Terrestrial Trunked Radio (TETRA) - Voice plus Data (V+D) - Part 7: Security

To update 392-7 to incorporate CR112v4, CR113v6 and extensions for ISI key management.
The present document defines the Terrestrial Trunked Radio system (TETRA) supporting Voice plus Data (V+D). It specifies the air interface, the inter-working between TETRA systems and to other systems via gateways, the terminal equipment interface on the mobile station, the connection of line stations to the infrastructure, the security aspects in TETRA networks, the management services offered to the operator, the performance objectives, and the supplementary services that come in addition to the basic and teleservices. The present part describes the security mechanisms in TETRA V+D. It provides mechanisms for confidentiality of control signalling and user speech and data at the air interface, authentication and key management mechanisms for the air interface. Clause 4 describes the authentication and key management mechanisms for the TETRA air interface. The following two authentication services have been specified for the air-interface in ETR 086-3 [i.3], based on a threat analysis:
authentication of an MS by the TETRA infrastructure;
authentication of the TETRA infrastructure by an MS.
Clause 5 describes the mechanisms and protocol for enable and disable of both the mobile station equipment and the mobile station user's subscription. Air interface encryption may be provided as an option in TETRA. Where employed, clause 6 describes the confidentiality mechanisms using encryption on the air interface, for circuit mode speech, circuit mode data, packet data and control information. Clause 6 describes both encryption mechanisms and mobility procedures. It also details the protocol concerning control of encryption at the air interface. The present document does not address the detail handling of protocol errors or any protocol mechanisms when TETRA is operating in a degraded mode. These issues are implementation specific and therefore fall outside the scope of the TETRA standardization effort. The detail description of the Authentication Centre is outside the scope of the present document.

Prizemni snopovni radio (TETRA) - Govor in podatki (V+D) - 7. del: Varnost

General Information

Status
Published
Public Enquiry End Date
30-Sep-2007
Publication Date
24-Aug-2008
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
08-Aug-2008
Due Date
13-Oct-2008
Completion Date
25-Aug-2008

Buy Standard

Standard
ETSI EN 300 392-7 V3.1.1 (2008-06) - Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security
English language
187 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ETSI EN 300 392-7 V3.0.3 (2008-04) - Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security
English language
186 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
EN 300 392-7 V3.1.1:2008
English language
187 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

ETSI EN 300 392-7 V3.1.1 (2008-06)
European Standard (Telecommunications series)


Terrestrial Trunked Radio (TETRA);
Voice plus Data (V+D);
Part 7: Security

---------------------- Page: 1 ----------------------
2 ETSI EN 300 392-7 V3.1.1 (2008-06)



