ETSI ETS 300 534-1997 Digital Cellular Telecommunications System (Phase 2) Security Related Network Functions (GSM 03 20 Version 4 4 1 Third Edition)《数字蜂窝通信系统(第2阶段) 安全相关的网络功能 GSM 0.pdf

1、STD-ETSI ETS 300 534-ENGL 3797 3400855 0239572 931 STANDARD ETS 300 534 August 1997 Thlrd Edition Source: ETSI SMG Reference: RE/SMG-O3032OPR ICs: 33.020 Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM) Digital cellular telecommunications system (P

2、hase 2); Security related network functions (GSM 03.20 version 4.4.1) ETSI European Telecommunications Standards Institute ETSI Secretariat Postal address: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE X.400: c=fr, a=atlas, p=et

3、si, s=secretariat - Internet: secretariatetsi.fr Tel.: +33 4 92 94 42 O0 - Fax: +33 4 93 65 47 16 Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. O European Telecommunicatio

4、ns Standards Institute 1997. All rights reserved. STD-ETSI ETS 300 534-ENGL 3777 = 3400855 0237573 358 = Page 2 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 Whilst every care has been taken in the preparation and publication of this document, errors in content, typographical or otherwise, may

5、occur. If you have comments concerning its accuracy, please write to “ETSI Editing and Committee Support Dept.“ at the address shown on the title page. STD-ETSI ETS 300 53Li-ENGL 1997 3400855 0239574 274 M Page 3 ETC 300 534 (GSM 03.20 version 4.4.1): August 1997 Contents Foreword . ._. 5 O Scope 7

6、Normative references 7 Abbreviations - 7 o . 1 0.2 1 General . 8 2 Subscriber identity confidentiality . 9 2.1 Generality . .- . 9 2.2 Identifying method 9 2.3 Procedures ._ . 10 2.3.1 Location updating in the same MSC area . 10 2.3.2 Location updating in a new MSCs area, within the same VLR area .

7、11 2.3.3 Location updating in a new VLR; old VLR reachable 12 2.3.4 Location Updating in a new VLR; old VLR not reachable 13 2.3.5 Reallocation of a new TMSI 14 2.3.6 Local TMSI unknown . 15 2.3.7 Location updating in a new VLR in case of a loss of information 16 2.3.8 Unsuccessful TMSI allocation .

8、 16 3 Subscriber identity authentication _ 17 Generality .I 17 The authentication procedure 17 3.1 3.2 3.3 Subscriber Authentication Key management . 18 3.3.1 General authentication procedure . 18 3.3.2 Authentication at location updating in a new VLR, using TMSI . 19 3.3.3 Authentication at locatio

9、n updating in a new VLR, using IMSI 20 3.3.4 Authentication at location updating in a new VLR, using TMSI, TMSI unknown in “old“ VLR 21 3.3.5 Authentication at location updating in a new VLR, using TMSI, old VLR not reachable . 22 3.3.6 Authentication with IMSI if authentication with TMSI fails . 22

10、 3.3.7 Re-use of security related information in failure situations 23 4 Confidentiality of signalling information elements. connectionless data and user information elements on physical connections 24 4.1 Generality . _. . 24 4.2 The ciphering method 24 4.3 Key setting _._ . 25 4.4 Ciphering key se

11、quence number . 26 4.5 Starting of the ciphering and deciphering processes . 26 4.6 Synchronization 26 4.7 Handover -_ . 27 4.8 Negotiation of A5 algorithm . 72 5 Synthetic summary 28 Annex A (informative): Security issues related to signalling schemes and key management 29 A.l Introduction 29 A.2 S

12、hort description of the schemes . 29 A.3 List of abbreviations 30 STD.ETS1 ETS 300 53Li-ENGL 1997 m 3400855 0237575 120 W Page 4 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 Annex B (informative): Security information to be stored in the entities of the GSM system . 44 B.1 Introduction . 44 B.

13、2 Entities and security information 44 B.2.1 8.2.2 B.2.3 B.2.4 B.2.5 Home Location Register (HLR) . 44 Visitor Location Register (VLR) . 44 Mobile Station (MS) . 45 Authentication Centre (AuC) . 45 Mobile services Switching Centre (MSC)/Base Station System (BSS) . 44 Annex C (normative): External sp

14、ecifications of security related algorithms 46 C.0 Scope . 46 C.l Specifications for Algorithm A5 46 C.l.l Purpose . 46 C.1.2 Implementation indications . .46 C.1.3 C.1.4 External specifications of Algorithm A5 . 48 Internal specification of Algorithm A5 48 C.2 Algorithm A3 . 48 C.2.1 Purpose . 48 C

