1、 ETSI TS 103 436 V1.1.1 (2016-08) Reconfigurable Radio Systems (RRS); Security requirements for reconfigurable radios TECHNICAL SPECIFICATION ETSI ETSI TS 103 436 V1.1.1 (2016-08)2 Reference DTS/RRS-03012 Keywords security, software ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
2、 Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made
3、available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the
4、only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and
5、other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or
6、 utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend
7、 to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members a
8、nd of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 103 436 V1.1.1 (2016-08)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g3
9、2.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 Review of objectives and high level requirements . 8g35 Countermeasure framework . 11g35.1 Notes for interpretation 11g35.2 Identity management and authentication 11g35.3 Document integrity
10、 proof and verification . 12g35.3.1 Overview of process . 12g35.4 Non-repudiation framework . 13g35.4.1 Overview of non-repudiation 13g35.4.2 Stage 1 model for non-repudiation . 14g35.4.2.1 Procedures . 14g35.4.2.1.1 Provision/withdrawal . 14g35.4.2.1.2 Normal procedures 14g35.4.2.1.3 Exceptional pr
11、ocedures 15g35.4.2.2 Interactions with other security services . 15g36 Information flows and reference points (stage 2) . 15g36.1 Overview 15g36.2 Confidentiality 17g36.3 Integrity 18g36.4 Identity management 18g36.5 Non-Repudiation services 19g36.5.1 Non-repudiation stage 2 models . 19g37 Protocol
12、sequences and data content (stage 3) . 20g37.1 Confidentiality 20g37.1.1 Data in transit (encryption) . 20g37.1.2 Data in storage (access control) 20g37.2 Integrity 21g37.2.1 Data in transit 21g37.2.2 Data in storage 21g37.2.2.1 Single storage point . 21g37.2.2.2 Distributed storage points . 21g37.3
13、 Combined authentication and integrity using digital signature 22g37.4 Non-repudiation service . 22g38 Cryptographic algorithm and key considerations . 23g38.1 Symmetric cryptography 23g38.2 Asymmetric cryptography 23g3Annex A (informative): Cost benefit analysis for countermeasure application 24g3A
14、.1 Sample calculation . 24g3A.2 Standards design . 26g3A.3 Implementation . 26g3ETSI ETSI TS 103 436 V1.1.1 (2016-08)4 A.4 Operation 27g3A.5 Regulatory impact 27g3A.6 Market acceptance 27g3Annex B (informative): Password policy guide . 29g3Annex C (informative): Key lifetime and verification guideli
15、nes . 31g3C.1 General . 31g3C.2 Symmetric cryptography 31g3C.3 Asymmetric cryptography 31g3C.4 Export control . 31g3Annex D (informative): PKI considerations for RRS 33g3D.1 What is a Public Key Infrastructure? . 33g3D.2 Authorities in RRS and their PKI role 34g3D.3 Assignments of RRS roles to PKI 3
16、6g3D.3.1 Model 1: New Root Authority for RRS in the EU . 36g3D.3.2 Model 2: Existing authorities assigning one entity as root . 36g3D.4 Alternative models to PKI for key management 36g3D.4.1 General considerations . 36g3D.4.2 Self signed certificates 36g3History 37g3ETSI ETSI TS 103 436 V1.1.1 (2016
17、-08)5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Pr
18、operty Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR s
19、earches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been pro
20、duced by ETSI Technical Committee Reconfigurable Radio Systems (RRS). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (V
21、erbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 436 V1.1.1 (2016-08)6 1 Scope The present document defines the security requirements for reconfigurable radio systems arising from the the u
22、se case analysis in ETSI TR 103 087 i.1. The present document applies to the lifecycle of Radio Application Packages between a Radio application store and an RRS Reconfigurable Equipment. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or e
23、dition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected
24、location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 Federa
25、l Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. 2 Federal Information Processing Standards (FIPS) 186-4, Digital Signature Standard (DSS). 3 Federal Information Processing Standards Publication (FIPS) 180-4, Secure Hash Standard.