Reference
REN/TETRA-06173
Keywords
security, TETRA, V+D
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI EN 300 392-7 V3.1.1 (2008-06)
Contents
Intellectual Property Rights.10
Foreword.10
1 Scope.12
2 References.12
2.1 Normative references.13
2.2 Informative references.13
3 Definitions and abbreviations.13
3.1 Definitions.13
3.2 Abbreviations.16
4 Air Interface authentication and key management mechanisms .17
4.0 Security classes.18
4.1 Air interface authentication mechanisms .18
4.1.1 Overview.18
4.1.2 Authentication of an MS.19
4.1.3 Authentication of the infrastructure .19
4.1.4 Mutual authentication of MS and infrastructure .20
4.1.5 The authentication key.22
4.1.6 Equipment authentication.22
4.2 Air Interface key management mechanisms.23
4.2.1 The DCK.23
4.2.2 The GCK.24
4.2.3 The CCK.25
4.2.4 The SCK.26
4.2.4.1 SCK association for DMO use.27
4.2.4.1.1 DMO SCK subset grouping.27
4.2.5 The GSKO.30
4.2.5.1 SCK distribution to groups with OTAR.30
4.2.5.2 GCK distribution to groups with OTAR .30
4.2.5.3 Rules for MS response to group key distribution.31
4.2.6 Encrypted Short Identity (ESI) mechanism .31
4.2.7 Encryption Cipher Key.32
4.2.8 Summary of AI key management mechanisms.32
4.3 Service description and primitives .33
4.3.1 Authentication primitives.33
4.3.2 SCK transfer primitives .34
4.3.3 GCK transfer primitives.35
4.3.4 GSKO transfer primitives .36
4.4 Authentication protocol.37
4.4.1 Authentication state transitions.37
4.4.2 Authentication protocol sequences and operations .39
4.4.2.1 MSCs for authentication.40
4.4.2.2 MSCs for authentication Type-3 element .46
4.4.2.3 Control of authentication timer T354 at MS .49
4.5 OTAR protocols.50
4.5.1 CCK delivery - protocol functions.50
4.5.1.1 SwMI-initiated CCK provision .51
4.5.1.2 MS-initiated CCK provision with U-OTAR CCK demand.52
4.5.1.3 MS-initiated CCK provision with announced cell reselection .53
4.5.2 OTAR protocol functions - SCK .53
4.5.2.1 MS requests provision of SCK(s).54
4.5.2.2 SwMI provides SCK(s) to individual MS .55
4.5.2.3 SwMI provides SCK(s) to group of MSs .57
4.5.2.4 SwMI rejects provision of SCK .59
4.5.3 OTAR protocol functions - GCK.59
4.5.3.1 MS requests provision of GCK .59
ETSI

---------------------- Page: 3 ----------------------
4 ETSI EN 300 392-7 V3.1.1 (2008-06)
4.5.3.2 SwMI provides GCK to an individual MS.61
4.5.3.3 SwMI provides GCK to a group of MSs.63
4.5.3.4 SwMI rejects provision of GCK.65
4.5.4 Cipher key association to group address.65
4.5.4.1 SCK association for DMO .66
4.5.4.2 GCK association.69
4.5.5 Notification of key change over the air.71
4.5.5.1 Change of DCK.73
4.5.5.2 Change of CCK.73
4.5.5.3 Change of GCK.73
4.5.5.4 Change of SCK for TMO.73
4.5.5.5 Change of SCK for DMO .74
4.5.5.6 Synchronization of Cipher Key Change.74
4.5.6 Security class change .74
4.5.6.1 Change of security class to security class 1 .75
4.5.6.2 Change of security class to security class 2 .75
4.5.6.3 Change of security class to security class 3 .75
4.5.6.4 Change of security class to security class 3 with GCK .76
4.5.7 Notification of key in use.76
4.5.8 Notification of GCK Activation/Deactivation .76
4.5.9 Deletion of SCK, GCK and GSKO.76
4.5.10 Air Interface Key Status Enquiry.78
4.5.11 Crypto management group.80
4.5.12 OTAR retry mechanism.81
4.5.13 OTAR protocol functions – GSKO.81
4.5.13.1 MS requests provision of GSKO.81
4.5.13.2 SwMI provides GSKO to an MS.82
4.5.13.3 SwMI rejects provision of GSKO .83
5 Enable and disable mechanism.83
5.1 General relationships.83
5.2 Enable/disable state transitions.84
5.3 Mechanisms.84
5.3.1 Disable of MS equipment .85
5.3.2 Disable of an subscription.85
5.3.3 Disable of subscription and equipment.85
5.3.4 Enable an MS equipment.85
5.3.5 Enable an MS subscription .85
5.3.6 Enable an MS equipment and subscription.85
5.4 Enable/disable protocol.86
5.4.1 General case.86
5.4.2 Status of cipher key material.87
5.4.2.1 Permanently disabled state.87
5.4.2.2 Temporarily disabled state .87
5.4.3 Specific protocol exchanges .88
5.4.3.1 Disabling an MS with mutual authentication .88
5.4.3.2 Enabling an MS with mutual authentication .90
5.4.3.3 Enabling an MS with non-mutual authentication.91
5.4.3.4 Disabling an MS with non-mutual authentication.92
5.4.4 Enabling an MS without authentication.93
5.4.5 Disabling an MS without authentication.94
5.4.6 Rejection of enable or disable command .94
5.4.6a Expiry of Enable/Disable protocol timer .95
5.4.7 MM service primitives.96
5.4.7.1 TNMM-DISABLING primitive.96
5.4.7.2 TNMM-ENABLING primitive.96
6 Air Interface (AI) encryption .96
6.1 General principles.96
6.2 Security class.97
6.2.0 Notification of security class .98
6.2.0.1 Security Class of Neighbouring Cells .98
ETSI

