ETSI TS 133 224-2017 Universal Mobile Telecommunications System (UMTS) LTE Generic Authentication Architecture (GAA) Generic Bootstrapping Architecture (GBA) push layer (V14 0 0 3G.pdf

1、 ETSI TS 133 224 V14.0.0 (2017-04) Universal Mobile Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) push layer (3GPP TS 33.224 version 14.0.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 133 224 V14.0.0 (2017-04)13GPP TS

2、33.224 version 14.0.0 Release 14Reference RTS/TSGS-0333224ve00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture

3、 de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modi

4、fied without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. U

5、sers of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please se

6、nd your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permissio

7、n of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ET

8、SI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo are Trade Marks registered

9、 and owned by the GSM Association. ETSI ETSI TS 133 224 V14.0.0 (2017-04)23GPP TS 33.224 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, i

10、s publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on th

11、e ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may b

12、e, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. T

13、hese should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should n

14、ot“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133

15、 224 V14.0.0 (2017-04)33GPP TS 33.224 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions, symbols and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 GPL requ

16、irements 6g34.1 Session concept 6g34.2 Requirements 7g35 GPL Processing 8g35.1 Processing model 8g35.2 Session start 9g35.3 Session termination 10g35.4 GPL security association 10g35.5 Combined delivery . 10g35.6 Message format 10g35.6.1 Data unit transfer format . 10g35.7 Inbound processing. 12g35.

17、8 Outbound processing 13g35.9 Initialization of GPL-SA 13g35.9.1 General 13g35.9.2 Initialization of downlink GPL-SA from a NAF SA 13g35.9.3 Initialization of uplink GPL-SA from a NAF SA . 14g35.10 Cipher suites . 14g3Annex A (informative): Use cases . 16g3A.0 General . 16g3A.1 Generic Push Layer -

18、use case for terminals without a return channel 16g3A.2 Specific use cases . 17g3A.2.1 Network initiated NAF-key refesh and distribution of keys . 17g3A.2.2 Distribution of tokens . 17g3A.2.3 MBMS GBA_U use case . 17g3A.2.4 OMA related use cases . 17g3A.2.5 Network initiated services 18g3A.2.6 BSF a

19、nd HSS load balancing for broadcast 18g3A.2.7 Download of vouchers / tickets 19g3A.2.8 Distribution of news / information / commands . 19g3A.2.9 Set-top box use-case . 19g3A.2.10 Summary 19g3Annex B (informative): Change history . 20g3History 21g3ETSI ETSI TS 133 224 V14.0.0 (2017-04)43GPP TS 33.224

20、 version 14.0.0 Release 14Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of th

21、e present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document und

22、er change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction 3GPP defined the Generic Authentication Archite

23、cture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to connect to the Bootstrapping Server Function (BSF). This specification introduces a generic push layer that makes use of t

24、he GBA Push Function as specified in TS 33.223 2. ETSI ETSI TS 133 224 V14.0.0 (2017-04)53GPP TS 33.224 version 14.0.0 Release 141 Scope The present document specifies a generic push layer that makes use of the GBA Push Function as specified in TS 33.223 3. The GPL specification includes a message f

25、ormat, cipher suites and processing model. GPL assumes that keys and other SA parameters have been preinstalled in the Push-NAF and UE in the form of a NAF SA. GPL is a protection protocol that can be applied in a unidirectional fashion. The rationale for GPL is that having each application specify

26、its own security mechanisms would for obvious reasons lead to duplication of work, specifications and implementations. Using a generic secure push layer avoids these problems. A generic secure push layer may also relieve the applications using the service of having to be aware of inner working of th

27、e security layer. As an analogy, TS 33.222 4 can be mentioned, which provides a generic security layer for HTTP based applications. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either spec

28、ific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-speci

29、fic reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 3GPP TS 33.223: “Generic Au

30、thentication Architecture (GAA); Generic bootstrapping architecture: Push Function“ 4 3GPP TS 33.222: “Generic Authentication Architecture (GAA); Access to network application functions using Hypertext; Transfer Protocol over Transport Layer Security (HTTPS)“. 5 FIPS PUB 180-2 (2002): “Secure Hash S

31、tandard“. 6 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Message Authentication“. 7 ISO/IEC 10118-3:2004: “Information Technology Security techniques Hash-functions Part 3: Dedicated hash-functions“. 8 NIST Special Publication 800-38 A (2001): “Recommendation for Block Cipher Modes of Operation -

32、Methods and Techniques “ 9 FIPS PUB 197 (2001): “Advanced Encryption Standard“ 10 OMA-WAP-TS-WSP-V1_0-20020920-C: “Wireless Session Protocol 1.0“ 11 3GPP TS 31.111: “Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)“ 12 ETSI TS 102 600: “UICC-Terminal interface; Characteristics

