1、 TIA-4944 April 2011HRPD Air Interface Application Layer Security (AALS): Air Interface Aspects NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and
2、improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products n
3、ot conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards I
4、nstitute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable re
5、gulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. TIA-PN-4944, formulated under the cognizance of the TIA TR-45 Mobile (b) th
6、ere is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve th
7、e use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statemen
8、t from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions
9、, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects th
10、e Document or its contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whet
11、her such reference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference
12、; (ii) TIAs policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identificati
13、on to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents
14、 of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLEC
15、TUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR
16、SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL O
17、R CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATI
18、ON OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. This page intentionally left blank.3GPP2 C.S0102-0 v1.0 CONTENTS i FOREWORD. ix 1 NOTES . xi 2 REFERENCES xi 3 1 Overview.1-1 4 1.1 Scope of This Docum
19、ent 1-1 5 1.2 Requirements Language 1-1 6 1.3 Architecture Reference Model 1-1 7 1.4 Protocols1-2 8 1.4.1 Interfaces .1-2 9 1.4.2 States.1-2 10 1.5 Terms 1-3 11 1.6 Notation.1-4 12 2 Introduction .2-1 13 2.1 Architecture Reference Model 2-1 14 2.2 Key Management .2-2 15 3 Signaling layer protocol 3-
20、1 16 3.1 Air Interface Application Signaling Encryption/Decryption functions.3-1 17 3.1.1 Signaling Encryption Key .3-1 18 3.1.2 Constructing the Cryptosync3-1 19 3.1.2.1 RolloverCounter Procedures3-2 20 3.1.3 Signaling Encryption Procedure3-3 21 3.1.4 Signaling Decryption Procedures 3-4 22 3.2 Air
21、Interface Application Signaling Integrity functions3-5 23 3.2.1 Signaling Protection Key.3-5 24 3.2.2 Constructing the Cryptosync3-5 25 3.2.3 AUTHENTICATE_ADD_TAG procedures3-5 26 3.2.4 AUTHENTICATE_CHECK_TAG procedures .3-7 27 3.2.5 Authentication Tag .3-9 28 3.3 Signaling Layer Protocol (SLP)3-9 2
22、9 3.3.1 Overview 3-9 30 3.3.2 Primitives and Public Data .3-9 31 3.3.3 Protocol Data Unit3-9 32 3GPP2 C.S0102-0 v1.0 CONTENTS ii 3.3.4 Procedures.3-9 1 3.3.4.1 Reset3-9 2 3.3.4.2 Delivery Layer Procedures 3-9 3 3.3.4.2.1 General Procedures.3-9 4 3.3.4.2.1.1 Transmitter Requirements.3-9 5 3.3.4.2.1.2
23、 Receiver Requirements 3-9 6 3.3.4.2.2 Best Effort Delivery Procedures.3-10 7 3.3.4.2.2.1 Transmitter Requirements.3-10 8 3.3.4.2.2.2 Receiver Requirements 3-10 9 3.3.4.2.3 Reliable Delivery Procedures .3-10 10 3.3.4.2.3.1 Overview .3-10 11 3.3.4.2.3.2 Initialization 3-10 12 3.3.4.2.3.3 Data Transfe
24、r 3-10 13 3.3.4.2.3.3.1 Transmit Procedures .3-10 14 3.3.4.2.3.3.2 Receive Procedures3-10 15 3.3.5 Header Formats .3-10 16 3.3.6 Message Formats .3-11 17 3.3.7 Interface to Other Protocols3-11 18 3.4 Protocol Attributes 3-11 19 3.4.1 Simple Attributes .3-11 20 3.4.2 Complex Attributes 3-11 21 3.4.2.
