ImageVerifierCode 换一换
格式:PDF , 页数:20 ,大小:140.10KB ,
资源ID:736495      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-736495.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 103 565-2-2018 TETRA and Critical Communications Evolution (TCCE) Interworking between TETRA and 3GPP mission critical services Part 2 Security of interworking between TETR.pdf)为本站会员(王申宇)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 103 565-2-2018 TETRA and Critical Communications Evolution (TCCE) Interworking between TETRA and 3GPP mission critical services Part 2 Security of interworking between TETR.pdf

1、 ETSI TR 103 565-2 V1.1.1 (2018-05) TETRA and Critical Communications Evolution (TCCE); Interworking between TETRA and 3GPP mission critical services; Part 2: Security of interworking between TETRA and Broadband applications TECHNICAL REPORT ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)2 Reference DTR/TCC

2、E-06192 Keywords broadband, radio, TETRA ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The pr

3、esent document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of E

4、TSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that

5、 the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services:

6、 https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall n

7、ot be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMar

8、e trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)3 Contents Intellect

9、ual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 Interworking overview . 7g34.1 Interworking realizat

10、ion . 7g34.2 Use cases 8g34.3 Security aspects of interworking 8g35 Threats 8g35.1 General . 8g35.2 Masquerade and impersonation 8g35.3 Eavesdropping 9g35.4 Traffic analysis . 9g35.5 Denial of service . 9g35.6 Manipulation/insertion . 10g35.7 Extraction of security information 10g35.8 Replay 10g35.9

11、 Repudiation 10g36 Security measures . 10g36.1 Service authorization 10g36.2 User authentication . 11g36.3 System authentication . 11g36.3.1 Interface authentication . 11g36.3.2 System authentication by IWF 11g36.4 Signalling protection 11g36.5 Traffic protection 11g36.6 Key management 12g36.6.1 TET

12、RA air interface security 12g36.6.2 MC service signalling security 12g36.6.3 Speech security . 12g36.6.3.1 Encryption translation . 12g36.6.3.2 Fully end to end . 13g36.7 Policy, auditing and reporting 13g36.8 Solution implementation 13g37 Threat - Security Measure Analysis . 13g37.1 Threat Summary

13、. 13g37.2 Security Measure Summary . 14g37.3 Cross Reference Table 16g38 Candidate solutions for standardization . 18g38.1 General . 18g38.2 Candidate measures for standardization . 18g38.2.1 M6.1 Service authorization . 18g38.2.2 M6.2 User authentication 18g38.2.3 M6.3 Interface authentication . 18

14、g3ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)4 8.2.4 M6.4 Signalling protection . 18g38.2.5 M6.5 Traffic confidentiality 18g38.2.6 M6.6 Key management . 18g38.2.7 M6.7 Policy, auditing and reporting . 19g38.2.8 M6.8 Solution implementation . 19g39 Conclusions 19g3History 20g3ETSI ETSI TR 103 565-2 V1.1.

15、1 (2018-05)5 Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI S

16、R 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no inv

17、estigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present docum

18、ent may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks

19、in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee TETRA and Critical Communications Evolution (TCCE). Modal verbs terminology In

20、 the present document “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when

21、used in direct citation. Introduction TETRA users are adopting broadband technologies based on 3GPP LTE for critical communications to add new services and capabilities to their operations. TETRA systems are required to work alongside and together with such broadband critical communications systems

22、to enable the users to benefit from the strengths of both technologies. Interworking is necessary with both the developing suite of 3GPP Mission Critical applications including MCPTT and MCData applications, and also with more general use of broadband networks for enhanced bandwidth and higher speed

23、 general data applications. The present document describes the security related aspects of such interworking between technologies. It contains use cases for secure interworking, security related issues and potential security solutions. ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)6 1 Scope The present doc

24、ument contains use cases, threats and security solutions for interworking between TETRA and 3GPP standardized mission critical broadband systems. The security solutions generated within the present document are assessed for applicability to further standardization work. The security solutions also h

25、ighlights areas which need to be solved by implementation. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or n

26、on-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their lo

27、ng term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 103 565: “TETRA and Critical Communications Evolution (TCCE); Terrestrial Trunked Radio (TETRA); Study int

28、o interworking between TETRA and 3GPP mission critical services“. i.2 3GPP TR 23.782: “Study on mission critical communication interworking between LTE and non-LTE systems“. i.3 ETSI EN 300 392-7: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security“. i.4 ETSI EN 302 109: “Ter

29、restrial Trunked Radio (TETRA); Security; Synchronization mechanism for end-to-end encryption“. i.5 3GPP TS 33.180: “Security of the mission critical service“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: air int

30、erface encryption: encryption which protects a radio link only end-to-end encryption: encryption within or at the source end system, with the corresponding decryption occurring only within or at the destination end system ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)7 3.2 Abbreviations For the purposes of

