1、 . STD-ITU-R RECMN M.1223-ENGL 1797 Li855212 0529235 Li52 Rec . ITU-R M.1223 181 RECOMMENDATION ITU-R M . 1223 EVALUATION OF SECURITY MECHANISMS FOR IMT-2000“ (Question ITU-R 39/8) CONTENTS Introduction scope Structure of the Recommendation Related documents . Definitions Considerations Recommendati
2、on. . 7.1 7.2 Requirements on security mechanisms . Classes of security mechanisms 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 7.2.7 Authentication mechanisms 7.2.1.1 Symmetric key 7.2.1.2 Asymmetric key 7.2.1.3 Zero knowledge 7.2.2.1 Temporary identities using symmetric key . 7.2.2.2 7.2.2.3 Anonymous acce
3、ss 7.2.3.1 Block ciphers 7.2.3.2 Stream ciphers . Non-cryptographic security mechanisms 7.2.4.1 User verification 7.2.4.2 Registration . 7.2.4.3 Call count Integrity mechanisms 7.2.5.1 Encipherment 7.2.5.2 Symmetric key 7.2.5.3 Asymmetric key Non-repudiation mechanisms . Security management 7.2.7.1
4、Key management . 7.2.7.2 Version management . Anonymity mechanisms Identity confidentiality using asymmetric key Confidentiality mechanisms Annex 1 . Candidate security mechanisms 1 Mutual authentication mechanism based on a secret key check function 1.1 Features provided . 1.2 Initial requirements
5、. 1.3 Mechanism description . 1.3.1 Current registrations 1.3.2 New registrations (1997) Page 182 183 183 183 183 184 185 185 185 185 185 186 187 187 187 187 188 188 188 188 188 188 189 189 189 189 190 190 190 190 190 190 191 191 191 191 192 192 192 * International Mobile Telecommunications-2000 (IM
6、T-200) is also known as Future Public Land Mobile Telecommunication Systems (FPLMTS) . COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling ServicesSTD-ITU-R RECMN M-1223-ENGL 1777 m Li855212 05272Lb 397 m 182 Rec . ITU-R M.1223 1.4 Evaluation . 1.
7、4.1 Security service provision . 1.4.2 Communications overheads 1.4.3 Administration overheads . 1.4.4 Processing and other hardware overheads 1.4.5 Adherence to international standards 1.4.6 Limitations on use . 2 Unilateral authentication mechanism based on digital signatures 2.1 Features provided
8、 . 2.2 Initial requirements . 2.3 Mechanism description . 2.3.1 Current registrations 2.3.2 New registrations 2.4 Evaluation . 2.4.1 Security service provision . 2.4.2 Communications overheads 2.4.3 Administration overheads . 2.4.4 Processing and other hardware overheads 2.4.5 Adherence to internati
9、onal standards 2.4.6 Limitations on use . Unilateral authentication mechanism based on public key schemes 3.2 Initial requirements . 3.3 Mechanism description . 3.3,l Public key certificates . 3.3.2 The authentication mechanism 3.3.3 A variant . 3.4 Evaluation . 3.4.1 Security service provision . 3.
10、4.2 Communications overheads 3.4.3 Administration overheads . 3.4.4 Processing and other hardware overheads 3.4.5 Adherence to international standards 3.4.6 Limitations on use . 3 3.1 Features provided . Page 193 193 194 194 194 194 194 194 194 194 195 195 195 196 196 196 196 196 196 196 196 197 197
11、 197 198 198 198 198 198 199 199 199 199 199 1 Introduction International Mobile Telecommunications-2000 (iMT.2000). also known as Future Public Land Mobile Telecommuni- cation Systems (FPLMTS). are third generation mobile systems that are scheduled to start service around the year 2000. subject to
12、market considerations . They will provide access. by means of one or more radio links. to a wide range of telecommunication services supported by the fixed telecommunication networks (e.g. PSTNDSDN). and to other services specific to mobile users . A range of mobile terminal types is encompassed. ac
13、cessing terrestrial or satellite-based networks. with terminals being designed for mobile or fixed use . Key features of IMT-2ooO are: - - high degree of commonality of design worldwide. compatibility of services within IMT-2OOO and with fixed networks. COPYRIGHT International Telecommunications Uni
14、on/ITU RadiocommunicationsLicensed by Information Handling ServicesRec. ITU-R M.1223 183 - high quality, - - low cost. use of a small pocket-terminal with worldwide roaming capability, IMT-2000 are defined by a set of interdependent ITU Recommendations of which this one is a member. The subject matt
15、er of JMT-2000 is complex and its representation in the form of Recommendations is evolving. To maintain the pace of progress on the subject it is necessary to produce a sequence of Recommendations on a variety of aspects. The Recommendations strive to avoid apparent conflicts between themselves. Ne
16、vertheless, future Recom- mendations, or revisions, will be used to resolve any discrepancies. Due to the particular radiating nature of wireless communications, IMT-2000 needs to incorporate security measures to prevent transmitted data from being accessed by unauthorized parties. In addition, the
17、nature of mobile communication requires security measures to prevent fraudulent access to services, and misappropriation of provider and operator resources. 2 Scope The scope of this Recommendation is to identify classes of security mechanisms appropriate for implementing the IMT-2000 security featu
