1、 TIA-1085 May 2006 (r 04/2012) IP-Based LCS Security Framework NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assi
2、sting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards a
3、nd Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By
4、 such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the
5、responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. TIA-PN-1085-RF1, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that the
6、Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual propert
7、y rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is
8、requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to t
9、he parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. I
10、f the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists o
11、f mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encoura
12、gement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essen
13、tial Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANT
14、IES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXP
15、RESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DO
16、CUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCL
17、UDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTA
18、L ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. IP-Based LCS Security Framework TIA-1085 1 Table of Contents 1 1 Introduction and Scope.4 2 2 References 4 3 2.1 Normative References.4 4 2.2 Informative References.4 5 3 Definitio
19、ns and Abbreviations4 6 3.1 Definitions.4 7 3.2 Abbreviations6 8 4 Overview of LCS Security Framework (Informative)7 9 4.1 Introduction to LCS 7 10 4.2 Security Functional Architecture for IP-Based LCS.8 11 4.2.1 Mobile Station (Informative)8 12 4.2.2 LCS Network Entities (Informative) 8 13 4.3 Wire
20、less All-IP Architecture Reference Points (Informative) 9 14 4.4 Summary of Security Mechanisms .10 15 4.5 Introduction to the Transport Layer Security (TLS) Protocol.11 16 4.5.1 Call Flow When Initiating a New TLS Session12 17 4.5.2 Call Flow When Resuming a New TLS Session13 18 5 LCS Security Prot
21、ocols.14 19 5.1 LCS Provisioning Protocol .14 20 5.1.1 Provisioning LCS_ROOT_KEY 14 21 5.1.2 Deriving Keys for the S-SAFE, TLS Session-A and TLS-Session-B Protocols 15 22 5.2 Secure Store-And-Forward Encapsulation (S-SAFE) Protocol.16 23 5.2.1 Version-Independent Steps for Forming an S-SAFE Envelope
22、 .17 24 5.2.2 Version-Independent Steps for Processing an S-SAFE Envelope18 25 5.2.3 Version-Dependent Steps for the S-SAFE Protocol.19 26 5.2.3.1 LCS_S_SAFE_VERSION = 0x0119 27 5.2.3.1.1 LCS_S_SAFE_GOODIES Format19 28 5.2.3.1.2 Generating GOODIES (H-PS) 20 29 5.2.3.1.3 Version Dependent Steps for P
23、rocessing an S-SAFE Message.21 30 5.3 Operations Common to LCS TLS Sessions 22 31 5.3.1 Initiating a New TLS Session.24 32 5.3.1.1 ClientHello Message.24 33 5.3.1.2 Server Hello24 34 5.3.1.3 Void 25 35 5.3.1.4 Void 25 36 5.3.1.5 Void 25 37 5.3.1.6 ServerHelloDone 25 38 5.3.1.7 Void 25 39 5.3.1.8 Cli
24、entKeyExchange 25 40 5.3.1.8.1 Generating master_secret in the MS .25 41 5.3.1.9 Void 26 42 5.3.1.10 ChangeCipherSpec and Finished Messages (from the MS)26 43 5.3.1.10.1 Generation of MSs verify_data .26 44 5.3.1.10.2 ME response to Output from the UIM 27 45 5.3.1.11 ChangeCipherSpec and Finished Me
25、ssages (from the Server) .27 46 5.3.1.11.1 The Server Generates or Retrieves master_secret.27 47 5.3.1.12 Verification of Servers verify_data and Generation of session_secrets in MS27 48 5.3.1.12.1 Verification of Servers verify_data and Generation of key_block .28 49 5.3.1.12.2 ME response to Outpu
