1、 ETSI TR 103 087 V1.1.1 (2016-06) Reconfigurable Radio Systems (RRS); Security related use cases and threats in Reconfigurable Radio Systems TECHNICAL REPORT ETSI ETSI TR 103 087 V1.1.1 (2016-06) 2 Reference DTR/RRS-03010 Keywords radio, safety, security ETSI 650 Route des Lucioles F-06921 Sophia An
2、tipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present
3、 document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions
4、 and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the curre
5、nt status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No par
6、t may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the forego
7、ing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the be
8、nefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 087 V1.1.1 (2016-06) 3 Contents Intellectual Property Rights 6g3Foreword . 6g3Modal verbs terminology 6g3Introduction 6g31 Scope 7g32 Refer
9、ences 7g32.1 Normative references 7g32.2 Informative references . 7g33 Definitions and abbreviations . 8g33.1 Definitions . 8g33.2 Abbreviations 9g34 Method of analysis . 10g35 Security objectives . 15g35.1 Overview . 15g35.2 Assumptions and assertions of RRS 17g35.3 Objectives arising from RED anal
10、ysis . 18g35.4 Objectives arising from ComSec analysis . 18g35.5 Objectives arising from the analysis of the RAP as ToE#2 . 19g35.6 Objectives arising from the analysis of the DoC as ToE#3 . 19g36 Stakeholders and assets 20g36.1 Use cases . 20g36.1.1 Introduction 20g36.1.2 Timing dependencies betwee
11、n use cases . 23g36.2 Assets 24g36.2.1 Mobile Device Reconfiguration Classes 24g36.2.2 Radio Application operating environment . 25g36.2.3 Radio Application and Radio Application Package . 27g36.2.4 Declaration of Conformity and CE marking 27g36.2.5 External assets . 27g36.3 Cardinalities 28g37 Iden
12、tification of ToE for RRS App deployment 29g37.1 Overview . 29g37.2 ToE#1: communication between the RadioApp Store and the RE 30g37.2.1 Introduction 30g37.2.2 Threats . 31g37.2.3 Risk assessment . 32g37.3 ToE#2: Radio Application Package 32g37.3.1 Introduction 32g37.3.2 Lifecycle starting from the
13、availability on the RadioApp Store 32g37.3.3 Other aspects of the lifecycle . 34g37.3.3.1 Withdrawal of a Radio Application from the Radio Market Platform . 34g37.3.3.2 Development and pre-distribution phase 34g37.3.3.3 RE and RA lifetime 34g37.3.3.4 Identification of rogue or compromised Radio Appl
14、ications . 35g37.3.4 ToE#2 environment . 35g37.3.5 Out-of-scope aspects of ToE#2 35g37.3.6 Threats . 35g37.4 ToE#3: Declaration of Conformity and CE marking 35g37.4.1 DoC characteristics 35g37.4.2 Consequences drawn from characteristics . 37g37.4.3 DoC usage from a market surveillance perspective .
