ETSI EN 300 175-7 V2.6.1 (2015-07)
Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features
Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features
REN/DECT-000304-7
Digitalne izboljšane brezvrvične telekomunikacije (DECT) - Skupni vmesnik (CI) - 7. del: Varnostne lastnosti
Ta dokument je eden od delov specifikacije skupnega vmesnika (CI) za digitalne izboljšane brezvrvične telekomunikacije (DECT).
V tem dokumentu so določeni varnostna arhitektura, vrste zahtevanih kriptografskih algoritmov in način njihove uporabe ter zahteve za integriranje varnostnih lastnosti arhitekture v skupni vmesnik za digitalne izboljšane brezvrvične telekomunikacije. Opisuje tudi načine upravljanja funkcij ter njihovo povezavo z določenimi fiksnimi sistemi digitalnih izboljšanih brezvrvičnih telekomunikacij in lokalnimi konfiguracijami omrežij.
Varnostna arhitektura je določena v okviru varnostnih storitev, ki jih podpira skupni vmesnik, pri čemer mehanizmi tega vmesnika zagotavljajo storitve ter kriptografske parametre, ključe in procese, povezane s temi mehanizmi.
Varnostni procesi, določni v tem dokumentu, so osnovani na treh kriptografskih algoritmih:
• algoritem preverjanja pristnosti;
• generator toka ključev za šifriranje plasti kode MAC; in
• generator toka ključev in generator kode pristnosti sporočil za preverjeno šifriranje CCM.
Vendar je arhitektura neodvisna od algoritma, zato je načeloma mogoče uporabiti algoritme standarda digitalnih izboljšanih brezvrvičnih telekomunikacij, ustrezne lastniške algoritme ali kombinacijo obeh. Uporaba algoritma je določena v tem dokumentu.
Integriranje varnostnih lastnosti je določeno v okviru protokolnih elementov in postopkov, ki so potrebni v omrežnih (NWK) plasteh in plasteh krmiljenja dostopa do prenosnega medija (MAC) skupnega vmesnika.
Razmerje med varnostnimi lastnostmi in različnimi omrežnimi elementi je opisano glede na lokacije, na katerih bodo zagotovljeni varnostni postopki in funkcije upravljanja.
Ta dokument ne obravnava vprašanj uvedbe. Ta dokument na primer ne vsebuje nobene navedbe, ki bi določala uvedbo DSAA ali DSAA2 v PP med proizvodnjo oz. uvedbo DSAA, DSAA2 ali lastniškega algoritma za preverjanje pristnosti v snemljivi modul. Prav tako ta dokument ne določa uvedbe DSC ali DSC2 v strojno opremo vseh PP-jev med proizvodnjo oz. proizvodnje posebnih PP-jev z vgrajenimi DSC, DSC2 ali lastniškimi šiframi. Varnostna arhitektura
podpira vse te možnosti, čeprav lahko uporaba lastniških algoritmov omejuje gostovanje in hkratno uporabo PP-jev v različnih okoljih.
V okviru standardnih algoritmov za preverjanje pristnosti so DSAA2, DSC2 in CCM močnejši od DSAA in DSC ter zagotavljajo nadstandardno zaščito. DSAA2 in DCS2 temeljita na AES [10] ter sta bila izdelana leta 2011. Tudi CCM temelji na AES [10] in je bil v standard dodan leta 2012.
Ta dokument vključuje novo generacijo digitalnih izboljšanih brezvrvičnih telekomunikacij, nadaljnji razvoj standarda za digitalne izboljšane brezvrvične telekomunikacije, ki uvaja širokopasovni govor, izpopolnjene podatkovne storitve, nove tipe rež in druge tehnične izpopolnitve. Ta dokument vključuje tudi ultra nizko porabo energije (ULE) digitalnih izboljšanih brezvrvičnih telekomunikacij, podatkovno tehnologijo nizke stopnje, ki temelji na digitalnih izboljšanih brezvrvičnih telekomunikacijah in je namenjena uporabi M2M z ultra nizko porabo energije.
