1、 ETSI TS 103 436 V1.2.1 (2018-02) Reconfigurable Radio Systems (RRS); Security requirements for reconfigurable radios TECHNICAL SPECIFICATION ETSI ETSI TS 103 436 V1.2.1 (2018-02)2 Reference RTS/RRS-0315 Keywords security, software ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
2、Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made a
3、vailable in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the o
4、nly prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and o
5、ther ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or
6、utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend
7、to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M
8、 logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 436 V1.2.1 (2018-02)3 Contents Intellectual Property Rights 6g3Foreword . 6g3Modal verbs terminology 6g31 Scope 7g32 References 7g32.1 Normative refere
9、nces . 7g32.2 Informative references 8g33 Definitions and abbreviations . 10g33.1 Definitions 10g33.2 Abbreviations . 10g33a RRS platform security classifications 11g33a.1 Overview 11g33a.2 Signature validation 11g33a.3 Signature creation . 11g33a.4 Trusted timestamp 11g33a.4.1 General requirements
10、11g33a.4.2 PKI based trusted timestamps . 11g33a.4.3 Blockchain based trusted timestamps . 12g33a.5 Secure storage 12g33a.6 Remote attestation 12g33a.7 Configuration control . 12g33a.7.1 Local configuration control. 12g33a.7.2 Remote configuration control . 13g33a.7.3 Long term management 13g34 Revi
11、ew of objectives and high level requirements . 13g35 Countermeasure framework . 21g35.1 Notes for interpretation 21g35.2 Identity management and authentication 21g35.2.1 Identity of entities in RAP and DoC lifecycle 21g35.2.2 Class and role based identity. 23g35.3 Document integrity proof and verifi
12、cation . 24g35.3.1 Overview of process . 24g35.4 Non-repudiation framework . 25g35.4.1 Overview of non-repudiation 25g35.4.2 Stage 1 model for non-repudiation . 26g35.4.2.1 Procedures . 26g35.4.2.1.1 Provision/withdrawal . 26g35.4.2.1.2 Normal procedures 26g35.4.2.1.3 Exceptional procedures 26g35.4.
13、2.2 Interactions with other security services . 26g36 Information flows and reference points (stage 2) . 27g36.1 Overview 27g36.2 Confidentiality 28g36.3 Integrity 30g36.4 Identity management 31g36.5 Non-Repudiation services 31g36.5.1 Non-repudiation stage 2 models . 31g37 Protocol sequences and dat
14、a content (stage 3) . 33g37.1 Confidentiality 33g37.1.1 Data in transit (encryption) . 33g37.1.2 Data in storage (access control) 33g37.2 Integrity 34g3ETSI ETSI TS 103 436 V1.2.1 (2018-02)4 7.2.1 Data in transit 34g37.2.2 Data in storage 34g37.2.2.1 Single storage point . 34g37.2.2.2 Distributed st
15、orage points . 34g37.3 Combined authentication and integrity using digital signature 35g37.4 Non-repudiation service . 35g38 Cryptographic algorithm and key considerations . 36g38.1 Symmetric cryptography 36g38.2 Asymmetric cryptography 36g39 Provision of root of trust 36g310 Remote attestation serv
16、ice 37g310.1 Applicability . 37g310.2 Scope of remote attestation service 37g310.3 Dependencies of remote attestation service 38g311 Configuration control service . 38g311.1 Overview 38g311.2 RE Configuration record format . 38g311.3 Policy enforcement . 38g311.3.1 XACML Model 38g311.3.2 TCG TPM Mod
17、el 40g311.4 Remote configuration control service. 40g311.5 Long-term management service . 41g3Annex A (informative): Cost benefit analysis for countermeasure application 43g3A.1 Sample calculation . 43g3A.2 Standards design . 45g3A.3 Implementation . 45g3A.4 Operation 46g3A.5 Regulatory impact 46g3A
18、.6 Market acceptance 46g3Annex B (informative): Password policy guide . 48g3Annex C (informative): Key lifetime and verification guidelines . 50g3C.1 General . 50g3C.2 Symmetric cryptography 50g3C.3 Asymmetric cryptography 50g3C.4 Export control . 50g3Annex D (informative): PKI considerations for RR
19、S 52g3D.1 What is a Public Key Infrastructure? . 52g3D.2 Authorities in RRS and their PKI role 53g3D.3 Assignments of RRS roles to PKI 55g3D.3.1 Model 1: New Root Authority for RRS in the EU . 55g3D.3.2 Model 2: Existing authorities assigning one entity as root . 55g3D.4 Alternative models to PKI fo
20、r key management 55g3D.4.1 General considerations . 55g3D.4.2 Self signed certificates 55g3Annex E (informative): The electronic signature regulation (eIDAS) . 56g3ETSI ETSI TS 103 436 V1.2.1 (2018-02)5 E.1 Overview 56g3E.2 eIDAS elements 56g3E.3 Provisions required for eIDAS in RRS and digital vari
21、ants of DoC 56g3Annex F (normative): ASN.1 OID definitions . 58g3Annex G (normative): Implementation Conformance Statement 59g3G.0 The right to copy 59g3G.1 Introduction 59g3G.2 Guidance for completing the ICS pro forma 59g3G.2.1 Purposes and structure 59g3G.2.2 Abbreviations and conventions 59g3G.2
22、.3 Instructions for completing the ICS pro forma . 61g3G.3 Identification of equipment and role 61g3G.4 Global statement of conformance . 61g3G.5 ICS pro forma tables. 61g3G.5.1 Security tier 61g3G.5.2 Major capabilities . 61g3G.5.3 Trusted timestamp 62g3G.6 Tabulated mandates 62g3Annex I (informati
23、ve): Change History 65g3History 66g3ETSI ETSI TS 103 436 V1.2.1 (2018-02)6 Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availabl
