E.4 CTS supervising security system

03.203GPPRelease 1999Security related network functionsTS

This subclause is applicable is case of licensed band only.

In the following sub-clauses the functions and procedures related to the CTS supervising security are defined. The following system elements and interfaces according to GSM 03.56 are involved:

– The CTS-FP (consisting of the CTS-FPE and the FP-SIM);

– The CTS-MS (consisting of the CTS-ME and the MS-SIM);

– The CTSHLR/AuC;

– The CTS-SN;

– The HLR/AuC;

– The CTS radio interface between the CTS-MS and the CTS-FP;

– The CTS fixed network interface;

– The GSM radio interface.

E.4.1 Supervision data and supervision data protection

This sub-clause describes the mechanisms to be used by theCTS operator to set and modify the supervision data to be used in a CTS-MS/CTS-FP environment.

E.4.1.1 Structure of supervision data

Supervision data are sent as structured information elements which may consist of:

1 Short commands, e.g., information data requests, identification, de-intialisation of the CTS-FP,de-enrolment of a CTS-MS, …;

2 Download of data and parameters, e.g., radio parameters, timer settings, CTS-SN directory number;

E.4.1.2 Supervision data protection

The supervision data are protected by a signature.

The signature of data is performed following a valid CTS-FP authentication by the CTS-SN as described in chapter E.4.3.1.

The signature is performed using the B6 algorithm and a secret key Kop shared between the CTS-SN and the CTS-FP. The secret key Kop is generated during the CTS-FP authentication at the CTS-AuC using the authentication key KiFP a random vector and the A8’ algorithm: Kop= A8’(KiFP, RAND1).

Data signature is performed using a random vector RAND2 generated by the CTS-FP, Data the sequence that has been signed, Kop and the B6 algorithm. The concatenation of Data and RAND2 is referred to as Data2.

Some data are associated with a validity period indication (relative time). Before the validity timer expires, the CTS-FP must contact the CTS-SN in order toupdate those data.

It should be noted that supervision data carry data related to CTS subscription and therefore to the CTS-FP.

Therefore, the operator will issue supervision data following a successful CTS-FP authentication by the CTS-HLR.

Figure E6: Generation of the signature of the supervision data

E.4.1.3 Key management

The SIM card manufacturer delivers an FP-SIM card that includes a mechanism to authenticate the signature of the supervision data issued by the CTS-SN. This mechanism consists of the B6 algorithm that enables authentication of thesignature using a secret key KOP.

This key is not accessible on the FP-SIM card.

E.4.2 CTS subscriber identity

A CTS specific identity is assigned to a subscriber of the CTS service. This identity (IFPSI) enables unique identification of a CTS subscriber at communication with the CTS-SN.

It can be noted that the subscription to the CTS service does not assume subscription of every CTS-MS that want to operate CTS on a given CTS-FP. There is one CTS subscription per CTS-FP, and therefore one identity to check no matter how many CTS-MS are enrolled to that CTS-FP.

Nevertheless, the CTS operator may also require the authentication of the CTS-MS.

And therefore the MS-SIM identity (IMSI) will identify a CTS-MS subscriber at communication with the CTS-SN.

For more details see also GSM 03.56.

E.4.3 Identity authentication with the CTS operator and the PLMN

According to the definitions given in GSM 02.56, the procedure of authentication of the FP-SIM is required for the CTS initialisation, CTS-MS enrolment onto a CTS-FP, and network access procedure (e.g. operation data update).

Similarly, the procedure of authentication of the MS-SIM is required for the CTS-MS enrolment onto a CTS-FP.

Additionally identity authentication may also be part of other CTS specific procedures.

E.4.3.1 Authentication of the CTS-FP

The authentication of the CTS-FP via the fixed network procedure consists of the following exchange between the CTS-FP and the CTS-HLR through the CTS-SN:

– The CTS-FP sends the IFPSI to the CTS-HLR through the fixed line and through the CTS-SN;

– The CTS-AuC computes the authentication result (SRES) using the KiFP key associated to the IFPSI and a random challenge (RAND);

– The CTS-SN receives from the CTS-HLR the authentication vector (SRES (1,…, n), RAND (1,…,n)) according to the general authentication procedure described in GSM 03.20;

– The CTS-SN transmits a RAND1 and a random value Data1 to the CTS-FP via the fixed network;

– The CTS-FP and the CTS-HLR generate a key Kop derived from the KiFP and using A8’ algorithm;

– The CTS-FP performs an authentication using Kop and B5 computes the signature ofData1, say MAC1;

– The CTS-FP transmits the signature MAC1 to the CTS-SN;

– The CTS-SN tests MAC1 for validity.

Figure E7: Authentication of the CTS‑FP

E.4.3.2 Authentication of the CTS-MS

This procedure requires that the CTS-SN has an interface to the HLR in order to receive the challenge/response pairs for authentication of the CTS-MS.

