ITU-R M 1078-1994 Security Principles for International Mobile Telecommunications-2000 (IMT-2000)《国际移动通信-2000(IMT-2000)的安全性原则》.pdf

1、ITU-R RECMN*M* LO78 94 4855232 05235b7 05T 1 . 2 . 3 . 4 . 5 . 6 . 7 . 8 . Kec . ITU-R M.1078 109 RECOMMENDATION ITU-R M.1078 SECURITY PRINCIPLES POR FUTURE PUBLIC LAND MOBILE TELECOMMUNICATION SYSTEMS (FPLMTS) (Question ITU-R 3918) (1994) TABLE OF CONTENTS Introduction Scope . . Structure of the Re

2、commendation Related documents Definitions System overview 6.1 System assumptions relevant to security 6.2 Operational scenario and logically involved parties (logical parties) . Consideratiois Recommendations 8.1 8.2 8.4 Security management 8.5 Security architecture and procedures General objective

3、s for security . System requirements on security 8.3 Security provided by FPL. MTS . . 8.6 Security algorithms . Annex 1 . Vocabulary . Annex 2 - Threat and risk analysis . Annex 3 - Potential security procedures Page i10 110 111 111 112 112 112 113 118 118 118 119 121 124 124 124 124 126 135 COPYRI

4、GHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling Services110 Rec. ITU-R M.1078 1. Introduction Future public land mobile telecommunications systems (FPLMTS) are third generation mobile systems (TGMS) which are scheduled to start service around the ye

5、ar 2000 subject to market considerations. They will provide access, by means of one or more radio links, to a wide range of telecommunication services supported by the fixed telecommunication networks (e.g. PSTNASDN), and to other services which are specific to mobile users. A range of mobile termin

6、al types is encompassed, linking to terrestrial or satellite-based networks, and the terminals may be designed for mobile or fixed use. Key features of FPLMTS are: - high degree of commonality of design worldwide, - compatibility of services within FPLMTS and with the fixed networks, - high quality,

7、 - use of a small pocket-terminal worldwide. FPLMTS are defined by a set of interdependent ITU Recommendations, of which this one on security principles is a member. The subject matter of FPLMTS is complex and its representation in the form of Recommendations is evolving. To maintain the pace of pro

8、gress on the subject it is necessary to produce a sequence of Recommendations on a variety of aspects. The Recommendations strive to avoid apparent conflicts between themselves. Nevertheless, future Recommendations, or revisions, will be used to resolve any discrepancies. Due to the particular radia

9、ting nature of wireless communications, FPLMTS needs to incorporate some security measures to prevent easy reception by more parties than the intended recipient. In addition, the nature of mobile communication of FPLMTS requires security measures to prevent fraudulent access to the services. 2. Scop

10、e The scope of this Recommendation is to provide the principles and framework for the security provided by FPLMTS. The Recommendation covers all aspects of security for FPLMTS, and is intended as a basis for more detailed aspects of FPLMTS security to be integrated in various ITU-R or ITU-T Recommen

11、dations including FPLMTS requirements at a later stage. The Recommendation identifies the security requirements for FPLMTS and defines security features for FPLMTS. An informative Annex to the Recommendation contains a threat and risk analysis including the justification for the various security fea

12、tures defined. The system requirements on security in this Recommendation do not imply any legal responsibilities of involved parties concerning the security of the communication and associated information as this will be in accordance with a countrys national law. Possible security mechanisms, impl

13、ementation requirements for FPLMTS security mechanisms as procedures between the different parties involved in the FPLMTS operation and security algorithms are, however, not covered in this Recommendation, as these will be covered in the future ITU-R Recommendation on FPLMTS security procedures. The

14、 management of security features will be dealt with in the future ITU-R Recommendation on FPLMTS Network Management. The security provisions recommended for FPLMTS are defined with the objective of ensuring interoperability with roaming across international and national network boundaries. Flexibili

15、ty is left for implementation within these constraints. Although there are security requirements and features which are clearly considered to be specific to the radio access, there are those which may not be directly related to the radio access but may still have some relevance to the radio access.

