1、 ETSI TS 133 223 V14.0.0 (2017-04) Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) Push function (3GPP TS 33.223 version 14.0.0 Release 14) TECHNIC
2、AL SPECIFICATION ETSI ETSI TS 133 223 V14.0.0 (2017-04)13GPP TS 33.223 version 14.0.0 Release 14Reference RTS/TSGS-0333223ve00 Keywords GSM,LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 -
3、 NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electr
4、onic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF)
5、 version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDelivera
6、bleStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including
7、photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Instit
8、ute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the be
9、nefit of its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 133 223 V14.0.0 (2017-04)23GPP TS 33.223 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to
10、 ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is ava
11、ilable from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR
12、 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or repor
13、ts using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminolo
14、gy In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETS
15、I deliverables except when used in direct citation. ETSI ETSI TS 133 223 V14.0.0 (2017-04)33GPP TS 33.223 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g33 Definitions, symbols and abb
16、reviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 GBA Push Architecture 7g34.1 Introduction 7g34.1.1 General 7g34.1.2 GBA-Push system overview . 7g34.2 GBA Push Architecture 8g34.2.1 Description and Rationale . 8g34.2.2 GBA-Push keying model 9g34.3 GBA Push Requirements 9g34.3.1 General GB
17、A Push Requirements 9g34.3.2 Requirements on HSS and HLR . 10g34.3.3 Requirements on BSF . 10g34.3.4 Requirements on UE . 10g34.3.5 Requirements on Reference Point Upa . 10g34.3.6 Requirements on Reference Point Zh . 10g34.3.7 Requirements on Reference Point Zpn and Zpn 10g34.3.8 Requirements on Zn-
18、Proxy . 12g34.3.9 Requirements on Reference Point Ua . 12g34.3.10 Requirements on NAF SA identifiers . 12g34.3.11 Requirements on Reference Point Dz . 12g35 GBA Push Function . 12g35.1 GBA Push Message Flow and Processing 12g35.1.1 GBA Push Message Flow . 12g35.1.2 NAF processing before issuing GPI
19、request . 14g35.1.3 BSF processing of NAF GPI request 15g35.1.4 UE processing of GPI . 16g35.2 Data objects 17g35.2.1 GBA Push Information (GPI) . 17g35.2.2 NAF SA identities . 18g35.2.3 NAF SA 18g35.3 GPI Integrity and Confidentiality Protection 19g35.3.1 General considerations 19g35.3.2 Key materi
20、al generation 19g35.3.3 GPI Integrity protection 20g35.3.4 GPI Confidentiality protection 20g35.3.5 GPI message format and coding . 20g35.4 Procedures using the NAF SA 21g3Annex A (informative): Rationale behind choice of the Disposable-Ks model . 22g3Annex B (normative): GBA-Push UE registration pr
21、ocedure . 23g3Annex Z (informative): Change history . 24g3History 26 ETSI ETSI TS 133 223 V14.0.0 (2017-04)43GPP TS 33.223 version 14.0.0 Release 14Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subjec
22、t to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first di
23、git: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when e
24、ditorial only changes have been incorporated in the document. Introduction 3GPP defined the Generic Authentication Architecture (GAA). The adoption of GAA by other standardization bodies showed that some services can not make the assumption that the User Equipment (UE) has always the possibility to
25、connect to the Bootstrapping Server Function (BSF) or that the UE for different reasons has not performed a bootstrapping procedure directly with the BSF. Hence, this specification introduces and specifies a GBA Push Function. ETSI ETSI TS 133 223 V14.0.0 (2017-04)53GPP TS 33.223 version 14.0.0 Rele
26、ase 141 Scope The present document specifies a Push Function as a functional add-on for the Generic Authentication Architecture (GAA) 1. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. - References are eith
27、er specific (identified by date of publication, edition number, version number, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document),
28、a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 33.220: “Generic Authentication Architecture (GAA); Generic bootstrapping architecture“. 2 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 3GPP TS 33.210:
29、“3G Security; Network Domain Security; IP network layer security“. 4 IETF RFC 2246 (1999): “The TLS Protocol Version 1“. 5 Void. 6 3GPP TS 33.102: “3G Security; Security architecture“. 7 FIPS PUB 180-2 (2002): “Secure Hash Standard“. 8 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Message Authentic
30、ation“. 9 ISO/IEC 10118-3:2004: “Information Technology Security techniques Hash-functions Part 3: Dedicated hash-functions“. 10 NIST Special Publication 800-38A: “Recommendation for Block Cipher Modes of Operation“ 11 FIPS PUB 197: “Advanced Encryption Standard“ 12 Void 13 3GPP TS 33.222 “Access to
31、 network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)“. 14 3GPP TS 29.109 “Generic Authentication Architecture (GAA); Zh and Zn Interfaces based on the Diameter protocol; Stage 3“. 15 3GPP TS 33.224 “Generic Authentication Architecture (GAA); Generic
32、Bootstrapping Architecture (GBA) Push Layer“. 15 3GPP TS 31.101 “UICC-terminal interface; Physical and logical characteristics“. 16 IETF RFC 4330: “Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI“. ETSI ETSI TS 133 223 V14.0.0 (2017-04)63GPP TS 33.223 version 14.0.0 Release 143
33、Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TR 21.905 2, TS 33.220 1 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905 2.
