Content for TS 33.102 Word version: 18.0.0
1 Scope
2 References
3 Definitions, symbols abbreviations and conventions
3.1 Definitions
3.2 Symbols
3.3 Abbreviations
3.4 Conventions
...
...
1 Scope p. 8
This specification defines the security architecture, i.e., the security features and the security mechanisms, for the third generation mobile telecommunication system.
A security feature is a service capability that meets one or several security requirements. The complete set of security features address the security requirements as they are defined in "3G Security: Threats and Requirements" (TS 21.133) and implement the security objectives and principles described in TS 33.120. A security mechanism is an element that is used to realise a security feature. All security features and security mechanisms taken together form the security architecture.
An example of a security feature is user data confidentiality. A security mechanism that may be used to implement that feature is a stream cipher using a derived cipher key.
This specification defines 3G security procedures performed within 3G capable networks (R99+), i.e. intra-UMTS and UMTS-GSM. As an example, UMTS authentication is applicable to UMTS radio access as well as GSM radio access provided that the serving network node and the MS are UMTS capable. Interoperability with non-UMTS capable networks (R98-) is also covered.
GSM security functions are defined in the TS 43.020.
2 References p. 8
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TS 21.133: "3G Security; Security Threats and Requirements".
[2]
TS 33.120: "3G Security; Security Principles and Objectives".
[3]
TR 21.905: "Vocabulary for 3GPP Specifications (Release 1999)".
[4]
TS 23.121: "Architecture Requirements for Release 99".
[5]
TS 31.101: "UICC-terminal interface; Physical and logical characteristics".
[6]
TS 22.022: "Personalisation of UMTS Mobile Equipment (ME); Mobile functionality specification".
[7]
TS 23.048: "Security Mechanisms for the (U)SIM application toolkit; Stage 2".
[8]
TS 43.020: "Security related network functions".
[9]
TS 23.060: "General Packet Radio Service (GPRS); Service description; Stage 2".
[10]
ISO/IEC 9798-4: "Information technology - Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function".
[11]
TS 35.201: "Specification of the 3GPP confidentiality and integrity algorithms; Document 1: f8 and f9 specifications".
[12]
TS 35.202: "Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi algorithm specification".
[13]
TS 35.203: "Specification of the 3GPP confidentiality and integrity algorithms; Document 3: Implementers' test data".
[14]
TS 35.204: "Specification of the 3GPP confidentiality and integrity algorithms; Document 4: Design conformance test data".
[15]
TS 31.111: "USIM Application Toolkit (USAT)".
[16]
TS 22.048: "Security Mechanisms for the (U)SIM Application Toolkit; Stage 1".
[17]
TS 25.331: "Radio Resource Control (RRC); Protocol specification".
[18]
TS 25.321: "Medium Access Control (MAC) protocol specification".
[19]
TS 25.322: "Radio Link Control (RLC) protocol specification".
[20]
TS 31.102: "Characteristics of the Universal Subscriber Identity Module (USIM) application".
[21]
TS 22.101: "Service aspects; Service principles".
[22]
TS 23.195: "Provision of User Equipment Specific Behaviour Information (UESBI) to network entities".
[23]
TS 43.129: "Packed-switched handover for GERAN A/Gb mode; Stage 2".
[24]
TS 35.215: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2 and UIA2 specifications".
[25]
TS 35.216: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2: SNOW 3G specification".
[26]
TS 35.217: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 3: Implementors' test data".
[27]
TS 35.218: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 4: Design conformance test data".
[28]
TS 33.401: "3GPP System Architecture Evolution: Security architecture".
[29]
TS 33.402: "3GPP System Architecture Evolution: Security aspects of non 3GPP accesses".
[30]
TS 33.220: "Generic Authentication Architecture (GAA); Generic bootstrapping architecture".
[31]
TS 25.413: "UTRAN Iu interface RANAP signalling".
[32]
TS 22.003: "Circuit Teleservices supported by a Public Land Mobile Network (PLMN)".
[33]
TS 22.101: "Service aspects; Service principles".
[34]
TS 23.167: " IP Multimedia Subsystem (IMS) emergency sessions".
[35]
TS 24.008: " Mobile radio interface Layer 3 specification; Core network protocols; Stage 3".
[36]
TS 43.020: "Security related network functions".
[37]
TS 23.216: "Single Radio Voice Call Continuity (SRVCC); Stage 2".
[38]
TS 25.420: "UTRAN Iur interface general aspects and principles".
[39]
TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security".
[40]
TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)".
[41]
RFC 4301: "Security Architecture for the Internet Protocol".
[42]
TS 33.501: "Security architecture and procedures for 5G system".
[43]
Ravishankar Borgaonkar, Lucca Hirschi*, Shinjo Park, and Altaf Shaik (published online: July 2019), "New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols", https://eprint.iacr.org/2018/1175.pdf .
3 Definitions, symbols abbreviations and conventions p. 10
3.1 Definitions p. 10
In addition to the definitions included in TR 21.905 and TS 22.101, for the purposes of the present document, the following definitions apply:
Confidentiality:
The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Data integrity:
The property that data has not been altered in an unauthorised manner.
Data origin authentication:
The corroboration that the source of data received is as claimed.