18、res defined in Recommendation ITU-R M.1078 on security principles for FPLMTS, and thus for satisfying the FPLMTS security requirements identified in the same Recommendation. Annex 1 to this Recommendation describes specific candidate security mechanisms, and assesses their suitability for use in IMT
19、-2000FFLMTS. This Recommendation is intended to be a starting point for the development of more detailed IMT-2000 Recommen- dations relevant to security which will be developed by various ITU Study Groups. 3 Structure of the Recommendation A number of requirements on security mechanisms are identifi
20、ed in 37.1. Section 7.2 identifies various classes of security mechanisms, and discusses their suitability for implementing the IMT-2000 security features identified in Recommendation ITU-R M.1078. In Annex 1, several candidate security mechanisms for IMT-2OOO are described, and their suitability as
21、sessed. 4 Related documents The following ITU Recommendations contain information on IMT-2000FFLMTS relating to this Recommendation: Recommendation ITU-R M.687: Future Public Land Mobile Telecommunication Systems; Recommendation ITU-R M. 1078: Security principles for Future Public Land Mobile Teleco
22、mmunication Systems (FPLMTS); ITU-T Recommendation F.115: Service objectives and principles for Future Public Land Mobile Telecommu- nication Systems. 5 Definitions The following acronyms are used in this Recommendation: IMUI: international mobile user identity TMUI: temporary mobile user identity I
23、MTI: international mobile terminal identity TMTI: temporary mobile terminal identity SPID: service provider identity NOD: network operator identity COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling Services184 bu: Ksu: Kpu: Ksigu: Kss: Kps: Ksn:
24、 Kpn: Ks: Au: At: As : An: Ak: Cu: E: D: S: V: H: RND: RES: CERT: CE“: SIG: KO: 1 I 6 Considerations Rec. ITU-R M.1223 user-network operator secret key (symmetric key schemes) user-service provider secret key (symmetric key schemes) user public verification key (asymmetric key schemes) user private
25、signature key (asymmetric key schemes) service provider private signature key (asymmetric key schemes) service provider public verification key (asymmetric key schemes) network operator private deciphering key (asymmetric key schemes) network operator public enciphering key (asymmetric key schemes)
26、session key user authentication algorithm terminal authentication algorithm service provider authentication algorithm network operator key generation algorithm session key generation algorithm identity hiding algorithm ciphering transformation (public key ciphering algorithm) deciphering transformat
27、ion (public key ciphering algorithm) signing transformation (digital signature) verification transfomation (digital signature) hash function random authentication challenge authentication check value certificate a string of bits used to conceal identity signature key offset STD-ITU-R RECMN M.1223-EN
28、GL 3777 4855212 0527238 3b3 In the development of this Recommendation the following factors were considered: the need for the quality of service of IMT-2000 to be comparable to that of the PSTNASDN; the increasing importance of the various types of non-voice telecommunication services; due to the pa
29、rticular radiating nature of wireless communication, it permits easy reception by more parties than the intended recipient; due to the particular nature of wireless communications, provision should be implemented in IMT-2000 for privacy of communication over the radio interface; due to the nature of
30、 mobile communication, concrete steps are required to prevent fraudulent access to services, and the misappropriation of provider and operator resources; system overview given in 0 6 of Recommendation -R M.1078; the relevant ITU-T and ITU-R Recommendations and ongoing studies; the need for a flexibl
31、e system structure able to match network investment to revenue growth, to adapt readily to environmental factors, and to respond to new developments without restricting innovation; the need for mobile terminals (including those with satellite capability) to roam between mobile telecommunication netw
32、orks in different countries; that IMT-2000 will be required to operate in a multitude of environments, each characterized by different propagation characteristics as well as different traffk density and mobility characteristics. COPYRIGHT International Telecommunications Union/ITU Radiocommunication
33、sLicensed by Information Handling Services STD-ITU-R RECMN M*3223-ENGL 3777 4855232 0527239 UT8 = Rec. ITU-R M.1223 185 7 Recommendation Requirements on security mechanisms, and classes of security mechanisms that are recommended for IMT-2000 are given below. 7.1 Requirements on security mechanisms