34、AUTN(*): In GBA context, GBA_ME relies on AUTN value to verify that the authentication vector is from an authorised network, while GBA_U relies on AUTN* to perform network authentication as described in 1. AUTN(*) is used to refer both to AUTN and AUTN*. AUTS: Defined in TS 33.102 6. Disposable-Ks m
35、odel: The keying model used in GBA-push. Only one NAF-key is generated per Ks and the Ks cannot be reused. GBA_U aware UICC: A UICC which supports GBA_U which means that the Ks will never leave the UICC. GBA-Push-Info: GBA-Push-Info contains data relevant for key derivation in GBA Push. GBA-Push_Inf
36、o is sent via the Upa-reference point from the NAF to the UE. NAF_Id: The FQDN of the NAF, concatenated with the Ua security protocol identifier, NAF-key: A NAF-key derived from Ks. It can be used to refer to Ks_(int/ext)_NAF or Ks_NAF. NAF SA: A security association between a NAF and a UE based on
37、a NAF-key. Push-message: This is a message that is sent on a Ua-reference point from the NAF to the UE and has applied GBA keys that were bootstrapped via the Upa-reference point. Push-NAF: A NAF authorized for using GBA-Push. UE_Trp: The transport address used for delivery of GPI to the UE. 3.2 Abb
38、reviations For the purposes of the present document, the abbreviations given in TR 21.905 2 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 2. BSF Bootstrapping Server Function B-TID Bootstra
39、pping Transaction Identifier FQDN Fully Qualified Domain Name GAA Generic Authentication Architecture GBA Generic Bootstrapping Architecture GBA_ME ME-based GBA GBA_U GBA with UICC-based enhancements GPI GBA Push Info GUSS GBA User Security Settings HLR Home Location Register HSS Home Subscriber Ser
40、ver Ks_NAF NAF-key in GBA_ME mode Ks_int_NAF UICC internal NAF-key in GBA_U Ks_ext_NAF UICC external NAF-key in GBA_U ME Mobile Equipment NAF Network Application Function P-TID Push Temporary Identifier SA Security Association UE User Equipment USS User Security Setting ETSI ETSI TS 133 223 V14.0.0
41、(2017-04)73GPP TS 33.223 version 14.0.0 Release 144 GBA Push Architecture 4.1 Introduction 4.1.1 General GBA-push is a mechanism to bootstrap the security between a NAF and a UE, without forcing the UE to contact the BSF to initiate the bootstrapping. GBA-Push is closely related to and builds upon G
42、BA as specified in TS 33.220 1. GBA-Push is aimed for both GBA_U and GBA_ME environments. 4.1.2 GBA-Push system overview The system overview in this clause gives a high level description of the general ideas behind the GBA-Push system solution and the features it offers. The generic use case conside
43、red is that a NAF initiates establishment of a shared Security Association (SA), a NAF SA, between itself and a UE. This is done by the NAF pushing all information, the so called GBA-Push-Info (GPI), needed for the UE to set-up the SA. The key in this SA is a NAF-key and the GPI is requested from th
44、e BSF. The NAF-key is generated as defined in GBA, TS 33.220 1. After the NAF SA establishment, the NAF can send protected Push-messages to the UE. If a return channel exists and if defined by the Ua application, the UE can also use the established SA to protect response messages to the initiating N
45、AF How the NAF SA is used is out of scope for this specification. The NAF SA is identified by downlink and uplink SA identifiers. GBA-Push is aimed for both GBA_U and GBA_ME environments. To only establish an external NAF-key with GBA-Push, the ME-based functionality, GBA_ME, should be used. GBA-Pus
46、h based on GBA_U will establish both an internal and external NAF-key. GBA-Push utilizes a so called Disposable-Ks model. In the Disposable-Ks model, a Ks is only used once to derive a single set of NAF-keys (and other keying material used to protect the GPI during transport). After the NAF-key deri
47、vation, the Ks is erased or its further usage is denied. A new GBA-Push operation will be needed whenever a new set of NAF-keys for the same or another NAF is needed. NOTE 1: A generated NAF-key can be used to protect multiple Push-messages from the NAF to the UE. NAF-keys from different NAFs can co
48、exist. With the Disposable-Ks model, existing NAF-keys established as specified in TS 33.220 1 or by GBA-Push will be unaffected. GBA_ME based GBA-Push will not interact with GBA_U but a GBA_U based GBA Push will invalidate an existing Ks on the UICC. NOTE 2: TS 33.220 1 specifies that an existing K
49、s on the UICC will be overwritten when a new GBA_U Ks-generation procedure is executed. The ME may of course trigger a new bootstrap procedure immediately after the GBA-Push operation to avoid delays and certain synch problems when the UE operates GBA according to TS33.220 1. The transport method of GPI from a NAF to a UE is not standardized. NOTE 3: Examples of possible transport methods are SMS, MMS, SIP MESSAGE, UDP or broadcast. For the transport of GPI to UEs, a NAF needs to know the message transport ad
