SIST EN 300 175-7 V2.7.1:2018
(Main)Digital Enhanced Cordless Telecommunications (DECT) - Common Interface (CI) - Part 7: Security features
Digital Enhanced Cordless Telecommunications (DECT) - Common Interface (CI) - Part 7: Security features
The present document is one of the parts of the specification of the Digital Enhanced Cordless Telecommunications
(DECT) Common Interface (CI).
The present document specifies the security architecture, the types of cryptographic algorithms required, the way in
which they are to be used, and the requirements for integrating the security features provided by the architecture into the
DECT CI. It also describes how the features can be managed and how they relate to certain DECT fixed systems and
local network configurations.
The security architecture is defined in terms of the security services which are to be supported at the CI, the
mechanisms which are to be used to provide the services, and the cryptographic parameters, keys and processes which
are associated with these mechanisms.
The security processes specified in the present document are each based on one of three cryptographic algorithms:
• an authentication algorithm;
• a key stream generator for MAC layer encryption; and
• a key stream generator plus a Message Authentication Code generator for CCM authenticated encryption.
The architecture is, however, algorithm independent, and either the DECT standard algorithms, or appropriate
proprietary algorithms, or indeed a combination of both can, in principle, be employed. The use of the employed
algorithm is specified in the present document.
Integration of the security features is specified in terms of the protocol elements and processes required at the Network
(NWK) and Medium Access Control (MAC) layers of the CI.
The relationship between the security features and various network elements is described in terms of where the security
processes and management functions may be provided.
The present document does not address implementation issues. For instance, no attempt is made to specify whether the
DSAA or DSAA2 should be implemented in the PP at manufacture, or whether the DSAA, DSAA2 or a proprietary
authentication algorithm should be implemented in a detachable module. Similarly, the present document does not
specify whether the DSC or DSC2 should be implemented in hardware in all PPs at manufacture, or whether special
PPs should be manufactured with the DSC, DSC2 or proprietary ciphers built into them. The security architecture
supports all these options, although the use of proprietary algorithms may limit roaming and the concurrent use of PPs
in different environments.
Within the standard authentication algorithms, DSAA2, DSC2 and CCM are stronger than DSAA and DSC and provide
superior protection. DSAA2 and DSC2 are based on AES [10] and were created in 2011. CCM is also based on
AES [10] and was added to the standard in 2012.
The present document includes New Generation DECT, a further development of the DECT standard introducing
wideband speech, improved data services, new slot types and other technical enhancements.
The present document also includes DECT Ultra Low Energy (ULE), a low rate data technology based on DECT
intended for M2M applications with ultra low power consumption.
Digitalne izboljšane brezvrvične telekomunikacije (DECT) - Skupni vmesnik (CI) - 7. del: Varnostne lastnosti
Ta dokument je eden od delov specifikacije skupnega vmesnika (CI) za digitalne izboljšane brezvrvične telekomunikacije (DECT).
V tem dokumentu so določeni varnostna arhitektura, vrste zahtevanih kriptografskih algoritmov in način njihove uporabe ter zahteve za integriranje varnostnih lastnosti arhitekture v skupni vmesnik za digitalne izboljšane brezvrvične telekomunikacije. Opisuje tudi načine upravljanja funkcij ter njihovo povezavo z določenimi fiksnimi sistemi digitalnih izboljšanih brezvrvičnih telekomunikacij in lokalnimi konfiguracijami omrežij.
Varnostna arhitektura je določena v okviru varnostnih storitev, ki jih podpira skupni vmesnik, pri čemer mehanizmi tega vmesnika zagotavljajo storitve ter kriptografske parametre, ključe in procese, povezane s temi mehanizmi.
Varnostni procesi, določni v tem dokumentu, so osnovani na treh kriptografskih algoritmih:
• algoritem preverjanja pristnosti,
• generator toka ključev za šifriranje plasti kode MAC in
• generator toka ključev in generator kode pristnosti sporočil za preverjeno šifriranje CCM.
Vendar je arhitektura neodvisna od algoritma, zato je načeloma mogoče uporabiti algoritme standarda digitalnih izboljšanih brezvrvičnih telekomunikacij, ustrezne lastniške algoritme ali kombinacijo obeh. Uporaba algoritma je določena v tem dokumentu.
Integriranje varnostnih lastnosti je določeno v okviru protokolnih elementov in postopkov, ki so potrebni v omrežnih (NWK) plasteh in plasteh krmiljenja dostopa do prenosnega medija (MAC) skupnega vmesnika.
Razmerje med varnostnimi lastnostmi in različnimi omrežnimi elementi je opisano glede na lokacije, na katerih bodo zagotovljeni varnostni postopki in funkcije upravljanja.
Ta dokument ne obravnava vprašanj uvedbe. Ta dokument na primer ne vsebuje nobene navedbe, ki bi določala uvedbo DSAA ali DSAA2 v PP med proizvodnjo oz. uvedbo DSAA, DSAA2 ali lastniškega algoritma za preverjanje pristnosti v snemljivi modul. Prav tako ta dokument ne določa uvedbe DSC ali DSC2 v strojno opremo vseh PP-jev med proizvodnjo oz. proizvodnje posebnih PP-jev z vgrajenimi DSC, DSC2 ali lastniškimi šiframi. Varnostna arhitektura podpira vse te možnosti, čeprav lahko uporaba lastniških algoritmov omejuje gostovanje in hkratno uporabo PP-jev
v različnih okoljih.
General Information
- Status
- Published
- Public Enquiry End Date
- 24-Sep-2017
- Publication Date
- 17-Dec-2017
- Technical Committee
- MOC - Mobile Communications
- Current Stage
- 6060 - National Implementation/Publication (Adopted Project)
- Start Date
- 04-Dec-2017
- Due Date
- 08-Feb-2018
- Completion Date
- 18-Dec-2017
Overview
SIST EN 300 175-7 V2.7.1:2018 specifies the security features of the Digital Enhanced Cordless Telecommunications (DECT) Common Interface (CI). It defines a security architecture for DECT CI, describing the security services, mechanisms, cryptographic parameters, keys and processes required for authentication, confidentiality and authenticated encryption. The document is algorithm‑independent (allowing DECT standard or proprietary algorithms) but prescribes how chosen algorithms must be used and integrated into the CI, with particular support for DECT standard algorithms and New Generation DECT and DECT Ultra Low Energy (ULE).
Key topics and technical requirements
- Security services: authentication of Portable Terminals (PT) and Fixed Terminals (FT), mutual authentication, data confidentiality and user authentication.
- Cryptographic algorithms: three algorithm types are supported:
- an authentication algorithm (A / DSAA, DSAA2, or proprietary),
- a keystream generator for MAC‑layer encryption (DSC / DSC2 or proprietary),
- a keystream + MAC generator for CCM authenticated encryption (AES‑based CCM).
- Algorithm notes: DSAA2, DSC2 and CCM (both AES‑based) provide stronger protection than earlier DSAA/DSC; DSAA2/DSC2 were introduced in 2011 and CCM in 2012.
