Академический Документы
Профессиональный Документы
Культура Документы
Issue 03
Date 2015-09-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Contents
2 Overview......................................................................................................................................... 4
2.1 Background.....................................................................................................................................................................4
2.2 Basic Principles.............................................................................................................................................................. 4
4 Engineering Guidelines............................................................................................................. 15
4.1 When to Use User Data Anonymization...................................................................................................................... 15
4.2 Deployment Requirements........................................................................................................................................... 15
4.3 Anonymizing User Data During Site Deployment.......................................................................................................16
4.4 Maintaining Anonymization Configuration During an Upgrade................................................................................. 17
4.5 Activation Observation and Troubleshooting...............................................................................................................18
5 Supplementary Information......................................................................................................19
6 Parameters..................................................................................................................................... 20
7 Counters........................................................................................................................................ 21
8 Glossary......................................................................................................................................... 22
9 References..................................................................................................................................... 23
1.1 Scope
This document describes Huawei WCDMA and GSM user data anonymization function,
including background, basic principles, anonymization process, HMAC key update, service
scope, impact of user data anonymization on maintenance and commissioning functions, and
engineering guidelines.
SRAN9.0 03 (2015-09-30)
Compared with Issue 01 (2014-04-30) of SRAN9.0, Issue 03 (2015-09-30) of SRAN9.0
includes the following changes.
SRAN9.0 02 (2015-03-23)
Compared with Issue 01 (2014-04-30) of SRAN9.0, Issue 02 (2015-03-23) of SRAN9.0
includes the following changes.
SRAN9.0 01 (2014-04-30)
This issue does not include any changes.
2 Overview
2.1 Background
Huawei wireless network equipment (BSC, RNC, and NodeB) has maintenance and
commissioning functions (such as user tracing, interface tracing, and logging) that use the
following user identity information:
Some countries and regions have personal privacy protection laws and regulations. Improper
use, including abuse and disclosure, of personal data by operators or vendors would be a
violation of these laws and regulations.
To protect personal privacy, Huawei wireless network equipment supports user data
anonymization. This function makes user identity information anonymous to the maintenance
and commissioning functions.
NOTE
"User data" in the term "user data anonymization" refers to the user identity information.
User data anonymization is disabled by default. During a site deployment or upgrade, the
operator's maintenance personnel should enable this function as required by local laws or
regulations.
The user data anonymization function is enabled or disabled on the M2000, and the HMAC
key is also maintained on the M2000. For the detailed procedures, see section" 4 Engineering
Guidelines" .
With user data anonymization enabled, maintenance personnel cannot use the IMSI, IMEI, or
MSISDN of a UE or MS to perform a maintenance or commissioning task. They cannot see
the identity of the traced user. This prevents abuse of the maintenance and commissioning
functions.
Enabling user data anonymization does not affect the uniqueness of user identities or the
maintenance and commissioning functions that involve the uniqueness of user identities.
1. On the M2000 graphical user interface (GUI), the operator's maintenance personnel
enable user data anonymization and set the HMAC key. After it connects to the M2000,
the wireless network equipment synchronizes the function status and key information
with the M2000.
To query the setting of the anonymization switch, run the LST
USERIDANONSWITCH command on the wireless network equipment side. If the
User Identity Anonymity Switch parameter is set to ON, user data anonymization is
enabled.
2. The vendor's or operator's maintenance personnel submit the user identity (user ID for
short) in plaintext to the operator for anonymization. "User ID" here refers to the IMSI,
IMEI, or MSISDN.
3. The operator's maintenance personnel use the HMACUtil tool to anonymize the user ID
and return the anonymous user ID to the maintenance personnel.
4. The vendor's or operator's maintenance personnel log in to the local maintenance
terminal (LMT) and use the anonymous user IDs to perform maintenance and
commissioning functions.
The user IDs are anonymous in the maintenance and commissioning results.
NOTE
If the maintenance personnel want to anonymize a batch of user IDs, they must provide a user ID list.
After verifying the user ID list, the operator's maintenance personnel use the HMACUtil tool to generate
an anonymous user ID list, and they return the anonymous user ID list to the maintenance personnel.
The maintenance personnel use the anonymous user IDs to perform maintenance and commissioning on
specified equipment.
The operator's maintenance personnel update the HMAC key in the Anonymous Policy
Management window on the U2000 client. On the Anonymous Cypher Key Management
tab page, press F1 on the keyboard to display the Help topic on how to update the HMAC
key.
