repudiation 66 Annex B (informative): TETRA V + D and PDO interfaces . 67 History 69 3404583 0096233 L8b Page 7 ETR 086-3: 1994 For

18、eword This ETSI Technical Report (ETR) has been prepared by the Radio Equipment and Systems (RES1 Technical Committee of the European Telecommunications Standards Institute (ETSI). ETRs are informative documents resulting from ETSI studies which are not appropriate for European Telecommunication Sta

19、ndard (ETS) or Interim European Telecommunication Standard (LETS) status. An ETR may be used to publish material which is either of an informative nature, relating to the use or application of ETSs or I-ETSs, or which is immature and not yet suitable for format adoption as an ETS or LETS. This part

20、of the ETR contains the specification of the Security aspects of the Trans European Trunked Radio (TETRA) system. This ETR will be subject to revision and therefore future editions. This ETR is divided into three parts: Part 1: Voice plus Data (V +DI systems; Part 2: Packet Data Optimized (PDO) syst

21、ems; Part 3: Security aspects. Previous page is blank Page 9 ETR 086-3: 1994 I Scope This ETSI Technical Report (ETR) defines the TETRA Security aspects, analyses the possible threats, defines the security objectives and requirements, and describes the security services. 2 References For the purpose

22、s of this ETR the following references apply. 121 i31 ITU-T Recommendation X.25 (1 993): “Interface between Data Terminal Equipment (DTE) and Data Circuit-Terminating Equipment (DCE) for terminals operating in the packet mode and connected to public data networks by dedicated circuit“. ETR 086-1 (1

23、994): “Trans European Trunked Radio (TETRA) system; Technical requirements specifications; Part 1 : Voice plus Data (VI- DI systems“. IS0 7498-2 (1 989): “Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture“. 3 Definitions and abbrevi

24、ations (TETRA O1 .O41 3.1 Definitions For the purposes of this ETR the following definitions apply: Access control: the prevention of unauthorized use of resources, including the use of a resource in an unauthorized manner. Authentication: the act of positively verifying that the true identity of an

25、 entity (network, user) is the same as the claimed identity. Base Radio Stack (BRS): a logical grouping that includes ail of the air interface protocol element in one base station (the fixed side of the air interface). Base Station (BS): a physical grouping of equipment which provides the fixed port

26、ion of the air interface. One base station transmits and receives radio signals to and from a single location area (a single region of geographical coverage). A BS contains at least one Base Radio Stack (BRSI. Base Station Radio Part (BSRP): one physical sub-group of a base station which contains al

27、l the radio end points (one or more) that are connected to a single antenna system. Bearer service: a type of telecommunication service that provides the capability for the transmission of signals between user-network interfaces. Bi-directional channel: a channel that can carry information in both d

28、irections. Broadcast call: a multipoint call in which the same information is transmitted simultaneously by the calling terminal to all available terminals. Call: a complete information exchange between two or more parties. NOTE 1: See also call transaction. Call re-establishment (slow handover): th

29、e action of switching a call in progress from one cell to another or between radio channels in the same cell. Previous page is blank 3404583 0096239 T59 Page 10 ETR 086-3: 1994 NOTE 2: Call re-establishment is used to allow established calls to continue when mobile stations move from one cell to ano

30、ther cell, or as a method to escape from co- channel interference. Call transaction: all events associated with one continuous transmission of information during a call (including control signalling), A call consists of one or more call transactions. NOTE 3: In a half-duplex call, the call consists

31、of a sequence of unidirectional transactions. Carrier (Radio Frequency (RF) carrier): the centre frequency of one radio transmission, A modulated carrier is used either for one uplink or one downlink. Carrier pair: two different carriers which are allocated together to provide one uplink and one dow

32、nlink. Normally the two carriers are allocated at a fixed frequency spacing (the duplex separation). NOTE 4: Carrier pairs only refer to allocation of carriers, not to their use. For example, a bi-directional logical channel may be assigned to an uplink from one carrier pair plus a downlink from a d

33、ifferent carrier pair. Cell: the smallest geographical area where TETRA services may be obtained, using a certain set of radio frequencies. NOTE 5: Each adjacent cell (touching or overlapping) should use a different set of radio frequencies to avoid co-channel interference. Chalienge-Response pair (

