ebook img

TS 133 102 - V3.3.1 - Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3G TS 33.102 version 3.3.1 Release 1999) PDF

61 Pages·0.49 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview TS 133 102 - V3.3.1 - Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3G TS 33.102 version 3.3.1 Release 1999)

ETSI TS 133 102 V3.3.1 (2000-01) TechnicalSpecification Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3G TS 33.102 version 3.3.1 Release 1999) (3GTS33.102version3.3.1Release1999) 1 ETSITS133102V3.3.1(2000-01) Reference DTS/TSGS-0333102U Keywords UMTS ETSI Postaladdress F-06921SophiaAntipolisCedex-FRANCE Officeaddress 650RoutedesLucioles-SophiaAntipolis Valbonne-FRANCE Tel.:+33492944200 Fax:+33493654716 SiretN°34862356200017-NAF742C Associationàbutnonlucratifenregistréeàla Sous-PréfecturedeGrasse(06)N°7803/88 Internet [email protected] IndividualcopiesofthisETSIdeliverable canbedownloadedfrom http://www.etsi.org Ifyoufinderrorsinthepresentdocument,sendyour commentto:[email protected] Importantnotice ThisETSIdeliverablemaybemadeavailableinmorethanoneelectronicversionorinprint.Inanycaseofexistingor perceiveddifferenceincontentsbetweensuchversions,thereferenceversionisthePortableDocumentFormat(PDF). Incaseofdispute,thereferenceshallbetheprintingonETSIprintersofthePDFversionkeptonaspecificnetwork drivewithinETSISecretariat. CopyrightNotification Nopartmaybereproducedexceptasauthorizedbywrittenpermission. Thecopyrightandtheforegoingrestrictionextendtoreproductioninallmedia. ©EuropeanTelecommunicationsStandardsInstitute2000. Allrightsreserved. ETSI (3GTS33.102version3.3.1Release1999) 2 ETSITS133102V3.3.1(2000-01) Intellectual Property Rights IPRsessentialorpotentiallyessentialtothepresentdocumentmayhavebeendeclaredtoETSI.Theinformation pertainingtotheseessentialIPRs,ifany,ispubliclyavailableforETSImembersandnon-members,andcanbefound inSR000314:"IntellectualPropertyRights(IPRs);Essential,orpotentiallyEssential,IPRsnotifiedtoETSIinrespect ofETSIstandards",whichisavailablefromtheETSISecretariat.LatestupdatesareavailableontheETSIWebserver (http://www.etsi.org/ipr). PursuanttotheETSIIPRPolicy,noinvestigation,includingIPRsearches,hasbeencarriedoutbyETSI.Noguarantee canbegivenastotheexistenceofotherIPRsnotreferencedinSR000314(ortheupdatesontheETSIWebserver) whichare,ormaybe,ormaybecome,essentialtothepresentdocument. Foreword ThisTechnicalSpecification(TS)hasbeenproducedbytheETSI3rdGenerationPartnershipProject(3GPP). Thepresentdocumentmayrefertotechnicalspecificationsorreportsusingtheir3GPPidentitiesorGSMidentities. TheseshouldbeinterpretedasbeingreferencestothecorrespondingETSIdeliverables.Themappingofdocument identitiesisasfollows: For3GPPdocuments: 3GTS|TRnn.nnn"<title>"(withorwithouttheprefix3G) isequivalentto ETSITS|TR1nnnnn"[Digitalcellulartelecommunicationssystem(Phase2+)(GSM);]UniversalMobile TelecommunicationsSystem;<title> ForGSMdocumentidentitiesoftype"GSMxx.yy",e.g.GSM01.04,thecorrespondingETSIdocumentidentitymaybe foundintheCrossReferenceListonwww.etsi.org/key ETSI 3G TS 33.102 version 3.3.1 Release 1999 3 3G TS 33.102 V3.3.1 (2000-01) Contents Foreword............................................................................................................................................................6 1 Scope........................................................................................................................................................7 2 References................................................................................................................................................7 2.1 Normative references.........................................................................................................................................7 2.2 Informative references.......................................................................................................................................8 3 Definitions, symbols and abbreviations...................................................................................................8 3.1 Definitions.........................................................................................................................................................8 3.2 Symbols.............................................................................................................................................................9 3.3 Abbreviations.....................................................................................................................................................9 4 Overview of the security architecture....................................................................................................11 5 Security features....................................................................................................................................12 5.1 Network access security...................................................................................................................................12 5.1.1 User identity confidentiality.......................................................................................................................12 5.1.2 Entity authentication..................................................................................................................................13 5.1.3 Confidentiality............................................................................................................................................13 5.1.4 Data integrity..............................................................................................................................................14 5.1.5 Mobile equipment identification................................................................................................................14 5.2 Network domain security.................................................................................................................................14 5.2.1 Entity authentication..................................................................................................................................14 5.2.2 Data confidentiality....................................................................................................................................14 5.2.3 Data integrity..............................................................................................................................................15 5.2.4 Fraud information gathering