ETSI TR 102 512-2006 Terrestrial Trunked Radio (TETRA) Security Security requirements analysis for modulation enhancements to TETRA《陆地集群无线电(TETRA) 安全性 TETRA调制增强的安全要求分析》.pdf

1、 ETSI TR 102 512 V1.1.1 (2006-08)Technical Report Terrestrial Trunked Radio (TETRA); Security; Security requirements analysis for modulation enhancements to TETRAETSI ETSI TR 102 512 V1.1.1 (2006-08) 2 Reference DTR/TETRA-06139 Keywords analysis, security, TETRA ETSI 650 Route des Lucioles F-06921 S

2、ophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org

3、 The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI

4、 printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.

5、org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing

6、 restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETS

7、I for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 512 V1.1.1 (2006-08) 3 Contents Intellectual Property Rights5 Foreword.5 1 Scope 6 2 References 6 3 Definitions and abbreviations.7 3.1

8、 Definitions7 3.2 Abbreviations .8 4 Communications security model 8 4.1 Introduction 8 4.2 General model identifying security relationships .9 4.3 TVRA development model.10 5 Security objectives .11 5.1 General objectives 11 5.2 Objectives from the legislative framework.11 5.2.1 Privacy11 5.2.2 Dat

9、a protection12 5.2.3 Security order12 5.2.4 Lawful Interception.12 5.2.5 Contract 12 5.3 Summary 12 6 Vulnerability analysis.13 6.1 Introduction 13 6.2 TETRA system under evaluation .15 6.3 TETRA use cases (security scenarios) .15 6.3.1 Point to point communication within single TETRA SwMI.15 6.3.2

10、Point to multipoint communication within single TETRA SwMI 15 6.3.3 Broadcast communication within single TETRA SwMI 15 6.3.4 Point to point communication within multiple TETRA SwMIs .15 6.3.5 Point to multipoint communication within multiple TETRA SwMIs.15 6.3.6 Broadcast communication within multi

11、ple TETRA SwMIs .15 6.4 Overview of existing TETRA security measures .16 6.4.1 Security analysis and recommendation.16 6.4.2 Air interface capabilities.16 6.4.2.1 Security profiles or classes16 6.4.2.2 Authentication.16 6.4.2.3 Over the air key management support.16 6.4.2.4 Encryption.17 6.4.2.5 Ove

12、r the Air enable and disable 17 6.4.3 Crypto capabilities 17 6.4.3.1 TAA1 17 6.4.3.2 TEAx.17 6.4.3.2.1 Overview .17 6.4.3.2.2 TEA1 .17 6.4.3.2.3 TEA2 .17 6.4.3.2.4 TEA3 .17 6.4.3.2.5 TEA4 .17 6.5 System capabilities not covered by existing TETRA security measures18 6.5.1 PEI 18 6.5.1.1 Overview.18 6

13、.5.1.2 Objectives19 6.5.1.3 Threats and threat agents.19 6.5.1.4 Summary of unwanted incidents .19 6.5.2 ISI .19 ETSI ETSI TR 102 512 V1.1.1 (2006-08) 4 6.5.3 IP.20 6.5.4 Application level security .20 7 Identification of requirements for countermeasures.20 7.1 Overview 20 7.2 TETRA air interface mo

14、difications 20 7.2.1 Outline of modifications to TETRA air interface security21 History 23 ETSI ETSI TR 102 512 V1.1.1 (2006-08) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essentia

15、l IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates ar

16、e available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI

17、Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Terrestrial Trunked Radio (TETRA). ETSI ETSI TR 102 512 V1.1.1 (2006-08) 6 1 Scope The present document updates the threat analysis pr

18、esented in ETR 086-3 1 with respect to new services and capabilities offered by the enhancements to TETRA that aim to provide alternative modulation schemes with a view to offering higher data transmission rates. NOTE: The analysis provided by ETR 086-3 1 remains valid and the recommendations made b

19、y that document remain in force. In clause 7 the analysis identifies security extensions required for EN 300 392-7 3. 2 References For the purposes of this Technical Report (TR), the following references apply: 1 ETSI ETR 086-3: “Trans European Trunked Radio (TETRA) systems; Technical requirements s

