1、 ETSI TS 103 307 V1.3.1 (2018-04) CYBER; Security Aspects for LI and RD Interfaces TECHNICAL SPECIFICATION ETSI ETSI TS 103 307 V1.3.1 (2018-04)2 Reference RTS/CYBER-0031 Keywords cyber security, lawful interception, retained data ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE T
2、el.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made av
3、ailable in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the on
4、ly prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and ot
5、her ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or u
6、tilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend t
7、o reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M
8、 logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 307 V1.3.1 (2018-04)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative referen
9、ces . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Structure of document and list of relevant interfaces . 7g34.1 Introduction 7g34.2 List of LI and RD items covered in the present document . 8g35 Common techniques . 8g35.1 Introdu
10、ction 8g35.2 Hash algorithms 8g3Annex A (normative): Providing assurance for LI or RD material as evidence 9g3A.1 Statement of problem . 9g3A.2 Techniques for providing assurance for LI or RD material as evidence 9g3A.2.1 How to use the present document . 9g3A.2.2 Types of technique . 10g3A.2.3 Tech
11、niques in the present document 10g3A.3 Detailed definition for hash-only technique in the context of Retained Data 10g3A.3.1 Summary 10g3A.3.2 Terminology used in clause A.3 . 10g3A.3.3 Processes and testing 11g3A.3.3.1 Process at CSP 11g3A.3.3.1.1 Creation of response 11g3A.3.3.1.2 Retrieval of a h
12、ash for a given piece of Evidence Data. 11g3A.3.3.2 Process at any LEA systems handling the Evidence Data 11g3A.3.3.3 Process for use in legal proceedings . 11g3A.3.3.4 Recommended testing and assurance process at LEA Receiver . 11g3A.3.4 Choice of hashing algorithms . 12g3A.3.5 Meta-data required .
13、 12g3A.3.5.1 Mandatory details . 12g3A.3.5.2 Additional details 12g3A.3.6 Associating hashes with the Evidence Data . 13g3A.3.7 Storing information at the CSP . 13g3A.3.8 Other notes . 13g3Annex B (informative): Security issues for global, third-party or virtualised functionality for Retained Data f
14、unctionality 14g3B.1 Introduction 14g3B.2 Reference model and recommendations for Retained Data . 14g3B.2.1 Introduction 14g3B.2.2 Reference models/use cases . 14g3B.2.3 Approaches to meeting the challenges . 17g3B.2.3.0 Introduction. 17g3B.2.3.1 Principle 1: Data in transit protection . 18g3B.2.3.2
15、 Principle 2: Asset protection and resilience 18g3ETSI ETSI TS 103 307 V1.3.1 (2018-04)4 B.2.3.3 Principle 3: Separation between consumers 18g3B.2.3.4 Principle 4: Governance framework . 18g3B.2.3.5 Principle 5: Operational security 19g3B.2.3.6 Principle 6: Personnel security 19g3B.2.3.7 Principle 7
16、: Secure development 20g3B.2.3.8 Principle 8: Supply chain security 20g3B.2.3.9 Principle 9: Secure consumer management 20g3B.2.3.10 Principle 10: Identity and authentication 20g3B.2.3.11 Principle 11: External interface protection . 21g3B.2.3.12 Principle 12: Secure service administration 21g3B.2.3
17、.13 Principle 13: Audit information provision to consumers 21g3B.2.3.14 Principle 14: Secure use of the service by the consumer 22g3B.2.3.15 Table summarizing the principles . 22g3B.2.4 Other recommendations for virtualised or globalized Retained Data . 23g3B.2.4.0 Introduction. 23g3B.2.4.1 Location
18、 information 23g3B.2.4.2 Times and storage . 23g3B.2.4.3 Logs, audit and records for evidence 23g3Annex C (informative): Change History 24g3History 25g3ETSI ETSI TS 103 307 V1.3.1 (2018-04)5 Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverab
19、les may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of
20、ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other I
21、PRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownershi
22、p of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with
23、those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpr
24、eted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 307 V1.3.1 (2018-04)6 1 Scope The present document specifies security processes
25、 and techniques for LI and RD systems. The present document is limited to: 1) The provision of evidential assurance of RD material. 2) Security issues around the role for global, third-party or virtualised components for RD systems. Future versions of the present document will cover: 1) Assurance of
26、 the integrity and originator of approvals/authorizations. 2) Security aspects of internal interfaces for Lawful Interception. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specifi
27、c references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. N
28、OTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 FIPS Publication 180-4 (2015): “Secure Hash Standard (SHS)“. 2.2 In
29、formative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendmen
30、ts) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular
31、subject area. i.1 ETSI TS 102 657: “Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data“. i.2 ETSI TS 102 232-1: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specifica
32、tion for IP delivery“. i.3 ETSI TS 102 918: “Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (AsiC)“. i.4 CESG guidance: “Cloud Security Guidance: Implementing Cloud Security Principles“. NOTE 1: Available at https:/www.ncsc.gov.uk/guidance/implementing-cloud-securit
