Draft A
Date
2014-01-20
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
SingleRAN
User Data Anonymization Feature Parameter Description
Contents
Contents
1 About This Document..................................................................................................................1
1.1 Scope..............................................................................................................................................................................1
1.2 Intended Audience..........................................................................................................................................................1
1.3 Change History...............................................................................................................................................................1
2 Overview.........................................................................................................................................2
2.1 Background.....................................................................................................................................................................2
2.2 Basic Principles..............................................................................................................................................................2
4 Engineering Guidelines.............................................................................................................13
4.1 When to Use User Data Anonymization......................................................................................................................13
4.2 Deployment Requirements...........................................................................................................................................13
4.3 Anonymizing User Data During Site Deployment.......................................................................................................14
4.4 Maintaining Anonymization Configuration During an Upgrade.................................................................................15
4.5 Activation Observation and Troubleshooting...............................................................................................................16
5 Supplementary Information......................................................................................................17
6 Parameters.....................................................................................................................................18
7 Counters........................................................................................................................................20
8 Glossary.........................................................................................................................................21
Issue Draft A (2014-01-20)
ii
SingleRAN
User Data Anonymization Feature Parameter Description
Contents
9 References.....................................................................................................................................22
iii
SingleRAN
User Data Anonymization Feature Parameter Description
1.1 Scope
This document describes Huawei WCDMA and GSM user data anonymization function,
including background, basic principles, anonymization process, HMAC key update, service
scope, impact of user data anonymization on maintenance and commissioning functions, and
engineering guidelines.
Feature change
Changes in features of a specific product version
Editorial change
Changes in wording or addition of information that was not described in the earlier version
01 (2013-04-28)
This issue does not include any changes.
Draft A(2012-12-30)
Compared with Issue 01 (2012-07-20) of SRAN7.0, Draft A (2012-12-30) of SRAN8.0 updates
the version information, please see Version.
Issue Draft A (2014-01-20)
SingleRAN
User Data Anonymization Feature Parameter Description
2 Overview
Overview
2.1 Background
Huawei wireless network equipment (BSC, RNC, and NodeB) has maintenance and
commissioning functions (such as user tracing, interface tracing, and logging) that use the
following user identity information:
l
User equipment (UE) or mobile station (MS) Internet Protocol (IP) address
Some countries and regions have personal privacy protection laws and regulations. Improper
use, including abuse and disclosure, of personal data by operators or vendors would be a violation
of these laws and regulations.
To protect personal privacy, Huawei wireless network equipment supports user data
anonymization. This function makes user identity information anonymous to the maintenance
and commissioning functions.
NOTE
"User data" in the term "user data anonymization" refers to the user identity information.
User data anonymization is disabled by default. During a site deployment or upgrade, the
operator's maintenance personnel should enable this function as required by local laws or
regulations.
SingleRAN
User Data Anonymization Feature Parameter Description
2 Overview
The user data anonymization function is enabled or disabled on the M2000, and the HMAC key
is also maintained on the M2000. For the detailed procedures, see section" 4 Engineering
Guidelines" .
With user data anonymization enabled, maintenance personnel cannot use the IMSI, IMEI, or
MSISDN of a UE or MS to perform a maintenance or commissioning task. They cannot see the
identity of the traced user. This prevents abuse of the maintenance and commissioning functions.
Enabling user data anonymization does not affect the uniqueness of user identities or the
maintenance and commissioning functions that involve the uniqueness of user identities.
SingleRAN
User Data Anonymization Feature Parameter Description
SingleRAN
User Data Anonymization Feature Parameter Description
1.
On the M2000 graphical user interface (GUI), the operator's maintenance personnel enable
user data anonymization and set the HMAC key. After it connects to the M2000, the
wireless network equipment synchronizes the function status and key information with the
M2000.
To query the setting of the anonymization switch, run the LST
USERIDANONSWITCH command on the wireless network equipment side. If the User
Identity Anonymity Switch parameter is set to ON, user data anonymization is enabled.
2.