- Key types and derivation: document defines keys and derivation processes including Authentication key (K), session keys (KS, KS'), Cipher Key (CK), Derived Cipher Key (DCK), Static Cipher Key (SCK) and Default Cipher Key (DefCK).
- Protocol integration: security features are specified in terms of required protocol elements and processes at the Network (NWK) and Medium Access Control (MAC) layers of the CI.
- Operations and management: describes where authentication, key management and security functions may be provided in network elements and how re‑keying, key transfer and CCM parameter management occur.
- Implementation scope: the standard defines architecture and processes but does not mandate specific implementation choices (e.g., hardware vs detachable modules); proprietary algorithms are permitted but may restrict roaming and interoperability.
Practical applications and who uses it
- Manufacturers of DECT handsets, base stations and modules implementing CI security.
- Network integrators and system architects designing fixed DECT systems, local networks and DECT‑based M2M/ULE solutions.
- Security engineers and firmware developers implementing authentication, key management and CCM authenticated encryption.
- Test labs and conformity assessors validating DECT CI security behavior and interoperability.
- Enterprise and IoT solution designers requiring low‑power, secure wireless connectivity for voice and data (New Generation DECT, ULE).
Related standards and keywords
- ETSI EN 300 175-7 V2.7.1 (2017-11); references AES and CCM.
- Useful keywords: DECT security, CI security features, DSAA2, DSC2, CCM authenticated encryption, AES, DECT ULE, New Generation DECT, authentication, key management, NWK MAC layers, M2M security.
ETSI EN 300 175-7 V2.6.7 (2017-06) - Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features
ETSI EN 300 175-7 V2.7.1 (2017-11) - Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features
Frequently Asked Questions
SIST EN 300 175-7 V2.7.1:2018 is a standard published by the Slovenian Institute for Standardization (SIST). Its full title is "Digital Enhanced Cordless Telecommunications (DECT) - Common Interface (CI) - Part 7: Security features". This standard covers: The present document is one of the parts of the specification of the Digital Enhanced Cordless Telecommunications (DECT) Common Interface (CI). The present document specifies the security architecture, the types of cryptographic algorithms required, the way in which they are to be used, and the requirements for integrating the security features provided by the architecture into the DECT CI. It also describes how the features can be managed and how they relate to certain DECT fixed systems and local network configurations. The security architecture is defined in terms of the security services which are to be supported at the CI, the mechanisms which are to be used to provide the services, and the cryptographic parameters, keys and processes which are associated with these mechanisms. The security processes specified in the present document are each based on one of three cryptographic algorithms: • an authentication algorithm; • a key stream generator for MAC layer encryption; and • a key stream generator plus a Message Authentication Code generator for CCM authenticated encryption. The architecture is, however, algorithm independent, and either the DECT standard algorithms, or appropriate proprietary algorithms, or indeed a combination of both can, in principle, be employed. The use of the employed algorithm is specified in the present document. Integration of the security features is specified in terms of the protocol elements and processes required at the Network (NWK) and Medium Access Control (MAC) layers of the CI. The relationship between the security features and various network elements is described in terms of where the security processes and management functions may be provided. The present document does not address implementation issues. For instance, no attempt is made to specify whether the DSAA or DSAA2 should be implemented in the PP at manufacture, or whether the DSAA, DSAA2 or a proprietary authentication algorithm should be implemented in a detachable module. Similarly, the present document does not specify whether the DSC or DSC2 should be implemented in hardware in all PPs at manufacture, or whether special PPs should be manufactured with the DSC, DSC2 or proprietary ciphers built into them. The security architecture supports all these options, although the use of proprietary algorithms may limit roaming and the concurrent use of PPs in different environments. Within the standard authentication algorithms, DSAA2, DSC2 and CCM are stronger than DSAA and DSC and provide superior protection. DSAA2 and DSC2 are based on AES [10] and were created in 2011. CCM is also based on AES [10] and was added to the standard in 2012. The present document includes New Generation DECT, a further development of the DECT standard introducing wideband speech, improved data services, new slot types and other technical enhancements. The present document also includes DECT Ultra Low Energy (ULE), a low rate data technology based on DECT intended for M2M applications with ultra low power consumption.
The present document is one of the parts of the specification of the Digital Enhanced Cordless Telecommunications (DECT) Common Interface (CI). The present document specifies the security architecture, the types of cryptographic algorithms required, the way in which they are to be used, and the requirements for integrating the security features provided by the architecture into the DECT CI. It also describes how the features can be managed and how they relate to certain DECT fixed systems and local network configurations. The security architecture is defined in terms of the security services which are to be supported at the CI, the mechanisms which are to be used to provide the services, and the cryptographic parameters, keys and processes which are associated with these mechanisms. The security processes specified in the present document are each based on one of three cryptographic algorithms: • an authentication algorithm; • a key stream generator for MAC layer encryption; and • a key stream generator plus a Message Authentication Code generator for CCM authenticated encryption. The architecture is, however, algorithm independent, and either the DECT standard algorithms, or appropriate proprietary algorithms, or indeed a combination of both can, in principle, be employed. The use of the employed algorithm is specified in the present document. Integration of the security features is specified in terms of the protocol elements and processes required at the Network (NWK) and Medium Access Control (MAC) layers of the CI. The relationship between the security features and various network elements is described in terms of where the security processes and management functions may be provided. The present document does not address implementation issues. For instance, no attempt is made to specify whether the DSAA or DSAA2 should be implemented in the PP at manufacture, or whether the DSAA, DSAA2 or a proprietary authentication algorithm should be implemented in a detachable module. Similarly, the present document does not specify whether the DSC or DSC2 should be implemented in hardware in all PPs at manufacture, or whether special PPs should be manufactured with the DSC, DSC2 or proprietary ciphers built into them. The security architecture supports all these options, although the use of proprietary algorithms may limit roaming and the concurrent use of PPs in different environments. Within the standard authentication algorithms, DSAA2, DSC2 and CCM are stronger than DSAA and DSC and provide superior protection. DSAA2 and DSC2 are based on AES [10] and were created in 2011. CCM is also based on AES [10] and was added to the standard in 2012. The present document includes New Generation DECT, a further development of the DECT standard introducing wideband speech, improved data services, new slot types and other technical enhancements. The present document also includes DECT Ultra Low Energy (ULE), a low rate data technology based on DECT intended for M2M applications with ultra low power consumption.
SIST EN 300 175-7 V2.7.1:2018 is classified under the following ICS (International Classification for Standards) categories: 33.070.30 - Digital Enhanced Cordless Telecommunications (DECT). The ICS classification helps identify the subject area and facilitates finding related standards.
You can purchase SIST EN 300 175-7 V2.7.1:2018 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of SIST standards.
