1、 TSB-902.AAAA-2004 APPROVED: MAY 6, 2004 REAFFIRMED: JUNE 2, 2009 REAFFIRMED: APRIL 23, 2013 TSB-902.AAAA May 2004Wideband Data System Security Services Overview Public Safety- Wideband Data Standards Project NOTICE TIA Engineering Standards and Publications are designed to serve the public interest
2、 through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Public
3、ations shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or in
4、ternationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Public
5、ation. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitati
6、ons before its use. (From Project No. PN-3-0159-RF2, formulated under the cognizance of the TR-8 Mobile and Personal Private and Radio Standards. TR-8.5 Subcommittee on Signaling and Data Transmission). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Standards and Technology Department 1320 N.
7、Courthouse Road Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call IHS, USA and Canada (1-877-413-5187) International (303-397-2896) or search online at http:/www.tiaonline.org/standards/cata
8、log/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents either in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this d
9、ocument, please contact the TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission. Details are located at: http:/www.tiaonline.org/standards/catalog/info.cfm#copyright or Telecommunications Industry Association Technology (b) there is no assur
10、ance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intell
11、ectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the hold
12、er thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are ins
13、tead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or i
14、ts contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such refere
15、nce consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs pol
16、icy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a
17、claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Documen
18、t. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY R
19、IGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRE
20、D TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL
21、 DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES I
22、S A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. Wideband Data System Security Services Overview TSB-902.AAAA i Foreword (This foreword is not part of this standard.) This document has been published by the Telecomm
23、unications Industry Association (TIA) in accordance with the terms and conditions provided for in a Memorandum of Understanding (MoU) executed by and between the TIA, the Associated Public-Safety Communications Officials (APCO), the National Association of State Telecommunications Directors (NASTD),
24、 and the various agencies of the Federal government (FED). This TIA Standard is being promulgated and will be maintained by the TR-8.5 Signaling and Data Transmission committee, and working groups under the sponsorship of the Telecommunications Industry Association. This document has been published
25、as a TIA Standard because it contains useful technical information on emerging digital techniques for Land Mobile Radio Service. In particular, it describes the wideband air interface logical link control layer technology. Generally, the wideband air interface has been developed by TIA TR-8.5 to be
26、consistent with the Statement of Requirements adopted by the National Coordination Committees Interoperability Subcommittee, WG6 Wideband Data. This document references that the primary user needs document will be “APCO Project 25/34 Statement of Requirements (P34SOR)”. This security services overvi
27、ew provides a description of the general security issues and solutions for the optional application on wideband data radio systems. The TIA makes no claims as to the applicability of the information contained in this document for any purpose although it is believed that the information will prove to
28、 be invaluable to designers of wideband data compliant equipment. Some aspects of the specifications contained in this document may not have been fully operationally tested; however, a great deal of time and good faith effort has been invested in the preparation of this document to ensure the accura
29、cy of the information it contains. While all reasonable efforts have been made to ensure the accuracy of this document, it should be understood that significant work remains in fully developing the standard series and this document will be updated as necessary. TSB-902.AAAA Wideband Data System Secu
30、rity Services Overview ii Patent Identification The readers attention is called to the possibility that compliance with this document may require the use of one or more inventions covered by patent rights. By publication of this document no position is taken with respect to the validity of those cla
31、ims or any patent rights in connection therewith. The patent holders so far identified have, we believe, filed statements of willingness to grant licenses under those rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such licenses. The following patent
32、holders and patents have been identified in accordance with the TIA intellectual property rights policy: None currently identified TIA shall not be responsible for identifying patents for which licenses may be required by this document or for conducting inquiries into the legal validity or scope of