system...........................................................................................................15 5.3 User domain security.......................................................................................................................................15 5.3.1 User-to-USIM authentication.....................................................................................................................15 5.3.2 USIM-Terminal Link.................................................................................................................................15 5.4 Application security.........................................................................................................................................16 5.4.1 Secure messaging between the USIM and the network.............................................................................16 5.4.2 Network-wide user traffic confidentiality..................................................................................................16 5.4.3 Access to user profile data.........................................................................................................................16 5.4.4 IP security..................................................................................................................................................16 5.5 Security visibility and configurability..............................................................................................................17 5.5.1 Visibility....................................................................................................................................................17 5.5.2 Configurability...........................................................................................................................................17 6 Network access security mechanisms....................................................................................................17 6.1 Identification by temporary identities..............................................................................................................17 6.1.1 General.......................................................................................................................................................17 6.1.2 TMUI reallocation procedure.....................................................................................................................17 6.1.3 Unacknowledged allocation of a temporary identity..................................................................................18 6.1.4 Location update..........................................................................................................................................18 6.2 Identification by a permanent identity.............................................................................................................19 6.3 Authentication and key agreement...................................................................................................................19 6.3.1 General.......................................................................................................................................................19 6.3.2 Distribution of authentication data from HE to SN....................................................................................21 6.3.3 Authentication and key agreement.............................................................................................................23 6.3.3.1 Cipher key selection.............................................................................................................................25 6.3.3.1.1 User plane.......................................................................................................................................25 6.3.3.1.2 Control plane...................................................................................................................................25 6.3.4 Distribution of IMSI and temporary authentication data within one serving network domain..................25 6.3.5 Re-synchronisation procedure....................................................................................................................26 6.3.6 Reporting authentication failures from the SGSN/VLR to the HLR..........................................................27 6.3.7 Length of sequence numbers......................................................................................................................28 6.4 Local authentication and connection establishment.........................................................................................28 6.4.1 Cipher key and integrity key setting...........................................................................................................28 3GPP 3G TS 33.102 version 3.3.1 Release 1999 4 3G TS 33.102 V3.3.1 (2000-01) 6.4.2 Cipher key and integrity mode negotiation................................................................................................28 6.4.3 Cipher key and integrity key lifetime.........................................................................................................28 6.4.4 Cipher key and integrity key identification................................................................................................29 6.4.5 Security mode set-up procedure.................................................................................................................29 6.4.6 Signalling procedures in the case of an unsuccessful integrity check........................................................31 6.5 Access link data integrity.................................................................................................................................32 6.5.1 General.......................................................................................................................................................32 6.5.2 Integrity algorithm......................................................................................................................................32 6.5.3 UIA identification.....................................................................................................................................33 6.6 Access link data confidentiality.......................................................................................................................33 6.6.1 