16、They are included in this Recommendation with an indication of “possibly not directly related to the radio in terface”. COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling ServicesRec. ITU-R M.1078 3. Structure of the Recommendation 111 Figure 1 g

17、ives an overview of the methodology and structure of this Recommendation. Section 6 gives a system overview of FPLMTS and identifies the involved parties in the FPLMTS service. Section 8.1 lists the general objectives for security. Section 8.2 gives system requirements on security and 0 8.3 identifi

18、es the security features provided by FPLMTS, and makes reference to the future Recommendation on FPLMTS security mechanisms. Section 8.4 is a reference to future Recommendations on FPLMTS network management. Sections 8.5 and 8.6 are reference to the future Recommendation on FPLMTS security procedure

19、s and security algorithms, respectively. Finally, Annex 1 lists the vocabulary used in this Recommendation and Annex 2 gives the threat and risk analysis leading up to the security defined for FPLMTS. Annex 3 lists potential security procedures to be considered for the future Recommendation on FPLMT

20、S security procedures. FIGURE 1 Methodology and recommendation structure Security objectives l System overview Threats . .- Threats associated -11 Annex2 with system entities Threatsassociated . . .a with FPLMTS services I -._._ Procedures 0 8.5 0 8.6 . . . . . . . . Algorithms I . . . . . . . . . 0

21、 8.4 *W! 4. Related documents The following ITU documents contain information on FPLMTS relating to this Recommendation: - Recommendation ITU-R M.687: Future Public Land Mobile Telecommunication Systems (FPLMTS) - Recommendation ITU-R M.816: Framework for services supported on Future Public Land Mob

22、ile Telecommunication Systems (FPLMTS) COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling Services ITU-R RECMN*M. LO78 94 I 4855232 0523570 b44 112 Rec. ITU-R M.1078 - Recommendation ITU-R M.817: Future Public Land Mobile Telecommunication System

23、s (FPLMTS) Network architectures - Recommendation ITU-R M.818: Satellite operation within Future Public Land Mobile Telecom- munication Systems (FPLMTS) - Recommendation ITU-R M.819: Future Public Land Mobile Telecommunication Systems (FPLMTS) for developing countries - Draft ITU-T Recommendation F.

24、115: Operational and service provisions for FPLMTS - Recommendation ITU-R M.1034: Requirements for the radio interface(s) for Future Public Land Mobile Telecommunication Systems (FPLMTS) - Recommendation ITU-R M.1035: Framework for radio interface(s) and radio sub-system functionality for Future Pub

25、lic Land Mobile Telecommunication Systems (FPLMTS) - Recommendation ITU-R M. 1036: Spectrum considerations for implementation of Future Public Land Mobile Telecommunication Systems (FPLMTS) in the bands i 885-2 025 MHz and 2 1 10-2 200 MHz - Recommendation ITU-R M.1079: Speech and voiceband data per

26、formance requirements for Future Public Land Mobile Telecommunication Systems (FPLMTS) 5. Definitions A partial list of definitions pertinent to this Recommendation is found in Annex 1. 6. System overview 6.1 System assumptions relevant to securio The following assumptions with possible impact on th

27、e FPLMTS security architecture are made: FPLMTS will be provided in a multi-network operator and multi-service provider environment, public or private, of which some are in direct competition. It can be expected that all parties involved in FPLMTS will have their own security policies; FPLMTS will b

28、e operated across international and national network boundaries with international and national roaming capabilities; FPLMTS will have an open architecture, based on IN and TMN concepts; FPLMTS supports UPT; FPLMTS will provide a variety of services with a range of bit rates. More than one service m

29、ay be used simultaneously, and the services and/or their bit rates may vary during communication; FPLMTS will provide a range of terminal types, including integrated terminals as well as terminals with standard interfaces for wired connection to other standard terminals; FPLMTS users and terminals a

30、re logically identified with different unique identities; a FPLMTS user has a personal service profile, to which he has direct access. This service profile contains personal data of the FPLMTS user, and the FPLMTS user and subscriber have limited ability to modify some of this data. Service profile

31、data include the services subscribed to for the FPLMTS user by the FPLMTS subscriber, various subscription options and a range of service parameters. COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling Services ITU-R RECNN*M* LO78 94 I 4855232 052

32、3573 580 I Rec. ITU-R M.1078 113 6.2 Operational scenario and logically involved parties (logical parties) This section defines the operational scenario for FPLMTS from a security perspective, by identifying all the various logical parties potentially involved in the normal operation of the FPLMTS s

33、ervice use and provision. This maximum operational scenario is defined concerning the various logical parties involved, thus allowing flexibility and the possibility for different regulatory environments in different countries or regions. It should be noted that this scenario represents logical part