25、1 SigReducedStrengthKey Attribute.3-11 22 4 AALS Enhanced Multi-Flow Packet Application 4-1 23 4.1 Introduction 4-1 24 4.1.1 General Overview .4-1 25 4.1.2 Public Data 4-1 26 4.2 Protocol Initialization.4-1 27 4.3 Procedures and Messages for the InConfiguration Instance of the Packet 28 Application4
26、-1 29 4.3.1 Procedures.4-1 30 4.3.2 Commit Procedures4-1 31 4.3.3 Message Formats .4-1 32 3GPP2 C.S0102-0 v1.0 CONTENTS iii 4.4 Route Selection Protocol 4-2 1 4.5 Radio Link Protocol4-2 2 4.5.1 Overview 4-2 3 4.5.2 Primitives and Public Data .4-2 4 4.5.3 Protocol Data Unit4-2 5 4.5.4 Procedures and
27、Messages for the InUse Instance of the Protocol 4-2 6 4.5.4.1 Procedures4-2 7 4.5.4.1.1 Constructing the Encryption Key.4-2 8 4.5.4.1.2 Constructing the Cryptosync.4-3 9 4.5.4.1.3 RolloverCounter Procedures 4-4 10 4.5.4.2 Data Transfers4-4 11 4.5.4.3 Data Receive Procedures.4-5 12 4.5.4.4 RLP Packet
28、 Header .4-7 13 4.5.4.5 Message Formats4-7 14 4.5.4.6 Interface to Other Protocols 4-7 15 4.5.4.7 RLP Packet Priorities.4-7 16 4.5.5 Protocol Numeric Constants .4-7 17 4.6 Data Over Signaling Protocol .4-7 18 4.7 Location Update Protocol .4-7 19 4.8 Flow Control Protocol.4-7 20 4.9 Configuration Att
29、ributes for the Enhanced Multi-Flow Packet Application .4-7 21 4.9.1 Simple Attributes .4-8 22 4.9.2 Complex Attributes.4-8 23 4.9.2.1 ReducedStrengthCipheringKey Attribute.4-9 24 4.10 Session State Information 4-9 25 5 AALS multi-link Multi-Flow Packet Application5-1 26 5.1 Introduction 5-1 27 5.1.
30、1 General Overview .5-1 28 5.1.2 Public Data 5-1 29 5.2 Protocol Initialization.5-1 30 5.3 Procedures and Messages for the InConfiguration Instance of the Packet 31 Application 5-1 32 5.3.1 Procedures .5-1 33 3GPP2 C.S0102-0 v1.0 CONTENTS iv 5.3.2 Commit Procedures5-1 1 5.3.3 Message Formats .5-1 2
31、5.4 Route Selection Protocol5-2 3 5.5 Segmentation and Reassembly Protocol.5-2 4 5.5.1 Overview 5-2 5 5.5.2 Primitives and Public Data.5-2 6 5.5.3 Protocol Data Unit5-2 7 5.5.4 Procedures and Messages for the InUse Instance of the Protocol5-2 8 5.5.4.1 Procedures .5-2 9 5.5.4.1.1 Constructing the En
32、cryption Key 5-2 10 5.5.4.1.2 Constructing the Cryptosync.5-3 11 5.5.4.1.3 RolloverCounter Procedures5-4 12 5.5.4.2 Data Transfers .5-4 13 5.5.4.2.1 Data Transmit Procedure 5-4 14 5.5.4.2.2 Data Receive Procedures .5-5 15 5.5.4.3 SAR Packet Header.5-7 16 5.5.4.4 Message Formats5-7 17 5.5.4.5 Interfa
33、ce to Other Protocols5-7 18 5.5.4.6 SAR Packet Priorities5-7 19 5.5.5 Protocol Numeric Constants.5-7 20 5.6 Quick Nak Protocol5-7 21 5.7 Data Over Signaling Protocol .5-7 22 5.8 Location Update Protocol.5-7 23 5.9 Flow Control Protocol 5-7 24 5.10 Configuration Attributes for the Multi-link Multi-fl
34、ow Packet Application 5-8 25 5.10.1 Simple Attributes .5-8 26 5.10.2 Complex Attributes 5-9 27 5.10.2.1 ReducedStrengthCipheringKey Attribute 5-9 28 5.11 Session State Information5-9 29 30 3GPP2 C.S0102-0 v1.0 CONTENTS v This page intentionally left blank1 3GPP2 C.S0102-0 v1.0 FIGURES vi Figure 1-1.