34、a) The security mechanisms should require the minimum of long-distance real-time signalling. For instance, the need for international signalling connections at every location update or call when roaming should be avoided. b) The security mechanisms should require a minimum of bilateral pre-arrangeme
35、nts between service providers and network operators. The security mechanisms should include the means to manage cryptographic keys which may need to be exchanged by service providers and network operators. c) d) The security mechanisms needed by users should be such that it is easy to distribute and
36、 change their cryptographic keys. e) f) The security mechanisms should be standardized only to the extent needed for interoperability and roaming. The security mechanisms should support version control management to allow for subsequent upgrading and revision of mechanisms. g) The security mechanism
37、s should include the means to detect and report security violations, and the means to restore the system to a secure state. h) The security mechanisms should satisfy legal requirements imposed by national authorities e.g. export controls, lawful interception; The security mechanisms should allow ind
38、ependent handling of user-related security features and terminal-related security features in order that IMT-2000 be able to support both user mobility, wherever it is required, as well as terminal mobility. j) 7.2 Classes of security mechanisms Whilst security features indicate what security is pro
39、vided, security mechanisms indicate how the security is to be provided. This section identifies various classes of security mechanism, and discusses their suitability for providing the security features to be supported by IMT-2000. The classes identified are based on the classification used by IS0 w
40、herever possible. In addition, potential advantages and disadvantages of the various approaches are listed. Only high level descriptions of mechanism classes are given here. More detailed descriptions of particular mechanisms are given in Annex 1. The classes of mechanisms are ordered according to t
41、he security feature they most appropriately fulfil. The term “entity” will be used throughout to indicate an unspecified role (e.g. user, terminal, service provider, network operator, etc.). 7.2.1 Authentication mechanisms A fundamental distinction among security mechanisms is that between so-called
42、 “symmetric” (or secret-key) mechanisms and “asymmetric” (or public-key) mechanisms. Symmetric key mechanisms have been successfully employed in existing mobile systems, asymmetric key mechanisms would be a novelty in mobile systems, but have been successfully employed in existing computer networks.
43、 7.2.1.1 Symmetric key In symmetric key mechanisms, each entity has an associated secret key. Keys are only available to the owning entity and entities trusted by the owner, and must be securely stored, possibly in a removable user identity module (UIM), e.g. smart card, or in a secured database. Au
44、thentication is based on the principle that the secret key of an entity only is known by itself and a limited number of trusted entities e.g. those who wish to authenticate the owner. COPYRIGHT International Telecommunications Union/ITU RadiocommunicationsLicensed by Information Handling ServicesSTD
45、-ITU-R RECMN M*L223-ENGL 1997 M 4855232 0529220 ALT 186 Rec. ITU-R M.1223 To obtain authentication, the entity to be authenticated must exhibit knowledge of the secret key to the authenticating party. This may be done through the generation of challenge - response pairs, perhaps by using the secret
46、key as input (along with other data) to a one-way cryptographic algorithm. Advantages: - for authentication between user and network operator, the use of service provider specific algorithms may be possible. If the network operator is issued with pre-computed authentication parameters from the servi
47、ce provider then the authentication algorithm can be service provider specific. Alternatively, if the network operator receives a (temporary) authentication key, then the authentication key calculation algorithm can be service provider specific; can be easily adapted to calculate session keys; relat
48、ively simple and fast algorithms; small amount of data required for authentication. - - - Disadvantages: - - secured databases have to be available in the network; if the network operator receives a temporary authentication key, then a standardized authentication algorithm must be used across all ne
49、tworks and UIMs; it may be difficult to adapt the mechanisms to cater for authentication between arbitrary entities, due to the necessary distribution of secret keys; a trust relation must be present between the service provider and the network operators for the exchange of keys or pre-calculated authentication sets; a secure communication between the service provider and network operators is required; other features such as incontestable charging and user identity confidentiality may be more difficult to realize. - - - - 7.2.1.2 Asymmetric key In asymmetric key mechanism