34、C/R): a pair of 32 bit binary numbers linked by a security algorithm. NOTE 6: When a user pays a subscription a key is distributed by the operator. This key is also stored in the subscriber information database. Circuit switched connection: a connection that is established on request between two or

35、more terminals and provides the exclusive use of the connection for information transfer until it is released. Circuit switched data service: a data service that uses a circuit-switched connection to transfer data between data terminal equipment. Circuit switched speech service: a service that uses

36、a circuit-switched connection to transfer speech information between voice terminal equipment. Closed user group: a (logical group of users who are not allowed to communicate outside their group. NOTE 7: Gateways to other networks and to particular subscribers supplementary service. Confidentiality

37、(1 1: rendering information into the form of ciphertext, such only intelligible by entities that possess the reverse algorithm (.e. the ability from the ciphertext). may be accessible as a that the information is to recover the plaintext Confidentiality (2): the property that information may not be

38、available or disclosed to unauthorized individuals, entities or processes. Connectionless packet data service: a service which transfers a single packet of data from one source node to one or more destination nodes in a single phase (.e. without establishing a logical connection or virtual circuit).

39、 Connection oriented packet data service: a service that transfers data from one source node to one destination node using a multi-phase protocol that establishes (and releases) logical connections or virtual circuits between end users that are then used to transferring packet data. Data compression

40、: a reversible process that reduces the quantity of data, without any loss of information. Data integrity: the property that data has not been altered or destroyed in an unauthorized manner, Data origin authentication: the corroboration that the origin of the source of data received is as claimed. D

41、irect mode: a mode of simplex operation where mobile subscriber radio units may communicate using radio frequencies which are outside the control of the network and without intervention of any base station. Downlink: a unidirectional radio pathway for the transmission of signals from one Base Statio

42、n (BS) to one or more Mobile Stations (MSs). Duplex (full duplex): a mode of operation by which information can be transferred in both directions and where the two directions are independent. See also half duplex. NOTE 8: In a packet switching environment (PDO or V+D signalling) protocols can be dup

43、lex at one layer and half duplex at another layer. Encryption: the conversion of plaintext to ciphertext. End to end: is within the TETRA boundaries: - - - including inter system interface. from TETRA terminal to TETRA terminal (LS or MS); from TETRA terminal to gateways; External user: an applicati

44、on which does recognize TETRA messages and cannot therefore directly invoke TETRA services. NOTE 9: An external user may be involved in communications which also involve TETRA equipment, but the external user has no direct control over the TETRA facilities. Facility: the means to assist the performa

45、nce of an action. Gateway: a device which will enable the interconnecting of two networks which inherently use different and incomparible protocols. Half duplex (semi duplex): a mode of operation by which information can be transferred in both directions but the transfers are mutually dependent (.e.

46、 uplink and downlink transfers share some resources). See also duplex. NOTE 10: In a packet switching environment (PDO or V+D signalling) protocols can be duplex at one layer and half duplex at another layer. Home Data Base HDB): the data base in the MSs home TETRA network. In the HDB all necessary

47、information about the MS is collected and stored permanently. Also information about how to find a migrating MS is stored in the HDB. There is logically only one data base in a TETRA network. Identity exchange: a procedure in which the individual MS identity (.e. ITS, ISS1 or ASSI) is exchanged for

48、an alias identity (.e. ISS1 or ASSI). 3404583 0076243 b07 Page 12 ETR 086-3: 1 994 NOTE 11: This is carried out for one of two purposes, either for security purposes where the real ISS1 is not sent over the air interface or for exchanging a migrating MSs long ITS1 identity to an unambiguous short IS

49、S1 or ASSI identity. Implicit registration: is when the location of the MS is noticed through messages other then location updating messages, e.g. CC messages. Incoming call: a terminating call which, from the viewpoint of an individual party, is a call that was initiated by another party. NOTE 12: See also outgoing call. Inter-operability: an attribute that describes the ability of a given subscriber terminal to obtain service from a given infrastructure, using the appropriate standard TETRA interface protocols. NOTE 13: See also level of inter-operability and profile. Inter-s