General Information
Buy Standard
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features33.070.30'(&7Digital Enhanced Cordless Telecommunications (DECT)ICS:Ta slovenski standard je istoveten z:EN 300 175-7 V2.6.1SIST EN 300 175-7 V2.6.1:2015en,fr,de01-november-2015SIST EN 300 175-7 V2.6.1:2015SLOVENSKI
STANDARD
SIST EN 300 175-7 V2.6.1:2015
ETSI EN 300 175-7 V2.6.1 (2015-07) Digital Enhanced Cordless Telecommunications (DECT); Common Interface (CI); Part 7: Security features
EUROPEAN STANDARD SIST EN 300 175-7 V2.6.1:2015
ETSI ETSI EN 300 175-7 V2.6.1 (2015-07) 2
Reference REN/DECT-000304-7 Keywords authentication, DECT, IMT-2000, mobility, radio, security, TDD, TDMA ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88
Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2015. All rights reserved.
DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association. SIST EN 300 175-7 V2.6.1:2015
ETSI ETSI EN 300 175-7 V2.6.1 (2015-07) 3 Contents Intellectual Property Rights . 10 Foreword . 10 Modal verbs terminology . 10 Introduction . 11 1 Scope . 15 2 References . 15 2.1 Normative references . 15 2.2 Informative references . 16 3 Definitions and abbreviations . 17 3.1 Definitions . 17 3.2 Abbreviations . 17 4 Security architecture . 19 4.1 Background . 19 4.2 Security services . 20 4.2.1 Authentication of a PT . 20 4.2.2 Authentication of an FT . 20 4.2.3 Mutual authentication . 20 4.2.4 Data confidentiality. 20 4.2.5 User authentication . 20 4.3 Security mechanisms . 20 4.3.0 General . 20 4.3.1 Authentication of a PT (type 1 procedure) . 21 4.3.2 Authentication of an FT (type 1 procedure) . 22 4.3.3 Mutual authentication . 23 4.3.4 Data confidentiality. 24 4.3.4.0 General . 24 4.3.4.1 Derived Cipher Key (DCK) . 24 4.3.4.2 Static Cipher Key (SCK) . 24 4.3.4.3 Default Cipher Key (DefCK) . 24 4.3.5 User authentication . 25 4.3.6 Authentication of a PT (type 2 procedure) . 25 4.3.7 Authentication of a FT (type 2 procedure) . 28 4.4 Cryptographic parameters and keys . 30 4.4.1 Overview . 30 4.4.2 Cryptographic parameters . 30 4.4.2.0 Description of parameters . 30 4.4.2.1 Provisions related to the generation of random numbers . 33 4.4.3 Cryptographic keys . 33 4.4.3.0 General . 33 4.4.3.1 Authentication key K . 33 4.4.3.2 Authentication session keys KS and KS' . 34 4.4.3.3 Cipher key CK . 34 4.5 Security processes . 35 4.5.1 Overview . 35 4.5.2 Derivation of authentication key, K . 35 4.5.2.0 General . 35 4.5.2.1 K is derived from UAK . 35 4.5.2.2 K is derived from AC . 36 4.5.2.3 K is derived from UAK and UPI . 36 4.5.3 Authentication processes . 36 4.5.3.0 General . 36 4.5.3.1 Processes for the derivation of KS and KS' . 36 4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37 4.5.4 Key stream generation . 37 SIST EN 300 175-7 V2.6.1:2015
ETSI ETSI EN 300 175-7 V2.6.1 (2015-07) 4 4.5.5 CCM Authenticated Encryption . 38 4.6 Combinations of security services . 38 4.6.0 Service combinations and related considerations . 38 4.6.1 Combinations of security algorithms . 39 4.6.1.0 General . 39 4.6.1.1 Limitations related to capering algorithms . 39 5 Algorithms for security processes . 39 5.1 Background . 39 5.1.0 General . 39 5.1.1 A algorithm . 40 5.1.1.0 A algorithm, general. 40 5.1.1.1 A algorithm, DSAA based (A-DSAA) . 