Standards Content (Sample)
Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
EUROPEAN STANDARD
Digital Enhanced Cordless Telecommunications (DECT);
Common Interface (CI);
Part 7: Security features
2 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
Reference
REN/DECT-00307-7
Keywords
authentication, DECT, IMT-2000, mobility, radio,
security, TDD, TDMA
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2017.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
Contents
Intellectual Property Rights . 10
Foreword . 10
Modal verbs terminology . 10
Introduction . 11
1 Scope . 15
2 References . 15
2.1 Normative references . 15
2.2 Informative references . 16
3 Definitions and abbreviations . 17
3.1 Definitions . 17
3.2 Abbreviations . 18
4 Security architecture . 20
4.1 Background . 20
4.2 Security services . 20
4.2.1 Authentication of a PT . 20
4.2.2 Authentication of an FT . 20
4.2.3 Mutual authentication . 20
4.2.4 Data confidentiality. 20
4.2.5 User authentication . 21
4.3 Security mechanisms . 21
4.3.0 General . 21
4.3.1 Authentication of a PT (type 1 procedure) . 21
4.3.2 Authentication of an FT (type 1 procedure) . 22
4.3.3 Mutual authentication . 24
4.3.4 Data confidentiality. 24
4.3.4.0 General . 24
4.3.4.1 Derived Cipher Key (DCK) . 24
4.3.4.2 Static Cipher Key (SCK) . 25
4.3.4.3 Default Cipher Key (DefCK) . 25
4.3.5 User authentication . 25
4.3.6 Authentication of a PT (type 2 procedure) . 25
4.3.7 Authentication of a FT (type 2 procedure) . 28
4.4 Cryptographic parameters and keys . 30
4.4.1 Overview . 30
4.4.2 Cryptographic parameters . 30
4.4.2.0 Description of parameters . 30
4.4.2.1 Provisions related to the generation of random numbers . 33
4.4.3 Cryptographic keys . 33
4.4.3.0 General . 33
4.4.3.1 Authentication key K . 33
4.4.3.2 Authentication session keys KS and KS' . 34
4.4.3.3 Cipher key CK . 35
4.5 Security processes . 35
4.5.1 Overview . 35
4.5.2 Derivation of authentication key, K . 35
4.5.2.0 General . 35
4.5.2.1 K is derived from UAK . 36
4.5.2.2 K is derived from AC . 36
4.5.2.3 K is derived from UAK and UPI . 36
4.5.3 Authentication processes . 36
4.5.3.0 General . 36
4.5.3.1 Processes for the derivation of KS and KS' . 37
4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37
4.5.4 Key stream generation . 38
ETSI
4 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
4.5.5 CCM Authenticated Encryption . 38
4.6 Combinations of security services . 39
4.6.0 Service combinations and related considerations . 39
4.6.1 Combinations of security algorithms . 40
4.6.1.0 General . 40
4.6.1.1 Limitations related to capering algorithms . 40
5 Algorithms for security processes . 40
5.1 Background . 40
5.1.0 General . 40
5.1.1 A algorithm . 40
5.1.1.0 A algorithm, general. 40
5.1.1.1 A algorithm, DSAA based (A-DSAA) . 41
5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 41
5.1.1.3 A algorithm, proprietary . 42
5.2 Derivation of session authentication key(s) . 42
5.2.1 A11 process . 42
5.2.2 A21 process . 42
5.3 Authentication and cipher key generation processes . 43
5.3.1 A12 process . 43
5.3.2 A22 process . 44
5.4 CCM algorithm . 45
6 Integration of security . 45
6.1 Background . 45
6.2 Association of keys and identities . 45
6.2.1 Authentication key . 45
6.2.1.0 General . 45
6.2.1.1 K is derived from UAK . 45
6.2.1.2 K derived from AC. 46
6.2.1.3 K derived from UAK and UPI . 46
6.2.2 Cipher keys . 46
6.2.3 Cipher keys for CCM . 47
6.2.3.0 General . 47
6.2.3.1 Single use of the keys for CCM . 47
6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 48
6.3 NWK layer procedures . 48
6.3.1 Background . 48
6.3.2 Authentication exchanges . 49
6.3.3 Authentication procedures . 50
6.3.3.1 Authentication of a PT type 1 procedure . 50
6.3.3.2 Authentication of an FT type 1 procedure . 50
6.3.3.3 Authentication of a PT type 2 procedure . 51
6.3.3.4 Authentication of an FT type 2 procedure . 51
6.3.4 Transfer of Cipher Key, CK. 52
6.3.5 Re-Keying . 52
6.3.6 Encryption with Default Cipher Key . 52
6.3.7 Transfer of Cipher Key CK for CCM . 52
6.3.7.0 General . 52
6.3.7.1 Transfer by Virtual Call setup CC procedure . 52
6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 53
6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 53
6.3.8.1 General . 53
6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 53
6.3.8.2.0 General . 53
6.3.8.2.1 Transport of the security parameters . 54
6.3.8.2.2 <> coding . 54
6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 54
6.3.8.3.0 General . 54
6.3.8.3.1 Transport of the security parameters . 55
6.3.8.3.2 <> coding . 55
6.3.8.4 Error cases . 55
ETSI
5 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 55
6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 55
6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 56
6.3.9 Transfer of Cipher Keys to Wireless Relay Stations (WRS) . 56
6.3.9.1 General . 56
6.3.9.2 Security considerations . 56
6.3.9.3 Indication of cipher key FT initiated procedure . 56
6.3.9.4 Cipher key retrieval procedure. PT initiated . 57
6.3.9.5 Error cases . 59
6.3.9.5.1 PT initiated cipher key retrieval procedure - FT reject . 59
6.4 MAC layer procedures . 60
6.4.1 Background . 60
6.4.2 MAC layer field structure . 60
6.4.3 Data to be encrypted . 62
6.4.4 Encryption process . 62
6.4.5 Initialization and synchronization of the encryption process . 65
6.4.5.0 General . 65
6.4.5.1 Construction of CK . 65
6.4.5.2 The Initialization Vector (IV) . 65
6.4.5.3 Generation of two Key Stream segments . 65
6.4.6 Encryption mode control . 66
6.4.6.1 Background . 66
6.4.6.2 MAC layer messages. 66
6.4.6.3 Procedures for switching to encrypt mode . 66
6.4.6.3.1 General . 66
6.4.6.3.2 PT procedure for switching from clear to encrypt mode with a DCK . 67
6.4.6.3.3 FT procedure for switching from clear to encrypt mode with a DCK . 67
6.4.6.3.4 PT procedure for switching from clear to encrypt mode with a Default Cipher Key (DefCK) . 68
6.4.6.3.5 Error handling - poor link . 70
