ETSI ETS 300 614-1996 Digital Cellular Telecommunications System (Phase 2) Security Management (GSM 12 03 Version 4 2 0)《数字蜂窝通信系统(第2阶段) 安全管理(NM) GSM 12 03(版本4 2 0)》.pdf

1、EUROPEAN 1 ELECOMMUNICATION STANDARD ETC 300 614 August 1996 Source: ETSI TC-SMG - Reference: DE/SMG-O61203P ICs: 33.060.50 Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM) GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS Digital cellular telecommunications

2、 system (Phase 2); Security management (GSM 12.03) ETSI European Telecommunications Standards Institute ETSI Secretariat Postal address: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE X.400: c=fr, a=atlas, p=etsi, s=secretariat -

3、 internet: secretariatetsi.fr Tel.: +33 92 94 42 O0 - Fax: +33 93 65 47 16 Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. O European Telecommunications Standards Institute

4、1996. All rights reserved. _ ETSI ETS*300*614 96 m 3400855 0123606 L2T Page 2 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) Whilst every care has been taken in the preparation and publication of this document, errors in content, typographical or otherwise, may occur. If you have comments concer

5、ning its accuracy, please write to “ETSI Editing and Committee Support Dept.“ at the address shown on the title page. ETSI ETS*300*bL4 b 3i)00855 OL23b07 Obb Page 3 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) Contents Foreword . 7 Introduction 7 Scope g Normative references 9 Abbreviations .

6、11 Management of security features 12 4.1 Subscriber Identity (IMSI) confidentiality management 12 4.2 Subscriber Identity (IMSI) authentication management . 12 4.3 Data confidentiality over the air interface . 12 4.3.1 Encryption and algorithm management . 12 4.3.2 Key management 13 Management of M

7、obile Equipment security . 13 4.4 Security management mechanisms 14 5.1 System control mechanisms 14 5.2 Information gathering mechanisms . 14 5.2.1 Use of scanners 14 5.2.2 Audit trail mechanisms 14 Alarm reporting mechanisms . 15 5.3 Securitv Drocedures 16 6.1 6.2 6.3 6.4 6.5 6.6 ; REOIDTERED AS g

8、sm1203managedObjectClass 7); ETSI ETS*300*614 96 m 3400855 0123630 449 = Page 26 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) 7.2 Security attributes definitions 7.2.1 authenticationNecessaryWhen authenticationNecessaryWhen ATTRIBUTE WIT ATTRIBW SYNTAX GCM1203TypeModule.SecurityTriggers; BERAW

9、OUR authenticatiorilrlecessaryWhenBehaviour BERAWOUR DEFINED AS “This attribute defines which MAP procedures shall include authentication. Refer to subclause 6.2.1“; ; RWISTERED AS (gsml203attribute 1); 7.2.2 authenticationRetried Allowed authenticationRetriedA1lowed ATTRIBUTE WITH ATTRIBUTE SYUTAX

10、GSMl2O3TypeModule.AuthenticationRetriedllowed; BpHAvfOUR authenticationRetriedAllowedWhenBehaviour BERAVIOVR =FINED AS “This attribute defines whether the network can retry authentication in case of a TMSI authentication failure. Refer to subclause 6.2.2“; RoQISTBRED AS gsml203attribute 2); 7.2.3 nu

11、mberOfAuthenticationVectorsKept numberOfAuthenticationVectorsKept ATTRIBUTE WITH ATTRIBUTE SYNTAX GSM12O3TypeModuie.Nu1nberOfAuthenticationVectorsKept; BERAVIOUR number0fAuthenticationVectorsKeptBehaviour BERAWOUR DwIIarD AS “This attribute defines the number of authentication vectors to be kept in

12、the VLR. Refer to subclause 6.2.3“; RMISTlRkED AS (gsml203attribute 3); 7.2.4 authenticationVectorReuseAllowed authenticationVectorReuseAllowed ATTRIBUTE WITH ATTRIBUTE SYNTAX GSMl2O3TypeModule.AuthenticatonVectorReuseAllowed; BHIAVIOUR authenticationVectorReuseAllowedBehaviour BERAWOUR DEFINED AS *

13、This attribute defines whether the VLR can reuse authentication vectors. Refer to subclause 6.2.3“; RMIsTmED AS gsml203attribute 4); 7.2.5 allocateNewTMSI When allocateNewTMCIWhen ATTRIBUTE WITH ATTRIBUTE SYNTAX GSM1203TypeModule.SecurityTriggers; BEHAVIOCIR allocateNewTMSIWhenBehaviour BEHAVIOVR DE

14、FINED AS “This attribute defines which MAP procedures should include TMSI reallocation. Refer to subclause REGISTERED AS (gsml203attribute 51; 6.1.2“; ; 7.2.6 checklMEIWhen checkIMEIWhen ATTRIBUTE WITH ATTRIBUTE SYNTAX GSM12O3TypeModule.SecurityTriggers; BEHAVIOVR checkIMEIWhenBehaviour BEHAVIOUR DE