33、y-principles. ETSI ETSI TS 103 307 V1.3.1 (2018-04)7 NOTE 2: Text extracted from i.4 and used in the present document is in italics and done according to the Open Government Licence available at http:/www.nationalarchives.gov.uk/doc/open-government-licence/version/1/open-government-licence.htm. i.5
34、ETSI TS 102 656: “Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data“. i.6 ETSI GS NFV-SEC 010: “Network Functions Virtualisation (NFV); NFV Security; Report on Retained Data problem statement and requirements“. 3 Definitions and abbreviation
35、s 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TS 102 657 i.1 and the following apply: third party: organization other than the CSP or LEA who is engaged to assist in providing RD or LI services NOTE: Often the phrase “Trusted Third Party“ is used
36、. Clearly the CSP or LEA are expected to engage Third Parties whom they consider to be trusted. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: CESG Communications Electronic Security Group CSP Communications Service Provider LEA Law Enforcement Agency
37、LI Lawful Interception PDF Portable Document Format RD Retained Data SHA Secure Hash Algorithm XML Extensible Markup Language 4 Structure of document and list of relevant interfaces 4.1 Introduction The present document considers the list of particular information flows and interfaces for RD and LI
38、specified in clause 4.2. It examines them from a security (confidentiality, integrity and authenticity) perspective and specifies implementation details (technologies, algorithms, options, minimum requirements on keys, etc.g895g856 An underlying reference model for LI is given in ETSI TS 102 232-1 i
39、.2 and an underlying reference model for RD is given in ETSI TS 102 657 i.1. Certain techniques are applicable to more than one information flow or interface. Generic techniques are addressed in clause 5. For each information flow or interface, the present document contains the following information
40、 (where applicable): Statement of the problem, including reference model. Identification of the threats and risks to the extent it is appropriate to publish in a standard. Statement of the techniques which are recommended as a solution. ETSI ETSI TS 103 307 V1.3.1 (2018-04)8 4.2 List of LI and RD it
41、ems covered in the present document The present document addresses the following LI and RD items: 1) Providing evidential assurance of LI or RD material (annex A). 2) Security issues around the role for global, third-party or virtualised components of Retained Data facilities (annex B). The followin
42、g topics will be covered in future versions of the present document: 1) Assurance of the integrity and originator of approvals/authorizations. 2) Security aspects of internal interfaces for Lawful Interception. 5 Common techniques 5.1 Introduction The following techniques are used in a number of the
43、 annexes of the present document: Algorithms for hashing data. The following techniques will be included in future versions of the present document: Digital signature algorithms. Procedures for Trusted timestamp. Transport-layer security. 5.2 Hash algorithms The SHA-256 algorithm shall be as defined
44、 in FIPS Publication 180-4 1. The SHA-512 algorithm shall be as defined in FIPS Publication 180-4 1. ETSI ETSI TS 103 307 V1.3.1 (2018-04)9 Annex A (normative): Providing assurance for LI or RD material as evidence A.1 Statement of problem The requirement is to provide assurance about the integrity
45、of the LI or RD material (i.e. to help with assurance that it has not been altered during the course of delivery and/or storage with end user authorities) and to provide assurance about the originator of the material (i.e. the organization that produced it). The present document does not look at any
46、 requirement for confidentiality in this annex. The goal of this clause is to add assurance to LI or RD material if it is presented as evidence in court. The present document does not attempt to examine legal aspects and no assurance is given that the process in the present document provides a compl
47、ete or adequate level of assurance for any particular jurisdiction. The reference model for this clause consists of two parties: The originator: the party that creates the material and wishes to provide assurance about its integrity and origin. The receiver: the party that wishes to check the integr
48、ity and originator of the material. In a typical situation: The originator is the CSP, and the information flow starts at the point where material is selected by the CSP for use as RD or LI. The present document does not examine the integrity of existing CSP business records. The receiver is whereve
49、r there is a requirement to check the integrity and origin. This can include: - immediately upon receiving the material at a government/police agency; or - as a check by police or prosecution teams prior to court; or - for checking at any time during court proceedings. The information contained within the flow is not defined within the present document, except where it is noted that parameters (such as identifiers or timestamps) would be needed in order to meet the requirements. A.2 Techniques for providing assurance for LI or