Entity authentication:
The provision of assurance of the claimed identity of an entity.
Key freshness:
A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
UMTS Entity authentication and key agreement:
Entity authentication according to this specification.
GSM Entity authentication and key agreement:
The entity Authentication and Key Agreement procedure to provide authentication of a SIM to a serving network domain and to generate the key Kc in accordance to the mechanisms specified in TS 43.020.
User:
Within the context of this specification a user is either a UMTS subscriber (clause 6.8.1) or a GSM Subscriber (clause 6.8.2) or a physical person as defined in TR 21.905 (clause 5.3 and 5.5).
UMTS subscriber:
a Mobile Equipment with a UICC inserted and activated USIM-application.
GSM subscriber:
a Mobile Equipment with a SIM inserted or a Mobile Equipment with a UICC inserted and activated SIM-application.
UMTS security context:
a state that is established between a user and a serving network domain as a result of the execution of UMTS AKA or as a result of inter RAT mobility from E-UTRAN [28] to UTRAN or GERAN. At both ends "UMTS security context data" is stored, that consists at least of the UMTS cipher/integrity keys CK and IK and the key set identifier KSI. One is still in a UMTS security context, if the keys CK/IK are converted into Kc to work with a GSM BSS.
GSM security context:
a state that is established between a user and a serving network domain usually as a result of the execution of GSM AKA. At both ends "GSM security context data" is stored, that consists at least of the GSM cipher key Kc and the cipher key sequence number CKSN.
Quintet, UMTS authentication vector:
temporary authentication and key agreement data that enables an VLR/SGSN to engage in UMTS AKA with a particular user. A quintet consists of five elements:
- a network challenge RAND,
- an expected user response XRES,
- a cipher key CK,
- an integrity key IK and
- a network authentication token AUTN.
temporary authentication and key agreement data that enables an VLR/SGSN to engage in GSM AKA with a particular user. A triplet consists of three elements:
- a network challenge RAND,
- an expected user response SRES and
- a cipher key Kc.
either a quintet or a triplet.
Temporary authentication data:
either UMTS or GSM security context data or UMTS or GSM authentication vectors.
R98-:
Refers to a network node or ME that conforms to R97 or R98 specifications.
R99+:
Refers to a network node or ME that conforms to R99 or later specifications.
Rel4- ME:
Refers to a ME that conforms to Rel-4 or R99 specifications.
Rel5+ ME:
Refers to a ME that conforms to Rel-5 or later specifications.
ME capable of UMTS AKA:
either a Rel4- ME that does support USIM-ME interface or a Rel5+ ME.
ME not capable of UMTS AKA:
a Rel4- ME that does not support USIM-ME interface or a R98- ME.
3.2 Symbols p. 11
For the purposes of the present document, the following symbols apply:
||
Concatenation
⊕
Exclusive or
f1
Message authentication function used to compute MAC
f1*
Message authentication function used to compute MAC-S
f2
Message authentication function used to compute RES and XRES
f3
Key generating function used to compute CK
f4
Key generating function used to compute IK
f5
Key generating function used to compute AK in normal procedures
f5*
Key generating function used to compute AK in re-synchronisation procedures
K
Long-term secret key shared between the USIM and the AuC
3.3 Abbreviations p. 11
In addition to (and partly in overlap to) the abbreviations included in TR 21.905, for the purposes of the present document, the following abbreviations apply:
AK
Anonymity Key
AKA
Authentication and key agreement
AMF
Authentication management field
AUTN
Authentication Token
AV
Authentication Vector
CK
Cipher Key
CKSN
Cipher key sequence number
CS
Circuit Switched
DSCP
Differentiated Services Code Point
E-UTRAN
Evolved Universal Terrestrial Radio Access Network
GERAN
GSM/EDGE Radio Access Network
HE
Home Environment
HLR
Home Location Register
IK
Integrity Key
IKE
Internet Key Exchange
IMSI
International Mobile Subscriber Identity
Kc
64-bit GSM ciphering key
Kc128
128-bit GSM ciphering key
KSI
Key Set Identifier
KSS
Key Stream Segment
LAI
Location Area Identity
MAC
The message authentication code included in AUTN, computed using f1
MAC
The message authentication code included in AUTN, computed using f1*
ME
Mobile Equipment
MS
Mobile Station
MSC
Mobile Services Switching Centre
PS
Packet Switched
P-TMSI
Packet-TMSI
Q
Quintet, UMTS authentication vector
RAI
Routing Area Identifier
RAND
Random challenge
SEG
Security Gateway
SGSN
Serving GPRS Support Node
SIM
(GSM) Subscriber Identity Module
SN
Serving Network
SQN
Sequence number
SQNHE
Individual sequence number for each user maintained in the HLR/AuC
SQNMS
The highest sequence number the USIM has accepted
SRVCC
Single Radio Voice Call Continuity
T
Triplet, GSM authentication vector
TMSI
Temporary Mobile Subscriber Identity
UEA
UMTS Encryption Algorithm
UIA
UMTS Integrity Algorithm
UICC
UMTS IC Card
USIM
Universal Subscriber Identity Module
UTRAN
Universal Terrestrial Radio Access Network
VLR
Visitor Location Register
XRES
Expected Response
3.4 Conventions p. 12
All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.
