1、 TIA STANDARD Enhanced Subscriber Privacy for cdma2000High Rate Packet Data-Addendum 1 TIA-925-1 E (Addendum to TIA-925) September 2007 TELECOMMUNICATIONS INDUSTRY ASSOCIATION Representing the telecommunications industry in association with the Electronic Industries Alliance NOTICE TIA Engineering S
2、tandards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product fo
3、r their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclud
4、e their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume
5、 any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health
6、practices and to determine the applicability of regulatory limitations before its use. (From Project No. 3-0071-AD1E-1, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any
7、 other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or mor
8、e parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, an
9、d disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or cond
10、itions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains one or more Normative References to a document published by anoth
11、er organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4t
12、hedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent
13、(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor
14、compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRAN
15、TIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES
16、NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR A
17、NY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BA
18、SED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY
19、 TIA WITHOUT SUCH LIMITATIONS. TIA-925-1 E CONTENTS i 01. Overview . 861-1 1 12. Time-Counter-Based Security Protocol 872-1 2 2 .1. Overview .882-1 3 32.2. Primitives and Public Data 892-1 4 42.2.1. Commands 902-1 5 52.2.2. Return Indications.912-1 6 62.2.3. Public Data 922-1 7 72.3. Protocol Data U
20、nit.932-1 8 82.4. Protocol Initialization. 942-1 9 92.4.1. Protocol Initialization for the InConfiguration Protocol Instance. 952-1 10 102.5. Procedures and Messages for the InConfiguration Instance of the Protocol 962-2 11 112.5.1. Procedures 972-2 12 122.5.2. Commit Procedures . 982-2 13 132.5.3.
21、Message Formats.992-3 14 142.5.3.1. ConfigurationRequest1002-3 15 152.5.3.2. ConfigurationResponse1012-3 16 162.6. Procedures and Messages for the InUse Instance of the Protocol .1022-4 17 172.6.1. Procedures 1032-4 18 182.6.1.1. Transmit Procedures .1042-4 19 192.6.1.1.1. Generation of the Cryptosy
22、nc.1052-4 20 202.6.1.1.2. Construction of the Security Protocol Header.1062-5 21 212.6.1.2. Receive Procedures1072-6 22 222.6.2. Message Formats.1082-8 23 232.6.3. Time-Counter-Based Security Protocol Header 1092-8 24 242.6.4. Time-Counter-Based Security Protocol Trailer .1102-8 25 252.6.5. Interfac
23、e to Other Protocols .1112-8 26 262.6.5.1. Commands1122-8 27 272.6.5.2. Indications 1132-8 28 282.7. Configuration Attributes .1142-9 29 292.7.1. FTC Cryptosync Attribute1152-9 30 302.7.2. RTC Cryptosync Attribute1162-10 31 312.7.3. CC Cryptosync Attribute1172-12 32 322.7.4. AC Cryptosync Attribute1
24、182-14 33 332.8. Protocol Numeric Constants1192-15 34 342.9. Session State Information .1202-15 35 352.9.1. KeyIndex Parameter 1212-16 36 362.9.2. TimeStampLong Parameter1222-16 37 372.9.3. Counter Parameter 1232-17 38 TIA-925-1 E ii 383. AES Encryption Protocol. 1243-1 1 393.1. Primitives and Publi
25、c Data 1253-1 2 403.1.1. Commands 1263-1 3 413.1.2. Return Indications 1273-1 4 423.1.3. Public Data . 1283-1 5 433.2. Protocol Data Unit 1293-1 6 443.3. Protocol Initialization 1303-1 7 453.3.1. Protocol Initialization for the InConfiguration Protocol Instance 1313-1 8 463.4. Procedures and Message
