1、 ETSI TR 103 445 V1.1.1 (2017-07) Digital Enhanced Cordless Telecommunications (DECT); DECT security technical review; Security review and assessment 2017 TECHNICAL REPORT ETSI ETSI TR 103 445 V1.1.1 (2017-07) 2 Reference DTR/DECT-00311 Keywords DECT, security ETSI 650 Route des Lucioles F-06921 Sop
2、hia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The p
3、resent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ve
4、rsions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the
5、 current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification
6、No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the
7、foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP
8、Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 445 V1.1.1 (2017-07) 3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Executive summ
9、ary 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions, symbols and abbreviations . 7g33.1 Definitions 7g33.2 Symbols and abbreviations . 7g34 Security overview and assessment . 7g34.1 General . 7g34.2 Authentication algorithms and procedures . 7g
10、34.3 Ciphering algorithms and procedures . 7g34.4 Re-keying and early encryption strategy and procedures . 8g34.4.1 Re-keying strategy and procedures . 8g34.4.2 Early encryption procedures . 8g34.5 Operation with Wireless Relay Stations . 9g34.6 Key allocation and specific issues during system regis
11、tration 9g34.7 Software Upgrading Over The Air (SUOTA) 9g34.8 ULE specific security procedures . 10g35 Detailed description of changes and enhancements introduced during 2017 DECT security review 10g35.1 General . 10g35.2 Changes introduced in the DECT common interface (ETSI EN 300 175) . 10g35.2.1
12、Changes introduced in ETSI EN 300 175-5 (DECT; NWK layer) . 10g35.2.1.1 Improvement in MM-INFO-REQUEST and in MM-INFO-SUGEST 10g35.2.1.2 Inclusion of Default Cipher Algorithm in IE . 12g35.2.1.3 Improvements in IE . 14g35.2.1.4 Review of the Parameter retrieval procedure 15g35.2.2 Changes introduced
13、 in ETSI EN 300 175-7 (DECT; security) . 17g35.2.2.1 New description for Transfer of Cipher Keys to Wireless Relay Stations (WRS) 17g35.2.2.2 New procedure for Cipher key retrieval. PT initiated . 19g35.2.2.3 New MAC layer procedure for re-keying . 22g35.2.2.4 New description of the re-keying proced
14、ure and new aging model to control operation with repeaters 25g35.2.2.5 New description of the early encryption procedure 27g35.2.2.6 New annex with security timers 28g35.3 Changes introduced in the Generic Access Profile (ETSI EN 300 444) 30g35.3.1 New description of the re-keying procedure and new
15、 aging model to control operation with repeaters 30g35.3.2 New description of the early encryption procedure 31g35.3.3 New clause with additional procedures for devices supporting DSC2 . 32g35.4 Changes proposed for the WRS standard (ETSI EN 300 700) . 33g35.4.1 Overview 33g35.4.2 Changes in Bearer
16、handover . 33g35.4.2.1 General principles and open issues . 33g35.4.2.2 Solution to Bearer handover requiring cipher algorithm switching: technical approach 1 . 34g35.4.2.3 Solution to Bearer handover requiring cipher algorithm switching: alternative technical approach 2 . 37g35.4.2.4 Provision of l
17、ower DefCKs “just-in-time“ 40g35.5 Other recommendations for implementation of security features. 40g35.5.1 Guidelines for Implementation of the key-aging model related to the re-keying procedure. 40g35.5.1.1 Introduction . 40g3ETSI ETSI TR 103 445 V1.1.1 (2017-07) 4 5.5.1.2 Implementation of the re
18、-keying timers before the addition of the aging-model 41g35.5.1.3 Additional procedures required by the aging model . 41g35.5.1.4 Additional implementation guidelines 41g3History 42g3ETSI ETSI TR 103 445 V1.1.1 (2017-07) 5 Intellectual Property Rights Essential patents IPRs essential or potentially
19、essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs n
20、otified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given
21、as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their o
22、wners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or
23、organizations associated with those trademarks. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Digital Enhanced Cordless Telecommunications (DECT). Modal verbs terminology In the present document “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“
24、and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Executive summary The present document documents the review of DEC
25、T security procedures done during years 2016 and 2017. It contains two parts: a security overview and assessment on DECT security techniques, addressed to the general public, and a detailed description of the main security improvements introduced in the revisions of the DECT common interface (ETSI E
26、N 300 175 i.1 to i.8) and Generic Access Profile (ETSI EN 300 444 i.9) released by TC DECT during year 2017. The present document is primary addressed to TC DECT and DECT industry communities and as well, to other participants from new industry sectors that may be considering using DECT technology f
27、or new applications. ETSI ETSI TR 103 445 V1.1.1 (2017-07) 6 1 Scope The scope of the present document is documenting the review of DECT security procedures done during year 2017. The present document is structured as two different parts: A security overview and assessment, addressed to the general
28、public, which presents a general description of the different DECT security elements and, for each of them, an assessment with specific recommendations to implementers, including identification of possible threats (when applicable). This part of the study is covered by clause 4 of the present docume
29、nt. A detailed description of the improvements in security procedures introduced in the revisions of the DECT common interface (ETSI EN 300 175 series i.1 to i.8) and the Generic Access Profile (ETSI EN 300 444 i.9) released in year 2017 (version 2.7.1 of ETSI EN 300 175 i.1 to i.8) and version 2.5.
