ETSI TS 100 392-7-2006 Terrestrial Trunked Radio (TETRA) Voice Plus Data (V+D) Part 7 Security《陆地集群无线电(TETRA) 语音加数据(V+D) 第7部分 安全性(版本2 4 1)》.pdf

1、 ETSI TS 100 392-7 V2.4.1 (2006-10)Technical Specification Terrestrial Trunked Radio (TETRA);Voice plus Data (V+D);Part 7: SecurityETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 2 Reference RTS/TETRA-06177 Keywords security, TETRA, V+D ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel

2、.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made

3、available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept

4、on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you fi

5、nd errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproductio

6、n in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members.

7、3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 3 Contents Intellectual Property Rights9 Foreword.9 Introduction 9 1 Scope 10 1.1 Security classes 10 1.2 Document layout 11 2 References 11 3 Def

8、initions and abbreviations.12 3.1 Definitions12 3.2 Abbreviations .14 4 Air Interface authentication and key management mechanisms 15 4.1 Air interface authentication mechanisms .15 4.1.1 Overview 15 4.1.2 Authentication of an MS.16 4.1.3 Authentication of the infrastructure 17 4.1.4 Mutual authenti

9、cation of MS and infrastructure .17 4.1.5 The authentication key19 4.1.6 Equipment authentication .19 4.2 Air Interface key management mechanisms.20 4.2.1 The DCK.20 4.2.2 The GCK.21 4.2.3 The CCK.22 4.2.4 The SCK .23 4.2.4.1 SCK association for DMO use24 4.2.4.1.1 DMO SCK subset grouping.24 4.2.5 T

10、he GSKO 26 4.2.5.1 SCK distribution to groups with OTAR27 4.2.5.2 GCK distribution to groups with OTAR .27 4.2.5.3 Rules for MS response to group key distribution27 4.2.6 Encrypted Short Identity (ESI) mechanism 28 4.2.7 Encryption Cipher Key .28 4.2.8 Summary of AI key management mechanisms.29 4.3

11、Service description and primitives .30 4.3.1 Authentication primitives .30 4.3.2 SCK transfer primitives 31 4.3.3 GCK transfer primitives32 4.3.4 GSKO transfer primitives .33 4.4 Authentication protocol33 4.4.1 Authentication state transitions.33 4.4.2 Authentication protocol sequences and operation

12、s .36 4.4.2.1 MSCs for authentication .37 4.4.2.2 MSCs for authentication Type-3 element .43 4.4.2.3 Control of authentication timer T354 at MS .46 4.5 OTAR protocols .47 4.5.1 CCK delivery - protocol functions47 4.5.1.1 SwMI-initiated CCK provision .47 4.5.1.2 MS-initiated CCK provision with U-OTAR

13、 CCK demand.48 4.5.1.3 MS-initiated CCK provision with announced cell reselection 49 4.5.2 OTAR protocol functions - SCK 50 4.5.2.1 MS requests provision of SCK(s)51 4.5.2.2 SwMI provides SCK(s) to individual MS .52 4.5.2.3 SwMI provides SCK(s) to group of MSs 54 4.5.2.4 SwMI rejects provision of SC

14、K 56 ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 4 4.5.3 OTAR protocol functions - GCK56 4.5.3.1 MS requests provision of GCK .56 4.5.3.2 SwMI provides GCK to an individual MS59 4.5.3.3 SwMI provides GCK to a group of MSs.61 4.5.3.4 SwMI rejects provision of GCK62 4.5.4 Cipher key association to group a

15、ddress.63 4.5.4.1 SCK association for DMO 64 4.5.4.2 GCK association .67 4.5.5 Notification of key change over the air.69 4.5.5.1 Change of DCK.71 4.5.5.2 Change of CCK.71 4.5.5.3 Change of GCK.71 4.5.5.4 Change of SCK for TMO71 4.5.5.5 Change of SCK for DMO .72 4.5.5.6 Synchronization of Cipher Key

16、 Change72 4.5.6 Security class change 72 4.5.6.1 Change of security class to security class 1 73 4.5.6.2 Change of security class to security class 2 73 4.5.6.3 Change of security class to security class 3 73 4.5.6.4 Change of security class to security class 3 with GCK .74 4.5.7 Notification of key

