ETSI TR 133 920-2008 Digital cellular telecommunications system (Phase 2+) Universal Mobile Telecommunications System (UMTS) SIM card based Generic Bootstrapping Architecture (GBA)_1.pdf

1、 ETSI TR 133 920 V7.5.0 (2008-04)Technical Report Digital cellular telecommunications system (Phase 2+);Universal Mobile Telecommunications System (UMTS);SIM card based Generic Bootstrapping Architecture (GBA);Early implementation feature (3GPP TR 33.920 version 7.5.0 Release 7)GLOBAL SYSTEM FOR MOB

2、ILE COMMUNICATIONSRETSI ETSI TR 133 920 V7.5.0 (2008-04) 1 3GPP TR 33.920 version 7.5.0 Release 7 Reference RTR/TSGS-0333920v750 Keywords GSM, SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 -

3、 NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case

4、of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the prese

5、nt document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of t

6、he following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2008. A

7、ll rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 133 920 V7.5.

8、0 (2008-04) 2 3GPP TR 33.920 version 7.5.0 Release 7 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and ca

9、n be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursu

10、ant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present docu

11、ment. Foreword This Technical Report (TR) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the

12、corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. ETSI ETSI TR 133 920 V7.5.0 (2008-04) 3 3GPP TR 33.920 version 7.5.0 Release 7 Contents Intellectual Property Rights2 Foreword.2 Foreword.4 Int

13、roduction 4 1 Scope 5 2 References 5 3 Definitions, symbols and abbreviations .5 3.1 Definitions5 3.2 Abbreviations .5 4 Additions to enable 2G GBA .5 4.1 Additions to TS 33.220 5 4.2 Additions to TS 29.109 6 4.3 Additions to TS 24.109 6 Annex A: Change history 7 History 8 ETSI ETSI TR 133 920 V7.5.

14、0 (2008-04) 4 3GPP TR 33.920 version 7.5.0 Release 7 Foreword This Technical Report has been produced by the 3rd Generation Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modi

15、fy the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG

16、approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction 3GPP defined the Generic B

17、ootstrapping Architecture (GBA) in Release 6. The Release 6 GBA is based on 3G USIMs and ISIMs, i.e., 3G GBA TS 33.220 1. The security level of 3G Authentication and Key Agreement is higher than the 2G SIM authentication. On the other hand, there are more than one billion people with SIMs in their p

18、hones and it will take long time to provision UICCs capable of 3G authentication to such a large population. Meanwhile there should be a way to offer services whose authentication is based on GAA also to 2G subscribers. Mobile network operators could try first out the success of services without han

19、ding out new cards and after successful service usage migrate seamlessly to UICCs. This option leverages the mobile network operators investments into their SIM cards, while still provide easy migration. This could lower the threshold for operators to deploy more sophisticated services that usually

20、would require a UICC from the start. In this way, it might even speed up the process of handing out UICCs to the subscribers. The initial roll-out phases of services and service success testing would not need to rely on passwords. In addition, the introduction of 2G GBA-based authentication provides

21、 a security and operational enhancement for users that rely on SIM. Also, the availability of 2G GBA will allow building services where authentication is performed and managed in an analogous way as using USIM. The protocol wherein the SIM card is used, decides the strength of the security of the wh

22、ole system. Therefore, the solution described for an early implementation feature in this specifications targets to enhance GSM security to address the known GSM vulnerabilities when using 2G GBA. It should be noted that the work outlined in this feature does not require any change to the existing S

23、IM specifications, in particular GBA_U as in 3G GBA will not be included in 2G GBA. ETSI ETSI TR 133 920 V7.5.0 (2008-04) 5 3GPP TR 33.920 version 7.5.0 Release 7 1 Scope The present document describes which change requests are to be implemented in addition to the Release 6 specifications TS 33.220

24、1, TS 29.109 2, and TS 24.109 3 to enable the usage of 2G GBA. 2 References The following documents contain provisions, which, through reference in this text, constitute provisions of the present document. - References are either specific (identified by date of publication, edition number, version n

