1、 ETSI TS 133 200 V7.0.0 (2007-06)Technical Specification Universal Mobile Telecommunications System (UMTS);3G Security;Network Domain Security (NDS);Mobile Application Part (MAP) application layer security(3GPP TS 33.200 version 7.0.0 Release 7)ETSI ETSI TS 133 200 V7.0.0 (2007-06) 1 3GPP TS 33.200
2、version 7.0.0 Release 7 Reference RTS/TSGS-0333200v700 Keywords SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse
3、(06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the refe
4、rence version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or cha
5、nge of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyrigh
6、t Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2007. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI regi
7、stered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 133 200 V7.0.0 (2007-06
8、) 2 3GPP TS 33.200 version 7.0.0 Release 7 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
9、 in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the
10、 ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Fore
11、word This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the cor
12、responding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. ETSI ETSI TS 133 200 V7.0.0 (2007-06) 3 3GPP TS 33.200 version 7.0.0 Release 7 Contents Intellectual Property Rights2 Foreword.2 Foreword.4 Introd
13、uction 4 1 Scope 5 2 References 5 3 Definitions, symbols and abbreviations .5 3.1 Definitions5 3.2 Symbols6 3.3 Abbreviations .6 3.4 Conventions6 4 Principles of MAP application layer security.7 5 MAP security (MAPsec) 7 5.1 Security services provided by MAPsec 7 5.2 Properties and tasks of MAPsec e
14、nabled network elements.7 5.3 Policy requirements for the MAPsec Security Policy Database (SPD) 8 5.4 MAPsec security association attribute definition .8 5.5 MAPsec structure of protected messages .9 5.5.1 MAPsec security header .10 5.5.2 Protected payload10 5.5.2.1 Protection Mode 0.10 5.5.2.2 Prot
15、ection Mode 1.10 5.5.2.3 Protection Mode 2.11 5.6 MAPsec algorithms 11 5.6.1 Mapping of MAPsec-SA encryption algorithm identifiers.11 5.6.1.1 Description of MEA-1.11 5.6.2 Mapping of MAPsec-SA integrity algorithm identifiers.11 5.6.2.1 Description of MIA-111 5.6.3 Construction of IV 12 6 MAPsec prot
16、ection profiles12 6.1 Granularity of protection 12 6.2 MAPsec protection groups .12 6.2.1 MAPsec protection groups12 6.2.1.1 MAP-PG(0) No Protection.12 6.2.1.2 MAP-PG(1) Protection for Reset .13 6.2.1.3 MAP-PG(2) Protection for Authentication Information except Handover Situations13 6.2.1.4 MAP-PG(3
17、) Protection for Authentication Information in Handover Situations.13 6.2.1.5 MAP-PG(4) Protection of non location dependant HLR data14 6.3 MAPsec protection profiles14 Annex A (informative): Guidelines for manual key management .15 A.1 Inter-domain Security Association and Key Management Procedures
18、15 A.2 Local Security Association Distribution 15 Annex B (normative): MAPsec message flows.16 Annex C (normative): Using TCAP handshake for SMS transfer.19 C.1 Mobile Terminated SMS19 C.2 Mobile Originated SMS .20 Annex D (informative): Change history .22 History 23 ETSI ETSI TS 133 200 V7.0.0 (200
19、7-06) 4 3GPP TS 33.200 version 7.0.0 Release 7 Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modi
20、fy the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG
21、approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction The absence of security in
22、 Signalling System No. 7 (SS7) networks is an identified security weakness in 2G systems. This was formerly perceived not to be a problem, since the SS7 networks were the provinces of a small number of large institutions. This is no longer the case, and so there is now a need for security precaution
23、s. For 3G systems it is a clear goal to be able to protect the core network signalling protocols, and by implication this means that security solutions must be found for both SS7 and IP based protocols. Various protocols and interfaces are used for control plane signalling within and between core ne
24、tworks. The security services that have been identified as necessary are confidentiality, integrity, authentication and anti-replay protection. These will be ensured by standard procedures, based on cryptographic techniques. ETSI ETSI TS 133 200 V7.0.0 (2007-06) 5 3GPP TS 33.200 version 7.0.0 Releas
25、e 7 1 Scope This technical specification covers the security mechanisms and procedures necessary to protect the MAP protocol. The complete set of enhancements and extensions to facilitate security protection for the MAP protocol is termed MAPsec and it covers transport security in the MAP protocol i
26、tself and the security management procedures. The security mechanisms specified for MAP are on the application layer. This means that MAPsec is independent of the network and transport protocols to be used. This technical specification contains the stage-2 specification for security protection of th
27、e MAP protocol. The actual implementation (stage-3) specification can be found in the MAP stage-3 specification, TS 29.002 4. NOTE: It is explicitly noted that automated key management and key distribution is not part of Rel-5. All key management and key distribution in Rel-5 shall therefore be carr
28、ied out by other means (see Annex A). 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific
29、. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as
