1、 ETSI EN 300 392-7 V3.3.1 (2012-07) Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security European Standard ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 2Reference REN/TETRA-06180 Keywords security, TETRA, V+D ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.:
2、+33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made ava
3、ilable in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on
4、a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find
5、errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction i
6、n all media. European Telecommunications Standards Institute 2012. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Org
7、anizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 3Contents Intellectual Property Rights 10g3Foreword . 10g31 Scope 12g32 References 12g32.1 Normative references . 12g32.2 Informative references 13g33 Defin
8、itions and abbreviations . 13g33.1 Definitions 13g33.2 Abbreviations . 16g34 Air Interface authentication and key management mechanisms 18g34.0 Security classes 18g34.1 Air interface authentication mechanisms . 19g34.1.1 Overview 19g34.1.2 Authentication of an MS . 19g34.1.3 Authentication of the in
9、frastructure 20g34.1.4 Mutual authentication of MS and infrastructure . 21g34.1.5 The authentication key 23g34.1.6 Equipment authentication . 23g34.1.7 Authentication of an MS when migrated 24g34.1.8 Authentication of the home SwMI when migrated . 25g34.1.9 Mutual Authentication of MS and infrastruc
10、ture when migrated . 26g34.2 Air Interface key management mechanisms . 26g34.2.1 The DCK . 26g34.2.2 The GCK . 27g34.2.2.1 Session key modifier GCK0 28g34.2.3 The CCK . 29g34.2.4 The SCK . 30g34.2.4.1 SCK association for DMO use 31g34.2.4.1.1 DMO SCK subset grouping . 32g34.2.5 The GSKO 34g34.2.5.1
11、SCK distribution to groups with OTAR 35g34.2.5.2 GCK distribution to groups with OTAR . 35g34.2.5.3 Rules for MS response to group key distribution 36g34.2.6 Encrypted Short Identity (ESI) mechanism 36g34.2.7 Encryption Cipher Key . 37g34.2.8 Summary of AI key management mechanisms . 37g34.3 Service
12、 description and primitives . 39g34.3.1 Authentication primitives . 39g34.3.2 SCK transfer primitives 39g34.3.3 GCK transfer primitives 40g34.3.4 GSKO transfer primitives . 41g34.4 Authentication protocol 42g34.4.1 Authentication state transitions . 42g34.4.2 Authentication protocol sequences and op
13、erations . 45g34.4.2.1 MSCs for authentication . 46g34.4.2.2 MSCs for authentication Type-3 element . 52g34.4.2.3 Control of authentication timer T354 at MS . 55g34.5 OTAR protocols . 56g34.5.1 CCK delivery - protocol functions 56g34.5.1.1 SwMI-initiated CCK provision . 56g34.5.1.2 MS-initiated CCK
14、provision with U-OTAR CCK demand. 58g34.5.1.3 MS-initiated CCK provision with announced cell reselection 59g34.5.2 OTAR protocol functions - SCK 59g34.5.2.1 MS requests provision of SCK(s) 60g34.5.2.2 SwMI provides SCK(s) to individual MS . 61g3ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 44.5.2.3 SwMI p
15、rovides SCK(s) to group of MSs 64g34.5.2.4 SwMI rejects provision of SCK 66g34.5.3 OTAR protocol functions - GCK 66g34.5.3.1 MS requests provision of GCK . 66g34.5.3.2 SwMI provides GCK to an individual MS 69g34.5.3.3 SwMI provides GCK to a group of MSs . 71g34.5.3.4 SwMI rejects provision of GCK 73
16、g34.5.4 Cipher key association to group address . 73g34.5.4.1 SCK association for DMO 74g34.5.4.2 GCK association . 78g34.5.5 Notification of key change over the air . 80g34.5.5.1 Change of DCK . 82g34.5.5.2 Change of CCK . 82g34.5.5.3 Change of GCK . 82g34.5.5.4 Change of SCK for TMO 82g34.5.5.5 Ch