It is a normal GSM authentication procedure as described in GSM03.20[7], the CTS-FP acting as a relay:

– The CTS-MS sends the IMSI to the HLR through the CTS-FP and through the CTS-SN;

– The AuC generates the authentication result (SRES) using the Ki key associated with the IMSI and a random challenge (RAND);

– The CTS-SN receives the authentication vector (SRES (1,…, n), RAND (1,…,n)) according to the general authentication procedure described in GSM 03.20;

– The CTS-SN transmits a RAND, 1  x  n, to the CTS-MS via the CTS-FP.;

– The CTS-MS performs an authentication using Ki and A3 according to the authentication procedure described in GSM 03.20 and computes the signature of RANDx: SRESRANDx;

– The CTS-MS transmits via the CTS-FP the signature SRESRANDx to the CTS-SN;

– The CTS-SN tests SRESRANDx for validity.

Figure E8: Authentication of the CTS-MS via the CTS fixed network interface

E.4.4 Secure operation control

According to GSM 03.56, signalling for operation control of the local CTS may take place on different signalling planes:

– on the CTS fixed network interface using a CTS-SN application signalling;

– on the GSM Radio Interface using the GSM layer 3 signalling.

The means of operation control of the local CTS for these two signalling planes is described in the subsequent subclauses.

E.4.4.1 GSM layer 3 signalling

GSM layer 3 signalling can be used to provide CTS data.

It is not initiated on request of the local CTS but included in a normal GSM layer 3 signalling procedure.

These data are downloaded to the CTS-MS through the GSM Radio Interface and transferred to the CTS-FP during an access procedure according to subclause E.3.4.2. Whenever the CTS-FP gets new CTS operation data it contacts the CTS‑SN through the Fixed Network and performs Operation Data Update procedure according to subclause E.4.4.3.4.1.

E.4.4.2 CTS application signalling via the Fixed Network

CTS may use a specific application protocol on the fixed network interface for operation control purposes. Communication via the fixed network interface may include authentication of the subscriber identity as described in subclause E.3.2.

Due to the fact, that a false CTS-SN can easily be set up, protection of operation data as described in subclause E.4.1.2, is required.

Operation control via the CTS fixed network interface is generally initiated by the local CTS, i.e. the CTS-FP, triggered by time or event control.

An initiation from the CTS-SN to the CTS-FP, is generally not applicable due to missing means of addressing a specific terminal, i.e. the CTS-FP in the fixed network (PSTN case).

However, this shall not exclude that the CTS-SN initiate operation control, if certain network configurations allow this feature.

E.4.4.3 CTS operation control procedures

E.4.4.3.1 Initialisation of a CTS-FP

According to GSM 02.56 and GSM 03.56 the CTS-FP initialisation is the procedure where the CTS-FP is downloaded with the necessary data in order to provide CTS service.

The following procedure applies:

– An initialisation state is triggered by MMI at the CTS-FP;

– The CTS-FP retrieves the CTS-SN directory number from the FP-SIM;

– The CTS-FP contacts the CTS-SN through the fixed line;

– Authentication of the CTS-FP is performed as described in subclause E.4.3.2.1;

– The CTS-SN sends operation data to the CTS-FP; these data are protected as described in subclause E.4.1.2;

– The CTS-FP authenticates the signature of the operation data sent from the CTS-SN;

– The CTS-FP is considered as being initialised.

E.4.4.3.2 De-initialisation of a CTS-FP

The CTS-FP is considered as being de-initialised if it does not have the necessary data to provide CTS service.

This may happen either because:

1 a timer associated to the CTS data has expired and therefore the CTS-FP cannot offer CTS service;

2 a network control mechanism requires CTS-FP de-initialisation;

3 the CTS-FP has been disconnected from the PSTN connection and from the main power for a period of time;

4 the FP-SIM has been removed and a new SIM card inserted in the CTS-FPE.

As the CTS-SN has in general no means to address the CTS-FP, the de-initialisation command is sent when the CTS-FP accesses the CTS-SN.

Case 1

The principle of the time/event controlled mechanism is, that some operation data has a limited validity period. The duration of this period, i.e. a timer, is controlled by the CTS operator.

The operation data is related to one CTS-subscriber that is to the FP-SIM. An authentication of the CTS-FP by the CTS-SN and a token authentication by the CTS-FP is performed in the operation data update procedure as described in subclause E.4.4.3.4.1.

Therefore, the update of the operation data does not require a CTS-MS being enrolled to the CTS-FP. Before the expiry of the validity period timer a data update procedure is triggered as described in subclause E.4.4.3.4.1.

If the validity period expires without an update of the operation data, the CTS-FP is de-initialised and the operation data are deleted from the CTS-FP.

Case 2

In case 2, the de-initialisation procedure is the following:

– The CTS-FP contacts the CTS-SN;

– The CTS-SN performs authentication of the CTS-FP as described in chapter E.4.3.2.1;

– The CTS-SN sends a de-initialisation command using the data protection mechanism described in chapter E.4.2.1;

– The CTS-FP authenticates the signature and deletes the operation data;

– De-initialisation is performed.

The CTS-FP de-initialisation does not imply CTS-MS de-enrolment; the data related to CTS-MS/CTS-FP pair are not deleted from the CTS-FP but CTS service cannot be granted.

