1、 ETSI EN 300 396-6 V1.5.1 (2012-09) Terrestrial Trunked Radio (TETRA); Direct Mode Operation (DMO); Part 6: Security European Standard ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 2Reference REN/TETRA-06181 Keywords air interface, data, DMO, security, security mode, speech, TETRA ETSI 650 Route des Lucio
2、les F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:
3、/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the pri
4、nting on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:
5、/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and
6、the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2012. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered
7、for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 3Contents Intellectual Property Rights 5g3Foreword . 5g31 Scope 6g32 References 6g32.1 Normative reference
8、s . 6g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 8g34 DMO security class 9g34.1 General . 9g34.2 DM-2-A 10g34.3 DM-2-B 10g34.4 DM-2-C 10g35 DMO call procedures . 11g35.1 General . 11g35.1.1 Security profile . 11g35.1.1.1 Indication of s
9、ecurity parameters 11g35.2 Security class on call setup . 12g35.2.1 General 12g35.2.2 Normal behaviour . 12g35.2.3 Exceptional behaviour 12g35.2.3.1 Call-setup with presence check . 12g35.2.3.2 Call-setup without presence check 12g35.2.3.3 Behaviour post call-setup 12g35.3 Security class on call fol
10、low-on . 13g35.3.1 General 13g35.3.2 Normal behaviour . 13g35.3.3 Exceptional behaviour 13g36 Air interface authentication and key management mechanisms 14g36.1 Authentication 14g36.2 Repeater mode operation 14g36.3 Gateway mode operation 14g36.4 Air Interface (AI) key management mechanisms . 16g36.
11、4.1 Key grouping 16g36.4.2 Identification of cipher keys in signalling . 19g37 Enable and disable mechanism . 19g38 Air Interface (AI) encryption . 19g38.1 General principles. 19g38.2 Encryption mechanism . 20g38.2.1 Allocation of KSS to logical channels 20g38.3 Application of KSS to specific PDUs.
12、21g38.3.1 Class DM-1 . 21g38.3.2 Class DM-2A 21g38.3.2.1 DMAC-SYNC PDU encryption 21g38.3.2.2 DMAC-DATA PDU encryption . 22g38.3.2.3 DMAC-FRAG PDU encryption 22g38.3.2.4 DMAC-END PDU encryption 22g38.3.2.5 DMAC-U-SIGNAL PDU encryption 23g38.3.2.6 Traffic channel encryption 23g38.3.3 Class DM-2B 23g3
13、ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 48.3.3.1 DMAC-SYNC PDU encryption 24g38.3.3.2 DMAC-DATA PDU encryption . 24g38.3.3.3 DMAC-FRAG PDU encryption 24g38.3.3.4 DMAC-END PDU encryption 25g38.3.3.5 DMAC-U-SIGNAL PDU encryption 25g38.3.3.6 Traffic channel encryption 25g38.3.4 Class DM-2C 25g38.3.4.1
14、DMAC-SYNC PDU encryption 26g38.3.4.2 DMAC-DATA PDU encryption . 27g38.3.4.3 DMAC-FRAG PDU encryption 27g38.3.4.4 DMAC-END PDU encryption 27g38.3.4.5 DMAC-U-SIGNAL PDU encryption 27g38.3.4.6 Traffic channel encryption 28g38.4 Encryption of identities in repeater and gateway presence signal 28g39 Encr
15、yption synchronization 30g39.1 General . 30g39.1.1 Algorithm to establish frame number to increment TVP 31g39.1.1.1 Master DM-MS operation . 31g39.1.1.2 Slave DM-MS operation . 31g39.2 TVP used for reception of normal bursts 32g39.3 Synchronization of calls through a repeater . 32g39.3.1 Algorithm t
16、o establish frame number to increment TVP 33g39.3.1.1 Master DM-MS operation . 33g39.3.1.2 Slave DM-MS operation . 33g39.4 Synchronization of calls through a gateway . 33g39.5 Synchronization of data calls where data is multi-slot interleaved . 34g39.5.1 Recovery of stolen frames from interleaved da
17、ta . 35g3Annex A (normative): Key Stream Generator (KSG) boundary conditions 36g3A.1 Overview 36g3A.2 Use 37g3A.3 Interfaces to the algorithm 37g3A.3.1 ECK 37g3A.3.1.1 Use of ECK in class DM-2-A and DM-2-B 37g3A.3.1.2 Use of ECK in class DM-2-C . 38g3A.3.2 Keystream. 38g3A.3.3 Time Variant Parameter
18、 (TVP) 38g3Annex B (normative): Boundary conditions for cryptographic algorithm TB6 39g3Annex C (informative): Encryption control in DM-MS 40g3C.1 General . 40g3C.2 Service description and primitives . 40g3C.2.1 DMCC-ENCRYPT primitive . 41g3C.2.2 DMC-ENCRYPTION primitive . 43g3C.3 Protocol functions