6.4.6.4 Procedures for switching to clear mode . 72
6.4.6.5 Procedures for re-keying . 73
6.4.6.5.1 Re-keying to a DCK . 73
6.4.6.5.2 Re-keying to a DefCK . 74
6.4.6.5.3 FT Indication of re-keying to a DefCK . 75
6.4.6.6 Insertion of WAIT . 76
6.4.7 Handover of the encryption process . 77
6.4.7.0 General . 77
6.4.7.1 Bearer handover, uninterrupted ciphering . 77
6.4.7.2 Connection handover, uninterrupted ciphering . 77
6.4.7.3 External handover - handover with ciphering . 78
6.4.8 Modifications for half and long slot specifications (2-level modulation) . 78
6.4.8.1 Background . 78
6.4.8.2 MAC layer field structure . 78
6.4.8.3 Data to be encrypted. 79
6.4.8.4 Encryption process . 79
6.4.8.5 Initialization and synchronization of the encryption process . 80
6.4.8.6 Encryption mode control . 80
6.4.8.7 Handover of the encryption process . 80
6.4.9 Modifications for double slot specifications (2-level modulation) . 80
6.4.9.1 Background . 80
6.4.9.2 MAC layer field structure . 80
6.4.9.3 Data to be encrypted. 81
6.4.9.4 Encryption process . 81
6.4.9.5 Initialization and synchronization of the encryption process . 82
6.4.9.6 Encryption mode control . 82
6.4.9.7 Handover of the encryption process . 82
6.4.10 Modifications for multi-bearer specifications . 83
6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 83
6.4.11.1 Background . 83
6.4.11.2 MAC layer field structure . 83
6.4.11.3 Data to be encrypted. 83
6.4.11.4 Encryption process . 84
ETSI
6 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
6.4.11.4.0 General . 84
6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 84
6.4.11.4.2 Encryption process for the single subfield protected format . 85
6.4.11.4.3 Encryption process for the multi-subfield protected format . 86
6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 88
6.4.11.4.5 Encryption process for the encoded protected format (MAC service I ) . 88
PX
6.4.11.5 Initialization and synchronization of the encryption process . 90
6.4.11.6 Encryption mode control . 90
6.4.11.7 Handover of the encryption process . 90
6.4.12 Procedures for CCM re-keying and sequence reset . 90
6.5 Security attributes . 90
6.5.1 Background . 90
6.5.2 Authentication protocols . 91
6.5.2.0 General . 91
6.5.2.1 Authentication of a PT type 1 procedure . 91
6.5.2.2 Authentication of an FT type 1 procedure . 92
6.5.2.3 Authentication of a PT type 2 procedure . 93
6.5.2.4 Authentication of an FT type 2 procedure . 94
6.5.3 Confidentiality protocols . 95
6.5.4 Access-rights protocols . 97
6.5.5 Key numbering and storage . 98
6.5.5.0 General . 98
6.5.5.1 Authentication keys . 98
6.5.5.2 Cipher keys . 98
6.5.6 Key allocation . 99
6.5.6.1 Introduction . 99
6.5.6.2 UAK allocation (DSAA algorithm) . 100
6.5.6.3 UAK allocation (DSAA2 algorithm) . 101
6.6 DLC layer procedures . 101
6.6.1 Background . 101
6.6.2 CCM Authenticated Encryption . 102
6.6.2.0 CCM overview . 102
6.6.2.1 CCM operation . 102
6.6.2.2 Key management . 103
6.6.2.3 CCM Initialization Vector . 103
6.6.2.3.0 CCM Initialization Vector: overview . 103
6.6.2.3.1 CCM Initialization Vector: first byte . 103
6.6.2.3.2 CCM Initialization Vector: bytes 8-11 . 104
6.6.2.3.3 CCM Initialization Vector: bytes 12. 104
6.6.2.4 CCM Sequence Number . 104
6.6.2.5 CCM Start and Stop . 105
6.6.2.6 CCM Sequence resetting and re-keying . 105
6.6.2.7 CCM encryption for multicast channels . 105
6.6.2.7.0 General . 105
6.6.2.7.1 Applicable types of multicast channels and identifiers . 105
6.6.2.7.2 Process for encryption of multicast channels . 105
6.6.2.7.3 DLC service for encrypted multicast channels . 105
6.6.2.7.4 Encryption key for multicast channels . 105
6.6.2.7.5 CCM and DLC sequence numbers . 106
6.6.2.7.6 Initialization Vector for multicast channels . 106
6.6.2.7.7 Security provisions regarding the key . 107
6.6.2.8 CCM encryption for service channels . 107
6.6.2.8.0 General . 107
6.6.2.8.1 Initialization Vector for service channels . 108
6.7 Security meta-procedures . 108
6.7.1 General . 108
6.7.2 Re-keying . 108
6.7.2.1 Aim and strategy . 108
6.7.2.2 Re-keying procedure . 108
6.7.2.3 Re-keying procedure with Wireless Relay Stations (WRSs) . 109
6.7.2.3.1 General . 109
ETSI
7 Draft ETSI EN 300 175-7 V2.6.7 (2017-06)
6.7.2.3.2 Key aging model. 110
6.7.3 Early encryption . 110
6.7.3.1 Aim and strategy . 110
6.7.3.2 The Default Cipher Keys (DefCK) . 110
6.7.3.3 The Default Cipher Key Index . 111
6.7.3.4 Generation and refresh strategy. 111
6.7.3.5 Running the procedure . 111
6.7.3.6 Security considerations . 111
7 Use of security features . 112
7.1 Background . 112
7.2 Key management options . 112
7.2.1 Overview of security parameters relevant for key management . 112
7.2.2 Generation of authentication keys . 113
7.2.3 Initial distribution and installation of keys . 114
7.2.4 Use of keys within the fixed network . 115
7.2.4.0 Use of keys within the fixed network: general . 115
7.2.4.1 Use of keys within the fixed network: diagrams for authentication type 1 scenarios . 117
7.2.4.2 Use of keys within the fixed network: diagrams for authentication type 2 scenarios . 120
7.3 Confidentiality service with a Cordless Radio Fixed Part (CRFP). 122
7.3.1 General . 122
7.3.2 CRFP initialization of PT cipher key . 122
Annex A (informative): Security threats analysis . 123
A.1 Introduction . 123
A.2 Threat A - Impersonating a subscriber identity . 124
A.3 Threat B - Illegal use of a handset (PP) . 124
A.4 Threat C - Illegal use of a base station (FP) . 124
A.5 Threat D - Impersonation of a base station (FP) . 125
A.6 Threat E - Illegally obtaining user data and user related signalling information . 125
A.7 Conclusions and comments . 126
Annex B (informative): Security features and operating environments . 128
B.1 Introduction . 128
B.2 Definitions . 128
B.3 Enrolment options . 128
Annex C (informative): Reasons for not adopting public key techniques . 130
Annex D (informative): Overview of security features . 131
D.1 Introduction . 131
D.2 Authentication of a PT .
...
