ETSI TR 103 502-2017 Reconfigurable Radio Systems (RRS) Applicability of RRS with existing Radio Access Technologies and core networks Security aspects (V1 1 1).pdf

1、 ETSI TR 103 502 V1.1.1 (2017-09) Reconfigurable Radio Systems (RRS); Applicability of RRS with existing Radio Access Technologies and core networks; Security aspects TECHNICAL REPORT ETSI ETSI TR 103 502 V1.1.1 (2017-09) 2 Reference DTR/RRS-0314 Keywords radio, safety, security ETSI 650 Route des L

2、ucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/sta

3、ndards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in conte

4、nts between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status.

5、 Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copy

6、right Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The

7、 copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members

8、 and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TR 103 502 V1.1.1 (2017-09) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5

9、g3Executive summary 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 OSI stack mapping to RRS . 9g34.1 OSI protocol stack overview 9g34.2 OSI layers and security mechanisms 10g34

10、.2.1 Threats and countermeasures 10g34.2.2 Radio link specificity of countermeasures 10g34.3 Core elements of the RRS model . 11g34.4 Applicability of RVM to radio terminal computing . 11g34.5 Notification of Radio App availability . 12g35 Security provisions in 3GPP SAE and LTE . 12g35.1 Security a

11、rchitecture for 3GPP . 12g35.2 Radio channels in 3G SAE/LTE . 13g35.3 Security functions mapping to radio in 3G SAE/LTE 13g35.3.1 General overview 13g35.3.2 u-SIM and identity management . 13g35.3.2.1 Overview . 13g35.3.2.2 Provision of subscriber identity. 13g35.3.2.3 Provision of device identity 1

12、4g36 Security provisions in IEEE 802.11 systems 15g36.1 System overview 15g36.2 IEEE 802.11 key management systems 16g36.3 IEEE 802.1X key management systems . 16g37 Physical layer security provisions in RRS 17g3Annex A: Language-theoretic security in RRS . 18g3A.1 Overview 18g3A.1.1 Introduction 18

13、g3A.1.2 Weird machine . 18g3A.1.3 Grammar type, computational complexity and decidability . 19g3A.1.4 Semantic security and computational equivalence of protocol endpoints 20g3A.1.5 Trustworthiness of a system as a composition of sub-systems . 20g3A.1.6 Core principles . 21g3A.1.6.1 Simplicity and d

14、ecidability . 21g3A.1.6.2 Strength of the recognizer . 21g3A.1.6.3 Principle of minimal computation power 21g3A.1.6.4 Secure composition with parser computational equivalence 21g3A.1.7 Language-theoretic approach as a tool for security auditors and adversaries . 22g3A.2 Applicability to Reconfigurab

15、le Radio Systems 22g3Annex B: Review of push mechanisms . 23g3ETSI ETSI TR 103 502 V1.1.1 (2017-09) 4 B.1 Overview 23g3B.2 Generic IP-based push mechanism . 23g3B.2.1 Introduction 23g3B.2.2 Services operated by third-parties 23g3B.2.3 Security considerations . 24g3B.2 Push mechanism adapted to cellu

16、lar networks . 24g3B.2.1 Introduction 24g3B.2.2 General principles. 25g3B.2.3 Adaption to network bearers 25g3B.2.3.1 Overview of adaption process . 25g3B.2.3.2 Point-to-point delivery 25g3B.2.3.3 Point-to-multipoint delivery 26g3B.2.4 Security considerations . 26g3B.3 Security properties of data an

17、d notification services in 3GPP networks 26g3B.3.1 Introduction 26g3B.3.2 Data service 27g3B.3.3 Cell Broadcast Service . 27g3B.3.4 Short Message Service . 27g3B.3.5 Security considerations . 27g3Annex C: Bibliography 29g3History 30g3ETSI ETSI TR 103 502 V1.1.1 (2017-09) 5 Intellectual Property Righ

18、ts Essential patents IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights

19、(IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has b

20、een carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradena

21、mes which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitu

22、te an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Reconfigurable Radio Systems (RRS). Modal verbs terminology In the present document “should“, “should not“, “may“, “nee

23、d not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Executive summary The introducti

24、on of RRS capability is shown not to inhibit the provision of the security mechanisms of existing radio access technologies. The reason, shown in the present document, is that the security capabilities for common radio technologies (e.g. LTE/SAE, IEEE 802.11) are present at layers 2 and higher in th

25、e OSI protocol stack, whereas the novel features of RRS apply to the means to provision layer 1. It is highlighted however that a Radio Application addresses a complete protocol stack and provision of all layers of the protocol stack in a single software package may require special provisions in the

26、 Reconfigurable Equipment to enable full network communication. ETSI ETSI TR 103 502 V1.1.1 (2017-09) 6 1 Scope The present document shows a mapping of existing Radio Access Technologies (RATs) to the Reconfigurable Radio System (RRS) model in order to identify missing security requirements, in part

27、icular identify the boundary of an RRS Radio Application with regard to the security functions present in existing RAT. Recognizing that a RAT is not bound to a single link but may be supported by functions in the network the present document also considers the role of core networks in supporting an

28、y triggering of the Reconfigurable Equipment to reconfigure itself using a push mechanism. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative references References are either specific (identified by date of publication and/or editio

29、n number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publicatio

30、n ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TS 133 401: “Digital cellular telecommunications system (Phase 2+) (GSM); Uni

31、versal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401)“. i.2 ISO/IEC 7498-1:1994 “Information technology - Open Systems Interconnection - Basic Reference Model: The Basic Model“. i.3 ETSI TR 102 945: “Reconfigurable Radio