17、 in use74 4.5.8 Notification of GCK Activation/Deactivation 74 4.5.9 Deletion of SCK, GCK and GSKO.74 4.5.10 Air Interface Key Status Enquiry76 4.5.11 Crypto management group78 4.5.12 OTAR retry mechanism79 5 Enable and disable mechanism.79 5.1 General relationships79 5.2 Enable/disable state transi

18、tions.80 5.3 Mechanisms81 5.3.1 Disable of MS equipment .82 5.3.2 Disable of an subscription.82 5.3.3 Disable of subscription and equipment.82 5.3.4 Enable an MS equipment82 5.3.5 Enable an MS subscription .82 5.3.6 Enable an MS equipment and subscription.82 5.4 Enable/disable protocol 83 5.4.1 Gene

19、ral case83 5.4.2 Status of cipher key material.84 5.4.2.1 Permanently disabled state84 5.4.2.2 Temporarily disabled state 84 5.4.3 Specific protocol exchanges .84 5.4.3.1 Disabling an MS with mutual authentication 84 5.4.3.2 Enabling an MS with mutual authentication .85 5.4.3.3 Enabling an MS with n

20、on-mutual authentication86 5.4.3.4 Disabling an MS with non-mutual authentication.88 5.4.4 Enabling an MS without authentication89 5.4.5 Disabling an MS without authentication.90 5.4.6 Rejection of enable or disable command 90 5.4.7 MM service primitives91 5.4.7.1 TNMM-DISABLING primitive91 5.4.7.2

21、TNMM-ENABLING primitive.92 6 Air Interface (AI) encryption .92 6.1 General principles.92 6.2 Security class93 6.2.0 Notification of security class 94 6.2.0.1 Security Class of Neighbouring Cells .94 6.2.0.2 Identification of MS security capabilities .95 6.2.1 Constraints on LA arising from cell clas

22、s.95 6.3 Key Stream Generator (KSG) 95 ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 5 6.3.1 KSG numbering and selection 95 6.3.2 Interface parameters96 6.3.2.1 Initial Value (IV).96 6.3.2.2 Cipher Key 96 6.4 Encryption mechanism.97 6.4.1 Allocation of KSS to logical channels 97 6.4.2 Allocation of KSS to

23、 logical channels with PDU association 98 6.4.3 Synchronization of data calls where data is multi-slot interleaved.99 6.4.4 Recovery of stolen frames from interleaved data .100 6.5 Use of cipher keys 100 6.5.1 Identification of encryption state of downlink MAC PDUs .101 6.5.1.1 Class 1 cells.101 6.5

24、.1.2 Class 2 cells.102 6.5.1.3 Class 3 cells.102 6.5.2 Identification of encryption state of uplink MAC PDUs 102 6.6 Mobility procedures .103 6.6.1 General requirements103 6.6.1.1 Additional requirements for class 3 systems.103 6.6.2 Protocol description103 6.6.2.1 Negotiation of cipher parameters 1

25、03 6.6.2.1.1 Class 1 cells .104 6.6.2.1.2 Class 2 cells .104 6.6.2.1.3 Class 3 cells .104 6.6.2.2 Initial and undeclared cell re-selection104 6.6.2.3 Unannounced cell re-selection 105 6.6.2.4 Announced cell re-selection type-3.106 6.6.2.5 Announced cell re-selection type-2.106 6.6.2.6 Announced cell

26、 re-selection type-1.106 6.6.2.7 Key forwarding .106 6.7 Encryption control108 6.7.1 Data to be encrypted .108 6.7.1.1 Downlink control channel requirements .108 6.7.1.2 Encryption of MAC header elements108 6.7.1.3 Traffic channel encryption control108 6.7.1.4 Handling of PDUs that do not conform to

27、 negotiated ciphering mode .109 6.7.2 Service description and primitives109 6.7.2.1 Mobility Management (MM) 110 6.7.2.2 Mobile Link Entity (MLE)110 6.7.2.3 Layer 2 112 6.7.3 Protocol functions.112 6.7.3.1 MM .112 6.7.3.2 MLE 112 6.7.3.3 LLC .112 6.7.3.4 MAC .113 6.7.4 PDUs for cipher negotiation .1