The vendor's or operator's maintenance personnel submit the user identity (user ID for short)
in plaintext to the operator for anonymization. "User ID" here refers to the IMSI, IMEI, or
MSISDN.
3.
The operator's maintenance personnel use the HMACUtil tool to anonymize the user ID
and return the anonymous user ID to the maintenance personnel.
4.
The vendor's or operator's maintenance personnel log in to the local maintenance terminal
(LMT) and use the anonymous user IDs to perform maintenance and commissioning
functions.
The user IDs are anonymous in the maintenance and commissioning results.
SingleRAN
User Data Anonymization Feature Parameter Description
NOTE
If the maintenance personnel want to anonymize a batch of user IDs, they must provide a user ID list. After
verifying the user ID list, the operator's maintenance personnel use the HMACUtil tool to generate an
anonymous user ID list, and they return the anonymous user ID list to the maintenance personnel. The
maintenance personnel use the anonymous user IDs to perform maintenance and commissioning on
specified equipment.
SingleRAN
User Data Anonymization Feature Parameter Description
Anonymized Input
Anonymized Output in
Message Tracing Result
None
None
None
None
None
None
Tracing UE messages
None
Anonymized Input
Anonymized Output in
Performance Monitoring
Result
Monitoring connection
performance
IMSI
N/A
Anonymized Input
l ADD UVIPIMSI
IMSI
l RMV UVIPIMSI
SingleRAN
User Data Anonymization Feature Parameter Description
With user data anonymization enabled, the message tracing results, performance monitoring
results, and CHR/MR logs described in Table 3-1 through Table 3-4 no longer contain original
user identity information.
Figure 3-3 shows an example of user tracing on the RNC. In this example, the IMSI in the traced
COMMON ID message on the Iu interface is anonymized. The IMSI now contains hexadecimal
digits, such as A and F, unlike a normal IMSI that contains decimal digits from 0 to 9.
Figure 3-3 Example of user data anonymization
SingleRAN
User Data Anonymization Feature Parameter Description
Anonymized Input
Anonymized Output in
Message Tracing Result
None
None
None
IMSI
None
None
IMSI
None
None
IMSI
None
IMSI
None
Anonymized Input
ADD GCSCHRUSER
ADD GPSCHRUSER
IMSI
SingleRAN
User Data Anonymization Feature Parameter Description
CHR
Anonymized Input
Anonymized Output in
Message Tracing Result
IMSI
N/A
NOTE
For other tracing functions, such as Iub interface tracing, before sending messages to the LMT or M2000,
the NodeB removes the IMSI to protect user privacy data.
Anonymized Input
Anonymized Output in
Performance Monitoring
Result
HSPA monitoring
IMSI
N/A
CHR
IMSI
10
SingleRAN
User Data Anonymization Feature Parameter Description
User tracing and connection performance monitoring tasks require an anonymous user ID.
Figure 3-4 uses a user tracing task as an example. In this example, an anonymous IMSI is
entered.
Figure 3-4 UE Trace dialog box after user data anonymization is enabled
NOTE
If the anonymization switch is turned on or the HMAC key changes during user tracing or connection
performance monitoring, maintenance personnel must stop the task and restart the task with an anonymous
user ID. If the personnel do not restart the task, no result will be provided, because of IMSI/IMEI/MSISDN
match failures.
The VIPIMSI parameter in the ADD UVIPIMSI or RMV UVIPIMSI command requires
an anonymous user ID.
Before creating an IOS tracing task, maintenance personnel typically take the optional step
to run the ADD UVIPIMSI command to set the IMSI to be traced. If user data
anonymization is enabled, the VIPIMSI parameter in the ADD UVIPIMSI command
requires an anonymous user ID.
After user data anonymization is enabled or the HMAC key is updated, the original
parameter configuration in the ADD UVIPIMSI command becomes ineffective. To solve
this problem, maintenance personnel must perform the following steps:
1.
Run the LST UVIPIMSI command to check whether a VIP IMSI has been set for
tracing.
2.