---------------------- Page: 4 ----------------------
5 ETSI EN 300 392-7 V3.1.1 (2008-06)
6.2.0.2 Identification of MS security capabilities .99
6.2.1 Constraints on LA arising from cell class.99
6.3 Key Stream Generator (KSG) .99
6.3.1 KSG numbering and selection .99
6.3.2 Interface parameters.100
6.3.2.1 Initial Value (IV).100
6.3.2.2 Cipher Key.100
6.4 Encryption mechanism.101
6.4.1 Allocation of KSS to logical channels .101
6.4.2 Allocation of KSS to logical channels with PDU association .103
6.4.2.1 General.103
6.4.2.2 KSS allocation on phase modulation channels.103
6.4.2.3 KSS allocation on QAM channels .105
6.4.2.3.1 Fixed mapping.105
6.4.2.3.2 Offset mapping.106
6.4.3 Synchronization of data calls where data is multi-slot interleaved .107
6.4.4 Recovery of stolen frames from interleaved data .108
6.5 Use of cipher keys .108
6.5.1 Identification of encryption state of downlink MAC PDUs .109
6.5.1.1 Class 1 cells.109
6.5.1.2 Class 2 cells.110
6.5.1.3 Class 3 cells.110
6.5.2 Identification of encryption state of uplink MAC PDUs .110
6.6 Mobility procedures.111
6.6.1 General requirements.111
6.6.1.1 Additional requirements for class 3 systems.111
6.6.2 Protocol description.111
6.6.2.1 Negotiation of cipher parameters .111
6.6.2.1.1 Class 1 cells .112
6.6.2.1.2 Class 2 cells .112
6.6.2.1.3 Class 3 cells .112
6.6.2.2 Initial and undeclared cell re-selection.112
6.6.2.3 Unannounced cell re-selection .113
6.6.2.4 Announced cell re-selection type-3.114
6.6.2.5 Announced cell re-selection type-2.114
6.6.2.6 Announced cell re-selection type-1.114
6.6.2.7 Key forwarding.114
6.7 Encryption control.116
6.7.1 Data to be encrypted .116
6.7.1.1 Downlink control channel requirements .116
6.7.1.2 Encryption of MAC header elements.116
6.7.1.3 Traffic channel encryption control.116
6.7.1.4 Handling of PDUs that do not conform to negotiated ciphering mode .117
6.7.2 Service description and primitives.117
6.7.2.1 Mobility Management (MM) .118
6.7.2.2 Mobile Link Entity (MLE).118
6.7.2.3 Layer 2.120
6.7.3 Protocol functions.120
6.7.3.1 MM.120
6.7.3.2 MLE.120
6.7.3.3 LLC.120
6.7.3.4 MAC.121
6.7.4 PDUs for cipher negotiation .121
Annex A (normative): PDU and element definitions .122
A.1 Authentication PDUs.122
A.1.1 D-AUTHENTICATION demand.122
A.1.2 D-AUTHENTICATION reject.122
A.1.3 D-AUTHENTICATION response.123
A.1.4 D-AUTHENTICATION result.123
A.1.5 U-AUTHENTICATION demand.123
ETSI

---------------------- Page: 5 ----------------------
6 ETSI EN 300 392-7 V3.1.1 (2008-06)
A.1.6 U-AUTHENTICATION reject.124
A.1.7 U-AUTHENTICATION response.124
A.1.8 U-AUTHENTICATION result.125
A.2 OTAR PDUs .125
A.2.1 D-OTAR CCK Provide .125
A.2.2 U-OTAR CCK Demand .
...

Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)
European Standard (Telecommunications series)


Terrestrial Trunked Radio (TETRA);
Voice plus Data (V+D);
Part 7: Security

---------------------- Page: 1 ----------------------
2 Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)



Reference
REN/TETRA-06173
Keywords
security, TETRA, V+D
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)
Contents
Intellectual Property Rights.9
Foreword.9
1 Scope.11
2 References.11
2.1 Normative references.12
2.2 Informative references.12
3 Definitions and abbreviations.12
3.1 Definitions.12
3.2 Abbreviations.15
4 Air Interface authentication and key management mechanisms .16
4.0 Security classes.17
4.1 Air interface authentication mechanisms .17
4.1.1 Overview.17
4.1.2 Authentication of an MS.18
4.1.3 Authentication of the infrastructure .18
4.1.4 Mutual authentication of MS and infrastructure .19
4.1.5 The authentication key.21
4.1.6 Equipment authentication.21
4.2 Air Interface key management mechanisms.22
4.2.1 The DCK.22
4.2.2 The GCK.23
4.2.3 The CCK.24
4.2.4 The SCK.25
4.2.4.1 SCK association for DMO use.26
4.2.4.1.1 DMO SCK subset grouping.26
4.2.5 The GSKO.29
4.2.5.1 SCK distribution to groups with OTAR.29
4.2.5.2 GCK distribution to groups with OTAR .29
4.2.5.3 Rules for MS response to group key distribution.30
4.2.6 Encrypted Short Identity (ESI) mechanism .30
4.2.7 Encryption Cipher Key.31
4.2.8 Summary of AI key management mechanisms.31
4.3 Service description and primitives .32
4.3.1 Authentication primitives.32
4.3.2 SCK transfer primitives .33
4.3.3 GCK transfer primitives.34
4.3.4 GSKO transfer primitives .35
4.4 Authentication protocol.35
4.4.1 Authentication state transitions.35
4.4.2 Authentication protocol sequences and operations .38
4.4.2.1 MSCs for authentication.39
4.4.2.2 MSCs for authentication Type-3 element .45
4.4.2.3 Control of authentication timer T354 at MS .48
4.5 OTAR protocols.49
4.5.1 CCK delivery - protocol functions.49
4.5.1.1 SwMI-initiated CCK provision .49
4.5.1.2 MS-initiated CCK provision with U-OTAR CCK demand.51
4.5.1.3 MS-initiated CCK provision with announced cell reselection .52
4.5.2 OTAR protocol functions - SCK .52
4.5.2.1 MS requests provision of SCK(s).53
4.5.2.2 SwMI provides SCK(s) to individual MS .54
4.5.2.3 SwMI provides SCK(s) to group of MSs .56
4.5.2.4 SwMI rejects provision of SCK .58
4.5.3 OTAR protocol functions - GCK.58
4.5.3.1 MS requests provision of GCK .58
ETSI

