| GA/T 1059-2013 PDF EnglishUS$1290.00 · In stock · Download in 9 seconds GA/T 1059-2013: Police digital trunking communication system--Security technical specifications Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure 
 Similar standardsGA/T 1059-2013: Police digital trunking communication system--Security technical specifications---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GAT1059-2013GA PUBLIC SECURITY INDUSTRY STANDARD ICS 33.060.01 A 90 Police Digital Trunking Communication System - Security Technical Specifications Issued on. MARCH 20, 2013 Implemented on. MARCH 20, 2013 Issued by. Ministry of Public Security of the People��s Republic of China Table of ContentsForeword... 3 Introduction... 4 1 Scope... 5 2 Normative References... 5 3 Terms, Definitions and Abbreviations... 5 4 Basic Requirements... 10 5 Authentication Requirements... 11 6 Air Interface Security... 25 7 End to End Voice Encryption... 39 8 End to End Data Security... 47 Appendix A (informative) MSC Chart... 511 ScopeThis Standard specifies the technical specifications and requirements for authentication, air interface security and end to end security applied in the police digital trunking (PDT) communication system. This Standard is applicable to the construction and application of the security encryption subsystem of the police digital trunking (PDT) communication system.2 Normative ReferencesThe following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GA/T 1056-2013 Police Digital Trunking Communication System - General Technical Specifications GA/T 1057-2013 Police Digital Trunking Communication System - Technical Specifications for Physical Layer and Data Link Layer of Air Interface GA/T 1058-2013 Police Digital Trunking Communication System - Technical Specifications for Call Control Layer of Air Interface3 Terms, Definitions and Abbreviations3.1 Terms and Definitions The terms and definitions defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013, and the following are applicable to this document. 3.1.1 authentication The process of verifying the legitimacy of the identities of communication participants. 3.1.2 stun The process of temporarily disabling a mobile station using air interface signaling. 3.1.3 revive The process of unlocking a mobile station that has been stunned using air interface signaling. 3.1.4 kill The process of permanently disabling a mobile station using air interface signaling. A killed mobile station cannot be unlocked through air interface signaling. 3.1.5 authentication center A security entity responsible for authenticating with mobile stations. 3.1.6 authentication key A key used during authentication. 3.2 Abbreviations The abbreviations defined in GA/T 1056-2013, GA/T 1057-2013 and GA/T 1058-2013, and the following are applicable to this document. For ease of use, some abbreviations in GA/T 1056- 2013, GA/T 1057-2013 and GA/T 1058-2013 are repeatedly listed here.4 Basic Requirements4.1 Security System Architecture The positions of authentication, air interface security and end to end security in the layered architecture of the PDT protocol are shown in Figure 1.See the details below.5 Authentication Requirements5.1 Overview Authentication is the basic security function of the PDT trunked communication system. In the operation flows, such as. network registration, and stun / kill / revive, etc., authentication shall be enabled. In other operation flows, authentication may also be enabled. See Table 1 for details. 5.2 Authentication Parameters The relevant parameter information of the authentication process is shown in Table 2. 5.3 Authentication Cryptographic Algorithm The cryptographic algorithm used during authentication is shown in Table 3. 5.4 Basic Operation Flows 5.5 Signaling Operation Flow 5.5.1 Two-way authentication During the registration, the signaling operation flow of two-way authentication is shown in Figure 5, and the signaling operation flow of two-way authentication initiated by the TS is shown in Figure 6.The flow chart adopts MSC. See the detailed format in Appendix A.6 Air Interface Security6.1 Overview Air interface security protects information transmitted on the wireless channel between the mobile station and the trunked station. Air interface security includes air interface encryption and air interface integrity protection. 6.2 Air Interface Cipher Key Air interface cipher key is divided into derived cipher key DCK, broadcast cipher key BCK, common cipher key CCK, group cipher key GCK and static cipher key SCK, etc. 6.3 Air Interface Cryptographic Algorithms The cryptographic algorithms used in air interface security are shown in Table 15. 6.5.2 Generation and application of key stream 6.5.2.1 Generation of key stream The MS and TS utilize algorithm PB6 to calculate GCCK/CCK/DCK, system identity code SIC, channel number CHAN and color code CC to obtain cipher key ECK; then, utilize PB7 algorithm to calculate ECK and air interface initialization vector AIV to obtain the key stream KSS and integrity check factor ICF required during the encryption and decryption process. Among them, GCCK is obtained by calculating GCK and CCK through algorithm PB5. See the detailed process in Figure 17. 