15、.2.2 Implementation and operational requirements 48 C.3 Algorithm A8 . 49 C.3.1 Purpose . 49 C.3.2 Implementation and operational requirements 49 Annex D (informative): Status of Technical Specification GSM 03.20 50 History 51 STDmETSI ETS 300 534-ENGL 1977 = 3400855 021757b Ob7 Page 5 ETS 300 534 (

16、GSM 03.20 version 4.4.1): August 1997 Foreword This European Telecommunication Standard (ETS) has been produced by the Special Mobile Group (SMG) of the European Telecommunications Standards Institute (ETSI). This ETS defines the security related network functions for the Digital cellular telecommun

17、ications system (Phase 2). The specification from which this ETS has been derived was originally based on CEPT documentation, hence the presentation of this ETS may not be entirely in accordance with the ETSI rules. Transposition dates Date of adoption: Date of latest announcement of this ETS (doa):

18、 25 July 1997 30 November 1997 Date of latest publication of new National Standard or endorsement of this ETS (dop/e): 31 May 1998 I I Date of withdrawal of any conflicting National Standard (dow): 31 May 1998 STDmETSI ETS 300 534-ENGL 1497 = 3400855 0219577 TT3 Page 7 ETS 300 534 (GSM 03.20 version

19、 4.4.1): August 1997 O Scope This European Telecommunication Standard (ETS) specifies the network functions needed to provide the security related service and functions specified in technical specification GSM 02.09. This ETS does not address the cryptological algorithms that are needed to provide d

20、ifferent security related features. This topic is addressed in annex C. Wherever a cryptological algorithm or mechanism is needed, this is signalled with a reference to annex C. The references refers only to functionalities, and some algorithms may be identical or use common hardware. o. 1 Normative

21、 references This ETS incorporates by dated and undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions of any of these publ

22、ications apply to this ETS only when incorporated in it by amendment or revision. For undated references, the latest edition of the publication referred to applies. 1 I GSM O1 .O4 (ETR 100): “Digital cellular telecommunications system (Phase 2); Abbreviations and acronyms. Pl GSM 02.07 (ETS 300 505)

23、: “Digital cellular telecommunications 31 GSM 02.09 (ETS 300 506): “Digital cellular telecommunications 41 GSM 02.1 7 (ETS 300 509): “Digital cellular telecommunications 51 GSM 03.03 (ETS 300 523): “Digital cellular telecommunications (Phase 2); Mobile Station (MS) features“. (Phase 2); Security asp

24、ects“. (Phase 2); Subscriber identity modules Functional characteristics“. (Phase 2); Numbering, addressing and identification“. FI GSM 04.08 (ETS 300 557): “Digital cellular telecommunications (Phase 2); Mobile radio interface layer 3 specification“. 71 GSM 05.01 (ETS 300 573): “Digital cellular te

25、lecommunications (Phase 2); Physical layer on the radio path General description“. Pl GSM 05.02 (ETS 300 574): “Digital cellular telecommunications (Phase 2); Multiplexing and multiple access on the radio path“. 91 GSM 05.03 (ETS 300 575): “Digital cellular telecommunications (Phase 2); Channel codi

26、ng“. 1 o1 GSM 09.02 (ETS 300 599): “Digital cellular telecommunications (Phase 2); Mobile Application Part (MAP) specification“. 0.2 Abbreviations Abbreviations used in this ETS are listed in GSM 01.04. system system system system system system system system system Specific abbreviations used in ann

27、ex A are listed in clause A.3. Previous page is blank STD-ETSI ETS 300 534-ENGL 1977 3400855 0237578 73T M Page 8 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 1 General The different security related services and functions that are listed in GSM 02.09 are grouped as follows: - Subscriber ident

28、ity confidentiality; - Subscriber identity authentication; - Signalling information element and connectionless user data confidentiality and data confidentiality for physical connections (ciphering). It shall be possible to introduce new authentication and ciphering algorithms during the systems lif

29、etime. The fixed network may support more than one authentication and ciphering algorithm. The security procedures include mechanisms to enable recovery in event of signalling failures. These recovety procedures are designed to minimize the risk of a breach in the security of the system. General on

30、figures in this ETS: - In the figures below, signalling exchanges are referred to by functional names. The exact messages and message types are specified in GSM 04.08 and GSM 09.02. - No assumptions are made for function splitting between MSC (Mobile Switching Centre), VLR (Visitor Location Register

31、) and BSS (Base Station System). Signalling is described directly between MS and the local network (.e. BSS, MSC and VLR denoted in the figures by BSS/MSC/VLR). The splitting in annex A is given only for illustrative purposes. - Addressing fields are not given; all information relates to the signall

32、ing layer. The TMSI allows addressing schemes without IMSI, but the actual implementation is specified in the GSM 04-series. - The term HPLMN in the figures below is used as a general term which should be understood as HLR (Home Location Register) or AuC (Authentication Centre). - What is put in a b