General.......................................................................................................................................................33 6.6.2 Ciphering algorithm...................................................................................................................................33 6.6.3 UEA identification.....................................................................................................................................33 6.6.4 Synchronisation of ciphering......................................................................................................................34 6.6.4.1 Layer for ciphering...............................................................................................................................34 6.6.4.2 Intra-system handover..........................................................................................................................34 6.7 Network-wide encryption................................................................................................................................34 6.7.1 Introduction................................................................................................................................................34 6.7.2 Ciphering method.......................................................................................................................................35 6.7.3 Key management........................................................................................................................................36 6.7.3.1 General case..........................................................................................................................................36 6.7.3.2 Outline scheme for intra-serving network case....................................................................................36 6.7.3.3 Variant on the outline scheme..............................................................................................................37 6.8 Interoperation and handover between UMTS and GSM..................................................................................37 6.8.1 Authentication and key agreement of UMTS subscribers..........................................................................37 6.8.1.1 General.................................................................................................................................................37 6.8.1.2 R99+ HLR/AuC....................................................................................................................................38 6.8.1.3 R99+ MSC/VLR or SGSN...................................................................................................................39 6.8.1.4 R99+ UE...............................................................................................................................................39 6.8.1.5 USIM....................................................................................................................................................40 6.8.2 Authentication and key agreement for GSM subscribers...........................................................................40 6.8.2.1 General.................................................................................................................................................40 6.8.2.2 R99+ MSC/VLR or SGSN...................................................................................................................41 6.8.2.3 R99+ UE...............................................................................................................................................42 6.8.3 Intersystem handover for CS Services – from UTRAN to GSM BSS.......................................................42 6.8.3.1 UMTS security context.........................................................................................................................42 6.8.3.2 GSM security context...........................................................................................................................42 6.8.4 Intersystem handover for CS Services – from GSM BSS to UTRAN.......................................................42 6.8.4.1 UMTS security context.........................................................................................................................42 6.8.4.2 GSM security context...........................................................................................................................43 6.8.5 Intersystem change for PS Services – from UTRAN to GSM BSS...........................................................43 6.8.5.1 UMTS security context.........................................................................................................................43 6.8.5.2 GSM security context...........................................................................................................................43 6.8.6 Intersystem change for PS services – from GSM BSS to UTRAN............................................................43 6.8.6.1 UMTS security context.........................................................................................................................43 6.8.6.2 GSM security context...........................................................................................................................44 7 Network domain security mechanisms..................................................................................................44 7.1 Overview of Mechanism..................................................................................................................................44 7.1.1 Layer I........................................................................................................................................................44 7.1.2 Layer II.......................................................................................................................................................45 7.1.3 Layer III.....................................................................................................................................................45 7.1.4 General Overview......................................................................................................................................45 7.2 Layer I Message Format..................................................................................................................................45 7.2.1 Properties and Tasks of Key Administration