1、3404583 01208L9 7b4 Released: July, 1994 GSM 12.03 Version: 4.0.0 Date: 1 July, 1994 Source: ETSI TC-SMG Reference: GSM 12.03 UDC: 621.396.21 Key words: European digital cellular telecommunications system, Global System for Mobile communications (GSM) European digital cellular telecommunications sys
2、tem (Phase 2); Security Management (GSM 12.03) ETSI European Telecommunications Standards Institute ETSI Secretariat Postal address: 06921 Sophia Antipolis Cedex - FRANCE Office address: Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE Tel.: + 33 92 94 42 O0 - Fax: + 33 93 65 47 16 European
3、 Telecommunications Standards Institute 1994. All rights reserved. No part may be reproduced except as authorised by written permission. lhe copyright and the foregoing restriction on reproduction extend to all media in which the information may be embodied. Whilst every care has been taken in the p
4、reparation and publication of this document, errors in content, typographical or otherwise, may occur. if you have comments concerning its accuracy, please write to “ETSI Editing and Standards Approval Dept.“ at the address shown on the title page. 3404583 0320823 332 = GSM 12.03 Version 4.0.0 1 TAB
5、LE OF CONTENTS 1 . SCOPE 4 1.1. References . 4 1.2. Abbreaations . 5 1.3. Background . 6 2 . MANAGEMENT OF SECURITY FEATURES 7 2.1. Subscriber Identity (IMSI) Confidentiality Management . 7 2.2. Subscriber Identity (IMSI) Authentication Management . 7 2.3. Data Confidentiality Over the Air Interface
6、 . .- _ 7 2.3.1. Encryption and Algorithm Management . 7 2.3.2. Key Management . 8 2.4. Management of Mobile Equipment Security . 8 3 . SECRlTY MANAGEMENT MEC“iSMS 9 3.1 . System Control Mechanisms 9 3.2. Information Gathering Mechanisms 9 3.2.1. Use of Ssanners . 9 3.2.2. Audit Trail Mechanisms . 1
7、0 3.3 Alarm Reporting Mechanisms . 10 4 . SECRlTY PROCEDURES . 11 4.1. Subscriber Identity Confidentiality Management Procedures (TMSI) 11 4.1.1. Timer for Periodic Location Update . 11 4.1.2. Selector when TMSI reallocation shall be done 11 4.2. Subscriber Identity Authentication Management Procedu
8、res 12 4.2.1. Selector When Authentication Shall be Performed . 12 4.2.2. Open Identification of MS (authentication retried) . 12 4.2.3. Parameters for Generation and Use of Authentication Vector 13 4.3. Encryption and Algorithm Management Procedures . 13 4.3.1. Encryption Management Procedures 13 4
9、.3.2. Algorithm Management Procedures . 14 4.4. IMEI Management Procedures 14 4.4.1. Selector When IMEI Check Shall Be Performed 14 4.5. Use of Counters for Security Purposes . 14 4.5.1. Open Transfer of IMSI 14 4.5.2. IMEI Related Counters IS 4.5.3. Authentication Failure . 15 4.5.4 Additional Secu
10、rity Counters 15 = 3404563 0120622 259 m t GSM 12.03 Version 4.0.0 4.5.5 Security-Related Scan Reporting 16 4.6 Security Reporting . 17 4.6.1 Security Alarm Reports 17 4.6.2 Security Audit Trail Reports 19 5 . SECURITY MANAGEMENT OBJECT MODEL 20 5.1 SECURITY OBJECT CLASSES . 20 5.1.1 vlr1203Authenti
11、cationFunction 20 5.1.2 vlrl203SubscriberIdFunction . 21 5.1.3 vlr 1203EquipmentIdFunction . 21 5.1.4 msc 1203EncryptionFunction .-, . 21 5.1.5 mscl203IMSICodentiiFunction 22 5.1.6 Nrl203SubsberIdFunction . 22 5.1.7 auc1203SubscriberIdFunction Error! Bookmark not defined . 5.1.8 bts1203EncryptionFun
12、ction . 23 . 5.1.9 security AlarmReportRecord . 23 5.2 SECURITY ATTRiBUTES DEFINITIONS 23 5.2.1 authenticationNecessaryWhen 23 5.2.2 authenticationRetriedAilowed 23 5.2.3 numberOfAuthenticationVectorsKept 23 5.2.4 authenticationVectorReuseAilowed 23 5.2.5 allocateNewTMSWhen . 24 5.2.6 checkIMEIWhen
13、24 5.2.7 encryptioncontrol 24 5.2.8 algorithmListMSC . 24 5.2.9 algorithmListBTS 24 5.2.1 O threshold 24 5.2.1 1 vlr 1203AuthenticationFunctionId . 25 5.2.12 vlr 1203 SubscriberIdFunctiodd 25 5.2.1 3 vlr 1203EquipmentIdFunctionId 25 5.2.14 msc1203EncryptionFunctionId . 25 5.2.15 msc1203IMSIConfident
