1、 ETSI TR 102 021-7 V1.3.1 (2010-12)Technical Report Terrestrial Trunked Radio (TETRA);User Requirement Specification TETRA Release 2.1;Part 7: SecurityETSI ETSI TR 102 021-7 V1.3.1 (2010-12)2Reference RTR/TETRA-01196 Keywords security, TETRA, user ETSI 650 Route des Lucioles F-06921 Sophia Antipolis
2、 Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present do
3、cument may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of th
4、e PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/s
5、tatus.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction ex
6、tend to reproduction in all media. European Telecommunications Standards Institute 2010. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the
7、benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 102 021-7 V1.3
8、.1 (2010-12)3Contents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 User Requirement Specification . 7g34.1 User Req
9、uirements from questionnaire 7g34.2 User Requirements derived from work on TETRA Release 1 . 7g34.3 Core requirements 7g34.4 Work required 9g34.5 Testing requirements 9g34.6 Timescales 9g3History 10g3ETSI ETSI TR 102 021-7 V1.3.1 (2010-12)4Intellectual Property Rights IPRs essential or potentially e
10、ssential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs no
11、tified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
12、can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Terrestrial Trunked Radio
13、 (TETRA). The present document is part 7 of a multi-part deliverable covering the User Requirement Specifications (URSs) for TETRA Release 2 and Release 2.1, as identified below: Part 1: “General overview“ (Release 2.1); Part 2: “High Speed Data“ (Release 2.1); Part 3: “Codec“ (Release 2); Part 4: “
14、Air Interface Enhancements“ (Release 2.1); Part 5: “Interworking and Roaming“ (Release 2.1); Part 6: “Subscriber Identity Module (SIM)“ (Release 2.1); Part 7: “Security“ (Release 2.1); Part 8: “Air - Ground - Air services“ (Release 2); Part 9 “Peripheral Equipment Interface“ (Release 2.1); Part 10:
15、“Local Mode Broadband“ (Release 2.1); Part 11: “Over The Air Management“ (Release 2.1); Part 12: “Direct Mode Operation“ (Release 2.1). Introduction The Terms of Reference for TC TETRA approved at ETSI Board meeting #69, November 2008 are to produce ETSI deliverables (and maintenance thereafter) in
16、accordance with the following requirements: The provision of user driven services, facilities and functionality as required by traditional Professional Mobile Radio (PMR) user organizations such as the Emergency Services, Government, Military, Transportation, Utility and Industrial organizations as
17、well as Public Access Mobile Radio (PAMR) Operators. The evolution and enhancement of TETRA as required by the market with the provision of new services, facilities and functionality made possible by new technology innovations and standards. Further enhancements of the TETRA standard in order to pro
18、vide increased benefits and optimization in terms of spectrum efficiency, network capacity, system performance, quality of service, security and other relevant parameters. ETSI ETSI TR 102 021-7 V1.3.1 (2010-12)5 The backward compatibility and integration of the new services, facilities and function
19、ality with existing TETRA standards in order to future-proof the existing and future investments of TETRA users. Technical Objective TETRA is one of a number of digital wireless communication technologies standardized by ETSI. ETSI TC TETRA produces standards and/or adapts existing standards for eff
20、icient digital PMR and PAMR voice and data services, including broadband evolution. The present document provides the User Requirement Specifications for Security. The URS is required by TC TETRA to guide the enhancement of the current TETRA standard, mainly the evolution of the HSD standard part to
21、wards broadband. ETSI ETSI TR 102 021-7 V1.3.1 (2010-12)61 Scope The present document contains the User Requirements Specifications (URS) which are described in non-technical terms. Although high level requirements are proposed by the present document, it is considered restrictive to mandate particu
22、lar security implementations at this point, until a revised threat analysis has been undertaken. The present document is applicable to the specification of TETRA Release 2.1 equipment. 2 References References are either specific (identified by date of publication and/or edition number or version num
23、ber) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at ht
24、tp:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicabl
25、e. 2.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI ES 202 109: “Terrestrial Trunked Radio (TETRA); Security; Synchronization mechanism for end-to-en
26、d encryption“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: TETRA Release 2: Work Programme with new terms of reference within ETSI Project TETRA to enhance the services and facilities of TETRA in order to meet n
27、ew user requirements, utilize new technology and increase the longevity of TETRA within the traditional market domains of PMR and PAMR TETRA Release 2.1: Work Programme within TC TETRA to enhance the services and facilities of TETRA in order to meet new user requirements, utilize new technology and
28、increase the longevity of TETRA within the traditional market domains of PMR and PAMR ETSI ETSI TR 102 021-7 V1.3.1 (2010-12)73.2 Abbreviations For the purposes of the present document the following abbreviations apply: GCK-N Group Cipher Key Number GCK-VN Group Cipher Key Version Number HSD High Sp
29、eed Data ITSI Individual TETRA Subscriber Identity K authentication KeyME Mobile Equipment OTAK Over The Air Keying OTAR Over The Air Re-keying PAMR Public Access Mobile Radio PMR Private Mobile Radio SIM Subscriber Identity Module TEAx TETRA Encryption Algorithm x TEDS TETRA Enhanced Data Service U
30、RS User Requirement Specification 4 User Requirement Specification 4.1 User Requirements from questionnaire Due to the specialist nature of security requirements and also due in some part to the sensitivity of users to discuss in open forum threats to any current standard, it was not considered appr