Tracing UE messages IMSI, IMEI, and MSISDN IMSI, IMEI, MSISDN, and
UE IP address
With user data anonymization enabled, the message tracing results, performance monitoring
results, and CHR/MR logs described in Table 3-1 through Table 3-4 no longer contain
original user identity information.
Figure 3-2 shows an example of user tracing on the RNC. In this example, the IMSI in the
traced COMMON ID message on the Iu interface is anonymized. The IMSI now contains
hexadecimal digits, such as A and F, unlike a normal IMSI that contains decimal digits from 0
to 9.
MR IMSI
NOTE
For other tracing functions, such as message tracing over the Iub interface, the NodeB removes the IMSI
to protect user privacy data before sending messages to the LMT or U2000.
CHR IMSI
NOTE
For other tracing functions, such as Iub interface tracing, before sending messages to the LMT or
M2000, the NodeB removes the IMSI to protect user privacy data.
CHR IMSI
Figure 3-3 UE Trace dialog box after user data anonymization is enabled
NOTE
If the anonymization switch is turned on or the HMAC key changes during user tracing or connection
performance monitoring, maintenance personnel must stop the task and restart the task with an
anonymous user ID. If the personnel do not restart the task, no result will be provided, because of IMSI/
IMEI/MSISDN match failures.
l The VIPIMSI(BSC6900,BSC6910) parameter in the ADD UVIPIMSI or RMV
UVIPIMSI command requires an anonymous user ID.
Before creating an IOS tracing task, maintenance personnel typically take the optional
step to run the ADD UVIPIMSI command to set the IMSI to be traced. If user data
anonymization is enabled, the VIPIMSI(BSC6900,BSC6910) parameter in the ADD
UVIPIMSI command requires an anonymous user ID.
After user data anonymization is enabled or the HMAC key is updated, the original
parameter configuration in the ADD UVIPIMSI command becomes ineffective. To
solve this problem, maintenance personnel must perform the following steps:
a. Run the LST UVIPIMSI command to check whether a VIP IMSI has been set for
tracing.
b. If the VIP IMSI has been set, run the RMV UVIPIMSI command to remove the
configuration.
c. Run the ADD UVIPIMSI command to reconfigure the VIP IMSI of the UE to be
traced.
When reconfiguring the VIP IMSI, set the VIPIMSI(BSC6900,BSC6910) parameter to the
anonymous IMSI, which is provided by the operator.
If the anonymization switch is turned on or the HMAC key changes during CS-domain single-user
tracing, maintenance personnel must stop the task and restart the task with an anonymous user ID. If the
personnel do not restart the task, no result will be provided, because of IMSI/IMEI/MSISDN match
failures.
l The IMSI, MSISDN, and IMEI parameters in the ADD GCSCHRUSER command and
the IMSI parameter in the ADD GPSCHRUSER command require an anonymous user
ID.
If maintenance personnel need to provide CHR logs for specified users, first they need to
run the ADD GCSCHRUSER or ADD GPSCHRUSER command to configure the user
identity (IMSI/MSISDN/IMEI) list. If user data anonymization is enabled, the IMSI/
MSISDN/IMEI parameter in the ADD GCSCHRUSER command and the IMSI
parameter in the ADD GPSCHRUSER command require an anonymous user ID.
After user data anonymization is enabled or the HMAC key is updated, the original
parameter configuration in the ADD GCSCHRUSER and ADD GPSCHRUSER
commands becomes ineffective. To solve this problem, maintenance personnel must
perform the following steps:
1. Run the LST GCSCHRUSER or LST GPSCHRUSER command to check whether the
IMSI/MSISDN/IMEI of the specified user has been configured.
2. If the IMSI/MSISDN/IMEI has been configured, run the RMV GCSCHRUSER or
RMV GPSCHRUSER command to remove the configuration.
3. Run the ADD GCSCHRUSER or ADD GPSCHRUSER command to reconfigure the
IMSI/MSISDN/IMEI of the specified user.
In the command, set the IMSI(ADD GCSCHRUSER)/IMSI(ADD GPSCHRUSER)/
MSISDN/IMEI parameter to the anonymous IMSI/MSISDN/IMEI provided by the
operator.
