1 Scope
This Standard specifies technical specifications and requirements of police digital trunking communication system in such aspects as authentication, air interface security and end to end security etc.
This Standard is applicable to the construction and application of security encryption subsystem of police digital trunking communication system.
2 Normative References
The following documents for the application of this document are essential. For dated reference, only the edition cited applies. For undated reference, the latest edition of the normative document (including any amendments) applies.
GA/T 1056-2013 Police Digital Trunking Communication System - General Technical Specifications
GA/T 1057-2013 Police Digital Trunking Communication System - Technical Specifications for Physical Layer and Data Link Layer of Air Interface
GA/T 1058-2013 Police Digital Trunking Communication System - Technical Specifications for Call Control Layer of Air Interface
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this document, terms and definitions defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013 as well as the following ones apply.
3.1.1
Authentication
The process to verify the identity legality of the communication participant.
3.1.2
Stun
The process to temporarily disable the mobile station via air interface signaling.
3.1.3
Revive
The process to lift the ban of the stun mobile station via air interface signaling
3.1.4
Kill
The process to permanently disable the mobile station via air interface signaling; the killed mobile station can't be lifted the ban via air interface signaling.
3.1.5
Authentication centre
The security entity responsible for authentication with mobile station.
3.1.6
Authentication key
The key used in the process of authentication.
3.1.7
Random challenge
The random number generated during the authentication of the authentication centre and the mobile station.
3.1.8
Sequence number
Information used to avoid replay or attack between the authentication centre and the mobile station in the process of authentication.
3.1.9
Stun/kill/revive token
The security acknowledgement code of the trunked station for stun/kill/revive operation of the mobile station.
3.1.10
Synchronization random challenge
The random number generated during the authentication sequence number synchronization operation of the authentication centre and the mobile station.
3.1.11
Synchronization token
The security acknowledgement code that the mobile station synchronizes the authentication sequence number to the authentication centre.
3.1.12
Authentication cryptographic algorithm
The cryptographic algorithm used by the authentication centre and the mobile station in the process of authentication.
3.1.13
Air interface security
A security mechanism for protection of the information transmitted via wireless channel between the mobile station and the trunked station, including air interface encryption and integrity protection.
3.1.14
Air interface cipher key
The keys used in the air interface security, including derived cipher key DCK, broadcast cipher key BCK, common cipher key CCK, group cipher key GCK and static cipher key SCK etc.
3.1.15
Air interface cryptographic algorithms
The cryptographic algorithm used by the base station and the mobile station in the process of air interface encryption.
Foreword I
Introduction II
1 Scope
2 Normative References
3 Terms, Definitions and Abbreviations
4 Basic Requirements
Figure 1 PDT Protocol Layer Architecture
Figure 2 Security Mechanisms
5 Authentication Requirements
Table 1 Authentication Requirements of Service Processes
Table 2 Authentication Parameters
Table 3 Authentication Cryptographic Algorithm
Figure 3 Two-way Authentication and Stun/Kill/Revive Process
Figure 4 Sequence Number Synchronization Process
Figure 5 Two-Way Authentication Signaling Process in Logon Procedure
Figure 6 Two-Way Authentication Signaling Process Initiated by TS
Figure 7 Stun/Kill/Revive Signaling Process
Figure 8 Signaling Process of Sequence Number Synchronization
Table 4 AIETYPE Information Element in C_ALOHA Signaling
Table 5 SO.SECDEV Information Element in C_RAND Signaling (Request Logon/Authentication)
Table 6 C_AUTH Signaling
Table 7 AUTH_AP Signaling
Table 8 C_RES/C_NRES Signaling
Table 9 ARC Information Unit in C_ACKD/C_NACKD Signaling
Table 10 C_STUNKILL Signaling
Table 11 C_AUTHSYNCD Signaling
Table 12 AUTHSYNCD_AP Signaling
Table 13 C_AUTHSYNCU Signaling
Table 14 AUTHSYNCU_AP Signaling
6 Air Interface Security
Table 15 Air Interface Cryptographic Algorithms
Figure 9 Relationship between Air Interface Cipher Keys
Figure 10 SYNC Information Element Schematic Diagram
Figure 11 EMB Information Element Schematic Diagram
Figure 12 SLOT TYPE Information Element Schematic Diagram
Figure 13 CACH Information Element Schematic Diagram
Figure 14 Information Element Schematic Diagram for Embedded Signaling Block
Figure 15 Information Element Schematic Diagram for Data Control Frame
Figure 16 Information Element Schematic Diagram for Voice Block
Table 16 Air Interface Pass Indication of Embedded Signaling Block
Table 17 Air Interface Pass indication of Data Control Block
Table 18 Voice Service GRANT Signaling
Figure 17 The Generation of Key Stream
Table 19 Selection of Cipher Key
Figure 18 Multiframe Structure Schematic Diagram
Table 20 Broadcast Message Structure of SLC Multiframe Number High Level
Table 21 Broadcast Message Structure of C_BCAST /P_BCAST Multiframe Number
Table 22 the structure of Air Interface Initialization Vector
Table 23 Key Stream Length
Figure 19 Generation of Integrity Check Code
Table 24 The Length of Integrity Check Code
Figure 20 Renewal BCK Schematic Diagram
7 End to End Voice Encryption
Figure 21 Voice Time Slot Map
Table 25 End-to-end Encryption Control Block Structure
Figure 22 End-to-end Encryption Control Block Format in the PI Head
Table 26 PI Identification
Table 27 Definition of End-to-end Encryption Control Frame Information Element in Embedded Signaling
Figure 23 End-to-end Encryption Control Block Format for Embedded Signaling
Figure 24 Schematic Diagram of Interaction Between the Mobile Station and the Safety Chip
Figure 25 Synchronous Mechanism Schematic Diagram
Figure 26 End-to-end Encryption Calling Process Schematic Diagram
8 End-to-end data security
Figure 27 Data Time Slot Graph
Table 28 End-to-end Encryption Data Head
Table 29 DPF and SAP Information Element
Figure 28 Figure 28 Data Encryption Process
Appendix A (Informative) MSC Figure
Figure A.1 MSC figure