30、the present document. 1 3G TS 21.133: Security Threats and Requirements. 2 3G TS 21.905: 3G Vocabulary. 3 3G TS 23.060: General Packet Radio Service (GPRS); Service description; Stage 2. 4 3G TS 29.002: Mobile Application Part (MAP) specification. 5 NIST Special Publication 800-38A “Recommendation f
31、or Block Cipher Modes of Operation“ December 2001. 6 ISO/IEC 9797: “Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher“, Ed.1, 1999-12-16. 7 FIPS Publication 197: “Specification for the Advanced Encryption Standard (AES)“, Nov
32、ember 26, 2001. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply. Anti-replay protection: Anti-replay protection is a special case of integrity protection. Its main service is to protect against replay of sel
33、f-contained packets that already have a cryptographical integrity mechanism in place. Confidentiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes. ETSI ETSI TS 133 200 V7.0.0 (2007-06) 6 3GPP TS 33.200 version 7.0.0 Release 7 D
34、ata integrity: The property that data has not been altered in an unauthorised manner. Data origin authentication: The corroboration that the source of data received is as claimed. Entity authentication: The provision of assurance of the claimed identity of an entity. Key freshness: A key is fresh if
35、 it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party. Security Association: A logical connection created for security purposes. All traffic traversing a security association is provided the same security protection. The sec
36、urity association specifies protection levels, algorithms to be used, lifetimes of the connection etc. MAPsec: The complete collection of protocols and procedures needed to protect MAP messages. MAPsec can be divided into three main parts. These are (1) MAPsec transport security, (2) MAPsec Local Se
37、curity Association distribution and (3) MAPsec Inter-domain Security Association and Key Management procedures. 3.2 Symbols For the purposes of the present document, the following symbols apply: f6 MAP encryption algorithm.f7 MAP integrity algorithm. Zf The MAP application layer security interface b
38、etween MAP-NEs engaged in security protected signalling. 3.3 Abbreviations For the purposes of the present document, the following abbreviations apply: AES Advanced Encryption Standard FALLBACK Fallback to unprotected mode indicator IP Internet Protocol IV Initialisation VectorMAC Message Authentica
39、tion Code MAC-M MAC used for MAP MAP Mobile Application Part MAP-NE MAP Network Element MAPsec MAP security the MAP security protocol suite MEA MAP Encryption Algorithm identifier MEK MAP Encryption Key MIA MAP Integrity Algorithm identifier MIK MAP Integrity Key NDS Network Domain Security NE Netwo
40、rk Entity PPI Protection Profile Indicator PPRI Protection Profile Revision Identifier PROP Proprietary field SA Security Association SADB Security Association DataBase (also referred to as SAD) SPD Security Policy Database (sometimes also referred to as SPDB) SPI Security Parameters Index TVP Time
41、Variant Parameter 3.4 Conventions All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broke
42、n down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant. ETSI ETSI TS 133 200 V7.0.0 (2007-06) 7 3GPP TS 33.200 version 7.0.0 Release 7 4 Principles of MAP application layer secur
43、ity This technical specification defines mechanisms for protecting the MAP protocol at the application layer. The MAP protocol may also be protected at the network layer when IP is used as the transport protocol. However, whenever inter-working with networks using SS7-based transport is necessary, p
44、rotection at the application layer shall be used. The security measures specified in this TS are only fully useful if all interconnected operators use them. In order to prevent active attacks all interconnected operators must at least use MAPsec with the suitable protection levels as indicated in th
45、is specification and treat the reception of all MAP messages (protected and unprotected) in a uniform way in the receiving direction. Before protection can be applied, Security Associations (SA) needs to be established between the respective MAP network elements. Security associations define, among
46、other things, which keys, algorithms, and protection profiles to use to protect MAP signalling. The necessary MAPsec-SAs between networks are negotiated between the respective network operators. The negotiated SA will be effective PLMN-wide and distributed to all network elements which implement MAP
47、 application layer security within the PLMN. Signalling traffic protected at the application layer will, for routing purposes, be indistinguishable from unprotected traffic to all parties except for the sending and receiving entities. Protection at the application layer implies changes to the applic
48、ation protocol itself to allow for the necessary security functionality to be added. The interface applies to all MAPsec transactions, intra- or inter-PLMN. Annex B includes detailed procedures on how secure MAP signalling is performed between two MAP-NEs. NOTE: A limited level of MAP message authen
49、ticity can be achieved without the use of MAPsec by using a TCAP handshake prior to the MAP payload exchange. Annex C describes the use of the TCAP handshake for MAP SMS transfers. 5 MAP security (MAPsec) 5.1 Security services provided by MAPsec The security services provided by MAPsec are: - data integrity; - data origin authentication; - anti-replay protection; - confidentiality (optional). 5.2 Properties and tasks of MAPsec enabled network elements MAPsec MAP-NEs shall maintain the following databases: - NE-SPD-MAP: A database in an NE co