40 5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 40 5.1.1.3 A algorithm, proprietary . 41 5.2 Derivation of session authentication key(s) . 41 5.2.1 A11 process . 41 5.2.2 A21 process . 42 5.3 Authentication and cipher key generation processes . 42 5.3.1 A12 process . 42 5.3.2 A22 process . 43 5.4 CCM algorithm . 44 6 Integration of security . 44 6.1 Background . 44 6.2 Association of keys and identities . 44 6.2.1 Authentication key . 44 6.2.1.0 General . 44 6.2.1.1 K is derived from UAK . 44 6.2.1.2 K derived from AC. 45 6.2.1.3 K derived from UAK and UPI . 45 6.2.2 Cipher keys . 45 6.2.3 Cipher keys for CCM . 46 6.2.3.0 General . 46 6.2.3.1 Single use of the keys for CCM . 46 6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 47 6.3 NWK layer procedures . 47 6.3.1 Background . 47 6.3.2 Authentication exchanges . 48 6.3.3 Authentication procedures . 49 6.3.3.1 Authentication of a PT type 1 procedure . 49 6.3.3.2 Authentication of an FT type 1 procedure . 49 6.3.3.3 Authentication of a PT type 2 procedure . 50 6.3.3.4 Authentication of an FT type 2 procedure . 50 6.3.4 Transfer of Cipher Key, CK. 51 6.3.5 Re-Keying . 51 6.3.6 Encryption with Default Cipher Key . 51 6.3.7 Transfer of Cipher Key CK for CCM . 51 6.3.7.0 General . 51 6.3.7.1 Transfer by Virtual Call setup CC procedure . 51 6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 52 6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 52 6.3.8.1 General . 52 6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 52 6.3.8.2.0 General . 52 6.3.8.2.1 Transport of the security parameters . 53 6.3.8.2.2 <> coding . 53 6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 53 6.3.8.3.0 General . 53 6.3.8.3.1 Transport of the security parameters . 54 6.3.8.3.2 <> coding . 54 6.3.8.4 Error cases . 54 SIST EN 300 175-7 V2.6.1:2015
ETSI ETSI EN 300 175-7 V2.6.1 (2015-07) 5 6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 54 6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 54 6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 54 6.4 MAC layer procedures . 55 6.4.1 Background . 55 6.4.2 MAC layer field structure . 55 6.4.3 Data to be encrypted . 56 6.4.4 Encryption process . 57 6.4.5 Initialization and synchronization of the encryption process . 60 6.4.5.0 General . 60 6.4.5.1 Construction of CK . 60 6.4.5.2 The Initialization Vector (IV) . 60 6.4.5.3 Generation of two Key Stream segments . 60 6.4.6 Encryption mode control . 61 6.4.6.1 Background . 61 6.4.6.2 MAC layer messages. 61 6.4.6.3 Procedures for switching to encrypt mode . 61 6.4.6.4 Procedures for switching to clear mode . 66 6.4.6.5 Procedures for re-keying . 67 6.4.7 Handover of the encryption process . 68 6.4.7.0 General . 68 6.4.7.1 Bearer handover, uninterrupted ciphering . 69 6.4.7.2 Connection handover, uninterrupted ciphering . 69 6.4.7.3 External handover - handover with ciphering . 69 6.4.8 Modifications for half and long slot specifications (2-level modulation) . 70 6.4.8.1 Background . 70 6.4.8.2 MAC layer field structure . 70 6.4.8.3 Data to be encrypted. 70 6.4.8.4 Encryption process . 71 6.4.8.5 Initialization and synchronization of the encryption process . 71 6.4.8.6 Encryption mode control . 71 6.4.8.7 Handover of the encryption process . 71 6.4.9 Modifications for double slot specifications (2-level modulation) . 71 6.4.9.1 Background . 