19、 44g3Annex D (informative): Bibliography . 45g3Annex E (informative): Change request history 46g3History 47g3ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 5Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertainin
20、g to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat
21、. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ET
22、SI Web server) which are, or may be, or may become, essential to the present document. Foreword This European Standard (EN) has been produced by ETSI Technical Committee Terrestrial Trunked Radio (TETRA). The present document is part 6 of a multi-part deliverable covering Direct Mode Operation, as i
23、dentified below: Part 1: “General network design“; Part 2: “Radio aspects“; Part 3: “Mobile Station to Mobile Station (MS-MS) Air Interface (AI) protocol“; Part 4: “Type 1 repeater air interface“; Part 5: “Gateway air interface“; Part 6: “Security“; Part 7: “Type 2 repeater air interface“; Part 8: “
24、Protocol Implementation Conformance Statement (PICS) proforma specification“; Part 10: “Managed Direct Mode Operation (M-DMO)“. NOTE: Parts 7, 8 and 10 of this multi-part deliverable are of “historical“ status and will not be updated according to this version of the standard. National transposition
25、dates Date of adoption of this EN: 14 September 2012 Date of latest announcement of this EN (doa): 31 December 2012 Date of latest publication of new National Standard or endorsement of this EN (dop/e): 30 June 2013 Date of withdrawal of any conflicting National Standard (dow): 30 June 2013 ETSI ETS
26、I EN 300 396-6 V1.5.1 (2012-09) 61 Scope The present document defines the Terrestrial Trunked Radio system (TETRA) Direct Mode of operation. It specifies the basic Air Interface (AI), the interworking between Direct Mode Groups via Repeaters and interworking with the TETRA Trunked system via Gateway
27、s. It also specifies the security aspects in TETRA Direct Mode and the intrinsic services that are supported in addition to the basic bearer and teleservices. The present document describes the security mechanisms in TETRA Direct Mode. It provides mechanisms for confidentiality of control signalling
28、 and user speech and data at the AI. It also provided some implicit authentication as a member of a group by knowledge of a shared secret encryption key. The use of AI encryption gives both confidentiality protection against eavesdropping, and some implicit authentication. 2 References References ar
29、e either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents w
30、hich are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. 2.1 Normative references The following ref
31、erenced documents are necessary for the application of the present document. 1 ETSI EN 300 392-2: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air Interface (AI)“. 2 ISO 7498-2: “Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Sec
32、urity Architecture“. 3 ETSI EN 300 396-2: “Terrestrial Trunked Radio (TETRA); Technical requirements for Direct Mode Operation (DMO); Part 2: Radio aspects“. 4 ETSI EN 300 392-7: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security“. 5 ETSI EN 300 396-3: “Terrestrial Trunked R
33、adio (TETRA); Technical requirements for Direct Mode Operation (DMO); Part 3: Mobile Station to Mobile Station (MS-MS) Air Interface (AI) protocol“. 6 ETSI TS 100 392-15: “Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 15: TETRA frequency bands, duplex spacings and channel numbering“
34、. 7 ETSI EN 302 109: “Terrestrial Trunked Radio (TETRA); Security; Synchronization mechanism for end-to-end encryption“. 8 ETSI EN 300 396-5: “Terrestrial Trunked Radio (TETRA); Technical requirements for Direct Mode Operation (DMO); Part 5: Gateway air interface“. 9 ETSI EN 300 396-4: “Terrestrial
35、Trunked Radio (TETRA); Technical requirements for Direct Mode Operation (DMO); Part 4: Type 1 repeater air interface“. ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 72.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist
36、the user with regard to a particular subject area. Not applicable. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: air interface encryption state: status of encryption in a call (on or off) call transaction: all of