15、37g37.4.4 ToE#3 environment . 38g3ETSI ETSI TR 103 087 V1.1.1 (2016-06) 4 7.4.5 Out-of-scope aspects of ToE#3 38g37.4.6 Threats . 38g37.5 Conceptual countermeasure framework for RRS to address ToE#1, ToE#2 and ToE#3 38g37.5.1 Introduction 38g37.5.2 Framework elements 38g37.5.3 Revised risk calculati
16、ons . 39g37.5.3.1 Application of identity management framework 39g37.5.3.1.1 Identities in RRS. 39g37.5.3.2 Application of non-repudiation framework 42g37.5.3.3 Application of integrity verification framework 42g37.5.4 Summary of threats introduced by countermeasures . 42g38 Modifications applicable
17、 to the RRS architecture 42g38.1 Additional elements . 42g38.2 Additional flow diagrams 44g38.2.1 RAP endorsement, distribution, and validation . 44g38.2.2 DoC endorsement, distribution, and validation 45g3Annex A: Impact on RRS Security of European Radio Equipment Directive . 48g3A.1 Introduction 4
18、8g3A.2 Summary of applicable requirements . 48g3A.2.1 Applicability 48g3A.2.2 General principles 48g3A.2.3 Technical and security considerations . 49g3A.3 Declaration of Conformity (DoC) 49g3A.3.1 Introduction . 49g3A.3.2 Technical and security considerations . 50g3A.4 Safekeeping of the Declaration
19、 of Conformity 50g3A.4.1 Introduction . 50g3A.4.2 Technical and security considerations . 50g3A.5 Affixing of Declaration of Conformity 51g3A.5.1 Overview . 51g3A.5.2 Technical and security considerations . 51g3A.6 Pre-market actors and roles from the RED perspective . 52g3A.7 Other information to i
20、ndicate on the RE 53g3A.7.1 Introduction . 53g3A.7.2 Technical and security considerations . 53g3A.8 Actions in case of formal non-compliance, or with compliant radio equipment that presents a risk 53g3A.8.1 Introduction . 53g3A.8.2 Technical and security considerations . 53g3A.9 Post-market actors
21、and roles from the RED perspective 54g3A.10 Actions in case of RE presenting a risk 54g3A.10.1 Introduction . 54g3A.10.2 Technical and security considerations . 55g3A.10.3 Additional considerations 55g3Annex B: Summary of security objectives . 56g3Annex C: Summary of high level security requirements
22、 58g3Annex D: Completed TVRA pro forma for RRS security 59g3Annex E: TVRA Risk Calculation for selected RRS aspects . 61g3Annex F: Void 65g3ETSI ETSI TR 103 087 V1.1.1 (2016-06) 5 Annex G: Trust models in RRS app deployment 66g3G.1 Overview of trust 66g3G.2 Role of trust in RRS . 66g3G.3 Public Key
23、Infrastructures and Trust 67g3G.4 Models of trust . 69g3G.4.1 Overview . 69g3G.4.2 Directly delegated trust . 70g3G.4.3 Collaborative trust . 71g3G.4.4 Transitive trust . 72g3G.4.5 Reputational trust 72g3Annex H: Wireless Innovation Forum security considerations for SDRD . 73g3H.1 Introduction 73g3H
24、.2 Identification of assets 73g3H.3 Actors (stakeholders) 74g3H.4 Threat analysis 75g3H.4.1 Vulnerability classes 75g3H.4.2 Threat classes 76g3H.4.3 Attacks and exploits 76g3H.5 Identification of security critical processes 76g3H.6 Security services . 77g3H.7 Other considerations . 79g3H.7.1 Downloa
25、dable policies 79g3History 80g3ETSI ETSI TR 103 087 V1.1.1 (2016-06) 6 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and n
26、on-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). P
27、ursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present
28、document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Reconfigurable Radio Systems (RRS). Modal verbs terminology In the present document “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clau
29、se 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The present document presents a security threat analysis of RRS networks and devices for a set of specific u
30、se cases and operational scenarios defined in ETSI TC RRS. It is recommended to consider i.1, i.2, i.3, i.5, i.6, i.7, i.8 and i.18 for further information on the framework related to the solutions in the present document. ETSI ETSI TR 103 087 V1.1.1 (2016-06) 7 1 Scope The present document provides
31、 an analysis of the risk of security attacks on the operation of reconfigurable radio systems. It identifies which security threats can disrupt RRS networks and devices or can induce negative impacts on other radio communication services operating in the same radio spectrum. The present document als
32、o identifies stakeholder and assets, which can be potentially impacted by the security threats. 2 References 2.1 Normative references As informative publications shall not contain normative references this clause shall remain empty. 2.2 Informative references References are either specific (identifi