15、FINED AS “This attribute defines which MAP procedures should include the request of the IMEI. Refer to subclause 6.4.1“; FUR3ISTERED AS (gsml203attribute 6); 7.2.7 encryptionControl encryptioncontrol ATTRIBUTE WITH ATTRIBUTE SYNTAX GSM12O3TypeModule.EncryptionControl; BEHAVIOUR encryptionControlBeha

16、viour BHIILviOUR DEFINED AS “This attribute defines whether encryption is not necessary, desirable or mandatory . Refer to subclause 6.3.1“; REGISTERED AS (gsml203attribute 7); ETSI ETS%380*614 96 m 3400855 0123b33 385 = Page 27 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) 7.2.8 algorithmListM

17、SC algorithmListMSC ATTRIBUTE WITH ATTRIBUTE SYNTAX GSMl203TypeModule.CipheringAlgorithmList; BEHAVIOUR algorithmListMSCBehaviour BEHAVIOUR DEFINED AS u This attribute defines the list of ciphering algorithms supported by the MSC. Refer to subclause 6.3.2“; ; REQIBTEIWD AS gsml203attribute 81; 7.2.9

18、 algorithmListBTS algorithmListBTS ATTRIUTE WITXI ATTRIERFFE MAX GSM1203TypeModule.CipheringAlgorithmList; BHUVIOUR algorithmlistBTCBehaviour BEEAVIOUR DSFINED AS “This attribute defines the list of ciphering algorithms supported by the BTS. Refer to subclause 6.3.2 “;i REQIBTERED AS gcml203attribut

19、e 9); 7.2.1 O threshold threshold ATTRIBUTE WITS ATTRIBUTE SYNTAX GSM1203TypeModule.Threshold; -VIOUR thresholdBehaviour BHUVIOUR DEFINED AB “This attribute controls the generation of alarms. Refer to subclause 6.6.1.8“; RSQIBmD AS gsml203attribute 101; 7.2.1 1 vlrl203AuthenticationFunctionId vlrl20

20、3AuthenticationFunctionId ATTRIBUTJE WITS ATTRIBUTS SYNTAX GSMl203TypeModule.Identifier; BElIWIovR vlr12O3AuthenticationFunctionBehaviour mVIovR DE?INSD A8 “This ATTRIBUTE is the unique identifier for an instance of the object class vlrl203authenticationFunction“; REQIBTERED AS gsml203attribute 11);

21、 7.2.12 vlrl203SubscriberldFunctionld vlrl203SubscriberIdFunctionId ATTRIBUTE WI!PI ATTRIBUTS BmNC GSM1203TypeModule.Identifier; BEHAVIOUR vlr1203SubscriberIdFunctionIdBehaviour BHIAVIOUR DEFINED AS “This ATTRIBUTE is the unique identifier for an instance of the object class vlrl203subscriberIdFunct

22、ion“; REQISTERl!D M (gsml203attribute 121; 7.2.13 vlrl203EquipmentldFunctionld vlr1203EquipmentIdFunctionId ATTRIBUTE WITH ATTRIBUTE SYNTAX GSM1203TypeModule. Identifier; BEHAVIOUR vlr1203EquipmentFunctionIdBehaviour BIsHAVIOR DSFINSD AS “This ATTRIBUTE is the unique identifier for an instance of th

23、e object class vlrl203EquipmentIdFunction“; RSGISTSFUED M Igsml203attribute 131; 7.2.14 mscl203EncryptionFunctionld mscl203EncryptionFunctionId ATTRIBUTS WITH AmIBTE SYNTAX GSM1203TypeModule.Identifier; BHUVIOOR msc1203EncryptionFunctionIdBehaviour BnHAVIOOR DEFINED AS “This ATTRIBUTE is the unique

24、identifier for an instance of the object class msc12O3EncryptionFunctionId“; RBGISTILRED M (gsml203attribute 14); ETSI ETS*30O*h14 %b 9 3400855 0123632 211 Page 28 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) 7.2.1 5 mscl2031MSIConfidentialityFunctionld mscl203IMSlConfidentialityFunCtionId ATT

25、RIBUTE WITH ATTRIBUTE SYNTAX GSM1203TypeModule.Identifier; BKXAVIOIJR mccl203IMSIConfidentialityFunctionIdBehaviour VLOVR DEP1-D AS “This ATTRIBUTE is the unique identifier for an instance of the object class msc2O3IMSIConfidentialityFunction“; REGIS- M (gsmlZO3attribute 151; 7.2.16 hlrl203Subscribe