Centres................................................................................46 7.2.2 Transport of Session Keys..........................................................................................................................46 7.3 Layer II Message Format.................................................................................................................................47 7.4 Layer III Message Format................................................................................................................................47 7.4.1 General Structure of Layer III Messages....................................................................................................47 7.4.2 Format of Layer III Message Body............................................................................................................48 7.4.2.1 Protection Mode 0................................................................................................................................48 7.4.2.2 Protection Mode 1................................................................................................................................48 3GPP 3G TS 33.102 version 3.3.1 Release 1999 5 3G TS 33.102 V3.3.1 (2000-01) 7.4.2.3 Protection Mode 2................................................................................................................................48 7.5 Mapping of MAP Messages and Modes of Protection....................................................................................49 8 Application security mechanisms..........................................................................................................49 8.1 Secure messaging between the USIM and the network...................................................................................49 8.2 Void.................................................................................................................................................................49 8.3 Mobile IP security............................................................................................................................................49 Annex A (informative): Requirements analysis..................................................................................50 Annex B (informative): Enhanced user identity confidentiality........................................................51 Annex C (informative): Management of sequence numbers..............................................................52 C.1 Generation of sequence numbers in the Authentication Centre.............................................................52 C.2 Handling of sequence numbers in the USIM.........................................................................................53 C.2.1 Protection against wrap around of counter in the USIM..................................................................................53 C.2.2 Acceptance rule...............................................................................................................................................53 C.2.3 List update.......................................................................................................................................................53 C.2.4 Notes................................................................................................................................................................53 Annex D: Void........................................................................................................................................55 Annex E (informative): A Proposal for Layer II Message Format...................................................56 E.1 Introduction............................................................................................................................................56 E.2 Proposed Layer II Message Format.......................................................................................................56 E.2.1 Sending a session key for decryption...............................................................................................................56 E.2.2 Sending a session key for encryption...............................................................................................................57 Annex F (informative): Example uses of AMF...................................................................................58 F.1 Support multiple authentication algorithms and keys............................................................................58 F.2 Changing list parameters.......................................................................................................................58 F.3 Setting threshold values to restrict the lifetime of cipher and integrity keys.........................................58 Annex G (informative): Change history...............................................................................................59 3GPP 3G TS 33.102 version 3.3.1 Release 1999 6 3G TS 33.102 V3.3.1 (2000-01) Foreword This Technical Specification has been produced by the 3GPP. The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of this TS, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version 3.y.z where: 3 the first digit: 3 Indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the specification. 3GPP 3G TS 33.102 version 3.3.1 Release 1999 7 3G TS 33.102 V3.3.1 (2000-01) 1 Scope This specification defines the security architecture, i.e., the security features and the security mechanisms, for the third generation mobile telecommunication system. A security feature is a service capabilities that meets one or several security requirements. The complete set of security features address the security requirements as they are defined in "3G Security: Threats and Requirements" (21.133 [1]). A security mechanism is an element that is used to realise a security feature. All security features and security requirements taken together form the security architecture. An example of a security feature is user data confidentiality. A security mechanism that may be used to implement that feature is a stream cipher using a derived cipher key. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. • For a specific reference, subsequent revisions do not apply. • For a non-specific reference, the latest version applies. 