1、 ETSI TS 133 223 V13.1.0 (2016-04) Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push function (3GPP TS 33.223 version 13.1.0 Release 13) TECHNIC
2、AL SPECIFICATION ETSI ETSI TS 133 223 V13.1.0 (2016-04)13GPP TS 33.223 version 13.1.0 Release 13Reference RTS/TSGS-0333223vd10 Keywords GSM,LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 -
3、 NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electr
4、onic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF)
5、 version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status
6、.asp If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopyi
7、ng and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016.
8、All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks register
9、ed and owned by the GSM Association. ETSI ETSI TS 133 223 V13.1.0 (2016-04)23GPP TS 33.223 version 13.1.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any,
10、 is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on
11、the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may
12、 be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities.
13、 These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should
14、 not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 1
15、33 223 V13.1.0 (2016-04)33GPP TS 33.223 version 13.1.0 Release 13Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 5g3Introduction 5g31 Scope 6g32 References 6g33 Definitions, symbols and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 GBA Pu
16、sh Architecture 8g34.1 Introduction 8g34.1.1 General 8g34.1.2 GBA-Push system overview . 8g34.2 GBA Push Architecture 9g34.2.1 Description and Rationale . 9g34.2.2 GBA-Push keying model 10g34.3 GBA Push Requirements 10g34.3.1 General GBA Push Requirements 10g34.3.2 Requirements on HSS and HLR . 11g3
17、4.3.3 Requirements on BSF . 11g34.3.4 Requirements on UE . 11g34.3.5 Requirements on Reference Point Upa . 11g34.3.6 Requirements on Reference Point Zh . 11g34.3.7 Requirements on Reference Point Zpn and Zpn 11g34.3.8 Requirements on Zn-Proxy . 13g34.3.9 Requirements on Reference Point Ua . 13g34.3.
18、10 Requirements on NAF SA identifiers . 13g34.3.11 Requirements on Reference Point Dz . 13g35 GBA Push Function . 13g35.1 GBA Push Message Flow and Processing 13g35.1.1 GBA Push Message Flow . 13g35.1.2 NAF processing before issuing GPI request . 15g35.1.3 BSF processing of NAF GPI request 16g35.1.4
19、 UE processing of GPI . 17g35.2 Data objects 18g35.2.1 GBA Push Information (GPI) . 18g35.2.2 NAF SA identities . 19g35.2.3 NAF SA 19g35.3 GPI Integrity and Confidentiality Protection 20g35.3.1 General considerations 20g35.3.2 Key material generation 20g35.3.3 GPI Integrity protection 21g35.3.4 GPI
20、Confidentiality protection 21g35.3.5 GPI message format and coding . 21g35.4 Procedures using the NAF SA 22g3Annex A (informative): Rationale behind choice of the Disposable-Ks model . 23g3Annex B (normative): GBA-Push UE registration procedure . 24g3Annex Z (informative): Change history . 25g3ETSI
21、ETSI TS 133 223 V13.1.0 (2016-04)43GPP TS 33.223 version 13.1.0 Release 13History 26g3ETSI ETSI TS 133 223 V13.1.0 (2016-04)53GPP TS 33.223 version 13.1.0 Release 13Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present do
22、cument are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z wher
23、e: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is i
24、ncremented when editorial only changes have been incorporated in the document. Introduction 3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always th
25、e possibility to connect to the Bootstrapping Server Function (BSF) or that the UE for different reasons has not performed a bootstrapping procedure directly with the BSF. Hence, this specification introduces and specifies a GBA Push Function. ETSI ETSI TS 133 223 V13.1.0 (2016-04)63GPP TS 33.223 ve
26、rsion 13.1.0 Release 131 Scope The present document specifies a Push Function as a functional add-on for the Generic Authentication Architecture (GAA) 1. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. Refe
27、rences are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM
28、document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 3GPP
29、TS 33.210: “3G Security; Network Domain Security; IP network layer security“. 4 IETF RFC 2246 (1999): “The TLS Protocol Version 1“. 5 Void. 6 3GPP TS 33.102: “3G Security; Security architecture“. 7 FIPS PUB 180-2 (2002): “Secure Hash Standard“. 8 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Messag
30、e Authentication“. 9 ISO/IEC 10118-3:2004: “Information Technology Security techniques Hash-functions Part 3: Dedicated hash-functions“. 10 NIST Special Publication 800-38A: “Recommendation for Block Cipher Modes of Operation“ 11 FIPS PUB 197: “Advanced Encryption Standard“ 12 Void 13 3GPP TS 33.222
31、 “Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)“. 14 3GPP TS 29.109 “Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3“. 15 3GPP TS 33.224 “Generic Authentication Architecture (GAA
32、); Generic Bootstrapping Architecture (GBA) Push Layer“. 15 3GPP TS 31.101 “UICC-terminal interface; Physical and logical characteristics“. 16 IETF RFC 4330: “Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI“. ETSI ETSI TS 133 223 V13.1.0 (2016-04)73GPP TS 33.223 version 13.1.0 R
