ETSI ETS 300 175-7 ed.2 (1996-09)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.QHRadio Equipment and Systems (RES); Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features33.070.30'(&7Digital Enhanced Cordless Telecommunications (DECT)ICS:Ta slovenski standard je istoveten z:ETS 300 175-7 Edition 2SIST ETS 300 175-7 E2:2005en01-julij-2005SIST ETS 300 175-7 E2:2005SLOVENSKI
STANDARD
EUROPEANETS 300 175-7TELECOMMUNICATIONSeptember 1996STANDARDSecond EditionSource: ETSI TC-RESReference: RE/RES-03027-7ICS:33.060. 33.060.50Key words:DECT, radio, securityRadio Equipment and Systems (RES);Digital Enhanced Cordless Telecommunications (DECT);Common Interface (CI);Part 7: Security featuresETSIEuropean Telecommunications Standards InstituteETSI SecretariatPostal address: F-06921 Sophia Antipolis CEDEX - FRANCEOffice address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCEX.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.frTel.: +33 92 94 42 00 - Fax: +33 93 65 47 16Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and theforegoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1996. All rights reserved.SIST ETS 300 175-7 E2:2005

Page 2ETS 300 175-7: September 1996Whilst every care has been taken in the preparation and publication of this document, errors in content,typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to"ETSI Editing and Committee Support Dept." at the address shown on the title page.SIST ETS 300 175-7 E2:2005

Page 3ETS 300 175-7: September 1996ContentsForeword.9Introduction.101Scope.132Normative references.133Definitions and abbreviations.143.1Definitions.143.2Abbreviations.164Security architecture.174.1Background.174.2Security services.174.2.1Authentication of a PT.174.2.2Authentication of an FT.174.2.3Mutual authentication.174.2.4Data confidentiality.174.2.5User authentication.174.3Security mechanisms.184.3.1Authentication of a PT.184.3.2Authentication of an FT.194.3.3Mutual authentication.204.3.4Data confidentiality.204.3.4.1Derived Cipher Key (DCK).204.3.4.2 Static Cipher Key (SCK).214.3.5User authentication.214.4Cryptographic parameters and keys.214.4.1Overview.214.4.2Cryptographic parameters.224.4.3Cryptographic keys.234.4.3.1Authentication key K.234.4.3.2Authentication session keys KS and KS'.244.4.3.3Cipher key CK.254.5Security processes.254.5.1Overview.254.5.2Derivation of authentication key, K.264.5.2.1K is derived from UAK.264.5.2.2K is derived from AC.264.5.2.3K is derived from UAK and UPI.264.5.3Authentication processes.264.5.3.1Processes for the derivation of KS and KS'.274.5.3.2Processes for the derivation of DCK, RES1 and RES2.274.5.4Key stream generation.274.6Combinations of security services.285Algorithms for security processes.295.1Background.295.1.1A algorithm.295.2Derivation of session authentication key(s).295.2.1A11 process.295.2.2A21 process.305.3Authentication and cipher key generation processes.30SIST ETS 300 175-7 E2:2005