EUROPEAN STANDARD
Digital Enhanced Cordless Telecommunications (DECT);
Common Interface (CI);
Part 7: Security features
2 ETSI EN 300 175-7 V2.7.1 (2017-11)
Reference
REN/DECT-00307-7
Keywords
authentication, DECT, IMT-2000, mobility, radio,
security, TDD, TDMA
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2017.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
GSM® and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
3 ETSI EN 300 175-7 V2.7.1 (2017-11)
Contents
Intellectual Property Rights . 10
Foreword . 10
Modal verbs terminology . 11
Introduction . 11
1 Scope . 15
2 References . 15
2.1 Normative references . 15
2.2 Informative references . 16
3 Definitions and abbreviations . 17
3.1 Definitions . 17
3.2 Abbreviations . 18
4 Security architecture . 20
4.1 Background . 20
4.2 Security services . 20
4.2.1 Authentication of a PT . 20
4.2.2 Authentication of an FT . 20
4.2.3 Mutual authentication . 20
4.2.4 Data confidentiality. 20
4.2.5 User authentication . 21
4.3 Security mechanisms . 21
4.3.0 General . 21
4.3.1 Authentication of a PT (type 1 procedure) . 21
4.3.2 Authentication of an FT (type 1 procedure) . 22
4.3.3 Mutual authentication . 24
4.3.4 Data confidentiality. 24
4.3.4.0 General . 24
4.3.4.1 Derived Cipher Key (DCK) . 24
4.3.4.2 Static Cipher Key (SCK) . 25
4.3.4.3 Default Cipher Key (DefCK) . 25
4.3.5 User authentication . 25
4.3.6 Authentication of a PT (type 2 procedure) . 25
4.3.7 Authentication of a FT (type 2 procedure) . 28
4.4 Cryptographic parameters and keys . 30
4.4.1 Overview . 30
4.4.2 Cryptographic parameters . 30
4.4.2.0 Description of parameters . 30
4.4.2.1 Provisions related to the generation of random numbers . 33
4.4.3 Cryptographic keys . 33
4.4.3.0 General . 33
4.4.3.1 Authentication key K . 33
4.4.3.2 Authentication session keys KS and KS' . 34
4.4.3.3 Cipher key CK . 35
4.5 Security processes . 35
4.5.1 Overview . 35
4.5.2 Derivation of authentication key, K . 35
4.5.2.0 General . 35
4.5.2.1 K is derived from UAK . 36
4.5.2.2 K is derived from AC . 36
4.5.2.3 K is derived from UAK and UPI . 36
4.5.3 Authentication processes . 36
4.5.3.0 General . 36
4.5.3.1 Processes for the derivation of KS and KS' . 37
4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37
4.5.4 Key stream generation . 38
ETSI
4 ETSI EN 300 175-7 V2.7.1 (2017-11)
4.5.5 CCM Authenticated Encryption . 38
4.6 Combinations of security services . 39
4.6.0 Service combinations and related considerations . 39
4.6.1 Combinations of security algorithms . 40
4.6.1.0 General . 40
4.6.1.1 Limitations related to capering algorithms . 40
5 Algorithms for security processes . 40
5.1 Background . 40
5.1.0 General . 40
5.1.1 A algorithm . 40
5.1.1.0 A algorithm, general. 40
5.1.1.1 A algorithm, DSAA based (A-DSAA) . 41
5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 41
5.1.1.3 A algorithm, proprietary . 42
5.2 Derivation of session authentication key(s) . 42
5.2.1 A11 process . 42
5.2.2 A21 process . 42
5.3 Authentication and cipher key generation processes . 43
5.3.1 A12 process . 43
5.3.2 A22 process . 44
5.4 CCM algorithm . 44
6 Integration of security . 45
6.1 Background . 45
6.2 Association of keys and identities . 45
6.2.1 Authentication key . 45
6.2.1.0 General . 45
6.2.1.1 K is derived from UAK . 45
6.2.1.2 K derived from AC. 45
6.2.1.3 K derived from UAK and UPI . 46
6.2.2 Cipher keys . 46
6.2.3 Cipher keys for CCM . 46
6.2.3.0 General . 46
6.2.3.1 Single use of the keys for CCM . 47
6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 48
6.3 NWK layer procedures . 48
6.3.1 Background . 48
6.3.2 Authentication exchanges . 48
6.3.3 Authentication procedures . 50
6.3.3.1 Authentication of a PT type 1 procedure . 50
6.3.3.2 Authentication of an FT type 1 procedure . 50
6.3.3.3 Authentication of a PT type 2 procedure . 51
6.3.3.4 Authentication of an FT type 2 procedure . 51
6.3.4 Transfer of Cipher Key, CK. 52
6.3.5 Re-Keying . 52
6.3.6 Encryption with Default Cipher Key . 52
6.3.7 Transfer of Cipher Key CK for CCM . 52
6.3.7.0 General . 52
6.3.7.1 Transfer by Virtual Call setup CC procedure . 52
6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 53
6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 53
6.3.8.1 General . 53
6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 53
6.3.8.2.0 General . 53
6.3.8.2.1 Transport of the security parameters . 54
6.3.8.2.2 <> coding . 54
6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 54
6.3.8.3.0 General . 54
6.3.8.3.1 Transport of the security parameters . 55
6.3.8.3.2 <> coding . 55
6.3.8.4 Error cases . 55
ETSI
5 ETSI EN 300 175-7 V2.7.1 (2017-11)
6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 55
6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 55
6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 56
6.3.9 Transfer of Cipher Keys to Wireless Relay Stations (WRS) . 56
6.3.9.1 General . 56
6.3.9.2 Security considerations . 56
6.3.9.3 Indication of cipher key FT initiated procedure . 56
6.3.9.4 Cipher key retrieval procedure. PT initiated . 57
6.3.9.5 Error cases . 59
6.3.9.5.1 PT initiated cipher key retrieval procedure - FT reject . 59
6.4 MAC layer procedures . 60
6.4.1 Background . 60
6.4.2 MAC layer field structure . 60
6.4.3 Data to be encrypted . 62
6.4.4 Encryption process . 62
6.4.5 Initialization and synchronization of the encryption process . 65
6.4.5.0 General . 65
6.4.5.1 Construction of CK . 65
6.4.5.2 The Initialization Vector (IV) . 65
6.4.5.3 Generation of two Key Stream segments . 65
6.4.6 Encryption mode control . 66
6.4.6.1 Background . 66
6.4.6.2 MAC layer messages. 66
6.4.6.3 Procedures for switching to encrypt mode . 66
6.4.6.3.1 General . 66
6.4.6.3.2 PT procedure for switching from clear to encrypt mode with a DCK . 67
6.4.6.3.3 FT procedure for switching from clear to encrypt mode with a DCK . 67
6.4.6.3.4 PT procedure for switching from clear to encrypt mode with a Default Cipher Key (DefCK) . 68
6.4.6.3.5 Error handling - poor link . 70
