1、 ETSI TS 143 020 V13.1.0 (2016-04) Digital cellular telecommunications system (Phase 2+) (GSM); Security related network functions (3GPP TS 43.020 version 13.1.0 Release 13) TECHNICAL SPECIFICATION GLOBAL SYSTEM FOR MOBILE COMMUNICATIONSRETSI ETSI TS 143 020 V13.1.0 (2016-04)13GPP TS 43.020 version
2、13.1.0 Release 13Reference RTS/TSGS-0343020vd10 Keywords GSM,SECURITY ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 78
3、03/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the pri
4、or written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present
5、document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the
6、following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the
7、PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETS
8、I registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 143 020 V13.1.0 (2016-04)23GPP TS 43.0
9、20 version 13.1.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000
10、 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investig
11、ation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specifica
12、tion (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables.
13、 The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted a
14、s described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 143 020 V13.1.0 (2016-04)33GPP TS 43.020 version 13.1.0 Release 13Contents Intellectual P
15、roperty Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 8g30 Scope 9g30.1 References 9g30.2 Abbreviations . 10g31 General . 10g32 Subscriber identity confidentiality . 11g32.1 Generality . 11g32.2 Identifying method . 11g32.3 Procedures 11g32.3.1 Location updating in the same MSC area
16、. 11g32.3.2 Location updating in a new MSCs area, within the same VLR area . 12g32.3.3 Location updating in a new VLR; old VLR reachable . 13g32.3.4 Location Updating in a new VLR; old VLR not reachable . 14g32.3.5 Reallocation of a new TMSI . 15g32.3.6 Local TMSI unknown . 16g32.3.7 Location updati
17、ng in a new VLR in case of a loss of information 17g32.3.8 Unsuccessful TMSI allocation 17g32.3.9 Combined location area updating with the routing area updating. 18g33 Subscriber identity authentication 19g33.1 Generality . 19g33.2 The authentication procedure . 19g33.3 Subscriber Authentication Key
18、 management . 20g33.3.1 General authentication procedure . 20g33.3.2 Authentication at location updating in a new VLR, using TMSI 21g33.3.3 Authentication at location updating in a new VLR, using IMSI . 22g33.3.4 Authentication at location updating in a new VLR, using TMSI, TMSI unknown in “old“ VLR
19、 23g33.3.5 Authentication at location updating in a new VLR, using TMSI, old VLR not reachable . 24g33.3.6 Authentication with IMSI if authentication with TMSI fails 24g33.3.7 Re-use of security related information in failure situations 24g34 Confidentiality of signalling information elements, conne
20、ctionless data and user information elements on physical connections 25g34.1 Generality . 25g34.2 The ciphering method . 26g34.3 Key setting 26g34.4 Ciphering key sequence number 27g34.5 Starting of the ciphering and deciphering processes 27g34.6 Synchronization 28g34.7 Handover 28g34.8 Negotiation
21、of A5 algorithm 28g34.9 Support of A5 Algorithms in MS . 29g34.10 Support of A5 Algorithms in the BSS 29g35 Synthetic summary . 30g3Annex A (informative): Security issues related to signalling schemes and key management . 31g3A.1 Introduction 31g3A.2 Short description of the schemes 31g3A.3 List of
22、abbreviations . 32g3ETSI ETSI TS 143 020 V13.1.0 (2016-04)43GPP TS 43.020 version 13.1.0 Release 13Annex B (informative): Security information to be stored in the entities of the GSM system 46g3B.1 Introduction 46g3B.2 Entities and security information . 46g3B.2.1 Home Location Register (HLR) . 46g3
23、B.2.2 Visitor Location Register (VLR) 46g3B.2.3 Mobile services Switching Centre (MSC)/Base Station System (BSS) . 46g3B.2.4 Mobile Station (MS) . 47g3B.2.5 Authentication Centre (AuC) . 47g3Annex C (normative): External specifications of security related algorithms 48g3C.0 Scope 48g3C.1 Specificati
24、ons for Algorithm A5 48g3C.1.1 Purpose . 48g3C.1.2 Implementation indications 48g3C.1.3 External specifications of Algorithm A5 50g3C.1.3.1 A5 algorithms with 64-bit keys . 50g3C.1.3.2 A5 algorithms with 128-bit keys . 50g3C.1.4 Internal specification of Algorithm A5 50g3C.1.5 Definition of NPBB for
25、 different modulations . 50g3C.2 Algorithm A3 . 50g3C.2.1 Purpose . 51g3C.2.2 Implementation and operational requirements . 51g3C.3 Algorithm A8 . 51g3C.3.1 Purpose . 51g3C.3.2 Implementation and operational requirements . 51g3Annex D (normative): Security related network functions for General Packe
26、t Radio Service 52g3D.1 General . 52g3D.2 Subscriber identity confidentiality . 52g3D.2.1 Generality . 52g3D.2.2 Identifying method . 53g3D.2.3 Procedures 53g3D.2.3.1 Routing area updating in the same SGSN area . 53g3D.2.3.2 Routing area updating in a new SGSN; old SGSN reachable . 54g3D.2.3.3 Routi
27、ng area updating in a new SGSN; old SGSN not reachable . 55g3D.2.3.4 Reallocation of a TLLI . 55g3D.2.3.5 Local TLLI unknown 56g3D.2.3.6 Routing area updating in a new SGSN in case of a loss of information . 57g3D.2.3.7 Unsuccessful TLLI allocation . 57g3D.3 Subscriber identity authentication 58g3D.