2.1 Normative references [1] 3G TS 21.133: "3rd Generation Partnership Project (3GPP); Technical Specification Group (TSG) SA; 3G Security; Security Threats and Requirements". [2] 3G TS 33.120: "3rd Generation Partnership Project (3GPP); Technical Specification Group (TSG) SA; 3G Security; Security Principles and Objectives". [3] UMTS 33.21, version 2.0.0: "Security requirements". [4] UMTS 33.22, version 1.0.0: "Security features". [5] UMTS 33.23, version 0.2.0: "Security architecture". [6] Proposed UMTS Authentication Mechanism based on a Temporary Authentication Key. [7] TTC Work Items for IMT-2000 – System Aspects. [8] Annex 8 of "Requirements and Objectives for 3G Mobile Services and systems" – "Security Design Principles". [9] ETSI GSM 09.02 Version 4.18.0: Mobile Application Part (MAP) Specification. [10] ISO/IEC 11770-3: Key Management – Mechanisms using Asymmetric Techniques. [11] ETSI SAGE: Specification of the BEANO encryption algorithm, Dec. 1995 (confidential). [12] ETSI SMG10 WPB: SS7 Signalling Protocols Threat Analysis , Input Document AP 99-28 to SMG10 Meeting#28, Stockholm, Sweden. [13] 3G TS 33.105: "3rd Generation Partnership Project (3GPP); Technical Specification Group (TSG) SA; 3G Security; Cryptographic Algorithm Requirements". 3GPP 3G TS 33.102 version 3.3.1 Release 1999 8 3G TS 33.102 V3.3.1 (2000-01) 2.2 Informative references GSM documents: [14] GSM 02.09 version 5.1.1: "Security Aspects". [15] GSM 02.22 version 6.0.0: "Personalisation of GSM Mobile Equipment (ME); Mobile functionality specification". [16] GSM 02.48, version 6.0.0: "Security Mechanisms for the SIM Application Toolkit; Stage 1". [17] GSM 02.60, version 7.0.0: "GPRS; Service Description; Stage 1". [18] GSM 03.20, version 6.0.1: "Security related network functions". [19] GSM 03.48, version 6.1.0; "Security Mechanisms for the SIM application toolkit; Stage 2". [20] GSM 03.60, version 7.0.0: "GPRS; Service Description; Stage 2". [21] GSM 11.11, version 7.1.0: "Specification of SIM-terminal interface". [22] GSM 11.14, version 7.1.0: "Specification of SIM Application Toolkit for SIM-terminal interface". UMTS documents: [23] UMTS 21.11, version 0.4.0: "IC-card aspects". [24] UMTS 23.01, version 1.0.0: "UMTS Network architecture". [25] UMTS 23.20, version 1.4.0: "Evolution of the GSM platform towards UMTS". 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the following definitions apply: Confidentiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes. Data integrity: The property that data has not been altered in an unauthorised manner. Data origin authentication: The corroboration that the source of data received is as claimed. Entity authentication: The provision of assurance of the claimed identity of an entity. Key freshness: A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party. USIM – User Services Identity Module. In a security context, this module is responsible for performing UMTS subscriber and network authentication and key agreement. It should also be capable of performing GSM authentication and key agreement to enable the subscriber to roam easily into a GSM Radio Access Network. SIM – GSM Subscriber Identity Module. In a security context, this module is responsible for performing GSM subscriber authentication and key agreement. This module is not capable of handling UMTS authentication nor storing UMTS style keys. UMTS Entity authentication and key agreement: Entity authentication according to this specification. GSM Entity authentication and key agreement: Entity authentication according to TS ETSI GSM 03.20 User access module: either a USIM or a SIM 3GPP 3G TS 33.102 version 3.3.1 Release 1999 9 3G TS 33.102 V3.3.1 (2000-01) Mobile station, user: the combination of user equipment and a user access module. UMTS subscriber: a mobile station that consists of user equipment with a USIM inserted. GSM subscriber: a mobile station that consists of user equipment with a SIM inserted. UMTS security context: a state that is established between a user and a serving network domain as a result of the execution of UMTS AKA. At both ends "UMTS security context data" is stored, that consists at least of the UMTS cipher/integrity keys CK and IK and the key set identifier KSI. GSM security context: a state that is established between a user and a serving network domain usually as a result of the execution of GSM AKA. At both ends "GSM security context data" is stored, that consists at least of the GSM cipher key Kc and the cipher key sequence number CKSN. Quintet, UMTS authentication vector: temporary authentication data that enables an MSC/VLR or SGSN to engage in UMTS AKA with a particular user. A quintet consists of five elements: a) a network challenge RAND, b) an expected user response XRES, c) a cipher key CK, d) an integrity key IK and e) a network authentication token AUTN. Triplet, GSM authentication vector: temporary authentication data that enables an MSC/VLR or SGSN to engage in GSM AKA with a particular user. A triplet consists of three elements: a) a network challenge RAND, b) an expected user response SRES and c) a cipher key Kc. Authentication vector: either a quintet or a triplet. Temporary authentication data: either UMTS or GSM security context data or UMTS or GSM authentication vectors. 3.2 Symbols For the purposes of the present document, the following symbols apply: || Concatenation ⊕ Exclusive or f1 Message authentication function used to compute MAC f2 Message authentication function used to compute RES and XRES f3 Key generating function used to compute CK f4 Key generating function used to compute IK f5 Key generating function used to compute AK f6 Encryption function used to encrypt the IMUI f7 Decryption function used to decrypt the IMUI (=f6-1) K Long-term secret key shared between the USIM and the AuC 3.3 Abbreviations For the purposes of the present document, the following abbreviations apply: AK Anonymity Key AKA Authentication and key agreement AMF Authentication management field AUTN Authentication Token AV Authentication Vector CK Cipher Key CKSN Cipher key sequence number CS Circuit Switched D (data) Decryption of "data" with Secret Key of X used for signing SK(X) E (data) Encryption of "data" with Symmetric Session Key #i for sending data from X to Y KSXY(i) E (data) Encryption of "data" with Public Key of X used for encryption PK(X) Hash(data) The result of applying a collision-resistant one-way hash-function to "data" HE Home Environment HLR Home Location Register IK Integrity Key IMSI International Mobile Subscriber Identity 3GPP

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.