NOTE
If the anonymization switch is turned on or the HMAC key changes during user tracing or HSPA
monitoring, maintenance personnel must stop the task and restart the task with an anonymous user ID. If
the personnel do not restart the task, no result will be provided, because of IMSI match failures.
4 Engineering Guidelines
Tool
You can log in to http://support.huawei.com, view the information about HMACUtil or
search HMACUtil on the Product Software tab page, and download the HMACUtil
installation package to the local computer.
Version
NE/Client/Tool Product Model/Series Earliest Version to Which This
Function Applies
DBS3800 BTS3900V100R008SPC100
BTS3812E/BTS3812AE DBS3800V100R015C00
----End
In the save path of the HMACUtil installation package, decompress the package. To start the
HMACUtil tool, double-click HMACUtil.jar. Figure 4-1 shows the user interface of the
tool.
For details about how to use HMACUtil to anonymize a user ID, see HMACUtil V100R001
Release Notes V1.2. You can log in to http://support.huawei.com, view the information
about HMACUtil or search HMACUtil on the Product Software tab page, and download the
HMACUtil installation package to the local computer.
To view the Help topic with details about how to perform a consistency check, press F1 on
the Consistency Check tab page.
5 Supplementary Information
An IMSI is a character string composed of 14 or 15 decimal digits (0 through 9). The HMAC-
SHA256 algorithm uses an IMSI as input to produce a string. Then, the algorithm takes the
leftmost eight bytes of the string and converts each of the bytes into two hexadecimal digits (0
through F). Finally, the algorithm generates a 16-digit hexadecimal character string. This
character string is the anonymous IMSI.
An IMEI is a character string composed of 15 decimal digits and an international mobile
station equipment identity and software version (IMEISV) is a character string composed of
16 decimal digits. The leftmost eight digits of an IMEI/IMEISV, known as the type allocation
code (TAC), are not hashed. The remaining digits of the IMEI/IMEISV are used by the
HMAC-SHA256 algorithm as input to produce a string. The algorithm takes the leftmost four
bytes of the string and converts each of the bytes into two hexadecimal digits. Finally, the
algorithm generates an 8-digit hexadecimal character string. The TAC plus this character
string is the anonymous IMEI/IMEISV.
An MSISDN is a character string composed of less than 22 decimal digits. The HMAC-
SHA256 algorithm uses an MSISDN as input to produce a string. Then, the algorithm takes
the leftmost 11 bytes of the string and converts each of the bytes into two hexadecimal digits.
Finally, the algorithm generates a 22-digit hexadecimal character string. This character string
is the anonymous MSISDN.
An IPv4 address is a 4-byte character string. The HMAC-SHA256 algorithm uses an IPv4
address as input to produce a string. The leftmost four bytes of the string form the anonymous
IPv4 address.
An IPv6 address is a 16-byte character string. The HMAC-SHA256 algorithm uses an IPv6
address as input to produce a string. The leftmost 16 bytes of the string form the anonymous
IPv6 address.
NOTE
Anonymous MSISDNs are now presented in CHR and MR logs. When initiating a message tracing or a
performance monitoring task, you must enter anonymous MSISDNs. In tracing results, however, all the
anonymous MSISDNs are replaced by 0.
IPv4/IPv6 addresses are hashed only when the RNC/BSC uses the software version RAN14.0/GBSS14.0
or later. When the RNC/BSC uses the software version RAN12.0/GBSS12.0 or RAN13.0/GBSS13.0, all
the digits of an IPv4/IPv6 address are replaced by 0. When the RNC/BSC uses a software version earlier
than RAN12.0/GBSS12.0, all IPv4/IPv6 addresses are presented in a plaintext form.
6 Parameters
VIPIMS BSC690 ADD None None Meaning: IMSI of the UE, A 6- to 15-character string
I 0 UVIPIM that consists of numbers 0 to 9, case-insensitive letters
SI A to F, or both.
MOD GUI Value Range: 6~15 characters
UVIPIM Unit: None
SI
Actual Value Range: 6~15 characters
RMV
UVIPIM Default Value: None
SI
VIPIMS BSC691 ADD None None Meaning: IMSI of the UE, A 6- to 15-character string
I 0 UVIPIM that consists of numbers 0 to 9, case-insensitive letters
SI A to F, or both.
MOD GUI Value Range: 6~15 characters
UVIPIM Unit: None
SI
Actual Value Range: 6~15 characters
RMV
UVIPIM Default Value: None
SI
7 Counters
8 Glossary
9 References