1、 ETSI TS 1Digital cellular telecommSecurity re(3GPP TS 43.0TECHNICAL SPECIFICATION143 020 V13.4.0 (2017mmunications system (Phase related network functions .020 version 13.4.0 Release 13GLOBAL SYSTEMOBILE COMMUN17-01) e 2+) (GSM); 13) TEM FOR ICATIONSRETSI ETSI TS 143 020 V13.4.0 (2017-01)13GPP TS 4
2、3.020 version 13.4.0 Release 13Reference RTS/TSGS-0343020vd40 Keywords GSM,SECURITY ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Gr
3、asse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified w
4、ithout the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users o
5、f the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send you
6、r comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of E
7、TSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI log
8、o are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 143 020 V13.4.
9、0 (2017-01)23GPP TS 43.020 version 13.4.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can
10、 be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI
11、 IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword
12、This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the correspo
13、nding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“
14、 are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 143 020 V13.4.0 (2017-01)33GPP TS 43.020 version 13.4.0 Release 1
15、3Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 8g30 Scope 9g30.1 References 9g30.2 Abbreviations . 10g31 General . 10g32 Subscriber identity confidentiality . 11g32.1 Generality . 11g32.2 Identifying method . 11g32.3 Procedures 11g32.3.1 Location updati
16、ng in the same MSC area . 11g32.3.2 Location updating in a new MSCs area, within the same VLR area . 12g32.3.3 Location updating in a new VLR; old VLR reachable . 13g32.3.4 Location Updating in a new VLR; old VLR not reachable . 14g32.3.5 Reallocation of a new TMSI . 15g32.3.6 Local TMSI unknown . 1
17、6g32.3.7 Location updating in a new VLR in case of a loss of information 17g32.3.8 Unsuccessful TMSI allocation 17g32.3.9 Combined location area updating with the routing area updating. 18g33 Subscriber identity authentication 19g33.1 Generality . 19g33.2 The authentication procedure . 19g33.3 Subsc
18、riber Authentication Key management . 20g33.3.1 General authentication procedure . 20g33.3.2 Authentication at location updating in a new VLR, using TMSI 21g33.3.3 Authentication at location updating in a new VLR, using IMSI . 22g33.3.4 Authentication at location updating in a new VLR, using TMSI, T
19、MSI unknown in “old“ VLR 23g33.3.5 Authentication at location updating in a new VLR, using TMSI, old VLR not reachable . 24g33.3.6 Authentication with IMSI if authentication with TMSI fails 24g33.3.7 Re-use of security related information in failure situations 24g34 Confidentiality of signalling inf
20、ormation elements, connectionless data and user information elements on physical connections 25g34.1 Generality . 25g34.2 The ciphering method . 26g34.3 Key setting 26g34.4 Ciphering key sequence number 27g34.5 Starting of the ciphering and deciphering processes 27g34.6 Synchronization 28g34.7 Hando
21、ver 28g34.8 Negotiation of A5 algorithm 28g34.9 Support of A5 Algorithms in MS . 29g34.10 Support of A5 Algorithms in the BSS 29g35 Synthetic summary . 30g3Annex A (informative): Security issues related to signalling schemes and key management . 31g3A.1 Introduction 31g3A.2 Short description of the
22、schemes 31g3A.3 List of abbreviations . 32g3ETSI ETSI TS 143 020 V13.4.0 (2017-01)43GPP TS 43.020 version 13.4.0 Release 13Annex B (informative): Security information to be stored in the entities of the GSM system 46g3B.1 Introduction 46g3B.2 Entities and security information . 46g3B.2.1 Home Locati
23、on Register (HLR) . 46g3B.2.2 Visitor Location Register (VLR) 46g3B.2.3 Mobile services Switching Centre (MSC)/Base Station System (BSS) . 46g3B.2.4 Mobile Station (MS) . 47g3B.2.5 Authentication Centre (AuC) . 47g3Annex C (normative): External specifications of security related algorithms 48g3C.0 S
24、cope 48g3C.1 Specifications for Algorithm A5 48g3C.1.1 Purpose . 48g3C.1.2 Implementation indications 48g3C.1.3 External specifications of Algorithm A5 50g3C.1.3.1 A5 algorithms with 64-bit keys . 50g3C.1.3.2 A5 algorithms with 128-bit keys . 50g3C.1.4 Internal specification of Algorithm A5 50g3C.1.
