1
/
von
10
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GA/T 1059-2013 English PDF (GAT1059-2013)
GA/T 1059-2013 English PDF (GAT1059-2013)
Normaler Preis
$1,290.00 USD
Normaler Preis
Verkaufspreis
$1,290.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GA/T 1059-2013
Historical versions: GA/T 1059-2013
Preview True-PDF (Reload/Scroll if blank)
GA/T 1059-2013: Police digital trunking communication system--Security technical specifications
GA/T 1059-2013
GA
PUBLIC SECURITY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 33.060.01
A 90
Police Digital Trunking Communication System - Security
Technical Specifications
ISSUED ON: MARCH 20, 2013
IMPLEMENTED ON: MARCH 20, 2013
Issued by: Ministry of Public Security of the People’s Republic of China
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms, Definitions and Abbreviations ... 5
4 Basic Requirements ... 10
5 Authentication Requirements ... 11
6 Air Interface Security ... 25
7 End to End Voice Encryption ... 39
8 End to End Data Security ... 47
Appendix A (informative) MSC Chart ... 51
Police Digital Trunking Communication System - Security
Technical Specifications
1 Scope
This Standard specifies the technical specifications and requirements for authentication, air
interface security and end to end security applied in the police digital trunking (PDT)
communication system.
This Standard is applicable to the construction and application of the security encryption
subsystem of the police digital trunking (PDT) communication system.
2 Normative References
The following documents are indispensable to the application of this document. In terms of
references with a specified date, only versions with a specified date are applicable to this
document. In terms of references without a specified date, the latest version (including all the
modifications) is applicable to this document.
GA/T 1056-2013 Police Digital Trunking Communication System - General Technical
Specifications
GA/T 1057-2013 Police Digital Trunking Communication System - Technical Specifications
for Physical Layer and Data Link Layer of Air Interface
GA/T 1058-2013 Police Digital Trunking Communication System - Technical Specifications
for Call Control Layer of Air Interface
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
The terms and definitions defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013,
and the following are applicable to this document.
3.1.1 authentication
The process of verifying the legitimacy of the identities of communication participants.
3.1.2 stun
The process of temporarily disabling a mobile station using air interface signaling.
3.1.3 revive
The process of unlocking a mobile station that has been stunned using air interface signaling.
3.1.4 kill
The process of permanently disabling a mobile station using air interface signaling. A killed
mobile station cannot be unlocked through air interface signaling.
3.1.5 authentication center
A security entity responsible for authenticating with mobile stations.
3.1.6 authentication key
A key used during authentication.
3.1.7 random challenge
The random number generated when the authentication center authenticates with a mobile
station.
3.1.8 sequence number
During authentication, the information between the authentication center and the mobile station
used to prevent replay attacks.
3.1.9 stun / kill / revive token
A security confirmation code when the trunked station performs stun / kill / revive operations
on the mobile station.
3.1.10 synchronization random challenge
The random number generated when the authentication center and the mobile station perform
authentication sequence number synchronization operations.
3.1.11 synchronization token
A security confirmation code when the mobile station synchronizes the authentication sequence
number with the authentication center.
3.1.12 authentication cryptographic algorithm
The cryptographic algorithm used by the authentication center and the mobile station during
authentication.
3.1.13 air interface security
The security mechanism that protects information transmitted on the wireless channel between
the mobile station and trunked station. It is also known as air security for short and includes air
interface encryption and integrity protection.
3.1.14 air interface cipher key
A cipher key used in air interface security, including derived cipher key DCK, broadcast cipher
key BCK, common cipher key CCK, group cipher key GCK and static cipher key SCK, etc.
3.1.15 air interface cryptographic algorithms
The cryptographic algorithm used by the base station and mobile station during air interface
encryption process.
3.1.16 end to end security
A security mechanism that provides full protection to the information transmitted between the
transmitting end and the receiving end, including end to end voice encryption and end to end
data security.
3.2 Abbreviations
The abbreviations defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013, and the
following are applicable to this document. For ease of use, some abbreviations in GA/T 1056-
2013, GA/T 1057-2013 and GA/T 1058-2013 are repeatedly listed here.
