1、 ETSI TS 1Digital cellular telecoSpecification oAn example algorithm (3GPP TS 55.2TECHNICAL SPECIFICATION155 236 V13.0.0 (2016communications system (Phaof A8_V MILENAGE Algorithmm for the key generation funct.236 version 13.0.0 Release 13GLOBAL SYSTEMOBILE COMMUN16-01) hase 2+); thm: ction A8_V 13)
2、TEM FOR ICATIONSRETSI ETSI TS 155 236 V13.0.0 (2016-01)13GPP TS 55.236 version 13.0.0 Release 13Reference RTS/TSGS-0355236vd00 Keywords GSM,SECURITY ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742
3、C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/
4、or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version
5、kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If y
6、ou find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and mi
7、crofilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All right
8、s reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and ow
9、ned by the GSM Association. ETSI ETSI TS 155 236 V13.0.0 (2016-01)23GPP TS 55.236 version 13.0.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publi
10、cly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI
11、Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or m
12、ay become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These sh
13、ould be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “m
14、ay“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 155 236 V1
15、3.0.0 (2016-01)33GPP TS 55.236 version 13.0.0 Release 13Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g31 Scope 5g32 References 5g33 Definitions, symbols and abbreviations . 5g33.1 Definitions 5g33.2 Symbols 5g33.3 Abbreviations . 6g34 Introductory inf
16、ormation 6g34.1 Introduction 6g34.2 Notation 6g34.2.1 Bit/byte ordering . 6g34.2.2 List of symbols . 6g34.3 List of variables 6g34.4 Algorithm inputs and outputs . 6g35 The A8_V MILENAGE algorithm . 7g36 Test data for A8_V MILENAGE . 7g36.1 Introduction 7g36.2 Format 7g36.3 Test Sets . 8g3Annex A (i
17、nformative): Change history . 12g3History 13g3ETSI ETSI TS 155 236 V13.0.0 (2016-01)43GPP TS 55.236 version 13.0.0 Release 13Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The contents of the present document are subject to continuing work wi
18、thin the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG
19、 for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes h
20、ave been incorporated in the document. ETSI ETSI TS 155 236 V13.0.0 (2016-01)53GPP TS 55.236 version 13.0.0 Release 131 Scope The present document contains an example algorithm which may be used as the VSTK key generation function A8_V as described in TS 43.020 4. (It is not mandatory that the parti
21、cular algorithm specified in this document is used - the A8_V function is operator-specifiable rather than being fully standardised.) Clause 4 introduces the algorithm and describes the input and output parameters. Clause 5 defines the algorithm. Clause 6 provides test data. 2 References The followi
22、ng documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply.
23、 For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 35.206: “3G Security; Specific
24、ation of the MILENAGE algorithm set: An example algorithm Set for the 3GPP Authentication and Key Generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification“. 2 3GPP TS 35.207: “3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the
25、3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 3: Implementors test data“. 3 3GPP TS 35.208: “3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f