33、ox is not part of the described procedure but it is relevant to the understanding of the figure. STD-ETSI ETS 300 534-ENGL 1977 3Li00855 0217577 87b D Page 9 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 2 Subscriber identity confidentiality 2.1 Generality The purpose of this function is to avo

34、id the possibility for an intruder to identify which subscriber is using a given resource on the radio path (ag. TCH (Traffic Channel) or signalling resources) by listening to the signalling exchanges on the radio path. This allows both a high level of confidentiality for user data and signalling an

35、d protection against the tracing of a users location. The provision of this function implies that the IMSI (International Mobile Subscriber Identity), or any information allowing a listener to derive the IMSI easily, should not normally be transmitted in clear text in any signalling message on the r

36、adio path. Consequently, to obtain the required level of protection, it is necessary that: - a protected identifying method is normally used instead of the IMSI on the radio path; and - the IMSI is not normally used as addressing means on the radio path (see GSM 02.09); - when the signalling procedu

37、res permit it, signalling information elements that convey information about the mobile subscriber identity must be ciphered for transmission on the radio path. The identifying method is specified in the following subclause. The ciphering of communication over the radio path is specified in clause 4

38、. 2.2 Identifying method The means used to identify a mobile subscriber on the radio path consists of a TMSI (Temporary Mobile Subscriber Identity). This TMSI is a local number, having a meaning only in a given location area; the TMSI must be accompanied by the LAI (Location Area Identification) to

39、avoid ambiguities. The maximum length and guidance for defining the format of a TMSI are specified in GSM 03.03. The neiwork (ag. a VLR) manages suitable data bases to keep the relation between TMSls and IMSls. When a TMSI is received with an LAI that does not correspond to the current VLR, the IMSI

40、 of the MS must be requested from the VLR in charge of the indicated location area if its address is known; otherwise the IMSI is requested from the MS. A new TMSI must be allocated at least in each location updating procedure. The allocation of a new TMSI corresponds implicitly for the MS to the de

41、-allocation of the previous one. In the fixed part of the network, the cancellation of the record for an MS in a VLR implies the de-allocation of the corresponding TMSI. To cope with some malfunctioning, e.g. arising from a software failure, the fixed part of the network can require the identificati

42、on of the MS in clear. This procedure is a breach in the provision of the service, and should be used only when necessary. When a new TMSI is allocated to an MS, it is transmitted to the MS in a ciphered mode. This ciphered mode is the same as defined in clause 4. The MS must store its current TMSI

43、in a non volatile memory, together with the LAI, so that these data are not lost when the MS is switched off. STD-ETSI EIS 300 534-ENGL 1997 W 3400855 0217580 598 W Page 10 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 2.3 Procedures This subclause presents the procedures, or elements of proced

44、ures, pertaining to the management of TMSls. 2.3.1 Location updating in the same MSC area This procedure is part of the location updating procedure which takes place when the original location area and the new location area depend on the same MSC. The part of this procedure relative to TMSI manageme

45、nt is reduced to a TMSI re-allocation (from TMSlo with “o“ for “old“ to TMSln with “n“ for “new“). The MS sends TMSio as an identifying field at the beginning of the location updating procedure. The procedure is schematized in figure 2.1. I Radio path 1 BSS/MSC/VLR LAI, TMSIo I Management of means f

46、or new ciphering I (see clause 41 I Allocation I of TMSIn Acknowledge De-allocation of TMSIo Figure 2.1: Location updating in the same MSC area Signalling Functionalities: Management of means for new ciphering: The MS and BSSIMSCNLR agree on means for ciphering signalling information elements, in pa

47、rticular to transmit TMSln. - - - STD-ETSI ETS 300 534-ENGL 1997 3400855 0237583 424 Page 11 ETS 300 534 (GSM 03.20 version 4.4.1): August 1997 2.3.2 This procedure is part of the location updating procedure which takes place when the original location area and the new location area depend on differ

48、ent MSCs, but on the same VLR. The procedure is schematized on figure 2.2. Location updating in a new MSCs area, within the same VLR area LAI, TMSIo T4 Management of means for new ciphering (see clause 4) of TMSIn (note) Cipher (TMSIn) (note) II Loc.Updating of TMSIo NOTE: From a security point of v

49、iew, the order of the procedures is irrelevant. Figure 2.2: Location updating in a new MSCs area, within the same VLR area Signalling functionalities: Loc. Updat ing : stands for Location Updating The BSS/MSCNLR indicates that the location of the MS must be updated. STD-ETSI ETS 300 534-ENGL 1997 M 3400855 0239582 3b0 Page 12 ETS 300 534 (GSM 03.20 verslon 4.4.1): August 1997 Sec.Rel.Inf Management of means for new ciphering (see clause 4) 2.3.3 Location updating In a new VLR; old VLR reachable This procedure is part of the normal location updating procedure, using TMSI and LAI,