1、 TIA-1125 February 2011Enhanced MMD Security Stage 1 Requirements NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and a
2、ssisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standard
3、s and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy.
4、 By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is t
5、he responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. PN-3-0276, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that the Doc
6、ument will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property r
7、ights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is req
8、uested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the
9、parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If t
10、he Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of m
11、andatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragem
12、ent of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essentia
13、l Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES
14、, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRES
15、SLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUM
16、ENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDI
17、NG DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL E
18、LEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. S.R0123-0 v1.0 1 2 3 4 5 EDITOR Scott Marin, Motorola REVISION HISTORY 6 REVISION HISTORY Revision number Content changes. Date 0 v1.0 Initial Release September 2007 i S.R0123-0 v1.0
19、Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 Table of Contents . ii 1 INTRODUCTION 1 1.1 INFORMATIVE REFERENCES 1 1.2 DEFINITIONS AND ABBREVIATIONS . 1 2 GENERAL DESCRIPTION. 3 3 HIGH LEVEL REQUIREMENTS 4 3.1 System Requirements. 4 3.2 Fixed Network Element Requirements 7 3.3 Subscriber Devices.
20、7 3.4 Security Policy . 8 ii S.R0123-0 v1.0 1 3 4 5 6 8 12 13 14 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 1 INTRODUCTION 2 This document describes the requirements for security in the cdma20001wireless Internet Protocol (IP) network. The requirements are based on leveraging, and exte
21、nding where applicable, existing standard protocols for security. 1.1 INFORMATIVE REFERENCES 7 1 3GPP2 X.S0011-D, cdma2000 Wireless IP Network Standard 9 2 3GPP2 X.S0013-A, Multimedia Domain series, November 2005 10 3 IETF RFC3310, Hypertext Transfer Protocol (HTTP) Digest 11 Authentication Using Au
22、thentication and Key Agreement (AKA), September 2002. 1.2 DEFINITIONS AND ABBREVIATIONS 15 ACL Access Control List AKA Authentication and Key Agreement Anomalous traffic Traffic which exhibits characteristics that are outside of established boundary values for predefined parameters. Application serv
23、er A function that provides all or part of an application level feature or service. An application server may be based on the SIP protocol or on other non-SIP protocols. Baseline traffic Traffic which has been characterized to establish boundary values for predefined parameters. FW Firmware HTTP-AKA
24、 Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) 3. IDS Intrusion Detection System IP Internet Protocol IPS Intrusion Protection System MMD Multi-Media Domain 1cdma2000is the trademark for the technical nomenclature for certain specifications and
25、 standards of the Organizational Partners (OPs) of 3GPP2. Geographically (and as of the date of publication), cdma2000is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States. 1 S.R0123-0 v1.0 Network Element Network Element is any bearer, signaling, or
26、 OAM&P functional entity included within the evolved architecture specifications. Unless specifically excluded, Application Servers are considered within the scope of a Network Element. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 OAM&P Operation
27、s, Administration, Maintenance, and Provisioning PDN Packet Data Network QoS Quality of Service RAN Radio Access Network Secure Bootstrapping Secure bootstrapping (e.g., as specified in 1) is a process by which trusted integrity relationships are enforced during device initialization. Secure Managem
28、ent Secure management is a process by which the integrity status of a device can be assessed and maintained. Secured Class A class of Subscriber Devices which can support one or more Subscriber Device requirements defined in this document. Security Assessment The process of querying a Network Elemen
29、t or Subscriber Device for configuration, Firmware (FW), or Software (SW) status/type, and comparing that information against associated policies. SMS Short Message Service SW Software Subscriber Device Subscriber Device is any device which can communicate with the RAN and/or Core Network. System Co
30、mponents of the 3GPP2 PDN and MMD network consisting of the Subscriber Device, RAN, and Core Network Policy A set of rules which control the behavior and/or state of a Network Element or Subscriber Device. 2 S.R0123-0 v1.0 2 GENERAL DESCRIPTION 1 This document provides high level requirements for Mu
31、lti-Media Domain (MMD) Security. It includes basic requirements inherent in existing MMD specifications 2 3 4 5 2 plus new requirements that are an addition to or expand on existing security requirements. 3 S.R0123-0 v1.0 3 HIGH LEVEL REQUIREMENTS 1 3.1 System Requirements 2 System requirements span
32、 fixed Network Elements in the Core Network, Radio Access Network (RAN), and Subscriber Devices. These elements are collectively referred to as “the system.” The following system requirements are intended to cover all aspects of service delivery, including home-network and visited-network scenarios.