26、t from the UIM when Initiating a New TLS Session.29 50 5.3.1.13 Regarding Resumable Sessions (Informative)29 51 5.3.1.14 Error Cases (Informative) .30 52 5.3.2 Resuming a Previous TLS Session.30 53 5.3.2.1 ClientHello Message.30 54 TIA-1085 IP-Based LCS Security Framework 2 5.3.2.2 Server Hello30 1
27、5.3.2.3 ChangeCipherSpec and Finished Messages (from the Server) .31 2 5.3.2.4 ChangeCipherSpec and Finished Messages (from the MS)31 3 5.3.2.4.1 Verification of the MSs verify_data.32 4 5.4 TLS Session-A Protocol33 5 5.5 TLS Session-B Protocol35 6 5.5.1 Security Parameter Sizes for TLS Session-B .3
28、7 7 5.5.1.1 LCS_UIM_PDE_TLS_PSK_VERSION = 0x01: Parameter Sizes.38 8 5.5.2 LCS_UIM_PDE_TLS_PSK_KEY Generation 38 9 5.5.2.1 LCS_UIM_PDE_TLS_PSK_VERSION = 0x01: Tuple Generation 39 10 5.5.3 Distribution to the PDE 39 11 5.5.3.1 LCS_UIM_PDE_TLS_PSK_VERSION = 0x01: Security Parameters sent to PDE 39 12
29、5.5.4 Distribution to the MS39 13 5.5.5 TLS Session-B Handshake.40 14 6 LCS Security Algorithms .42 15 6.1 LCS Initialization Algorithms.42 16 6.1.1 Generation of LCS_UIM_S_SAFE_KEY42 17 6.1.2 Generation of LCS_UIM_HPS_TLS_PSK_KEY 42 18 6.1.3 Generation of LCS_UIM_PDE_ROOT_KEY .43 19 6.2 S-SAFE Algo
30、rithms 44 20 6.2.1 S-SAFE Algorithms for LCS_S_SAFE_VERSION = 0x01 44 21 6.2.1.1 Generation of LCS_S_SAFE_RAND.44 22 6.2.1.2 Void 45 23 6.2.1.3 Generation of LCS_S_SAFE_CK.45 24 6.2.1.4 Generation of LCS_S_SAFE_IK45 25 6.2.1.5 Encryption.45 26 6.2.1.5.1 Mandatory Algorithms 45 27 6.2.1.6 Decryption
31、46 28 6.2.1.6.1 Mandatory Algorithms 46 29 6.2.1.7 Generation of LCS_S_SAFE_MAC .46 30 6.2.1.7.1 Mandatory Algorithms 47 31 6.2.1.8 Generation of XLCS_S_SAFE_MAC 47 32 6.3 Common TLS Algorithms 48 33 6.3.1 Key Generation Algorithms .48 34 6.3.1.1 Algorithm for Generating other_secret.48 35 6.3.1.1.1
32、 Algorithm for Generating other_secret for PSK Key Exchange .48 36 6.3.1.2 Algorithm for Generating premaster_secret.48 37 6.3.1.3 Algorithm for Generating master_secret 48 38 6.3.1.4 Algorithm for Generating session_secrets in the Server.49 39 6.3.1.5 Algorithms for Generating session_secrets in th
33、e MS49 40 6.3.1.5.1 Computing the key_block_len in ME 49 41 6.3.1.5.2 Generating the key_block in UIM50 42 6.3.2 Algorithms for Generating the Finished Message50 43 6.3.2.1 Algorithm for Generating verify_digest50 44 6.3.2.2 Algorithm for Generating verify_data from verify_digest 50 45 6.4 Void 51 4
34、6 6.5 Algorithms for TLS Session-B52 47 6.5.1 Void52 48 6.5.2 Algorithms for LCS_UIM_PDE_TLS_PSK-Tuple Generation .52 49 6.5.2.1 LCS_UIM_PDE_TLS_PSK_VERSION = 0x01: Tuple Generation 52 50 6.5.2.1.1 LCS_UIM_PDE_TLS_PSK_RAND Generation 52 51 6.5.2.1.2 LCS_UIM_PDE_TLS_PSK_KEY Generation .53 52 6.6 Addi
35、tional Algorithms 54 53 6.6.1 LCS_TIME.54 54 IP-Based LCS Security Framework TIA-1085 3 6.7 Summary of LCS Cryptographic Algorithms by Entity (Informative) .55 1 6.7.1 Cryptographic Algorithms in the Mobile Station .55 2 6.7.1.1 Cryptographic Algorithms in the User Identity Module .55 3 6.7.1.2 Cryp
36、tographic Algorithms in the Mobile Equipment .56 4 6.7.2 Cryptographic Algorithms in the Home-Positioning Server 57 5 6.7.3 Cryptographic Algorithms in the Serving-Positioning Server58 6 6.7.4 Cryptographic Algorithms in the Position Determining Entity 58 7 8 TIA-1085 IP-Based LCS Security Framework
37、 4 1 Introduction and Scope 1 This document defines the security framework for the IP-based Location Services. The security 2 framework provides a logical description of the security information, functions and protocols 3 for IP-based Location Services. The architectural design of the network that s
38、upports these 4 functions is outside the scope of this document. 5 2 References 6 2.1 Normative References 7 TIA-820-B TIA-820-B “Removable User Identity Module for Spread Spectrum Systems,” April 8 2004. 9 FIPS180-2 NIST FIPS PUB 180-2 “Secure Hash Standard”, National Institute of Standards and 10
