1、 TIA STANDARD Wireless Features Description Enhanced Security Services TIA-664.804 AUGUST, 2003 TELECOMMUNICATIONS INDUSTRY ASSOCIATION Representing the telecommunications industry in association with the Electronic Industries Alliance ANSI/TIA-664.804-2003 Approved: August 1, 2003 Copyright Telecom
2、munications Industry Association Provided by IHS under license with EIANot for ResaleNo reproduction or networking permitted without license from IHS-,-,-NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufact
3、urers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or
4、non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted b
5、y TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. Further details of the development process are a
6、vailable in the TIA Engineering Manual, located at http:/www.tiaonline.org/standards/sfg/engineering_manual.cfm This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to es
7、tablish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. These Materials are subject to copyright claims of IEC, ANSI, and TIA. No part of this publication may be reproduced in any form, including an electronic retrieval system, wit
8、hout the prior written permission of TIA. All requests pertaining to the “Wireless Features Description- Enhanced Security Services Standard should be submitted to TIA. (From Standards Proposal No. 3-4652-804, formulated under the cognizance of the TIA TR-45.2 Subcommittee on Wireless Intersystem Te
9、chnology.) Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION 2003 Standards and Technology Department 2500 Wilson Boulevard Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call Global Engine
10、ering Documents, USA and Canada (1-800-854-7179) International (303-397-7956) or search online at http:/www.tiaonline.org/standards/search_n_order.cfm All rights reserved Printed in U.S.A. Copyright Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo reprod
11、uction or networking permitted without license from IHS-,-,-NOTICE OF DISCLAIMER AND LIMITATION OF LIABILITY The document to which this Notice is affixed (the “Document”) has been prepared by one or more Engineering Committees or Formulating Groups of the Telecommunications Industry Association (“TI
12、A”). TIA is not the author of the Document contents, but publishes and claims copyright to the Document pursuant to licenses and permission granted by the authors of the contents. TIA Engineering Committees and Formulating Groups are expected to conduct their affairs in accordance with the TIA Engin
13、eering Manual (“Manual”), the current and predecessor versions of which are available at http:/www.tiaonline.org/standards/sfg/engineering_manual.cfm. TIAs function is to administer the process, but not the content, of document preparation in accordance with the Manual and, when appropriate, the pol
14、icies and procedures of the American National Standards Institute (“ANSI”). TIA does not evaluate, test, verify or investigate the information, accuracy, soundness, or credibility of the contents of the Document. In publishing the Document, TIA disclaims any undertaking to perform any duty owed to o
15、r for anyone. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pen
16、ding patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TI
17、A does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT
18、LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NON-INFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCU
19、RACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS
20、. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIG
21、ATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CON
22、TENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. Copyright Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PLEASE! DONT VIOLATE THE LAW! This document is copyrighted by the T
23、IA and may not be reproduced without prior permission of the Telecommunications Industry Association. For information consult our website at http:/www.tiaonline.org/about/faqDetail.cfm?id=18 Organizations may obtain permission to reproduce a limited number of copies through entering into a license a
24、greement. For information, contact: Global Engineering Documents 15 Inverness Way East Englewood, CO 80112-5704 U.S.A. or call U.S.A. and Canada 1-800-854-7179, International (303) 397-7956 Copyright Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo repro
25、duction or networking permitted without license from IHS-,-,-TIA-664-804-0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960i ContentsWireless Features DescriptionEnhanced Security ServicesCONTENTSRevision History ii1 Enhanced Security.11.
26、1 Enhanced Subscriber Authentication (ESA) 21.1.1 Normal Procedures With Successful Outcome 41.1.2 Exception Procedures or Unsuccessful Outcome.51.1.3 Alternative Procedures .51.1.4 Interactions With Other Wireless Services 51.2 Enhanced Subscriber Privacy (ESP).71.2.1 Normal Procedure With Successf
27、ul Outcome81.2.2 Exception Procedures or Unsuccessful Outcome.91.2.3 Alternative Procedures .101.2.4 Interactions With Other Wireless Services 10Copyright Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo reproduction or networking permitted without licen
28、se from IHS-,-,-TIA-664-804-0Revision History ii123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960REVISION HISTORYRevision Date RemarksANSI/TIA-664-804-0July 2003 Initial PublicationCopyright Telecommunications Industry Association Provide
29、d by IHS under license with EIANot for ResaleNo reproduction or networking permitted without license from IHS-,-,-TIA-664-804-01234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859601 Enhanced Security1 ENHANCED SECURITYEnhanced Security provid
30、es enhanced capabilities for wireless networks and mobilestations. The enhanced security capabilities address: unauthorized use of service, unauthorized communications to the MS (e.g., unauthorized attempts to control theMS or retrieve information from the MS), unauthorized monitoring of subscriber
31、traffic (e.g., eavesdropping).The security capabilities that address these problems are:a. Enhanced Subscriber Authentication (ESA): By cryptographic means (e.g., acryptographically-generated challenge-response), ESA verifies that a subscriberrequesting service and the network (i.e., base station) a
32、re authorized. ESA alsoprovides data integrity protection against unauthorized modification of messagesduring transmission.b. Enhanced Subscriber Privacy (ESP): By means of encryption across the air-interface, enhanced subscriber privacy (ESP) protects user data (bearer data andsignaling) from unaut
33、horized eavesdropping.From the end user perspective, the enhanced security requirements are independent of theair interface. Thus, the enhanced security capabilities are applicable to all digital airinterfaces.Cryptographic StrengthThe cryptographic strength of the ESA process is independent of the
34、cryptographic strengthof the ESP process. Compromise of the ESP process does not weaken the ESA process.Export ConsiderationsESA and ESP meet the requirements of U.S. export laws and regulations, currently theExport Administration Regulations (title 15 CFR parts 730 through 774 inclusive.).Copyright
35、 Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo reproduction or networking permitted without license from IHS-,-,-TIA-664-804-0Enhanced Security 2 Enhanced Subscriber Authentication (ESA)12345678910111213141516171819202122232425262728293031323334353637
36、38394041424344454647484950515253545556575859601.1 Enhanced Subscriber Authentication (ESA)ESA provides methods for determining the authenticity of any request for service made onan air interface and the authenticity of the network (i.e., base station). ESA is supported onall wireless channels and in
37、 all MS states in which access to services can be requested. Onthe control channels, ESA provides the ability to authenticate the source and content ofevery message that may compromise the subscribers security. On dedicated channels, ESAauthenticates the source and content of any message that may co
38、mpromise the subscriberssecurity.ESA uses cryptographic authentication procedures. ESA may use challenge-responseauthentication, wherein the challenge is random and the response is generated bycorrespondingly keyed cryptographic algorithms within the MS and the network. Theauthentication procedure p
39、revents replay attacks by minimizing the likelihood thatauthentication signatures are reused.ESA verifies that the MS contains data representing a valid subscription (e.g., IMSI, MIN)and that the base station is authentic. The authentication process permits subscriber identityauthentication independ
40、ent of the MS identity (e.g., ESN, MEID).ESA verifies the source and content of air interface messages that may compromisesubscribers security.Root Authentication KeysThe root authentication key is known only to the MS and to the home systemAuthentication Center.Methods for the installation of root
41、authentication keys include means to preventcompromise of the keys.The authentication procedures permit the distribution of root authentication keys inremovable UIMs. The authentication procedures permit the operation of a removable UIMin multiple terminals.The authentication procedures prevent auth
42、entication of mobile equipment when the UIMis not present.Secondary Authentication KeysSecondary authentication keys may be generated in the MS and the home systemAuthentication Center, and may be transmitted to visited systems for use in authentication.Compromise of secondary authentication keys sh
43、all not compromise the rootauthentication key. The secondary authentication keys can be modified in the MS under thecontrol of the home system.Minimum Standard of ServiceESA provides strong protection against unauthorized access to wireless services. Thecontribution of ESA to call drops and call att
44、empt failures is negligible.Copyright Telecommunications Industry Association Provided by IHS under license with EIANot for ResaleNo reproduction or networking permitted without license from IHS-,-,-TIA-664-804-01234567891011121314151617181920212223242526272829303132333435363738394041424344454647484
45、95051525354555657585960Enhanced Subscriber Authentication (ESA) 3 Enhanced SecurityThe ESA algorithm shall be publicly disclosed and commercially available, and shall havebeen sufficiently studied by the cryptographic community, with strengths and weaknessesthoroughly understood.Enhancements if Secu
46、rity is CompromisedESA provides a mechanism to enhance the ESA algorithm(s), key generation procedures,or both, in the event the security of ESA is compromised.Network CapabilitiesThe home system can share secondary authentication key data with visited systems toenable the visited system to perform
47、authentication procedures, thereby minimizingnetwork signaling traffic.Individual challenges of the MS are used to determine the authenticity of the MS.MS authentication of the network (i.e., base station) is used to determine the authenticityof the base station.Data integrity, privacy and encryptio
48、n keys are generated as part of the MS authenticationprocedure.ESA can be used for pre-call authentication of service requests on control channels.The home system can revoke MS access to service at any time, regardless of the locationof the MS.Air Interface CapabilitiesAll air interfaces providing a
49、ccess to services include a means to verify the authenticity ofthe subscription data contained in the MS making the request and the authenticity of thebase station. Data integrity verifies that air interface messages have not been modified inan unauthorized way and that the sending entity (MS or base station) is the one claimed.Backwards and Forward CompatibilityAir interface and network protocols allow mutual identification of t