1、 AMERICAN NATIONAL STANDARD FOR TELECOMMUNICATIONS ATIS-1000060.2014 Emergency Telecommunications Service (ETS): Long Term Evolution (LTE) Access Network Security Requirements for National Security/Emergency Network (NGN) Priority Services As a leading technology and solutions development organizati
2、on, ATIS brings together the top global ICT companies to advance the industrys most-pressing business priorities. Through ATIS committees and forums, nearly 200 companies address cloud services, device solutions, emergency services, M2M communications, cyber security, ehealth, network evolution, qua
3、lity of service, billing support, operations, and more. These priorities follow a fast-track development lifecycle from design and innovation through solutions that include standards, specifications, requirements, business use cases, software toolkits, and interoperability testing. ATIS is accredite
4、d by the American National Standards Institute (ANSI). ATIS is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of oneM2M, a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunication
5、s sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit . AMERICAN NATIONAL STANDARD Approval of an American National Standard requires review by ANSI that the requirements for due process, consensus, and other criteria for approval have been m
6、et by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Cons
7、ensus requires that all views and objections be considered, and that a concerted effort be made towards their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufa
8、cturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the
9、right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American
10、 National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken periodically to reaffirm, revise, or withdraw this standard. Purchasers of American National Standards may receive current information on all standards
11、 by calling or writing the American National Standards Institute. Notice of Disclaimer and security for transport of signaling and user data over LTE interfaces, the Management Plane, Supporting IP Services, and Circuit Switch Fallback (CSFB) Signaling for interworking with Universal Mobile Telecomm
12、unications System (UMTS) and Code Division Multiple Access (CDMA) Single Carrier Radio Transmission Technology (1xRTT). The scope is restricted to security of NS/EP NGN-PS (i.e., NGN Government Emergency Telecommunications Services and Wireless Priority Services, abbreviated as GETS and WPS, respect
13、ively) as defined in ATIS-1000057 that are specific to the LTE access network. The scope of this document is limited to priority voice services for non-roaming scenarios. Figure 1.1 illustrates the approach used to define and organize the security requirements that address protection of NS/EP NGN-PS
14、 for the LTE Access Network. In this document, the LTE Access Network as defined in 3GPP TS 23.002 consists of the: 1NGN Service Providers have elected to reuse CS technology rather than an IMS solution for their initial voice communications solution. The 3GPP specification TS 23.272 covers circuit
15、switch fallback (CS-FB). 2This refers specifically to traversal over various LTE interfaces in order to securely establish bearer channels needed for priority communications. ATIS-1000060.2014 8 air interface, backhaul network, and packet core (Evolved Packet Core EPC). Figure 1. 1 - Approach For ea
16、ch segment of the LTE Access Network Segments (A. Air Interface, B. Backhaul, and C. Packet Core) the security requirements cover the following four areas: 1. Security of LTE Features that are specific to NS/EP NGN-PS: confidentiality, integrity, and availability protection of features such as the a
17、dvance priority features. 2. Security of LTE Features that support NS/EP NGN-PS: confidentiality, integrity, and availability protection of LTE functions and procedures used to support NS/EP NGN-PS (e.g., integrity protection of the special usage of call admission and other features that support NS/
18、EP NGN-PS). 3. Consideration of LTE Security features critical to NS/EP NGN-PS: In cases where the LTE security specifications allow options, specific selections may be needed for NS/EP NGN-PS security. 4. Other: features and feature interworking, such as security of priority CSFB and management of