Page 4ETS 300 175-7: September 19965.3.1A12 process.305.3.2A22 process.316Integration of security.316.1Background.316.2Association of keys and identities.316.2.1Authentication key.316.2.1.1K is derived from UAK.316.2.1.2K derived from AC.326.2.1.3K derived from UAK and UPI.326.2.2Cipher keys.326.3NWK layer procedures.336.3.1Background.336.3.2Authentication exchanges.336.3.3Authentication procedures.356.3.3.1Authentication of a PT.356.3.3.2Authentication of an FT.356.3.4Transfer of Cipher Key, CK.356.4MAC layer procedures.356.4.1Background.356.4.2MAC layer field structure.366.4.3Data to be encrypted.376.4.4Encryption process.376.4.5Initialisation and synchronisation of the encryption process.406.4.6Encryption mode control.416.4.6.1Background.416.4.6.2MAC layer messages.416.4.6.3Procedures for switching to encrypt mode.416.4.6.4Procedures for switching to clear mode.446.4.7Handover of the encryption process.456.4.7.1Bearer handover, uninterrupted ciphering.456.4.7.2Connection handover, uninterrupted ciphering.456.4.7.3External handover - handover with ciphering.466.4.8Modifications for half slot specifications.466.4.8.1Background.466.4.8.2MAC layer field structure.466.4.8.3Data to be encrypted.476.4.8.4Encryption process.476.4.8.5Initialisation and synchronisation of the encryption process.476.4.8.6Encryption mode control.476.4.8.7Handover of the encryption process.476.4.9Modifications for double slot specifications.476.4.9.1Background.476.4.9.2MAC layer field structure.486.4.9.3Data to be encrypted.486.4.9.4Encryption process.486.4.9.5Initialisation and synchronisation of the encryption process.496.4.9.6Encryption mode control.496.4.9.7Handover of the encryption process.496.4.10Modifications for multi-bearer specifications.506.5Security attributes.506.5.1Background.506.5.2Authentication protocols.526.5.2.1Authentication of a PT.526.5.2.2Authentication of an FT.536.5.3Confidentiality protocols.546.5.4Access-rights protocols.566.5.5Key numbering and storage.576.5.5.1Authentication keys.576.5.5.2Cipher keys.58SIST ETS 300 175-7 E2:2005

Page 5ETS 300 175-7: September 19966.5.6Key allocation.596.5.6.1Introduction.596.5.6.2UAK allocation.597Use of security features.607.1Background.607.2Key management options.617.2.1Overview of security parameters relevant for key management.617.2.2Generation of authentication keys.627.2.3Initial distribution and installation of keys.627.2.4Use of keys within the fixed network.637.3Confidentiality service with a Cordless Radio Fixed Part (CRFP).677.3.1General.677.3.2CRFP initialization of PT cipher key.67Annex A (informative): Security threats analysis.68A.1Introduction.68A.2Threat A - impersonating a subscriber identity.69A.3Threat B - illegal use of a handset (PP).69A.4Threat C - illegal use of a base station (FP).70A.5Threat D - impersonation of a base station (FP).70A.6Threat E - illegally obtaining user data and user related signalling information.70A.7Conclusions and comments.72Annex B (informative):Security features and operating environments.73B.1Introduction.73B.2Definitions.73B.3Enrolment options.74Annex C (informative):Reasons for not adopting public key techniques.75Annex D (informative):Overview of security features.76D.1Introduction.76D.2Authentication of a PT.76D.3Authentication of an FT.77D.4Mutual authentication of a PT and an FT.77D.4.1Direct method.77D.4.2Indirect method 1.77D.4.3Indirect method 2.77D.5Data confidentiality.77D.5.1Cipher key derivation as part of authentication.78D.5.2Static cipher key.78D.6User authentication.78SIST ETS 300 175-7 E2:2005

Page 6ETS 300 175-7: September 1996D.7Key management in case of roaming.78D.7.1Introduction.78D.7.2Use of actual authentication key K.78D.7.3Use of session keys.79D.7.4Use of precalculated sets.81Annex E (informative):Limitations of DECT security.82E.1Introduction.82E.2Protocol reflection attacks.82E.3Static cipher key and short Initial Vector (IV).82E.4General considerations regarding key management.83E.5Use of a predictable challenge in FT authentication.83Annex F (informative):Security features related to target networks.84F.1Introduction.84F.1.1Notation and DECT reference model.84F.1.2Significance of security features and intended usage within DECT.84F.1.3Mechanism/algorithm and process requirements.85F.2PSTN reference configurations.86F.2.1Domestic telephone.86F.2.2PBX.88F.2.3Local loop.90F.3ISDN reference configurations.91F.3.1Terminal equipment.91F.3.2Network termination 2.93F.3.3Local loop.93F.4X.25 reference configuration.93F.4.1Data Terminal Equipment (DTE).93F.4.2PAD equipment.93F.5GSM reference configuration.94F.5.1Base station substation.94F.5.2Mobile Station.94F.6IEEE.802 reference configuration.94F.6.1Bridge.94F.6.2Gateway.94F.7Public access service reference configurations.94F.7.1Fixed public access service reference configuration.94Annex G (informative):Compatibility of DECT and GSM authentication.95G.1Introduction.95G.2SIM and DAM functionality.95G.3Using an SIM for DECT authentication.96G.4Using a DAM for GSM authentication.96SIST ETS 300 175-7 E2:2005