6.4.6.4 Procedures for switching to clear mode . 72
6.4.6.5 Procedures for re-keying . 73
6.4.6.5.1 Re-keying to a DCK . 73
6.4.6.5.2 Re-keying to a DefCK . 74
6.4.6.5.3 FT Indication of re-keying to a DefCK . 75
6.4.6.6 Insertion of WAIT . 76
6.4.7 Handover of the encryption process . 77
6.4.7.0 General . 77
6.4.7.1 Bearer handover, uninterrupted ciphering . 77
6.4.7.2 Connection handover, uninterrupted ciphering . 77
6.4.7.3 External handover - handover with ciphering . 78
6.4.8 Modifications for half and long slot specifications (2-level modulation) . 78
6.4.8.1 Background . 78
6.4.8.2 MAC layer field structure . 78
6.4.8.3 Data to be encrypted. 79
6.4.8.4 Encryption process . 79
6.4.8.5 Initialization and synchronization of the encryption process . 80
6.4.8.6 Encryption mode control . 80
6.4.8.7 Handover of the encryption process . 80
6.4.9 Modifications for double slot specifications (2-level modulation) . 80
6.4.9.1 Background . 80
6.4.9.2 MAC layer field structure . 80
6.4.9.3 Data to be encrypted. 81
6.4.9.4 Encryption process . 81
6.4.9.5 Initialization and synchronization of the encryption process . 82
6.4.9.6 Encryption mode control . 82
6.4.9.7 Handover of the encryption process . 82
6.4.10 Modifications for multi-bearer specifications . 83
6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 83
6.4.11.1 Background . 83
6.4.11.2 MAC layer field structure . 83
6.4.11.3 Data to be encrypted. 83
6.4.11.4 Encryption process . 84
ETSI
6 ETSI EN 300 175-7 V2.7.1 (2017-11)
6.4.11.4.0 General . 84
6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 84
6.4.11.4.2 Encryption process for the single subfield protected format . 85
6.4.11.4.3 Encryption process for the multi-subfield protected format . 86
6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 88
6.4.11.4.5 Encryption process for the encoded protected format (MAC service I ) . 88
PX
6.4.11.5 Initialization and synchronization of the encryption process . 90
6.4.11.6 Encryption mode control . 90
6.4.11.7 Handover of the encryption process . 90
6.4.12 Procedures for CCM re-keying and sequence reset . 90
6.5 Security attributes . 90
6.5.1 Background . 90
6.5.2 Authentication protocols . 91
6.5.2.0 General . 91
6.5.2.1 Authentication of a PT type 1 procedure . 91
6.5.2.2 Authentication of an FT type 1 procedure . 92
6.5.2.3 Authentication of a PT type 2 procedure . 93
6.5.2.4 Authentication of an FT type 2 procedure . 94
6.5.3 Confidentiality protocols . 95
6.5.4 Access-rights protocols . 97
6.5.5 Key numbering and storage . 98
6.5.5.0 General . 98
6.5.5.1 Authentication keys . 98
6.5.5.2 Cipher keys . 98
6.5.6 Key allocation . 99
6.5.6.1 Introduction . 99
6.5.6.2 UAK allocation (DSAA algorithm) . 100
6.5.6.3 UAK allocation (DSAA2 algorithm) . 101
6.6 DLC layer procedures . 101
6.6.1 Background . 101
6.6.2 CCM Authenticated Encryption . 102
6.6.2.0 CCM overview . 102
6.6.2.1 CCM operation . 102
6.6.2.2 Key management . 103
6.6.2.3 CCM Initialization Vector . 103
6.6.2.3.0 CCM Initialization Vector: overview . 103
6.6.2.3.1 CCM Initialization Vector: first byte . 103
6.6.2.3.2 CCM Initialization Vector: bytes 8-11 . 104
6.6.2.3.3 CCM Initialization Vector: bytes 12. 104
6.6.2.4 CCM Sequence Number . 104
6.6.2.5 CCM Start and Stop . 105
6.6.2.6 CCM Sequence resetting and re-keying . 105
6.6.2.7 CCM encryption for multicast channels . 105
6.6.2.7.0 General . 105
6.6.2.7.1 Applicable types of multicast channels and identifiers . 105
6.6.2.7.2 Process for encryption of multicast channels . 105
6.6.2.7.3 DLC service for encrypted multicast channels . 105
6.6.2.7.4 Encryption key for multicast channels . 105
6.6.2.7.5 CCM and DLC sequence numbers . 106
6.6.2.7.6 Initialization Vector for multicast channels . 106
6.6.2.7.7 Security provisions regarding the key . 107
6.6.2.8 CCM encryption for service channels . 107
6.6.2.8.0 General . 107
6.6.2.8.1 Initialization Vector for service channels . 108
6.7 Security meta-procedures . 108
6.7.1 General . 108
6.7.2 Re-keying . 108
6.7.2.1 Aim and strategy . 108
6.7.2.2 Re-keying procedure . 108
6.7.2.3 Re-keying procedure with Wireless Relay Stations (WRSs) . 109
6.7.2.3.1 General . 109
ETSI
7 ETSI EN 300 175-7 V2.7.1 (2017-11)
6.7.2.3.2 Key aging model. 110
6.7.3 Early encryption . 110
6.7.3.1 Aim and strategy . 110
6.7.3.2 The Default Cipher Keys (DefCK) . 110
6.7.3.3 The Default Cipher Key Index . 111
6.7.3.4 Generation and refresh strategy. 111
6.7.3.5 Running the procedure . 111
6.7.3.6 Security considerations . 111
7 Use of security features . 112
7.1 Background . 112
7.2 Key management options . 112
7.2.1 Overview of security parameters relevant for key management . 112
7.2.2 Generation of authentication keys . 113
7.2.3 Initial distribution and installation of keys . 114
7.2.4 Use of keys within the fixed network . 115
7.2.4.0 Use of keys within the fixed network: general . 115
7.2.4.1 Use of keys within the fixed network: diagrams for authentication type 1 scenarios . 117
7.2.4.2 Use of keys within the fixed network: diagrams for authentication type 2 scenarios . 120
7.3 Confidentiality service with a Cordless Radio Fixed Part (CRFP). 122
7.3.1 General . 122
7.3.2 CRFP initialization of PT cipher key . 122
Annex A (informative): Security threats analysis . 123
A.1 Introduction . 123
A.2 Threat A - Impersonating a subscriber identity . 124
A.3 Threat B - Illegal use of a handset (PP) . 124
A.4 Threat C - Illegal use of a base station (FP) . 124
A.5 Threat D - Impersonation of a base station (FP) . 125
A.6 Threat E - Illegally obtaining user data and user related signalling information . 125
A.7 Conclusions and comments . 126
Annex B (informative): Security features and operating environments . 128
B.1 Introduction . 128
B.2 Definitions . 128
B.3 Enrolment options . 128
Annex C (informative): Reasons for not adopting public key techniques . 130
Annex D (informative): Overview of security features . 131
D.1 Introduction . 131
D.2 Authentication of a PT .
...
