E.11 (informative annex): Guidelines for generation of random numbers

03.203GPPRelease 1999Security related network functionsTS

Both the CTS-MS and the CTS-FP must on occasions generate « random » numbers as inputs to security algorithms. Specifically:

– the 128-bit input CH1 to the algorithms B1 and B3 is generated by the CTS-FP;

– the 128-bit input CH2 to the algorithms B4 is generated by the CTS-MS;

– the 64-bit input RIFP to the algorithm B2 is generated by the CTS-FP;

– the 64-bit input RIMS to the algorithm B2 is generated by the CTS-MS;

This section indicates the requirements on the « randomness » of these values. There are essentially two requirements: non-repetition (for CH1 to CH2, which are the generated many times) and unpredictability.

Non-repetition of CH1 and CH2: The probability that a new value CH1 (or CH2) is the same as any one particular previously generated value of CH1 (or CH2) should not be significantly greater than 2-128 . It is assumed that the number of values of CH1 (or CH2) generated by any CTS-FP will be much less than 2-128.

Unpredictability of CH1 and CH2: It is not necessary for every new CH1 (or CH2) to be « completely random », i.e. to be exactly likely to assume any possible value, independent of all previously generated values. However, the generation must not be easily predictable. Given all previously generated values of the CH1 (or CH2), the probability that a newly generated CH1 (or CH2) will assume any specific value should not be greater than 2-32.

Unpredictability of RIFP and RIMS: The probability that RIFP (or RIMS) will assume any specific value should be not greater than 2-32.

Annex F (informative):
Change History

Change history

Date

TSG #

TSG Doc.

CR

Rev

Subject/Comment

Cat

Old

New

Release 92

Last common Phase 1/Phase 2 version

3.3.2

Aug 1992

SMG#03

016

Working version 4

D

3.3.2

4.0.0

Aug 1992

SMG#03

011

2

B

3.3.2

4.0.0

Aug 1992

SMG#03

013

2

B

3.3.2

4.0.0

Aug 1992

SMG#03

014

C

3.3.2

4.0.0

Oct 1992

SMG#04

015

2

C

4.0.0

4.1.0

Jan 1993

SMG#05

017

1

Titles of annexes are added from version 3.3.0.
Annexes are renamed to annex A, B and C (PNE!).
Some figures in section 2 are renumbered.

D

4.1.0

4.2.0

June 1993

SMG#07

022

D

4.2.0

4.2.1

Oct 1993

TS changed to prETS 300 534

4.2.1

4.2.2

Apr 1994

SMG#10

024

1

F

4.2.2

4.3.0

Apr 1994

SMG#10

025

F

4.2.2

4.3.0

Apr 1994

SMG#10

TS frozen for Phase 2 by SMG#10

4.3.0

Sept 1994

ETS 300 534 1st edition

4.3.0

4.3.1

Feb 1996

SMG#17

157/96

A001

Length of ciphering key Kc for signalling and testing purposes

D

4.3.1

4.3.2

Feb 1996

ETS 300 534 2nd edition
Last common Phase 2/Phase 2+ version

4.3.2

4.3.3

Dec 1996

GTS converted to draft prETR 300 929 for Release 96

4.3.3

5.0.0

ETS 300 929 first edition

5.0.0

5.0.1

Feb 1997

SMG#21

132/97

A002

4

Definition of ciphering for HSCSD

F

5.0.0

5.1.0

Feb 1997

SMG#21

181/97

A004

1

Ciphering Algorithm(s) support (phase 2+)

A

5.0.0

5.1.0

ETS 300 929 second edition

5.1.0

5.1.1

Oct 1997

SMG#23

97-778

A006

1

(GPRS Release 97)

B

5.1.1

5.2.0

Oct 1997

SMG#23

97-778

A007

1

(GPRS Release 97)

B

5.1.1

5.2.0

Mar 1998

ETS converted to version 6.0.0 because of GPRS Release 97 contents.

5.2.0

6.0.0

July 1998

Specification published as TS 100 929

6.0.0

6.0.1

Feb 1999

SMG#28

P-99-117

A010

CTS Release 98
New annex E related to CTS security

B

6.0.1

7.0.0

July 1999

SMG#29

P-99-530

A013

CTS R98: Introduction of CTS-FP authentication and signature generation by CTS-SN

B

7.0.0

7.1.0

July 1999

SMG#29

P-99-530

A014

CTS R98: CTS Security functions in case of license exempt frequencies

F

7.0.0

7.1.0

July 1999

SMG#29

P-99-553

A016

4

Correction of the handling of the Ciphering Key Sequence Number (CKSN)

F

7.0.0

7.1.0

Oct 1999

SMG#30

P-99-743

A018

Clarification on security triplet re-use conditions

F

7.1.0

8.0.0

Oct 1999

SMG#30

P-99-743

A017

Introduction of EDGE variant of A5 algorithm

B

7.1.0

8.0.0

Mar 2000

SMG#32

P-00-309

A023

GPRS Ciphering algorithm negotiation

A

8.0.0

8.1.0

Oct 2000

Updated to 3GPP TS Format: 3GPP TS 03.20 version 8.1.0

8.0.0

8.1.0

Mar 2006

SP-31

SP-060046

A002

Recommendation not to support A5/2 in new terminals

F

8.1.0

8.2.0

June 2006

SP-32

SP-060374

A025

Clarification on A5 algorithm support

F

8.2.0

8.3.0

Oct 2006

SP-34

SP-060907

0027

Correction of implmentation error of CR A025

F

8.3.0

8.4.0

Jan 2007

Correction to cover page

8.4.0

8.4.1

Sep 2007

SP-37

SP-070671

0028

2

Prohibiting A5/2 in mobile stations and other clarifications regarding A5 algorithm support

F

8.4.1

8.5.0

Dec 2007

SP-38

SP-070784

0029

Recommendation to support A5/3 and explicit prohibition of non-standard A5 algorithms in MS

F

8.5.0

8.6.0