19、LTE security and risk assessments that do not fit into the other categories. For each of these four areas, the approach is extended through the user, management, and con-trol planes, and when combined with the three network segments, constitutes three dimensions of coverage. A. UE, E-UTRA (Uu) B. EU
20、TRAN (X2 and S1) C. EPC, PCRF, HSS, SPR(Rx, Gx, Sp, SGi and SGx) i. Control Planeii. User Planeiii. Mgmt. PlaneAIRINTERFACEBACKHAULPACKETCORE1. Security of NS/EP PS-specific LTE Features2. Security of LTE Features Used to Support NS/EP PS3. Considerations of LTE Security Options for NS/EP PS 4. Othe
21、r: CSFB, Management of LTE Security, Risk AssessmentsATIS-1000060.2014 9 1.1 Relationship of Concepts Vocabulary for 3GPP Specifications (Release 10). 3rd Generation Partnership Project TS 124 301 ETSI TS 124 301 V8.3.0 (2009-09), Universal Mobile Telecommunications System (UMTS); LTE; Non-Access-St
22、ratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 8.3.0 Release 8). 3rd Generation Partnership Project. TS 22.011 3GPP TS 22.153 V9.4.0 (2010-06), Technical Specification Group Services and System Aspects; Service accessibility (Release 9). 3rd Generation Partners
23、hip Project TS 23.002 3GPP TS 23.002 V10.2.0 (2011-03), Technical Specification Group Services and System Aspects; Network architecture (Release 10). 3rd Generation Partnership Project TS 23.401 3GPP TS 23.401 V10.7.0 (2012-03), Technical Specification Group Services and System Aspects; General Pack
24、et Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) Access (Release 10). 3rd Generation Partnership Project TS 23.402 3GPP TS 23.402 V10.7.0 (2012-03), Technical Specification Group Services and System Aspects; Architecture enhancements for non-3GPP
25、Accesses (Release 10). 3rd Generation Partnership Project 5This document is available from the Alliance for Telecommunications Industry Solutions (ATIS) at 6This document is available from the Alliance for Telecommunications Industry Solutions (ATIS) at 7This document is available from the Alliance
26、for Telecommunications Industry Solutions (ATIS) at 8This document is available from the International Telecommunications Union. 9This document is available from the Internet Engineering Task Force (IETF). 10This document is available from the Third Generation Partnership Project (3GPP) at . ATIS-10
27、00060.2014 12 TS 24.301 3GPP TS 24.301 V8.1.0 (2009-03), Technical Specification Group Core Network and Terminals; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (Release 8). 3rd Generation Partnership Project TS 32.372 3GPP TS 32.372 V9.0.0 (2009-12), Technical Specifica
28、tion Group Services and System Aspects; Telecommunication Management; Security services for Integration Reference Points (IRP); Information Service (IS) (Release 9). 3rd Generation Partnership Project TS 33.102 3GPP TS 33.102 V10.0.0 (2010-12), Technical Specification Group Services and System Aspec
29、ts; 3G Security; Security architecture (Release 10). 3rd Generation Partnership Project. TS 33.210 3GPP TS 33.210 V9.0.0 (2009-12). Technical Specification Group Services and System Aspects; 3G Security; Network Domain Security; IP Network Layer Security (Release 9). 3rd Generation Partnership Proje
30、ct TS 33.220 3GPP TS 33.220 V10.1.0 (2012-03). Technical Specification Group Services and System Aspects; Generic Authentication Architecture (GAA); generic Bootstrapping Architecture (GBA) (Release 10). 3rd Generation Partnership Project TS 33.221 3GPP TS 33.221 V10.0.0 (2011-03). Technical Specifi
31、cation Group Services and System Aspects; Generic Authentication Architecture (GAA); Support for Subscriber Certificates (Release 10). 3rd Generation Partnership Project TS 33.310 3GPP TS 33.310 V11.1.0 (2012-09), Technical Specification Group Services and System Aspects; Network Domain Security (ND
32、S); Authentication Framework (AF) (Release 11). 3rd Generation Partnership Project TS 33.401 3GPP TS 33.401 V10.2.0 (2011-09), Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security Architecture (Release 10). 3rd Generation Partnership Project T
33、S 36.331 3GPP TS 36.331 V8.2.0 (2008-05), Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA) Radio Resource Control (RRC); Protocol Specification (Release 8). 3rd Generation Partnership Project TS 36.423 3GPP TS 36.423 V8.0.0 (2007-12), Technical
34、Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access Network (EUTRAN); X2 application protocol (X2AP) (Release 8). 3rd Generation Partnership Project 2.5 3GPP2 References11X.S0057-0 3GPP2 X.S0057-0. April, 2009. E-UTRAN - eHRPD Connectivity and Interworking: Core Netw