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Digital Enhanced Cordless Telecommunications (DECT) - Common Interface (CI) - Part 7: Security features33.070.30'(&7Digital Enhanced Cordless Telecommunications (DECT)ICS:Ta slovenski standard je istoveten z:ETSI EN 300 175-7 V2.7.1 (2017-11)SIST EN 300 175-7 V2.7.1:2018en01-februar-2018SIST EN 300 175-7 V2.7.1:2018SLOVENSKI
STANDARD
EUROPEAN STANDARD SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 2
Reference REN/DECT-00307-7 Keywords authentication, DECT, IMT-2000, mobility, radio, security, TDD, TDMA ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88
Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2017. All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE™ are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSM® and the GSM logo are trademarks registered and owned by the GSM Association. SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 3 Contents Intellectual Property Rights . 10 Foreword . 10 Modal verbs terminology . 11 Introduction . 11 1 Scope . 15 2 References . 15 2.1 Normative references . 15 2.2 Informative references . 16 3 Definitions and abbreviations . 17 3.1 Definitions . 17 3.2 Abbreviations . 18 4 Security architecture . 20 4.1 Background . 20 4.2 Security services . 20 4.2.1 Authentication of a PT . 20 4.2.2 Authentication of an FT . 20 4.2.3 Mutual authentication . 20 4.2.4 Data confidentiality. 20 4.2.5 User authentication . 21 4.3 Security mechanisms . 21 4.3.0 General . 21 4.3.1 Authentication of a PT (type 1 procedure) . 21 4.3.2 Authentication of an FT (type 1 procedure) . 22 4.3.3 Mutual authentication . 24 4.3.4 Data confidentiality. 24 4.3.4.0 General . 24 4.3.4.1 Derived Cipher Key (DCK) . 24 4.3.4.2 Static Cipher Key (SCK) . 25 4.3.4.3 Default Cipher Key (DefCK) . 25 4.3.5 User authentication . 25 4.3.6 Authentication of a PT (type 2 procedure) . 25 4.3.7 Authentication of a FT (type 2 procedure) . 28 4.4 Cryptographic parameters and keys . 30 4.4.1 Overview . 30 4.4.2 Cryptographic parameters . 30 4.4.2.0 Description of parameters . 30 4.4.2.1 Provisions related to the generation of random numbers . 33 4.4.3 Cryptographic keys . 33 4.4.3.0 General . 33 4.4.3.1 Authentication key K . 33 4.4.3.2 Authentication session keys KS and KS' . 34 4.4.3.3 Cipher key CK . 35 4.5 Security processes . 35 4.5.1 Overview . 35 4.5.2 Derivation of authentication key, K . 35 4.5.2.0 General . 35 4.5.2.1 K is derived from UAK . 36 4.5.2.2 K is derived from AC . 36 4.5.2.3 K is derived from UAK and UPI . 36 4.5.3 Authentication processes . 36 4.5.3.0 General . 36 4.5.3.1 Processes for the derivation of KS and KS' . 37 4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37 4.5.4 Key stream generation . 38 SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 4 4.5.5 CCM Authenticated Encryption . 38 4.6 Combinations of security services . 39 4.6.0 Service combinations and related considerations . 39 4.6.1 Combinations of security algorithms . 40 4.6.1.0 General . 40 4.6.1.1 Limitations related to capering algorithms . 40 5 Algorithms for security processes . 40 5.1 Background . 40 5.1.0 General . 40 5.1.1 A algorithm . 40 5.1.1.0 A algorithm, general. 40 5.1.1.1 A algorithm, DSAA based (A-DSAA) . 41 5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 41 5.1.1.3 A algorithm, proprietary . 42 5.2 Derivation of session authentication key(s) . 42 5.2.1 A11 process . 42 5.2.2 A21 process . 42 5.3 Authentication and cipher key generation processes . 43 5.3.1 A12 process . 43 5.3.2 A22 process . 44 5.4 CCM algorithm . 44 6 Integration of security . 45 6.1 Background . 45 6.2 Association of keys and identities . 45 6.2.1 Authentication key . 45 6.2.1.0 General . 45 6.2.1.1 K is derived from UAK . 45 6.2.1.2 K derived from AC. 45 6.2.1.3 K derived from UAK and UPI . 46 6.2.2 Cipher keys . 46 6.2.3 Cipher keys for CCM . 46 6.2.3.0 General . 46 6.2.3.1 Single use of the keys for CCM . 47 6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 48 6.3 NWK layer procedures . 48 6.3.1 Background . 48 6.3.2 Authentication exchanges . 48 6.3.3 Authentication procedures . 50 6.3.3.1 Authentication of a PT type 1 procedure . 50 6.3.3.2 Authentication of an FT type 1 procedure . 50 6.3.3.3 Authentication of a PT type 2 procedure . 51 6.3.3.4 Authentication of an FT type 2 procedure . 51 6.3.4 Transfer of Cipher Key, CK. 52 6.3.5 Re-Keying . 52 6.3.6 Encryption with Default Cipher Key . 52 6.3.7 Transfer of Cipher Key CK for CCM . 52 6.3.7.0 General . 52 6.3.7.1 Transfer by Virtual Call setup CC procedure . 52 6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 53 6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 53 6.3.8.1 General . 53 6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 53 6.3.8.2.0 General . 53 6.3.8.2.1 Transport of the security parameters . 54 6.3.8.2.2 <> coding . 54 6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 54 6.3.8.3.0 General . 54 6.3.8.3.1 Transport of the security parameters . 55 6.3.8.3.2 <> coding . 55 6.3.8.4 Error cases . 55 SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 5 6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 55 6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 55 6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 56 6.3.9 Transfer of Cipher Keys to Wireless Relay Stations (WRS) . 56 6.3.9.1 General . 56 6.3.9.2 Security considerations . 56 6.3.9.3 Indication of cipher key FT initiated procedure . 56 6.3.9.4 Cipher key retrieval procedure. PT initiated . 57 6.3.9.5 Error cases . 59 6.3.9.5.1 PT initiated cipher key retrieval procedure - FT reject . 59 6.4 MAC layer procedures . 60 6.4.1 Background . 60 6.4.2 MAC layer field structure . 60 6.4.3 Data to be encrypted . 62 6.4.4 Encryption process . 62 6.4.5 Initialization and synchronization of the encryption process . 65 6.4.5.0 General . 65 6.4.5.1 Construction of CK . 65 6.4.5.2 The Initialization Vector (IV) . 65 6.4.5.3 Generation of two Key Stream segments . 65 6.4.6 Encryption mode control . 66 6.4.6.1 Background . 66 6.4.6.2 MAC layer messages. 66 6.4.6.3 Procedures for switching to encrypt mode . 66 6.4.6.3.1 General . 66 6.4.6.3.2 PT procedure for switching from clear to encrypt mode with a DCK . 