1、 ETSI TS 102 442-6 V1.1.1 (2006-11)Technical Specification Satellite Earth Stations and Systems (SES);Satellite Component of UMTS/IMT-2000;Multimedia Broadcast/Multicast Services;Part 6: SecurityETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 2 Reference DTS/SES-00251-6 Keywords broadcast, IMT-2000, satelli
2、te, service, UMTS, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies o
3、f the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF)
4、. In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of
5、 this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as
6、authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand
7、the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 3 Contents Intellectual Property Rights5 Forewo
8、rd.5 Introduction 5 1 Scope 7 2 References 7 3 Abbreviations .7 4 Security requirements.8 4.1 S-MBMS security requirements .8 4.2 General security requirements8 4.2.1 Service level security8 4.2.1.1 Secure access to S-MBMS services 8 4.2.1.2 Protection of user-related transmitted data8 4.2.1.3 Prote
9、ction of user-related stored data8 4.2.2 Provider security requirements .9 4.2.2.1 USIM security.9 4.2.2.2 Secure provision of S-MBMS services .9 4.2.3 S-MBMS signalling protection requirements .9 4.2.4 Requirements on Privacy10 4.2.5 Key management requirements.10 4.2.6 S-MBMS multicast data10 4.2.
10、6.1 Integrity protection requirements 10 4.2.6.2 Confidentiality protection requirements10 4.2.7 Digital Rights Management 11 4.2.8 User Equipment 11 4.2.9 Infrastructure Security 11 4.2.9.1 BM-SC protection .11 4.2.9.2 3rdparty content provider 11 4.2.9.3 Satellite environment protection .11 4.2.9.
11、4 IMRs protection 11 4.2.9.5 Inter domain security.11 5 S-MBMS Security overview 11 5.1 S-MBMS- security architecture11 5.2 Key management overview 12 5.2.1 Key transmission for pay per view .12 5.2.2 Key transmission for Subscription12 5.2.3 Key management with access network .12 5.2.4 Key manageme
12、nt without access network12 6 Security functions.12 6.1 Authenticating and authorizing the user.12 6.2 Key management and distribution13 6.3 Protection of the transmitted traffic13 6.4 Protection of Intermediate Module Repeaters 13 7 Security mechanisms13 7.1 Using GBA for S-MBMS.13 7.2 Authenticati
13、on and authorization of user14 7.2.1 Authentication and authorization in application level joining 14 7.2.2 Authentication and authorization in S-MBMS bearer establishment14 7.2.3 Authentication and authorization in MSK request14 7.2.4 Authentication and authorization in post delivery procedures14 7
14、.3 Key update procedures .14 7.4 Protection of the transmitted traffic14 ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 4 7.4.1 General15 7.4.2 Protection of streaming data .15 7.4.2.1 Usage of SRTP15 7.4.2.2 Packet processing in the UE15 7.4.3 Protection of download content 16 7.4.3.1 General16 7.4.3.2 Us
15、age of OMA DRM DCF .16 Annex A (informative): Bibliography.17 History 18 ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any,
16、is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on t
17、he ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) whic
18、h are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Satellite Earth Stations and Systems (SES). The present document is part 6 of a multi-part deliverable covering Satellite Earth Stations and Sy
19、stems (SES); Satellite Component of UMTS/IMT-2000; Multimedia Broadcast/Multicast Services, as identified below: Part 1: “Services definitions“; Part 2: “Architecture and functional description“; Part 3: “Introduction in the Radio Access Network (RAN)“; Part 4: “Interworking with terrestrial UMTS ne
20、tworks“; Part 5: “Performances over the radio interface“; Part 6: “Security“. Introduction S-UMTS stands for the Satellite component of the Universal Mobile Telecommunication System. S-UMTS systems will complement the terrestrial UMTS (T-UMTS) and inter-work with other IMT-2000 family members throug
21、h the UMTS core network. S-UMTS will be used to deliver 3rdgeneration mobile satellite services (MSS) utilizing either low (LEO) or medium (MEO) earth orbiting, or geostationary (GEO) satellite(s). S-UMTS systems are based on terrestrial 3GPP specifications and will support access to GSM/UMTS core n
22、etworks. NOTE 1: The term T-UMTS will be used in the present document to further differentiate the Terrestrial UMTS component. Due to the differences between terrestrial and satellite channel characteristics, some modifications to the terrestrial UMTS (T-UMTS) standards are necessary. Some specifica
23、tions are directly applicable, whereas others are applicable with modifications. Similarly, some T-UMTS specifications do not apply, whilst some S-UMTS specifications have no corresponding T-UMTS specification. Since S-UMTS is derived from T-UMTS, the organization of the S-UMTS specifications closel
24、y follows the original 3rdGeneration Partnership Project (3GPP) structure. An S-UMTS system is defined by the combination of a family of S-UMTS specifications and 3GPP specifications, as follows: If an S-UMTS specification exists it takes precedence over the corresponding 3GPP specification (if any)
25、. This precedence rule applies to any references in the corresponding 3GPP specifications. ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 6 NOTE 2: Any references to 3GPP specifications within the S-UMTS specifications are not subject to this precedence rule. For example, an S-UMTS specification may contai
26、n specific references to the corresponding 3GPP specification. If an S-UMTS specification does not exist, the corresponding 3GPP specification may or may not apply. The exact applicability of the complete list of 3GPP specifications shall be defined at a later stage. ETSI ETSI TS 102 442-6 V1.1.1 (2
27、006-11) 7 1 Scope The present document intends to specify security requirements. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edit
28、ion number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Ref
29、erence. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 1 ETSI TS 133 246 (Release 6): “Universal Mobile Telecommunications System (UMTS); 3G Security; Security of Multimedia Broadcast/Multicast Service (MBMS) (