71 6.4.9.2 MAC layer field structure . 72 6.4.9.3 Data to be encrypted. 72 6.4.9.4 Encryption process . 73 6.4.9.5 Initialization and synchronization of the encryption process . 74 6.4.9.6 Encryption mode control . 74 6.4.9.7 Handover of the encryption process . 74 6.4.10 Modifications for multi-bearer specifications . 74 6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 74 6.4.11.1 Background . 74 6.4.11.2 MAC layer field structure . 75 6.4.11.3 Data to be encrypted. 75 6.4.11.4 Encryption process . 75 6.4.11.4.0 General . 75 6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 75 6.4.11.4.2 Encryption process for the single subfield protected format . 77 6.4.11.4.3 Encryption process for the multi-subfield protected format . 78 6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 80 6.4.11.4.5 Encryption process for the encoded protected format (MAC service IPX) . 80 6.4.11.5 Initialization and synchronization of the encryption process . 82 6.4.11.6 Encryption mode control . 82 6.4.11.7 Handover of the encryption process . 82 6.4.12 Procedures for CCM re-keying and sequence reset . 82 6.5 Security attributes . 82 6.5.1 Background . 82 6.5.2 Authentication protocols . 83 6.5.2.0 General . 83 6.5.2.1 Authentication of a PT type 1 procedure .
...
ETSI EN 300 175-7 V2.6.1 (2015-07)
EUROPEAN STANDARD
Digital Enhanced Cordless Telecommunications (DECT);
Common Interface (CI);
Part 7: Security features
---------------------- Page: 1 ----------------------
2 ETSI EN 300 175-7 V2.6.1 (2015-07)
Reference
REN/DECT-000304-7
Keywords
authentication, DECT, IMT-2000, mobility, radio,
security, TDD, TDMA
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2015.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3 ETSI EN 300 175-7 V2.6.1 (2015-07)
Contents
Intellectual Property Rights . 10
Foreword . 10
Modal verbs terminology . 10
Introduction . 11
1 Scope . 15
2 References . 15
2.1 Normative references . 15
2.2 Informative references . 16
3 Definitions and abbreviations . 17
3.1 Definitions . 17
3.2 Abbreviations . 17
4 Security architecture . 19
4.1 Background . 19
4.2 Security services . 20
4.2.1 Authentication of a PT . 20
4.2.2 Authentication of an FT . 20
4.2.3 Mutual authentication . 20
4.2.4 Data confidentiality. 20
4.2.5 User authentication . 20
4.3 Security mechanisms . 20
4.3.0 General . 20
4.3.1 Authentication of a PT (type 1 procedure) . 21
4.3.2 Authentication of an FT (type 1 procedure) . 22
4.3.3 Mutual authentication . 23
4.3.4 Data confidentiality. 24
4.3.4.0 General . 24
4.3.4.1 Derived Cipher Key (DCK) . 24
4.3.4.2 Static Cipher Key (SCK) . 24
4.3.4.3 Default Cipher Key (DefCK) . 24
4.3.5 User authentication . 25
4.3.6 Authentication of a PT (type 2 procedure) . 25
4.3.7 Authentication of a FT (type 2 procedure) . 28
4.4 Cryptographic parameters and keys . 30
4.4.1 Overview . 30
4.4.2 Cryptographic parameters . 30
4.4.2.0 Description of parameters . 30
4.4.2.1 Provisions related to the generation of random numbers . 33
4.4.3 Cryptographic keys . 33
4.4.3.0 General . 33
4.4.3.1 Authentication key K . 33
4.4.3.2 Authentication session keys KS and KS' . 34
4.4.3.3 Cipher key CK . 34
4.5 Security processes . 35
4.5.1 Overview . 35
4.5.2 Derivation of authentication key, K . 35
4.5.2.0 General . 35
4.5.2.1 K is derived from UAK . 35
