1、 TIA DOCUMENT Enhanced Subscriber Privacy for cdma2000 High Rate Packet Data TIA-925 SEPTEMBER 2002 TELECOMMUNICATIONS INDUSTRY ASSOCIATION The Telecommunications Industry Association represents the communications sector of NOTICE TIA Engineering Standards and Publications are designed to serve the
2、public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Publi
3、cations shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Publications. Neither shall the existence of such Documents preclude their voluntary use by non-TIA members, either domestically or internationally. TIA DOCUMENTS T
4、IA Documents contain information deemed to be of technical value to the industry, and are published at the request of the originating Committee without necessarily following the rigorous public review and resolution of comments which is a procedural part of the development of a American National Sta
5、ndard (ANS). TIA documents shall be reviewed on a five year cycle by the formulating Committee and a decision made on whether to reaffirm, revise, withdraw, or proceed to develop an American National Standard on this subject. Suggestions for revision should be directed to: Standards & Technology Dep
6、artment, Telecommunications Industry Association, 2500 Wilson Boulevard, Arlington, VA 22201 U.S.A. (From Project No. 3-0071, formulated under the cognizance of the TIA TR-45.5 Subcommittee on Spread Spectrum Digital Technology.) Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION 2002 Standards &
7、Technology Department 2500 Wilson Boulevard Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call Global Engineering Documents, USA and Canada (1-800-854-7179) International (303-397-7956) or se
8、arch online at http:/www.tiaonline.org/standards/search_n_order.cfm All rights reserved Printed in U.S.A. PLEASE! DONT VIOLATE THE LAW! This document is copyrighted by the TIA and may not be reproduced without permission. Organizations may obtain permission to reproduce a limited number of copies th
9、rough entering into a license agreement. For information, contact: Global Engineering Documents 15 Inverness Way East Englewood, CO 80112-5704 U.S.A. or call U.S.A. and Canada 1-800-854-7179, International (303) 397-7956 NOTICE OF DISCLAIMER AND LIMITATION OF LIABILITY The document to which this Not
10、ice is affixed has been prepared by one or more Engineering Committees of the Telecommunications Industry Association (“TIA”). TIA is not the author of the document contents, but publishes and claims copyright to the document pursuant to licenses and permission granted by the authors of the contents
11、. TIA Engineering Committees are expected to conduct their affairs in accordance with the TIA Engineering Manual (“Manual”), the current and predecessor versions of which are available at http:/www.tiaonline.org/standards/sfg/engineering_manual.cfm. TIAs function is to administer the process, but no
12、t the content, of document preparation in accordance with the Manual and, when appropriate, the policies and procedures of the American National Standards Institute (“ANSI”). THE USE OR PRACTICE OF CONTENTS OF THIS DOCUMENT MAY INVOLVE THE USE OF INTELLECTUAL PROPERTY RIGHTS (“IPR”), INCLUDING PENDI
13、NG OR ISSUED PATENTS, OR COPYRIGHTS, OWNED BY ONE OR MORE PARTIES. TIA MAKES NO SEARCH OR INVESTIGATION FOR IPR. WHEN IPR CONSISTING OF PATENTS AND PUBLISHED PATENT APPLICATIONS ARE CLAIMED AND CALLED TO TIAS ATTENTION, A STATEMENT FROM THE HOLDER THEREOF IS REQUESTED, ALL IN ACCORDANCE WITH THE MAN
14、UAL. TIA TAKES NO POSITION WITH REFERENCE TO, AND DISCLAIMS ANY OBLIGATION TO INVESTIGATE OR INQUIRE INTO, THE SCOPE OR VALIDITY OF ANY CLAIMS OF IPR. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS
15、 FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NON-INFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE C
16、ONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAG
17、ES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FU
18、NDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. TIA-925 CONTENTS i 1. Overview . 1-1 1 2. Time-Counter-Based Security Protocol. 2-1 2 2.1. Overview . 2-1 3 2.2. Primitives and Public Data. 2-1 4 2.2.1. Commands 2-1 5 2.2
19、.2. Return Indications . 2-1 6 2.2.3. Public Data 2-1 7 2.3. Protocol Data Unit . 2-1 8 2.4. Protocol Initialization . 2-1 9 2.4.1. Protocol Initialization for the InConfiguration Protocol Instance. 2-1 10 2.4.2. Protocol Initialization for the InUse Protocol Instance 2-2 11 2.5. Procedures and Mess
