Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TR 33.969  Word version:  17.1.0

Top   Top   Up   Prev   None
1…   4…
4 Recommendations on security requirements of PWS5 System architecture of PWS6 Security features of PWS7 Possible Security solutions of PWS8 Evaluation of different solutions9 Key issues for establishing service requirements and designing a PWS security system10 ConclusionA Archived solutionsB Threat discussion depending on the PWS settings in the UE relating to roaming$ Change History

 

4  Recommendations on security requirements of PWSp. 12

5  System architecture of PWSp. 13

6  Security features of PWSp. 14

6.1  PWS threats and analysisp. 14

6.1.1  Generalp. 14

6.1.2  PWS Security circumvention attackp. 14

6.1.3  Spoofing, tampering, and suppressingp. 15

6.1.4  Threats to the delivery of the public keyp. 15

6.1.5  Location of node protecting the public key delivery in PWSp. 16

6.2  Proposed security features of PWSp. 16

6.2.1  Generalp. 16

6.2.2  Restrictions on the PWS message signature lengthp. 18

6.2.2.1  Generalp. 18

6.2.2.2  Warning message format in CMAS, KPAS, and EU-Alertp. 18

6.2.2.3  Warning message format in ETWSp. 18

6.2.2.4  Conclusion on signature lengthp. 19

6.2.3  Algorithm agility of PWSp. 20

6.2.3.1  Generalp. 20

6.2.3.2  ECDSA domain parametersp. 20

6.2.4  Security level and key length of signature algorithms proposedp. 22

6.2.5  Verification of PWS Warning Notification messagep. 24

6.2.5.1  Generalp. 24

6.2.5.2  Handling of Warning Notifications without signaturep. 24

6.2.6  Primary and secondary notificationsp. 25

6.2.7  Network sharing impact to PWS Securityp. 26

6.2.7.1  Generalp. 26

6.2.7.2  GWCN configurationp. 26

6.2.7.3  MOCN configurationp. 27

6.2.8  Triggering condition for public key updatep. 28

6.2.9  Roaming impact to PWS Securityp. 29

6.2.10  Discussion on parameters to be sent when distributing public keys or broadcasting warning messagesp. 31

6.2.10.1  Public Key Identifier (PKID)p. 31

6.2.10.2  Signing entity identifierp. 31

6.2.10.3  Signature Algorithm Identifier (SAI)p. 32

6.2.10.4  Domain parametersp. 32

6.2.10.5  Domain set indicatorp. 32

6.2.10.6  Hash function indicatorp. 32

6.2.10.7  Network Security Use Counter (NSUC)p. 32

6.2.10.8Void

6.2.10.9Void

6.2.10.10  Conclusionp. 32

6.2.11  Considerations on networks in disaster areasp. 34

7  Possible Security solutions of PWSp. 34

7.0  Generalp. 34

7.1Void

7.2Void

7.3  Solution 3: NAS based solutionp. 35

7.3.1  Generalp. 35

7.3.2  PWS public key distributionp. 35

7.3.2.1  Initial PWS public key distributionp. 35

7.3.2.2  Core network PWS public key configurationp. 37

7.3.2.3  PWS public key updatep. 38

7.3.3  PWS Warning Notification messagep. 40

7.3.4  Solutions to security issues in GSM/GPRS and with 2G subscribers in UMTSp. 43

7.3.4.1  Generalp. 43

7.3.4.2  Re-use current GSM/GPRS security mechanism with initiating cipheringp. 44

7.3.4.3  Enhanced integrity protection mechanism for GSM /GPRSp. 46

7.3.4.4  Limiting key updates in GSM/GPRSp. 47

7.3.4.5  Mechanisms of NAS solution for GSM/GPRSp. 47

7.3.4.6  Delaying public key update using a UE-controlled timerp. 47

7.4  Solution 4: GBA based protectionp. 49

7.4.1  Generalp. 49

7.4.2  GBA based protection mechanism for public key distributionp. 49

7.4.2.1  Key establishmentp. 49

7.4.2.2  Security protocolp. 51

7.4.3  Transport mechanismsp. 52

7.4.3.1  Transport mechanisms for establishment of GBA keysp. 52

7.4.3.2  Transport mechanisms for public key distributionp. 52

7.4.4  Analysisp. 54

7.4.4.1  Prosp. 54

7.4.4.2  Consp. 54

7.4.4.3  Costp. 54

7.4.4.4  Comparison to other solutionsp. 55

7.5  Solution 5: using NAS layer securityp. 56

7.5.1  High level solution discussionp. 56

7.5.2  Solution detailsp. 57

7.5.2.1  Generalp. 57

7.5.2.2  Changes in the mobility messages from the UEp. 57

7.5.2.3  Changes to the authentication procedurep. 57

7.5.2.4  Changes to context transfers between core network nodesp. 57

7.5.3  Comparison with other solutionsp. 58