4.5.2.2 K is derived from AC . 36
4.5.2.3 K is derived from UAK and UPI . 36
4.5.3 Authentication processes . 36
4.5.3.0 General . 36
4.5.3.1 Processes for the derivation of KS and KS' . 36
4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37
4.5.4 Key stream generation . 37
ETSI
---------------------- Page: 3 ----------------------
4 ETSI EN 300 175-7 V2.6.1 (2015-07)
4.5.5 CCM Authenticated Encryption . 38
4.6 Combinations of security services . 38
4.6.0 Service combinations and related considerations . 38
4.6.1 Combinations of security algorithms . 39
4.6.1.0 General . 39
4.6.1.1 Limitations related to capering algorithms . 39
5 Algorithms for security processes . 39
5.1 Background . 39
5.1.0 General . 39
5.1.1 A algorithm . 40
5.1.1.0 A algorithm, general. 40
5.1.1.1 A algorithm, DSAA based (A-DSAA) . 40
5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 40
5.1.1.3 A algorithm, proprietary . 41
5.2 Derivation of session authentication key(s) . 41
5.2.1 A11 process . 41
5.2.2 A21 process . 42
5.3 Authentication and cipher key generation processes . 42
5.3.1 A12 process . 42
5.3.2 A22 process . 43
5.4 CCM algorithm . 44
6 Integration of security . 44
6.1 Background . 44
6.2 Association of keys and identities . 44
6.2.1 Authentication key . 44
6.2.1.0 General . 44
6.2.1.1 K is derived from UAK . 44
6.2.1.2 K derived from AC. 45
6.2.1.3 K derived from UAK and UPI . 45
6.2.2 Cipher keys . 45
6.2.3 Cipher keys for CCM . 46
6.2.3.0 General . 46
6.2.3.1 Single use of the keys for CCM . 46
6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 47
6.3 NWK layer procedures . 47
6.3.1 Background . 47
6.3.2 Authentication exchanges . 48
6.3.3 Authentication procedures . 49
6.3.3.1 Authentication of a PT type 1 procedure . 49
6.3.3.2 Authentication of an FT type 1 procedure . 49
6.3.3.3 Authentication of a PT type 2 procedure . 50
6.3.3.4 Authentication of an FT type 2 procedure . 50
6.3.4 Transfer of Cipher Key, CK. 51
6.3.5 Re-Keying . 51
6.3.6 Encryption with Default Cipher Key . 51
6.3.7 Transfer of Cipher Key CK for CCM . 51
6.3.7.0 General . 51
6.3.7.1 Transfer by Virtual Call setup CC procedure . 51
6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 52
6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 52
6.3.8.1 General . 52
6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 52
6.3.8.2.0 General . 52
6.3.8.2.1 Transport of the security parameters . 53
6.3.8.2.2 <> coding . 53
6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 53
6.3.8.3.0 General . 53
6.3.8.3.1 Transport of the security parameters . 54
6.3.8.3.2 <> coding . 54
6.3.8.4 Error cases . 54
ETSI
---------------------- Page: 4 ----------------------
5 ETSI EN 300 175-7 V2.6.1 (2015-07)
6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 54
6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 54
6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 54
6.4 MAC layer procedures . 55
6.4.1 Background . 55
6.4.2 MAC layer field structure . 55
6.4.3 Data to be encrypted . 56
6.4.4 Encryption process . 57
6.4.5 Initialization and synchronization of the encryption process . 60
6.4.5.0 General . 60
6.4.5.1 Construction of CK . 60
6.4.5.2 The Initialization Vector (IV) . 60
6.4.5.3 Generation of two Key Stream segments . 60
6.4.6 Encryption mode control . 61
6.4.6.1 Background . 61