33、elease 133 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TR 21.905 2, TS 33.220 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR
34、 21.905 2. AUTN(*): In GBA context, GBA_ME relies on AUTN value to verify that the authentication vector is from an authorised network, while GBA_U relies on AUTN* to perform network authentication as described in 1. AUTN(*) is used to refer both to AUTN and AUTN*. AUTS: Defined in TS 33.102 6. Disp
35、osable-Ks model: The keying model used in GBA-push. Only one NAF-key is generated per Ks and the Ks cannot be reused. GBA_U aware UICC: A UICC which supports GBA_U which means that the Ks will never leave the UICC. GBA-Push-Info: GBA-Push-Info contains data relevant for key derivation in GBA Push. G
36、BA-Push_Info is sent via the Upa-reference point from the NAF to the UE. NAF_Id: The FQDN of the NAF, concatenated with the Ua security protocol identifier, NAF-key: A NAF-key derived from Ks. It can be used to refer to Ks_(int/ext)_NAF or Ks_NAF. NAF SA: A security association between a NAF and a U
37、E based on a NAF-key. Push-message: This is a message that is sent on a Ua-reference point from the NAF to the UE and has applied GBA keys that were bootstrapped via the Upa-reference point. Push-NAF: A NAF authorized for using GBA-Push. UE_Trp: The transport address used for delivery of GPI to the
38、UE. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in TR 21.905 2 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 2. BSF Bootstrapping Server Function B-T
39、ID Bootstrapping Transaction Identifier FQDN Fully Qualified Domain Name GAA Generic Authentication Architecture GBA Generic Bootstrapping Architecture GBA_ME ME-based GBA GBA_U GBA with UICC-based enhancements GPI GBA Push Info GUSS GBA User Security Settings HLR Home Location Register HSS Home Sub
40、scriber Server Ks_NAF NAF-key in GBA_ME mode Ks_int_NAF UICC internal NAF-key in GBA_U Ks_ext_NAF UICC external NAF-key in GBA_U ME Mobile Equipment NAF Network Application Function P-TID Push Temporary Identifier SA Security Association UE User Equipment USS User Security Setting ETSI ETSI TS 133 2
41、23 V13.1.0 (2016-04)83GPP TS 33.223 version 13.1.0 Release 134 GBA Push Architecture 4.1 Introduction 4.1.1 General GBA-push is a mechanism to bootstrap the security between a NAF and a UE, without forcing the UE to contact the BSF to initiate the bootstrapping. GBA-Push is closely related to and bu
42、ilds upon GBA as specified in TS 33.220 1. GBA-Push is aimed for both GBA_U and GBA_ME environments. 4.1.2 GBA-Push system overview The system overview in this clause gives a high level description of the general ideas behind the GBA-Push system solution and the features it offers. The generic use c
43、ase considered is that a NAF initiates establishment of a shared Security Association (SA), a NAF SA, between itself and a UE. This is done by the NAF pushing all information, the so called GBA-Push-Info (GPI), needed for the UE to set-up the SA. The key in this SA is a NAF-key and the GPI is reques
44、ted from the BSF. The NAF-key is generated as defined in GBA, TS 33.220 1. After the NAF SA establishment, the NAF can send protected Push-messages to the UE. If a return channel exists and if defined by the Ua application, the UE can also use the established SA to protect response messages to the i
45、nitiating NAF How the NAF SA is used is out of scope for this specification. The NAF SA is identified by downlink and uplink SA identifiers. GBA-Push is aimed for both GBA_U and GBA_ME environments. To only establish an external NAF-key with GBA-Push, the ME-based functionality, GBA_ME, should be us
46、ed. GBA-Push based on GBA_U will establish both an internal and external NAF-key. GBA-Push utilizes a so called Disposable-Ks model. In the Disposable-Ks model, a Ks is only used once to derive a single set of NAF-keys (and other keying material used to protect the GPI during transport). After the N
47、AF-key derivation, the Ks is erased or its further usage is denied. A new GBA-Push operation will be needed whenever a new set of NAF-keys for the same or another NAF is needed. NOTE 1: A generated NAF-key can be used to protect multiple Push-messages from the NAF to the UE. NAF-keys from different
48、NAFs can coexist. With the Disposable-Ks model, existing NAF-keys established as specified in TS 33.220 1 or by GBA-Push will be unaffected. GBA_ME based GBA-Push will not interact with GBA_U but a GBA_U based GBA Push will invalidate an existing Ks on the UICC. NOTE 2: TS 33.220 1 specifies that an
49、 existing Ks on the UICC will be overwritten when a new GBA_U Ks-generation procedure is executed. The ME may of course trigger a new bootstrap procedure immediately after the GBA-Push operation to avoid delays and certain synch problems when the UE operates GBA according to TS33.220 1. The transport method of GPI from a NAF to a UE is not standardized. NOTE 3: Examples of possible transport methods are SMS, MMS, SIP MESSAGE, UDP or broadcast. For the transport of GPI to UEs, a NAF needs to know the mes