AIEAID: Air Interface Encryption Algorithm Identity
AIV: Air Interface Initialization Vector
AuC: Authentication Center
BCK: Broadcast Cipher Key
CACH: Common Announcement Channel
CC: Color Code
CCK: Common Cipher Key
CCKID: Common Cipher Key Identity
CCL: Call Control Layer
CCSUM: Cryptographic Checksum
CHAN: Channel Number
CRC: Cyclic Redundancy Check
CSBK: Control Signaling Block
CSBKO: CSBK Opcode
CSC: Common Slot Counter
DBSN: Data Block Serial Number
DCK: Derived Cipher Key
DLL: Data Link Layer
DMO: Direct Mode
E2EE: End to End Encryption
ECK: Encryption Cipher Key
EMB: Embedded Signaling Field
FEC: Forward Error Correction
FID: Feature set ID
FLC: Full Link Control
FN: Frame Number
GCCK: Group Common Cipher Key
GCK: Group Cipher Key
IV: Initialization Vector
ICF: Integrity Check Factor
KI: Key Index
KSS: Key Stream Segment
LB: Last Block
LC: Link Control
MBC: Multiple Block Control
MFID: Manufacturer’s specific FID
MFN: Multiframe Number
MS: Mobile Station
4) Utilize algorithm PA1 to calculate TSAuthCode and TSConfCode;
5) The system sends RAND, SEQ and TSAuthCode to MS.
b) The authentication response process on the MS side:
1) The MS receives RAND, SEQ and TSAuthCode from the system;
2) Compare SEQ with SEQMS locally stored by the MS:
---If SEQ SEQMS or SEQ SEQMS + WINSIZE, the MS returns an
authentication failure message to the system and ends the authentication
operation flow;
---If SEQMS < SEQ < SEQMS + WINSIZE, continue the following operation flow;
3) Utilize algorithm PA1 to calculate XTSAuthCode and XTSConfCode;
4) Compare XTSAuthCode with TSAuthCode:
---If they are inconsistent, return the authentication failure message to the system
and end the authentication operation flow;
---If they are consistent, continue the following operation flow;
5) Utilize algorithm PA2 to calculate MSAuthCode;
6) The MS sends MSAuthCode to the system;
7) The MS saves the received sequence number SEQ as the new local sequence
number SEQMS.
c) The authentication verification process on the system side:
1) The system receives MSAuthCode from the MS;
2) AuC utilizes algorithm PA2 to calculate XMSAuthCode;
3) Compare XMSAuthCode with the received MSAuthCode:
---If they are inconsistent, the system returns the authentication failure message
to the MS and ends the authentication operation flow;
---If they are consistent, the system returns an authentication success message
containing TSConfCode to the MS.
d) The confirmatio...
Get QUOTATION in 1-minute: Click GA/T 1059-2013
Historical versions: GA/T 1059-2013
Preview True-PDF (Reload/Scroll if blank)
GA/T 1059-2013: Police digital trunking communication system--Security technical specifications
GA/T 1059-2013
GA
PUBLIC SECURITY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 33.060.01
A 90
Police Digital Trunking Communication System - Security
Technical Specifications
ISSUED ON: MARCH 20, 2013
IMPLEMENTED ON: MARCH 20, 2013
Issued by: Ministry of Public Security of the People’s Republic of China
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms, Definitions and Abbreviations ... 5
4 Basic Requirements ... 10
5 Authentication Requirements ... 11
6 Air Interface Security ... 25
7 End to End Voice Encryption ... 39
8 End to End Data Security ... 47
Appendix A (informative) MSC Chart ... 51
Police Digital Trunking Communication System - Security
Technical Specifications
1 Scope
This Standard specifies the technical specifications and requirements for authentication, air
interface security and end to end security applied in the police digital trunking (PDT)
communication system.
This Standard is applicable to the construction and application of the security encryption
subsystem of the police digital trunking (PDT) communication system.
2 Normative References
The following documents are indispensable to the application of this document. In terms of
references with a specified date, only versions with a specified date are applicable to this
document. In terms of references without a specified date, the latest version (including all the
modifications) is applicable to this document.
GA/T 1056-2013 Police Digital Trunking Communication System - General Technical
Specifications
GA/T 1057-2013 Police Digital Trunking Communication System - Technical Specifications
for Physical Layer and Data Link Layer of Air Interface
GA/T 1058-2013 Police Digital Trunking Communication System - Technical Specifications
for Call Control Layer of Air Interface
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
The terms and definitions defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013,
and the following are applicable to this document.
3.1.1 authentication
The process of verifying the legitimacy of the identities of communication participants.
3.1.2 stun
The process of temporarily disabling a mobile station using air interface signaling.
3.1.3 revive
The process of unlocking a mobile station that has been stunned using air interface signaling.
3.1.4 kill
The process of permanently disabling a mobile station using air interface signaling. A killed
mobile station cannot be unlocked through air interface signaling.
