01.563GPPCTS Authentication and Key Generation Algorithms RequirementsGSM Cordless Telephony System (CTS), Phase 1TS
This clause advises ETSI SAGE on measures needed to provide users of the algorithm set with confidence that it is fit for purpose, and users of the algorithm set specification and test data assurance that appropriate quality control has been exercised in their production.
The measures shall be recorded by ETSI SAGE in a design and evaluation report which shall be published by ETSI as a Technical Report.
8.1 Quality assurance for the algorithm set
Prior to its release to the ETSI custodian, the algorithm set needs to be approved as meeting the technical requirements specified in clause 6 by all members of ETSI SAGE.
8.2 Quality assurance for the specification and test data
Prior to delivery of the algorithm set specification, two independent simulations of each algorithm in the set needs to be made using the specification, and confirmed against test data designed to allow verification of significant points in the execution of each algorithm in the set.
Design conformance and algorithm input/output test data needs to be generated using a simulation of each algorithm in the set produced from the specification and confirmed as above. The simulation used to produce this test data needs to be identified in the test data deliverables and retained by ETSI SAGE.
8.3 Design and evaluation report
The design and evaluation report is intended to provide evidence to potential users of the algorithm set, specification and test data that appropriate and adequate quality control has been applied to their production. The report shall explain the following:
– the algorithm set and test data design criteria;
– the algorithm set evaluation criteria;
– the methodology used to design and evaluate algorithms in the set;
– the extent of the mathematical analysis and statistical testing applied to the algorithms in the set;
– the principal conclusions of the algorithm set evaluation;
– the quality control applied to the production of the algorithm set specification and test data.
The report shall confirm that all members of ETSI SAGE have approved the algorithm set, specification and test data.
The report shall not contain any information about the algorithm set, such as design techniques used, mathematical analysis or statistical testing of components of the algorithm set, which might reveal part or all of the structure or detail of the algorithm set.