28、13 Annex A (normative): PDU and element definitions.114 A.1 Authentication PDUs114 A.1.1 D- AUTHENTICATION demand114 A.1.2 D-AUTHENTICATION reject.114 A.1.3 D-AUTHENTICATION response115 A.1.4 D-AUTHENTICATION result.115 A.1.5 U-AUTHENTICATION demand.115 A.1.6 U-AUTHENTICATION reject.116 A.1.7 U-AUTH

29、ENTICATION response116 A.1.8 U-AUTHENTICATION result.117 A.2 OTAR PDUs 117 A.2.1 D-OTAR CCK Provide 117 A.2.2 U-OTAR CCK Demand .117 A.2.3 U-OTAR CCK Result 118 A.2.4 D-OTAR GCK Provide118 ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 6 A.2.5 U-OTAR GCK Demand.119 A.2.6 U-OTAR GCK Result 120 A.2.6a D-OTAR

30、 GCK Reject 120 A.2.7 D-OTAR SCK Provide.121 A.2.8 U-OTAR SCK Demand122 A.2.9 U-OTAR SCK Result.122 A.2.9a D-OTAR SCK Reject.123 A.2.10 D-OTAR GSKO Provide123 A.2.11 U-OTAR GSKO Demand 124 A.2.12 U-OTAR GSKO Result124 A.2.12a D-OTAR GSKO Reject124 A.3 PDUs for key association to GTSI .125 A.3.1 D-OT

31、AR KEY ASSOCIATE demand .125 A.3.2 U-OTAR KEY ASSOCIATE status.126 A.4 PDUs to synchronize key or security class change 126 A.4.1 D-CK CHANGE demand.126 A.4.2 U-CK CHANGE result.127 A.4a PDUs to delete air interface keys in MS 128 A.4a.1 D-OTAR KEY DELETE demand 128 A.4a.2 U-OTAR KEY DELETE result12

32、9 A.4b PDUs to obtain Air Interface Key Status .130 A.4b.1 D-OTAR KEY STATUS demand 130 A.4b.2 U-OTAR KEY STATUS response.131 A.5 Other security domain PDUs132 A.5.1 U-TEI PROVIDE .132 A.5.2 U-OTAR PREPARE 133 A.5.3 D-OTAR NEWCELL.133 A.5.4 D-OTAR CMG GTSI PROVIDE.133 A.5.5 U-OTAR CMG GTSI RESULT.13

33、4 A.6 PDUs for Enable and Disable.134 A.6.1 D-DISABLE.134 A.6.2 D-ENABLE135 A.6.3 U-DISABLE STATUS.135 A.7 MM PDU type 3 information elements coding 136 A.7.1 Authentication downlink 136 A.7.2 Authentication uplink.136 A.8 PDU Information elements coding.137 A.8.1 Acknowledgement flag.137 A.8.2 Addr

34、ess extension.137 A.8.3 Authentication challenge137 A.8.4 Authentication reject reason.137 A.8.5 Authentication result 138 A.8.6 Authentication sub-type .138 A.8.7 CCK identifier 138 A.8.8 CCK information138 A.8.9 CCK Location area information .139 A.8.10 CCK request flag139 A.8.11 Change of securit

35、y class .139 A.8.12 Cipher parameters.139 A.8.13 CK provision flag .140 A.8.14 CK provisioning information .140 A.8.15 CK request flag.140 A.8.16 Class Change flag.141 A.8.17 DCK forwarding result.141 A.8.18 Disabling type 141 A.8.19 Enable/Disable result141 A.8.20 Encryption mode 142 ETSI ETSI TS 1

36、00 392-7 V2.4.1 (2006-10) 7 A.8.20.1 Class 1 cells 142 A.8.20.2 Class 2 cells 142 A.8.20.3 Class 3 cells 142 A.8.21 Equipment disable 142 A.8.22 Equipment enable.143 A.8.23 Equipment status 143 A.8.23a Explicit response 143 A.8.24 Frame number 143 A.8.25 Future key flag .143 A.8.26 GCK data144 A.8.2