6.4.6.2 MAC layer messages. 61
6.4.6.3 Procedures for switching to encrypt mode . 61
6.4.6.4 Procedures for switching to clear mode . 66
6.4.6.5 Procedures for re-keying . 67
6.4.7 Handover of the encryption process . 68
6.4.7.0 General . 68
6.4.7.1 Bearer handover, uninterrupted ciphering . 69
6.4.7.2 Connection handover, uninterrupted ciphering . 69
6.4.7.3 External handover - handover with ciphering . 69
6.4.8 Modifications for half and long slot specifications (2-level modulation) . 70
6.4.8.1 Background . 70
6.4.8.2 MAC layer field structure . 70
6.4.8.3 Data to be encrypted. 70
6.4.8.4 Encryption process . 71
6.4.8.5 Initialization and synchronization of the encryption process . 71
6.4.8.6 Encryption mode control . 71
6.4.8.7 Handover of the encryption process . 71
6.4.9 Modifications for double slot specifications (2-level modulation) . 71
6.4.9.1 Background . 71
6.4.9.2 MAC layer field structure . 72
6.4.9.3 Data to be encrypted. 72
6.4.9.4 Encryption process . 73
6.4.9.5 Initialization and synchronization of the encryption process . 74
6.4.9.6 Encryption mode control . 74
6.4.9.7 Handover of the encryption process . 74
6.4.10 Modifications for multi-bearer specifications . 74
6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 74
6.4.11.1 Background . 74
6.4.11.2 MAC layer field structure . 75
6.4.11.3 Data to be encrypted. 75
6.4.11.4 Encryption process . 75
6.4.11.4.0 General . 75
6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 75
6.4.11.4.2 Encryption process for the single subfield protected format . 77
6.4.11.4.3 Encryption process for the multi-subfield protected format . 78
6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 80
6.4.11.4.5 Encryption process for the encoded protected format (MAC service I ) . 80
PX
6.4.11.5 Initialization and synchronization of the encryption process . 82
6.4.11.6 Encryption mode control . 82
6.4.11.7 Handover of the encryption process . 82
6.4.12 Procedures for CCM re-keying and sequence reset . 82
6.5 Security attributes . 82
6.5.1 Background . 82
6.5.2 Authentication protocols . 83
6.5.2.0 General . 83
6.5.2.1 Authentication of a PT type 1 procedure . 83
6.5.2.2 Authentication
...
Draft ETSI EN 300 175-7 V2.5.7 (2015-03)
EUROPEAN STANDARD
Digital Enhanced Cordless Telecommunications (DECT);
Common Interface (CI);
Part 7: Security features
---------------------- Page: 1 ----------------------
2 Draft ETSI EN 300 175-7 V2.5.7 (2015-03)
Reference
REN/DECT-000304-7
Keywords
authentication, DECT, IMT-2000, mobility, radio,
security, TDD, TDMA
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2015.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3 Draft ETSI EN 300 175-7 V2.5.7 (2015-03)
Contents
Intellectual Property Rights . 10
Foreword . 10
Modal verbs terminology . 10
Introduction . 11
1 Scope . 15
2 References . 15
2.1 Normative references . 15
2.2 Informative references . 16
3 Definitions and abbreviations . 17
3.1 Definitions . 17
3.2 Abbreviations . 17
4 Security architecture . 19
4.1 Background . 19
4.2 Security services . 20
4.2.1 Authentication of a PT . 20
4.2.2 Authentication of an FT . 20
4.2.3 Mutual authentication . 20
4.2.4 Data confidentiality. 20
4.2.5 User authentication . 20
4.3 Security mechanisms . 20
4.3.0 General . 20
4.3.1 Authentication of a PT (type 1 procedure) . 21