25、umber, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that

26、document in the same Release as the present document. 1 3GPP TS 33.220 Release 6: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TS 29.109 Release 6: “Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3“. 3

27、3GPP TS 24.109 Release 6: “Bootstrapping interface (Ub) and network application function interface (Ua); Protocol details“. 4 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definit

28、ions given in TR 21.905 4 and the definitions in TS 33.220 1 apply. 3.2 Abbreviations The abbreviations of TS 33.220 1 also apply to this document. 4 Additions to enable 2G GBA 4.1 Additions to TS 33.220 The following changes to TS 33.220 1 are needed to be implemented to enable 2G GBA: - CR069 (rev

29、 1) to TS 33.220 1: “Normative annex on 2G GBA“; - CR079 to TS 33.220 1: “Removal of possible interoperability problems“; - CR078 to TS 33.220 1: “IMPI obtained from IMSI in 2G GBA“; ETSI ETSI TR 133 920 V7.5.0 (2008-04) 6 3GPP TR 33.920 version 7.5.0 Release 7 - CR076 to TS 33.220 1: “Alignment of

30、2G GBA with recent CRs“; - CR087 to TS 33.220 1: “GBA keys handling and UICC presence detection“; - CR089 to TS 33.220 1: “Clarify the confusion of the use of NAF-ID and FQDN“; - CR091 to TS 33.220 1: “Use of SIM for Ua applications“; - CR0120 (rev 1) to TS 33.220 1: “Clarification on NAF_Id coding“

31、 - CR0123 to TS 33.220 1: “Details of HLR BSF reference point” - CR0124 to TS 33.220 1: “Clarifying the terms 2G and 3G for GBA“ - CR0127 (rev 4) to TS 33.220 1: “Correction of HLR BSF reference point“. - CR0131 (rev 1) to TS 33.220 1: “2G GBA Certificate Management“. - CR0133 (rev 1) to TS 33.220 1

32、: “ Usage of OMA References Update of References“. 4.2 Additions to TS 29.109 The following changes to TS 29.109 2 are needed to be implemented to enable 2G GBA: - CR0022 to TS 29.109 2: “2G GBA implementation to Zh and Zn“. 4.3 Additions to TS 24.109 The following changes to TS 24.109 3 are needed

33、to be implemented to enable 2G GBA: - CR0023 (rev1) to TS 24.109 3: “2G GBA“. - CR0036 to TS 24.109 3: “Interoperability problems for request on Ub reference point“. ETSI ETSI TR 133 920 V7.5.0 (2008-04) 7 3GPP TR 33.920 version 7.5.0 Release 7 Annex A: Change history Change history Date TSG # TSG D

34、oc. CR Rev Cat Subject/Comment Old New WI 2006-03 SP-31 SP-060063 - - - Approved at SA #31 2.0.0 7.0.0 2006-06 SP-32 SP-060386 0001 - D Reference addition 7.0.0 7.1.0 2G GBA 2007-06 SP-36 SP-070327 0002 - F NAF_ID Encoding 7.1.0 7.2.0 2G GBA 2007-09 SP-37 SP-070591 0003 - F Update with regard to app

35、roved CRs to TS 33.220 Annex I 7.2.0 7.3.0 2G GBA 2007-12 SP-38 SP-070785 0004 1 F Integration of approved CR to TS 33.220 on HLR integration 7.3.0 7.4.0 SEC7-2GGBA 2008-03 SP-39 SP-080140 0005 - F Addition of 2G GBA related CRs 7.4.0 7.5.0 SEC7-2GGBA ETSI ETSI TR 133 920 V7.5.0 (2008-04) 8 3GPP TR 33.920 version 7.5.0 Release 7 History Document history V7.1.0 June 2006 Publication V7.2.0 June 2007 Publication V7.3.0 October 2007 Publication V7.4.0 January 2008 Publication V7.5.0 April 2008 Publication