ETSI TS 133 224-2016 Universal Mobile Telecommunications System (UMTS) LTE Generic Authentication Architecture (GAA) Generic Bootstrapping Architecture (GBA) push layer (V13 1 0 3G.pdf

1、 ETSI TS 1Universal Mobile TelGeneric AutheGeneric Bootstrapp(3GPP TS 33.2TECHNICAL SPECIFICATION133 224 V13.0.0 (2016elecommunications System (LTE; hentication Architecture (GAApping Architecture (GBA) push.224 version 13.0.0 Release 1316-01) (UMTS); A); sh layer 13) ETSI ETSI TS 133 224 V13.0.0 (2

2、016-01)13GPP TS 33.224 version 13.0.0 Release 13Reference RTS/TSGS-0333224vd00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre l

3、a Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document s

4、hall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETS

5、I Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, ple

6、ase send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written per

7、mission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand

8、the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 13

9、3 224 V13.0.0 (2016-01)23GPP TS 33.224 version 13.0.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-memb

10、ers, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant

11、 to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present documen

12、t. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to

13、the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“

14、and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 224 V13.0.0 (2016-01)33GPP TS 33.224 version 13.0

15、.0 Release 13Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions, symbols and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 GPL requirements 6g34.1 Session concept 6g34.2 Requirement

16、s 7g35 GPL Processing 8g35.1 Processing model 8g35.2 Session start 9g35.3 Session termination 10g35.4 GPL security association 10g35.5 Combined delivery . 10g35.6 Message format 10g35.6.1 Data unit transfer format . 10g35.7 Inbound processing. 12g35.8 Outbound processing 13g35.9 Initialization of GP

17、L-SA 13g35.9.1 General 13g35.9.2 Initialization of downlink GPL-SA from a NAF SA 13g35.9.3 Initialization of uplink GPL-SA from a NAF SA . 14g35.10 Cipher suites . 14g3Annex A (informative): Use cases . 16g3A.0 General . 16g3A.1 Generic Push Layer - use case for terminals without a return channel 16

18、g3A.2 Specific use cases . 17g3A.2.1 Network initiated NAF-key refesh and distribution of keys . 17g3A.2.2 Distribution of tokens . 17g3A.2.3 MBMS GBA_U use case . 18g3A.2.4 OMA related use cases . 18g3A.2.5 Network initiated services 18g3A.2.6 BSF and HSS load balancing for broadcast 19g3A.2.7 Down

19、load of vouchers / tickets 19g3A.2.8 Distribution of news / information / commands . 19g3A.2.9 Set-top box use-case . 20g3A.2.10 Summary 20g3Annex B (informative): Change history . 21g3History 22 ETSI ETSI TS 133 224 V13.0.0 (2016-01)43GPP TS 33.224 version 13.0.0 Release 13Foreword This Technical S

20、pecification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the T

21、SG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremente

22、d for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction 3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardi

23、zation bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF). This specification introduces a generic push layer that makes use of the GBA Push Function as specified in TS 33.223 2. E

24、TSI ETSI TS 133 224 V13.0.0 (2016-01)53GPP TS 33.224 version 13.0.0 Release 131 Scope The present document specifies a generic push layer that makes use of the GBA Push Function as specified in TS 33.223 3. The GPL specification includes a message format, cipher suites and processing model. GPL assu

25、mes that keys and other SA parameters have been preinstalled in the Push-NAF and UE in the form of a NAF SA. GPL is a protection protocol that can be applied in a unidirectional fashion. The rationale for GPL is that having each application specify its own security mechanisms would for obvious reaso

26、ns lead to duplication of work, specifications and implementations. Using a generic secure push layer avoids these problems. A generic secure push layer may also relieve the applications using the service of having to be aware of inner working of the security layer. As an analogy, TS 33.222 4 can be

27、 mentioned, which provides a generic security layer for HTTP based applications. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition nu

28、mber, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest versi

29、on of that document in the same Release as the present document. 1 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 3GPP TS 33.223: “Generic Authentication Architecture (GAA); Generic bootstrapp

30、ing architecture: Push Function“ 4 3GPP TS 33.222: “Generic Authentication Architecture (GAA); Access to network application functions using Hypertext; Transfer Protocol over Transport Layer Security (HTTPS)“. 5 FIPS PUB 180-2 (2002): “Secure Hash Standard“. 6 IETF RFC 2104 (1997): “HMAC: Keyed-Hash

31、ing for Message Authentication“. 7 ISO/IEC 10118-3:2004: “Information Technology Security techniques Hash-functions Part 3: Dedicated hash-functions“. 8 NIST Special Publication 800-38 A (2001): “Recommendation for Block Cipher Modes of Operation - Methods and Techniques “ 9 FIPS PUB 197 (2001): “Ad

