1、ETS 300 747 May 1997 Source: ETSI TC-Security ICs: 33.020 Key words: Audio, security, service Reference: DUSEC-002308 I Telecommunications Security; Service access control and synchronization for audiovisual services ETSI r European Telecommunications Standards Institute ETSI Secretariat Postal addr
2、ess: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariatetsi.fr Tel.: +33 4 92 94 42 O0 - Fax: +33 4 93 65 47 16 Copyright Notification: No part may be reproduced exc
3、ept as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. O European Telecommunications Standards Institute 1997. All rights reserved. STD-ETSI ETS 300 747-ENGL I1997 3400855 0393404 992 Page 2 ETS 300 747: May 1997 Whilst every care ha
4、s been taken in the preparation and publication of this document, errors in content, typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to “ETSI Editing and Committee Support Dept.“ at the address shown on the title page. STD-ETSI EIS 300 747-ENGL 1997
5、3400855 0393405 829 Page 3 ETS 300 747: May 1997 Contents Foreword . 5 1 Scope 7 2 Normative references 7 3 Abbreviations . 7 4 General functions 8 Trusted MCUs (TMCUs) versus Non-trusted MCUs (NMCUs) . 8 4.1.1 TMCU 8 4.1.2 NMCU 8 4.2 Chair-Control Functions for Confidentiality 8 4.3 Authentication
6、8 4.4 Routeing of ECS channel messages . 9 4.1 5 Access control . 9 Initialization of a session 9 Modifications during a session . 9 5.2.1 Participants joins a session . 9 5.2.2 Participant leaves a session 9 5.2.3 Handover of session responsibility 10 5.3 Termination of a session 10 5.4 Abnormal ev
7、ents 10 5.1 5.2 6 Synchronization of the confidentiality system 10 6.1 Introduction 10 6.2 Synchronization of session key activation 10 History 11 STD-ETSI ETS 300 747-ENGL 1997 W 3400855 0393406 765 Page 5 ETS 300 747: May 1997 Foreword This European Telecommunication Standard (ETS) has been produc
8、ed by the Security Technical Committee of the European Telecommunications Standards Institute (ETSI). Transposition dates Date of adoption: Date of latest announcement of this ETS (doa): 18 April 1997 31 August 1997 Date of latest publication of new National Standard or endorsement of this ETS (dop/
9、e): 28 February 1998 Date of withdrawal of any conflicting National Standard (dow): 28 February 1998 Previous page is blank - STD.ETS1 ETS 300 747-ENGL 3997 3400855 0393407 bT1 m Page 7 ETS 300 747: May 1997 1 Scope This European Telecommunication Standard (ETS) fits into the series of standards abo
10、ut audiovisual communication over the Integrated Services Digital Network (ISDN), which is introduced in the ITU-T H.200 series of Recommendations. In ITU-T Recommendations H.233 l and H.234 2, the basic mechanisms for confidentiality and key exchange are specified. On top of these, this ETS specifi
11、es the confidentiality related protocol extensions needed for the establishment, modification and termination of audiovisual conferences using one or more Multipoint Control Units (MCUs). 2 Normative references This ETS incorporates by dated and undated reference, provisions from other publications.
12、 These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions of any of these publications apply to this ETS only when incorporated in it by amendment or revision. For undated referen
13、ces the latest edition of the publication referred to applies. ITU-T Recommendation H.233: “Confidentiality system for audiovisual services“. NOTE 1 : ITU-T Recommendation H.233 forms the basis of ETS 300 840 6. ITU-T Recommendation H.234: “Encryption key management and authentication system for aud
14、iovisual services“. NOTE 2: ITU-T Recommendation H.234 forms the basis of ETS 300 841 7. ITU-T Recommendation H.243: “Procedures for establishing communication between three or more audiovisual terminals using digital channels up to 2 Mbis“. ITU-T Recommendation H.231: “Multipoint control units for
15、audiovisual systems using digital channels up to 2 Mbitls“. TU-T Recommendation H.230: “Frame-synchronous control and indication signals for audiovisual systems“. ETS 300 840: “Telecommunications Security; Integrated Services Digital Network (ISDN); Confidentiality system for audiovisual services“.