67 6.4.6.3.3 FT procedure for switching from clear to encrypt mode with a DCK . 67 6.4.6.3.4 PT procedure for switching from clear to encrypt mode with a Default Cipher Key (DefCK) . 68 6.4.6.3.5 Error handling - poor link . 70 6.4.6.4 Procedures for switching to clear mode . 72 6.4.6.5 Procedures for re-keying . 73 6.4.6.5.1 Re-keying to a DCK . 73 6.4.6.5.2 Re-keying to a DefCK . 74 6.4.6.5.3 FT Indication of re-keying to a DefCK . 75 6.4.6.6 Insertion of WAIT . 76 6.4.7 Handover of the encryption process . 77 6.4.7.0 General . 77 6.4.7.1 Bearer handover, uninterrupted ciphering . 77 6.4.7.2 Connection handover, uninterrupted ciphering . 77 6.4.7.3 External handover - handover with ciphering . 78 6.4.8 Modifications for half and long slot specifications (2-level modulation) . 78 6.4.8.1 Background . 78 6.4.8.2 MAC layer field structure . 78 6.4.8.3 Data to be encrypted. 79 6.4.8.4 Encryption process . 79 6.4.8.5 Initialization and synchronization of the encryption process . 80 6.4.8.6 Encryption mode control . 80 6.4.8.7 Handover of the encryption process . 80 6.4.9 Modifications for double slot specifications (2-level modulation) . 80 6.4.9.1 Background . 80 6.4.9.2 MAC layer field structure . 80 6.4.9.3 Data to be encrypted. 81 6.4.9.4 Encryption process . 81 6.4.9.5 Initialization and synchronization of the encryption process . 82 6.4.9.6 Encryption mode control . 82 6.4.9.7 Handover of the encryption process . 82 6.4.10 Modifications for multi-bearer specifications . 83 6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 83 6.4.11.1 Background . 83 6.4.11.2 MAC layer field structure . 83 6.4.11.3 Data to be encrypted. 83 6.4.11.4 Encryption process . 84 SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 6 6.4.11.4.0 General . 84 6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 84 6.4.11.4.2 Encryption process for the single subfield protected format . 85 6.4.11.4.3 Encryption process for the multi-subfield protected format . 86 6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 88 6.4.11.4.5 Encryption process for the encoded protected format (MAC service IPX) . 88 6.4.11.5 Initialization and synchronization of the encryption process . 90 6.4.11.6 Encryption mode control . 90 6.4.11.7 Handover of the encryption process . 90 6.4.12 Procedures for CCM re-keying and sequence reset . 90 6.5 Security attributes . 90 6.5.1 Background . 90 6.5.2 Authentication protocols . 91 6.5.2.0 General . 91 6.5.2.1 Authentication of a PT type 1 procedure . 91 6.5.2.2 Authentication of an FT type 1 procedure . 92 6.5.2.3 Authentication of a PT type 2 procedure . 93 6.5.2.4 Authentication of an FT type 2 procedure . 94 6.5.3 Confidentiality protocols . 95 6.5.4 Access-rights protocols . 97 6.5.5 Key numbering and storage . 98 6.5.5.0 General . 98 6.5.5.1 Authentication keys . 98 6.5.5.2 Cipher keys . 98 6.5.6 Key allocation . 99 6.5.6.1 Introduction . 99 6.5.6.2 UAK allocation (DSAA algorithm) . 100 6.5.6.3 UAK allocation (DSAA2 algorithm) . 101 6.6 DLC layer procedures . 101 6.6.1 Background . 101 6.6.2 CCM Authenticated Encryption . 102 6.6.2.0 CCM overview . 102 6.6.2.1 CCM operation . 102 6.6.2.2 Key management . 103 6.6.2.3 CCM Initialization Vector . 103 6.6.2.3.0 CCM Initialization Vector: overview . 103 6.6.2.3.1 CCM Initialization Vector: first byte . 103 6.6.2.3.2 CCM Initialization Vector: bytes 8-11 . 104 6.6.2.3.3 CCM Initialization Vector: bytes 12. 104 6.6.2.4 CCM Sequence Number . 104 6.6.2.5 CCM Start and Stop . 105 6.6.2.6 CCM Sequence resetting and re-keying . 105 6.6.2.7 CCM encryption for multicast channels . 105 6.6.2.7.0 General . 105 6.6.2.7.1 Applicable types of multicast channels and identifiers . 105 6.6.2.7.2 Process for encryption of multicast channels . 105 6.6.2.7.3 DLC service for encrypted multicast channels . 105 6.6.2.7.4 Encryption key for multicast channels . 105 6.6.2.7.5 CCM and DLC sequence numbers . 106 6.6.2.7.6 Initialization Vector for multicast channels . 106 6.6.2.7.7 Security provisions regarding the key . 107 6.6.2.8 CCM encryption for service channels . 107 6.6.2.8.0 General . 107 6.6.2.8.1 Initialization Vector for service channels . 108 6.7 Security meta-procedures . 108 6.7.1 General . 108 6.7.2 Re-keying . 108 6.7.2.1 Aim and strategy . 108 6.7.2.2 Re-keying procedure . 108 6.7.2.3 Re-keying procedure with Wireless Relay Stations (WRSs) . 109 6.7.2.3.1 General . 109 SIST EN 300 175-7 V2.7.1:2018
ETSI ETSI EN 300 175-7 V2.7.1 (2017-11) 7 6.7.2.3.2 Key aging model. 110 6.7.3 Early encryption . 110 6.7.3.1 Aim and strategy . 110 6.7.3.2 The Default Cipher Keys (DefCK) . 110 6.7.3.3 The Default Cipher Key Index . 111 6.7.3.4 Generation and refresh strategy. 111 6.7.3.5 Running the procedure . 111 6.7.3.6 Security considerations . 111 7 Use of security features . 112 7.1 Background . 112 7.2 Key management options . 112 7.2.1 Overview of security parameters relevant for key management . 112 7.2.2 Generation of authentication keys . 113 7.2.3 Initial distribution and installation of keys . 114 7.2.4 Use of keys within the fixed network . 115 7.2.4.0 Use of keys within the fixed network: general . 115 7.2.4.1 Use of keys within the fixed network: diagrams for authentication type 1 scenarios . 117 7.2.4.2 Use of keys within the fixed network: diagrams for authentication type 2 scenarios . 120 7.3 Confidentiality service with a Cordless Radio Fixed Part (CRFP). 122 7.3.1 General . 122 7.3.2 CRFP initialization of PT cipher key . 122 Annex A (informative): Security threats analysis . 123 A.1 Introduction . 123 A.2 Threat A - Impersonating a subscriber identity . 124 A.3 Threat B - Illegal use of a handset (PP) . 124 A.4 Threat C - Illegal use of a base station (FP) . 124 A.5 Threat D - Impersonation of a base station (FP) . 125 A.6 Threat E - Illegally obtaining user data and user related signalling information . 125 A.7 Conclusions and comments . 126 Annex B (informative): Security features and operating environments . 128 B.1 Introduction . 128 B.2 Definitions . 128 B.3 Enrolment options . 128 Annex C (informative): Reasons for not adopting public key techniques . 130 Annex D (informative): Overview of security features . 131 D.1 Introduction . 131 D.2 Authentication of a PT .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...