1、 TIA-1053 January 2005 (r 04/2012) Broadcast/Multicast Service Security Framework NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of
2、 products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming
3、to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI
4、) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requi
5、rements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. TIA-PN-1053-RF1, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no
6、assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of i
7、ntellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the
8、 holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which ar
9、e instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document
10、 or its contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such r
11、eference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIA
12、s policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA
13、of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Do
14、cument. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPE
15、RTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE RE
16、FERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUE
17、NTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMA
18、GES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. BCMCS Security Framework TIA-1053 i Table of Contents 1 1 Introduction and Scope .1 2 2 References.1 3 3 Definitions and Abbreviations 1 4 4 Overview of BCMCS3 5
19、 4.1 Introduction to BCMCS3 6 4.2 Summary of Key Management.4 7 4.2.1 Authentication-Key 5 8 4.2.2 Authorization Signature .5 9 4.3 Security Functional Architecture6 10 4.3.1 Summary of Functional Entities.6 11 4.3.2 Summary of Key Distribution 7 12 4.3.3 Authentication-Key Challenge Response Protoc
20、ol 9 13 4.3.4 Computation of the Authorization Signature10 14 4.4 BAK Management10 15 4.4.1 Authenticating BAK Requests .11 16 4.4.2 Storage of BAK11 17 4.4.3 Updating BAK before use 12 18 4.5 BCMCS Security Algorithms.12 19 4.5.1 Encryption of Content 12 20 4.5.2 Encryption of BAK 12 21 4.5.3 Manag
21、ement of TK 13 22 4.5.4 SK.14 23 4.5.5 Authentication Key 14 24 5 Motivation.15 25 5.1 Design Philosophy15 26 5.1.1 A Specific Goal 15 27 5.2 Motivation for Establishing Registration Keys.15 28 29 TIA-1053 BCMCS Security Framework ii This page intentionally left blank. 1 2 BCMCS Security Framework T
22、IA-1053 1 1 Introduction and Scope 1 This document defines the security framework for the Broadcast-Multicast Services (BCMCS). 2 The security framework provides a logical description of the security information, functions 3 and protocols for BCMCS. The architectural design of the network that suppo
23、rts these 4 functions is outside the scope of this document. 5 2 References 6 2.1 Normative References 7 The following standards contain provisions which, through reference in this text, constitute 8 provisions of this Standard. At the time of publication, the editions indicated were valid. All 9 st
24、andards are subject to revision, and parties to agreements based on this Standard are 10 encouraged to investigate the possibility of applying the most recent editions of the standards 11 indicated below. ANSI and TIA maintain registers of currently valid national standards 12 published by them. 13
25、1 TIA TR45.AHAG, Common Cryptographic Algorithms, Revision D.1, September 2000. 14 2 TIA-946, Enhanced Cryptographic Algorithms, June 2003. 15 3 TIA-1006, cdma2000High Rate Broadcast-Multicast Packet Data Air Interface Specification, 16 February 2004. 17 4 IETF RFC 3711 Secure Real-time Transport Pr
26、otocol (SRTP), March 2004. 18 5 IETF RFC 2617, HTTP Authentication: Basic and Digest Access Authentication, June 1999. 19 2.2 Informative References 20 None. 21 3 Definitions and Abbreviations 22 For the purposes of this standard, the following definitions apply. 23 Auth-Key Authentication Key: Used
27、 during BCMCS information acquisition for authentication and 24 integrity protection 25 cdma2000is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of 3GPP2. When applied to goods and services, the cdma2000mark certifies their
28、 compliance with cdma2000standards. Geographically (and as of the date of publication), cdma2000 is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States. TIA-1053 BCMCS Security Framework 2 Authorization Signature Generated by mobile station from a BAK
29、 and a time stamp and verified by 1 the serving system. The authorization signature verifies that the mobile station is authorized to 2 access a corresponding BCMCS flow. 3 BAK 128-bit Broadcast Access Key: Provides access to one or more multicast IP flows of a 4 particular set of BCMCS programs for
30、 a certain amount of time (for example, one day, week or 5 month). Each encrypted set of BCMCS programs have a different BAK value. Each BAK 6 should have the following associated values: 7 BAK_ID: BAK identifier. A sequence number that identifies which value of BAK is 8 currently valid for a partic
31、ular BCMCS Multicast IP Flow; that is, the BAK is 9 identified by the combination of a BCMCS_FLOW_ID and BAK_ID. For a particular 10 BAK, the corresponding value of BAK_ID is the same for all users. 11 BAK_Expire: Indicates when the BAK will expire. This may be indicated by the time when 12 the BAK
32、will expire, or by the Delta time left until the BAK expires, in which case it 13 is calculated when a new BAK is received. Therefore, there may be multiple 14 BAK_Expire values associated with the same BAK. Before the BAK_Expire time 15 expires, the MS is expected to request a new BAK value. 16 BCM