26、5 and f5*; Document 4: Design conformance test data“. 4 3GPP TS 43.020: “ Security related network functions“. 5 3GPP TR 21.905: “Vocabulary for 3GPP Specifications“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in
27、 TR 21.905 5, TS 35.206 1 and TS 43.020 4, and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905 5, TS 35.206 1 or TS 43.020 4. 3.2 Symbols = The assignment operator. | The concatenation of the two operands. Xi The
28、 ithbit of the variable X. (X = X0 | X1 | X2 | ). ETSI ETSI TS 155 236 V13.0.0 (2016-01)63GPP TS 55.236 version 13.0.0 Release 133.3 Abbreviations For the purposes of the present document, the abbreviations given in TR 21.905 5, TS 35.206 1 and TS 43.020 4, and the following apply. An abbreviation d
29、efined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905 5, TS 35.206 1 or TS 43.020 4. VBS Voice Broadcast Service VGCS Voice Group Call Service 4 Introductory information 4.1 Introduction For VGCS and VBS ciphering in the GSM system the sec
30、urity function A8_V has been specified. The operation of this function falls completely within the domain of an individual operator, and the function is therefore to be specified by each operator rather than being fully standardized. The algorithm specified in this document is an example that may be
31、 used by an operator which does not wish to design its own. The inputs and outputs of the function A8_V is defined in clause 4.4. 4.2 Notation 4.2.1 Bit/byte ordering All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least si
32、gnificant bit (or byte) on the right hand side. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant. When a variable, with bit length L, is shown in h
33、exadecimal format, bit 0 is the most significant bit of the leftmost hexadecimal digit, and bit L-1 is the least significant bit of the rightmost hexadecimal digit. 4.2.2 List of symbols See clause 3.2 4.3 List of variables For V_Ki, VSTK_RAND and VSTK see TS 43.020 4 For all f3-function related var
34、iables see TS 35.206 1 4.4 Algorithm inputs and outputs The inputs to the algorithm are given in table 1, the output in table 2 below. Table 1: Inputs to A8_V Parameter Size (bits) Comment V_Ki128 Group key V_Ki0V_Ki127 VSTK_RAND 36 Random challenge VSTK_RAND0VSTK_RAND35 Table 2: Outputs from A8_V P
35、arameter Size (bits) Comment VSTK 128 Cipher key VSTK0VSTK127 ETSI ETSI TS 155 236 V13.0.0 (2016-01)73GPP TS 55.236 version 13.0.0 Release 135 The A8_V MILENAGE algorithm An example algorithm set for UMTS, called MILENAGE (see Note 1), is specified in TS 35.206 1. A8_V MILENAGE makes use of MILENAGE
36、. Specifically, the function f3 from the UMTS MILENAGE is making use of (all input and output names are prefixed by “MIL3G-“ to distinguish them clearly from the inputs and outputs of A8_V MILENAGE): Function Inputs Output f3 MIL3G-K0MIL3G-K127 MIL3G-RAND0MIL3G-RAND127 MIL3G-CK0MIL3G-CK127 The A8_V
37、MILENAGE functions are defined as follows: - Let (MIL3G-K0MIL3G-K127) = (V_Ki0V_Ki127) - Let (MIL3G-RAND0MIL3G-RAND127) = (EXP_RAND0EXP_RAND127) Whereby EXP_RANDbits 0,1, . . .126,127 = EXPANDbits 0,1, . . .39 | EXPANDbits 0,1, . . .39 | EXPANDbits 0,1, . . .39 | “11111111“ EXPAND bits 0,1, . . .39
38、= “1111“ | VSTK_RANDbits 0,1, . . .35 - Compute MIL3G-CK from MIL3G-K and MIL3G-RAND, using the MILENAGE function f3 - Set (VSTK0VSTK127) = (MIL3G-CK0MIL3G-CK127) NOTE 1: MILENAGE uses a 128-bit operator-specific constant OP; a value has to be assigned to this constant for MILENAGE to be fully speci