6.5.2.2 Selection of cipher keys When different air interface encryption basic units perform encryption and decryption operations, the cipher keys used to generate key stream are shown in Table 19. 6.5.2.3 Selection of air interface initialization vector AIV Key Stream 6.5.2.3.1 Definition of multiframe A multiframe consists of two TDMA frames, and one TDMA frame consists of two time slots. The corresponding relation between the starting position of the multiframe in the uplink and downlink directions and the starting position of the CACH signaling is shown in Figure 18.The multiframe in the uplink direction is delayed by one time slot compared to the multiframe in the downlink direction. 6.5.2.4 Signaling that does not support air interface encryption Signaling related to registration, authentication and air interface cipher key management processes does not support air interface encryption and shall be transmitted in plaintext. 6.6 Air Interface Integrity Protection 6.6.1 Integrity protection identification When data or signaling is marked as air interface encryption status and AIETYPE in C_ALOHA broadcast signaling is set to 112 (to provide integrity protection for data and signaling), data and signaling with CRC information units shall use integrity protection mechanism. 6.6.2 Generation of integrity check code The generation process of the integrity check code is shown in Figure 19.Among them, the integrity check factor ICF is generated by algorithm PB7 when calculating the key stream, and DataType uses the DataType in the SlotType information unit. The calculated integrity check code will replace the CRC information unit for subsequent processing. 6.7 Air Interface Cipher Key Management 6.7.1 Distribution and update of CCK, GCK and SCK After the MS authentication is successful, the system shall immediately take the initiative to issue the current version of cipher key CCK/GCK/SCK to the MS. When the control channel is idle, the system may take the initiative to issue the next version of cipher key CCK/GCK/SCK to the MS. 6.7.2 Distribution and update of BCK BCK is used to protect CCK, and its update cycle shall be longer than CCK. After the MS authentication is successful, the system may take the initiative to issue it, or the MS may apply to obtain the current BCK.7 End to End Voice Encryption7.1 Overview The end to end voice encryption is applicable to DMO mode, RMO mode and TMO mode. The voice is encrypted at the transmitting end and decrypted at the receiving end. No voice in plaintext appears at any intermediate node. The system does not participate in cipher key management and only provides a transparent channel. This Standard assumes that the cipher keys required for encryption are obtained through secure means prior to communication. 7.2 Voice Time Slot Diagram The end to end encrypted voice call time slot diagram is shown in Figure 21. 7.3 End to End Encrypted Control Frame 7.3.1 Basic structure End to end encrypted control frame carries encrypted control information used to decrypt the voice stream. The specific structure is shown in Table 25. 7.3.3 Embedded signaling form End to end encrypted control frame can also be transmitted through embedded signaling. In embedded signaling, the PI in the EMB information unit is used to indicate whether it is an end to end encrypted control frame. See Table 26. 7.4 Encryption and Decryption Voice Processing Flow When enabling the end to end encryption function, some non-important bits in the voice frame that have little impact on the voice quality need to be appropriated, so as to carry the voice frame sequence number for the generation and synchronization of the cipher key stream.8 End to End Data Security8.1 Overview All types of data services in the PDT communication system can support end to end security functions. When the end to end security function is enabled, a data header carrying encrypted control information shall be appended to the original data header, and the subsequent data processing flow shall still be consistent with the plaintext data service processing flow. 8.2 Data Time Slot Diagram The time slot diagram of end to end secure data service is shown in Figure 27. 8.3 End to End Encrypted Data Header When the end to end data security function is enabled, the end to end encrypted data header shall follow other types of data headers to carry end to end encrypted control information, such as. one-time random numbers, cipher key indexes and cryptographic checksums, etc. 8.4 Data Encryption Operation Flow The end to end data encryption operation flow is shown in Figure 28. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GA/T 1059-2013 be delivered?Answer: The full copy PDF of English version of GA/T 1059-2013 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GA/T 1059-2013_English with my colleagues?Answer: Yes. The purchased PDF of GA/T 1059-2013_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GA/T 1059-2013 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GA/T 1059-2013?A step-by-step guide to download PDF of GA/T 1059-2013_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GA/T 1059-2013". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |