TIA-1053-2005.pdf

TIA STANDARD Broadcast/Multicast Service Security Framework TIA-1053 January 2005 TELECOMMUNICATIONS INDUSTRY ASSOCIATION The Telecommunications Industry Association represents the communications sector of Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Standards Proposal No. 3-0178, formulated under the cognizance of the TIA TR-45 Subcommittee on Mobile and Personal Communications Systems.) Published by ©TELECOMMUNICATIONS INDUSTRY ASSOCIATION 2004 Standards and Technology Department 2500 Wilson Boulevard Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call Global Engineering Documents, USA and Canada (1-800-854-7179) International (303-397-7956) or search online at http:/www.tiaonline.org/standards/search_n_order.cfm All rights reserved Printed in U.S.A. Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents either in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this document, please contact TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission. Details are located at: http:/www.tiaonline.org/about/faqDetail.cfm?id=18 OR Telecommunications Industry Association Standards (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NON- INFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- BCMCS Security Framework TIA-1053 i Table of Contents 1 1 Introduction and Scope.1 2 2 References.1 3 3 Definitions and Abbreviations1 4 4 Overview of BCMCS3 5 4.1 Introduction to BCMCS3 6 4.2 Summary of Key Management.4 7 4.2.1 Authentication-Key5 8 4.2.2 Authorization Signature .5 9 4.3 Security Functional Architecture6 10 4.3.1 Summary of Functional Entities.6 11 4.3.2 Summary of Key Distribution7 12 4.3.3 Authentication-Key Challenge Response Protocol 9 13 4.3.4 Computation of the Authorization Signature10 14 4.4 BAK Management10 15 4.4.1 Authenticating BAK Requests .11 16 4.4.2 Storage of BAK11 17 4.4.3 Updating BAK before use12 18 4.5 BCMCS Security Algorithms.12 19 4.5.1 Encryption of Content12 20 4.5.2 Encryption of BAK 12 21 4.5.3 Management of TK 13 22 4.5.4 SK.14 23 4.5.5 Authentication Key 14 24 5 Motivation.15 25 5.1 Design Philosophy15 26 5.1.1 A Specific Goal15 27 5.2 Motivation for Establishing Registration Keys.15 28 29 Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- TIA-1053 BCMCS Security Framework ii This page intentionally left blank. 1 2 Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- BCMCS Security Framework TIA-1053 1 1 Introduction and Scope 1 This document defines the security framework for the Broadcast-Multicast Services (BCMCS). 2 The security framework provides a logical description of the security information, functions 3 and protocols for BCMCS. The architectural design of the network that supports these 4 functions is outside the scope of this document. 5 2 References 6 2.1 Normative References 7 The following standards contain provisions which, through reference in this text, constitute 8 provisions of this Standard. At the time of publication, the editions indicated were valid. All 9 standards are subject to revision, and parties to agreements based on this Standard are 10 encouraged to investigate the possibility of applying the most recent editions of the standards 11 indicated below. ANSI and TIA maintain registers of currently valid national standards 12 published by them. 13 1 TIA TR45.AHAG, Common Cryptographic Algorithms, Revision D.1, September 2000. 14 2 TIA-946, Enhanced Cryptographic Algorithms, June 2003. 15 3 TIA-1006, cdma2000® High Rate Broadcast-Multicast Packet Data Air Interface Specification, 16 February 2004. 17 4 IETF RFC 3711 Secure Real-time Transport Protocol (SRTP), March 2004. 18 5 IETF RFC 2617, HTTP Authentication: Basic and Digest Access Authentication, June 1999. 19 2.2 Informative References 20 None. 21 3 Definitions and Abbreviations 22 For the purposes of this standard, the following definitions apply. 23 Auth-Key Authentication Key: Used during BCMCS information acquisition for authentication and 24 integrity protection 25 ® cdma2000® is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of 3GPP2. When applied to goods and services, the cdma2000® mark certifies their compliance with cdma2000® standards. Geographically (and as of the date of publication), cdma2000® is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States. Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- TIA-1053 BCMCS Security Framework 2 Authorization Signature Generated by mobile station from a BAK and a time stamp and verified by 1 the serving system. The authorization signature verifies that the mobile station is authorized to 2 access a corresponding BCMCS flow. 3 BAK 128-bit Broadcast Access Key: Provides access to one or more multicast IP flows of a 4 particular set of BCMCS programs for a certain amount of time (for example, one day, week or 5 month). Each encrypted set of BCMCS programs have a different BAK value. Each BAK 6 should have the following associated values: 7 BAK_ID: BAK identifier. A sequence number that identifies which value of BAK is 8 currently valid for a particular BCMCS Multicast IP Flow; that is, the BAK is 9 identified by the combination of a BCMCS_FLOW_ID and BAK_ID. For a particular 10 BAK, the corresponding value of BAK_ID is the same for all users. 11 BAK_Expire: Indicates when the BAK will expire. This may be indicated by the time when 12 the BAK will expire, or by the Delta time left until the BAK expires, in which case it 13 is calculated when a new BAK is received. Therefore, there may be multiple 14 BAK_Expire values associated with the same BAK. Before the BAK_Expire time 15 expires, the MS is expected to request a new BAK value. 16 BCMC Content Broadcast-Multicast Content, also referred to simply as Content. The content is the 17 data being broadcast. Typically, this is expected to be audio-visual data. 18 BCMCS Broadcast-Multicast Service. BCMCS is the name of the system offering broadcast 19 and multicast services. 20 BCMCS Content Stream A single BCMCS program identified by content name. This is also 21 referred to simply as a content stream. A content stream can be considered as equivalent to a 22 TV channel. For example, the document may refer to a “CNN BCMCS content stream” or 23 “local news BCMCS content stream”. A BCMCS Content Stream may consist of multiple 24 Multicast IP Flows. 25 BCMCS_FLOW_ID A value used for identification of a BCMCS Multicast IP Flow. 26 CS Content Source (functional entity): Provides the unencrypted data for the service. A CS may be 27 a proxy or an aggregator for other content servers, but from a network point of view, it is the 28 provider of content to the MS. 29 BAKG BAK Generator (functional entity): Generates BAK, determines BAK_ID and BAK_Expire, 30 and delivers them to the BAKD and SKM. BAKs should be generated in a secure manner and 31 appear random. 32 BAKD BAK Distributor (functional entity): Obtains authorization and TK from SM and encrypts 33 BAK for delivery to UIMs. 34 CE Content Encryptor (functional entity): Encrypts content from the CS, and sends the encrypted 35 content to the MS via the cellular system. 36 MS Mobile Station: For the purposes of this document, the MS is considered as two separate 37 entities, the UIM and ME. Note that this does not preclude the use of a stand-alone secure MS 38 (trustworthy mobile equipment with internal secure memory). 39 UIM: User Identity Module (UIM): The UIM is a low power processor that 40 contains secure memory. The UIM may be removable (like a SIM card) or 41 part of the MS itself. The UIM calculates the SK used by the ME to decrypt 42 the content. 43 ME: Mobile Equipment: The ME contains a high power processor, but no secure 44 memory. It uses the SK, received from the UIM, to decrypt the content. 45 Multicast IP Flow. Similar to an ordinary IP flow, with the exception that the destination address is an 46 IP Multicast address. The flow can be identified by source IP address, source port, destination 47 IP Multicast address, and destination port. 48 Copyright Telecommunications Industry Association Provided by IHS under license with EIALicensee=IHS Employees/1111111001, User=Wing, Bernie Not for Resale, 03/29/2007 23:33:38 MDTNo reproduction or networking permitted without license from IHS -,-,- BCMCS Security Framework TIA-1053 3 RK Registration Key: provisioned in the UIM and SM prior to service. Each SM should have a 1 unique 128-bit RK for each UIM. 2 SK Short-term Key: The 128-bit SK is used by the CE to encrypt the BCMC content and the SK is 3 used by the MS to decrypt the content. The SK is calculated in the SKM and the UIM. The SK 4 is derived from SK_RAND and BAK. 5 SK_RAND: SK Random Number used to calculate a unique SK. 6 SKM SK Manager (functional entity): Generates SK using BAK and SK_RAND and passes SK, 7 SK_RAND and BAK_ID to the CE. 8 SP Service Provider: a network providing voice/data services. 9 Visited SP The serving network in which the MS is currently located. 10 Home SP The network h