This Standard specifies technical specifications and requirements of police digital trunking communication system in such aspects as authentication, air interface security and end to end security etc.
This Standard is applicable to the construction and application of security encryption subsystem of police digital trunking communication system.
2 Normative References
The following documents for the application of this document are essential. For dated reference, only the edition cited applies. For undated reference, the latest edition of the normative document (including any amendments) applies.
GA/T 1056-2013 Police Digital Trunking Communication System - General Technical Specifications
GA/T 1057-2013 Police Digital Trunking Communication System - Technical Specifications for Physical Layer and Data Link Layer of Air Interface
GA/T 1058-2013 Police Digital Trunking Communication System - Technical Specifications for Call Control Layer of Air Interface
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
For the purposes of this document, terms and definitions defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013 as well as the following ones apply.
3.1.1
Authentication
The process to verify the identity legality of the communication participant.
3.1.2
Stun
The process to temporarily disable the mobile station via air interface signaling.
3.1.3
Revive
The process to lift the ban of the stun mobile station via air interface signaling
3.1.4
Kill
The process to permanently disable the mobile station via air interface signaling; the killed mobile station can't be lifted the ban via air interface signaling.
3.1.5
Authentication centre
The security entity responsible for authentication with mobile station.
3.1.6
Authentication key
The key used in the process of authentication.
3.1.7
Random challenge
The random number generated during the authentication of the authentication centre and the mobile station.
3.1.8
Sequence number
Information used to avoid replay or attack between the authentication centre and the mobile station in the process of authentication.
3.1.9
Stun/kill/revive token
The security acknowledgement code of the trunked station for stun/kill/revive operation of the mobile station.
3.1.10
Synchronization random challenge
The random number generated during the authentication sequence number synchronization operation of the authentication centre and the mobile station.
3.1.11
Synchronization token
The security acknowledgement code that the mobile station synchronizes the authentication sequence number to the authentication centre.
3.1.12
Authentication cryptographic algorithm
The cryptographic algorithm used by the authentication centre and the mobile station in the process of authentication.
3.1.13
Air interface security
A security mechanism for protection of the information transmitted via wireless channel between the mobile station and the trunked station, including air interface encryption and integrity protection.
3.1.14
Air interface cipher key
The keys used in the air interface security, including derived cipher key DCK, broadcast cipher key BCK, common cipher key CCK, group cipher key GCK and static cipher key SCK etc.
3.1.15
Air interface cryptographic algorithms
The cryptographic algorithm used by the base station and the mobile station in the process of air interface encryption.
Foreword I Introduction II 1 Scope 2 Normative References 3 Terms, Definitions and Abbreviations 4 Basic Requirements Figure 1 PDT Protocol Layer Architecture Figure 2 Security Mechanisms 5 Authentication Requirements Table 1 Authentication Requirements of Service Processes Table 2 Authentication Parameters Table 3 Authentication Cryptographic Algorithm Figure 3 Two-way Authentication and Stun/Kill/Revive Process Figure 4 Sequence Number Synchronization Process Figure 5 Two-Way Authentication Signaling Process in Logon Procedure Figure 6 Two-Way Authentication Signaling Process Initiated by TS Figure 7 Stun/Kill/Revive Signaling Process Figure 8 Signaling Process of Sequence Number Synchronization Table 4 AIETYPE Information Element in C_ALOHA Signaling Table 5 SO.SECDEV Information Element in C_RAND Signaling (Request Logon/Authentication) Table 6 C_AUTH Signaling Table 7 AUTH_AP Signaling Table 8 C_RES/C_NRES Signaling Table 9 ARC Information Unit in C_ACKD/C_NACKD Signaling Table 10 C_STUNKILL Signaling Table 11 C_AUTHSYNCD Signaling Table 12 AUTHSYNCD_AP Signaling Table 13 C_AUTHSYNCU Signaling Table 14 AUTHSYNCU_AP Signaling 6 Air Interface Security Table 15 Air Interface Cryptographic Algorithms Figure 9 Relationship between Air Interface Cipher Keys Figure 10 SYNC Information Element Schematic Diagram Figure 11 EMB Information Element Schematic Diagram Figure 12 SLOT TYPE Information Element Schematic Diagram Figure 13 CACH Information Element Schematic Diagram Figure 14 Information Element Schematic Diagram for Embedded Signaling Block Figure 15 Information Element Schematic Diagram for Data Control Frame Figure 16 Information Element Schematic Diagram for Voice Block Table 16 Air Interface Pass Indication of Embedded Signaling Block Table 17 Air Interface Pass indication of Data Control Block Table 18 Voice Service GRANT Signaling Figure 17 The Generation of Key Stream Table 19 Selection of Cipher Key Figure 18 Multiframe Structure Schematic Diagram Table 20 Broadcast Message Structure of SLC Multiframe Number High Level Table 21 Broadcast Message Structure of C_BCAST /P_BCAST Multiframe Number Table 22 the structure of Air Interface Initialization Vector Table 23 Key Stream Length Figure 19 Generation of Integrity Check Code Table 24 The Length of Integrity Check Code Figure 20 Renewal BCK Schematic Diagram 7 End to End Voice Encryption Figure 21 Voice Time Slot Map Table 25 End-to-end Encryption Control Block Structure Figure 22 End-to-end Encryption Control Block Format in the PI Head Table 26 PI Identification Table 27 Definition of End-to-end Encryption Control Frame Information Element in Embedded Signaling Figure 23 End-to-end Encryption Control Block Format for Embedded Signaling Figure 24 Schematic Diagram of Interaction Between the Mobile Station and the Safety Chip Figure 25 Synchronous Mechanism Schematic Diagram Figure 26 End-to-end Encryption Calling Process Schematic Diagram 8 End-to-end data security Figure 27 Data Time Slot Graph Table 28 End-to-end Encryption Data Head Table 29 DPF and SAP Information Element Figure 28 Figure 28 Data Encryption Process Appendix A (Informative) MSC Figure Figure A.1 MSC figure
