F.2 Security Requirements

3GPP43.020Release 17Security related network functionsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The ciphering concept for VGCS, VBS fulfils following security requirements:

REQ‑1: Prevent the same Voice group or Broadcast group ciphering key being used within different cells.

This requirement protects an observer of getting more information on the plaintext if different data is enciphered with the same key and COUNT (TDMA-numbers derived) in different cells.

REQ-2: The master group key shall never leave the USIM and the GCR.

Even though VGCS/VBS users should be trusted, this approach protects the ‘root’-key (i.e. Master Group key) in the most secure way such that it need not be updated very frequently.

REQ-3: Prevent the reuse of COUNT with the same voice group or broadcast group ciphering key within the same cell.

The COUNT value is determined by the TDMA frame number. An overflow happens after each 3 hour and 8 minutes period. The lifetime of the used cipher key shall not be longer than the overflow period.

NOTE: This enhancement goes beyond the provided level of security of GSM-calls over a point to point channel (i.e. is not a VGCS/VBS-problem only) as long standing calls over a dedicated channel have the same characteristic of reusing the COUNT.

REQ-4: Prevent the same key stream block being used in uplink and downlink direction.

This requirement is fulfilled by Point to Point voice calls already (see clause C.1.2). By reusing the same mechanisms for uplink/downlink key stream derivation (i.e. reusing A5) the VBS/VGCS ciphering also fulfils this requirement.