20、ages for the InConfiguration Instance of the Protocol 2-2 12 2.5.1. Procedures. 2-2 13 2.5.2. Commit Procedures 2-2 14 2.5.3. Message Formats . 2-3 15 2.5.3.1. ConfigurationRequest. 2-3 16 2.5.3.2. ConfigurationResponse. 2-3 17 2.6. Procedures and Messages for the InUse Instance of the Protocol . 2-
21、4 18 2.6.1. Procedures. 2-4 19 2.6.1.1. Transmit Procedures 2-4 20 2.6.1.1.1. Generation of the Cryptosync 2-4 21 2.6.1.1.2. Construction of the Security Protocol Header. 2-5 22 2.6.1.2. Receive Procedures. 2-6 23 2.6.2. Message Formats . 2-8 24 2.6.3. Time-Counter-Based Security Protocol Header 2-8
22、 25 2.6.4. Time-Counter-Based Security Protocol Trailer. 2-8 26 2.6.5. Interface to Other Protocols 2-8 27 2.6.5.1. Commands. 2-8 28 2.6.5.2. Indications. 2-8 29 2.7. Configuration Attributes 2-8 30 2.7.1. FTC Cryptosync Attribute. 2-8 31 2.7.2. RTC Cryptosync Attribute. 2-10 32 2.7.3. CC Cryptosync
23、 Attribute 2-12 33 2.7.4. AC Cryptosync Attribute. 2-13 34 2.8. Protocol Numeric Constants. 2-14 35 2.9. Session State Information 2-14 36 2.9.1. KeyIndex Parameter . 2-15 37 2.9.2. TimeStampLong Parameter. 2-15 38 TIA-925 ii 2.9.3. Counter Parameter .2-16 1 3. AES Encryption Protocol 3-1 2 3.1. Pri
24、mitives and Public Data .3-1 3 3.1.1. Commands.3-1 4 3.1.2. Return Indications3-1 5 3.1.3. Public Data 3-1 6 3.2. Protocol Data Unit3-1 7 3.3. Protocol Initialization3-1 8 3.3.1. Protocol Initialization for the InConfiguration Protocol Instance .3-1 9 3.3.2. Protocol Initialization for the InUse Pro
25、tocol Instance 3-1 10 3.4. Procedures and Messages for the InConfiguration Instance of the Protocol.3-2 11 3.4.1. Procedures .3-2 12 3.4.2. Commit Procedures 3-2 13 3.4.3. Message Formats3-2 14 3.4.3.1. ConfigurationRequest .3-2 15 3.4.3.2. ConfigurationResponse .3-3 16 3.5. Procedures and Messages
26、for the InUse Instance of the Protocol3-3 17 3.5.1. Procedures .3-3 18 3.5.1.1. Constructing the Encryption Key.3-3 19 3.5.1.2. Constructing the Cryptosync.3-6 20 3.5.1.3. Transmit Procedures.3-6 21 3.5.1.4. Receive Procedures .3-7 22 3.5.2. Message Formats3-8 23 3.5.3. AES Encryption Protocol Heade
27、r .3-8 24 3.5.4. AES Encryption Protocol Trailer 3-8 25 3.5.5. Interface to Other Protocols.3-8 26 3.5.5.1. Commands .3-8 27 3.5.5.2. Indications .3-9 28 3.6. Configuration Attributes.3-9 29 3.6.1. FTCReducedStrengthEncryptionKey Attribute .3-10 30 3.6.2. RTCReducedStrengthEncryptionKey Attribute.3-
28、11 31 3.6.3. CCReducedStrengthEncryptionKey Attribute.3-11 32 3.6.4. ACReducedStrengthEncryptionKey Attribute.3-12 33 3.7. Protocol Numeric Constants .3-13 34 3.8. Session State Information.3-13 35 36 TIA-925 FIGURES iii Figure 1-1. Security Layer Encapsulation 1-1 1 2 TIA-925 TABLES iv Table 2.6.1-
29、1. Subfield of the Cryptosync 2-4 1 Table 2.6.1-2. Encoding of the ChannelID Field .2-4 2 Table 2.6.1-3. The Format of the Security Protocol Header .2-5 3 Table 2.6.1-4. Subfield of the Cryptosync 2-7 4 Table 2.6.1-5. Encoding of the ChannelID Field .2-7 5 Table 2.9.1-1. The Format of the Parameter
30、Record for the Counter Parameter.2-15 6 Table 2.9.2-1. The Format of the Parameter Record for the TimeStampLong 7 Parameter .2-15 8 Table 2.9.2-2. Encoding of the ParameterType Field.2-15 9 Table 2.9.3-1. The Format of the Parameter Record for the Counter Parameter.2-16 10 Table 2.9.3-2. Encoding of
31、 the ParameterType Field.2-16 11 Table 3.5.5-1. FTCEncryption .3-9 12 Table 3.5.5-2. RTCEncryption .3-9 13 Table 3.5.5-3. CCEncryption .3-9 14 Table 3.5.5-4. ACEncryption .3-10 15 16 TIA-925 REFERENCES v The following standards contain provisions, which, through reference in this text, 1 constitute
32、provisions of this standard. At the time of publication, the editions indicated 2 were valid. All standards are subject to revision, and parties to agreements based on this 3 standard are encouraged to investigate the possibility of applying the most recent editions 4 of the standards indicated belo
33、w. 5 6 1 TIA/EIA/IS-856-1, cdma2000 High Rate Packet Data Air Interface Specification. 7 2 TR45.AHAG, Enhanced Cryptographic Algorithms, Revision B, March 5, 2002 8 9 TIA-925 vi No text. 1 TIA-925 1-1 1. OVERVIEW 1 Figure 1-1 shows the relationship between a Connection Layer packet, an Encryption 2
34、Protocol packet, an Authentication Protocol packet, a Security Protocol packet, and a MAC 3 Layer packet payload. 4 ConnectionLayerpacketEncryptionProtocolpayloadEncryptionProtocolheaderAuthenticationProtocolheaderEncryptionProtocoltrailerAuthenticationProtocoltrailerSecurityProtocolpayloadAuthentic
35、ationProtocolpayloadSecurityProtocolheaderSecurityProtocoltrailerMACLayer PacketpayloadEncryptionProtocolpacketAuthenticationProtocolpacketSecurity ProtocolpacketorSecurity LayerPacket5 Figure 1-1. Security Layer Encapsulation 6 When a Connection Layer packet that is to be authenticated or encrypted
36、 is delivered to the 7 Security Layer, the following steps are performed by the protocols in the Security Layer in 8 the order specified below: 9 The Security Layer protocol generates a cryptosync for the channel for which the 10 Connection Layer packet is destined. For the purpose for referencing t
37、his value of 11 cryptosync in the following steps, denote this value as TheCryptosync. 12 The Connection Layer packet and TheCryptosync are delivered to the Encryption 13 Protocol. 14 If the Connection Layer packet is to be encrypted, the Encryption Protocol uses 15 TheCryptosync, the encryption key
38、, and other parameters specified by the 16 Encryption Protocol (if any) to encrypt the Connection Layer packet and construct 17 the Encryption Protocol packet. 18 TIA-925 1-2 The Encryption Protocol delivers the Encryption Protocol packet and TheCryptosync 1 to the Authentication Protocol. 2 If the
39、Encryption Protocol packet is to be authenticated, the Authentication Protocol 3 uses TheCryptosync, authentication key, and other parameters specified by the 4 Authentication Protocol to construct the Authentication Protocol packet. 5 The Authentication Protocol delivers the Authentication Protocol
40、 packet and 6 TheCryptosync to the Security Protocol. 7 The Security Protocol uses TheCryptosync to construct the Security Protocol header 8 and trailer (if any). 9 The Security Protocol delivers the Security Protocol packet to the MAC layer. 10 Conversely, when the Security Layer receives a MAC Lay
41、er Packet payload that is either 11 authenticated or encrypted, the following steps are performed by the protocols in the 12 Security Layer in the order specified below: 13 The Security Protocol constructs the Cryptosync using the Security Protocol header 14 and trailer (if any). For the purpose for
42、 referencing this value of cryptosync in the 15 following steps, denote this value as “TheCryptosync”. 16 The Security Protocol removes the Security Protocols header and trailer and delivers 17 TheCryptosync and the Security Protocol payload to the Authentication Protocol. 18 If the Authentication P
43、rotocol packet is authenticated, the Authentication Protocol 19 uses TheCryptosync, authentication key, Authentication Protocol payload, 20 Authnetication Protocol header and trailer, and other parameters specified by the 21 Authentication Protocol (if any) to verify the authentication signature. If
44、 the 22 authentication signature passes, then the Authentication Protocol delivers the 23 Authentication Protocol payload to the Encryption Protocol, otherwise the 24 Authentication Protocol Packet is discarded. If the authentication signature does 25 not pass, then the Authentication Protocol disca
45、rds the packet. 26 If the Authentication Protocol packet is not authenticated, then the Authentication 27 Protocol delivers the Authentication Protocol payload to the Encryption Protocol. 28 If the Encryption Protocol packet is encrypted, the Encryption Protocol uses 29 TheCryptosync and the encrypt
46、ion key to decrypt the Encryption Protocol packet. 30 The decrypted payload is then delivered to the Connection Layer. 31 If the Encryption Protocol packet is not encrypted, the Encryption Protocol packet is 32 delivered to the Connection Layer. 33 The Security Layer provides two pairs of security i
47、nformation to the Connection 34 Layer. The first indicates: 35 Whether or not the Security Layer session configuration supported encryption of 36 the Security Layer packet, and 37 TIA-925 1-3 Whether or not the Security Layer decrypted the Security Layer packet1. 1 The second indicates: 2 Whether or
48、 not the Security Layer session configuration supported encryption of 3 the Security Layer packet, and 4 Whether or not the Security Layer authenticated the Security Layer packet. 5 The receiving application or protocol may use these two pairs of security information 6 to determine whether or not to
49、 discard the payload. 7 The access terminal shall not require Connection Layer packets that satisfy any of the 8 following conditions to be encrypted: 9 A Connection Layer packet that is received on the Control Channel and its 10 encapsulating MAC Layer packets was not addressed using the Unicast Addressing 11 mode. 12 A Connection Layer packet that is received on the Control Channel and contains a 13 SessionClose2message associated with the Default Session Management Protocol. 14 The Connection Layer packets that contain any of th
