ETSI TS 133 110-2017 Universal Mobile Telecommunications System (UMTS) LTE Key establishment between a Universal Integrated Circuit Card (UICC) and a terminal (V14 0 0 3GPP TS 33 1.pdf

1、 ETSI TS 133 110 V14.0.0 (2017-04) Universal Mobile Telecommunications System (UMTS); LTE; Key establishment between a Universal Integrated Circuit Card (UICC) and a terminal (3GPP TS 33.110 version 14.0.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 133 110 V14.0.0 (2017-04)13GPP TS 33.110 vers

2、ion 14.0.0 Release 14Reference RTS/TSGS-0333110ve00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse

3、(06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified withou

4、t the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the

5、 present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your com

6、ment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.

7、The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are

8、 Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo are Trade Marks registered and owned

9、by the GSM Association. ETSI ETSI TS 133 110 V14.0.0 (2017-04)23GPP TS 33.110 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly

10、available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web

11、server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may b

12、ecome, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should

13、 be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“,

14、 “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 110 V14.0.

15、0 (2017-04)33GPP TS 33.110 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 5g3Introduction 5g31 Scope 6g32 References 6g33 Definitions, symbols and abbreviations . 7g33.1 Definitions 7g33.2 Symbols 7g33.3 Abbreviations . 8g34 Key

16、Establishment between a UICC and a terminal 8g34.1 Reference model . 8g34.2 Network elements . 9g34.2.1 NAF Key Center . 9g34.3 Key establishment architecture and reference points . 9g34.3.1 Reference points . 9g34.3.2 Reference point Ub . 9g34.3.3 Reference point Ua . 9g34.4 General requirements an

17、d principles for key establishment between a UICC and a Terminal 10g34.4.1 General requirements 10g34.4.2 Requirements on the terminal . 10g34.4.3 Requirements on the UICC hosting device . 10g34.4.4 Requirements on the UICC . 10g34.4.5 Requirements on the NAF Key Center . 11g34.4.6 Requirements on K

18、s_local key and associated parameters handling 11g34.5 Procedures 11g34.5.1 Initiation of key establishment between a UICC and a Terminal . 11g34.5.2 Key establishment procedure 12g3Annex A (normative): Key Derivation Function definition 15g3A.1 Ks_local key derivation in key establishment 15g3A.2 I

19、nput parameters for Ks_local key derivation 15g3Annex B (normative): Key establishment UICC-Terminal interface . 16g3B.1 Local Key Establishment: Key Derivation procedure 16g3B.2 Local Key Establishment: Key Availability Check procedure . 17g3Annex C (normative): HTTP based key request procedure . 1

20、8g3C.1 Introduction 18g3C.2 Key request procedure 18g3C.2.1 Key request . 18g3C.2.2 Error situations . 18g3Annex D (informative): Signalling flows for key request procedure . 20g3D.1 Introduction 20g3D.2 Signalling flow demonstrating a successful key request procedure . 20g3Annex E (normative): XML

21、schema for Key Request and Key Response . 23g3ETSI ETSI TS 133 110 V14.0.0 (2017-04)43GPP TS 33.110 version 14.0.0 Release 14E.1 Introduction 23g3E.2 Key Request Format . 23g3E.2.1 Data Format 23g3E.2.2 Example 23g3E.3 Key Response Format 24g3E.3.1 Data Format 24g3E.3.2 Example 24g3Annex F (normativ

22、e): TLS profiles 25g3F.1 TLS profile for certificate based mutual authentication between Terminal and NAF Key Center 25g3F.1.1 Introduction 25g3F.1.2 Protection mechanisms . 25g3F.2 TLS profile for Shared key-based mutual authentication between Terminal and NAF Key Center 25g3F.2.1 Introduction. 25g

23、3F.2.2 Protection mechanisms . 25g3Annex G (informative): Change history . 26g3History 27g3ETSI ETSI TS 133 110 V14.0.0 (2017-04)53GPP TS 33.110 version 14.0.0 Release 14Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the prese

24、nt document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z

25、 where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit

26、 is incremented when editorial only changes have been incorporated in the document. Introduction The smart card, tamper resistant device, has a primary role of storing credentials and performing sensitive cryptographic computations, it also provides portability of the user credentials. The smart car

27、d is rarely a stand-alone device; it usually interacts with a terminal. Sensitive applications are often split between a smart card and a terminal with sensitive data exchanged between the two. Therefore, the need to establish a secure channel between a UICC and a terminal that may host the UICC or

28、be connected to the device hosting the UICC via a local interface has been identified by different standardization groups in order to protect the communication between the UICC and the terminal. This document describes key establishment between a UICC and a terminal. ETSI ETSI TS 133 110 V14.0.0 (20

29、17-04)63GPP TS 33.110 version 14.0.0 Release 141 Scope The present document describes the security features and mechanisms to provision a shared key between a UICC and a terminal that may host the UICC or be connected to the device hosting the UICC via a local interface. Candidate applications to us

30、e this key establishment mechanism include but are not restricted to secure channel between a UICC and a terminal ETSI TS 102 484 8. The scope of this specification includes an architecture overview and the detailed procedure how to establish the shared key between the UICC and the terminal. 2 Refer

31、ences The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisi

32、ons do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TR 21.905: “Voca

33、bulary for 3GPP Specifications“. 2 3GPP TS 31.101: “UICC-terminal interface; Physical and logical characteristics“. 3 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 4 3GPP TS 22.259: “Service requirements for Personal Network Management (PNM); Stage

34、1“. 5 Void. 6 Void. 7 3GPP TS 33.222: “Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)“. 8 ETSI TS 102 484: “Smart Cards; Secure Channel between a UICC and an end-point Terminal“. 9 3GPP TS 24.