31、 the present document, the following abbreviations apply: 3GPP 3rdGeneration Partnership Project AES Advanced Encryption Standard AI Air Interface AIE Air Interface Encryption BS Base Station COTS Commercial Off The Shelf DoS Denial of Service E2EE End to End Encryption eNodeB enhanced Node B GCM Ga

32、lois Counter Mode GSSI Group Short Subscriber Identity HTTPS Secure Hyper Text Transfer Protocol ID IDentity ISSI Individual Short Subscriber Identity IWF InterWorking Function LMR Land Mobile Radio LTE Long Term Evolution MC Mission Critical MCData Mission Critical Data MCPTT Mission Critical Push

33、To Talk MS Mobile Station OTAK Over The Air Key management OTAR Over The Air Rekeying PIN Personal Identification Number PLMN Public Land Mobile Network SFPG Security and Fraud Prevention Group SIP Session Initiation Protocol SRTCP Secure Real Time Protocol SRTP Secure Real-time Transport Protocol S

34、wMI Switching and Management Infrastructure TCCA The Critical Communications Association TETRA TErrestrial Trunked RAdio TLV Type Length Value TR Technical Report URI Uniform Resource Identifier XMLenc eXtensible Markup Language encryption 4 Interworking overview 4.1 Interworking realization The int

35、erworking function is realized according to ETSI TR 103 565 i.1 as an adaptation between a TETRA SwMI and the 3GPP MC system LMR interworking interface, to be specified within 3GPP Release 15, and has been studied in 3GPP TR 23.782 i.2. This is shown in figure 4.1-1. Figure 4.1-1: Concept of the int

36、erworking function ETSI ETSI TR 103 565-2 V1.1.1 (2018-05)8 The interworking function provides a single logical interface between each pair of one MC service and one TETRA SwMI. Any realization of multiple interfaces between a pair of systems e.g. for resilience is outside the scope of the present d

37、ocument. Note that the interworking function in ETSI TR 103 565 i.1 specifies behaviour, and is not necessarily intended to be a specification for a physical interface device. Thus either or both of the interfaces to an interworking function may not be exposed and may be internal to the implementati

38、on of a solution. This should be taken into account when assessing the security issues. 4.2 Use cases The use cases for interworking between TETRA and 3GPP MCPTT and associated MCData services are as follow: Short term usage, where a user community is in transition from use of TETRA to use of MCPTT

39、and MCData, and requires communications between users during this activity. Short term may still require interworking for several years, especially where nationwide systems are deployed. Long term, where users use both TETRA and LTE for communications for the foreseeable future, without time limit.

40、Use of one or the other technology may be dependent on user role, on user location or communications type (e.g. use of TETRA for voice, LTE for high speed data aspects). There may be no difference in the solutions for security between a short term and a long term use of interworking; however a user

41、organization may be prepared to accept some increased level of risk for a shorter term and take an increased level of risk into account as part of a cost-benefit decision when deciding which measures to implement. Either use case may require security to be maintained fully end to end. 4.3 Security a

42、spects of interworking Each system will be responsible for managing its own security aspects, such as authorization, authentication of user or device and protection of signalling and traffic information. End to end encrypted material should be able to pass between users on both systems. There are tw

43、o goals associated with security: The solution should not affect security for any users of either system that are not involved in interworking with the other system. The solution should maintain as high a level of security as possible for users that are involved in interworking communications with u

44、sers in the other system. 5 Threats 5.1 General This clause details some of the threats to interworking between TETRA and MC systems. 5.2 Masquerade and impersonation The following threats are possible relating to masquerade and impersonation: Systems: one system may be impersonated at the interwork

45、ing function to the other system. Interworking function: a fake interworking function impersonates an interworking function and associated system. Clients: a client on one system may enable impersonation of another client of the same system to gain access to inter-system communications. ETSI ETSI TR

46、 103 565-2 V1.1.1 (2018-05)9 Users: a user on one system may impersonate another of the same system to gain access to inter-system communications. 5.3 Eavesdropping Eavesdropping could apply to speech or data traffic, as well as to control functions. Eavesdropping may take place on an exposed interf

47、ace in one system between clients and servers (or between clients and peripheral devices) which compromises communications on the other system during interworking communications, this could include an air interface. Eavesdropping may take place on external links to the interworking function, or in a

48、 device introduced into a link as a man in the middle device with the intention of eavesdropping on that link. Eavesdropping may take place on links to the interworking function that are internal to one system. Eavesdropping may take place within the interworking function, for example if the interwo

49、rking function needs to decrypt information received from one system prior to re-encrypting it for transmission into the other system. NOTE: The interworking function may be internal to one system, or even to both systems if a single physical infrastructure provides both TETRA and MC services. Ambience listening invoked across the interworking function (if supported) provides an additional possibility for eavesdropping on a user, without the user being aware. 5.4 Traffic analysis Access to one system discovers information concerning traff

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1