33、of the USB interface 13 ETSI TS 102 483: “UICC-Terminal interface; Internet Protocol connectivity between UICC and terminal“ ETSI ETSI TS 133 224 V14.0.0 (2017-04)63GPP TS 33.224 version 14.0.0 Release 143 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present documen

34、t, the terms and definitions given in TR 21.905 2, TS 33.220 1 and the following apply. SN_h The highest sequence number received in a GPL message with validated MAC. SN_h is used for replay protection. SN_s A counter used to generate sequence numbers for outgoing messages. 3.2 Abbreviations For the

35、 purposes of the present document, the abbreviations given in TR 21.905 2 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 2. GBA Generic Bootstrapping Architecture GPI GBA Push Information GP

36、L Generic Push Layer GPL_ME GPL hosted in the ME GPL_U GPL hosted in the UICC HSP High Speed Protocol NAF Network Application Function KDF Key Derivation Function MAC Message Authentication Code SA Security Association SAID Security Association Identifier SN Sequence Number 4 GPL requirements 4.1 Se

37、ssion concept It is reasonable to expect that there will exist Push-NAF based services that rely on some form of per device session concept, and which would benefit from pushing more than one message based on the same security association. An example could be a virus signature update server. It is p

38、ossible that the virus signatures are delivered in multiple pushed messages (for size limitation reasons of the underlying push transport mechanism), and it would then be inefficient to establish a new security association for each message. This requires that GPL provides replay protection in additi

39、on to integrity protection (and possibly confidentiality protection). Figure 4.1-1 depicts the usage scenario, where three push messages are delivered from the Push-NAF to the UE using a single security association. Note that steps 1 and 2 in Figure 4.1-1 are out of scope for this specification. One

40、 way to achieve steps 1 and 2 is to use TS 33.223 3. ETSI ETSI TS 133 224 V14.0.0 (2017-04)73GPP TS 33.224 version 14.0.0 Release 14Push message 3 UE NAF BSF (1) Establishment of Ks (between UE and BSF) (2) Establishment of Ks_NAF or Ks_int_NAF Security Association with keys derived from Ks_NAF or K

41、s_int_nAF Security Association with keys derived from Ks_NAF or Ks_int_NAF Push message 2 Push message 1 Figure 4.1-1: Example of a secure session If GPL was to provide a complete session concept including reliability of delivered messages using timeouts/acknowledgments and re-transmissions, re-esta

42、blishments of sessions, re-ordering of messages etc., GPL would be unnecessarily complex and the size of the GPL messages would be too large for many applications (e.g., when the underlying transport is SMS). Therefore GPL shall only provide sufficient session state to ensure that the security of mu

43、ltiple GPL messages is not compromised. GPL shall hence provide the security services confidentiality, integrity protection and replay protection for a GPL session. If a more complex session concept is required by the application, where the session concept includes services other than security servi

44、ces, then, e.g., WSP 10 could be applied on top of GPL, but this is out of scope for this specification. Even though it sometimes is sufficient with a secure downlink channel from the Push-NAF to the UE (for broadcast only UEs) a uplink channel may be present. An example of this is OMAs location bas

45、ed services, where a server requests location information from a terminal, which responds with its location information. This request/response exchange may be repeated every ten minutes. It is prudent to require that it shall be possible to secure also such an uplink channel. The security of the upl

46、ink channel can conveniently be based on the same NAF SA as the downlink channel. To send a GPL message to the UICC, the Push-NAF selects a delivery channel that targets a UICC and that is supported by the GPL-capable ME (e.g. SMS class 2). The protocols that the GPL-capable ME shall support to rece

47、ive the GPL_U messages depend on the type of interface between the ME and the UICC (ISO or HSP). GBA Push as specified by TS 33.223 3 is capable of establishing a Ks_int_NAF and a Ks_ext_NAF using one GPI. However, GPL is not designed to make full use of this. It is not possible to establish GPL SAs

48、 for both GPL_U and GPL_ME from a single GPI. 4.2 Requirements The following requirements shall be posed for the generic secure push layer: R1: It shall perform encapsulation of generic application layer messages from the Push-NAF to the UE. R2: It shall allow sending multiple messages based on the

49、same security association. R3: Integrity protection and confidentiality protection shall be possible to provide for the messages. Integrity protection is mandatory to apply, while confidentiality protection is optional to apply. R4: Detection of replayed messages within the same session shall be possible. R5: If uplink messages are present in the application protocol, it shall be possible to apply the same level of protection to these messages, based on keys derived from the Ks_NAF or Ks_int_NAF. ETSI ETSI TS 133 224