3.1.5 authentication center
A security entity responsible for authenticating with mobile stations.
3.1.6 authentication key
A key used during authentication.
3.1.7 random challenge
The random number generated when the authentication center authenticates with a mobile
station.
3.1.8 sequence number
During authentication, the information between the authentication center and the mobile station
used to prevent replay attacks.
3.1.9 stun / kill / revive token
A security confirmation code when the trunked station performs stun / kill / revive operations
on the mobile station.
3.1.10 synchronization random challenge
The random number generated when the authentication center and the mobile station perform
authentication sequence number synchronization operations.
3.1.11 synchronization token
A security confirmation code when the mobile station synchronizes the authentication sequence
number with the authentication center.
3.1.12 authentication cryptographic algorithm
The cryptographic algorithm used by the authentication center and the mobile station during
authentication.
3.1.13 air interface security
The security mechanism that protects information transmitted on the wireless channel between
the mobile station and trunked station. It is also known as air security for short and includes air
interface encryption and integrity protection.
3.1.14 air interface cipher key
A cipher key used in air interface security, including derived cipher key DCK, broadcast cipher
key BCK, common cipher key CCK, group cipher key GCK and static cipher key SCK, etc.
3.1.15 air interface cryptographic algorithms
The cryptographic algorithm used by the base station and mobile station during air interface
encryption process.
3.1.16 end to end security
A security mechanism that provides full protection to the information transmitted between the
transmitting end and the receiving end, including end to end voice encryption and end to end
data security.
3.2 Abbreviations
The abbreviations defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013, and the
following are applicable to this document. For ease of use, some abbreviations in GA/T 1056-
2013, GA/T 1057-2013 and GA/T 1058-2013 are repeatedly listed here.
AIEAID: Air Interface Encryption Algorithm Identity
AIV: Air Interface Initialization Vector
AuC: Authentication Center
BCK: Broadcast Cipher Key
CACH: Common Announcement Channel
CC: Color Code
CCK: Common Cipher Key
CCKID: Common Cipher Key Identity
CCL: Call Control Layer
CCSUM: Cryptographic Checksum
CHAN: Channel Number
CRC: Cyclic Redundancy Check
CSBK: Control Signaling Block
CSBKO: CSBK Opcode
CSC: Common Slot Counter
DBSN: Data Block Serial Number
DCK: Derived Cipher Key
DLL: Data Link Layer
DMO: Direct Mode
E2EE: End to End Encryption
ECK: Encryption Cipher Key
EMB: Embedded Signaling Field
FEC: Forward Error Correction
FID: Feature set ID
FLC: Full Link Control
FN: Frame Number
GCCK: Group Common Cipher Key
GCK: Group Cipher Key
IV: Initialization Vector
ICF: Integrity Check Factor
KI: Key Index
KSS: Key Stream Segment
LB: Last Block
LC: Link Control
MBC: Multiple Block Control
MFID: Manufacturer’s specific FID
MFN: Multiframe Number
MS: Mobile Station
4) Utilize algorithm PA1 to calculate TSAuthCode and TSConfCode;
5) The system sends RAND, SEQ and TSAuthCode to MS.
b) The authentication response process on the MS side:
1) The MS receives RAND, SEQ and TSAuthCode from the system;
2) Compare SEQ with SEQMS locally stored by the MS:
---If SEQ SEQMS or SEQ SEQMS + WINSIZE, the MS returns an
authentication failure message to the system and ends the authentication
operation flow;
---If SEQMS < SEQ < SEQMS + WINSIZE, continue the following operation flow;
3) Utilize algorithm PA1 to calculate XTSAuthCode and XTSConfCode;
4) Compare XTSAuthCode with TSAuthCode:
---If they are inconsistent, return the authentication failure message to the system
and end the authentication operation flow;
---If they are consistent, continue the following operation flow;
5) Utilize algorithm PA2 to calculate MSAuthCode;
6) The MS sends MSAuthCode to the system;
7) The MS saves the received sequence number SEQ as the new local sequence
number SEQMS.
c) The authentication verification process on the system side:
1) The system receives MSAuthCode from the MS;
2) AuC utilizes algorithm PA2 to calculate XMSAuthCode;
3) Compare XMSAuthCode with the received MSAuthCode:
---If they are inconsistent, the system returns the authentication failure message
to the MS and ends the authentication operation flow;
---If they are consistent, the system returns an authentication success message
containing TSConfCode to the MS.
d) The confirmatio...
Share