26、s for the InConfiguration Instance of the Protocol 1323-2 9 473.4.1. Procedures 1333-2 10 483.4.2. Commit Procedures. 1343-2 11 493.4.3. Message Formats 1353-2 12 503.4.3.1. ConfigurationRequest 1363-2 13 513.4.3.2. ConfigurationResponse . 1373-3 14 523.5. Procedures and Messages for the InUse Insta
27、nce of the Protocol. 1383-3 15 533.5.1. Procedures 1393-3 16 543.5.1.1. Constructing the Encryption Key. 1403-3 17 553.5.1.2. Constructing the Cryptosync. 1413-6 18 563.5.1.3. Transmit Procedures . 1423-6 19 573.5.1.4. Receive Procedures 1433-7 20 583.5.2. Message Formats 1443-8 21 593.5.3. AES Encr
28、yption Protocol Header . 1453-8 22 603.5.4. AES Encryption Protocol Trailer 1463-8 23 613.5.5. Interface to Other Protocols. 1473-8 24 623.5.5.1. Commands 1483-8 25 633.5.5.2. Indications 1493-9 26 643.6. Configuration Attributes . 1503-9 27 653.6.1. FTCReducedStrengthEncryptionKey Attribute. 1513-1
29、0 28 663.6.2. RTCReducedStrengthEncryptionKey Attribute. 1523-11 29 673.6.3. CCReducedStrengthEncryptionKey Attribute 1533-11 30 683.6.4. ACReducedStrengthEncryptionKey Attribute. 1543-12 31 693.7. Protocol Numeric Constants 1553-13 32 703.8. Session State Information. 1563-13 33 TIA-925-1 E FIGURES
30、 iii 71Figure 1-1. Security Layer Encapsulation.1571-1 1 2 TIA-925-1 E TABLES iv 72Table 2.6.1-1. Subfield of the Cryptosync 1582-4 1 73Table 2.6.1-2. Encoding of the ChannelID Field . 1592-4 2 74Table 2.6.1-3. The Format of the Security Protocol Header. 1602-6 3 75Table 2.6.1-4. Subfield of the Cry
31、ptosync 1612-7 4 76Table 2.6.1-5. Encoding of the ChannelID Field . 1622-7 5 77Table 2.9.1-1. The Format of the Parameter Record for the KeyIndex Parameter 1632-16 6 78Table 2.9.2-1. The Format of the Parameter Record for the TimeStampLong 7 Parameter 1642-16 8 79Table 2.9.2-2. Encoding of the Param
32、eterType Field. 1652-17 9 80Table 2.9.3-1. The Format of the Parameter Record for the Counter Parameter 1662-17 10 81Table 2.9.3-2. Encoding of the ParameterType Field. 1672-18 11 82Table 3.5.5-1. FTCEncryption 1683-9 12 83Table 3.5.5-2. RTCEncryption 1693-9 13 84Table 3.5.5-3. CCEncryption 1703-9 1
33、4 85Table 3.5.5-4. ACEncryption 1713-10 15 TIA-925-1 E v (This foreword is not part of this Standard) 1 This standard was prepared by Technical Specification Group C of the Third Generation 2 Partnership Project 2 (3GPP2). This standard is evolved from and is a companion to the 3 cdma200001standards
34、. This air interface standard provides Enhanced Subscriber Privacy 4 requirements for cdma2000 High Rate Packet Data. 5 6 1“cdma2000is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of 3GPP2. Geographically (and as of the da
35、te of publication), cdma2000 is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States.” TIA-925-1 E REFERENCES vi The following standards contain provisions, which, through reference in this text, 1 constitute provisions of this standard. At the time of
36、 publication, the editions indicated 2 were valid. All standards are subject to revision, and parties to agreements based on this 3 standard are encouraged to investigate the possibility of applying the most recent editions 4 of the standards indicated below. 5 6 1 TIA-856, cdma2000 High Rate Packet
37、 Data Air Interface Specification. 7 2 3GPP2 S.S0055-A, Version 3.0, Enhanced Cryptographic Algorithms, October, 8 2005TR45.AHAG, Enhanced Cryptographic Algorithms, Revision B, March 5, 2002 9 3 3GPP2 S.S0078-A, Version 3.0, Common Security Algorithms, October, 2005 10 TIA-925-1 E 1-1 1. 0OVERVIEW 1
38、 172Figure 1-1 shows the relationship between a Connection Layer packet, an Encryption 2 Protocol packet, an Authentication Protocol packet, a Security Protocol packet, and a MAC 3 Layer packet payload. 4 ConnectionLayerpacketEncryptionProtocolpayloadEncryptionProtocolheaderAuthenticationProtocolhea