Page 7ETS 300 175-7: September 1996Annex H (informative):DECT standard authentication algorithm.97Annex J (informative):DECT standard cipher.98Annex K (informative):Bibliography.99History.100SIST ETS 300 175-7 E2:2005

Page 8ETS 300 175-7: September 1996Blank pageSIST ETS 300 175-7 E2:2005

Page 9ETS 300 175-7: September 1996ForewordThis second edition European Telecommunication Standard (ETS) has been produced by the RadioEquipment and Systems (RES) Technical Committee of the European Telecommunications StandardsInstitute (ETSI).Annexes A to K to this ETS are informative.The following cryptographic algorithms are subject to controlled distribution:a)DECT standard cryptographic algorithms;b)DECT standard cipher.These algorithms are distributed on an individual basis. Further information and details of the currentdistribution procedures can be obtained from the ETSI Secretariat at the address on the first page of thisETS.Further details of the DECT system may be found in the ETSI Technical Reports ETR 015, ETR 043 andETR 056.This ETS forms part 7 of a series of 9 laying down the arrangements for the Digital Enhanced CordlessTelecommunications (DECT) Common Interface (CI).Part 1:"Overview".Part 2"Physical layer (PHL)".Part 3"Medium Access Control (MAC) layer".Part 4"Data Link Control (DLC) layer".Part 5:"Network (NWK) layer".Part 6:"Identities and addressing".Part 7:"Security features".Part 8:"Speech coding and transmission".Part 9:"Public Access Profile (PAP)".Transposition datesDate of adoption of this ETS:6 September 1996Date of latest announcement of this ETS (doa):31 December 1996Date of latest publication of new National Standardor endorsement of this ETS (dop/e):30 June 1997Date of withdrawal of any conflicting National Standard (dow):30 June 1997SIST ETS 300 175-7 E2:2005

