6 Normal procedures

22.0483GPPSecurity mechanisms for the (U)SIM application toolkitStage 1TS

6.1 Security mechanisms

From the security requirements described in clause 5, the following subclauses define security mechanisms on the Transport Layer. Some of the security mechanisms fulfil more than one security requirement.

6.1.1 Authentication mechanisms

Mechanisms ensuring authentication are:

– Cryptographic Checksum (b1);

– Digital Signature (b2).

The Cryptographic Checksum mechanism is suitable for authentication when the secret information is shared only by the communicating entities.

6.1.2 Message integrity mechanisms

Mechanisms ensuring message integrity are:

– Redundancy Check;

– Cryptographic Checksum (b1);

– Digital Signature (b2).

The Redundancy Check mechanism on it’s own only protects against accidental corruption. In conjunction with encryption it can be used to provide message integrity.

6.1.3 Replay detection and sequence integrity mechanisms

Mechanisms ensuring replay detection and sequence integrity are:

– Simple Counter;

– A counter included in the calculation of the Cryptographic Checksum (d1);

– A counter included in the calculation of the Digital Signature (d2).

The Simple Counter mechanism protects against accidental loss or replay. In conjunction with encryption it can be used to protect against malicious loss or replay. There shall exist a specific counter value which indicates that the replay detection and sequence integrity mechanisms are inactive.

6.1.4 Proof of receipt mechanisms

NOTE: The proof of receipt mechanisms may frequently be used in conjunction with replay detection and sequence integrity.

Mechanisms ensuring proof of receipt are:

– unsecured acknowledgement;

– acknowledgement included in the calculation of the Cryptographic Checksum (f1);

– acknowledgement included in the calculation of the Digital Signature (f2).

6.1.5 Message confidentiality mechanisms

– Encryption mechanism (g).

6.2 Security mechanisms and recommended combinations

6.2.1 Non-cryptographic mechanisms

In the following a number of mechanisms are listed which are based on non-cryptographic mechanisms. These mechanisms offer no security against any deliberate attack, only detection of accidental corruption.

– Redundancy Check;

– Unsecured Acknowledgement;

– Simple Counter.

6.2.2 Cryptographic mechanisms

The Security Header, except the Cryptographic Checksum/Digital Signature, shall always be included in the calculation of the Cryptographic Checksum/Digital Signature.

– Cryptographic Checksum (d1) or Digital Signature (d2);

This security mechanism addresses the following security requirements: authentication, message integrity, replay detection and sequence integrity.

– Acknowledgement as Cryptographic Checksum (f1) or Digital Signature (f2);

This security mechanism satisfies the security requirement proof of receipt.

– Encryption of the Application Data and possibly part of the Security Header (g);

The encryption of the Application Data and possibly part of the Security Header corresponds to the requirement of message confidentiality.

Table 1: Overview of cryptographic mechanisms

Requirements

Mechanisms

Cryptographic Checksum

Digital Signature

Encryption

authentication

(b1)

(b2)

message integrity

(b1)

(b2)

replay detection and sequence integrity

(d1)

(d2)

proof of receipt

(f1)

(f2)

confidentiality

(g)

6.2.3 Recommended combinations of cryptographic mechanisms

Whilst it is recognised that many combinations of the above described security mechanisms are possible and feasible, for the purpose of the present document, in order to limit the complexity of implementation, a limited number of combinations is recommended.

– combinations employing Cryptographic Checksum:

combination 1: d1

combination 2: d1 + f1

combination 3: d1 + f1 + g

combination 4: d1 + g

– combinations employing Digital Signature:

combination 5: d2

combination 6: d2 + f2

combination 7: d2 + f2 + g

combination 8: d2 + g

It is recommended that encryption is employed only in conjunction with either a Redundancy Check, Cryptographic Checksum or Digital Signature in order to allow verification of the decryption.

If only authentication and message integrity are required this is indicated by a special counter value as described in subclause 6.1.3.