1、 ETSI TS 1Universal Mobile TelKey estUniversal Integrated(3GPP TS 33.1TECHNICAL SPECIFICATION133 110 V13.0.0 (2016elecommunications System (LTE; stablishment between a ed Circuit Card (UICC) and a te.110 version 13.0.0 Release 1316-01) (UMTS); terminal 13) ETSI ETSI TS 133 110 V13.0.0 (2016-01)13GPP
2、 TS 33.110 version 13.0.0 Release 13Reference RTS/TSGS-0333110vd00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfec
3、ture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be
4、modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretaria
5、t. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send you
6、r comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of E
7、TSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI log
8、o are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 133 110 V13.0.
9、0 (2016-01)23GPP TS 33.110 version 13.0.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can
10、 be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI
11、 IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword
12、This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the correspo
13、nding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“
14、 are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 133 110 V13.0.0 (2016-01)33GPP TS 33.110 version 13.0.0 Release 1
15、3Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 5g3Introduction 5g31 Scope 6g32 References 6g33 Definitions, symbols and abbreviations . 7g33.1 Definitions 7g33.2 Symbols 7g33.3 Abbreviations . 8g34 Key Establishment between a UICC and a terminal 8g34.1
16、Reference model . 8g34.2 Network elements . 9g34.2.1 NAF Key Center . 9g34.3 Key establishment architecture and reference points . 9g34.3.1 Reference points . 9g34.3.2 Reference point Ub . 9g34.3.3 Reference point Ua . 9g34.4 General requirements and principles for key establishment between a UICC a
17、nd a Terminal 10g34.4.1 General requirements 10g34.4.2 Requirements on the terminal . 10g34.4.3 Requirements on the UICC hosting device . 10g34.4.4 Requirements on the UICC . 10g34.4.5 Requirements on the NAF Key Center . 11g34.4.6 Requirements on Ks_local key and associated parameters handling 11g3
18、4.5 Procedures 11g34.5.1 Initiation of key establishment between a UICC and a Terminal . 11g34.5.2 Key establishment procedure 12g3Annex A (normative): Key Derivation Function definition 16g3A.1 Ks_local key derivation in key establishment 16g3A.2 Input parameters for Ks_local key derivation 16g3Ann
19、ex B (normative): Key establishment UICC-Terminal interface . 17g3B.1 Local Key Establishment: Key Derivation procedure 17g3B.2 Local Key Establishment: Key Availability Check procedure . 18g3Annex C (normative): HTTP based key request procedure . 19g3C.1 Introduction 19g3C.2 Key request procedure 1
20、9g3C.2.1 Key request . 19g3C.2.2 Error situations . 20g3Annex D (informative): Signalling flows for key request procedure . 21g3D.1 Introduction 21g3D.2 Signalling flow demonstrating a successful key request procedure . 21g3ETSI ETSI TS 133 110 V13.0.0 (2016-01)43GPP TS 33.110 version 13.0.0 Release
21、 13Annex E (normative): XML schema for Key Request and Key Response . 24g3E.1 Introduction 24g3E.2 Key Request Format . 24g3E.2.1 Data Format 24g3E.2.2 Example 24g3E.3 Key Response Format 25g3E.3.1 Data Format 25g3E.3.2 Example 25g3Annex F (normative): TLS profiles 26g3F.1 TLS profile for certificat
22、e based mutual authentication between Terminal and NAF Key Center 26g3F.1.1 Introduction 26g3F.1.2 Protection mechanisms . 26g3F.2 TLS profile for Shared key-based mutual authentication between Terminal and NAF Key Center 26g3F.2.1 Introduction. 26g3F.2.2 Protection mechanisms . 26g3Annex G (informa
23、tive): Change history . 27g3History 28g3ETSI ETSI TS 133 110 V13.0.0 (2016-01)53GPP TS 33.110 version 13.0.0 Release 13Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within t
24、he TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for i
25、nformation; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have be
26、en incorporated in the document. Introduction The smart card, tamper resistant device, has a primary role of storing credentials and performing sensitive cryptographic computations, it also provides portability of the user credentials. The smart card is rarely a stand-alone device; it usually intera
27、cts with a terminal. Sensitive applications are often split between a smart card and a terminal with sensitive data exchanged between the two. Therefore, the need to establish a secure channel between a UICC and a terminal that may host the UICC or be connected to the device hosting the UICC via a l
28、ocal interface has been identified by different standardization groups in order to protect the communication between the UICC and the terminal. This document describes key establishment between a UICC and a terminal. ETSI ETSI TS 133 110 V13.0.0 (2016-01)63GPP TS 33.110 version 13.0.0 Release 131 Sc
29、ope The present document describes the security features and mechanisms to provision a shared key between a UICC and a terminal that may host the UICC or be connected to the device hosting the UICC via a local interface. Candidate applications to use this key establishment mechanism include but are
30、not restricted to secure channel between a UICC and a terminal ETSI TS 102 484 8. The scope of this specification includes an architecture overview and the detailed procedure how to establish the shared key between the UICC and the terminal. 2 References The following documents contain provisions wh
31、ich, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the
32、 latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 2 3GPP TS 31.101:
33、“UICC-terminal interface; Physical and logical characteristics“. 3 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 4 3GPP TS 22.259: “Service requirements for Personal Network Management (PNM); Stage 1“. 5 Void. 6 Void. 7 3GPP TS 33.222: “Generic Auth
34、entication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)“. 8 ETSI TS 102 484: “Smart Cards; Secure Channel between a UICC and an end-point Terminal“. 9 3GPP TS 24.008: “Mobile radio interface Layer 3 specification;
35、 Core network protocols; Stage 3“. 10 NIST, FIPS PUB 180-2: “Secure Hash Standard (SHS)“. 11 IETF RFC 4634 (2006): US Secure Hash Algorithms (SHA and HMAC-SHA). 12 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Message Authentication“. 13 3GPP TR 33.905: “Recommendations for Trusted Open Platforms“.