Case 3

As some operation data might be related to the location of the CTS-FP, if the CTS-FP is disconnected from the PSTN connection for a certain time (see [4]), the CTS-FP is considered as being de-initialised and the operation data are deleted from the CTS-FP.

Case 4

The operation data are related to the FP-SIM. If a new FP-SIM is inserted in the CTS-FPE the previously stored data should be deleted. The CTS-FP is therefore de-initialised.

E.4.4.3.3 Enrolment

From the CTS supervising security point of view the following requirements have to be fulfilled:

– According to the definitions given in the CTS stage 1 service description, enrolment shall include authentication of the CTS‑subscriber (FP-SIM).

– In addition, if required by the CTS operator an authentication of the CTS-MS subscriber can be performed. (GSM 02.09).

– The local CTS shall receive operation data

– The CTS shall operate in accordance with the settings of this operation data.

Two supervising security methods are defined for enrolment. They are described in the subsequent subclauses.

E.4.4.3.3.1 Enrolment conducted via the CTS fixed network interface

If indicated by the CTS subscription information at the CTS-FP the supervising part of the enrolment is conducted via the CTS fixed network interface.

In this case, after the local part of the enrolment procedure is performed as described in subclause E.3.4.1.1 (we have reached the stage where the CTS-MS transmits through the CTS interface the IMSI, the CTS-FP checks that the IMSI is not enrolled yet), the following procedure applies:

– The CTS-FP calls the CTS-SN through the fixed line;

– The IFPSI and the IMSI are transmitted from the CTS-FP to the CTS-SN; Equipment identities (IMEI, IFPEI) can be transmitted for verification;

– The CTS-HLR performs authentication of the CTS-FP using the authentication key KiFP,A8’ and B5 authentication algorithm as described in subclause E.4.3.2.1;

– After successful authentication of the CTS-FP, the CTS-SN may require the authentication of the CTS-MS. The generation of triplets is achieved in the HLR using the Ki authentication key and the A3 algorithm as described in subclause E.4.3.2.2;

– The CTS-FP checks the validity of the signature as described in subclause E.4.1.2;

– The CTS-FP and the CTS-MS exchange data (as described in the local security part of the enrolment procedure (E.3.4.1.1);

– The CTS-FP indicates successful enrolment to the CTS-MS;

– The enrolment is finished.

Figure E9: CTS supervising security: enrolment of a CTS-MS onto a CTS-FP via the CTS fixed network interface

E.4.4.3.4 Supervising security in the CTS-FP/CTS-SN access procedure

E.4.4.3.4.1 Update of operation data

The update of operation data is required due to the fact, that the validity of some operation data is limited by an operator controlled timer.

The operation data can be updated without a CTS-MS being attached to the CTS-FP, as FP-SIM authentication is performed through the fixed network interface. This allows transparency of the operation control to the user and avoids unnecessary de-initialisation if the user has not performed attachment for a long period of time.

Update of operation is performed via the fixed network interface and the following steps apply:

– Before the validity period expires, the CTS-FP contacts the CTS-SN and requires data update;

– The CTS-HLR authenticates the FP-SIM through the fixed network interface;

– the CTS-HLR checks the subscription validity and sends a new set of operation data to the CTS-FP;

– The CTS-FP authenticates the data signature and starts a new timer;

– The update procedure is finished.

Figure E10: Update of operation data via the CTS fixed network interface

As this timer is an essential part of the CTS operation control, it shall be securely situated within the CTS-FP, i.e. it shall not be possible to reset the time except by valid operations described in this subclause. The security requirements on the timer values and the timer itself are described in subclause E.6.

E.4.5 Equipment checking

Equipment checking can be seen as part of the initialisation, of the enrolment or of the operation data update procedures:

Checking the IFPEI can be part of the initialisation and operation data update procedures.

Checking the IFPEI and the IMEI can be part of the enrolment procedure.

E.4.6 FP-SIM card checking

The FP-SIM presence should be verified and no CTS operation should be allowed if the FP-SIM is not at least present. Furthermore, specific CTS operations should meet the following requirements:

– The CTS-FP initialisation procedure should not be possible if the CTS-FP does not include a valid FP-SIM card, i.e. that contain minimum information to contact the CTS-SN or to operate CTS service.

– The enrolment procedure of a CTS-MS on a CTS-FP should not be initiated if the MS-SIM operator’s identity is in the list of forbidden operators of the FP-SIM.

– CTS operation should not be allowed if there is not a valid FP-SIM card in the CTS-FPE.

The MS-SIM verification follows the normal GSM requirements. The GSM subscription is checked whenever the CTS-MS accesses the PLMN (authentication performed using the IMSI, Ki and A3 in the MS-SIM card).

The MS-SIM card is not tied to the CTS-ME as all the relevant data for local security are stored in the MS-SIM card. If after successful enrolment on a given CTS-FP, the CTS-ME have been changed, no re-enrolment should be needed. The CTS-FP will store the new IMEI sent in the access procedure in association with the local security data.

If the FP-SIM card has been extracted from the CTS-FPE, the latter should check the identity of the new SIM card. If a new FP-SIM card has been inserted in the CTS-FPE, CTS-FP should be re-initialised.