33、 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 SYS001 The system shall support secure bootstrapping and secure management of Network Elements and Subscriber Devices. SYS002 The system shall provide resistance against denial-of-service attacks to, and
34、through, its Network Elements. Note: A denial-of-service attach comprises any detectable service interruption or system performance degradation. The scope includes denial-of-service attack scenarios from wired and wireless nodes. SYS003 The system shall be capable of querying a Subscriber Device for
35、 information such as device status and hardware and software configurations. SYS004 The system may request quarantine functions based on the security assessement and policy for the Subscriber Devices. SYS005 - The system may request remediation functions based on the security assessement and policy
36、for the Subscriber Devices. SYS006 The system shall support standardized protocols to facilitate the generation of security alarms and incident reports to one or more collection points. SYS007 The system shall support the capability for a centralized security control point to monitor, process, and p
37、rovide notification of security events of all of the Network Elements. SYS008 The system shall support capabilities for correlation of security events, analysis of real-time events, and flow reporting performed by Network Elements in support of an Intrusion Detection System (IDS) and an Intrusion Pr
38、evention System (IPS). Note: Although IDS/IPS functions may be covered by Operations, Admnistration, Maintenance, and Provisioning (OAM&P) specifications, this requirement ensures that information needed to support the IDS/IPS functions (e.g., Quality of Service (QoS) flow parameters) shall be inclu
39、ded in the standard specifications. 4 S.R0123-0 v1.0 SYS009 The system shall support a security policy framework. As an example, a security policy may contain a set of rules that determines which Network Element protects a given traffic type, what kind of protection will be used, how often rekeying
40、will occur, and parameters associated with Network Element compliance. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 SYS010 The system shall support capabilities to identify anomolous traffic. SYS011 The system shall support capabilities to filter
41、 anomolous or malicious traffic . SYS012 The system shall support capabilities to support security associations with trusted entities (such as partner application servers, and roaming partners). SYS013 The system shall support capabilities for operator policies to govern the reporting of security ev
42、ents. SYS014 The system shall support capabilities for operator policies to govern responses to specified security events. Examples of such responses are: install or update Access Control Lists (ACLs), de-authorize connections with a Network Element, force a Network Element to upgrade its software,
43、de-authorize specific services, send an Short Message Service (SMS) message to specific users. SYS015 The system shall enable separate administrative domains for each system component, including: Subscriber Device, Access Network components (visited or home), Core Network components (home or transit
44、), Application Servers (visited, home, 3rdparty). SYS016 The system shall support the capability for operators to manage independent security policies for their respective system components. SYS017 The system shall support mutual authentication between the Subscriber Device and the network (e.g., au
45、thentication server). SYS018 The system shall support the capability to authorize each Network Element before it is allowed to send IP traffic through the system. 5 S.R0123-0 v1.0 SYS019 The system shall support access network independent authentication mechanisms for Subscriber Devices. 1 2 3 4 5 6
46、 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Note: This covers both intra-system and inter-system interfaces. SYS020 The system shall support mutual authentication between any two communicating Network Elements. Note: This covers both intra-system and inter
47、-system interfaces. SYS021 The system shall provide the capability to prevent unauthorized users from accessing the system based on operator policy. SYS022 The system shall provide the capability to apply and verify the integrity and confidentiality protections of bearer and control traffic on all s
48、tandardized interfaces within the service providers network, and with peered networks, based on operator policy. SYS023 The system shall support the ability to secure data traversing network paths. Note that this is usually accomplished through replay, fraud, encryption, and integrity protection met
49、hods. SYS024 The system shall support data origin authentication for signaling messages using integrity protection of signaling messages between the signaling endpoints. SYS025 The system shall provide the capability for subscriber authentication and service authorization (i.e., grant use of system resources) based on operator policy. SYS026 The system security mechanisms shall enable policy-driven controls to account for tradeoffs, e.g., network resource consumption vs. user experience degradation. SYS027