35、008: “Mobile radio interface Layer 3 specification; Core network protocols; Stage 3“. 10 NIST, FIPS PUB 180-2: “Secure Hash Standard (SHS)“. 11 IETF RFC 4634 (2006): US Secure Hash Algorithms (SHA and HMAC-SHA). 12 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Message Authentication“. 13 3GPP TR 33

36、.905: “Recommendations for Trusted Open Platforms“. 14 TCG Mobile Phone Specifications, https:/www.trustedcomputinggroup.org/specs/mobilephone. 15 TCG Trusted Network Connect (TNC) Specifications, https:/www.trustedcomputinggroup.org/specs/TNC. 16 3GPP TS 29.109: “Generic Authentication Architecture

37、 (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3“. 17 IETF RFC 2616 (1999): “Hypertext Transfer Protocol - HTTP/1.1“. 18 Void. ETSI ETSI TS 133 110 V14.0.0 (2017-04)73GPP TS 33.110 version 14.0.0 Release 1419 Void. 20 3GPP TS 33.310: “Network Domain Security (NDS); Authentication

38、 Framework (AF)“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TR 21.905 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.

39、905 1. NAF Key Center: Dedicated NAF in charge of performing the key establishment between a UICC and a Terminal. UICC Hosting Device: The entity, which is physically connected to the UICC. The UICC Hosting Device may be the MT or the ME. Terminal: For the purposes of the present document, the term

40、Terminal denotes a trusted device that can establish a shared key with a UICC. The Terminal is a generic term aiming to address either the scenario where it is part of the UICC Hosting Device or the scenario where it is a physically separated component (e.g. PNE as defined in TS 22.259 4). Remote Te

41、rminal: A Terminal that is physically separated from the UICC Hosting Device. NOTE: The definition of trusted devices is out of the scope of the specification. It is assumed that the home network can decide whether a terminal is trusted or not. ICCID: ICCID is the identifier of the smart card. ICCID

42、 is defined in ITU standard and is encoded as a 10 octet string. Terminal_appli_ID: It identifies an application in a Terminal. Terminal_appli_ID is an octet string of maximum 32 octets. If an application has an identifier of longer than 32 octets, this should be hashed using SHA 256 10 into a strin

43、g of length 32 octets which will be used as Terminal_appli_ID. Terminal_ID: It identifies uniquely the Terminal and is 10 octets. The Terminal_ID of a ME is the IMEI and shall be encoded using BCD coding as defined in clause 10.5.1.4 of TS 24.008 9. NOTE: In case that the Terminal is not a ME the de

44、finition of the type of Terminal_IDs is out of the scope of the specification. UICC_appli_ID: It uniquely identifies an application in the UICC. The UICC_appli_ID is an octet string of maximum 16 octets. 3.2 Symbols For the purposes of the present document, the following symbols apply: | Concatenati

45、on ETSI ETSI TS 133 110 V14.0.0 (2017-04)83GPP TS 33.110 version 14.0.0 Release 143.3 Abbreviations For the purposes of the present document, the abbreviations given in TR 21.905 1 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the sa

46、me abbreviation, if any, in TR 21.905 1. B-TID Bootstrapping Transaction Identifier BSF Bootstrapping Server Function GBA Generic Bootstrapping Architecture GBA_ME ME-based GBA GBA_U GBA with UICC-based enhancements ICCID Integrated Circuit Card Identification KDF Key Derivation Function Ks_ext_NAF

47、Derived key in GBA_U Ks_int_NAF Derived key in GBA_U, which remains on UICC Ks_local Derived key, which is shared between a Terminal and a UICC NAF Network Application Function MAC Message Authentication CodePNE Personal Network Element SLF Subscriber Locator Function USS User Security Setting 4 Key

48、 Establishment between a UICC and a terminal 4.1 Reference model GBA_U (TS 33.220 3) is used to provision a shared key between a UICC and a Terminal (i.e. Ks_local). The GBA_U key Ks_int_NAF is used by the UICC and the NAF to derive Ks_local. The NAF securely delivers Ks_local to the Terminal throug

49、h a TLS tunnel, which is established between the NAF and the Terminal. Figure 4.1 and figure 4.2 show a network model of the entities that utilize the bootstrapped secrets, and the reference points used between them. In figure 4.1 the Terminal is part of the UICC Hosting Device whereas in figure 4.2 the Terminal is connected to the UICC Hosting Device via a local interface. HSSBSFUa Zh ZnSLFDzUICC UICC Hosting Device Ub NAF Figure 4.1: High level reference mode (the Terminal is part of the UICC Hosting Device