The present document is one of the parts of the specification of the Digital Enhanced Cordless Telecommunications (DECT) Common Interface (CI).
The present document specifies the security architecture, the types of cryptographic algorithms required, the way in which they are to be used, and the requirements for integrating the security features provided by the architecture into the DECT CI. It also describes how the features can be managed and how they relate to certain DECT fixed systems and local network configurations.
The security architecture is defined in terms of the security services which are to be supported at the CI, the mechanisms which are to be used to provide the services, and the cryptographic parameters, keys and processes which are associated with these mechanisms.
The security processes specified in the present document are each based on one of three cryptographic algorithms:
• an authentication algorithm;
• a key stream generator for MAC layer encryption; and
• a key stream generator plus a Message Authentication Code generator for CCM authenticated encryption.
The architecture is, however, algorithm independent, and either the DECT standard algorithms, or appropriate proprietary algorithms, or indeed a combination of both can, in principle, be employed. The use of the employed algorithm is specified in the present document.
Integration of the security features is specified in terms of the protocol elements and processes required at the Network (NWK) and Medium Access Control (MAC) layers of the CI.
The relationship between the security features and various network elements is described in terms of where the security processes and management functions may be provided.
The present document does not address implementation issues. For instance, no attempt is made to specify whether the DSAA or DSAA2 should be implemented in the PP at manufacture, or whether the DSAA, DSAA2 or a proprietary authentication algorithm should be implemented in a detachable module. Similarly, the present document does not specify whether the DSC or DSC2 should be implemented in hardware in all PPs at manufacture, or whether special PPs should be manufactured with the DSC, DSC2 or proprietary ciphers built into them. The security architecture supports all these options, although the use of proprietary algorithms may limit roaming and the concurrent use of PPs in different environments.
Within the standard authentication algorithms, DSAA2, DSC2 and CCM are stronger than DSAA and DSC and provide superior protection. DSAA2 and DSC2 are based on AES [FIPS Publication 197 (2001): "Advanced Encryption Standard (AES)", National Institute of Standards and Technology (NIST)] and were created in 2011. CCM is also based on AES and was added to the standard in 2012.
The present document includes New Generation DECT, a further development of the DECT standard introducing wideband speech, improved data services, new slot types and other technical enhancements.
The present document also includes DECT Ultra Low Energy (ULE), a low rate data technology based on DECT intended for M2M applications with ultra low power consumption.