Page 10ETS 300 175-7: September 1996IntroductionThis ETS contains a detailed specification of the security features which may be provided by DECTsystems. An overview of the processes required to provide all the features detailed in this ETS ispresented in figure 1.The ETS consists of four main clauses (clauses 4 - 7), together with a number of informative and importantannexes (A - J). The purpose of this introduction is to briefly preview the contents of each of the mainclauses and the supporting annexes.Each of the main clauses starts with a description of its objectives and a summary of its contents. Clause 4is concerned with defining a security architecture for DECT. This architecture is defined in terms of thesecurity services which may be offered (subclause 4.2), the mechanisms which must be used to providethese services (subclause 4.3), the security parameters and keys required by the mechanisms (challenges,keys etc.), and which must be passed across the air interface or held within DECT Portable Parts (PPs),Fixed Parts (FPs) or other network entities (e.g. management centres) (subclause 4.4), the processeswhich are required to provide the security mechanisms (subclause 4.5), and the recommendedcombinations of services (subclause 4.6).Clause 5 is concerned with specifying how certain cryptographic algorithms are to be used for the securityprocesses. Two algorithms are required:-a key stream generator; and-an authentication algorithm.The key stream generator is only used for the encryption process, and this process is specified insubclause 4.4. The authentication algorithm may be used to derive authentication session keys and cipherkeys, and is the basis of the authentication process itself. The way in which the authentication algorithm isto be used to derive authentication session keys is specified in subclause 5.2. The way in which thealgorithm is to be used to provide the authentication process and derive cipher keys is specified insubclause 5.3.Neither the key stream generator nor the authentication algorithm are specified in this ETS. Only their inputand output parameters are defined. In principle, the security features may be provided by usingappropriate proprietary algorithms. The use of proprietary algorithms may, however, limit roaming in thepublic access service environment, as well as the use of PPs in different environments.For example, for performance reasons, the key stream generator will need to be implemented in hardwarein PPs and FPs. The use of proprietary generators will then limit the interoperability of systems providedby different manufacturers.Two standard algorithms have been specified. These are the DECT Standard Authentication Algorithm(DSAA, see annex H) and the DECT Standard Cipher (DSC, see annex I).Because of the confidential nature of the information contained in them, these annexes are not included inthis ETS. However, the algorithms will be made available to DECT equipment manufacturers. The DSAAmay also need to be made available to public access service operators who, in turn, may need to make itavailable to manufacturers of authentication modules.Clause 6 is concerned with integrating the security features into the DECT system. Four aspects ofintegration are considered. The first aspect is the association of user security parameters (in particular,authentication keys) with DECT identities. This is the subject of subclause 6.2. The second aspect ofintegration is the definition of the NWK layer protocol elements and message types needed for theexchange of authentication parameters across the air interface. This is dealt with in subclause 6.3. TheMAC layer procedures for the encryption of data passed over the air interface are the subject of subclause6.4. Finally, subclause 6.5 is concerned with security attributes which DECT systems may support, and theNWK layer messages needed to enable PPs and FPs to identify which security algorithms and keys will beused to provide the various security services.SIST ETS 300 175-7 E2:2005

Page 11ETS 300 175-7: September 1996Clause 7 is concerned with key management issues. Careful management of keys is fundamental to theeffective operation of a security system, and subclause 7.2 is intended to provide guidance on this subject.The subclause includes an explanation of how the DECT security features may be supported by differentkey management options.For example, schemes which allow authentication keys to be held in a central location within a publicaccess service network are described, as are schemes which allow authentication keys to be derivedlocally in public access service base stations. The subclause is very much less specific than the othersubclauses in this ETS. This is because the key management issues discussed are not an integral part ofthe CI. In the end it is up to network operators and service providers to decide how they are going tomanage their cryptographic keys. This ETS can at best provide some suggestions and guidelines.The main text is supplemented by a set of informative annexes. There are two types of annex. Those ofthe first type provide background information justifying the inclusion of a particular service, or the use of aparticular type of mechanism in the security features. Those of the second type provide guidance on theuse and management of certain of the security features. The content of each of the annexes is brieflyreviewed below.Annex A contains the results of a security threats analysis which was undertaken prior to designing theDECT security features.Annex B is concerned with the impact of the security features on roaming, in particular with the concurrentuse of a PP in public access service, wireless Private Branch eXchange (PBX) and residentialenvironments.Annex C is provided for background information. It contains a justification for some of the decisions takenby EG-1, e.g. why symmetric rather than public key (asymmetric) cryptographic mechanisms wereselected.Annex D provides an overview of the DECT security features specified in this ETS.No security system is perfect, and annex E discusses the limitations of the DECT security features.Annex F relates the security features specified in this ETS to the DECT environments identified in ETR 015(see Bibliography). Each of the local networks identified in the reference model is considered in turn. Foreach of these networks a security profile is suggested. The networks considered are Public SwitchedTelephone Network (PSTN), Integrated Services Digital Network (ISDN), X.25, Global System for Mobilecommunications (GSM), Local Area Networks (LANs) and public access service.Annex G consists of a brief discussion of the compatibility of DECT and GSM authentication. In particular,the concept of a DECT Authentication Module (DAM) is considered and its functionality compared with thefunctionality of the GSM Subscriber Interface Module (SIM).Annex H refers to the DECT standard authentication algorithm.Annex J refers to the DECT standard cipher.SIST ETS 300 175-7 E2:2005