---------------------- Page: 3 ----------------------
4 Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)
4.5.3.2 SwMI provides GCK to an individual MS.61
4.5.3.3 SwMI provides GCK to a group of MSs.63
4.5.3.4 SwMI rejects provision of GCK.65
4.5.4 Cipher key association to group address.65
4.5.4.1 SCK association for DMO .66
4.5.4.2 GCK association.69
4.5.5 Notification of key change over the air.71
4.5.5.1 Change of DCK.73
4.5.5.2 Change of CCK.73
4.5.5.3 Change of GCK.73
4.5.5.4 Change of SCK for TMO.73
4.5.5.5 Change of SCK for DMO .74
4.5.5.6 Synchronization of Cipher Key Change.74
4.5.6 Security class change .74
4.5.6.1 Change of security class to security class 1 .75
4.5.6.2 Change of security class to security class 2 .75
4.5.6.3 Change of security class to security class 3 .75
4.5.6.4 Change of security class to security class 3 with GCK .76
4.5.7 Notification of key in use.76
4.5.8 Notification of GCK Activation/Deactivation .76
4.5.9 Deletion of SCK, GCK and GSKO.76
4.5.10 Air Interface Key Status Enquiry.78
4.5.11 Crypto management group.80
4.5.12 OTAR retry mechanism.81
4.5.13 OTAR protocol functions – GSKO.81
4.5.13.1 MS requests provision of GSKO.81
4.5.13.2 SwMI provides GSKO to an MS.82
4.5.13.3 SwMI rejects provision of GSKO .83
5 Enable and disable mechanism.83
5.1 General relationships.83
5.2 Enable/disable state transitions.84
5.3 Mechanisms.84
5.3.1 Disable of MS equipment .85
5.3.2 Disable of an subscription.85
5.3.3 Disable of subscription and equipment.85
5.3.4 Enable an MS equipment.85
5.3.5 Enable an MS subscription .85
5.3.6 Enable an MS equipment and subscription.85
5.4 Enable/disable protocol.86
5.4.1 General case.86
5.4.2 Status of cipher key material.87
5.4.2.1 Permanently disabled state.87
5.4.2.2 Temporarily disabled state .87
5.4.3 Specific protocol exchanges .88
5.4.3.1 Disabling an MS with mutual authentication .88
5.4.3.2 Enabling an MS with mutual authentication .89
5.4.3.3 Enabling an MS with non-mutual authentication.90
5.4.3.4 Disabling an MS with non-mutual authentication.91
5.4.4 Enabling an MS without authentication.93
5.4.5 Disabling an MS without authentication.94
5.4.6 Rejection of enable or disable command .94
5.4.6a Expiry of Enable/Disable protocol timer .95
5.4.7 MM service primitives.95
5.4.7.1 TNMM-DISABLING primitive.96
5.4.7.2 TNMM-ENABLING primitive.96
6 Air Interface (AI) encryption .96
6.1 General principles.96
6.2 Security class.97
6.2.0 Notification of security class .98
6.2.0.1 Security Class of Neighbouring Cells .98
ETSI

---------------------- Page: 4 ----------------------
5 Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)
6.2.0.2 Identification of MS security capabilities .99
6.2.1 Constraints on LA arising from cell class.99
6.3 Key Stream Generator (KSG) .99
6.3.1 KSG numbering and selection .99
6.3.2 Interface parameters.100
6.3.2.1 Initial Value (IV).100
6.3.2.2 Cipher Key.100
6.4 Encryption mechanism.101
6.4.1 Allocation of KSS to logical channels .101
6.4.2 Allocation of KSS to logical channels with PDU association .103
6.4.2.1 General.103
6.4.2.2 KSS allocation on phase modulation channels.103
6.4.2.3 KSS allocation on QAM channels .105
6.4.2.3.1 Fixed mapping.105
6.4.2.3.2 Offset mapping.106
6.4.3 Synchronization of data calls where data is multi-slot interleaved .107
6.4.4 Recovery of stolen frames from interleaved data .108
6.5 Use of cipher keys .108
6.5.1 Identification of encryption state of downlink MAC PDUs .109
6.5.1.1 Class 1 cells.109
6.5.1.2 Class 2 cells.110
6.5.1.3 Class 3 cells.110
6.5.2 Identification of encryption state of uplink MAC PDUs .110
6.6 Mobility procedures.111
6.6.1 General requirements.111
6.6.1.1 Additional requirements for class 3 systems.111
6.6.2 Protocol description.111
6.6.2.1 Negotiation of cipher parameters .111
6.6.2.1.1 Class 1 cells .112
6.6.2.1.2 Class 2 cells .112
6.6.2.1.3 Class 3 cells .112
6.6.2.2 Initial and undeclared cell re-selection.112
6.6.2.3 Unannounced cell re-selection .113
6.6.2.4 Announced cell re-selection type-3.114
6.6.2.5 Announced cell re-selection type-2.114
6.6.2.6 Announced cell re-selection type-1.114
6.6.2.7 Key forwarding.114
6.7 Encryption control.116
6.7.1 Data to be encrypted .116
6.7.1.1 Downlink control channel requirements .116
6.7.1.2 Encryption of MAC header elements.116
6.7.1.3 Traffic channel encryption control.116
6.7.1.4 Handling of PDUs that do not conform to negotiated ciphering mode .117
6.7.2 Service description and primitives.117
6.7.2.1 Mobility Management (MM) .118
6.7.2.2 Mobile Link Entity (MLE).118
6.7.2.3 Layer 2.120
6.7.3 Protocol functions.120
6.7.3.1 MM.120
6.7.3.2 MLE.120
6.7.3.3 LLC.120
6.7.3.4 MAC.121
6.7.4 PDUs for cipher negotiation .121
Annex A (normative): PDU and element definitions .122
A.1 Authentication PDUs.122
A.1.1 D-AUTHENTICATION demand.122
A.1.2 D-AUTHENTICATION reject.122
A.1.3 D-AUTHENTICATION response.123
A.1.4 D-AUTHENTICATION result.123
A.1.5 U-AUTHENTICATION demand.123
ETSI

