ETSI TS 133 180-2017 LTE Security of the mission critical service (V14 1 0 3GPP TS 33 180 version 14 1 0 Release 14).pdf

1、 ETSI TS 133 180 V14.0.0 (2017-07) LTE; Security of the mission critical service (3GPP TS 33.180 version 14.0.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 133 180 V14.0.0 (2017-07)13GPP TS 33.180 version 14.0.0 Release 14Reference DTS/TSGS-0333180ve00 Keywords LTE,SECURITY ETSI 650 Route des L

2、ucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/sta

3、ndards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in conte

4、nts between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status.

5、 Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copy

6、right Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The

7、 copyright and the foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members

8、 and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 133 180 V14.0.0 (2017-07)23GPP TS 33.180 version 14.0.0 Release 14Intellectual Property Rights IPRs essenti

9、al or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially

10、 Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guara

11、ntee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Projec

12、t (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can

13、be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms fo

14、r the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 180 V14.0.0 (2017-07)33GPP TS 33.180 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword .

15、 8g31 Scope 9g32 References 9g33 Definitions and abbreviations . 11g33.1 Definitions 11g33.2 Abbreviations . 11g34 Overview of Mission Critical Security . 12g34.1 General . 12g34.2 Signalling plane security architecture. 12g34.3 MC system security architecture 13g34.3.1 General 13g34.3.2 User authen

16、tication and authorisation . 13g34.3.3 Identity keying of users and services 14g34.3.4 Protection of application plane signalling . 15g34.3.5 Media security 16g34.3.5.1 General 16g34.3.5.2 Media security for group communications. . 16g34.3.5.3 Media security for private calls . 18g35 Common mission

17、critical security framework . 19g35.1 User authentication and authorization 19g35.1.1 General 19g35.1.2 User authentication . 20g35.1.2.1 Identity management functional model . 20g35.1.2.2 User authentication framework . 21g35.1.2.3 OpenID Connect (OIDC) 22g35.1.2.3.1 General 22g35.1.2.3.2 User auth

18、entication example using username/password 23g35.1.3 MCX user service authorisation 23g35.1.3.1 General 23g35.1.3.2 MCX user service authorization with MCX Server 26g35.1.3.2.1 General 26g35.1.3.2.2 Using SIP REGISTER . 26g35.1.3.2.3 Using SIP PUBLISH . 27g35.1.4 Inter-domain MCX user service author

19、ization 27g35.1.4.1 General 27g35.1.4.2 Inter-domain identity management functional model . 27g35.2 Key management common elements 29g35.2.1 Overview of key management 29g35.2.2 Common key distribution . 30g35.2.3 Key distribution with end-point diversity . 31g35.2.4 Key distribution with associated

20、 parameters 34g35.2.5 Key distribution with SAKKE-to-self payload . 35g35.2.6 Key distribution with identity hiding 36g35.2.7 Key distribution across multiple security domains . 37g35.2.7.1 General 37g35.2.7.2 Identification of External Security Domains . 37g35.2.7.3 Using multiple security domains

21、. 38g35.3 User key management (KMS) 38g35.3.1 General 38g35.3.2 Functional model for key management . 38g3ETSI ETSI TS 133 180 V14.0.0 (2017-07)43GPP TS 33.180 version 14.0.0 Release 145.3.3 Security procedures for key management . 39g35.3.4 Provisioned key material to support end-to-end communicati

22、on security 41g35.3.5 KMS Certificate 41g35.3.6 KMS provisioned Key Set 41g35.4 Key management from MC client to MC server (CSK upload) . 42g35.5 Key management between MCX servers (SPK) 42g35.6 Key management for one-to-one (private) communications (PCK) . 42g35.7 Key management for group communica

23、tions (GMK) 43g35.7.1 General 43g35.7.2 Security procedures for GMK provisioning 43g35.8 Key management from MC server to MC client (Key download) . 44g35.8.1 General 44g35.8.2 Key download procedure 44g35.9 Key management during MBMS bearer announcement . 45g36 Supporting security mechanisms 45g36.