14、ialityFunctionId . 25 5.2.16 hlr 1203 SubscriberIdFunctionId 25 5.2.1 7 auc 1203 SubscriberIdFunctionId . 26 5.2.18 bts1203EncryptionFunctionId 26 5.3 NOTIFICATIONS . 26 5.4 NAME BINDINGS 26 3404583 0120823 195 W GSM 12.03 Version 4.0.0 3 5.4.1 vlr 1203AuthenticationFunction 26 5.4.2 vlr 1203 Subscn
15、berIdFunction . 26 5.4.3 vlr1203EquipmentIdFunction . 27 5.4.4 mscl203EncryptionFunction 27 5.4.5 msc 1203IMSIConfidentialityFunction 27 5.4.6 hlr 1203 SubscriberIdFunction . 27 5.4.2 aucl203SubscberIdFunction 28 5.5 ABSTRACT SYNTAX DEFINITIONS . 28 6 . ANNEX A: RELATION BETWEEN THE AUTHENTICATION A
16、ND ENCRYPTION ATTRIBUTES - 36 7 ANNEX B: ADDiTIONAL SECURITY COUNTERS . 39 7.1 MSC Encryption Usage Function 39 7.1.1 Encrypted connection used . 39 7.1.2 Unencrypted Connection Used 39 7.1.3 Connection Cleared Due to Incompatible Encryption 39 7.2 VLR Security Function . 40 7.2.1 Authentication Vec
17、tors Unavailable 40 7.2.2 Subscriber unknown in HLR(VLR) . 40 7.3 HLR Security Function . 40 3404583 0320824 O23 = 4 GSM 12.03 Version 4.0.0 1 1. SCOPE This specification describes the management of the security related aspects of air interface in the GSM/DCS PLMN. The management of the relevant sec
18、urity services is addressed with respect to the following aspects: - Overview of the security fatures - Description of the relevant management procedures - Modeling using the object oriented paradigm The definitions and descriptions of the security fatures and mechanisms are contained in the specifi
19、cations of the underlying procedures and are not dehed in this specification. References to appropriate GSMDCS specifications have been made throughout the document, where necessary. Issues relating to the security of management (e.g. file transfer security, database secsty, inter-operator security,
20、 etc.) are not covered in this specification. 1.1. References 1) GSM02.09: “Security Aspects“ 2) GSM03.03 : “Numbering, Addressing and Identification“ 3) GSM03.20: “Security Related Network Functions“ 4) GSM04.08 : Mobile Radio Interface Layer 3 Specification“ 5) GSM09.02: “Mobile Application Part S
21、pecification“ 6) GSM 12.00: “Objectives and Stmcture of GSM PLMN Management“ 7) GSM 12.02 : 8) M.3010 (Part ii. 1): 9) GSM 02.16 : “International MS Equipment Identities“ 10) GSM 12.04: 1 1) Open Systems Interconnection - Structure of management information : Management information model 12) CCITT(2
22、): “Subscriber, Mobile Equipment and Services Data Administration“ “Principles for a Telecommunication Management Network“ “Performance Management and Measurements for a GSM PLMN“ CCITT Recommendation X.720 (1 992) I ISO/IEC 10 165-1 : 1992, Information technology - - CCITT Recommendation X.73 1 ( 1
23、992) I ISOAEC 1 O 164-2: 1993, Information technolugy - Open Systems Interconnection - Systems Management :Part 2: State management function - CCIT“ Recommendation X.733 (1 992) I ISO/IEC 1 O 164-4: 1992, Information technolugy - Open Systems Interconnection - Systems Management :Part 2: Alam Report
24、ing Function - CCITT Recommendation X.736 ( 1992) I ISO/IEC 1 O 164-7: 1992, Information technoZogy - Open Systems Interconnection - Systems Management :Pari 2: Semris Alarm Reporting Function Note: It is assumed that the latest version of these documents is to be consulted unless otherwise indicate
25、d. 3404583 0120825 Tb8 = 5 GSM 12.03 Version 4.0.0 1.2. Abbreviations A3 A5 A8 AuC BCCH BSS BTS CKSN CM EIR GDMO HLR IMEI IMSI Kc Ki LAI LU MAP ME MM MO MOC MS MSC MT NE NMC OMC os PLMN Authentication Algorithm Ciphering Algorithm Ciphering Key Computation Algorithm Authentication Centre Broadcast C