28、3.1 Generality . 58g3D.3.2 The authentication procedure . 58g3D.3.3 Subscriber Authentication Key management . 58g3D.3.3.1 General authentication procedure . 58g3D.3.3.2 Authentication at routing area updating in a new SGSN, using TLLI 59g3D.3.3.3 Authentication at routing area updating in a new SGS
29、N, using IMSI 60g3D.3.3.4 Authentication at routing area updating in a new SGSN, using TLLI, TLLI unknown in old SGSN . 61g3D.3.3.5 Authentication at routing area updating in a new SGSN, using TLLI, old SGSN not reachable 62g3D.3.3.6 Authentication with IMSI if authentication with TLLI fails . 62g3D
30、.3.3.7 Re-use of security related information in failure situations 62g3D.4 Confidentiality of user information and signalling between MS and SGSN . 63g3D.4.1 Generality . 63g3D.4.2 The ciphering method . 63g3D.4.3 Key setting 63g3D.4.4 Ciphering key sequence number 64g3D.4.5 Starting of the cipheri
31、ng and deciphering processes 64g3ETSI ETSI TS 143 020 V13.1.0 (2016-04)53GPP TS 43.020 version 13.1.0 Release 13D.4.6 Synchronisation 65g3D.4.7 Inter SGSN routing area update . 65g3D.4.8 Negotiation of GPRS-A5 algorithm . 65g3D.4.9 Support of GPRS-A5 Algorithms in MS 66g3D.5 Synthetic summary . 67g3
32、D.6 Security of the GPRS backbone . 67g3Annex E (normative): GSM Cordless Telephony System (CTS), (Phase 1); Security related network functions; Stage 2 68g3E.1 Introduction 68g3E.1.1 Scope 68g3E.1.2 References 68g3E.1.3 Definitions and Abbreviations 68g3E.1.3.1 Definitions 68g3E.1.3.2 Abbreviations
33、 69g3E.2 General . 70g3E.3 CTS local security system 71g3E.3.1 Mobile Subscriber identity confidentiality . 71g3E.3.1.1 Identifying method 71g3E.3.1.2 Procedures. 71g3E.3.1.2.1 CTSMSI assignment . 71g3E.3.1.2.2 CTSMSI update . 72g3E.3.1.2.3 CTS local identification 72g3E.3.2 Identity authentication
34、72g3E.3.2.1 The mutual authentication procedure 72g3E.3.2.1.1 Authentication failure 73g3E.3.2.2 Authentication Key management. . 73g3E.3.3 Confidentiality of user information and signalling between CTS-MS and CTS-FP 74g3E.3.3.1 The ciphering method . 74g3E.3.3.2 Key setting 74g3E.3.3.3 Starting of
35、the ciphering and deciphering processes . 75g3E.3.3.4 Synchronisation 76g3E.3.4 Structured procedures with CTS local security relevance 76g3E.3.4.1 Local Part of the Enrolment of a CTS-MS onto a CTS-FP . 76g3E.3.4.1.1 Local part of the enrolment procedure 76g3E.3.4.2 General Access procedure 79g3E.3
36、.4.2.1 Attachment 79g3E.3.4.2.2 CTS local security data update 80g3E.3.4.3 De-enrolment of a CTS-MS 80g3E.3.4.3.1 De-enrolment initiated by the CTS-FP 80g3E.3.4.3.2 De-enrolment initiated by a CTS-MS . 80g3E.4 CTS supervising security system . 81g3E.4.1 Supervision data and supervision data protecti
37、on 81g3E.4.1.1 Structure of supervision data 81g3E.4.1.2 Supervision data protection 81g3E.4.1.3 Key management 82g3E.4.2 CTS subscriber identity 82g3E.4.3 Identity authentication with the CTS operator and the PLMN . 82g3E.4.3.1 Authentication of the CTS-FP 82g3E.4.3.2 Authentication of the CTS-MS .
38、 83g3E.4.4 Secure operation control . 84g3E.4.4.1 GSM layer 3 signalling . 84g3E.4.4.2 CTS application signalling via the Fixed Network . 84g3E.4.4.3 CTS operation control procedures 85g3E.4.4.3.1 Initialisation of a CTS-FP . 85g3E.4.4.3.2 De-initialisation of a CTS-FP 85g3E.4.4.3.3 Enrolment 86g3E.