33、those patents that are brought to its attention. Wideband Data System Security Services Overview TSB-902.AAAA iii TABLE OF CONTENTS 1. SCOPE1 2. TERMS 2 3. OVERVIEW .5 3.1 MESSAGE INTERCEPTION 6 3.2 MESSAGE REPLAY 6 3.3 SPOOFING. 7 3.4 MISDIRECTION 7 3.5 JAMMING . 8 3.6 TRAFFIC ANALYSIS 8 3.7 SUBSCR
34、IBER DUPLICATION 9 3.8 THEFT OF SERVICE. 9 3.9 THEFT OF UNIT . 9 3.10 DENIAL OF SERVICE . 10 4. SECURITY SERVICES 11 4.1 AIR INTERFACE SECURITY 11 4.1.1 Authentication.11 4.1.2 Confidentiality 11 4.2 END-TO-END NETWORK SECURITY 12 4.2.1 Confidentiality 13 4.2.2 Authentication.13 5. SECURITY POLICY.1
35、6 6. KEY MANAGEMENT .17 TSB-902.AAAA Wideband Data System Security Services Overview iv Table of Figures FIGURE 1. MESSAGE INTERCEPTION. 6 FIGURE 2. MESSAGE REPLAY. 6 FIGURE 3. SPOOFING 7 FIGURE 4. MISDIRECTION. 7 FIGURE 5. JAMMING 8 FIGURE 6. TRAFFIC ANALYSIS 8 Wideband Data System Security Service
36、s Overview TSB-902.AAAA v List of Tables TABLE 1. DOCUMENT REVISION HISTORY.V Table 1. Document Revision History Version Date Description Issue O 4/20/2004 Original Publication as TSB-902.AAAA per PN-3-0159 Ballot Wideband Data System Security Services Overview TSB-902.AAAA 1 1. Scope In many cases,
37、 information security may be a vital component of a general wideband data radio system. Several security services are permitted for implementation in these systems. The services are standards options and they operate within the bounds of the interfaces defined for non-secure operation. This security
38、 overlay may be used to provide end-to-end security of information transferred across a general wideband data radio system or the security overlay may be used to just protect information across the air interface. The purpose of this document is to define the meaning of these security services. The d
39、efinition and detail of how security services are provided is outside the scope of this document. A general wideband data radio communications system consists of subscriber units, base stations and other fixed equipment for single-site to wide area operation and computer end host system equipment. T
40、he subscriber units include portable radios for handheld operation and mobile radios for vehicular operation. The base stations are for geographically fixed installations. A standard should exist to describe any given specific instance of such a general wideband data radio system. This document will
41、 refer to such a specific instance of a general wideband data radio system as defined by the TIA-902 series of standards. This document provides an overview of the security services available in wideband data radio systems. It provides the context in which to understand when certain security service
42、s may be desired and gives a general high-level description of how they are provided. The purpose of security services is to neutralize information security threats to a system. The nature of these threats is discussed in this document, and the security services to counter these threats are defined.
43、 In general, the subject of security includes encryption, and this topic is discussed in general terms to explain the different levels of encryption algorithms available within the standard, and their application to security services. In the context of this document, the specific security requiremen
44、ts are generalized into three security topics: Confidentiality (also known as Privacy) Authentication and Integrity Key management These three categories correspond to the security services available to wideband data radio systems. This document does not provide specific message formats or operation
45、al details of these security services TSB-902.AAAA Wideband Data System Security Services Overview 2 2. Terms Advanced Encryption Standard (AES) AES in a standardized cryptographic algorithm. Algorithm ID ALG ID an identifier for an encryption algorithm. Authentication Authentication is a process to
46、 prove something genuine. Authentication may be used to determine that message or its sender is genuine. Channel A channel consists of the transmit frequency, receive frequency and associated radio parameters used by a mobile or portable radio. The channel may optionally include an algorithm ID and
47、key ID to be used when the channel is in use. Chronological Integrity Chronological integrity is the property that the data has not been replayed in an unauthorized and undetected manner Ciphertext Ciphertext has been protected with encryption so that it may be transmitted in an RF system without lo
48、ss of confidentiality. Code Code is a transformation of a message to obtain a code, or an encoded message. While the notion of a code is general enough to include encryption, this document will always use the word to indicate a transformation other than encryption. For example: “error correction cod
49、e“. Compromise Compromise is the unauthorized disclosure, modification, substitution or use of sensitive data. Confidentiality Confidentiality is the property that information is not disclosed to unauthorized individuals, entities or processes. Cryptanalysis Cryptanalysis is the analysis of a cryptographic system or its inputs and outputs to derive confidential variables or sensitive data including plaintext. Cryptographic Algorithm A cryptographic algorithm is a procedure or process to perform a cryptographic transformation. The algorithm performs encryption or decrypti