32、 Systems (RRS); Definitions and abbreviations“. i.4 ETSI EN 303 095: “Reconfigurable Radio Systems (RRS); Radio Reconfiguration related Architecture for Mobile Devices“. i.5 Len Sassaman, Meredith L. Patterson, Sergey Bratus, Michael E. Locasto, Anna Shubina: “Security Applications of Formal Languag

33、e Theory“. i.6 Noam Chomsky: “On certain formal properties of grammars“, Information and Computation/information and Control, vol. 2, pp. 137-167, 1959. i.7 Michael Sipser: “Introduction to the Theory of Computation“, Second Edition, International Edition, Thompson Course Technology, 2006. i.8 Seymo

34、ur Ginsburg and Sheila Greibach: “Deterministic context free languages“, in Proc. 6th Symp. Switching Circuit Theory and Logical Design, 1965, pp. 203-220. i.9 Dan Kaminsky, Meredith L. Patterson and Len Sassaman: “PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure“. i.10

35、Travis Goodspeed, Sergey Bratus, Ricky Melgares, Rebecca Shapiro and Ryan Speers: “Packets in Packets: Orson Welles In-Band Signaling Attacks for Modern Radios“, 5th USENIX Workshop on Offensive Technologies, August 2011. i.11 Open Mobile Alliance. OMA-AD-Push-V2-3: “Push Architecture“. NOTE: Availa

36、ble at http:/www.openmobilealliance.org/. ETSI ETSI TR 103 502 V1.1.1 (2017-09) 7 i.12 WAP Forum WAP-230-WSP: “Wireless Session Protocol“. NOTE: Available at http:/www.openmobilealliance.org/. i.13 WAP Forum: “Wireless Application Protocol“. NOTE: Available at http:/www.openmobilealliance.org/. i.14

37、 IETF RFC 2616: “Hypertext Transfer Protocol - HTTP/1.1“. i.15 IETF RFC 793: “Transmission Control Protocol“. i.16 IETF RFC 3261: “Session Initiation Protocol“. i.17 ETSI TS 123 228: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE;

38、 IP Multimedia Subsystem (IMS); Stage 2 (3GPP TS 23.228)“. i.18 ETSI TS 122 146: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Multimedia Broadcast/Multicast Service (MBMS); Stage 1 (3GPP TS 22.146)“. i.19 Open Mobile Alliance: “OMA M

39、obile Broadcast Services“. NOTE: Available at http:/www.openmobilealliance.org/. i.20 3GPP2 C.S0070-0: “Broadcast Multicast Services (BCMCS) Codecs and Transport Protocols“. i.21 ETSI EN 302 304: “Digital Video Broadcasting (DVB); Transmission System for Handheld Terminals (DVB-H)“. i.22 ETSI TS 123

40、 041: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Technical realization of Cell Broadcast Service (CBS) (3GPP TS 23.041)“. i.23 ETSI TS 142 009: “Digital cellular telecommunications system (Phase 2+); Security aspects (3GPP TS 42.0

41、09)“. i.24 ETSI TS 125 302: “Universal Mobile Telecommunications System (UMTS); Services provided by the physical layer (3GPP TS 25.302)“. i.25 ETSI TS 123 040: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Technical realization of t

42、he Short Message Service (SMS) (3GPP TS 23.040)“. i.26 ETSI TS 123 204: “Universal Mobile Telecommunications System (UMTS); LTE; Support of Short Message Service (SMS) over generic 3GPP Internet Protocol (IP) access; Stage 2 (3GPP TS 23.204)“. i.27 ETSI TS 124 011: “Digital cellular telecommunicatio

43、ns system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Point-to-Point (PP) Short Message Service (SMS) support on mobile radio interface (3GPP TS 24.011)“. i.28 ETSI TS 144 003: “Digital cellular telecommunications system (Phase 2+) (GSM); Mobile Station - Base Station S

44、ystem (MS - BSS) Interface Channel Structures and Access Capabilities (3GPP TS 44.003)“. i.29 ETSI TS 143 020: “Digital cellular telecommunications system (Phase 2+) (GSM); Security related network functions (3GPP TS 43.020)“. i.30 ETSI TS 144 064: “Digital cellular telecommunications system (Phase

45、2+) (GSM); Mobile Station - Serving GPRS Support Node (MS-SGSN); Logical Link Control (LLC) Layer Specification (3GPP TS 44.064)“. ETSI ETSI TR 103 502 V1.1.1 (2017-09) 8 i.31 ETSI TS 124 008: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (U

46、MTS); LTE; Mobile radio interface Layer 3 specification; Core network protocols; Stage 3 (3GPP TS 24.008)“. i.32 ETSI TS 144 018: “Digital cellular telecommunications system (Phase 2+) (GSM); Mobile radio interface layer 3 specification; GSM/EDGE Radio Resource Control (RRC) protocol (3GPP TS 44.018

47、)“. i.33 ETSI TS 124 341: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Support of SMS over IP networks; Stage 3 (3GPP TS 24.341)“. i.34 GSM Association IR.92: “IMS Profile for Voice and SMS“. i.35 ETSI TS 131 102: “Universal Mo

48、bile Telecommunications System (UMTS); LTE; Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102)“. i.36 ETSI TS 131 101: “Universal Mobile Telecommunications System (UMTS); LTE; UICC-terminal interface; Physical and logical characteristics (3GPP TS 31.101)“

49、. i.37 IEEE 802.11TM: “IEEE Standard for Information technology - Telecommunications and information exchange between systems Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications“. i.38 ETSI TS 122 016: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; International Mobile station Equipment Identities (IMEI) (3GPP TS 22.016)“