16、ETS 300 840: “Telecommunications Security; integrated Services Digital Network (ISDN); Encryption key management and authentication system for audiovisual services“. Abbreviations For the purposes of this ETS, the following abbreviations apply: CCK CCT ECS MCU NMCU TMCU Chair Command Kill Chair-Cont
17、rol Terminal Encryption Control Signal Multipoint Control Unit Non-trusted MCU Trusted MCU Previous page is blank STD-ETSI ETS 300 747-ENGL 1997 3400855 0193408 538 m Page 8 ETS 300 747: May 1997 4 General functions 4.1 Trusted MCUs (TMCUs) versus Non-trusted MCUs (NMCUs) 4.1.1 TMCU In the case of a
18、 “trusted MCU“ (in which the signals are all decrypted at the inputs to the MCU, and therefore the MCU needs to be in a secure location) the communication between each audiovisual terminal and the MCU may be encrypted as described in ITU-T Recommendation H.233 l. Clearly this method is not applicabl
19、e to the connection of telephone terminals to the conference via the analogue telephone network. 4.1.2 NMCU A NMCU is not able to decrypt the audio, video, or other data. The point-to-point environment specified in ITU-T Recommendations H.233 I and H.234 2, suitable for a TMCU, should be enhanced to
20、 include a NMCU. The conference is carried out in switching mode as mixing of encrypted data is not possible at the MCU. A possible mode of switching may be that all participants receive the picture and the voice of the speaker, except the speaker himself, who receives the video and audio of the Cha
21、ir Control Terminal (CCT). The switching of the speaker is controlled directly by the CCT using the BAS codes specified in ITU-T Recommendation H.230 SI. The existence of a CCT for the distribution of keys is mandatory. Each participant has to open the Encryption Control Signal (ECS) channel as spec
22、ified in ITU-T Recommendation H.233 l and the MCU has to route it between the participants and the CCT. The routeing information is also coded in the ECS channel as described in subclause 4.4. This provides a configuration to exchange keys and other information over a point-to-point link, .e. from C
23、CT to the participants. 4.2 Chair-Control Functions for Confidentiality For the control of audiovisual conferences, the confidentiality related functions of the MCU as described in ITU-T Recommendation H.231 4 may be divided into switching and chair-control functions. In the case of a TMCU both grou
24、ps of functions may be implemented within the MCU; for confidentiality purposes, an explicit CCT is not required. If a NMCU is used, the CCT has to take over the chair-control functions as below: - it is responsible for the authentication of the participants; - it is responsible for the distribution
25、 of keys in regular or irregular intervals; - when a partner joins or leaves during a session, new session keys should be distributed; - the speaker switching should be carried out by the chair control. 4.3 Authentication Generally, all participants including the session chair have to authenticate t
26、hemselves before joining the session. Optionally, mutual authentication may be applied. In the case of a TMCU, the MCU is in charge of authenticating all terminals (see ITU-T Recommendation H.234 2). When a NMCU is used, the CCT has to take over this function; in this case, no authentication for the
27、 CCT takes place, but all other terminals have to authenticate themselves against the CCT. Once the connection between the MCU and the CCT is running, the conference is considered as established. All other participants are treated as joining an existing conference: therefore their entry into the con
28、ference is equivalent to a modification of a running session. Page 9 ETS 300 747: May 1997 4.4 Routeing of ECS channel messages In the case of a NMCU, a routeing function within the NMCU is required for the point-to-point signalization between specific terminals and the CCT. The MCU has to route the
29、 ECS channel corresponding to the routeing information coded in the IV blocks. The IV block is extended to include the terminal number of the participant with whom the CCT communicates. 16 bits from the 20 spare bits are used for this. Terminal (TN = O) Terminal KI , CCT E; (TN = A) E=?-, Term inal