39、Technology. 11 TIA-946 TIA-946, Enhanced Cryptographic Algorithms, June 2003. 12 RFC1321 “The MD5 Message Digest Algorithm”, Rivest, IETF RFC 1321. 13 RFC2246 “The TLS Protocol Version 1.0”, Dierks, IETF RFC 2246. 14 RFC3268 “Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Securi
40、ty 15 (TLS)”, Chown, IETF RFC 3268. 16 RFC4279 “Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)”, Eronen, IETF 17 RFC 4279. 18 2.2 Informative References 19 None. 20 3 Definitions and Abbreviations 21 3.1 Definitions 22 Access Network: provides the Mobile Station with wireless access
41、for voice and data 23 services. The Access Network also provides the Mobile Station with coarse-24 grained location data in the form of ServingCellInfo. 25 Communication Mode: The Mobile Station may communicate in either Proxy or Non-26 Proxy/Direct Mode 27 Proxy Communication Mode: The Mobile Stati
42、on communicates with the 28 Position Determining Entity using the Home Positioning Server as a proxy. 29 Non-Proxy/Direct Communication Mode: The Home Positioning Server initiates a 30 direct connection between the Mobile Station and the Position Determining Entity. 31 IP-Based LCS Security Framewor
43、k TIA-1085 5 Mobile Station For the purposes of this document, the Mobile Station is considered as two 1 separate entities, the User Identity Module (UIM) and Mobile Equipment 2 (ME). 3 User Identity Module (UIM): The User Identity Module is a low power 4 processor that contains secure memory. The U
44、ser Identity Module may be a 5 Removable-UIM (R-UIM TIA-820-B) or may be integrated with the Mobile Station. 6 Removable UIM (R-UIM): An UIM that can be physically removed from the 7 ME. An R-UIM may be used in multiple MEs. 8 Mobile Equipment (ME): The ME contains a high power processor, but is 9 n
45、ot assumed to contain secure memory or secure processing. 10 Position Determining Entity: the entity that has the ability to perform position 11 determination with the Mobile Station 12 Position Estimate: The geographic position of a Mobile Station as determined by a 13 Position Determining Entity a
46、nd the MS. 14 Positioning Server: an entity that finds a suitable Position Determining Entity for 15 position determination 16 Home Positioning Server: The Positioning Server of an operator that has a 17 billing relationship with the Subscriber for the purposes of location services. 18 Serving Posit
47、ioning Server: The Positioning Server that is in the same network 19 as the appropriate Position Determining Entity. 20 Positioning Sessions: the communications between a Mobile Station and a Position 21 Determining Entity. 22 Secure Store-And-Forward Encapsulation (S-SAFE) Data to be sent via store
48、-and-forward 23 services may require security. Secure Store-And-Forward Encapsulation 24 provides authentication, freshness protection, integrity protection and 25 confidentiality protection for such messages. 26 LCS Suite The set of communications required to fulfill a request from a Location-27 Ba
49、sed Application. An LCS suite may contain multiple Position 28 Determinations. 29 Transport Layer Security (TLS) Protocol Application layer protection of data. 30 Cipher_suite A description of the set of algorithms used for authentication, key 31 agreement 32 TLS Handshake Protocol A sub protocol of TLS that performs the functions 33 of authentication, cipher_suite agreement and session secret 34 establishment for securing application data. The handshake may 35 either establish a new master secret, or resume a previous session 36 using the master secret e