35、 Architecture Reference Model. 1-1 1 Figure 2-1. Security Function at the Air Interface Application Layer. . 2-1 2 Figure 3-1. Encryption Function Call. 3-3 3 Figure 3-2. Decryption Procedure Call . 3-4 4 Figure 3-3. AUTHENTICATE_ADD_TAG procedure call payloads 3-6 5 Figure 3-4. AUTHENTICATE_CHECK_T
36、AG procedure call payloads . 3-8 6 Figure 4-1. Encryption Procedure Call . 4-4 7 Figure 4-2. Decryption Procedure Call . 4-6 8 Figure 5-1. Encryption Procedure Call . 5-4 9 Figure 5-2. Decryption Procedure Call . 5-6 10 3GPP2 C.S0102-0 v1.0 TABLES vii Table 3-1. Subfield of the Cryptosync.3-2 1 Tabl
37、e 3-2. Authentication Tag 3-9 2 Table 3-3. Configurable Values.3-11 3 Table 4-1. Subfield of the Cryptosync.4-3 4 Table 4-2. Configurable Values.4-8 5 Table 5-1. Subfield of the Cryptosync.5-3 6 Table 5-2. Configurable Values.5-8 7 8 3GPP2 C.S0102-0 v1.0 TABLES viii This page intentionally left blan
38、k.1 3GPP2 C.S0102-0 v1.0 FOREWARD ix (This foreword is not part of this Standard) 1 This Standard was prepared by Technical Specification Group C of the Third Generation 2 Partnership Project 2 (3GPP2). This Standard contains the air interface procedures for the 3 enhanced security functionality in
39、the High Rate Packet Data (HRPD). This specification 4 applies to High Rate Packet Data access terminals and access networks which are 5 enhanced to support increased efficiency and flexibility of security function. 6 This is a supplementary specification to the HRPD air interface specifications. 7
40、This Standard consists of the following sections: 8 1. General. This section defines the acronyms and terms used in this document. 9 2. Introduction. This section describes general scope of the Air Interface Application 10 layer Security function. 11 3. Signaling Layer Protocol. This section defines
41、 functions that will be invoked by the 12 Air Interface Application Layer Security, and additional procedures and 13 requirements for SLP-D specified in 2. 14 4. AALS Enhanced Multi-Flow Packet Application. This section defines additional 15 procedures and requirements for Enhanced Multi-Flow Packet
42、 Application in 7. 16 This specification defines additional procedures and requirements to support Air 17 Interface Application Security for this new defined sub-type. Unless specified 18 otherwise, all the procedures defined in 7 also apply to this section 19 5. AALS Multi-Link Multi-Flow Packet Ap
43、plication. This section defines additional 20 procedures and requirements for Multi-Link Multi-Flow Packet Application in 7. 21 This specification defines additional procedures and requirements to support Air 22 Interface Application Security for this new defined sub-type. Unless specified 23 otherw
44、ise, all the procedures defined in 7 also apply to this section. 24 25 26 3GPP2 C.S0102-0 v1.0 FOREWORD x This page intentionally left blank1 3GPP2 C.S0102-0 v1.0 REFERENCES xi The following standards contain provisions which, through reference in this text, constitute 1 provisions of this Standard.
45、 At the time of publication, the editions indicated were valid. All 2 standards are subject to revision, and parties to agreements based on this Standard are 3 encouraged to investigate the possibility of applying the most recent editions of the 4 standards indicated below. 5 6 1 C.R1001-H, Administ
46、ration of Parameter Value Assignments for cdma2000 Spread 7 Spectrum Standards. 8 Editors Note: The above document is a work in progress and should not be referenced 9 unless and until it is approved and published. Until such time as this Editors Note is 10 removed, the inclusion of the above docume
47、nt is for informational purposes only. 11 2 C.S0024-500-C, Application, Stream and Session Layers for cdma2000 High Rate 12 Packet Data Air Interface Specification. 13 3 S.S0078, Common Security Algorithms. 14 4 IETF RFC 4493, The AES-CMAC Algorithm. 15 5 CMAC-NIST-SP800-38B NIST, Special Publicatio
48、n 800-38B, “Recommendation for 16 Block Cipher Modes of Operation: The CMAC Mode for Authentication“, May 2005. 17 6 C.S0067-A v1.0, “Key Exchange Protocols for cdma2000 High Rate Packet Data Air 18 Interface”, Feb 2009. 19 7 C.S0063-B V1.0, cdma2000 High Rate Packet Data Supplemental Services. 20 8
49、 S.S0145, Advanced Security Framework for (e)HRPD. 21 Editors Note: The above document is a work in progress and should not be referenced 22 unless and until it is approved and published. Until such time as this Editors Note is 23 removed, the inclusion of the above document is for informational purposes only. 24 9 C.S0024-400-C, Connection and Security Layers for cdma2000 High Rate Packet 25 Data Air Interface Specification. 26 10 C.S0087-0, E-UTRAN cdma2000 HRPD Connectivity and Interworking: Air 27 Interface Specification. 28 3GPP2 C.S0102-0