26、rldFunctionld hlrl203SubscriberIdFunctionId ATTRIBUTE WITH ATTRIBUTE -AX GSM1203TypeModule.Identifier; BEHAVIOUR hlrl203subscriberhtionIdBehaviour BEEWovR DEFINED AS “This ATTRIBUTE is the unique identifier for an instance of the object class hlr1203subscriberIdFunction“; RWISTERED AB (gsml203attrib

27、ute 161; 7.2.17 btsl203EncryptionFunctionld btsl203EncryptionFtionId ATTRIBUTE WTH ATTRIBUTE SYNTAX GSM1203TypeModule.Identifier; BHUVIOVR btslZ03EncryptionFunctionIdBehaviour BHIiLVIUR DEFIHZD AS “This ATTRIBUTE is the unique identifier for an instance of the object class btsl203EncryptionFunction“

28、; REGISTERED AS (gsmlZO3attribute 17); - - ETSI ETS*3QQ+b14 9h 3400855 0123b33 i158 W Page 29 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) 7.3 Notifications The notifications identified for security management are specified by CCiTT. They are listed below: “Recommendation X.721: 1 992“.securit

29、yServiceOrMechanismVioiation “Recommendation X.721:1992“.integrityViolation “Recommendation X721 :I 992“.objectCreation “Recommendation X721:1992“.objectDeietion The latter 2 notifications are contained in the createDeleteNotificationsPackage package defined in CCilT recommendation M.3100 24. 7.4 Na

30、me bindings 7.4.1 vlrl2O3AuthenticationFunction vlr1203AuthenticationFunction-vlrFunction NAME BINDIW BUBRDINATE OBJSCT CLASS vlrl203AuthenticationFunction; NAMED BY SUPERIOR OBJECT CLASS “GSM 12.00 : 1994“. vlrFunction; WITH ATTRIBUTE vlr1203AuthenticationFunctionId; CREATE8 DEUSTE; REQISmD AS gsml

31、203nameBinding 1); 7.4.2 vlrl203SubscriberldFunction vlr1203SubccriberIdFunction -virFunction NAME BINDIW SUBORDINATE OBJECT CwgS vlrl203SubscriberIdFunction; -D BY SUPERIOR OBJICT CUSS *GSM 12.00 : 1994“. vlrFunction; WIT% ATTRIBUTE vlrl203SubscriberIdFunctionId; CREkTsI =-TE# REQISTERED AS (gsml20

32、3nameBinding 2); 7.4.3 vlrl203EquipmentldFunction vlrl203EquipmentIdFunction -vlrFunction “E BINDJXW SUBORDINATE OBJECT CLASB vlsl203EquipmentIdFunction; “ED BY SUPERIOR OBJECT CUSS “GSM 12.00 : 1994“. vlrfunction; WITH A!TTRIBUTP vlrl203EquipmentIdFunctionId; -=I mLETs; REGIS-D AS (gsml203nameBindi

33、ng 3); 7.4.4 mscl203EncryptionFunctEon msc1203EncryptionFunction mccFunction NAME BINDING SUBORDINATE OBJECT CLASS mscl203EncryptionFunction; NAMED BY SUPERIOR OBJKCT CLASS “GSM 12.00 : 1994“. mscFunction; WITR ATTRIBDTE mscl203EncryptionRinclionId; -ml mmTXj REGISTERED AS (gsml203nameBinding 4); 7.

34、4.5 mscl2031MSIConfidentialityFunction rnscl203IMSIConfidentialityFuncton -mccFunction NMlZ BINDING BWORDINATE OBJECT CUSS mscl2O3IMSIConfidentialityFunction; NMED BY SUPERIOR OBJECT CLASS “GSM 12.00 : 1994“. mscFunction; WITH ATTRIBUTE mccl203IMSIConfidentialityFunctionId; CREATE; DELETE; REOISTERE

35、D AS gsml203nameBinding 5); - - ETSI ETS*300*614 96 3480855 0123634 O74 Page 30 ETS 300 614: August 1996 (GSM 12.03 version 4.2.1) 7.4.6 hlrl203SubscriberldFunction hlrl203SubscriberIdFunction -hlrFunction BINDIN BBORDTmWE OBJECT CLASS hlrl23SubscriberIdFction; NAMED BY WPSRIOR OBJECT CLASS “GSM 12.

36、00 : 1994“. hlrFunction; WIN ATTRIBUTE hlrl203CubscriberIdFunctionId; CREATE1 DELETE# RBGISmD M gsml203nameBinding 6); 7.4.7 btsl203EncryptionFunction btsl23EncryptionFunction -bts “E BINDI- SOBORDILPATL OBJPCT CLASS btrl203EncryptionFunction; IPAWD BY IIIVPSRIOR OBJECT CLABS “GSM 12.20 : 1994“.bts; WITB ATTRIBUTE bt1203EncryptionFunctionId; CREKTEI WmI RMIISTPRID M (gsm1203nameBinding 7);