Page 12ETS 300 175-7: September 1996A11A12A21A22KS [128]KS' [128]Authentication ofPP processesAuthentication ofFP processesRAND P [64]IV [35]SCK [64]RAND F [64]RS [64]UAK [128]UAK [128]B2B1B1AuthenticationKey SelectionK [128]RES1 [32]RES2 [32]DCKSCKCK [64]KSGKeyStreamKey Stream generationfor encryption processUPI [e.g. 128]AC [e.g. 16-32]Authentication CodeInitialisation Value obtained from frame counterCipher KeyStatic Cipher KeySession Authentication KeyReverse Authentication KeyValue generated and transmitted by FPValue generated and transmitted by PPValue computed and transmitted by PPValue computed and transmitted by FPValue transmitted by FP in authentication protocolUser authentication KeyUser Personal IdentityDerived Cipher KeyAuthentication KeyAuthentication ProcessesAuthentication ProcessesAuthentication Key Stream ProcessesKey Stream GeneratorACIVCKSCKKSKS'RAND FRAND PRES 1RES 2RSUAKUPIDCKK A11, A12A21, A22B1, B2KSGFigure 1: Overview of DECT security processesSIST ETS 300 175-7 E2:2005

Page 13ETS 300 175-7: September 19961ScopeThis second edition ETS is part of the Digital Enhanced Cordless Telecommunications (DECT) CommonInterface (CI) and specifies the security architecture, the types of cryptographic algorithms required, theway in which they are to be used, and the requirements for integrating the security features provided bythe architecture into the DECT CI . It also describes how the features can be managed and how theyrelate to certain DECT fixed systems and local network configurations.The security architecture is defined in terms of the security services which are to be supported at the CI,the mechanisms which are to be used to provide the services, and the cryptographic parameters, keys andprocesses which are associated with these mechanisms.The security processes specified in this ETS are each based on one of two cryptographic algorithms:-an authentication algorithm; and-a key stream generator.The architecture is, however, algorithm independent, and either the DECT standard algorithms, orappropriate proprietary algorithms, or indeed a combination of both can, in principle, be employed. The useof the employed algorithm is specified in this ETS.Integration of the security features is specified in terms of the protocol elements and processes required atthe Network (NWK) and Medium Access Control (MAC) layers of the CI.The relationship between the security features and various network elements is described in terms ofwhere the security processes and management functions may be provided.This ETS does not address implementation issues. For instance, no attempt is made to specify whetherthe DSAA should be implemented in the PP at manufacture, or whether the DSAA or a proprietaryauthentication algorithm should be implemented in a detachable module. Similarly, this ETS does notspecify whether the DSC should be implemented in hardware in all PPs at manufacture, or whether specialPPs should be manufactured with the DSC or proprietary ciphers built into them. The security architecturesupports all these options, although the use of proprietary algorithms may limit roaming and the concurrentuse of PPs in different environments.2Normative referencesThis European Telecommunication Standard (ETS) incorporates, by dated or undated reference,provisions from other publications. These normative references are cited at the appropriate places in thetext and the publications are listed hereafter. For dated references, subsequent amendments to orrevisions of any of these publications apply to this ETS only when incorporated in it by amendment orrevision. For undated references the latest edition of the publication referred to applies.[1]ETS 300 175-1 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 1:Overview".[2]ETS 300 175-2 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 2: PhysicalLayer (PHL)".[3]ETS 300 175-3 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 3: MediumAccess Control (MAC) layer".[4]ETS 300 175-4 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI) Part 4: Data LinkControl (DLC) layer".SIST ETS 300 175-7 E2:2005