37、7 GCK key and identifier 144 A.8.28 GCK Number (GCKN) 144 A.8.28a GCK Provision result .144 A.8.28b GCK rejected145 A.8.29 GCK select number 145 A.8.29a GCK Supported145 A.8.30 GCK Version Number (GCK-VN).145 A.8.31 Group association.146 A.8.32 GSKO Version Number (GSKO-VN)146 A.8.33 GSSI .146 A.8.3

38、4 Hyperframe number .146 A.8.35 Intent/confirm.146 A.8.36 Void147 A.8.37 Key association status 147 A.8.38 Key association type.147 A.8.39 Key change type .147 A.8.39a Key delete type.148 A.8.39b Key status type .148 A.8.40 Key type flag 148 A.8.41 KSG-number 149 A.8.42 Location area 149 A.8.43 Loca

39、tion area bit mask .149 A.8.44 Location area selector.149 A.8.45 Location area list 149 A.8.46 Location area range 150 A.8.46a Max response timer value.150 A.8.47 Mobile country code.150 A.8.48 Mobile network code150 A.8.49 Multiframe number.150 A.8.50 Mutual authentication flag150 A.8.51 Network ti

40、me150 A.8.52 Number of GCKs changed .151 A.8.52a Number of GCKs deleted .151 A.8.52b Number of GCK status .151 A.8.52c Number of GCKs provided 151 A.8.52d Number of GCKs rejected152 A.8.52e Number of GCKs requested by GCKN 152 A.8.52f Number of GCKs requested by GSSI.152 A.8.53 Number of groups.153

41、A.8.53a Number of GSKO status.153 A.8.54 Number of location areas .153 A.8.55 Number of SCKs changed153 A.8.55a Number of SCKs deleted154 A.8.56 Number of SCKs provided .154 A.8.56a Number of SCKs rejected.154 A.8.57 Number of SCKs requested155 A.8.57a Number of SCK status155 A.8.57b OTAR reject rea

42、son155 A.8.57c OTAR retry interval .156 A.8.58 OTAR sub-type 156 A.8.59 PDU type157 A.8.60 Proprietary157 ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 8 A.8.61 Provision result.157 A.8.62 Random challenge 157 A.8.63 Random seed 158 A.8.64 Random seed for OTAR.158 A.8.65 Void158 A.8.66 Response value.158

43、A.8.67 SCK data 158 A.8.68 SCK information 159 A.8.69 SCK key and identifier .159 A.8.70 SCK Number (SCKN)159 A.8.71 SCK number and result 160 A.8.72 SCK provision flag.160 A.8.72a Void160 A.8.72b SCK rejected 160 A.8.73 SCK select number.160 A.8.73a SCK subset grouping type161 A.8.73b SCK subset nu

44、mber161 A.8.74 SCK use161 A.8.75 SCK version number 162 A.8.76 Sealed Key (Sealed CCK, Sealed SCK, Sealed GCK, Sealed GSKO).162 A.8.77 Security information element .162 A.8.78 Session key.163 A.8.79 Slot Number .163 A.8.80 SSI163 A.8.81 Subscription disable .163 A.8.82 Subscription enable 163 A.8.83

45、 Subscription status163 A.8.84 TEI164 A.8.85 TEI request flag164 A.8.85a Timeshare cell and AI encryption information.164 A.8.86 Time type165 A.8.87 Type 3 element identifier .165 Annex B (normative): Boundary conditions for the cryptographic algorithms and procedures166 B.1 Dimensioning of the cryp

46、tographic parameters .171 B.2 Summary of the cryptographic processes.172 Annex C (normative): Timers174 C.1 T354, authorization protocol timer.174 C.2 T371, Delay timer for group addressed delivery of SCK and GCK.174 C.3 T372, Key forwarding timer.174 Annex D (informative): Bibliography.175 Annex E

47、(informative): Change request history176 History 177 ETSI ETSI TS 100 392-7 V2.4.1 (2006-10) 9 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availabl

48、e for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (

49、http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Terrestrial Trunked Radio (TETRA). The present document is part 7of a multi-part deliverable covering the Voice plus Data (V+D), as identified below