1、 ETSI TS 122 048 V5.0.0 (2003-06)Technical Specification Digital cellular telecommunications system (Phase 2+);Universal Mobile Telecommunications System (UMTS);Security Mechanisms for the (U)SIM application toolkit;Stage 1(3GPP TS 22.048 version 5.0.0 Release 5)GLOBAL SYSTEM FOR MOBILE COMMUNICATIO
2、NSRETSI ETSI TS 122 048 V5.0.0 (2003-06) 1 3GPP TS 22.048 version 5.0.0 Release 5 Reference RTS/TSGT-0322048v500 Keywords GSM, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but
3、 non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived d
4、ifference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be awar
5、e that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No
6、 part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the be
7、nefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 122 048 V5.0.0 (2003-06) 2 3GPP TS 22.04
8、8 version 5.0.0 Release 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 3
9、14: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy,
10、 no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technic
11、al Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI d
12、eliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp . ETSI ETSI TS 122 048 V5.0.0 (2003-06) 3 3GPP TS 22.048 version 5.0.0 Release 5 Contents Intellectual Property Rights2 Foreword.2 Foreword.4 1 Scope 5 2 References
13、 5 3 Definitions and abbreviations.5 3.1 Definitions5 3.2 Abbreviations .6 4 Introduction 6 5 Security requirements.7 5.1 Authentication 8 5.1.1 Definition8 5.1.2 Purpose .8 5.1.3 Functional requirements .8 5.2 Message integrity .9 5.2.1 Definition9 5.2.2 Purpose .9 5.2.3 Functional requirements .9
14、5.3 Replay detection and sequence integrity 9 5.3.1 Definition9 5.3.2 Purpose .9 5.3.3 Functional requirements .9 5.4 Proof of receipt and proof of execution9 5.4.1 Definition9 5.4.2 Purpose .10 5.4.3 Functional requirements .10 5.5 Message confidentiality10 5.5.1 Definition10 5.5.2 Purpose .10 5.5.
15、3 Functional requirements .10 5.6 Security management .10 6 Normal procedures .11 6.1 Security mechanisms11 6.1.1 Authentication mechanisms11 6.1.2 Message integrity mechanisms .11 6.1.3 Replay detection and sequence integrity mechanisms 11 6.1.4 Proof of receipt mechanisms.11 6.1.5 Message confiden
16、tiality mechanisms .12 6.2 Security mechanisms and recommended combinations .12 6.2.1 Non-cryptographic mechanisms .12 6.2.2 Cryptographic mechanisms.12 6.2.3 Recommended combinations of cryptographic mechanisms 13 7 Exceptional procedures 13 7.1 Authentication or integrity failure 13 7.2 Sequence a
17、nd replay detection failure13 7.3 Proof of receipt failure .13 Annex A (informative): Change History 14 History 15 ETSI ETSI TS 122 048 V5.0.0 (2003-06) 4 3GPP TS 22.048 version 5.0.0 Release 5 Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). T
18、he contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number a
19、s follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates
20、, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 122 048 V5.0.0 (2003-06) 5 3GPP TS 22.048 version 5.0.0 Release 5 1 Scope The present document provides standardised security mechanisms in conjunction with the SIM Application To
21、olkit for the interface between a 3G or GSM PLMN Entity and a UICC. The security mechanisms which are specified are independent of applications. The present document describes the functional requirements of the security mechanisms with the implementation detail of these mechanisms being described in
22、 the stage 2 specification (TS 23.048). The present document is the result of a feasibility study carried out on this topic, contained in GSM 11.15. Within the scope of this document, the UICC refers here to a ICC which support at least one application in order to access a cellular network. The ICC
23、is considered as a platform, which is either based on TS 31.101 13, here called “3G platform“, or TS 51.011 23, here called “2G platform“. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are eith
24、er specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a no
25、n-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 2 3GPP TS 23.048: “Security Mechanisms for the (U)SIM Application Toolkit - Stage 2“. 3 3GPP TS 31.111: “USIM Application
26、 Toolkit (USAT)“. 4 ETR 330: “STAG; A guide to the legislative and regulatory environment“. 5 3GPP TS 31.101: “UICC-Terminal Interface; Physical and Logical Characteristics“ 6 3GPP TS 51.011: “Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface“ 3 Definitions and
27、abbreviations 3.1 Definitions For the purpose of the present document, the following terms and definitions apply: Application Layer: layer above the Transport Layer on which the Application Messages are exchanged between the Sending and Receiving Applications. Application Message: package of command
28、s or data sent from the Sending Application to the Receiving Application, or vice versa, independently of the transport mechanism. An Application Message is transformed with respect to a chosen Transport Layer and chosen level of security into one or more secured packets. ETSI ETSI TS 122 048 V5.0.0
29、 (2003-06) 6 3GPP TS 22.048 version 5.0.0 Release 5 Counter: mechanism or data field used for keeping track of a message sequence. This could be realised as a sequence oriented or time stamp derived value maintaining a level of synchronisation. Cryptographic Checksum: string of bits derived from som
30、e secret information, (e.g. a secret key), part or all of the Application Message, and possible further information (e.g. part of the Security Header). The secret key is known to the Sending Entity and to the Receiving Entity. The Cryptographic Checksum is often referred to as Message Authentication