30、Idle Blocks a) MCU broadcasts the message (Terminal Number TN = O) b) MCU routes CCT to A and vice versa All others receive idle packets Figure 1: Routeing of the ECS channel 5 Access control 5.1 Initialization of a session If a TMCU is used, the session initialization takes place as specified in IT
31、U-T Recommendations H.234 2 and H.243 3. In the case of a NMCU, a session is initialized with the first terminal with Chair Control capability connected to the MCU. The Chair Control token is passed over to this terminal. If this terminal does not have the Chair Control capability, then the connecti
32、on is dropped. All other initialization procedures are carried out as specified in ITU-T Recommendation H.234 2. 5.2 Modifications during a session 5.2.1 Participants joins a session The procedures for authentication and/or key exchange take place as specified in ITU-T Recommendation H.234 2, clause
33、 2. If a TMCU is used, the central part of these procedures is carried out by the MCU. In the case of a NMCU, the MCU informs the CCT that a new participant intends to join the session. The CCT transmits PO to the respective terminal. If the terminal replies with PI or P2, the new terminal should be
34、 excluded from the session. NOTE: Exchange of session keys necessitates synchronization as described in clause 6. 5.2.2 Participant leaves a session After a participant has left the session (see ITU-T Recommendation H.243 3, subclause 7.3), the MCU (or the CCT in case of a NMCU) shall initiate a key
35、 exchange procedure and thereby the distribution of a new key-encrypting key for the remaining participants. Thereafter new session keys shall be distributed, and synchronization shall be carried out. The same procedure applies for the case, where a terminal is dropped by the CCT (see TU-T Recommend
36、ation H.243 3, subclause 7.5). Page 10 ETS 300 747: May 1997 Message Name: Message Identifier: Mean i ng : Contents: 5.2.3 Handover of session responsibility Key Received Confirmation P12 1 opt, t,t,t,t,=10001 o1 o The terminal has received the new session key supplied by the MCU. The message has no
37、 content. The handover of the Chair Control token may be handled in two ways on the MCU: - restricted mode: the initial terminal is the CCT and cannot be changed during the session; - flexible mode: the initial participant is the Chair Control, and it may transfer this role to another participant du
38、ring a session. If no other participant can handle the Chair Control token, the session should be terminated. This function is mandatory for a NMCU, and is optional for a TMCU. The applicable protocol is described in ITU-T Recommendation H.243 3, subclause 7.2. 5.3 Termination of a session When a MC
39、U receives the BAS code Chair Command Kill (CCK) from the CCT, it drops the connections at all its ports, releasing all associated conference resources (see ITU-T Recommendations H.243 3 and H .230 SI). 5.4 Abnormal events In the case of a NMCU, an abrupt termination of the CCT should be identified
40、by the MCU and cause the termination of the session. In the case of a TMCU, the conference may be continued with the remaining terminals. 6 Synchronization of the confidentiality system 6.1 Introduction After each modification of a session a synchronization of the confidentiality system in all termi
41、nals has to be carried out. 6.2 Synchronization of session key activation The MCU broadcasts the session keys to all participants, using message P6 as specified in ITU-T Recommendation H.234 2. Each participant, after receiving the message P6, confirms it using P12. The MCU sequentially establishes
42、connection over the ECS channel to each participant to receive the confirmation. The MCU should repeat P6 until it receives P12 from the participant or until a specified period of time has elapsed. In case no confirmation is received, the partner is dropped from the conference. After the MCU has rec
43、eived the confirmation from all participants it sets the key-loading synchronization flag in the IV block to use the new key. If a NMCU is used, the respective protocol steps are carried out by the CCT. Page 11 ETC 300 747: May 1997 April 1996 February 1997 May 1997 History Public Enquiry PE 105: 1996-04-08 tO 1996-08-30 Vote V 9715: 1997-02-1 1 to 1997-04-1 1 First Edition ISBN 2-7437-1 474-3 Dpt lgal : Mai 1997
