ETSI EN 300 920 V7.1.1 (2000-08)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Digital cellular telecommunications system (Phase 2+) (GSM); Security aspects (GSM 02.09 version 7.1.1 Release 1998)33.070.50Globalni sistem za mobilno telekomunikacijo (GSM)Global System for Mobile Communication (GSM)ICS:Ta slovenski standard je istoveten z:EN 300 920 Version 7.1.1SIST EN 300 920 V7.1.1:2003en01-december-2003SIST EN 300 920 V7.1.1:2003SLOVENSKI
STANDARD



SIST EN 300 920 V7.1.1:2003



ETSIEN300920V7.1.1(2000-08)EuropeanStandard(Telecommunicationsseries)Digitalcellulartelecommunicationssystem(Phase2+);Securityaspects(GSM02.09version7.1.1Release1998)GLOBALSYSTEMFORMOBILECOMMUNICATIONSRSIST EN 300 920 V7.1.1:2003



ETSIETSIEN300920V7.1.1(2000-08)2(GSM02.09version7.1.1Release1998)ReferenceREN/SMG-010209Q7R1KeywordsDigitalcellulartelecommunicationssystem,GlobalSystemforMobilecommunications(GSM)ETSI650RoutedesLuciolesF-06921SophiaAntipolisCedex-FRANCETel.:+33492944200Fax:+33493654716SiretN°34862356200017-NAF742CAssociationàbutnonlucratifenregistréeàlaSous-PréfecturedeGrasse(06)N°7803/88ImportantnoticeIndividualcopiesofthepresentdocumentcanbedownloadedfrom:http://www.etsi.orgThepresentdocumentmaybemadeavailableinmorethanoneelectronicversionorinprint.Inanycaseofexistingorperceiveddifferenceincontentsbetweensuchversions,thereferenceversionisthePortableDocumentFormat(PDF).Incaseofdispute,thereferenceshallbetheprintingonETSIprintersofthePDFversionkeptonaspecificnetworkdrivewithinETSISecretariat.Usersofthepresentdocumentshouldbeawarethatthedocumentmaybesubjecttorevisionorchangeofstatus.InformationonthecurrentstatusofthisandotherETSIdocumentsisavailableathttp://www.etsi.org/tb/status/Ifyoufinderrorsinthepresentdocument,sendyourcommentto:editor@etsi.frCopyrightNotificationNopartmaybereproducedexceptasauthorizedbywrittenpermission.Thecopyrightandtheforegoingrestrictionextendtoreproductioninallmedia.©EuropeanTelecommunicationsStandardsInstitute2000.Allrightsreserved.SIST EN 300 920 V7.1.1:2003



ETSIETSIEN300920V7.1.1(2000-08)3(GSM02.09version7.1.1Release1998)ContentsIntellectualPropertyRights.4Foreword.41Scope.51.1References.51.2Abbreviations.52General.63SecurityfeaturesprovidedinaGSMPLMN.63.1Subscriberidentityconfidentiality.63.1.1Definition.63.1.2Purpose.63.1.3Functionalrequirements.73.2Subscriberidentityauthentication.73.2.1Definition.73.2.2Purpose.73.2.3Functionalrequirements.73.2.4Authenticationduringamalfunctionofthenetwork.73.3Userdataconfidentialityonphysicalconnections(VoiceandNon-voice).83.3.1Definition.83.3.2Purpose.83.3.3Functionalrequirements.83.4Connectionlessuserdataconfidentiality.83.4.1Definition.83.4.2Purpose.83.4.3Functionalrequirements.93.5Signallinginformationelementconfidentiality.93.5.1Definition.93.5.2Purpose.93.5.3Functionalrequirements.9AnnexA(informative):Changehistory.10History.11SIST EN 300 920 V7.1.1:2003



ETSIETSIEN300920V7.1.1(2000-08)4(GSM02.09version7.1.1Release1998)IntellectualPropertyRightsIPRsessentialorpotentiallyessentialtothepresentdocumentmayhavebeendeclaredtoETSI.TheinformationpertainingtotheseessentialIPRs,ifany,ispubliclyavailableforETSImembersandnon-members,andcanbefoundinETSISR000314:"IntellectualPropertyRights(IPRs);Essential,orpotentiallyEssential,IPRsnotifiedtoETSIinrespectofETSIstandards",whichisavailablefromtheETSISecretariat.LatestupdatesareavailableontheETSIWebserver(http://www.etsi.org/ipr).PursuanttotheETSIIPRPolicy,noinvestigation,includingIPRsearches,hasbeencarriedoutbyETSI.NoguaranteecanbegivenastotheexistenceofotherIPRsnotreferencedinETSISR000314(ortheupdatesontheETSIWebserver)whichare,ormaybe,ormaybecome,essentialtothepresentdocument.ForewordThisEuropeanStandard(Telecommunicationsseries)hasbeenproducedbyETSITechnicalCommitteeSpecialMobileGroup(SMG).Thepresentdocumentdefinessecurityfeatureswithinthedigitalcellulartelecommunicationssystem.ThecontentsofthepresentdocumentmaybesubjecttocontinuingworkwithinSMGandmaychangefollowingformalSMGapproval.ShouldSMGmodifythecontentsofthepresentdocumentitwillthenbere-submittedforformalapprovalproceduresbyETSIwithanidentifyingchangeofreleasedateandanincreaseinversionnumberasfollows:Version7.x.ywhere:7GSMPhase2+Release1998;xtheseconddigitisincrementedforchangesofsubstance,i.e.technicalenhancements,corrections,updates,etc.;ythethirddigitisincrementedwheneditorialonlychangeshavebeenincorporatedinthespecification.NationaltranspositiondatesDateofadoptionofthisEN:14July2000DateoflatestannouncementofthisEN(doa):31October2000DateoflatestpublicationofnewNationalStandardorendorsementofthisEN(dop/e):30April2001DateofwithdrawalofanyconflictingNationalStandard(dow):30April2001SIST EN 300 920 V7.1.1:2003



ETSIETSIEN300920V7.1.1(2000-08)5(GSM02.09version7.1.1Release1998)1ScopeBearerandTeleservices,asrespectivelydefinedinGSM02.02andGSM02.03,aretheobjectswhichtheGSMPLMNoperatorsoffertotheircustomers.Besidesthesebasictelecommunicationsservices,featureswhichaimatup-gradingthesebasicservicesneedalsotobeoffered.DuetotheuseofradiocommunicationsinaPLMN,whichareofaspecialnaturecomparedtoclassicaldistributiontransmissiontechniquesusedinthefixednetworks,suchacategoryoffeaturesisrelatedtosecurityaspects.InaGSMPLMN,boththeusersandthenetworkoperatorhavetobeprotectedagainstundesirableintrusionofthirdparties.However,measuresshouldbeprovidedforinordertoinsuremaximumprotectionoftherightsoftheindividualsconcerns.Asaconsequence,asecurityfeatureiseitherasupplementaryservicetoTeleorBearerservices,whichcanbeselectedbythesubscriber,oranetworkfunctioninvolvedintheprovisionofoneorseveraltelecommunicationservices.ThepurposeofthepresentdocumentistodefinethesecurityfeatureswhicharetobeavailableinaGSMPLMN,togetherwiththeassociatedlevelsofprotection.Thepresentdocumentisonlyconcernedwiththosesecurityfeatureswhichaimattheup-gradingofthesecurityinaGSMPLMN.Inparticular,end-to-endsecurityisoutsidethescopeofthepresentdocument.TheimplementationaspectsofsecurityfeaturesaredescribedinGSM03.20.1.1ReferencesThefollowingdocumentscontainprovisionswhich,throughreferenceinthistext,constituteprovisionsofthepresentdocument.• Referencesareeitherspecific(identifiedbydateofpublication,editionnumber,versionnumber,etc.)ornon-specific.• Foraspecificreference,subsequentrevisionsdonotapply.• Foranon-specificreference,thelatestversionapplies.• Anon-specificreferencetoanETSshallalsobetakentorefertolaterversionspublishedasanENwiththesamenumber.• ForthisRelease1998document,referencestoGSMdocumentsareforRelease1998versions(version7.x.y).[1]GSM01.04:"Digitalcellulartelecommunicationssystem(Phase2+);Abbreviationsandacronyms".[2]GSM02.02:"Digitalcellulartelecommunicationssystem(Phase2+);BearerServices(BS)supportedbyaGSMPublicLandMobileNetwork(PLMN)".[3]GSM02.03
...