17、ange of SCK for DMO . 83g34.5.5.6 Synchronization of Cipher Key Change 83g34.5.6 Security class change 83g34.5.6.1 Change of security class to security class 1 84g34.5.6.2 Change of security class to security class 2 84g34.5.6.3 Change of security class to security class 3 84g34.5.6.4 Change of secu
18、rity class to security class 3 with GCK . 85g34.5.7 Notification of key in use 85g34.5.8 Notification of GCK Activation/Deactivation 85g34.5.9 Deletion of SCK, GCK and GSKO . 85g34.5.10 Air Interface Key Status Enquiry 87g34.5.11 Crypto management group 90g34.5.12 OTAR retry mechanism 90g34.5.13 OTA
19、R protocol functions - GSKO . 91g34.5.13.1 MS requests provision of GSKO . 91g34.5.13.2 SwMI provides GSKO to an MS . 92g34.5.13.3 SwMI rejects provision of GSKO . 93g34.5.14 OTAR protocol functions - interaction and queuing . 93g34.5.15 KSOv for OTAR operations in visited SwMI . 93g34.5.16 Transfer
20、 of AI cipher keys across the ISI . 97g35 Enable and disable mechanism . 97g35.1 General relationships 98g35.2 Enable/disable state transitions . 98g35.3 Mechanisms 99g35.3.1 Disable of MS equipment . 100g35.3.2 Disable of an subscription . 100g35.3.3 Disable of subscription and equipment . 100g35.3
21、.4 Enable an MS equipment 100g35.3.5 Enable an MS subscription . 100g35.3.6 Enable an MS equipment and subscription . 100g35.4 Enable/disable protocol 101g35.4.1 General case 101g35.4.2 Status of cipher key material. 102g35.4.2.1 Permanently disabled state 102g35.4.2.2 Temporarily disabled state 102
22、g35.4.3 Specific protocol exchanges . 103g35.4.3.1 Disabling an MS with mutual authentication 103g35.4.3.2 Enabling an MS with mutual authentication . 105g35.4.3.3 Enabling an MS with non-mutual authentication 106g35.4.3.4 Disabling an MS with non-mutual authentication . 107g35.4.4 Enabling an MS wi
23、thout authentication 108g35.4.5 Disabling an MS without authentication . 109g35.4.6 Rejection of enable or disable command 109g35.4.6a Expiry of Enable/Disable protocol timer 110g35.4.7 MM service primitives 111g35.4.7.1 TNMM-DISABLING primitive 111g3ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 55.4.7.2
24、TNMM-ENABLING primitive . 111g36 Air Interface (AI) encryption . 111g36.1 General principles. 111g36.2 Security class 112g36.2.0 Notification of security class 113g36.2.0.1 Security Class of Neighbouring Cells . 114g36.2.0.2 Identification of MS security capabilities . 114g36.2.1 Constraints on LA a
25、rising from cell class . 114g36.3 Key Stream Generator (KSG) 114g36.3.1 KSG numbering and selection 114g36.3.2 Interface parameters 115g36.3.2.1 Initial Value (IV) . 115g36.3.2.2 Cipher Key 115g36.4 Encryption mechanism . 116g36.4.1 Allocation of KSS to logical channels 116g36.4.2 Allocation of KSS
26、to logical channels with PDU association 118g36.4.2.1 General 118g36.4.2.2 KSS allocation on phase modulation channels 118g36.4.2.3 KSS allocation on QAM channels 120g36.4.2.3.1 Fixed mapping . 120g36.4.2.3.2 Offset mapping 121g36.4.3 Synchronization of data calls where data is multi-slot interleave
27、d . 122g36.4.4 Recovery of stolen frames from interleaved data . 123g36.5 Use of cipher keys 123g36.5.1 Identification of encryption state of downlink MAC PDUs . 124g36.5.1.1 Class 1 cells . 124g36.5.1.2 Class 2 cells . 125g36.5.1.3 Class 3 cells . 125g36.5.2 Identification of encryption state of up