4.3.2 Authentication of an FT (type 1 procedure) . 22
4.3.3 Mutual authentication . 23
4.3.4 Data confidentiality. 24
4.3.4.0 General . 24
4.3.4.1 Derived Cipher Key (DCK) . 24
4.3.4.2 Static Cipher Key (SCK) . 24
4.3.4.3 Default Cipher Key (DefCK) . 24
4.3.5 User authentication . 25
4.3.6 Authentication of a PT (type 2 procedure) . 25
4.3.7 Authentication of a FT (type 2 procedure) . 28
4.4 Cryptographic parameters and keys . 30
4.4.1 Overview . 30
4.4.2 Cryptographic parameters . 30
4.4.2.0 Description of parameters . 30
4.4.2.1 Provisions related to the generation of random numbers . 33
4.4.3 Cryptographic keys . 33
4.4.3.0 General . 33
4.4.3.1 Authentication key K . 33
4.4.3.2 Authentication session keys KS and KS' . 34
4.4.3.3 Cipher key CK . 34
4.5 Security processes . 35
4.5.1 Overview . 35
4.5.2 Derivation of authentication key, K . 35
4.5.2.0 General . 35
4.5.2.1 K is derived from UAK . 35
4.5.2.2 K is derived from AC . 36
4.5.2.3 K is derived from UAK and UPI . 36
4.5.3 Authentication processes . 36
4.5.3.0 General . 36
4.5.3.1 Processes for the derivation of KS and KS' . 36
4.5.3.2 Processes for the derivation of DCK, RES1 and RES2 . 37
4.5.4 Key stream generation . 37
ETSI
---------------------- Page: 3 ----------------------
4 Draft ETSI EN 300 175-7 V2.5.7 (2015-03)
4.5.5 CCM Authenticated Encryption . 38
4.6 Combinations of security services . 38
4.6.0 Service combinations and related considerations . 38
4.6.1 Combinations of security algorithms . 39
4.6.1.0 General . 39
4.6.1.1 Limitations related to capering algorithms . 39
5 Algorithms for security processes . 39
5.1 Background . 39
5.1.0 General . 39
5.1.1 A algorithm . 40
5.1.1.0 A algorithm, general. 40
5.1.1.1 A algorithm, DSAA based (A-DSAA) . 40
5.1.1.2 A algorithm, DSAA2 based (A-DSAA2) . 40
5.1.1.3 A algorithm, proprietary . 41
5.2 Derivation of session authentication key(s) . 41
5.2.1 A11 process . 41
5.2.2 A21 process . 42
5.3 Authentication and cipher key generation processes . 42
5.3.1 A12 process . 42
5.3.2 A22 process . 43
5.4 CCM algorithm . 44
6 Integration of security . 44
6.1 Background . 44
6.2 Association of keys and identities . 44
6.2.1 Authentication key . 44
6.2.1.0 General . 44
6.2.1.1 K is derived from UAK . 44
6.2.1.2 K derived from AC. 45
6.2.1.3 K derived from UAK and UPI . 45
6.2.2 Cipher keys . 45
6.2.3 Cipher keys for CCM . 46
6.2.3.0 General . 46
6.2.3.1 Single use of the keys for CCM . 46
6.2.3.2 Cipher keys for CCM encryption of C/L multicast channels . 47
6.3 NWK layer procedures . 47
6.3.1 Background . 47
6.3.2 Authentication exchanges . 48
6.3.3 Authentication procedures . 49
6.3.3.1 Authentication of a PT type 1 procedure . 49
6.3.3.2 Authentication of an FT type 1 procedure . 49
6.3.3.3 Authentication of a PT type 2 procedure . 50
6.3.3.4 Authentication of an FT type 2 procedure . 50
6.3.4 Transfer of Cipher Key, CK. 51
6.3.5 Re-Keying . 51
6.3.6 Encryption with Default Cipher Key . 51
6.3.7 Transfer of Cipher Key CK for CCM . 51
6.3.7.0 General . 51
6.3.7.1 Transfer by Virtual Call setup CC procedure . 51
6.3.7.2 Transfer using MM procedures for CCM re-keying and sequence reset . 52
6.3.8 Transfer of Cipher Keys for CCM encryption of multicast channels . 52
6.3.8.1 General . 52
6.3.8.2 Multicast encryption parameter assignation procedure, FT initiated . 52