31、 Code. Digital Signature: string of bits derived from some secret information, (e.g. a secret key), the complete Application Message, and possible further information (e.g. part of the Security Header). The secret information is known only to the Sending Entity. Although the authenticity of the Digi
32、tal Signature can be proved by the Receiving Entity, the Receiving Entity is not able to reproduce the Digital Signature without knowledge of the secret information owned by the Sending Entity. Receiving Application: this is the entity to which the Application Message is destined. Receiving Entity:
33、this is the entity where the Secured Packet is received (e.g. SMS-SC, UICC, USSD entry point, or dedicated (U)SIM Toolkit Server) and where the security mechanisms are utilised. The Receiving Entity processes the Secured Packets. Redundancy Check: string of bits derived from the Application Message
34、and possible further information for the purpose of detecting accidental changes to the message, without the use of any secret information. Secured Packet: information flow on top of which the level of required security has been applied. An Application Message is transformed with respect to a chosen
35、 Transport Layer and chosen level of security into one or more Secured Packets. Security Header: that part of the Secured Packet which consists of all security information (e.g. counter, key identification, indication of security level, checksum or Digital Signature). Sender Identification: this is
36、the simple verification of the identity of the Sending Entity by the Receiving Entity comparing the sender identity with an apriori stored identity of the sender at the Receiving Entity. Sending Application: entity generating an Application Message to be sent. Sending Entity: this is the entity from
37、 which the Secured Packet originates (e.g. SMS-SC, UICC, USSD entry point, or dedicated (U)SIM Toolkit Server) and where the security mechanisms are invoked. The Sending Entity generates the Secured Packets to be sent. Status Code: this is an indication that a message has been received (correctly or
38、 incorrectly, indicating reason for failure). Transport Layer: this is the layer responsible for transporting Secured Packets through the 3G and/or GSM network. The transport layer implements one or more transport mechanisms, (e.g. SMS or USSD). Unsecured Acknowledgement: this is a Status Code inclu
39、ded in a response message. 3.2 Abbreviations Abbreviations used in the present document are listed in TR 21.905 1. 4 Introduction The USIM Application Toolkit as described in TS 31.111 3is a set of commands and procedures for use during the network operation phase of 3G and GSM. It allows operators
40、to create specific applications resident on the UICC. There exists a need to secure USIM Application Toolkit related communication over the 3G and GSM network, (e.g. SMS, USSD, and future transport mechanisms) with the level of security chosen by the network operator or the application provider. It
41、is assumed in the present document that the Sending and Receiving Entities are in a secure environment. The appropriate security mechanisms are described in the present document. ETSI ETSI TS 122 048 V5.0.0 (2003-06) 7 3GPP TS 22.048 version 5.0.0 Release 5 The security mechanisms cover the followin
42、g security requirements: - unilateral authentication from network to UICC; - unilateral authentication from UICC to network; - message integrity; - replay detection; - proof of receipt; - message confidentiality. Security Security (e.g. USSD, SMS) (e.g. SMS-SC) (e.g. a bank) (e.g. UICC resident appl
43、ication) (e.g. UICC) (e.g. SMS-SC) (e.g. UICC) (e.g. UICC resident application) (e.g. a bank resident application) Information flow Sending Entity Transport Mech. Receiving Entity Receiving Application Sending Application Figure 1: System overview 5 Security requirements The Application Message is t
44、ransferred from the Sending Application to the Receiving Application in one or more Secured Packets via a Sending Entity and a Receiving Entity, or group of Receiving Entities. The Receiving Entity is then responsible for reconstructing the Application Message from the received Secured Packets for p
45、resentation to the target Receiving Application. It is possible that there are several Receiving Entities and Applications. The Sending Application shall indicate to the Sending Entity the security mechanisms to be applied to the Application Message. This shall be indicated in the Secured Packet. Th
46、e Receiving Entity shall indicate to the Receiving Application the security mechanisms applied to the Secured Packet, in a secure manner. The interface between the Sending Application and the Sending Entity, and the interface between the Receiving Entity and Receiving Application are not defined. ET
47、SI ETSI TS 122 048 V5.0.0 (2003-06) 8 3GPP TS 22.048 version 5.0.0 Release 5 The security requirements to satisfy when transferring Application Messages from the Sending Entity to the Receiving Entity that have been considered are: - authentication; - message integrity; - replay detection and sequen
48、ce integrity; - proof of receipt and proof of execution; - message confidentiality; - indication of the security mechanisms used. Mechanisms to satisfy the above requirements will be governed by the following assumptions: - in general, security is provided for each Secured Packet transmitted (an App
49、lication Message may be broken into several Secured Packets, each of which shall have identical security mechanisms applied to it; - there should be the ability to turn mechanisms on and off on a per Application Message basis, with an indication of the status transmitted with the message; - security related information used should be independent of that used with existing 3G or GSM network keys; - third party applications may have access to the Sending Entity, however this is considered to be an internal network security issue and therefore outside of