If the VIP IMSI has been set, run the RMV UVIPIMSI command to remove the
configuration.
3.
Run the ADD UVIPIMSI command to reconfigure the VIP IMSI of the UE to be
traced.
When reconfiguring the VIP IMSI, set the VIPIMSI parameter to the anonymous IMSI, which
is provided by the operator.
If the anonymization switch is turned on or the HMAC key changes during CS-domain single-user tracing,
maintenance personnel must stop the task and restart the task with an anonymous user ID. If the personnel
do not restart the task, no result will be provided, because of IMSI/IMEI/MSISDN match failures.
The IMSI, MSISDN, and IMEI parameters in the ADD GCSCHRUSER command and
the IMSI parameter in the ADD GPSCHRUSER command require an anonymous user
ID.
11
SingleRAN
User Data Anonymization Feature Parameter Description
If maintenance personnel need to provide CHR logs for specified users, first they need to
run the ADD GCSCHRUSER or ADD GPSCHRUSER command to configure the user
identity (IMSI/MSISDN/IMEI) list. If user data anonymization is enabled, the IMSI/
MSISDN/IMEI parameter in the ADD GCSCHRUSER command and the IMSI
parameter in the ADD GPSCHRUSER command require an anonymous user ID.
After user data anonymization is enabled or the HMAC key is updated, the original
parameter configuration in the ADD GCSCHRUSER and ADD GPSCHRUSER
commands becomes ineffective. To solve this problem, maintenance personnel must
perform the following steps:
1.
Run the LST GCSCHRUSER or LST GPSCHRUSER command to check whether the
IMSI/MSISDN/IMEI of the specified user has been configured.
2.
If the IMSI/MSISDN/IMEI has been configured, run the RMV GCSCHRUSER or RMV
GPSCHRUSER command to remove the configuration.
3.
If the anonymization switch is turned on or the HMAC key changes during user tracing or HSPA
monitoring, maintenance personnel must stop the task and restart the task with an anonymous user ID. If
the personnel do not restart the task, no result will be provided, because of IMSI match failures.
12
SingleRAN
User Data Anonymization Feature Parameter Description
4 Engineering Guidelines
Engineering Guidelines
Tool
You have downloaded the HMACUtil installation package from Software Center > Controlled
Tool (Mini-tool Software) > Core Network Product Line > Wireless-OSS > iManager
M2000-II > HMACUtil at http://support.huawei.com.
Version
NE/Client/Tool
Product Model/Series
RNC/BSC
BSC6900
BSC6900 V900R015C00
BSC6910
BSC6910 V100R015C00
BTS3900V100R008SPC100
DBS3800
DBS3800V100R015C00
BTS3812E/BTS3812AE
V100R015C00
M2000
iManager M2000
HMACUtil
HMACUtil
V100R002
NodeB
13
SingleRAN
User Data Anonymization Feature Parameter Description
4 Engineering Guidelines
14
SingleRAN
User Data Anonymization Feature Parameter Description
4 Engineering Guidelines
For details about how to use HMACUtil to anonymize a user ID, see HMACUtil V100R001
Release Notes V1.1. To obtain this document, choose Software Center > Controlled Tool
(Mini-tool Software) > Core Network Product Line > Wireless-OSS > iManager M2000II > HMACUtil at http://support.huawei.com.
15
SingleRAN
User Data Anonymization Feature Parameter Description
4 Engineering Guidelines
To view the Help topic with details about how to perform a consistency check, press F1 on the
Consistency Check tab page.
The function is enabled if the parameter is set to ON on the wireless network equipment
side and M2000.
The function is not enabled if the parameter is set to ON on the M2000 but to OFF on the
wireless network equipment side. When this occurs, check whether the operation and
maintenance (O&M) channel between the wireless network equipment and M2000 is
disconnected.
If the channel is disconnected, restore the channel.
If the channel is connected, contact Huawei technical support personnel.
When the function is enabled, the user identity information in the message tracing results,
performance monitoring results, and CHR/MR logs described in Table 3-1 through Table 3-4 is
no longer in a plaintext form.