7.6  Solution 6: implicit certificate PKI based PWS solutionp. 59

7.6.1  Generalp. 59

7.6.1.1  CA updating via PWS test messagingp. 60

7.6.1.2  CA updating via (U)SIMp. 61

7.6.2  Certificate authoritiesp. 62

7.6.2.1  Generalp. 62

7.6.2.2  UE provisioning [public key] and [CA-ID] updating of home networkp. 63

7.6.2.3  Roaming considerationsp. 64

7.6.3  Implicit certificatesp. 65

7.6.3.1  High level view of an implicit certificate approach from the UE perspectivep. 65

7.6.3.2  Generation of implicit certificatep. 66

7.6.3.3  PWS Security contentsp. 67

7.6.4  Properties of solutionp. 70

7.7  Solution 7: generalized certificate-based approach for PWSp. 71

7.7.1  Introductionp. 71

7.7.2  Structure of CAsp. 72

7.7.2.1  Top-down approach to CAsp. 72

7.7.2.2  Bottom-up approach to CAsp. 72

7.7.2.3  More complex CA structuresp. 72

7.7.2.4  Comparison with server certificates in other 3GPP specificationsp. 73

7.7.3  Distribution of public root keysp. 74

7.7.3.1  Pre-installation in terminals at manufacturing timep. 74

7.7.3.2  Configuration when terminal is first taken into usep. 74

7.7.3.3  Public key update and revocationp. 74

7.7.3.4  Comparison with server certificates in other 3GPP specificationsp. 74

7.7.4  Certificate format and distribution of certificatesp. 75

7.7.5  Considerations on pre-provisioned CAs public keys shared by CBEsp. 76

7.8  Solution 8: national PWS solution based on UICC OTAp. 78

7.8.1  Introductionp. 78

7.8.2  Distribution of PWS public keys and parametersp. 79

7.8.2.1  USIM file organization for PWS Securityp. 79

7.8.2.2  UICC OTA message formatp. 79

7.8.3  Format and handling of PWS notificationp. 80

7.9  Solutions to counter the PWS Security circumvention attack and to mitigate the risk of displaying false unprotected warning messagesp. 81

7.9.0  Generalp. 81

7.9.1  Solution A: No display of unauthenticated warning messagesp. 81

7.9.2  Solution B: Network-independent location verificationp. 82

7.9.3  Solution C: Using a UE-controlled timerp. 84

7.9.4  Recommendationp. 84

7.10  The use of signing proxiesp. 85

8  Evaluation of different solutionsp. 88

8.1Void

8.2Void

8.3  Evaluation of solution 3p. 88

8.3.1  Public key lengthp. 88

8.3.2  NAS message consumption for public keyp. 88

8.3.3  Frequency of NAS message carrying public keyp. 91

8.3.4  Number of CBEs / Signing proxyp. 92

8.3.5  Evaluation of solutions to security issues in GSM/GPRS and with 2G subscribers in UMTSp. 94

8.3.5.1  Generalp. 94

8.3.5.2  Re-use current GSM/GPRS security mechanism with initiating cipheringp. 94

8.3.5.3  Enhanced integrity protection mechanism for GSM /GPRSp. 94

8.3.5.4  Limiting key updates in GSM/GPRSp. 95

8.3.5.5  Mechanisms of NAS solution for GSM/GPRSp. 95

8.3.5.6  Delaying public key update using a UE-controlled timerp. 95

8.4Void

8.5Void

8.6  Evaluation of solution 6 and solution 7p. 97

8.6.1  Same points for bothp. 97

8.6.2  Specific points for implicit certificate basedp. 97

8.6.3  Specific points for generalized certificate basedp. 97

8.7Void

8.8  Evaluation of solution 8p. 98

8.9  Evaluation of signature algorithms in PWSp. 98

8.9.1  Generalp. 98

8.9.2  Digital Signature Algorithm (DSA)p. 98

8.9.3  Elliptic Curve Digital Signature Algorithm (ECDSA)p. 98

8.9.4  ECQV basedp. 99

9  Key issues for establishing service requirements and designing a PWS security systemp. 100

10  Conclusionp. 101

A  Archived solutionsp. 102

A.1  Solution 1p. 102

A.1.1  Public key distributionp. 102

A.1.2  Public key distribution in UMTSp. 104

A.1.3  Signature algorithm agilityp. 105

A.1.4  Distribution of signature algorithm identifier in UMTSp. 106

A.1.5  Verification of PWS Warning Notification messagep. 107

A.2  Solution 2p. 108

A.2.1  Generalp. 108

A.2.2  Initial PWS key distributionp. 108

A.2.3  Network PWS key configurationp. 109

A.2.4  PWS key updatep. 109

A.2.5  Delivery of PWS Warning Notification messagep. 111

B  Threat discussion depending on the PWS settings in the UE relating to roamingp. 112

$  Change Historyp. 116

Up   Top