30、1 of Generic Access Profile ETSI EN 300 444 i.9). This part of the study is covered by clause 5 of the present document and is mostly addressed to DECT manufacturers and TC DECT participants. 2 References 2.1 Normative references Normative references are not applicable in the present document. 2.2 I
31、nformative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendme
32、nts) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particula
33、r subject area. i.1 ETSI EN 300 175-1: “Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 1: Overview“. i.2 ETSI EN 300 175-2: “Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 2: Physical Layer (PHL)“. i.3 ETSI EN 300 175-3: “Digital En
34、hanced Cordless Telecommunications (DECT); Common Interface (CI); Part 3: Medium Access Control (MAC) layer“. i.4 ETSI EN 300 175-4: “Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 4: Data Link Control (DLC) layer“. i.5 ETSI EN 300 175-5: “Digital Enhanced Cordless
35、Telecommunications (DECT); Common Interface (CI); Part 5: Network (NWK) layer“. i.6 ETSI EN 300 175-6: “Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 6: Identities and addressing“. i.7 ETSI EN 300 175-7: “Digital Enhanced Cordless Telecommunications (DECT); Common
36、Interface (CI); Part 7: Security features“. i.8 ETSI EN 300 175-8: “Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 8: Speech and audio coding and transmission“. ETSI ETSI TR 103 445 V1.1.1 (2017-07) 7 i.9 ETSI EN 300 444: “Digital Enhanced Cordless Telecommunication
37、s (DECT); Generic Access Profile (GAP)“. i.10 ETSI EN 300 700: “Digital Enhanced Cordless Telecommunications (DECT); Wireless Relay Station (WRS)“. i.11 ETSI TS 102 939-1: “Digital Enhanced Cordless Telecommunications (DECT); Ultra Low Energy (ULE); Machine to Machine Communications; Part 1: Home Au
38、tomation Network (phase 1)“. i.12 ETSI TS 102 939-2: “Digital Enhanced Cordless Telecommunications (DECT); Ultra Low Energy (ULE); Machine to Machine Communications; Part 2: Home Automation Network (phase 2)“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present d
39、ocument, the terms and definitions given in ETSI EN 300 175-1 i.1 and in ETSI EN 300 175-7 i.7 apply. 3.2 Symbols and abbreviations For the purposes of the present document, the symbols and abbreviations given in ETSI EN 300 175-1 i.1 and in ETSI EN 300 175-7 i.7 apply. 4 Security overview and asses
40、sment 4.1 General Clause 4 of the present document presents a general overview of the different DECT security elements. For each of them, it provides an assessment with specific recommendations to implementers, including identification of possible threats (when applicable). 4.2 Authentication algori
41、thms and procedures The authentication algorithm DSAA2, based on AES-128, and the associated authentication procedures are considered secure and are recommended for any new DECT product. The processing time for a brute force attack to the DSAA2, with current computer means, is estimated in thousands
42、 of millions of years. Therefore, a change in previous assessment is not expected in the next years, unless there is a significant change in cryptography techniques or in availability of quantum computing. The old algorithm DSAA is considered obsolete and should not be used in any new DECT product.
43、The implementation of DSAA2 can be done by software and does not introduce any special processing or other extra cost requirement. There are multiple suppliers able to provide software implementations according to OEM specifications. Therefore, the present document does not see any justification for
44、 not implementing DSAA2 in new DECT products. 4.3 Ciphering algorithms and procedures The encryption algorithm DSC2, based on AES-128, and associated procedures, are considered secure and are the primary recommendation for any new DECT product. ETSI ETSI TR 103 445 V1.1.1 (2017-07) 8 The processing
45、time for a brute force attack to the DSC2, with current computer means, is estimated in thousands of millions of years. Therefore, a change in previous assessment is not expected in the next years, unless there is a significant change in cryptography techniques or in availability of quantum computin
46、g. The old algorithm DSC is considered weak with a processing time for a brute force attack in the range of minutes to hours, depending on computer means. This issue can be compensated, to some extent, with the introduction of the “re-keying“ feature (see clause 4.4), which has the goal of adding ad
47、ditional processing requirements to a possible brute force attack. However, in the case of the encryption, the implementation of DSC2 introduces additional requirements of implementation by hardware (recommended) or additional processing power if implemented by software (DSP). Therefore, the recomme
48、ndation depends on the type of product: For security critical products, the use of the DSC2 cipher algorithm is recommended. For general low cost voice products, the use of DSC combined with enhanced security feature “re-keying“ is considered enough for preventing criminal phone tapping in consumer
49、market under most usual scenarios. NOTE: However, it should be expected that this second assessment may change in further reviews due to the continuous increase in computer processing availability. 4.4 Re-keying and early encryption strategy and procedures 4.4.1 Re-keying strategy and procedures The Re-keying is a mechanism consisting of the periodic and regular change of the Cipher Key of an ongoing call, service call, or virtual connection in order to improve the security. The fundamental aim of the re-keying is t