30、3GPP TS 33.246 Release 6)“. 2 IETF RFC 2617: “ HTTP Authentication: Basic and Digest Access Authentication “. 3 IETF RFC 3711: “The Secure Real-time Transport Protocol (SRTP)“. 4 IETF RFC 3830: “MIKEY: Multimedia Internet KEYing“. . 5 OMA-DRM-DCF-V2-0: “OMA DRM Content Format“. NOTE: Available at: w
31、ww.openmobilealliance.org. 3 Abbreviations For the purposes of the present document, the following abbreviations apply: BM-SC Broadcast/Multicast Service Centre DRM Digital Right Management GBA Generic Bootstrapping Architecture ME Mobile Equipment MSK S-MBMS Service Key MTK S-MBMS Transport Key NAF
32、 Network Application Function RAN Radio Access Network S-MBMS Multimedia Broadcast/Multicast Services UE User Equipment UICC UMTS Integrated Circuit Card USIM UMTS Subscriber Identity Module ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 8 4 Security requirements 4.1 S-MBMS security requirements The requir
33、ements of 1 shall apply. Adaptations for the case BM-SC located outside the mobile operator. 4.2 General security requirements 4.2.1 Service level security 4.2.1.1 Secure access to S-MBMS services It shall be possible to prevent intruders, including relay nodes, from obtaining unauthorized access to
34、 S-MBMS services by masquerading as authorized users. It shall be possible to prevent intruders, including relay nodes, from hijacking a service already provided to a user. It shall not be possible for unjustified charges to be imposed on users. It shall be possible for users to be able to verify th
35、at serving networks are authorized to offer S-MBMS service on behalf of the users Home Environment at the start of, and during, service delivery. It shall not be possible for simultaneous access to S-MBMS services by multiple users from the same terminal to jeopardize the security of individual acce
36、ss to S-MBMS service. It shall be possible to protect against unauthorized modification of multicast, signalling and control data, particularly on radio interfaces. It shall be possible to protect the confidentiality of multicast, signalling and control data, particularly on radio interfaces. 4.2.1.
37、2 Protection of user-related transmitted data It shall be possible to protect the confidentiality of user traffic, particularly on radio interfaces, including protection against eavesdropping from relay nodes. It shall be possible to protect the confidentiality of user identity data, particularly on
38、 radio interfaces, including protection against eavesdropping from relay nodes. It shall be possible to protect the confidentiality of location data about users, particularly on radio interfaces, including protection against eavesdropping from relay nodes. It shall be possible to protect against the
39、 unauthorized disclosure of location data about users participating in a particular S-MBMS service to other parties participating in the same S-MBMS service. It shall be possible to protect against unauthorized modification of user traffic. It shall be possible for the user to be able to check wheth
40、er or not his user traffic is protected, particularly on radio interfaces. 4.2.1.3 Protection of user-related stored data It shall be possible to protect against unauthorized modification of user-related data which is stored or processed by a provider. It shall be possible to protect the confidentia
41、lity of user-related data which is stored or processed by a provider. ETSI ETSI TS 102 442-6 V1.1.1 (2006-11) 9 It shall be possible to protect against unauthorized modification of user-related data stored in the terminal or in the USIM. It shall be possible to protect the confidentiality of user-re
42、lated data stored in the terminal or in the USIM. 4.2.2 Provider security requirements 4.2.2.1 USIM security A valid USIM shall be required to access any S-MBMS service except for emergency broadcast messages where the network should be allowed to decide whether or not emergency calls should be perm
43、itted without a USIM. It shall be possible to prevent the use of a particular USIM to access S-MBMS services. It shall be possible to control access to a USIM so that it can only be used to access S-MBMS services by the subscriber to whom it was issued or by users explicitly authorized by that subsc
44、riber. It shall be possible to control access to data in a USIM. For instance, some data may only be accessible by an authorized home environment. It shall not be possible to access data in a USIM that is only intended to be used within the USIM, e.g. authentication keys and algorithms. If a UICC co
45、ntains more than one USIM (to access services from different home environments) then different home environments shall only have access to the USIMs of their own users. If a UICC contains more than one USIM (to access services from different home environments) then security management data (e.g. aut
46、hentication information) of each USIM shall be protected independently against unauthorized access and modification. It shall be possible to control access to, and selection of, USIMs and other non-S-MBMS applications stored on the same UICC. In particular, it shall be possible to have shared direct
47、ories between applications where appropriate. It shall be possible to ensure that the origin and integrity of applications and/or data downloaded to the UICC can be checked. It may also be necessary to ensure that the confidentiality of downloaded applications and/or data can be ensured. 4.2.2.2 Sec
48、ure provision of S-MBMS services It shall be possible for providers to authenticate users at the start of, and during, service delivery to prevent intruders (including relay nodes) from obtaining unauthorized access to S-MBMS services by masquerade or misuse of priorities. It shall be possible to de
49、tect and prevent the fraudulent use of services. Alarms will typically need to be raised to alert providers to security-related events. Audit logs of security related events will also need to be produced. It shall be possible for a home environment to cause an immediate termination of all services provided to users associated with that home environment. It shall be possible for the serving network to be able to authenticate the origin of user traffic, signaling data and control data on radio interfaces. It shall be possible to prevent intruders from res