24、1 HTTP 45g36.1.1 Authentication for HTTP-1 interface 45g36.1.2 HTTP-1 interface security 45g36.2 SIP 46g36.2.1 Authentication for SIP core access . 46g36.2.2 SIP-1 interface security . 46g36.3 Network domain security . 46g36.3.1 LTE access authentication and security 46g36.3.2 Inter/Intra domain int

25、erface security . 46g37 MCPTT and MCVideo . 46g37.1 General . 46g37.2 Private communications . 47g37.2.1 Key management 47g37.2.2 Security procedures (on-network) . 47g37.2.3 Security procedures (off-network) 48g37.2.4 First-to-answer security and key management 49g37.2.4.1 Overview . 49g37.2.4.2 Fi

26、rst-to-answer request and response 50g37.2.4.3 First-to-answer call setup with security. 50g37.2.4.4 First-to-answer media protection 52g37.3 Group communications 52g37.3.1 General 52g37.3.2 Group creation security procedure 52g37.3.3 Dynamic group keying 52g37.3.3.1 General 52g37.3.3.2 Group regrou

27、ping security procedure (within a single MC domain) 53g37.3.3.3 Group regrouping security procedure (involving multiple MC domains) . 53g37.3.4 Offline media Protection (GMK) 54g37.4 Key derivation for media 54g37.4.1 Derivation of SRTP master keys for private call 54g37.4.2 Derivation of SRTP maste

28、r keys for group media 55g37.5 Media protection profile . 55g37.5.1 General 55g37.5.2 Security procedures for media stream protection 56g38 MCData 57g38.1 Overview 57g38.2 Key Management . 58g38.3 One-to-one communications 58g38.4 Group communications 59g38.5 MCData payload protection . 59g38.5.1 Ge

29、neral 59g38.5.2 Prequisites . 59g38.5.2.1 Prequisites for protected payloads . 59g38.5.2.2 Prequisites for authenticated payloads 59g38.5.3 Key derivation for protected payloads 60g3ETSI ETSI TS 133 180 V14.0.0 (2017-07)53GPP TS 33.180 version 14.0.0 Release 148.5.4 Payload protection 60g38.5.4.1 Fo

30、rmat of protected payloads 60g38.5.4.2 Encryption of protected payloads 60g38.5.5 Payload authentication 61g39 Signalling Protection 61g39.1 General . 61g39.2 Key distribution for signalling protection 62g39.2.1 Client-Server Key (CSK) 62g39.2.1.1 General 62g39.2.1.2 Creation of the CSK 62g39.2.1.3

31、Initial CSK Upload Procedure . 62g39.2.1.4 CSK update via key download. 63g39.2.2 Multicast Signalling Key (MuSiK) . 63g39.2.3 Signalling Protection Key (SPK) 64g39.3 Application signalling security (XML protection) . 65g39.3.1 General 65g39.3.2 Protected content 65g39.3.3 Key agreement 66g39.3.4 Co

32、nfidentiality protection using XML encryption (xmlenc) 66g39.3.4.1 General 66g39.3.4.2 XML content encryption . 66g39.3.4.3 XML URI attribute encryption 67g39.3.5 Integrity protection using XML signature (xmlsig) 68g39.4 RTCP signalling protection (SRTCP) 69g39.4.1 General 69g39.4.2 Unicast RTCP pro

33、tection between client and server . 69g39.4.3 Multicast RTCP protection between client and server 70g39.4.4 Offline floor protection . 70g39.4.5 RTCP protection between servers . 70g39.4.6 Key derivation for SRTCP 70g39.4.7 Security procedures for transmission of RTCP content 71g39.4.8 RTCP protecti

34、on profile 71g39.5 MCData signalling protection 72g39.5.1 Key distribution for signalling protection . 72g39.5.2 Protection of MCData application signalling payloads (XML) 72g39.5.3 Protection of MCData signalling payloads . 73g3Annex A (normative): Security requirements . 74g3A.1 Introduction 74g3A