34、ies (roles) involved in the FPLMTS service use and provision, and does not represent an actual legal entity, person or machine. It is the maximum operational scenario, and some of the parties may not exist in some cases or may be grouped together in one single entity. For example, in a certain envir

35、onment, the FPLMTS home or visited service provider and the FFLMTS network operator could be a single entity. It should further be noted that although the maximum operational scenario is identified in order to define requirements for the overall security of the FPLMTS service provision and use, its

36、detailed definition may not be part of this Recommendation in all areas, only areas relevant to security. The maximum Operational scenario of possible involved parties is illustrated in Fig. 2. It should be noted that parties not directly involved in the day-to-day FPLMTS service provision and opera

37、tion, like regulators, type approval authorities etc. are not included. It should also be noted that Fig. 2 represents the general scenario when a WLMTS user is called by another user (incoming FPLMTS call), and vice versa (outgoing FFLMTS call). The case of mobile-to- mobile FPLMTS calls is simply

38、a combination of the two, and is for simplicity not included in the figure. FIGURE 2 FPLMTS operational scenario and logical parties subscriber o FPL,MTS subscriber n UPT service provider - i terminal ,/ I Other Other FPLMTS FPLMTS ; mobile ation I. _. “ “ “ access provider ., user FPLMTS domain n I

39、ntruder (I) These operators may or may not be in the FPLMTS domain. COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling Services ITU-R RECMN*M. LO78 94 m 4855232 0523572 417 m 114 Rec. ITU-R M.1078 The maximum operational scenario of involved part

40、ies in the FPLMTS service use and provision includes the following logical parties: - the FPLMTS users, - the FPLMTS mobile terminals, - the FPLMTS subscribers, - the home FPLMTS service providers, - the visited FPLMTS service providers, - the FPLMTS network operators, - the FPLMTS terminal manager,

41、 - - the FPLMTS access providers, - other network operators, - other users, the mobile FPLMTS transit operators, - intruders. It should be noted that as FPLMTS will provide international roaming with local access to radio resources, the visited FPLMTS service provider may be involved in a call, in a

42、ddition to the home FPLMTS service provider. Further, as FPLMTS supports UPT, the following parties may additionally be involved: - the PT users, - the UPT subscribers, - the UPT service providers. In the following sections, the responsibilities and functions of these FPLMTS parties (security domain

43、s) are defined from a security perspective. This does not preclude additional non-security related responsibilities and functions being associated with these parties. 6.2.1 The home FPLMTS service provider role The home FPLMTS service provider role has responsibility for furnishing services to FPLMT

44、S users, subject to restrictions in service capabilities of the FPLMTS networks that are involved in the service provision, and handling all information related to the subscription associated with a FPLMTS user. A set of user identities logically belongs to the home FPLMTS service provider. The home

45、 WLMTS service provider role is responsible for mapping FPLMTS numbers on to FPLMTS user identities and/or to FPLMTS mobile terminal identities. Note 1 - A key item for further study is the implications for fraud of the use of terminal identities and their relationship to user identities. The associ

46、ation of a FPLMTS number to a FPLMTS user identity is always static, unless there are administrative changes in the FPLMTS subscriptions or FPLMTS numbering plans, while the association of a FPLMTS user identity to a FPLMTS mobile terminal identity may be static or dynamic during normal FPLMTS opera

47、tion at the choice of the home FPLMTS service provider together with his FPLMTS subscribers. FPLMTS user identities of multiple FPLMTS users may be mapped onto a single FPLMTS mobile terminal identity. Note 2 - A key issue for further study is whether or not it is useful to allow more than one FPLMT

48、S user to be associated with a FPLMTS mobile terminal identity simultaneously, as it is in any case possible for UPT users. The situation is different for incoming and outgoing FPLMTS calls. For outgoing calls, only one FPLMTS user may be associated at one time, since only one FPLMTS outgoing call c

49、ould be placed from a FPLMTS mobile terminal at one time. For incoming calls, the situation is different, and more than one FPLMTS user may be considered associated with one FPLMTS mobile terminal identity simultaneously. COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling ServicesRec. ITU-R M.1078 115 The home FPLMTS service provider may use either the FPLMTS user identity or the FPLMTS mobile terminal identity in the communication with the visited FPLMTS service provider in order to reach the