20、pecification; Part 3: Security aspects“. 2 ISO/IEC 9798-2: “Information technology - Security techniques - Entity authentication: Part 2: Mechanisms using symmetric encipherment algorithms“. 3 ETSI EN 300 392-7: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security“. 4 ETSI TR

21、101 053-1: “Security Algorithms Group of Experts (SAGE); Rules for the management of the TETRA standard encryption algorithms; Part 1: TEA1“. 5 ETSI TR 101 053-2: “Security Algorithms Group of Experts (SAGE); Rules for the management of the TETRA standard encryption algorithms; Part 2: TEA2“. 6 ETSI

22、 TR 101 053-3: “Security Algorithms Group of Experts (SAGE); Rules for the management of the TETRA standard encryption algorithms; Part 3: TEA3“. 7 ETSI TR 101 053-4: “Security Algorithms Group of Experts (SAGE); Rules for the management of the TETRA standard encryption algorithms; Part 4: TEA4“. 8

23、ETSI TR 101 052: “Security Algorithms Group of Experts (SAGE); Rules for the management of the TETRA standard authentication and key management algorithm set TAA1“. 9 ETSI EN 300 392-5: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 5: Peripheral Equipment Interface (PEI)“. 10 ETSI

24、TS 101 331: “Telecommunications security; Lawful Interception (LI); requirements of Law Enforcement Agencies“. 11 ETSI ETR 332: “Security Techniques Advisory Group (STAG); Security requirements capture“. 12 ISO/IEC 15408-1: “Information technology - Security techniques - Evaluation criteria for IT s

25、ecurity - Part 1: Introduction and general model“. 13 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements“. 14 ISO/IEC 15408-3: “Information technology - Security techniques - Evaluation criteria for IT secur

26、ity - Part 3: Security assurance requirements“. 15 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. NOTE: When referring to all parts of ISO/IEC 15408 the reference above is used. ETSI ETSI TR 102 512 V1.1.1 (2006-08) 7 16 Common Methodology for In

27、formation Technology Security Evaluation; Evaluation methodology; July 2005; Version 3.0 Revision 2 (CCMB-2005-07-004). 17 Directive 2002/19/EC of the European Parliament and of the Council on access to, and interconnection of, electronic communications networks and associated facilities (Access Dir

28、ective - OJ L 108, 24.04.2002). 18 Directive 2002/20/EC of the European Parliament and of the Council of 7 March 2002 on the authorization of electronic communications networks and services (Authorisation Directive - OJ L 108, 24.04.2002). 19 Directive 2002/21/EC of the European Parliament and of th

29、e Council on a common regulatory framework for electronic communications networks and services (Framework Directive - OJ L 108, 24.04.2002). 20 Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on Universal service and users rights relating to electronic communicatio

30、ns networks and services (Universal Service Directive - OJ L 108, 24.04.2002). 21 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy

31、and electronic communications - OJ L 201, 31.07.2002). 22 ETSI TS 100 392-3-6: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 3: Interworking at the Inter-System Interface (ISI); Sub-part 6: Speech format implementation for circuit mode transmission“. 23 ETSI TS 100 392-3-7: “Terres

32、trial Trunked Radio (TETRA); Voice plus Data (V+D); Part 3: Interworking at the Inter-System Interface (ISI); Sub-part 7: Speech Format Implementation for Packet Mode Transmission“. 24 ITU-T Recommendation v.24: “List of definitions for interchange circuits between data terminal equipment (DTE) and

33、data circuit-terminating equipment (DCE)“. 25 ITU-T Recommendation v.28: “Electrical characteristics for unbalanced double-current interchange circuits“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETR 086-3 1 apply. 3.