28、link MAC PDUs 125g36.6 Mobility procedures . 126g36.6.1 General requirements 126g36.6.1.1 Additional requirements for class 3 systems . 126g36.6.2 Protocol description 126g36.6.2.1 Negotiation of ciphering parameters . 126g36.6.2.1.1 Class 1 cells . 126g36.6.2.1.2 Class 2 cells . 127g36.6.2.1.3 Clas
29、s 3 cells . 127g36.6.2.2 Initial and undeclared cell re-selection 127g36.6.2.3 Unannounced cell re-selection 128g36.6.2.4 Announced cell re-selection type-3 . 129g36.6.2.5 Announced cell re-selection type-2 . 129g36.6.2.6 Announced cell re-selection type-1 . 129g36.6.2.7 Key forwarding . 129g36.6.3
30、Shared channels 131g36.7 Encryption control 131g36.7.1 Data to be encrypted . 131g36.7.1.1 Downlink control channel requirements . 131g36.7.1.2 Encryption of MAC header elements 131g36.7.1.3 Traffic channel encryption control 131g36.7.1.4 Handling of PDUs that do not conform to negotiated ciphering
31、mode . 132g36.7.2 Service description and primitives 132g36.7.2.1 Mobility Management (MM) 133g36.7.2.2 Mobile Link Entity (MLE) 134g36.7.2.3 Layer 2 136g36.7.3 Protocol functions . 136g36.7.3.1 MM . 136g36.7.3.2 MLE 136g36.7.3.3 LLC . 136g36.7.3.4 MAC . 137g36.7.4 PDUs for cipher negotiation . 137g
32、3ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 6Annex A (normative): PDU and element definitions 138g3A.1 Authentication PDUs 138g3A.1.1 D-AUTHENTICATION demand . 138g3A.1.2 D-AUTHENTICATION reject . 138g3A.1.3 D-AUTHENTICATION response 139g3A.1.4 D-AUTHENTICATION result . 139g3A.1.5 U-AUTHENTICATION dema
33、nd . 139g3A.1.6 U-AUTHENTICATION reject . 140g3A.1.7 U-AUTHENTICATION response 140g3A.1.8 U-AUTHENTICATION result . 141g3A.2 OTAR PDUs 141g3A.2.1 D-OTAR CCK Provide 141g3A.2.2 U-OTAR CCK Demand . 141g3A.2.3 U-OTAR CCK Result 142g3A.2.4 D-OTAR GCK Provide 142g3A.2.5 U-OTAR GCK Demand . 143g3A.2.6 U-O
34、TAR GCK Result 144g3A.2.6a D-OTAR GCK Reject 144g3A.2.7 D-OTAR SCK Provide . 145g3A.2.8 U-OTAR SCK Demand 146g3A.2.9 U-OTAR SCK Result . 146g3A.2.9a D-OTAR SCK Reject . 147g3A.2.10 D-OTAR GSKO Provide 147g3A.2.11 U-OTAR GSKO Demand 148g3A.2.12 U-OTAR GSKO Result 148g3A.2.12a D-OTAR GSKO Reject 148g3
35、A.3 PDUs for key association to GTSI . 149g3A.3.1 D-OTAR KEY ASSOCIATE demand . 149g3A.3.2 U-OTAR KEY ASSOCIATE status . 150g3A.4 PDUs to synchronize key or security class change 150g3A.4.1 D-CK CHANGE demand . 150g3A.4.2 U-CK CHANGE result . 151g3A.4.2a U-OTAR KEY DELETE result 152g3A.4.2b U-OTAR K
36、EY STATUS response . 153g3A.4.3 D-DM-SCK ACTIVATE DEMAND . 154g3A.4.4 U-DM-SCK ACTIVATE RESULT . 155g3A.4a PDUs to delete air interface keys in MS 156g3A.4a.1 D-OTAR KEY DELETE demand 156g3A.4a.2 U-OTAR KEY DELETE result 156g3A.4b PDUs to obtain Air Interface Key Status . 157g3A.4b.1 D-OTAR KEY STAT
37、US demand 157g3A.4b.2 U-OTAR KEY STATUS response . 158g3A.5 Other security domain PDUs 159g3A.5.1 U-TEI PROVIDE . 159g3A.5.2 U-OTAR PREPARE 160g3A.5.3 D-OTAR NEWCELL . 160g3A.5.4 D-OTAR CMG GTSI PROVIDE . 160g3A.5.5 U-OTAR CMG GTSI RESULT . 161g3A.6 PDUs for Enable and Disable . 161g3A.6.1 D-DISABLE
38、 . 161g3A.6.2 D-ENABLE 162g3A.6.3 U-DISABLE STATUS . 162g3A.7 MM PDU type 3 information elements coding 163g3A.7.1 Authentication downlink 163g3A.7.2 Authentication uplink . 163g3ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 7A.8 PDU Information elements coding . 164g3A.8.1 Acknowledgement flag . 164g3A.8
