ETSI ETS 300 506 ed.2 (1998-01)

SLOVENSKI STANDARD
SIST ETS 300 506 E2:2003
01-december-2003
'LJLWDOQLFHOLþQLWHOHNRPXQLNDFLMVNLVLVWHPID]D±9DUQRVWQLYLGLNL*60
UD]OLþLFD
Digital cellular telecommunications system (Phase 2); Security aspects (GSM 02.09
version 4.4.1)
Ta slovenski standard je istoveten z: ETS 300 506 Edition 2
ICS:
33.070.50 Globalni sistem za mobilno Global System for Mobile
telekomunikacijo (GSM) Communication (GSM)
SIST ETS 300 506 E2:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ETS 300 506 E2:2003

---------------------- Page: 2 ----------------------

SIST ETS 300 506 E2:2003
EUROPEAN ETS 300 506
TELECOMMUNICATION January 1998
STANDARD Second Edition
Source: SMG Reference: RE/SMG-010209PR1
ICS: 33.020
Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM)
R
GLOBAL SYSTEM FOR
MOBILE COMMUNICATIONS
Digital cellular telecommunications system (Phase 2);
Security aspects
(GSM 02.09 version 4.4.1)
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.fr
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1998. All rights reserved.

---------------------- Page: 3 ----------------------

SIST ETS 300 506 E2:2003
Page 2
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.

---------------------- Page: 4 ----------------------

SIST ETS 300 506 E2:2003
Page 3
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
Contents
Foreword .5
1 Scope .7
1.1 Normative references .7
1.2 Abbreviations .7
2 General.8
3 Security features provided in a GSM PLMN.8
3.1 Subscriber identity confidentiality. 8
3.1.1 Definition .8
3.1.2 Purpose .8
3.1.3 Functional requirements.9
3.2 Subscriber identity authentication .9
3.2.1 Definition .9
3.2.2 Purpose .9
3.2.3 Functional requirements.9
3.2.4 Authentication during a malfunction of the network .10
3.3 User data confidentiality on physical connections (Voice and Non-voice).10
3.3.1 Definition .10
3.3.2 Purpose .10
3.3.3 Functional requirements.10
3.4 Connectionless user data confidentiality.11
3.4.1 Definition .11
3.4.2 Purpose .11
3.4.3 Functional requirements.11
3.5 Signalling information element confidentiality.11
3.5.1 Definition .11
3.5.2 Purpose .11
3.5.3 Functional requirements.11
History.12

---------------------- Page: 5 ----------------------

SIST ETS 300 506 E2:2003
Page 4
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
Blank page

---------------------- Page: 6 ----------------------

SIST ETS 300 506 E2:2003
Page 5
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
Foreword
This European Telecommunication Standard (ETS) has been produced by the Special Mobile Group
(SMG) of the European Telecommunications Standards Institute (ETSI).
This ETS defines security features within the digital cellular telecommunications system.
The specification from which this ETS has been derived was originally based on CEPT documentation,
hence the presentation of this ETS may not be entirely in accordance with the ETSI/PNE Rules.
Transposition dates
Date of adoption of this ETS: 5 December 1997
Date of latest announcement of this ETS (doa): 30 April 1998
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 31 October 1998
Date of withdrawal of any conflicting National Standard (dow): 31 October 1998

---------------------- Page: 7 ----------------------

SIST ETS 300 506 E2:2003
Page 6
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
Blank page

---------------------- Page: 8 ----------------------

SIST ETS 300 506 E2:2003
Page 7
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
1 Scope
Bearer and Teleservices, as respectively defined in GSM 02.02 and GSM 02.03, are the objects which the
GSM PLMN operators offer to their customers. Besides these basic telecommunications services,
features which aim at up-grading these basic services need also to be offered. Due to the use of
radiocommunications in a PLMN, which are of a special nature compared to classical distribution
transmission techniques used in the fixed networks, such a category of features is related to security
aspects.
In a GSM PLMN, both the users and the network operator have to be protected against undesirable
intrusion of third parties. However, measures should be provided for in order to insure maximum
protection of the rights of the individuals concerns. As a consequence, a security feature is either a
supplementary service to Tele or Bearer services, which can be selected by the subscriber, or a network
function involved in the provision of one or several telecommunication services.
The purpose of this European Telecommunication Standard (ETS) is to define the security features which
are to be available in a GSM PLMN, together with the associated levels of protection. This ETS is only
concerned with those security features which aim at the up-grading of the security in a GSM PLMN. In
particular, end-to-end security is outside the scope of this ETS.
The implementation aspects of security features are described in GSM 03.20.
1.1 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references, the
latest edition of the publication referred to applies.
[1] GSM 01.04 (ETR 100): "Digital cellular telecommunications system (Phase 2);
Abbreviations and acronyms".
[2] GSM 02.02 (ETS 300 501): "Digital cellular telecommunications system
(Phase 2); Bearer Services (BS) supported by a GSM Public Land Mobile
Network (PLMN)".
[3] GSM 02.03 (ETS 300 502): "Digital cellular telecommunications system
(Phase 2); Teleservices supported by a GSM Public Land Mobile Network
(PLMN)".
[4] GSM 03.20 (ETS 300 534): "Digital cellular telecommunications system
(Phase 2); Security related network functions".
[5] GSM 11.11 (ETS 300 608): "Digital cellular telecommunications system
(Phase 2); Specification of the Subscriber Identity Module - Mobile Equipment
(SIM - ME) interface".
1.2 Abbreviations
Abbreviations used in this ETS are listed in GSM 01.04.

---------------------- Page: 9 ----------------------

SIST ETS 300 506 E2:2003
Page 8
ETS 300 506 (GSM 02.09 version 4.4.1): January 1998
2 General
The use of radiocommunications for transmission to the mobile subscribers makes PLMNs particularly
sensitive to:
- misuse of their resources by unauthorised persons using manipulated Mobile Stations, who try to
impersonate authorized subscribers; and
- eavesdropping of the various information which are exchanged on the radio path.
It can be seen that PLMNs intrinsically do not provide the same level of protection to their operators and
subscribers as the traditional telecommunication networks provide. This fact leads to the need to
implement security features in a GSM PLMN in order to pro
...