26、ontrol Channel Base Station Sub-system Base Transceiver Station Ciphering Key Sequence Number Call Management Equipment Identity Register Guidelines for the Definition of Managed Objects Home Location Register International Mobile Equipment Identity International Mobile Subscriber Identity Ciphering
27、 Key Individual Subscriber Authentication Key Location Area Identification Location Update Mobile Application Part Mobile Equipment Mobility Management Mobile Originating, Managed Object Managed Object Class Mobile Station Mobile Switching Centre Mobile Terminating Network Element Network Management
28、 Centre Operations and Maintenance Centre Operations System Public Land Mobile Network m 3404583 0320826 T4 6 GSM 12.03 Version 4.0.0 RAND Rec. SIM SRES ss TMN TMSI VLR Random Number Recommendation Subscriber Identity Module Signed Response to RAMD Supplementary Service Telecommunications Management
29、 Network Temporary Mobile Subscriber Identity Visitor Location Register 1.3. Background The radio communications aspect of the GSM system makes it particularly seniitive to unauthorized use. For this reason, security mechanisms are defined for the GSM system: - Subscriber identity (MSl) confidential
30、ity. - Subscriber identity (IMSI) authentication. - Data confidentiality over the air interface. - Mobile equipment security. The use of these security features, is at the discretion of operators for non-roaming subscribers. For roaming subscribers however, the use of these security features is mand
31、atory, unless otherwise agreed by all the affected PLMN operators (GSM 02.09). A number of security parameters have been defined in the core specifications to support these security features. The IMSI is used to uniquely identie subscribers and the TMSI to provide subscriber identity confidentiality
32、. The authentication vectors (Kc,RAND,SRES) are used in the authentication process and the ciphering key (Kc) is used to encrypt signaling and user data over the air interface. Finally the ME1 can be used to establish whether a piece of mobile equipment is suitable to be used on the network, i.e., a
33、pproved and neither stolen nor faulty. Formal definitions of these security mechanisms and their technical realization can be found in recommendations GSM 02.09 and GSM 03.20 respectively. The relevant messaging and procedures can be found in recommendations GSM 04.08, GSM 08.08, GSM 08.58, and GSM
34、09.02. It is the objective of this specification to provide a standard mechanism for the management of the aforementioned security features and parameters. - GSM 12.03 Version 4.0.0 7 2. MANAGEMENT OF SECURTTY FEATURES Section 2 identifies the manageable aspects of the security fatures in the previo
35、us section. The security management mechanisms which can be used are listed in Sdon 3. Section 4 defines the parameters introduced in Section 2, and Section 5 provides the object model for the management these parameters 2.1. Subscriber Identity (KMSI) Confidentiality Management Subscriber confident
36、iality in the GSM PLMN is provided by the use of the TMSI on the air interface. Avoiding the use of the IMSI over the air interface by substituting the TMSI, provides both a high level of confidentiality for user data and signaling, and protection against the tracing of a users location. This mechan
37、ism is described in GSM 03.20 and the stnicture of the TMSI is described in GSM 03.03. As the frequency of redocation of the TMSI has an effect on the subscriber confidentiality, a parameter is defined to provide control over it. If the (old) TMSI is unknown to the VLR or wrong, the mobile subscribe