39、.2 Address extension. 164g3A.8.3 Authentication challenge 164g3A.8.4 Authentication reject reason . 164g3A.8.5 Authentication result 165g3A.8.6 Authentication sub-type . 165g3A.8.7 CCK identifier 165g3A.8.8 CCK information 165g3A.8.9 CCK Location area information . 166g3A.8.10 CCK request flag 166g3
40、A.8.11 Change of security class . 166g3A.8.12 Ciphering parameters . 167g3A.8.13 CK provision flag . 167g3A.8.14 CK provisioning information . 167g3A.8.15 CK request flag . 168g3A.8.16 Class Change flag . 168g3A.8.17 DCK forwarding result . 168g3A.8.18 Disabling type 168g3A.8.19 Enable/Disable resul
41、t 169g3A.8.20 Encryption mode 169g3A.8.20.1 Class 1 cells 169g3A.8.20.2 Class 2 cells 169g3A.8.20.3 Class 3 cells 170g3A.8.21 Equipment disable 170g3A.8.22 Equipment enable . 170g3A.8.23 Equipment status 170g3A.8.23a Explicit response 171g3A.8.24 Frame number 171g3A.8.25 Future key flag . 171g3A.8.2
42、6 GCK data 171g3A.8.27 GCK key and identifier 171g3A.8.28 GCK Number (GCKN) 172g3A.8.28a GCK Provision result . 172g3A.8.28b GCK rejected 172g3A.8.29 GCK select number 172g3A.8.29a GCK Supported 173g3A.8.30 GCK Version Number (GCK-VN) . 173g3A.8.31 Group association . 173g3A.8.31a Group Identity Sec
43、urity Related Information . 174g3A.8.32 GSKO Version Number (GSKO-VN) 174g3A.8.33 GSSI . 174g3A.8.34 Hyperframe number . 174g3A.8.35 Intent/confirm . 174g3A.8.36 Void 175g3A.8.37 Key association status 175g3A.8.38 Key association type . 175g3A.8.39 Key change type . 175g3A.8.39a Key delete type . 17
44、6g3A.8.39b Key status type . 176g3A.8.39c Key delete extension 176g3A.8.40 Key type flag 177g3A.8.41 KSG-number 177g3A.8.42 Location area 177g3A.8.43 Location area bit mask . 177g3A.8.44 Location area selector . 177g3A.8.45 Location area list 178g3A.8.46 Location area range 178g3A.8.46a Max response
45、 timer value . 178g3A.8.47 Mobile country code . 178g3A.8.48 Mobile network code 178g3A.8.49 Multiframe number. 178g3ETSI ETSI EN 300 392-7 V3.3.1 (2012-07) 8A.8.50 Mutual authentication flag 179g3A.8.51 Network time 179g3A.8.52 Number of GCKs changed . 179g3A.8.52a Number of GCKs deleted . 179g3A.8
46、.52b Number of GCK status . 179g3A.8.52c Number of GCKs provided 180g3A.8.52d Number of GCKs rejected 180g3A.8.52e Number of GCKs requested by GCKN 180g3A.8.52f Number of GCKs requested by GSSI . 181g3A.8.53 Number of groups . 181g3A.8.53a Number of GSKO status . 181g3A.8.54 Number of location areas
47、 . 181g3A.8.55 Number of SCKs changed 182g3A.8.55a Number of SCKs deleted 182g3A.8.56 Number of SCKs provided . 182g3A.8.56a Number of SCKs rejected . 182g3A.8.57 Number of SCKs requested 183g3A.8.57a Number of SCK status 183g3A.8.57b OTAR reject reason 183g3A.8.57c OTAR retry interval . 184g3A.8.58
48、 OTAR sub-type 184g3A.8.59 PDU type 185g3A.8.60 Proprietary 186g3A.8.61 Provision result . 186g3A.8.62 Random challenge 186g3A.8.63 Random seed 186g3A.8.64 Random seed for OTAR . 186g3A.8.65 Void 187g3A.8.65a Reject reason 187g3A.8.66 Response value . 187g3A.8.67 SCK data 187g3A.8.68 SCK information
49、 187g3A.8.69 SCK key and identifier . 188g3A.8.70 SCK Number (SCKN) 188g3A.8.71 SCK number and result 188g3A.8.72 SCK provision flag . 188g3A.8.72a Void 189g3A.8.72b SCK rejected 189g3A.8.73 SCK select number . 189g3A.8.73a SCK subset grouping type 189g3A.8.73b SCK subset number 190g3A.8.74 SCK use 190g3A.8.75 SCK version number 190g3A.8.76 Sealed Key (Sealed CCK, Sealed SCK, Sealed GCK, Sealed GSKO) . 190g3A.8.77 Security information element . 191g3A.8.77a Security parameters 192g3A.8.77b Security related information element . 192g3A.8.78 Session key . 192g3A.8.79 Slot Number