32、vanced Encryption Standard“ 10 OMA-WAP-TS-WSP-V1_0-20020920-C: “Wireless Session Protocol 1.0“ 11 3GPP TS 31.111: “Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)“ 12 ETSI TS 102 600: “UICC-Terminal interface; Characteristics of the USB interface 13 ETSI TS 102 483: “UICC-Term

33、inal interface; Internet Protocol connectivity between UICC and terminal“ ETSI ETSI TS 133 224 V13.0.0 (2016-01)63GPP TS 33.224 version 13.0.0 Release 133 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TR 21.905 2,

34、TS 33.220 1 and the following apply. SN_h The highest sequence number received in a GPL message with validated MAC. SN_h is used for replay protection. SN_s A counter used to generate sequence numbers for outgoing messages. 3.2 Abbreviations For the purposes of the present document, the abbreviation

35、s given in TR 21.905 2 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 2. GBA Generic Bootstrapping Architecture GPI GBA Push Information GPL Generic Push Layer GPL_ME GPL hosted in the ME GP

36、L_U GPL hosted in the UICC HSP High Speed Protocol NAF Network Application Function KDF Key Derivation Function MAC Message Authentication Code SA Security Association SAID Security Association Identifier SN Sequence Number 4 GPL requirements 4.1 Session concept It is reasonable to expect that there

37、 will exist Push-NAF based services that rely on some form of per device session concept, and which would benefit from pushing more than one message based on the same security association. An example could be a virus signature update server. It is possible that the virus signatures are delivered in

38、multiple pushed messages (for size limitation reasons of the underlying push transport mechanism), and it would then be inefficient to establish a new security association for each message. This requires that GPL provides replay protection in addition to integrity protection (and possibly confidenti

39、ality protection). Figure 4.1-1 depicts the usage scenario, where three push messages are delivered from the Push-NAF to the UE using a single security association. Note that steps 1 and 2 in Figure 4.1-1 are out of scope for this specification. One way to achieve steps 1 and 2 is to use TS 33.223 3

40、. ETSI ETSI TS 133 224 V13.0.0 (2016-01)73GPP TS 33.224 version 13.0.0 Release 13Push message 3 UE NAF BSF (1) Establishment of Ks (between UE and BSF) (2) Establishment of Ks_NAF or Ks_int_NAF Security Association with keys derived from Ks_NAF or Ks_int_nAF Security Association with keys derived fr

41、om Ks_NAF or Ks_int_NAF Push message 2 Push message 1 Figure 4.1-1: Example of a secure session If GPL was to provide a complete session concept including reliability of delivered messages using timeouts/acknowledgments and re-transmissions, re-establishments of sessions, re-ordering of messages etc

42、., GPL would be unnecessarily complex and the size of the GPL messages would be too large for many applications (e.g., when the underlying transport is SMS). Therefore GPL shall only provide sufficient session state to ensure that the security of multiple GPL messages is not compromised. GPL shall h

43、ence provide the security services confidentiality, integrity protection and replay protection for a GPL session. If a more complex session concept is required by the application, where the session concept includes services other than security services, then, e.g., WSP 10 could be applied on top of

44、GPL, but this is out of scope for this specification. Even though it sometimes is sufficient with a secure downlink channel from the Push-NAF to the UE (for broadcast only UEs) a uplink channel may be present. An example of this is OMAs location based services, where a server requests location infor

45、mation from a terminal, which responds with its location information. This request/response exchange may be repeated every ten minutes. It is prudent to require that it shall be possible to secure also such an uplink channel. The security of the uplink channel can conveniently be based on the same N

46、AF SA as the downlink channel. To send a GPL message to the UICC, the Push-NAF selects a delivery channel that targets a UICC and that is supported by the GPL-capable ME (e.g. SMS class 2). The protocols that the GPL-capable ME shall support to receive the GPL_U messages depend on the type of interf

47、ace between the ME and the UICC (ISO or HSP). GBA Push as specified by TS 33.223 3 is capable of establishing a Ks_int_NAF and a Ks_ext_NAF using one GPI. However, GPL is not designed to make full use of this. It is not possible to establish GPL SAs for both GPL_U and GPL_ME from a single GPI. 4.2 R

48、equirements The following requirements shall be posed for the generic secure push layer: R1: It shall perform encapsulation of generic application layer messages from the Push-NAF to the UE. R2: It shall allow sending multiple messages based on the same security association. R3: Integrity protection

49、 and confidentiality protection shall be possible to provide for the messages. Integrity protection is mandatory to apply, while confidentiality protection is optional to apply. R4: Detection of replayed messages within the same session shall be possible. R5: If uplink messages are present in the application protocol, it shall be possible to apply the same level of protection to these messages, based on keys derived from the Ks_NAF or Ks_int_NAF. ETSI ETSI TS 133 224 V13.0.0 (2016-01)83GPP TS 33.224 version 13.0.0 Rel