3GPPTS33.102资源-CSDN文库

4星 · 超过85%的资源需积分: 31 83 浏览量 2013-06-14 18:41:47 上传评论 3 收藏 472KB PDF 举报

3GPP TS 33.102 是一份关于 3G 安全架构的技术规范，由 3GPP（Third Generation Partnership Project）发布，版本号为 10.0.0，发布于 2011 年 5 月。本技术规范的主要内容是关于 UMTS（Universal Mobile Telecommunications System）和 LTE（Long-Term Evolution）的安全架构，涵盖了安全 threats、安全要求、安全机制等方面的内容。安全架构是为了保护移动通信系统免受恶意攻击和未经授权的访问，保障用户数据和网络资源的安全。该架构包括了身份验证、加密、访问控制、入侵检测和防火墙等安全机制。在本技术规范中，定义了安全架构的基本概念和模型，包括安全域、安全边界、安全 gateway 等。同时，也定义了安全架构的各种组件，例如，身份验证服务器、加密服务器、防火墙等。此外，本技术规范还规定了安全架构的实现和部署要求，包括安全架构的设计、测试和验证等方面的内容。在 LTE 网络中，安全架构是非常重要的，因为 LTE 网络的安全性直接关系到用户数据和网络资源的安全。因此，本技术规范对 LTE 网络的安全架构提出了严格的要求和指导。 3GPP TS 33.102 是一份关于 3G 安全架构的技术规范，为 UMTS 和 LTE 网络的安全架构提供了统一的架构和要求，旨在保障用户数据和网络资源的安全。知识点： * 3GPP TS 33.102 是一份关于 3G 安全架构的技术规范。 * 该技术规范涵盖了 UMTS 和 LTE 的安全架构。 * 安全架构的主要内容包括身份验证、加密、访问控制、入侵检测和防火墙等安全机制。 * 本技术规范定义了安全架构的基本概念和模型，包括安全域、安全边界、安全 gateway 等。 * 本技术规范规定了安全架构的实现和部署要求，包括安全架构的设计、测试和验证等方面的内容。 * LTE 网络的安全架构是非常重要的，因为 LTE 网络的安全性直接关系到用户数据和网络资源的安全。

资源推荐

资源详情

资源评论

ETSI TS 133 102 V10.0.0 (2011-05

)

Technical Specification

Universal Mobile Telecommunications System (UMTS);

LTE;

3G security;

Security architecture

(3GPP TS 33.102 version 10.0.0 Release 10

)

ETSI

ETSI TS 133 102 V10.0.0 (2011

05)

3GPP TS 33.102 version 10.0.0 Release 10

Reference

RTS/TSGS-0333102va00

Keywords

LTE, SECURITY, UMTS

ETSI

650 Route des Lucioles

F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C

Association à but non lucratif enregistrée à la

Sous-Préfecture de Grasse (06) N° 7803/88

Important notice

Individual copies of the present document can be downloaded from:

http://www.etsi.org

The present document may be made available in more than one electronic version or in print. In any case of existing or

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a

specific network drive

within ETSI Secretariat.

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

http://portal.etsi.org/tb/status/status.asp

If you find errors in the present document, please send your comment to one of the following services:

http://portal.etsi.org/chaircor/ETSI_support.asp

No part may be reproduced except as authorized by written permission.

The copyright and the foregoing restriction extend to reproduction in all media.

DECT

, PLUGTESTS

, UMTS

, TIPHON

, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered

for the benefit of its Members.

3GPP

is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.

LTE™ is a Trade Mark of ETSI currently being registered

for the benefit of its Members and of the 3GPP Organizational Partners.

GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

ETSI

ETSI TS 133 102 V10.0.0 (2011

05)

3GPP TS 33.102 version 10.0.0 Release 10

Contents

Intellectual Property Rights ................................................................................................................................ 2

Foreword ............................................................................................................................................................. 2

Foreword ............................................................................................................................................................. 6

1 Scope ........................................................................................................................................................ 7

2 References ................................................................................................................................................ 7

3 Definitions, symbols abbreviations and conventions ............................................................................... 9

3.1 Definitions .......................................................................................................................................................... 9

3.2 Symbols ............................................................................................................................................................ 10

3.3 Abbreviations ................................................................................................................................................... 10

3.4 Conventions ...................................................................................................................................................... 11

4 Overview of the security architecture..................................................................................................... 12

5 Security features ..................................................................................................................................... 13

5.1 Network access security ................................................................................................................................... 13

5.1.1 User identity confidentiality ....................................................................................................................... 13

5.1.2 Entity authentication ................................................................................................................................... 14

5.1.3 Confidentiality ............................................................................................................................................ 14

5.1.4 Data integrity .............................................................................................................................................. 14

5.1.5 Mobile equipment identification ................................................................................................................. 15

5.2 Network domain security ................................................................................................................................. 15

5.2.1 Void ............................................................................................................................................................ 15

5.2.2 Void ............................................................................................................................................................ 15

5.2.3 Void ............................................................................................................................................................ 15

5.2.4 Fraud information gathering system ........................................................................................................... 15

5.3 User domain security ........................................................................................................................................ 15

5.3.1 User-to-USIM authentication...................................................................................................................... 15

5.3.2 USIM-Terminal Link .................................................................................................................................. 15

5.4 Application security ......................................................................................................................................... 16

5.4.1 Secure messaging between the USIM and the network .............................................................................. 16

5.4.2 Void ............................................................................................................................................................ 16

5.4.3 Void ............................................................................................................................................................ 16

5.4.4 Void ............................................................................................................................................................ 16

5.5 Security visibility and configurability .............................................................................................................. 16

5.5.1 Visibility ..................................................................................................................................................... 16

5.5.2 Configurability ............................................................................................................................................ 16

6 Network access security mechanisms .................................................................................................... 17

6.1 Identification by temporary identities............................................................................................................... 17

6.1.1 General ........................................................................................................................................................ 17

6.1.2 TMSI reallocation procedure ...................................................................................................................... 17

6.1.3 Unacknowledged allocation of a temporary identity .................................................................................. 17

6.1.4 Location update .......................................................................................................................................... 18

6.2 Identification by a permanent identity .............................................................................................................. 18

6.3 Authentication and key agreement ................................................................................................................... 18

6.3.1 General ........................................................................................................................................................ 18

6.3.2 Distribution of authentication data from HE to SN .................................................................................... 20

6.3.3 Authentication and key agreement .............................................................................................................. 22

6.3.4 Distribution of IMSI and temporary authentication data within one serving network domain ................... 25

6.3.5 Re-synchronisation procedure .................................................................................................................... 26

6.3.6 Reporting authentication failures from the SGSN/VLR to the HLR .......................................................... 27

6.3.6.1 Authentication re-attempt ...................................................................................................................... 27

6.3.7 Length of authentication parameters ........................................................................................................... 28

6.4 Local authentication and connection establishment ......................................................................................... 28

6.4.1 Cipher key and integrity key setting ........................................................................................................... 28

ETSI

ETSI TS 133 102 V10.0.0 (2011

05)

3GPP TS 33.102 version 10.0.0 Release 10

6.4.2 Ciphering and integrity mode negotiation .................................................................................................. 28

6.4.3 Cipher key and integrity key lifetime ......................................................................................................... 29

6.4.4 Cipher key and integrity key identification ................................................................................................. 29

6.4.5 Security mode set-up procedure .................................................................................................................. 30

6.4.6 Signalling procedures in the case of an unsuccessful integrity check ......................................................... 33

6.4.7 Signalling procedure for periodic local authentication ............................................................................... 33

6.4.8 Initialisation of synchronisation for ciphering and integrity protection ...................................................... 33

6.4.9 Emergency call handling ............................................................................................................................ 34