39、fied. 6 Test data for A8_V MILENAGE 6.1 Introduction The test data sets presented here have been derived from the MILENAGE test sets in 3. 6.2 Format The format of each test data set is as follows: Test Set n V_Ki secret group key VSTK_RAND 36-bit random challenge MIL3G-RAND 128-bit expansion of VST
40、K_RAND according to clause 4 OP operator-specific MILENAGE constant OPc derived from OP and V_Ki see 1 MIL3G-CK (VSTK) MILENAGE f3 output, that equals the Short Term Key for use in VGCS and VBS ciphering All test data in this tabular format is shown in hexadecimal representation. The first test set
41、is also shown in binary, to show explicitly the relationship between the binary data and the hexadecimal representation. ETSI ETSI TS 155 236 V13.0.0 (2016-01)83GPP TS 55.236 version 13.0.0 Release 136.3 Test Sets Test Set 1 in binary format V_Ki 01000110 01011011 01011100 11101000 10110001 10011001
42、 10110100 10011111 10101010 01011111 00001010 00101110 11100010 00111000 10100110 10111100 VSTK_RAND 00100011 01010101 00111100 10111110 1001 MIL3G-RAND 11110010 00110101 01010011 11001011 11101001 11110010 00110101 01010011 11001011 11101001 11110010 00110101 01010011 11001011 11101001 11111111 OP
43、11001101 11000010 00000010 11010101 00010010 00111110 00100000 11110110 00101011 01101101 01100111 01101010 11000111 00101100 10110011 00011000 OPc 11001101 01100011 11001011 01110001 10010101 01001010 10011111 01001110 01001000 10100101 10011001 01001110 00110111 10100000 00101011 10101111 MIL3G-CK
44、 (VSTK) 11010111 01110011 11000111 11111111 11000110 01000000 11001101 00100100 10000001 11110101 00010010 11011100 10111101 01011100 11000000 11110110 Test Set 1 V_Ki 465b5ce8 b199b49f aa5f0a2e e238a6bc VSTK_RAND 23553cbe 9 MIL3G-RAND f23553cb e9f23553 cbe9f235 53cbe9ff OP cdc202d5 123e20f6 2b6d676
45、a c72cb318 OPc cd63cb71 954a9f4e 48a5994e 37a02baf MIL3G-CK (VSTK) d773c7ff c640cd24 81f512dc bd5cc0f6 Test Set 2 V_Ki fec86ba6 eb707ed0 8905757b 1bb44b8f VSTK_RAND 9f7c8d02 1 MIL3G-RAND f9f7c8d0 21f9f7c8 d021f9f7 c8d021ff OP dbc59adc b6f9a0ef 735477b7 fadf8374 OPc 1006020f 0a478bf6 b699f15c 062e42b
46、3 MIL3G-CK (VSTK) a0b28afe ca802828 c324eb86 a7b06903 Test Set 3 V_Ki 9e5944ae a94b8116 5c82fbf9 f32db751 VSTK_RAND ce83dbc5 4 MIL3G-RAND fce83dbc 54fce83d bc54fce8 3dbc54ff OP 223014c5 806694c0 07ca1eee f57f004f OPc a64a507a e1a2a98b b88eb421 0135dc87 MIL3G-CK (VSTK) f2abba4c 9d52cf6b 99b43d2a 799e
47、9470 Test Set 4 V_Ki 4ab1deb0 5ca6ceb0 51fc98e7 7d026a84 VSTK_RAND 74b0cd60 3 MIL3G-RAND f74b0cd6 03f74b0c d603f74b 0cd603ff OP 2d16c5cd 1fdf6b22 383584e3 bef2a8d8 OPc dcf07cbd 51855290 b92a07a9 891e523e MIL3G-CK (VSTK) d4500866 a11b5b7d 3d89d485 d25e14da ETSI ETSI TS 155 236 V13.0.0 (2016-01)93GPP
48、TS 55.236 version 13.0.0 Release 13Test Set 5 V_Ki 6c38a116 ac280c45 4f59332e e35c8c4f VSTK_RAND ee6466bc 9 MIL3G-RAND fee6466b c9fee646 6bc9fee6 466bc9ff OP 1ba00a1a 7c6700ac 8c3ff3e9 6ad08725 OPc 3803ef53 63b947c6 aaa225e5 8fae3934 MIL3G-CK (VSTK) bafd96fb 7c417cce 58597e0f 118b6a02 Test Set 6 V_K
49、i 2d609d4d b0ac5bf0 d2c0de26 7014de0d VSTK_RAND 194aa756 0 MIL3G-RAND f194aa75 60f194aa 7560f194 aa7560ff OP 460a4838 5427aa39 264aac8e fc9e73e8 OPc c35a0ab0 bcbfc925 2caff15f 24efbde0 MIL3G-CK (VSTK) b4d5f9b7 94d269c5 706ee6e3 1453a426 Test Set 7 V_Ki a530a7fe 428fad10 82c45edd fce13884 VSTK_RAND 3a4c2b32 4 MIL3G-RAND f3a4c2b3 24f3a4c2 b324f3a4 c2b324ff OP 511c6c4e 83e38c89 b1c5d8dd e62426fa OPc 27953e49 bc8af6dc c6e730e