35、.2 Configuration 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes ha

36、ve been incorporated in the document. ETSI ETSI TS 133 180 V14.0.0 (2017-07)93GPP TS 33.180 version 14.0.0 Release 141 Scope The present document specifies the security architecture, procedures and information flows needed to protect the mission critical service (MCX). The architecture includes mech

37、anisms to protect the Common Functional Architecture and security mechanisms for mission critical applications. This includes Push-To-Talk (MCPTT), Video (MCVideo) and Data (MCData). Additionally, security mechanisms relating to on-network use, off-network use, roaming, migration, interconnection, i

38、nterworking and multiple security domains are described. This specification complements the Common Functional Architecture defined in TS 23.280 36, the functional architecture for MCPTT defined in 3GPP TS 23.379 2, the functional architecture for MCVideo defined in 3GPP TS 23.281 37 and the function

39、al architecture for MCData defined in 3GPP TS 23.282 38. The MC service can be used for public safety applications and also for general commercial applications e.g. utility companies and railways. As the security model is based on the public safety environment, some security features may not be appl

40、icable to MCPTT for commercial purposes. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. - References are either specific (identified by date of publication, edition number, version number, etc.) or non-spe

41、cific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Re

42、lease as the present document. 1 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 2 3GPP TS 23.379: “Functional architecture and information flows to support Mission Critical Push To Talk (MCPTT); Stage 2“. 3 3GPP TS 22.179: “Mission Critical Push To Talk (MCPTT) over LTE; Stage 1“. 4 3GPP TS 3

43、3.210: 3G security; Network Domain Security (NDS); IP network layer security. 5 3GPP TS 33.310: “Network Domain Security (NDS); Authentication Framework (AF)“. 6 3GPP TS 33.203: “3G security; Access security for IP-based services“. 7 3GPP TS 33.179: “Security of Mission Critical Push To Talk (MCPTT)

44、 over LTE“. 8 3GPP TS 33.328: IP Multimedia Subsystem (IMS) media plane security. 9 IETF RFC 6507: Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI). 10 IETF RFC 6508: Sakai-Kasahara Key Encryption (SAKKE). 11 IETF RFC 6509: MIKEY-SAKKE: Sakai-Kasahara Key Encrypt

45、ion in Multimedia Internet KEYing (MIKEY). 12 IETF RFC 3550: RTP: A Transport Protocol for Real-Time Applications. 13 IETF RFC 3711: “The Secure Real-time Transport Protocol (SRTP)“. 14 3GPP TS 33.401: “3GPP System Architecture Evolution (SAE); Security architecture“. 15 3GPP TS 23.228: “IP Multimed

46、ia Subsystem (IMS); Stage 2“. ETSI ETSI TS 133 180 V14.0.0 (2017-07)103GPP TS 33.180 version 14.0.0 Release 1416 3GPP TS 33.222: “Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)“. 17 3GPP TS 33

47、.220: “Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)“. 18 NIST FIPS 180-4: “Secure Hash Standard (SHS)“. 19 IETF RFC 6749: “The OAuth 2.0 Authorization Framework“. 20 IETF RFC 6750: “The OAuth 2.0 Authorization Framework: Bearer Token Usage“. 21 OpenID Connect 1

48、.0: “OpenID Connect Core 1.0 incorporating errata set 1“, http:/ 22 IETF RFC 3830: “MIKEY: Multimedia Internet KEYing“. 23 IETF RFC 3602: “The AES-CBC Cipher Algorithm and Its Use with IPsec“. 24 IETF RFC 4771: “Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protoc

49、ol (SRTP)“. 25 IETF RFC 6043: “MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY)“. 26 IETF RFC 7714: AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP). 27 W3C: “XML Encryption Syntax and Processing Version 1.1“, https:/www.w3.org/TR/xmlenc-core1/. 28 W3C: “XML Signature Syntax and Processing (Second Edition)“, http:/www.w3.org/TR/xmldsig-core/. 29 IETF RFC