---------------------- Page: 5 ----------------------
6 Final draft ETSI EN 300 392-7 V3.0.3 (2008-04)
A.1.6 U-AUTHENTICATION reject.124
A.1.7 U-AUTHENTICATION response.124
A.1.8 U-AUTHENTICATION result.125
A.2 OTAR PDUs .125
A.2.1 D-OTAR CCK Provide .
...

SLOVENSKI STANDARD
SIST EN 300 392-7 V3.1.1:2008
01-oktober-2008
Prizemni snopovni radio (TETRA) - Govor in podatki (V+D) - 7. del: Varnost
Terrestrial Trunked Radio (TETRA) - Voice plus Data (V+D) - Part 7: Security
Ta slovenski standard je istoveten z: EN 300 392-7 Version 3.1.1
ICS:
33.070.10 Prizemni snopovni radio Terrestrial Trunked Radio
(TETRA) (TETRA)
SIST EN 300 392-7 V3.1.1:2008 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 300 392-7 V3.1.1:2008

---------------------- Page: 2 ----------------------

SIST EN 300 392-7 V3.1.1:2008

ETSI EN 300 392-7 V3.1.1 (2008-06)
European Standard (Telecommunications series)


Terrestrial Trunked Radio (TETRA);
Voice plus Data (V+D);
Part 7: Security

---------------------- Page: 3 ----------------------

SIST EN 300 392-7 V3.1.1:2008
 2 ETSI EN 300 392-7 V3.1.1 (2008-06)



Reference
REN/TETRA-06173
Keywords
security, TETRA, V+D
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 4 ----------------------