25、5 Definition of NPBB for different modulations . 50g3C.2 Algorithm A3 . 50g3C.2.1 Purpose . 51g3C.2.2 Implementation and operational requirements . 51g3C.3 Algorithm A8 . 51g3C.3.1 Purpose . 51g3C.3.2 Implementation and operational requirements . 51g3Annex D (normative): Security related network fun
26、ctions for General Packet Radio Service 52g3D.1 General . 52g3D.2 Subscriber identity confidentiality . 52g3D.2.1 Generality . 52g3D.2.2 Identifying method . 53g3D.2.3 Procedures 53g3D.2.3.1 Routing area updating in the same SGSN area . 53g3D.2.3.2 Routing area updating in a new SGSN; old SGSN reach
27、able . 54g3D.2.3.3 Routing area updating in a new SGSN; old SGSN not reachable . 55g3D.2.3.4 Reallocation of a TLLI . 55g3D.2.3.5 Local TLLI unknown 56g3D.2.3.6 Routing area updating in a new SGSN in case of a loss of information . 57g3D.2.3.7 Unsuccessful TLLI allocation . 57g3D.3 Subscriber identi
28、ty authentication 58g3D.3.1 Generality . 58g3D.3.2 The authentication procedure . 58g3D.3.3 Subscriber Authentication Key management . 58g3D.3.3.1 General authentication procedure . 58g3D.3.3.2 Authentication at routing area updating in a new SGSN, using TLLI 59g3D.3.3.3 Authentication at routing ar
29、ea updating in a new SGSN, using IMSI 60g3D.3.3.4 Authentication at routing area updating in a new SGSN, using TLLI, TLLI unknown in old SGSN . 61g3D.3.3.5 Authentication at routing area updating in a new SGSN, using TLLI, old SGSN not reachable 62g3D.3.3.6 Authentication with IMSI if authentication
30、 with TLLI fails . 62g3D.3.3.7 Re-use of security related information in failure situations 62g3D.4 Confidentiality of user information and signalling between MS and SGSN . 63g3D.4.1 Generality . 63g3D.4.2 The ciphering method . 63g3D.4.3 Key setting 63g3D.4.4 Ciphering key sequence number 64g3D.4.5
31、 Starting of the ciphering and deciphering processes 64g3ETSI ETSI TS 143 020 V13.4.0 (2017-01)53GPP TS 43.020 version 13.4.0 Release 13D.4.6 Synchronisation 65g3D.4.7 Inter SGSN routing area update . 65g3D.4.8 Negotiation of GPRS-A5 algorithm . 65g3D.4.9 Support of GPRS-A5 Algorithms in MS 66g3D.5
32、Synthetic summary . 67g3D.6 Security of the GPRS backbone . 67g3Annex E (normative): GSM Cordless Telephony System (CTS), (Phase 1); Security related network functions; Stage 2 68g3E.1 Introduction 68g3E.1.1 Scope 68g3E.1.2 References 68g3E.1.3 Definitions and Abbreviations 68g3E.1.3.1 Definitions 6
33、8g3E.1.3.2 Abbreviations 69g3E.2 General . 70g3E.3 CTS local security system 71g3E.3.1 Mobile Subscriber identity confidentiality . 71g3E.3.1.1 Identifying method 71g3E.3.1.2 Procedures. 71g3E.3.1.2.1 CTSMSI assignment . 71g3E.3.1.2.2 CTSMSI update . 72g3E.3.1.2.3 CTS local identification 72g3E.3.2
34、Identity authentication 72g3E.3.2.1 The mutual authentication procedure 72g3E.3.2.1.1 Authentication failure 73g3E.3.2.2 Authentication Key management. . 73g3E.3.3 Confidentiality of user information and signalling between CTS-MS and CTS-FP 74g3E.3.3.1 The ciphering method . 74g3E.3.3.2 Key setting
35、74g3E.3.3.3 Starting of the ciphering and deciphering processes . 75g3E.3.3.4 Synchronisation 76g3E.3.4 Structured procedures with CTS local security relevance 76g3E.3.4.1 Local Part of the Enrolment of a CTS-MS onto a CTS-FP . 76g3E.3.4.1.1 Local part of the enrolment procedure 76g3E.3.4.2 General
36、Access procedure 79g3E.3.4.2.1 Attachment 79g3E.3.4.2.2 CTS local security data update 80g3E.3.4.3 De-enrolment of a CTS-MS 80g3E.3.4.3.1 De-enrolment initiated by the CTS-FP 80g3E.3.4.3.2 De-enrolment initiated by a CTS-MS . 80g3E.4 CTS supervising security system . 81g3E.4.1 Supervision data and s
37、upervision data protection 81g3E.4.1.1 Structure of supervision data 81g3E.4.1.2 Supervision data protection 81g3E.4.1.3 Key management 82g3E.4.2 CTS subscriber identity 82g3E.4.3 Identity authentication with the CTS operator and the PLMN . 82g3E.4.3.1 Authentication of the CTS-FP 82g3E.4.3.2 Authen
38、tication of the CTS-MS . 83g3E.4.4 Secure operation control . 84g3E.4.4.1 GSM layer 3 signalling . 84g3E.4.4.2 CTS application signalling via the Fixed Network . 84g3E.4.4.3 CTS operation control procedures 85g3E.4.4.3.1 Initialisation of a CTS-FP . 85g3E.4.4.3.2 De-initialisation of a CTS-FP 85g3E.