6.4.9.1 Security procedures applied .................................................................................................................. 34

6.4.9.2 Security procedures not applied ............................................................................................................ 34

6.5 Access link data integrity ................................................................................................................................. 35

6.5.1 General ........................................................................................................................................................ 35

6.5.2 Layer of integrity protection ....................................................................................................................... 35

6.5.3 Data integrity protection method ................................................................................................................ 35

6.5.4 Input parameters to the integrity algorithm ................................................................................................. 36

6.5.4.1 COUNT-I .............................................................................................................................................. 36

6.5.4.2 IK .......................................................................................................................................................... 36

6.5.4.3 FRESH .................................................................................................................................................. 37

6.5.4.4 DIRECTION ......................................................................................................................................... 37

6.5.4.5 MESSAGE ............................................................................................................................................ 37

6.5.5 Integrity key selection ................................................................................................................................. 37

6.5.6 UIA identification ....................................................................................................................................... 37

6.6 Access link data confidentiality ........................................................................................................................ 38

6.6.1 General ........................................................................................................................................................ 38

6.6.2 Layer of ciphering ....................................................................................................................................... 38

6.6.3 Ciphering method ....................................................................................................................................... 38

6.6.4 Input parameters to the cipher algorithm .................................................................................................... 39

6.6.4.1 COUNT-C ............................................................................................................................................. 39

6.6.4.2 CK ......................................................................................................................................................... 40

6.6.4.3 BEARER ............................................................................................................................................... 41

6.6.4.4 DIRECTION ......................................................................................................................................... 41

6.6.4.5 LENGTH ............................................................................................................................................... 41

6.6.5 Cipher key selection.................................................................................................................................... 41

6.6.6 UEA identification ...................................................................................................................................... 41

6.7 Void .................................................................................................................................................................. 42

6.8 Interoperation and handover between UMTS and GSM .................................................................................. 42

6.8.1 Authentication and key agreement of UMTS subscribers .......................................................................... 42

6.8.1.1 General .................................................................................................................................................. 42

6.8.1.2 R99+ HLR/AuC .................................................................................................................................... 43

6.8.1.3 R99+ VLR/SGSN ................................................................................................................................. 44

6.8.1.4 R99+ ME ............................................................................................................................................... 45

6.8.1.5 USIM ..................................................................................................................................................... 45

6.8.2 Authentication and key agreement for GSM subscribers............................................................................ 46

6.8.2.1 General .................................................................................................................................................. 46

6.8.2.2 R99+ HLR/AuC .................................................................................................................................... 47

6.8.2.3 VLR/SGSN ........................................................................................................................................... 47

6.8.2.4 R99+ ME ............................................................................................................................................... 47

6.8.3 Distribution and use of authentication data between VLRs/SGSNs ........................................................... 47

6.8.4 Intersystem handover for CS Services – from UTRAN to GSM BSS ........................................................ 48

6.8.4.1 UMTS security context ......................................................................................................................... 49

6.8.4.2 GSM security context ............................................................................................................................ 49

6.8.5 Intersystem handover for CS Services – from GSM BSS to UTRAN ........................................................ 50

6.8.5.1 UMTS security context ......................................................................................................................... 50

6.8.5.2 GSM security context ............................................................................................................................ 50

6.8.6 Intersystem change for PS Services – from UTRAN to GSM BSS ............................................................ 51

6.8.6.1 UMTS security context ......................................................................................................................... 51

6.8.6.2 GSM security context ............................................................................................................................ 51

6.8.7 Intersystem change for PS services – from GSM BSS to UTRAN............................................................. 51

6.8.7.1 UMTS security context ......................................................................................................................... 51

6.8.7.2 GSM security context ............................................................................................................................ 52

6.8.8 PS handover from Iu to Gb mode ............................................................................................................... 52

6.8.8.1 UMTS security context ......................................................................................................................... 52

剩余72页未读，继续阅读

评论收藏

内容反馈