1、 ETSI TS 103 307 V1.1.1 (2016-04) CYBER; Security Aspects for LI and RD Interfaces TECHNICAL SPECIFICATION ETSI ETSI TS 103 307 V1.1.1 (2016-04)2 Reference DTS/CYBER-0005 Keywords cyber security, lawful interception, retained data ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE T
2、el.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made av
3、ailable in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the on
4、ly prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and ot
5、her ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or u
6、tilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend t
7、o reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and
8、 of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 103 307 V1.1.1 (2016-04)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.
9、2 Informative references 5g33 Definitions and abbreviations . 5g33.1 Definitions 5g33.2 Abbreviations . 6g34 Structure of document and list of relevant interfaces . 6g34.1 Introduction 6g34.2 List of LI and RD items covered in the present document . 6g35 Common techniques . 6g35.1 Introduction 6g35.
10、2 Hash algorithms 7g3Annex A (normative): Providing assurance for LI or RD material as evidence 8g3A.1 Statement of problem . 8g3A.2 Techniques for providing assurance for LI or RD material as evidence 8g3A.2.1 Approaches to providing assurance 8g3A.2.2 Definition of two techniques 9g3A.3 Detailed d
11、efinition for hash-only technique in the context of Retained Data 9g3A.3.1 Summary 9g3A.3.2 Terminology used in clause A.3 . 9g3A.3.3 Processes and testing 10g3A.3.3.1 Process at CSP 10g3A.3.3.2 Process at any LEA systems handling the Evidence Data 10g3A.3.3.3 Process for use in court . 10g3A.3.3.4
12、Recommended testing and assurance process at LEA Receiver . 10g3A.3.4 Choice of hashing algorithms . 11g3A.3.5 Meta-data required . 11g3A.3.6 Associating hashes with the Evidence Data . 11g3A.3.7 Storing information at the CSP . 12g3A.3.8 Other notes . 12g3History 13g3ETSI ETSI TS 103 307 V1.1.1 (20
13、16-04)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual
14、Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR
15、 searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been p
16、roduced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal form
17、s for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 307 V1.1.1 (2016-04)5 1 Scope The present document specifies security processes and techniques for LI and RD systems. The present document is limited
18、to the provision of evidential assurance of RD material. Future versions of the present document will cover: 1) Assurance of the integrity and originator of approvals/authorizations. 2) Security aspects of internal interfaces for Lawful Interception. 3) Security issues around the role for global, tr
19、usted-third-party or virtualised components of Law Enforcement equipment: Monitoring or Mediation facilities. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, onl
20、y the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hy
21、perlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 FIPS Publication 180-4 (2014): “Secure Hash Standard (SHS)“. 2.2 Informative referen
22、ces References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE
23、: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1
24、 ETSI TS 102 657: “Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data“. i.2 ETSI TS 102 232-1: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP deliv
25、ery“. i.3 ETSI TS 102 918: “Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (AsiC)“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TS 102 657 i.1 apply. ETSI ETSI TS 103 307 V1.1.1 (2
26、016-04)6 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: CSP Communications Service Provider LI Lawful Interception PDF Portable Document Format RD Retained Data SHA Secure Hash Algorithm 4 Structure of document and list of relevant interfaces 4.1 Intro
27、duction The present document considers the list of particular information flows and interfaces for RD and LI specified in clause 4.2. It examines them from a security (confidentiality, integrity and authenticity) perspective and specifies implementation details (technologies, algorithms, options, mi
28、nimum requirements on keys, etc.g895g856 An underlying reference model for LI is given in ETSI TS 102 232-1 i.2 and an underlying reference model for RD is given in ETSI TS 102 657 i.1. Certain techniques are applicable to more than one information flow or interface. Generic techniques are addressed
29、 in clause 5. For each information flow or interface, the present document contains the following information (where applicable): - Statement of the problem, including reference model. - Identification of the threats and risks to the extent it is appropriate to publish in a standard. - Statement of
30、the techniques which are recommended as a solution. 4.2 List of LI and RD items covered in the present document The present document addresses the following LI and RD items: 1) Providing evidential assurance of LI or RD material (Annex A). The following topics will be covered in future versions of t
31、he present document: 1) Assurance of the integrity and originator of approvals/authorizations. 2) Security aspects of internal interfaces for Lawful Interception. 3) Security issues around the role for global, trusted-third-party or virtualised components of Law Enforcement equipment: Monitoring or
