ETSI TS 142 009-2006 Digital Cellular Telecommunications System (Phase 2+) Security Aspects (3GPP TS 42 009 Version 4 1 0 Release 4)《数字蜂窝通信系统(第2+阶段) 安全方面 3GPP TS 42 009(版本4 1 0 第4次.pdf

1、 ETSI TS 142 009 V4.1.0 (2006-06)Technical Specification Digital cellular telecommunications system (Phase 2+);Security aspects(3GPP TS 42.009 version 4.1.0 Release 4)GLOBAL SYSTEM FOR MOBILE COMMUNICATIONSRETSI ETSI TS 142 009 V4.1.0 (2006-06) 1 3GPP TS 42.009 version 4.1.0 Release 4 Reference RTS/

2、TSGS-0342009v410 Keywords GSM ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies

3、 of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PD

4、F). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status

5、of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except a

6、s authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMan

7、d the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 142 009 V4.1.0 (2006-06) 2 3GPP TS 42.009 version 4.1.0 Release 4 Intell

8、ectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Right

9、s (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR

10、 searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been p

11、roduced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference

12、 between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp . ETSI ETSI TS 142 009 V4.1.0 (2006-06) 3 3GPP TS 42.009 version 4.1.0 Release 4 Contents Intellectual Property Rights2 Foreword.2 Foreword.4 1 Scope 5 1.1 References 5 1.2 Abbreviations .5 2 Gene

13、ral .5 3 Security features provided in a GSM PLMN .6 3.1 Subscriber identity confidentiality .6 3.1.1 Definition6 3.1.2 Purpose .6 3.1.3 Functional requirements .7 3.2 Subscriber identity authentication 7 3.2.1 Definition7 3.2.2 Purpose .7 3.2.3 Functional requirements .7 3.2.4 Authentication during

14、 a malfunction of the network 7 3.3 User data confidentiality on physical connections (Voice and Non-voice)8 3.3.1 Definition8 3.3.2 Purpose .8 3.3.3 Functional requirements .8 3.4 Connectionless user data confidentiality 8 3.4.1 Definition8 3.4.2 Purpose .8 3.4.3 Functional requirements .9 3.5 Sign

15、alling information element confidentiality9 3.5.1 Definition9 3.5.2 Purpose .9 3.5.3 Functional requirements .9 Annex A (informative): Change history .10 History 11 ETSI ETSI TS 142 009 V4.1.0 (2006-06) 4 3GPP TS 42.009 version 4.1.0 Release 4 Foreword This Technical Specification has been produced

16、by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change o

17、f release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance,

18、 i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 142 009 V4.1.0 (2006-06) 5 3GPP TS 42.009 version 4.1.0 Release 4 1 Scope Bearer and Teleservices, as respectively defined in GSM

19、 02.02 and GSM 02.03, are the objects which the GSM PLMN operators offer to their customers. Besides these basic telecommunications services, features which aim at up-grading these basic services need also to be offered. Due to the use of radiocommunications in a PLMN, which are of a special nature

20、compared to classical distribution transmission techniques used in the fixed networks, such a category of features is related to security aspects. In a GSM PLMN, both the users and the network operator have to be protected against undesirable intrusion of third parties. However, measures should be p

21、rovided for in order to insure maximum protection of the rights of the individuals concerns. As a consequence, a security feature is either a supplementary service to Tele or Bearer services, which can be selected by the subscriber, or a network function involved in the provision of one or several t

22、elecommunication services. The purpose of the present document is to define the security features which are to be available in a GSM PLMN, together with the associated levels of protection. The present document is only concerned with those security features which aim at the up-grading of the securit

23、y in a GSM PLMN. In particular, end-to-end security is outside the scope of the present document. The implementation aspects of security features are described in GSM 03.20. 1.1 References The following documents contain provisions which, through reference in this text, constitute provisions of the

24、present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP docu

25、ment (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 GSM 01.04: “Digital cellular telecommunications system (Phase 2+); Abbreviations and acronyms“. 2 GSM 02.02: “Digital cellular telecommuni

26、cations system (Phase 2+); Bearer Services (BS) supported by a GSM Public Land Mobile Network (PLMN)“. 3 GSM 02.03: “Digital cellular telecommunications system (Phase 2+); Teleservices supported by a GSM Public Land Mobile Network (PLMN)“. 4 GSM 03.20: “Digital cellular telecommunications system (Ph

27、ase 2+); Security related network functions“. 5 GSM 11.11: “Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface“. 1.2 Abbreviations Abbreviations used in the present document are listed in GSM 01.04. 2 General

28、 The use of radiocommunications for transmission to the mobile subscribers makes PLMNs particularly sensitive to: ETSI ETSI TS 142 009 V4.1.0 (2006-06) 6 3GPP TS 42.009 version 4.1.0 Release 4 - misuse of their resources by unauthorized persons using manipulated Mobile Stations, who try to impersona

29、te authorized subscribers; and - eavesdropping of the various information which are exchanged on the radio path. It can be seen that PLMNs intrinsically do not provide the same level of protection to their operators and subscribers as the traditional telecommunication networks provide. This fact lea