38、r can only be identified by using the IMSI. As encryption is not possible during that stage, the IMSI has to be sent unencrypted over the air interface. The occurrence of such an event (or similar) affects the quality of the subscriber confidentiality service. Counters are defined to provide informa
39、tion about this service. . 2.2. Subscriber identity (IMSI) Authentication Management The GSM PLMN offers a mechanism for the authentication of subscriber identity. The purpose of this feature, is to protect the network against unauthorized use. It also enables the protection of the GSM PLMN subscrib
40、ers, by making it practically impossible for intruders to impersonate authorized users. Subscriber authentication may be included in the MAP procedures for access request and location update. The use of authentication should be under the control of the operator and a parameter is defined for this pu
41、rpose. Authentication may be retried to recover fiom failure due to incorrect TMSI by requesting open transfer of the IMSI over the air interface. This should be under the control of the operator and a parameter to this effect is defined. To support authentication, vectors are generated in the AuC.
42、The VLR requests these authentication vectors for use in the authentication procedures. Under exceptional conditions, these vectors may need to be reused. This may have an effect on the security of the network, and should be under the control of the operator. 2.3. Data Confidentiality Over the Air I
43、nterface 2.3.1. Encryption and Algorithm Management In a GSM PLMN, encryption may be used to protect the confidentiality of data and signaling on the air interface .Two algorithms are essentially involved in the encryption process; the ciphering algorithm (A5) and the cipher key generation algorithm
44、 (A8). In general, the authentication algorithm (A3) and the A8 algorithm, are implemented as one in the AuC and the SIM, and may be operator-specific. The A5 algorithm is implemented in the ME and at the BTS. The negotiation (between the MS and the MSC) of up to seven versions of the ciphering algo
45、rithm (AS/l, AY2 ., A5/7), is catered for in signaling. The MSC will then identifl which of these versions are allowed by the network for this call (perhaps based on the user identity) and will pass the list of acceptable versions to the BSS. The BSS must then select a version fiom this list. If any
46、 versions in this list are supported by the BTS, then encryption must be used. For the 3404583 IL20828 777 W 8 GSM 12.03 Version 4.0.0 case where multiple choices are available, the order of preference for this BSS selection should be set by the operator. A BTS related attribute specivng a priority
47、ordered list of version choices is defined in this specification. If no version match is available, the MSC must decide whether or not to complete the call in unencrypted mode. An MSC related attribute to. aliow/prohibit unencrypted communications is defined in this specification. 2.3.2. Key Managem
48、ent Two types of keys are defined in GSM, the authentication key (Ki) and the cipher key (Kc). The Ki is unique to the subscriber. It is stored in the SIM during pre-personalization and in the authentication centre The Kc is normally generated at the same time as the authentication parameters. The s
49、ame random number (RAND) that is passed through the A3 algorithm with the Ki during authentication, is passed through a different algorithm, the AS, again wjth the Ki to generate the Kc. The key Kc may be stored and used by the mobile station, until it is updated at the next authentication. Attention is necessary to achieve key consistency during all these operations and after (re)synchronization of nodes. This consistency is provided for by the use of the Ciphering Key Sequence Number (CKSN) and authentication retry. The administration of the (IMS1,Ki) pair is described in recomme