39、4.4.3.3 Enrolment 86g3E.4.4.3.3.1 Enrolment conducted via the CTS fixed network interface . 86g3ETSI ETSI TS 143 020 V13.4.0 (2017-01)63GPP TS 43.020 version 13.4.0 Release 13E.4.4.3.4 Supervising security in the CTS-FP/CTS-SN access procedure . 87g3E.4.4.3.4.1 Update of operation data 87g3E.4.5 Equ
40、ipment checking . 88g3E.4.6 FP-SIM card checking 88g3E.5 Other CTS security features . 89g3E.5.1 Secure storage of sensitive data and software in the CTS-MS . 89g3E.5.1.1 Inside CTS-ME . 89g3E.5.2 Secure storage of sensitive data and software in CTS-FP 89g3E.5.3 CTS-FP reprogramming protection 89g3E
41、.6 FP Integrity . 89g3E.6.1 Threats 90g3E.6.1.1 Changing of FP software 90g3E.6.1.2 Changing of IFPEI 91g3E.6.1.3 Changing of IFPSI and operator and subscription related keys (KiFP, KOP) . 91g3E.6.1.4 Changing of timers and timer limits . 91g3E.6.1.5 Changing of radio usage parameters . 91g3E.6.2 Pr
42、otection and storage mechanisms 91g3E.6.2.1 Static or semi static values 91g3E.6.2.2 Timers . 91g3E.6.2.3 Physical protection 91g3E.7 Type approval issues 92g3E.8 Security information to be stored in the entities of the CTS 92g3E.8.1 Entities and security information 92g3E.8.1.1 CTS-HLR 92g3E.8.1.2
43、CTS-SN 92g3E.8.1.3 CTS-AuC 93g3E.8.1.4 CTS Fixed Part Equipment (CTS-FPE) 93g3E.8.1.5 Fixed Part SIM card (FP-SIM) . 93g3E.8.1.6 CTS Mobile Equipment (CTS-ME) 94g3E.8.1.7 Mobile Station SIM card (MS-SIM) . 94g3E.9 External specification of security related algorithms . 94g3E.9.1 Algorithm B1 95g3E.9
44、.1.1 Purpose . 95g3E.9.1.2 Implementation and operational requirements 95g3E.9.2 Algorithm B2 95g3E.9.2.1 Purpose . 95g3E.9.2.2 Implementation and operational requirements 95g3E.9.3 Algorithms B3 and B4 96g3E.9.3.1 Purpose . 96g3E.9.3.2 Implementation and operational requirements 96g3E.9.4 Algorithm
45、s B5 and B6 96g3E.9.4.1 Purpose . 96g3E.9.4.2 Implementation and operational requirements 96g3E.10 Coding of the FPAC and CTS-PIN 97g3E.11 (informative annex): Guidelines for generation of random numbers . 97g3Annex F (normative): Ciphering of Voice Group Call Service (VGCS) and Voice Broadcast Serv
46、ice (VBS) 99g3F.1 Introduction 99g3F.1.1 Scope 99g3F.1.2 References 99g3F.1.3 Definitions and Abbreviations 100g3F.1.3.1 Definitions 100g3F.1.3.2 Abbreviations 100g3F.2 Security Requirements . 100g3ETSI ETSI TS 143 020 V13.4.0 (2017-01)73GPP TS 43.020 version 13.4.0 Release 13F.3 Storage of the Mast
47、er Group Keys and overview of flows 101g3F.3.1 Distribution of ciphering data during establishment of a voice/broadcast group call . 101g3F.3.2 Signalling information required for the voice group call uplink access in the anchor MSC (normal case, subsequent talker on dedicated channel) 104g3F.3.3 Si
48、gnalling information required to transfer the originator or subsequent talker from a dedicated channel to a group call channel 106g3F.4 Key derivation 106g3F.4.1 Key derivation within the USIM / GCR . 107g3F.4.2 Key derivation within the ME/BSS 108g3F.4.3 Encryption algorithm selection. 109g3F.4.4 A
49、lgorithm requirements . 109g3F.4.4.1 A8_V 109g3F.4.4.2 KMF 109g3F.5 Encryption of voice group calls 110g3F.6 Specification of the Key Modification Function (KMF) 110g3Annex G (informative): Generation of VSTK_RAND 111g3Annex H (normative): Access security related functions for enhanced General Packet Radio Service (GPRS) in relation to Cellular Internet of Things (CIoT) 112g3H.1 Introduction 112g3H.1.1 General . 112g3H.1.2 Considerations on bidding down attacks 112g3H.2 Authentication and key agreement . 112g3H.3 Ciphering and integrity mode negotiation 112g3H.4 Protection