30、ds to the need to implement security features in a GSM PLMN in order to protect: i) the access to the mobile services; ii) any relevant item from being disclosed at the radio path, mainly in order to ensure the privacy of user-related information. Two levels of protection are therefore assumed: - wh

31、ere security features are provided, as defined in clause 3, the level of protection at the radio path of the corresponding items is as good as the level of protection provided in the fixed networks; - where no special provision is made, the level of protection at the radio path is null. All items wh

32、ich are not dealt with in clause 3 are therefore considered to need no protection. 3 Security features provided in a GSM PLMN The following security features are considered: - subscriber identity (IMSI) confidentiality; - subscriber identity (IMSI) authentication; - user data confidentiality on phys

33、ical connections; - connectionless user data confidentiality; - signalling information element confidentiality. The implementation of these five security features is mandatory on both the fixed infrastructure side and the MS side. This means that all GSM PLMNs and all MSs shall be able to support ev

34、ery security feature. Use of these five security features is at the discretion of the operator for its own subscribers while on the HPLMN. For roaming subscribers, use of these five security features is mandatory unless otherwise agreed by all the affected PLMN operators (see also subclause 3.3.3).

35、3.1 Subscriber identity confidentiality 3.1.1 Definition The subscriber identity confidentiality feature is the property that the IMSI is not made available or disclosed to unauthorized individuals, entities or processes. 3.1.2 Purpose This feature provides for the privacy of the identities of the s

36、ubscribers who are using GSM PLMN resources (e.g. a traffic channel or any signalling means). It allows for the improvement of all other security features (e.g. user data confidentiality) and provides for the protection against tracing the location of a mobile subscriber by listening to the signalli

37、ng exchanges on the radio path. ETSI ETSI TS 142 009 V4.1.0 (2006-06) 7 3GPP TS 42.009 version 4.1.0 Release 4 3.1.3 Functional requirements This feature necessitates the confidentiality of the subscriber identity (IMSI) when it is transferred in signalling messages (see subclause 3.5) together with

38、 specific measures to preclude the possibility to derive it indirectly from listening to specific information, such as addresses, at the radio path. The means used to identify a mobile subscriber on the radio path consists of a local number called Temporary Mobile Subscriber Identity (TMSI), describ

39、ed in GSM 03.20. When used, the subscriber identity confidentiality feature shall apply for all signalling sequences on the radio path. However, in the case of location register failure, or in case the MS has no TMSI available, open identification is allowed on the radio path. 3.2 Subscriber identit

40、y authentication 3.2.1 Definition International Mobile Subscriber identity (IMSI) authentication is the corroboration by the land-based part of the system that the subscriber identity (IMSI or TMSI), transferred by the mobile subscriber within the identification procedure at the radio path, is the o

41、ne claimed. 3.2.2 Purpose The purpose of this authentication security feature is to protect the network against unauthorized use. It enables also the protection of the GSM PLMN subscribers by denying the possibility for intruders to impersonate authorized users. 3.2.3 Functional requirements The aut

42、hentication of the GSM PLMN subscriber identity may be triggered by the network when the subscriber applies for: - a change of subscriber-related information element in the VLR or HLR (including some or all of: location updating involving change of VLR, registration or erasure of a supplementary ser

43、vice); or - an access to a service (including some or all of: set-up of mobile originating or terminated calls, activation or deactivation of a supplementary service); or - first network access after restart of MSC/VLR; or in the event of cipher key sequence number mismatch. Physical security means

44、must be provided to preclude the possibility to obtain sufficient information to impersonate or duplicate a subscriber in a GSM PLMN, in particular by deriving sensitive information from the mobile station equipment. If, on an access request to the GSM PLMN, the subscriber identity authentication pr

45、ocedure fails and this failure is not due to network malfunction, then the access to the GSM PLMN shall be denied to the requesting party. 3.2.4 Authentication during a malfunction of the network If an MS is registered and has been successfully authenticated, whether active or not active on a call,

46、calls are permitted (including continuation and hand-over). If an MS has already been registered (and therefore been already authenticated) and can not be successfully reauthenticated due to the network malfunction (e.g. the HPLMN was not able to provide authentication pairs RAND, SRES), calls are p

47、ermitted. If an MS attempts to register and can not be successfully authenticated due to the network malfunction, calls are not permitted. ETSI ETSI TS 142 009 V4.1.0 (2006-06) 8 3GPP TS 42.009 version 4.1.0 Release 4 If the MS is not registered, or ceases to be registered, a new registration need t

48、o be performed, and the preceding cases apply. 3.3 User data confidentiality on physical connections (Voice and Non-voice) 3.3.1 Definition The user data confidentiality feature on physical connections is the property that the user information exchanged on traffic channels is not made available or d

49、isclosed to unauthorized individuals, entities or processes. 3.3.2 Purpose The purpose of this feature is to ensure the privacy of the user information on traffic channels. 3.3.3 Functional requirements Encryption will normally be applied to all voice and non-voice communications. Although a standard algorithm will normally be employed, it is permissible for the mobile station and/or PLMN infrastructure to support more than one algorithm. In this case, the infrastructure is responsible for deciding which algorithm to use (including the possibility not to use enc