If the user identity information is still in a plaintext form, contact Huawei technical support
personnel.
16
SingleRAN
User Data Anonymization Feature Parameter Description
5 Supplementary Information
Supplementary Information
An IMSI is a character string composed of 14 or 15 decimal digits (0 through 9). The HMACSHA256 algorithm uses an IMSI as input to produce a string. Then, the algorithm takes the
leftmost eight bytes of the string and converts each of the bytes into two hexadecimal digits (0
through F). Finally, the algorithm generates a 16-digit hexadecimal character string. This
character string is the anonymous IMSI.
An IMEI is a character string composed of 15 decimal digits and an international mobile station
equipment identity and software version (IMEISV) is a character string composed of 16 decimal
digits. The leftmost eight digits of an IMEI/IMEISV, known as the type allocation code (TAC),
are not hashed. The remaining digits of the IMEI/IMEISV are used by the HMAC-SHA256
algorithm as input to produce a string. The algorithm takes the leftmost four bytes of the string
and converts each of the bytes into two hexadecimal digits. Finally, the algorithm generates an
8-digit hexadecimal character string. The TAC plus this character string is the anonymous IMEI/
IMEISV.
An MSISDN is a character string composed of less than 22 decimal digits. The HMAC-SHA256
algorithm uses an MSISDN as input to produce a string. Then, the algorithm takes the leftmost
11 bytes of the string and converts each of the bytes into two hexadecimal digits. Finally, the
algorithm generates a 22-digit hexadecimal character string. This character string is the
anonymous MSISDN.
An IPv4 address is a 4-byte character string. The HMAC-SHA256 algorithm uses an IPv4
address as input to produce a string. The leftmost four bytes of the string form the anonymous
IPv4 address.
An IPv6 address is a 16-byte character string. The HMAC-SHA256 algorithm uses an IPv6
address as input to produce a string. The leftmost 16 bytes of the string form the anonymous
IPv6 address.
NOTE
Anonymous MSISDNs are now presented in CHR and MR logs. When initiating a message tracing or a
performance monitoring task, you must enter anonymous MSISDNs. In tracing results, however, all the
anonymous MSISDNs are replaced by 0.
IPv4/IPv6 addresses are hashed only when the RNC/BSC uses the software version RAN14.0/GBSS14.0
or later. When the RNC/BSC uses the software version RAN12.0/GBSS12.0 or RAN13.0/GBSS13.0, all
the digits of an IPv4/IPv6 address are replaced by 0. When the RNC/BSC uses a software version earlier
than RAN12.0/GBSS12.0, all IPv4/IPv6 addresses are presented in a plaintext form.
17
SingleRAN
User Data Anonymization Feature Parameter Description
6 Parameters
Parameters
NE
MML
Command
Feature ID
Feature Name
Description
VIPIMSI
BSC6900
ADD
UVIPIMSI
None
None
Meaning:IMSI
of the UE, A 6to 15-character
string that
consists of
numbers 0 to 9,
case-insensitive
letters A to F, or
both.
RMV
UVIPIMSI
GUI Value
Range:6~15
characters
Unit:None
Actual Value
Range:6~15
characters
Default
Value:None
18
SingleRAN
User Data Anonymization Feature Parameter Description
6 Parameters
Parameter ID
NE
MML
Command
Feature ID
Feature Name
Description
VIPIMSI
BSC6910
ADD
UVIPIMSI
None
None
Meaning:IMSI
of the UE, A 6to 15-character
string that
consists of
numbers 0 to 9,
case-insensitive
letters A to F, or
both.
RMV
UVIPIMSI
GUI Value
Range:6~15
characters
Unit:None
Actual Value
Range:6~15
characters
Default
Value:None
19
SingleRAN
User Data Anonymization Feature Parameter Description
7 Counters
Counters
20
SingleRAN
User Data Anonymization Feature Parameter Description
8 Glossary
Glossary
21
SingleRAN
User Data Anonymization Feature Parameter Description
9 References
References
22