37、the functions associated with a complete unidirectional transmission of information during a call NOTE: A call is made up of one or more call transactions. In a simplex call these call transactions are sequential. (See EN 300 396-3 5). carrier number: integer, N, used in TETRA to represent the frequ
38、ency of the RF carrier NOTE: See TS 100 392-15 6. cipher key: value that is used to determine the transformation of plain text to cipher text in a cryptographic algorithm cipher text: data produced through the use of encipherment NOTE: The semantic content of the resulting data is not available (ISO
39、 7498-2 2). decipherment: reversal of a corresponding reversible encipherment NOTE: See ISO 7498-2 2. Direct Mode Operation (DMO): mode of simplex operation where mobile subscriber radio units may communicate using radio frequencies which may be monitored by, but which are outside the control of, th
40、e TETRA TMO network NOTE: DM operation is performed without intervention of any base station. (See EN 300 396-3 5). DMO-net: number of DMO MSs communicating together and using common cryptographic parameters encipherment: cryptographic transformation of data to produce cipher text NOTE: See ISO 7498
41、-2 2. encryption cipher key: cipher key used as input to the KSG, derived from an address specific cipher key and randomly varied per channel using algorithm TB6 end-to-end encryption: encryption within or at the source end system, with the corresponding decryption occurring only within or at the de
42、stination end system explicit authentication: transaction initiated and completed specifically to demonstrate knowledge of a shared secret where the secret is not revealed implicit authentication: authenticity demonstrated by proof of knowledge of a shared secret where that demonstration is a by-pro
43、duct of another function key stream: pseudo random stream of symbols that is generated by a KSG for encipherment and decipherment Key Stream Generator (KSG): cryptographic algorithm which produces a stream of binary digits which can be used for encipherment and decipherment NOTE: The initial state o
44、f the KSG is determined by the initialization value. ETSI ETSI EN 300 396-6 V1.5.1 (2012-09) 8Key Stream Segment (KSS): key stream of arbitrary length plain text: unencrypted source data NOTE: The semantic content is available. proprietary algorithm: algorithm which is the intellectual property of a
45、 legal entity SCK set: collective term for the group of 32 SCKs associated with each Individual TETRA Subscriber Identity SCK-subset: collection of SCKs from an SCK set, with SCKNs in numerical sequence, where every SCK in the subset is associated with one or more different GSSIs NOTE: Multiple SCK
46、subsets have corresponding SCKs associated with the same GSSIs. Static Cipher Key (SCK): predetermined cipher key that may be used to provide confidentiality in class DM-2-A, DM-2-B and DM-2-C systems with a corresponding algorithm synchronization value: sequence of symbols that is transmitted to th
47、e receiving terminal to synchronize the KSG in the receiving terminal with the KSG in the transmitting terminal synchronous stream cipher: encryption method in which a cipher text symbol completely represents the corresponding plain text symbol NOTE: The encryption is based on a key stream that is i
48、ndependent of the cipher text. In order to synchronize the KSGs in the transmitting and the receiving terminal synchronization data is transmitted separately. TETRA algorithm: mathematical description of a cryptographic process used for either of the security processes authentication or encryption T
49、runked Mode Operation (TMO): operations of TETRA specified in EN 300 392-2 1 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: ACK ACKnowledgement AI Air Interface CK Cypher Key CN Carrier Number DM Direct ModeDMAC Direct Mode Media Access Control DMC A layer 2 Service Access Point (DMC-SAP) DMCC Direct Mode Call Control DMO Direct Mode Operation DSB Direct Mode Synchronisation Burst ECK Encryption Cipher Key EDSI Encrypted Direct-mode Short Identity EDSI-URTC Encrypted DMO Short Identity-Usage Re