Page 14ETS 300 175-7: September 1996[5]ETS 300 175-5 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 5: Network(NWK) layer".[6]ETS 300 175-6 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 6: Identitiesand addressing".[8]ETS 300 175-8 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 8: Speechcoding and transmission".[9]ETS 300 175-9 (1996): "Radio Equipment and Systems (RES); Digital EnhancedCordless Telecommunications (DECT); Common Interface (CI); Part 9: PublicAccess Profile (PAP)".3Definitions and abbreviations3.1DefinitionsFor the purposes of this ETS, the following definitions apply:algorithm: A mathematical process or function that transforms an input into an output. In cryptographicapplications an algorithm is a process used for encipherment, decipherment or non-reversibleencipherment under control of a key.algorithm identifier: A designator to show which algorithm is in use, so that the correct one may bechosen.asymmetric algorithm: See public key algorithm.authentication: The corroboration that an entity is the one that is claimed.Cipher Key (CK): A value that is used to determine the transformation of plaintext to ciphertext in acryptographic algorithm.Cipher Key (CK) generation: A process for generating cryptographic keys.ciphertext: The output of a cryptographic algorithm. Ciphertext is not intelligible unless (in a reversiblealgorithm) the reverse transformation is performed.confidentiality: Rendering information secret as ciphertext unless the capability is possessed to recoverthe plaintext from ciphertext.countermeasure: A device, instrument or procedure used to counteract or defend against a threat.cryptography: Literally secret writing. Used to describe the hiding of information.Data Encryption Standard (DES): United States Federal data encryption standard.decipherment: The rendering of ciphertext into plaintext.DECT Standard Authentication Algorithm (DSAA): An algorithm used for authentication in DECT.DECT Standard Cipher (DSC): An algorithm used for data encryption in DECT.encipherment: the rendering of plaintext into ciphertext.FEAL algorithm: Fast Encryption Algorithm; a particular encryption algorithm in the public domain.SIST ETS 300 175-7 E2:2005

Page 15ETS 300 175-7: September 1996GSM: A pan-European standard for digital mobile telephones in the 900 - 1 000 MHz band.impersonation: Where one identity claims the part of another identity.Integrated Services Digital Network (ISDN): A digital telecommunications infrastructure to theConsultative Committee on International Telegraphy and Telephony (CCITT) standards.key management: The way in which cryptographic keys are generated, distributed and used.Key Stream Generator (KSG): A cryptographic algorithm which produces a stream of binary digits whichcan be used for encipherment and decipherment.Local Area Network (LAN): Electronic systems which are interconnected and in physical proximity to eachother.masquerading: Where one identity plays the part of, or acts as, another identity.mutual authentication: Where two entities corroborate the identity of each other.Personal Identity Number (PIN): A short sequence of numbers (usually 4 - 8 digits) which may be used inan authentication process to prove identity. The term User Personal Identity (UPI) may also be used.plaintext: Information or data which is intelligible to everyone.proprietary algorithm: An algorithm which is the intellectual property of a legal entity.public access service: A service that provides access to a public network for the general public.public key algorithm: A cryptographic algorithm in which a different key is used for encipherment and fordecipherment. Also known as an asymmetric algorithm.random number: A number generated by a non-deterministic process.RS: A value used to establish authentication session keys, as defined in subclause 4.4.3.RSA (Rivest, Shamir & Adleman) algorithm: A public key algorithm.security attribute: A protocol element indicating security services, mechanisms, processes or algorithmsthat are supported.Session Key (KS): A key which is used only for a single session; a session may be a single connection orcall, or it may be a number of calls made by a particular user through a particular system (e.g. the callsmade by a roaming portable with a particular visited network).Subscriber Interface Module (SIM): A smart card used for authentication in GSM.stream cipher: An algorithm in which the output is combined bit by bit with plaintext to produce theciphertext.symmetric algorithm: A cryptographic algorithm in which the same key is used for both encipherment anddecipherment.synchronisation: Methods used to ensure that time correspondence exists between processes to ensurethat data is not repeated or lost.threat: An indication of coming evil.SIST ETS 300 175-7 E2:2005