35、ork Aspects, Version 1.0. 3 Definitions, Acronyms, a process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities (users, programs, processes, or other systems) according to that policy. 3.1.1.2 Authentication: The process of verif
36、ying the claimed identity of an entity (e.g., User Equipment, Service User, Service Provider, or other data source). 3.1.1.3 Authorization: A process of granting an authenticated entity (e.g., User Equipment, Service User, or Service Provider) access to a service or resource based on access rights a
37、nd privileges. ATIS-1000060.2014 13 3.1.1.4 Availability RFC 2828: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services accordi
38、ng to the system design whenever users request them. 3.1.1.5 Confidentiality TS 33.210: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. 3.1.1.6 Data Integrity TS 33.210: The property that data has not been altered in an unauthoriz
39、ed manner. 3.1.1.7 Integrity: See Data Integrity and System Integrity. 3.1.1.8 System Integrity RFC 2828: The quality that a system has when it can perform its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation. 3.1.2 Security Threats, Definition
40、s, or unauthorized disclosure of information. 3.1.2.3 Vulnerability: Any weakness that could be exploited to violate the integrity of a system or the information it contains. 3.1.2.4 Threat ITU-T X.800: A potential violation of security. Example threats to a communication system include the followin
41、g: a) Destruction of information and/or other resources; b) Corruption or modification of information; c) Theft, removal, or loss of information and/or other resources; d) Disclosure of information; and e) Interruption of services. 3.1.3 Security Attack Descriptions 3.1.3.1 Masquerade ITU-T X.800: A
42、 masquerade is where an entity pretends to be a different entity. A masquerade is usually used with some other forms of active attack, especially replay and modification of messages. For instance, authentication sequences can be captured and replayed after a valid authentication sequence has taken p
43、lace. An authorized entity with few privileges may use a masquerade to obtain extra privileges by impersonating an entity that has those privileges. 3.1.3.2 Replay ITU-T X.800: A replay occurs when a message, or part of a message, is repeated to produce an unauthorized effect. For example, a valid m
44、essage containing authentication information may be replayed by another entity in order to authenticate itself (as something that it is not). 3.1.3.3 Rogue device: Term used to describe an unauthorized device connected to the network that poses security risks and threats. Rogue or misbehaving User E
45、quipment (UE) attaching to the network could allow access-based threats. 3.1.3.4 Modification of messages ITU-T X.800: Modification of a message occurs when the content of a data transmission is altered without detection and results in an unauthorized effect, as when, for example, a message “Allow J
46、ohn Smith to read confidential file Accounts” is changed to “Allow Fred Brown to read confidential file Accounts”. 3.1.3.5 Denial of Service (DoS) ITU-T X.800: Denial of service occurs when an entity fails to perform its proper function or acts in a way that prevents other entities from performing t
47、heir proper functions. The ATIS-1000060.2014 14 attack may be general, as when an entity suppresses all messages, or there may be a specific target, as when an entity suppresses all messages directed to a particular destination, such as the security audit service. The attack may involve suppressing
48、traffic as described in this example or it may generate extra traffic. It is also possible to generate messages intended to disrupt the operation of the network, especially if the network has relay entities that make routing decisions based upon status reports received from other relay entities. 3.1
49、.3.6 Insider attacks ITU-T X.800: Insider attacks occur when legitimate users of a system behave in unintended or unauthorized ways. Most known computer crime has involved insider attacks that compromised the security of the system. NOTE: For NS/EP NGN-PS, the term “legitimate users” in the definition applies to both the Service User (i.e., OEC/DHS employee or contractor responsible for operations procedures such as database updates) and the Service Provider employee (e.g., administrator). 3.1.3.7 Outsider attacks