36、 14 TCG Mobile Phone Specifications, https:/www.trustedcomputinggroup.org/specs/mobilephone. 15 TCG Trusted Network Connect (TNC) Specifications, https:/www.trustedcomputinggroup.org/specs/TNC. 16 3GPP TS 29.109: “Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter
37、protocol; Stage 3“. 17 IETF RFC 2616 (1999): “Hypertext Transfer Protocol - HTTP/1.1“. ETSI ETSI TS 133 110 V13.0.0 (2016-01)73GPP TS 33.110 version 13.0.0 Release 1318 Void. 19 Void. 20 3GPP TS 33.310: “Network Domain Security (NDS); Authentication Framework (AF)“. 3 Definitions, symbols and abbrev
38、iations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TR 21.905 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905 1. NAF Key Center: Dedicated NAF in charge of p
39、erforming the key establishment between a UICC and a Terminal. UICC Hosting Device: The entity, which is physically connected to the UICC. The UICC Hosting Device may be the MT or the ME. Terminal: For the purposes of the present document, the term Terminal denotes a trusted device that can establis
40、h a shared key with a UICC. The Terminal is a generic term aiming to address either the scenario where it is part of the UICC Hosting Device or the scenario where it is a physically separated component (e.g. PNE as defined in TS 22.259 4). Remote Terminal: A Terminal that is physically separated fro
41、m the UICC Hosting Device. NOTE: The definition of trusted devices is out of the scope of the specification. It is assumed that the home network can decide whether a terminal is trusted or not. ICCID: ICCID is the identifier of the smart card. ICCID is defined in ITU standard and is encoded as a 10
42、octet string. Terminal_appli_ID: It identifies an application in a Terminal. Terminal_appli_ID is an octet string of maximum 32 octets. If an application has an identifier of longer than 32 octets, this should be hashed using SHA 256 10 into a string of length 32 octets which will be used as Termina
43、l_appli_ID. Terminal_ID: It identifies uniquely the Terminal and is 10 octets. The Terminal_ID of a ME is the IMEI and shall be encoded using BCD coding as defined in clause 10.5.1.4 of TS 24.008 9. NOTE: In case that the Terminal is not a ME the definition of the type of Terminal_IDs is out of the
44、scope of the specification. UICC_appli_ID: It uniquely identifies an application in the UICC. The UICC_appli_ID is an octet string of maximum 16 octets. 3.2 Symbols For the purposes of the present document, the following symbols apply: | Concatenation ETSI ETSI TS 133 110 V13.0.0 (2016-01)83GPP TS 3
45、3.110 version 13.0.0 Release 133.3 Abbreviations For the purposes of the present document, the abbreviations given in TR 21.905 1 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 1. B-TID Boot
46、strapping Transaction Identifier BSF Bootstrapping Server Function GBA Generic Bootstrapping Architecture GBA_ME ME-based GBA GBA_U GBA with UICC-based enhancements ICCID Integrated Circuit Card Identification KDF Key Derivation Function Ks_ext_NAF Derived key in GBA_U Ks_int_NAF Derived key in GBA_
47、U, which remains on UICC Ks_local Derived key, which is shared between a Terminal and a UICC NAF Network Application Function MAC Message Authentication CodePNE Personal Network Element SLF Subscriber Locator Function USS User Security Setting 4 Key Establishment between a UICC and a terminal 4.1 Re
48、ference model GBA_U (TS 33.220 3) is used to provision a shared key between a UICC and a Terminal (i.e. Ks_local). The GBA_U key Ks_int_NAF is used by the UICC and the NAF to derive Ks_local. The NAF securely delivers Ks_local to the Terminal through a TLS tunnel, which is established between the NA
49、F and the Terminal. Figure 4.1 and figure 4.2 show a network model of the entities that utilize the bootstrapped secrets, and the reference points used between them. In figure 4.1 the Terminal is part of the UICC Hosting Device whereas in figure 4.2 the Terminal is connected to the UICC Hosting Device via a local interface. HSSBSFUa Zh ZnSLFDzUICC UICC Hosting Device Ub NAF Figure 4.1: High level reference mode (the Terminal is part of the UICC Hosting Device) ETSI ETSI TS 133 110 V13.0.0 (2016-01)93GPP TS 33