Page 16ETS 300 175-7: September 1996User Authentication Key (UAK): A cryptographic key held by a user to prove identity. May also becombined with a PIN ("Something you have and something you know").XRES1: An expected response calculated by an Fixed radio Termination (FT), as defined insubclause 4.4.2.XRES2: An expected response calculated by a Portable radio Termination (PT), as defined insubclause 4.4.2.X.25: A packet switched network based on CCITT Recommendation X25.3.2AbbreviationsFor the purposes of this ETS, the following abbreviations apply.AAlgorithmACAuthentication CodeBCTBusiness Cordless TelephoneCKCipher KeyC-planeControl planeCRFPCordless Radio Fixed PartDAMDECT Authentication ModuleDCKDerived Cipher KeyDECTDigital Enhanced Cordless TelecommunicationsDLCData Link ControlDSAADECT Standard Authentication AlgorithmDSCDECT Standard CipherECNExchanged Connection NumberFPDECT Fixed PartFTFixed radio TerminationHDBHome Data BaseIPUIInternational Portable User IdentityIVInitial VectorKauthentication KeyKSPT authentication Session KeyKS'FT authentication Session KeyKSGKey Stream GeneratorKSSKey Stream SegmentLAPCa DLC protocolMACMedium Access Control layerMSCMobile Switching CentrePASPublic Access ServicePBX (PABX)Private (Automatic) Branch eXchangePPDECT Portable PartPSTNPublic Switched Telephone NetworkPTPortable radio TerminationRAND_Fa RANDom challenge issued by an FTRAND_Pa RANDom challenge issued by a PTRES1a RESponse calculated by a PTRES2a RESponse calculated by an FTRFPRadio Fixed PartRUResidential UnitSCKStatic Cipher KeyTPUITemporary Portable User IdentityUAKUser Authentication KeyUPIUser Personal IdentificationU-planeUser planeVDBVisitors Data BaseSIST ETS 300 175-7 E2:2005

Page 17ETS 300 175-7: September 19964Security architecture4.1BackgroundSubclause 4.2 contains a description of each of the security services provided in the DECT system. Fiveservices are provided: authentication of a PT, authentication of a FT, mutual authentication, dataconfidentiality and user authentication. For a discussion of the way in which these security services may beapplied in different DECT environments, the reader should refer to annex F.A description of the mechanisms which are used to provide the security services is given in subclause 4.3.Throughout subclause 4.3 a number of security parameters and processes are referred to. A descriptionof these parameters is given in subclause 4.4, and the processes are defined in subclause 4.5.Subclause 4.6 describes how the various security services may be combined.4.2Security services4.2.1Authentication of a PTThis is an FT initiated service which enables an FT to authenticate a PT making or receiving a call throughit.The service is invoked at the beginning of a call. It may be re-invoked at any time during a call.Authentication of a PT is a NWK layer service.4.2.2Authentication of an FTThis is a PT initiated service which enables a PT to authenticate an FT through which it is making orreceiving a call.The service is invoked at the beginning of a call, and may be re-invoked at any time during a call.Authentication of an FT is a NWK layer service.4.2.3Mutual authenticationThis service enables a PT and an FT, through which a call is connected, to authenticate each other.This service may be provided by combining a number of other security services as described in subclause4.6.4.2.4Data confidentialityThis service provides for the confidentiality of user data and certain control data transmitted between a PTand an FT.Data confidentiality is requested at the NWK layer, although the service is provided at the MAC layer.The service is provided only over the CI. It does not provide any cryptographic protection for data passedthrough the fixed networks.4.2.5User authenticationThe user authentication service allows an FT to authenticate a us
...