32、Mediation facilities. 5 Common techniques 5.1 Introduction The following techniques are used in a number of the annexes of the present document: Algorithms for hashing data. The following techniques will be included in future versions of the present document: Digital signature algorithms. Procedures
33、 for Trusted timestamp. Transport-layer security ETSI ETSI TS 103 307 V1.1.1 (2016-04)7 5.2 Hash algorithms The SHA-256 algorithm shall be as defined in FIPS Publication 180-4 1. The SHA-512 algorithm shall be as defined in FIPS Publication 180-4 1. ETSI ETSI TS 103 307 V1.1.1 (2016-04)8 Annex A (no
34、rmative): Providing assurance for LI or RD material as evidence A.1 Statement of problem The requirement is to provide assurance about the integrity of the LI or RD material (i.e. to help with assurance that it has not been altered during the course of delivery and/or storage with end user authoriti
35、es) and to provide assurance about the originator of the material (i.e. the organization that produced it). The present document does not look at any requirement for confidentiality in this annex. The goal of this clause is to add assurance to LI or RD material if it is presented as evidence in cour
36、t. The present document does not attempt to examine legal aspects and no assurance is given that the process in the present document provides a complete or adequate level of assurance for any particular jurisdiction. The reference model for this clause consists of two parties: The originator: the pa
37、rty that creates the material and wishes to provide assurance about its integrity and origin. The receiver: the party that wishes to check the integrity and originator of the material. In a typical situation: The originator is the CSP, and the information flow starts at the point where material is s
38、elected by the CSP for use as RD or LI. The present document does not examine the integrity of existing CSP business records. The receiver is wherever there is a requirement to check the integrity and origin. This can include: immediately upon receiving the material at a government/police agency, or
39、 as a check by police or prosecution teams prior to court, or for checking at any time during court proceedings. The information contained within the flow is not defined within the present document, except where it is noted that parameters (such as identifiers or timestamps) would be needed in order
40、 to meet the requirements. A.2 Techniques for providing assurance for LI or RD material as evidence A.2.1 Approaches to providing assurance There is a wide range of jurisdictions in which LI/RD material is used in evidence. There is a wide range of approaches to providing assurance to LI/RD material
41、. Specifically approaches can be broadly categorized as: - Process-based: Some countries/jurisdictions use an approach based on demonstrating that the processes followed were in accordance with approved procedures. EXAMPLE 1: Use a published procedure for how a Retained Data response file is stored,
42、 and demonstrate that these procedures had been followed. - Cryptography-based: Some countries/jurisdictions use an approach based on cryptographic assurance of the integrity and origin of material. EXAMPLE 2: If material is signed using a private key which has been stored securely, there is cryptog
43、raphic assurance that it was produced by the owner of the private key. Many countries/jurisdictions use a mix of both process-based assurance and cryptographic assurance. ETSI ETSI TS 103 307 V1.1.1 (2016-04)9 The present document does not state that one approach is fundamentally better than the oth
44、er. It is national choice whether to use a process-based approach or a cryptographic approach, or a mixture of the two. The present document provides a “toolkit“ of cryptographic techniques which can be used. The present document describes the requirements and assurance that each technique could pot
45、entially fulfil. A threat analysis should be performed on a national basis to determine the overall mixture of techniques required. It is important that systems are designed to avoid a “bid-down“ attack where techniques can be selected which are not appropriate for the threats they are trying to mit
46、igate. The following approaches are all examples of appropriate ways to provide evidential assurance (clearly the level of assurance provided will depend on the details used and the requirements that need to be met within the given legislation): 1) Fully process-based approach. Material is handled i
47、n accordance with a well-documented process, and appropriate records are kept to demonstrate that the process was followed and those involved were appropriately trained. This approach is not addressed further in the present document. 2) Use of hashes to add evidential assurance. Some assurance requi
48、rements can be met by the use of hashes, though others requirements (around the origin of material) would be handled separately, including the storage of the hashes securely at the originator. 3) Use of hashes and signatures to add evidential weight. This can provide assurance of the integrity and o
49、rigin of the material and relies on the cryptographic material being stored securely. This list is not exhaustive. It may be decided to start with elements of approach 1 and (where required) to move through approach 2 and eventually on to step 3 of the above list, though this progression is not essential. A.2.2 Definition of two techniques The following two techniques match the descriptions from the list in the clause A.2.1. - “Hash-only technique“: An example of item 2 in the list in clause A.2.1 is to use hashes to give assurance to Retaine