SIST EN 300 392-7 V3.1.1:2008
 3 ETSI EN 300 392-7 V3.1.1 (2008-06)
Contents
Intellectual Property Rights.10
Foreword.10
1 Scope.12
2 References.12
2.1 Normative references.13
2.2 Informative references.13
3 Definitions and abbreviations.13
3.1 Definitions.13
3.2 Abbreviations.16
4 Air Interface authentication and key management mechanisms .17
4.0 Security classes.18
4.1 Air interface authentication mechanisms .18
4.1.1 Overview.18
4.1.2 Authentication of an MS.19
4.1.3 Authentication of the infrastructure .19
4.1.4 Mutual authentication of MS and infrastructure .20
4.1.5 The authentication key.22
4.1.6 Equipment authentication.22
4.2 Air Interface key management mechanisms.23
4.2.1 The DCK.23
4.2.2 The GCK.24
4.2.3 The CCK.25
4.2.4 The SCK.26
4.2.4.1 SCK association for DMO use.27
4.2.4.1.1 DMO SCK subset grouping.27
4.2.5 The GSKO.30
4.2.5.1 SCK distribution to groups with OTAR.30
4.2.5.2 GCK distribution to groups with OTAR .30
4.2.5.3 Rules for MS response to group key distribution.31
4.2.6 Encrypted Short Identity (ESI) mechanism .31
4.2.7 Encryption Cipher Key.32
4.2.8 Summary of AI key management mechanisms.32
4.3 Service description and primitives .33
4.3.1 Authentication primitives.33
4.3.2 SCK transfer primitives .34
4.3.3 GCK transfer primitives.35
4.3.4 GSKO transfer primitives .36
4.4 Authentication protocol.37
4.4.1 Authentication state transitions.37
4.4.2 Authentication protocol sequences and operations .39
4.4.2.1 MSCs for authentication.40
4.4.2.2 MSCs for authentication Type-3 element .46
4.4.2.3 Control of authentication timer T354 at MS .49
4.5 OTAR protocols.50
4.5.1 CCK delivery - protocol functions.50
4.5.1.1 SwMI-initiated CCK provision .51
4.5.1.2 MS-initiated CCK provision with U-OTAR CCK demand.52
4.5.1.3 MS-initiated CCK provision with announced cell reselection .53
4.5.2 OTAR protocol functions - SCK .53
4.5.2.1 MS requests provision of SCK(s).54
4.5.2.2 SwMI provides SCK(s) to individual MS .55
4.5.2.3 SwMI provides SCK(s) to group of MSs .57
4.5.2.4 SwMI rejects provision of SCK .59
4.5.3 OTAR protocol functions - GCK.59
4.5.3.1 MS requests provision of GCK .59
ETSI

---------------------- Page: 5 ----------------------

SIST EN 300 392-7 V3.1.1:2008
 4 ETSI EN 300 392-7 V3.1.1 (2008-06)
4.5.3.2 SwMI provides GCK to an individual MS.61
4.5.3.3 SwMI provides GCK to a group of MSs.63
4.5.3.4 SwMI rejects provision of GCK.65
4.5.4 Cipher key association to group address.65
4.5.4.1 SCK association for DMO .66
4.5.4.2 GCK association.69
4.5.5 Notification of key change over the air.71
4.5.5.1 Change of DCK.73
4.5.5.2 Change of CCK.73
4.5.5.3 Change of GCK.73
4.5.5.4 Change of SCK for TMO.73
4.5.5.5 Change of SCK for DMO .74
4.5.5.6 Synchronization of Cipher Key Change.74
4.5.6 Security class change .74
4.5.6.1 Change of security class to security class 1 .75
4.5.6.2 Change of security class to security class 2 .75
4.5.6.3 Change of security class to security class 3 .75
4.5.6.4 Change of security class to security class 3 with GCK .76
4.5.7 Notification of key in use.76
4.5.8 Notification of GCK Activation/Deactivation .76
4.5.9 Deletion of SCK, GCK and GSKO.76
4.5.10 Air Interface Key Status Enquiry.78
4.5.11 Crypto management group.80
4.5.12 OTAR retry mechanism.81
4.5.13 OTAR protocol functions – GSKO.81
4.5.13.1 MS requests provision of GSKO.81
4.5.13.2 SwMI provides GSKO to an MS.82
4.5.13.3 SwMI rejects provision of GSKO .83
5 Enable and disable mechanism.83
5.1 General relationships.83
5.2 Enable/disable state transitions.84
5.3 Mechanisms.84
5.3.1 Disable of MS equipment .85
5.3.2 Disable of an subscription.85
5.3.3 Disable of subscription and equipment.85
5.3.4 Enable an MS equipment.85
5.3.5 Enable an MS subscription .85
5.3.6 Enable an MS equipment and subscription.85
5.4 Enable/disable protocol.86
5.4.1 General case.86
5.4.2 Status of cipher key material.87
5.4.2.1 Permanently disabled state.87
5.4.2.2 Temporarily disabled state .87
5.4.3 Specific protocol exchanges .88
5.4.3.1 Disabling an MS with mutual authentication .88
5.4.3.2 Enabling an MS with mutual authentication .90
5.4.3.3 Enabling an MS with non-mutual authentication.91
5.4.3.4 Disabling an MS with non-mutual authentication.92
5.4.4 Enabling an MS without authentication.93
5.4.5 Disabling an MS without authentication.94
5.4.6 Rejection of enable or disable command .94
5.4.6a Expiry of Enable/Disable protocol timer .95
5.4.7 MM service primitives.96
5.4.7.1 TNMM-DISABLING primitive.96
5.4.7.2 TNMM-ENABLING primitive.96
6 Air Interface (AI) encryption .96
6.1 General principles.96
6.2 Security class.97
6.2.0 Notification of security class .98
6.2.0.1 Security Class of Neighbouring Cells .98
ETSI

