Publikuar
The present document is one of the parts of the specification of the Digital Enhanced Cordless Telecommunications
(DECT) Common Interface (CI).
The present document specifies the security architecture, the types of cryptographic algorithms required, the way in
which they are to be used, and the requirements for integrating the security features provided by the architecture into the
DECT CI. It also describes how the features can be managed and how they relate to certain DECT fixed systems and
local network configurations.
The security architecture is defined in terms of the security services which are to be supported at the CI, the
mechanisms which are to be used to provide the services, and the cryptographic parameters, keys and processes which
are associated with these mechanisms.
The security processes specified in the present document are each based on one of three cryptographic algorithms:
• an authentication algorithm;
• a key stream generator for MAC layer encryption; and
• a key stream generator plus a Message Authentication Code generator for CCM authenticated encryption.
The architecture is, however, algorithm independent, and either the DECT standard algorithms, or appropriate
proprietary algorithms, or indeed a combination of both can, in principle, be employed. The use of the employed
algorithm is specified in the present document.
Integration of the security features is specified in terms of the protocol elements and processes required at the Network
(NWK) and Medium Access Control (MAC) layers of the CI.
The relationship between the security features and various network elements is described in terms of where the security
processes and management functions may be provided.
The present document does not address implementation issues. For instance, no attempt is made to specify whether the
DSAA or DSAA2 should be implemented in the PP at manufacture, or whether the DSAA, DSAA2 or a proprietary
authentication algorithm should be implemented in a detachable module. Similarly, the present document does not
specify whether the DSC or DSC2 should be implemented in hardware in all PPs at manufacture, or whether special
PPs should be manufactured with the DSC, DSC2 or proprietary ciphers built into them. The security architecture
supports all these options, although the use of proprietary algorithms may limit roaming and the concurrent use of PPs
in different environments.
Within the standard authentication algorithms, DSAA2, DSC2 and CCM are stronger than DSAA and DSC and provide
superior protection. DSAA2 and DSC2 are based on AES [10] and were created in 2011. CCM is also based on
AES [10] and was added to the standard in 2012.
The present document includes New Generation DECT, a further development of the DECT standard introducing
wideband speech, improved data services, new slot types and other technical enhancements.
The present document also includes DECT Ultra Low Energy (ULE), a low rate data technology based on DECT
intended for M2M applications with ultra low power consumption
PUBLISHED
SSH EN 300 175-7 V2.6.1:2015
60.60
Standard published
28 pri 2016
English