33、ed by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clau
34、se were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Recommendation ITU-T E.408: “Security in T
35、elecommunications and Information Technology. An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications. Telecommunication networks security requirements“. i.2 L. B. Michael, M. J. Mihaljevic, S. Haruyama: and R. Kohno: “A framework for secure download
36、for software-defined radio.“, IEEE Communications Magazine, July 2002. i.3 A. N. Mody, R. Reddy, T. Kiernan and T.X. Brown: “Security in cognitive radio networks: An example using the commercial IEEE 802.22 standard,“ Military Communications Conference, 2009. MILCOM 2009. IEEE, vol., no., pp.1-7, 18
37、-21 Oct. 2009, Boston, MA, USA. i.4 “Wireless Innovation Forums Security Working Group. Securing Software Reconfigurable Communications Devices“, Document Id: WINNF-08-P-0013. i.5 ETSI TR 103 062: “Reconfigurable Radio Systems (RRS); Use Cases and Scenarios for Software Defined Radio (SDR) Reference
38、 Architecture for Mobile Device“. i.6 ETSI TR 102 907: “Reconfigurable Radio Systems (RRS); Use Cases for Operation in White Space Frequency Bands“. i.7 ETSI TR 103 063: “Reconfigurable Radio Systems (RRS); Use Cases for Reconfigurable Radio Systems operating in IMT bands and GSM bands for intra-ope
39、rator scenarios“. i.8 ETSI TR 102 944: “Reconfigurable Radio Systems (RRS); Use Cases for Baseband Interfaces for Unified Radio Applications of Mobile Device“. i.9 ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and proto
40、cols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.10 ETSI TR 187 011: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Application of ISO-15408-2 requirements to ETSI standards - guide, method and applicati
41、on with examples“. ETSI ETSI TR 103 087 V1.1.1 (2016-06) 8 i.11 ETSI EN 302 969: “Reconfigurable Radio Systems (RRS); Radio Reconfiguration related Requirements for Mobile Devices“. i.12 ETSI TS 103 436: “Reconfigurable Radio Systems (RRS); Security requirements for reconfigurable radios“. i.13 ETSI
42、 EN 303 095: “Reconfigurable Radio Systems (RRS); Radio Reconfiguration related Architecture for Mobile Devices“. i.14 Directive 2014/53/EU of the European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making available on the mar
43、ket of radio equipment and repealing Directive 1999/5/EC. i.15 Directive 2014/35/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of electrical equipment designed for use within c
44、ertain voltage limits Text with EEA relevance. i.16 Directive 2014/30/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to electromagnetic compatibility (recast) (Text with EEA relevance). i.17 Regulation (EC) No 765/2
45、008 of the European Paliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relatiing to the marketing of products and repealing Regulation (EEC) No 339/93 (Text with EEA relevance). NOTE: European Directives and Regulations are available at
46、 http:/eur-lex.europa.eu/. i.18 ETSI TR 102 967: “Reconfigurable Radio Systems (RRS); Use Cases for dynamic equipment reconfiguration“. i.19 ETSI EN 303 146-2: “Reconfigurable Radio Systems (RRS); Mobile Device (MD) information models and protocols; Part 2: Reconfigurable Radio Frequency Interface (
47、RRFI)“. i.20 ETSI TS 103 146-3: “Reconfigurable Radio Systems (RRS); Mobile Device Information Models and Protocols Part 3: Unified Radio Application Interface (URAI)“. i.21 Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electr
48、onic communications networks and services (Framework Directive). i.22 ETSI GS NFV-SEC 003: “Network Functions Virtualisation (NFV); NFV Security; Security and Trust Guidance“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definition
49、s apply: assigned frequency band: frequency band or sub-band within which the device is authorized to operate and to perform the intended function of the equipment National Regulatory Authority (NRA): body or bodies charged by a Member State with any of the regulatory tasks assigned in this Directive and the Specific Directives (Framework Directive 2002/21/EC i.21) radio system: system capable to communicate some user information by using electromagnetic waves NOTE: Radio system is typically designed to use certai
