ETSI ETS 300 506 ed.3 (2000-08)

SLOVENSKI STANDARD
SIST ETS 300 506 E3:2003
01-december-2003
'LJLWDOQLFHOLþQLWHOHNRPXQLNDFLMVNLVLVWHPID]D±9DUQRVWQLYLGLNL*60
UD]OLþLFD
Digital cellular telecommunications system (Phase 2); Security aspects (GSM 02.09
version 4.5.1)
Ta slovenski standard je istoveten z: ETS 300 506 Edition 3
ICS:
33.070.50 Globalni sistem za mobilno Global System for Mobile
telekomunikacijo (GSM) Communication (GSM)
SIST ETS 300 506 E3:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ETS 300 506 E3:2003

---------------------- Page: 2 ----------------------

SIST ETS 300 506 E3:2003
EUROPEAN ETS 300 506
TELECOMMUNICATION August 2000
STANDARD Third Edition
Source: SMG Reference: RE/SMG-010209PR2
ICS: 33.020
Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM)
R
GLOBAL SYSTEM FOR
MOBILE COMMUNICATIONS
Digital cellular telecommunications system (Phase 2);
Security aspects
(GSM 02.09 version 4.5.1)
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
Internet: secretariat@etsi.fr - http://www.etsi.org
Tel.:+334 92944200- Fax:+334 93 654716
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2000. All rights reserved.

---------------------- Page: 3 ----------------------

SIST ETS 300 506 E3:2003
Page 2
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Standards Making Support Dept." at the address shown on the title page.

---------------------- Page: 4 ----------------------

SIST ETS 300 506 E3:2003
Page 3
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
Contents
Foreword.5
1 Scope .7
1.1 Normative references .7
1.2 Abbreviations .7
2 General.8
3 Security features provided in a GSM PLMN .8
3.1 Subscriber identity confidentiality .8
3.1.1 Definition.8
3.1.2 Purpose .8
3.1.3 Functional requirements.9
3.2 Subscriber identity authentication.9
3.2.1 Definition.9
3.2.2 Purpose .9
3.2.3 Functional requirements.9
3.2.4 Authentication during a malfunction of the network .10
3.3 User data confidentiality on physical connections (Voice and Non-voice) .10
3.3.1 Definition.10
3.3.2 Purpose .10
3.3.3 Functional requirements.10
3.4 Connectionless user data confidentiality .11
3.4.1 Definition.11
3.4.2 Purpose .11
3.4.3 Functional requirements.11
3.5 Signalling information element confidentiality.11
3.5.1 Definition.11
3.5.2 Purpose .11
3.5.3 Functional requirements.11
Annex A (informative): Change History.12
History.13

---------------------- Page: 5 ----------------------

SIST ETS 300 506 E3:2003
Page 4
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
Blank page

---------------------- Page: 6 ----------------------

SIST ETS 300 506 E3:2003
Page 5
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The
information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-
members, and can be found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or
potentially Essential, IPRs notified to ETSI in respect of ETSI standards", which is available from the ETSI
Secretariat. Latest updates are available on the ETSI Web server (http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI.
No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the
updates on the ETSI Web server) which are, or may be, or may become, essential to the present
document.
Foreword
This European Telecommunication Standard (ETS) has been produced by the Special Mobile Group
(SMG) Technical Committee of the European Telecommunications Standards Institute (ETSI).
This ETS defines security features within the digital cellular telecommunications system.
The specification from which this ETS has been derived was originally based on CEPT documentation,
hence the presentation of this ETS may not be entirely in accordance with the ETSI/PNE Rules.
Proposed transposition dates
Date of adoption of this ETS: 14 July 2000
Date of latest announcement of this ETS (doa): 31 October 2000
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 30 April 2001
Date of withdrawal of any conflicting National Standard (dow): 30 April 2001

---------------------- Page: 7 ----------------------

SIST ETS 300 506 E3:2003
Page 6
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
Blank page

---------------------- Page: 8 ----------------------

SIST ETS 300 506 E3:2003
Page 7
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
1 Scope
Bearer and Teleservices, as respectively defined in GSM 02.02 and GSM 02.03, are the objects which
the GSM PLMN operators offer to their customers. Besides these basic telecommunications services,
features which aim at up-grading these basic services need also to be offered. Due to the use of
radiocommunications in a PLMN, which are of a special nature compared to classical distribution
transmission techniques used in the fixed networks, such a category of features is related to security
aspects.
In a GSM PLMN, both the users and the network operator have to be protected against undesirable
intrusion of third parties. However, measures should be provided for in order to insure maximum
protection of the rights of the individuals concerns. As a consequence, a security feature is either a
supplementary service to Tele or Bearer services, which can be selected by the subscriber, or a network
function involved in the provision of one or several telecommunication services.
The purpose of this European Telecommunication Standard (ETS) is to define the security features which
are to be available in a GSM PLMN, together with the associated levels of protection. This ETS is only
concerned with those security features which aim at the up-grading of the security in a GSM PLMN. In
particular, end-to-end security is outside the scope of this ETS.
The implementation aspects of security features are described in GSM 03.20.
1.1 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references, the
latest edition of the publication referred to applies.
[1] GSM 01.04 (ETR 100): "Digital cellular telecommunications system (Phase 2);
Abbreviations and acronyms".
[2] GSM 02.02 (ETS 300 501): "Digital cellular telecommunications system
(Phase 2); Bearer Services (BS) supported by a GSM Public Land Mobile
Network (PLMN)".
[3] GSM 02.03 (ETS 300 502): "Digital cellular telecommunications system
(Phase 2); Teleservices supported by a GSM Public Land Mobile Network
(PLMN)".
[4] GSM 03.20 (ETS 300 534): "Digital cellular telecommunications system
(Phase 2); Security related network functions".
[5] GSM 11.11 (ETS 300 608): "Digital cellular telecommunications system
(Phase 2); Specification of the Subscriber Identity Module - Mobile Equipment
(SIM - ME) interface".
1.2 Abbreviations
Abbreviations used in this ETS are listed in GSM 01.04.

---------------------- Page: 9 ----------------------

SIST ETS 300 506 E3:2003
Page 8
ETS 300 506 (GSM 02.09 version 4.5.1): August 2000
2 General
The use of radiocommunications for transmission to the mobile subscribers makes PLMNs particularly
sensitive to:
- misuse of their resources by unauthorised persons using manipulated Mobile Stations, who try to
impersonate authorized subscribers; and
- eavesdropping of the various information which are exchanged on the radio path.
It can be seen that PLMNs intrinsically do not provide the same level of protection to their operators and
subscri
...