39、4.4.3.3.1 Enrolment conducted via the CTS fixed network interface . 86g3ETSI ETSI TS 143 020 V13.1.0 (2016-04)63GPP TS 43.020 version 13.1.0 Release 13E.4.4.3.4 Supervising security in the CTS-FP/CTS-SN access procedure . 87g3E.4.4.3.4.1 Update of operation data 87g3E.4.5 Equipment checking . 88g3E.
40、4.6 FP-SIM card checking 88g3E.5 Other CTS security features . 89g3E.5.1 Secure storage of sensitive data and software in the CTS-MS . 89g3E.5.1.1 Inside CTS-ME . 89g3E.5.2 Secure storage of sensitive data and software in CTS-FP 89g3E.5.3 CTS-FP reprogramming protection 89g3E.6 FP Integrity . 89g3E.
41、6.1 Threats 90g3E.6.1.1 Changing of FP software 90g3E.6.1.2 Changing of IFPEI 91g3E.6.1.3 Changing of IFPSI and operator and subscription related keys (KiFP, KOP) . 91g3E.6.1.4 Changing of timers and timer limits . 91g3E.6.1.5 Changing of radio usage parameters . 91g3E.6.2 Protection and storage mec
42、hanisms 91g3E.6.2.1 Static or semi static values 91g3E.6.2.2 Timers . 91g3E.6.2.3 Physical protection 91g3E.7 Type approval issues 92g3E.8 Security information to be stored in the entities of the CTS 92g3E.8.1 Entities and security information 92g3E.8.1.1 CTS-HLR 92g3E.8.1.2 CTS-SN 92g3E.8.1.3 CTS-A
43、uC 93g3E.8.1.4 CTS Fixed Part Equipment (CTS-FPE) 93g3E.8.1.5 Fixed Part SIM card (FP-SIM) . 93g3E.8.1.6 CTS Mobile Equipment (CTS-ME) 94g3E.8.1.7 Mobile Station SIM card (MS-SIM) . 94g3E.9 External specification of security related algorithms . 94g3E.9.1 Algorithm B1 95g3E.9.1.1 Purpose . 95g3E.9.1
44、.2 Implementation and operational requirements 95g3E.9.2 Algorithm B2 95g3E.9.2.1 Purpose . 95g3E.9.2.2 Implementation and operational requirements 95g3E.9.3 Algorithms B3 and B4 96g3E.9.3.1 Purpose . 96g3E.9.3.2 Implementation and operational requirements 96g3E.9.4 Algorithms B5 and B6 96g3E.9.4.1
45、Purpose . 96g3E.9.4.2 Implementation and operational requirements 96g3E.10 Coding of the FPAC and CTS-PIN 97g3E.11 (informative annex): Guidelines for generation of random numbers . 97g3Annex F (normative): Ciphering of Voice Group Call Service (VGCS) and Voice Broadcast Service (VBS) 99g3F.1 Introd
46、uction 99g3F.1.1 Scope 99g3F.1.2 References 99g3F.1.3 Definitions and Abbreviations 100g3F.1.3.1 Definitions 100g3F.1.3.2 Abbreviations 100g3F.2 Security Requirements . 100g3ETSI ETSI TS 143 020 V13.1.0 (2016-04)73GPP TS 43.020 version 13.1.0 Release 13F.3 Storage of the Master Group Keys and overvi
47、ew of flows 101g3F.3.1 Distribution of ciphering data during establishment of a voice/broadcast group call . 101g3F.3.2 Signalling information required for the voice group call uplink access in the anchor MSC (normal case, subsequent talker on dedicated channel) 104g3F.3.3 Signalling information req
48、uired to transfer the originator or subsequent talker from a dedicated channel to a group call channel 106g3F.4 Key derivation 106g3F.4.1 Key derivation within the USIM / GCR . 107g3F.4.2 Key derivation within the ME/BSS 108g3F.4.3 Encryption algorithm selection. 109g3F.4.4 Algorithm requirements .
49、109g3F.4.4.1 A8_V 109g3F.4.4.2 KMF 109g3F.5 Encryption of voice group calls 110g3F.6 Specification of the Key Modification Function (KMF) 110g3Annex G (informative): Generation of VSTK_RAND 111g3Annex H (normative): Access security related functions for enhanced General Packet Radio Service (GPRS) in relation to Cellular Internet of Things (CIoT) 112g3H.1 Introduction 112g3H.1.1 General . 112g3H.1.2 Considerations on bidding down attacks 112g3H.2 Authentication and key agreement . 112g3H.3 Ciphering and integrity mode negotiation 112g3H.4 Protection of GMM messages 114g3H.