33、C Content Broadcast-Multicast Content, also referred to simply as Content. The content is the 17 data being broadcast. Typically, this is expected to be audio-visual data. 18 BCMCS Broadcast-Multicast Service. BCMCS is the name of the system offering broadcast 19 and multicast services. 20 BCMCS Con
34、tent Stream A single BCMCS program identified by content name. This is also 21 referred to simply as a content stream. A content stream can be considered as equivalent to a 22 TV channel. For example, the document may refer to a “CNN BCMCS content stream” or 23 “local news BCMCS content stream”. A B
35、CMCS Content Stream may consist of multiple 24 Multicast IP Flows. 25 BCMCS_FLOW_ID A value used for identification of a BCMCS Multicast IP Flow. 26 CS Content Source (functional entity): Provides the unencrypted data for the service. A CS may be 27 a proxy or an aggregator for other content servers
36、, but from a network point of view, it is the 28 provider of content to the MS. 29 BAKG BAK Generator (functional entity): Generates BAK, determines BAK_ID and BAK_Expire, 30 and delivers them to the BAKD and SKM. BAKs should be generated in a secure manner and 31 appear random. 32 BAKD BAK Distribu
37、tor (functional entity): Obtains authorization and TK from SM and encrypts 33 BAK for delivery to UIMs. 34 CE Content Encryptor (functional entity): Encrypts content from the CS, and sends the encrypted 35 content to the MS via the cellular system. 36 MS Mobile Station: For the purposes of this docu
38、ment, the MS is considered as two separate 37 entities, the UIM and ME. Note that this does not preclude the use of a stand-alone secure MS 38 (trustworthy mobile equipment with internal secure memory). 39 UIM: User Identity Module (UIM): The UIM is a low power processor that 40 contains secure memo
39、ry. The UIM may be removable (like a SIM card) or 41 part of the MS itself. The UIM calculates the SK used by the ME to decrypt 42 the content. 43 ME: Mobile Equipment: The ME contains a high power processor, but no secure 44 memory. It uses the SK, received from the UIM, to decrypt the content. 45
40、Multicast IP Flow. Similar to an ordinary IP flow, with the exception that the destination address is an 46 IP Multicast address. The flow can be identified by source IP address, source port, destination 47 IP Multicast address, and destination port. 48 BCMCS Security Framework TIA-1053 3 RK Registr
41、ation Key: provisioned in the UIM and SM prior to service. Each SM should have a 1 unique 128-bit RK for each UIM. 2 SK Short-term Key: The 128-bit SK is used by the CE to encrypt the BCMC content and the SK is 3 used by the MS to decrypt the content. The SK is calculated in the SKM and the UIM. The
42、 SK 4 is derived from SK_RAND and BAK. 5 SK_RAND: SK Random Number used to calculate a unique SK. 6 SKM SK Manager (functional entity): Generates SK using BAK and SK_RAND and passes SK, 7 SK_RAND and BAK_ID to the CE. 8 SP Service Provider: a network providing voice/data services. 9 Visited SP The s
43、erving network in which the MS is currently located. 10 Home SP The network holding the users voice/data subscription. 11 SM Subscription Manager (functional entity): performs accounting, authentication and 12 authorization for BCMCS. The SM also calculates the TK, based on the RK, used to hide the
44、13 BAK. The SM may be the subscribers home AAA (H-AAA) or be an independent entity. 14 TK 128-bit Temporary Key: used by the BAKD to encrypt BAK when provisioning BAK in the 15 UIM. The TK is obtained from the SM. 16 4 Overview of BCMCS 17 4.1 Introduction to BCMCS 18 The aim of BCMCS is to provide
45、broadcast/multicast service to authorized (subscribed) users. 19 The Content Sources (CSs) provide content, via a cellular serving system, to the BCMCS 20 subscribers. The content may be IP multimedia messages such as audiovisual data or broadcast 21 multimedia messages. A CS may be part of the serv
46、ing network, or an independent entity. If 22 the content is offered for free, then any user may view/process the content. If access to the 23 BCMCS is subscription based, then the content can be encrypted so that only the authorized 24 users can view/process the content. This document addresses the
47、security needs for BCMCS. 25 ContentSourceIP NetworkRANRANBCMCS CapablePDSNBCMCS CapablePDSN BTSBTSMSMSMS MSSingle ForwardChannelSingle ForwardChannel26 TIA-1053 BCMCS Security Framework 4 Figure 4.1 High Level view: Broadcast/Multicast Service 1 A single CS may provide more than one BCMCS to one or
48、 more carriers. The users may 2 subscribe to services through their own carrier, or directly from a CS. The entity that supports 3 the user subscription profile is the Subscription Manager (SM). The user may subscribe to 4 more than one service through one or more SMs. The SMs provide service author
49、ization and 5 are an integral part of the BCMCS key management. 6 4.2 Summary of Key Management 7 For the purposes of this document, the Mobile Station (MS) is considered as two separate 8 entities: the User Identity Module (UIM) and the Mobile Equipment (ME). The UIM is a low 9 power processor that contains secure memory. The ME contains a high power processor, but 10 no secure memory. The ME and the UIM may be integrated within one physical unit. In fact 11 an MS can even be a trustworthy ME with its own internal secure memory. 12 The user authentication and authorizati