39、derEncryptionProtocoltrailerAuthenticationProtocoltrailerSecurityProtocolpayloadAuthenticationProtocolpayloadSecurityProtocolheaderSecurityProtocoltrailerMACLayer PacketpayloadEncryptionProtocolpacketAuthenticationProtocolpacketSecurity ProtocolpacketorSecurity LayerPacket5 Figure 1-1. Security Laye
40、r Encapsulation 6 When a Connection Layer packet that is to be authenticated or encrypted is delivered to the 7 Security Layer, the following steps are performed by the protocols in the Security Layer in 8 the order specified below: 9 The Security Layer protocol generates a cryptosync Cryptosync for
41、 the channel for 10 which the Connection Layer packet is destined. For the purpose for referencing this 11 value of cryptosync Cryptosync in the following steps, denote this value as 12 TheCryptosync. 13 The Connection Layer packet and TheCryptosync are delivered to the Encryption 14 Protocol. 15 If
42、 the Connection Layer packet is to be encrypted, the Encryption Protocol uses 16 TheCryptosync, the encryption key, and other parameters specified by the 17 Encryption Protocol (if any) to encrypt the Connection Layer packet and construct 18 the Encryption Protocol packet. 19 TIA-925-1 E 1-2 The Enc
43、ryption Protocol delivers the Encryption Protocol packet and TheCryptosync 1 to the Authentication Protocol. 2 If the Encryption Protocol packet is to be authenticated, the Authentication Protocol 3 uses TheCryptosync, authentication key, and other parameters specified by the 4 Authentication Protoc
44、ol to construct the Authentication Protocol packet. 5 The Authentication Protocol delivers the Authentication Protocol packet and 6 TheCryptosync to the Security Protocol. 7 The Security Protocol uses TheCryptosync to construct the Security Protocol header 8 and trailer (if any). 9 The Security Prot
45、ocol delivers the Security Protocol packet to the MAC layer. 10 Conversely, when the Security Layer receives a MAC Layer Packet payload that is either 11 authenticated or encrypted, the following steps are performed by the protocols in the 12 Security Layer in the order specified below: 13 The Secur
46、ity Protocol constructs the Cryptosync using the Security Protocol header 14 and trailer (if any). For the purpose for referencing this value of cryptosync 15 Cryptosync in the following steps, denote this value as “TheCryptosync”. 16 The Security Protocol removes the Security Protocols header and t
47、railer and delivers 17 TheCryptosync and the Security Protocol payload to the Authentication Protocol. 18 If the Authentication Protocol packet is authenticated, the Authentication Protocol 19 uses TheCryptosync, authentication key, Authentication Protocol payload, 20 Authenetication Protocol header
48、 and trailer, and other parameters specified by the 21 Authentication Protocol (if any) to verify the authentication signature. If the 22 authentication signature passes, then the Authentication Protocol delivers the 23 Authentication Protocol payload to the Encryption Protocol, otherwise the 24 Aut
49、hentication Protocol Packet is discarded. If the authentication signature does 25 not pass, then the Authentication Protocol discards the packet. 26 If the Authentication Protocol packet is not authenticated, then the Authentication 27 Protocol delivers the Authentication Protocol payload to the Encryption Protocol. 28 If the Encryption Protocol packet is encrypted, the Encryption Protocol uses 29 TheCryptosync and the encryption key to decrypt the Encryption Protocol packet. 30 The decrypted payload is then delivered to the Con