26、4 Federal Information Processing Standards Publication (FIPS) 197, Advanced Encryption Standard. 5 Recommendation ITU-T X.509: Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. 6 ETSI TS 102 778-1: “ Electronic Signatures and Infr
27、astructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES“. NOTE: The above standard is composed of multiple parts and implementation of the framework may require implementation of requirements stated in other parts of the standard. 7 IETF
28、 RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2“. 8 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 9 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 20
29、14 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. 10 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation Criteria for IT security - Part 2: Security functional components“. 11 ETSI TS 102
30、165-2: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 2: Protocol Framework Definition; Security Counter Measures“. 12 ISO/IEC ISO/IEC 10181-2: “Information technology - Open Systems Interconnection - Security framework
31、s for open systems: Authentication framework - Part 2“. 13 ETSI EN 319 142: “Electronic Signatures and Infrastructures (ESI); PAdES digital signatures“. 14 ETSI EN 319 132: “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures“. ETSI ETSI TS 103 436 V1.1.1 (2016-08)7 15 ETSI EN
32、319 122: “Electronic Signatures and Infrastructures (ESI); CAdES digital signatures“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For no
33、n-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for
34、the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 103 087: “Reconfigurable Radio Systems (RRS); Security related use cases and threats in Reconfigurable Radio Systems“. i.2 BlueKrypt: Cryptographic Key Length Recommendation. NOTE:
35、Available at http:/. i.3 ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.4 ISO/IEC 10181-4:1997: “Information technology - Open Syste
36、ms Interconnection - Security frameworks for open systems: Non-repudiation framework - Part 4“. i.5 Shannon, Claude E. (July/October 1948). “A Mathematical Theory of Communication“. Bell System Technical Journal 27 (3): 379-423. i.6 Marcelo A. Montemurro, Damin H. Zanette: “Universal Entropy of Word
37、 Ordering Across Linguistic Families“. NOTE: Available at http:/www.ncbi.nlm.nih.gov/pmc/articles/PMC3094390/ as PMCID: PMC3094390. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 103 087 i.1 apply. 3.2 Abbreviation
38、s For the purposes of the present document, the abbreviations given in ETSI TR 103 087 i.1 and the following apply: DoS Denial of Service DDoS Distributed Denial of Service IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity OSI Open System for Interconnection
39、PKC Public Key Certificate PKI Public Key Infrastructure PMCID PubMed Central reference number TSF ToE Security Functions TTP Trusted Third PartyETSI ETSI TS 103 436 V1.1.1 (2016-08)8 4 Review of objectives and high level requirements The objectives stated in ETSI TR 103 087 i.1 are copied in table
40、1 and classified in terms of the form of security function that is required to meet the objective. In addressing each objective the form of countermeasure required is discussed in some detail and the overall class or strategy of countermeasure is indicated. Table 1: Review of security objectives Id
41、Text of objective Countermeasure Strategy 1 The RRS platform should provide means to ensure that the content of communication between the application store and the RE are protected from exposure to unauthorised 3rdparties (see note 1) Encryption of content (it is assumed that the link is open (radio
42、 broadcast) and that the adversary is able to eavesdrop/intercept the content). Confidentiality 2 The RRS should provide means to verify that the content of communication between the application store and RE has not been manipulated prior to processing at receipt (see note 1) Integrity check sum add
43、ed to content. Integrity 3 The RRS platform should provide means for the application store to verify the identity of the RE (see note 2) The RE shall have a unique application store access identity that is bound to a set of credentials shared between the application store and the RE. The identity ma
44、y be selected by the user of the RE (open market scenario) or may be defined by the RE manufacturer (closed market scenario). Authentication and Identity Management 4 The RRS platform should provide means for the RE to verify the identity of the application store (see note 3) The application store s
45、hall have an unique name that is tied to its attribute as an application store for RRS in the form of a public key certificate with an attribute extension when operating in an open environment but if operating in a closed environment may allow for authentication using a conventional challenge respon
46、se protocol in a shared secret mode Authentication and Identity Management 5 The RRS platform should provide means to detect and prevent denial of access to the communications channel between the application store and the RE It is possible to limit the entities allowed to offer traffic to the networ
47、k through an access control policy. In addition DoS (and DDoS) attacks may be mitigated by using resilient and redundant network paths (i.e. mitigation by network topology design) Access Control, Network Topology 6 The RRS platform should provide means to verify that the RAP has not been modified be
48、tween having been made available by the RAP originator and having been downloaded on the RE The originator of the RAP shall create a signed hash of the RAP, and supply the signature with the attribute certificate of the RAP allowing verification of the hash and signature by the receiving party using
49、 the contained public key Integrity 7 The RRS platform should provide means for the RE to verify the source of the content supplied via the Radio application store As above where the RAP has been signed by the originator verification of the signature shall result in proof of the source of the RAP Authentication and Identity Management 8 The RRS platform should provide means to prevent the application store denying provision of an application to the RE Proof may be lodged with a trusted 3rdparty or may be ma