---------------------- Page: 6 ----------------------

SIST EN 300 392-7 V3.1.1:2008
 5 ETSI EN 300 392-7 V3.1.1 (2008-06)
6.2.0.2 Identification of MS security capabilities .99
6.2.1 Constraints on LA arising from cell class.99
6.3 Key Stream Generator (KSG) .99
6.3.1 KSG numbering and selection .99
6.3.2 Interface parameters.100
6.3.2.1 Initial Value (IV).100
6.3.2.2 Cipher Key.100
6.4 Encryption mechanism.101
6.4.1 Allocation of KSS to logical channels .101
6.4.2 Allocation of KSS to logical channels with PDU association .103
6.4.2.1 General.103
6.4.2.2 KSS allocation on phase modulation channels.103
6.4.2.3 KSS allocation on QAM channels .105
6.4.2.3.1 Fixed mapping.105
6.4.2.3.2 Offset mapping.106
6.4.3 Synchronization of data calls where data is multi-slot interleaved .107
6.4.4 Recovery of stolen frames from interleaved data .108
6.5 Use of cipher keys .108
6.5.1 Identification of encryption state of downlink MAC PDUs .109
6.5.1.1 Class 1 cells.109
6.5.1.2 Class 2 cells.110
6.5.1.3 Class 3 cells.110
6.5.2 Identification of encryption state of uplink MAC PDUs .110
6.6 Mobility procedures.111
6.6.1 General requirements.111
6.6.1.1 Additional requirements for class 3 systems.111
6.6.2 Protocol description.111
6.6.2.1 Negotiation of cipher parameters .111
6.6.2.1.1 Class 1 cells .112
6.6.2.1.2 Class 2 cells .112
6.6.2.1.3 Class 3 cells .112
6.6.2.2 Initial and undeclared cell re-selection.112
6.6.2.3 Unannounced cell re-selection .113
6.6.2.4 Announced cell re-selection type-3.114
6.6.2.5 Announced cell re-selection type-2.114
6.6.2.6 Announced cell re-selection type-1.114
6.6.2.7 Key forwarding.114
6.7 Encryption control.116
6.7.1 Data to be encrypted .116
6.7.1.1 Downlink control channel requirements .116
6.7.1.2 Encryption of MAC header elements.116
6.7.1.3 Traffic channel encryption control.116
6.7.1.4 Handling of PDUs that do not conform to negotiated ciphering mode .117
6.7.2 Service description and primitives.117
6.7.2.1 Mobility Management (MM) .118
6.7.2.2 Mobile Link Entity (MLE).118
6.7.2.3 Layer 2.120
6.7.3 Protocol functions.120
6.7.3.1 MM.120
6.7.3.2 MLE.120
6.7.3.3 LLC.120
6.7.3.4 MAC.121
6.7.4 PDUs for cipher negotiation .121
Annex A (normative): PDU and element definitions .122
A.1 Authentication PDUs.122
A.1.1 D-AUTHENTICATION demand.122
A.1.2 D-AUTHENTICATION reject.122
A.1.3 D-AUTHENTICATION response.123
A.1.4 D-AUTHENTICATION result.123
A.1.5 U-AUTHENTICATION demand.123
ETSI

---------------------- Page: 7 ----------------------

SIST EN 300 392-7 V3.1
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.