31、opriate to collect security requirements as part of the wider TETRA Release 2 user questionnaire sent out in 2001. 4.2 User Requirements derived from work on TETRA Release 1 TETRA Release 1, TETRA Release 2, and TETRA Release 2.1 should be maintained at an equal level of security. If further enhance
32、ments to the security of TETRA Release 2.1 are required, they should be applicable to all TETRA Releases up to Release 2.1. This is considered fundamental to Public Safety users as current and future systems are required to be implemented such that security accreditation can be achieved. This also a
33、pplies to possible “stand-alone“ developments such as HSD through direct access TEDS. High speed data solutions including evolution towards broadband require further consideration of security aspects. It should be noted that security requirements apply to the standard as a whole, and individual requ
34、irements may not need satisfying with explicit security requirements, e.g. integrity can be checked with non-cryptographic integrity checking error correction schemes when used in conjunction with encryption schemes which may in themselves not provide integrity checks. NOTE: TETRA is not required to
35、 support security protocols derived from other domains (e.g. GSM). 4.3 Core requirements Although system requirements should be derived from the new threat analysis, it is considered probable that as a minimum the following core requirements will need to be supported by TETRA Release 2.1: 1) The TET
36、RA Release 2.1 security standard should be able to provide authentication of the terminal and the infrastructure or the Smart Card and the infrastructure and should use, as far as possible, the mechanisms used in TETRA Release 1. In addition the standard should provide for authentication of the end
37、user using, as far as possible, mechanisms provided in TETRA Release 1. NOTE 1: An application level user authentication method is outside the scope of the air interface security standards. 2) The TETRA Release 2.1 security standard should be able to provide confidentiality protection for user plane
38、 information over the air interface. ETSI ETSI TR 102 021-7 V1.3.1 (2010-12)83) The TETRA Release 2.1 security standard should be able to provide confidentiality and integrity protection of control plane information over the air interface. The integrity mechanism should not use strong cryptographic
39、methods but should rely upon the mechanisms inherent in the use of a stream cipher and non-cryptographic checksums (e.g. LLC and L2-CRC) as per TETRA Release 1. 4) The TETRA Release 2.1 security standard should be able to provide confidentiality and integrity protection of all over-the-air managemen
40、t messages over the air interface. 5) The TETRA Release 2.1 security standard should be able to provide replay protection for both user plane and control plane information over the air interface for a sufficient period to meet international Public Safety and commercial markets. The keystream repeat
41、length of the algorithms should remain unchanged at 23 days (approx) to avoid needing different key management principles for TETRA Release 2.1. Any change to the timeslot frequency, or to the use of fixed timeslots, may require fundamental redesign to the TEAx series of algorithms. Therefore in ord
42、er to maintain the use of the TEAx series with as much backward compatibility as possible the same timeslot frequency should be maintained. 6) The structure of TETRA Release 2.1 keys should be identical to TETRA Release 1 keys. (By “structure“ we mean the length of the key, the length of the key num
43、ber (e.g. GCK-N) and the length of the key version number (e.g. GCK-VN).) TETRA Release 2.1 should use the same encryption algorithms as TETRA Release 1. 7) The authentication and OTAR mechanisms used in TETRA Release 2.1 should be the same as the TETRA Release 1 authentication and OTAR mechanisms.
44、Where TEDS carriers are a part of a TETRA Release 1 network, registration and authentication will be based on an ITSI/K pair which are known on the Release 1 network, and authentication will take place according to TETRA Release 1 standards on the TETRA Release 1 network before TEDS services can be
45、used. In networks where HSD carriers are not part of a TETRA Release 1 network, registration and authentication should be based on a similar ITSI/K pair known to the TETRA Release 2.1 network using same or similar authentication mechanisms as in TETRA Release 1 network. NOTE 2: The authentication an
46、d OTAR protocols will operate on both TETRA Release 1 and TETRA Release 2.1 carriers. 8) The remote enable and disable functions of TETRA Release 1 should apply to TETRA Release 2.1 systems and mobile stations. 9) Where TETRA Release 2.1 systems and mobile stations support TETRA Release 1 circuit-mo
47、de calls, it should be possible to provide additional protection for user plane information by means of end-to-end encryption according to ES 202 109 i.1. If circuit-mode calls are to be supported in TETRA Release 2.1, it should be possible to provide them with end-to-end encryption according to ES
48、202 109 i.1. If a TETRA Release 2.1 codec is required to operate in a TETRA Release 1 air interface environment, then either the bit rate should be less than the TETRA Release 1 codec air interface and bits allocated for end to end encryption synchronization, or frame stealing should be supported to
49、 allow the TETRA Release 1 encryption synchronization mechanisms to be maintained. Where frame stealing is the supported synchronization method the codec should be able to sustain a frame stealing rate compatible with TETRA Release 1 standards requiring a stealing rate of between 1 and 4 stolen frames per second. 10) The system should be able to support a mechanism whereby information held on a removable personalization module (e.g. Smart Card) is protected from unauthorized access. A Smart Card may contain the ITSI/K pair and the authentication algorithms. 11) A