6.3.8.2.0 General . 52
6.3.8.2.1 Transport of the security parameters . 53
6.3.8.2.2 <> coding . 53
6.3.8.3 Multicast encryption parameter retrieval procedure, PT initiated . 53
6.3.8.3.0 General . 53
6.3.8.3.1 Transport of the security parameters . 54
6.3.8.3.2 <> coding . 54
6.3.8.4 Error cases . 54
ETSI
---------------------- Page: 4 ----------------------
5 Draft ETSI EN 300 175-7 V2.5.7 (2015-03)
6.3.8.4.1 FT initiated parameter assignation procedure - PT reject . 54
6.3.8.4.2 PT initiated parameter retrieval procedure - FT reject . 54
6.3.8.4.3 Coding of the {MM-INFO-REJECT} in the error cases . 54
6.4 MAC layer procedures . 55
6.4.1 Background . 55
6.4.2 MAC layer field structure . 55
6.4.3 Data to be encrypted . 56
6.4.4 Encryption process . 57
6.4.5 Initialization and synchronization of the encryption process . 60
6.4.5.0 General . 60
6.4.5.1 Construction of CK . 60
6.4.5.2 The Initialization Vector (IV) . 60
6.4.5.3 Generation of two Key Stream segments . 60
6.4.6 Encryption mode control . 61
6.4.6.1 Background . 61
6.4.6.2 MAC layer messages. 61
6.4.6.3 Procedures for switching to encrypt mode . 61
6.4.6.4 Procedures for switching to clear mode . 66
6.4.6.5 Procedures for re-keying . 67
6.4.7 Handover of the encryption process . 68
6.4.7.0 General . 68
6.4.7.1 Bearer handover, uninterrupted ciphering . 69
6.4.7.2 Connection handover, uninterrupted ciphering . 69
6.4.7.3 External handover - handover with ciphering . 69
6.4.8 Modifications for half and long slot specifications (2-level modulation) . 70
6.4.8.1 Background . 70
6.4.8.2 MAC layer field structure . 70
6.4.8.3 Data to be encrypted. 70
6.4.8.4 Encryption process . 71
6.4.8.5 Initialization and synchronization of the encryption process . 71
6.4.8.6 Encryption mode control . 71
6.4.8.7 Handover of the encryption process . 71
6.4.9 Modifications for double slot specifications (2-level modulation) . 71
6.4.9.1 Background . 71
6.4.9.2 MAC layer field structure . 72
6.4.9.3 Data to be encrypted. 72
6.4.9.4 Encryption process . 73
6.4.9.5 Initialization and synchronization of the encryption process . 74
6.4.9.6 Encryption mode control . 74
6.4.9.7 Handover of the encryption process . 74
6.4.10 Modifications for multi-bearer specifications . 74
6.4.11 Modifications for 4-level, 8-level, 16-level and 64-level modulation formats . 74
6.4.11.1 Background . 74
6.4.11.2 MAC layer field structure . 75
6.4.11.3 Data to be encrypted. 75
6.4.11.4 Encryption process . 75
6.4.11.4.0 General . 75
6.4.11.4.1 Encryption process for the A-field and for the unprotected format . 75
6.4.11.4.2 Encryption process for the single subfield protected format . 77
6.4.11.4.3 Encryption process for the multi-subfield protected format . 78
6.4.11.4.4 Encryption process for the constant-size-subfield protected format . 80
6.4.11.4.5 Encryption process for the encoded protected format (MAC service I ) . 80
PX
6.4.11.5 Initialization and synchronization of the encryption process . 82
6.4.11.6 Encryption mode control . 82
6.4.11.7 Handover of the encryption process . 82
6.4.12 Procedures for CCM re-keying and sequence reset . 82
6.5 Security attributes . 82
6.5.1 Background . 82
6.5.2 Authentication protocols . 83
6.5.2.0 General . 83
6.5.2.1 Authentication of a PT type 1 procedure . 8
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.