24、e for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (
25、https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, e
26、ssential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduc
27、e any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Reconfigu
28、rable Radio Systems (RRS). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provision
29、s). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 436 V1.2.1 (2018-02)7 1 Scope The present document defines the security requirements for reconfigurable radio systems arising from the use case analysis in ETSI TR 103 087 i.1. The pr
30、esent document applies to the lifecycle of Radio Application Packages between a Radio application store and an RRS Reconfigurable Equipment. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specifi
31、c. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.o
32、rg/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 Federal Information Processing Standard (FIPS) 202,
33、SHA-3 Standard: “Permutation-Based Hash and Extendable-Output Functions“. 2 Federal Information Processing Standards (FIPS) 186-4: “Digital Signature Standard (DSS)“. 3 Federal Information Processing Standards Publication (FIPS) 180-4: “Secure Hash Standard“. 4 Federal Information Processing Standar
34、ds Publication (FIPS) 197: “Advanced Encryption Standard“. 5 Recommendation ITU-T X.509: “Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks“. 6 ETSI TS 102 778-1: “Electronic Signatures and Infrastructures (ESI); PDF Advanced Elect
35、ronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES“. NOTE: The above standard is composed of multiple parts and implementation of the framework may require implementation of requirements stated in other parts of the standard. 7 IETF RFC 5246: “The Transport Layer Secur
36、ity (TLS) Protocol Version 1.2“. 8 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. 9 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and t
37、rust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. 10 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation Criteria for IT security - Part 2: Security functional components“. 11 Void. 12 Void. 13 ETSI EN 319 142 (all parts): “E
38、lectronic Signatures and Infrastructures (ESI); PAdES digital signatures“. 14 ETSI EN 319 132 (all parts): “Electronic Signatures and Infrastructures (ESI); XAdES digital signatures“. ETSI ETSI TS 103 436 V1.2.1 (2018-02)8 15 ETSI EN 319 122 (all parts): “Electronic Signatures and Infrastructures (E
39、SI); CAdES digital signatures“. 16 Void. 17 Void. 18 Void. 19 Void. 20 IETF RFC 3161: “Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)“. 21 ANSI X9.95: “Trusted Time Stamp Management and Security“. 22 Void. 23 Void. 24 ISO/IEC 9646-7: “Information technology - Open Systems Interco
40、nnection - Conformance testing methodology and framework - Part 7: Implementation Conformance Statements“. 25 TGC: “Trusted Platform Module Library; Part 1: Architecture; Family 2.0; Level 00 Revision 01.38; September 29, 2016“. 26 OASIS eXtensible Access Control Markup Language (XACML) Core Specifi
41、cation Version 3.0. 27 Void. 28 Recommendation ITU-T X.520: “Information technology Open Systems Interconnection The Directory: Selected attribute types“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-spec
42、ific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long ter
43、m validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 103 087: “Reconfigurable Radio Systems (RRS); Security related use cases and threats in Reconfigurable Radio Sys
44、tems“. i.2 BlueKrypt: Cryptographic Key Length Recommendation. NOTE: Available at http:/. i.3 ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Anal
45、ysis“. i.4 ISO/IEC 10181-4:1997: “Information technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framework - Part 4“. i.5 Shannon, Claude E. (July/October 1948). “A Mathematical Theory of Communication“. Bell System Technical Journal 27 (3): 379-423. i.
46、6 Marcelo A. Montemurro, Damin H. Zanette: “Universal Entropy of Word Ordering Across Linguistic Families“. PMCID: PMC3094390. NOTE: Available at http:/www.ncbi.nlm.nih.gov/pmc/articles/PMC3094390/. ETSI ETSI TS 103 436 V1.2.1 (2018-02)9 i.7 Bela Gipp, Norman Meuschke and Andr Gernandt: “Decentraliz
47、ed Trusted Timestamping using the Crypto Currency Bitcoin“, National Institute of Informatics Tokyo, Japan. i.8 Void. i.9 NIST SP 800-164: “Guidelines on Hardware-Rooted Security in Mobile Devices“. NOTE: Available at http:/csrc.nist.gov/publications/drafts/800-164/sp800_164_draft.pdf. i.10 ETSI TS
48、123 040: “3GPP TS 23.040: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Technical realization of the Short Message Service (SMS) (3GPP TS 23.040)“. i.11 ETSI TS 123 041: “3GPP TS 23.041: “Digital cellular telecommunications system (P
49、hase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Technical realization of Cell Broadcast Service (CBS) (3GPP TS 23.041)“. i.12 ETSI TR 103 502: “Reconfigurable Radio Systems (RRS); Applicability of RRS with existing Radio Access Technologies and core networks; Security aspects“. i.13 Directive 2014/53/EU of the European Parliament and of the Council of 16 April 2014 on the harmonisation of the laws of the Member States relating to the making avail