34、2 Abbreviations For the purposes of the present document, the following abbreviations apply: 3GPP 3rd Generation Partnership Project AI Air Interface AT Access Terminal CCK Common Cipher Key DCK Derived Cipher Key ESI Encrypted Short Identity GTSI Group TETRA Subscriber Identity IP Internet Protocol

35、 ISI Inter System Interface IT Information Technology ITSI Individual TETRA Subscriber Identity KSS Key Stream Segment ETSI ETSI TR 102 512 V1.1.1 (2006-08) 8 MS Mobile Station MoU SFPG Memorandum of Understanding Security and Fraud Prevention Group MT Mobile Terminal MT2 Mobile Termination type 2 O

36、TAR Over The Air Rekeying PC Personal ComputerPEI Peripheral Equipment Interface PDU Protocol Data Unit PSTN Public Switched Telecommunications Network QAM Quadrature Amplitude Modulation SAGE Security Algorithm Group of Experts SIM Subscriber Identity Module SwMI Switching and Management Infrastruc

37、ture TAA1 TETRA Authentication and key management Algorithm suite 1 TDMA Time Division Media Access TE Terminal Equipment TE2 Terminal Equipment type 2 TEAx TETRA Encryption Algorithm number x TETRA TErrestrial Trunked RAdio TNP1 TETRA Network Protocol No. 1 TOE Target Of Evaluation TVRA Threat Vuln

38、erability Risk Assessment TVP Time Variant Parameter UML Unified Modelling Language USB Universal Serial Bus WG6 EPT Security working group 4 Communications security model 4.1 Introduction In the context of the present document, security means to be assured that the risk of a weakness being exploite

39、d either intentionally or unintentionally is low. Many standards include aspects of security, such as: confidentiality; integrity; availability. ETSI ETSI TR 102 512 V1.1.1 (2006-08) 9 The goals of security and of evaluation are: to provide product owners with confidence that countermeasures bring t

40、he risk to assets to an acceptable level; to implement assurance techniques which give confidence that countermeasures bring the risk to assets to an acceptable level; to ensure that evaluation provides evidence of assurance giving confidence that countermeasures bring the risk to assets to an accep

41、table level. The standardization process plays a significant role in achieving these objectives. Firstly, in order to ensure that the requirements identified in a standard are expressed accurately, clearly and unambiguously, a standard is critically reviewed by its potential implementors. Such revie

42、w, along with other validation techniques, helps to provide the assurance that any specified countermeasures will, in fact, minimize risk. Secondly, a protocol standard is accompanied by a conformance test specification which can be used in the evaluation process to provide evidence that any counter

43、measures required by the protocol standard have been implemented correctly in a product. 4.2 General model identifying security relationships Figure 1 shows a generic system model and the relationship of its components to each other. In order to assess a system it is necessary to identify the system

44、 components as these form the assets of the system under threat that may require protection by means of countermeasures. cd General model asse tDesignModuleVulnerabilityObservedVulnerabilityThreatAssessedThreat Wea kne ssObservedWeaknessSystemDesignCountermeasureSecCountermeasureFigure 1: UML model

45、of generic system security design ETSI ETSI TR 102 512 V1.1.1 (2006-08) 104.3 TVRA development model In order to allow visibility there should be a clearly visible path identifying “Objective“ to “Requirement“ and of “Vulnerability“ to “Threat“ to “Risk“. Establish Security Objectives Carry Out Vuln

46、erability Analysis ( Objectives ) Specify Security Requirements System Design Security Objectives Assurance Objectives Threats Security Requirements Security Services Security Architecture Security Mechanisms Carry Out Vulnerability Analysis ( Requirements ) Carry Out Vulnerability Analysis ( System

47、 ) Key : Process Process Input / Output Information Control Figure 2: Structure of security analysis and development in standards documents For the purposes of analysis, all assets should be considered to have weaknesses. ETSI ETSI TR 102 512 V1.1.1 (2006-08) 115 Security objectives 5.1 General obje

48、ctives The objectives to be met for systems in general, and for systems where the initial link is by radio in particular, where such systems are provisioned for commercial purposes, are summarized in the following bullets: to be able to prove the of identity of users and networks; to ensure confiden

49、tiality of communication; to ensure integrity of communication; to ensure the rights of privacy of the systems users; NOTE: This is an objective that is maintained in law. to ensure the correct charging of the systems users; security management: - The complex security functions within the network call for sophisticated control and management. The management functions are security critical themselves and, therefore, subject to security requirements. 5.2 Objectives from the legislative f