CN103686616A - Cluster group call security encryption synchronization method - Google Patents
Cluster group call security encryption synchronization method Download PDFInfo
- Publication number
- CN103686616A CN103686616A CN201210359297.1A CN201210359297A CN103686616A CN 103686616 A CN103686616 A CN 103686616A CN 201210359297 A CN201210359297 A CN 201210359297A CN 103686616 A CN103686616 A CN 103686616A
- Authority
- CN
- China
- Prior art keywords
- pdu
- cluster multi
- pdcp
- multi call
- safety encipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Provided is a cluster group call security encryption synchronization method. The method comprises that: an N is confirmed via cluster group call communication limit time; length of an SN is extended for N bits in a packet data convergence protocol PDCP layer protocol data unit PDU transmitting cluster group call information; and password synchronization is performed in encryption and/or decryption by a synchronization code COUNT comprising the extended SN via adopting a stream password algorithm. After application of the embodiment of the invention, security communication limit time is increased and security of a cluster group call is further enhanced.
Description
Technical field
The application relates to communication technical field, more specifically, relates to a kind of synchronous method of cluster multi call safety encipher.
Background technology
Trunked communication system is the private wireless communication system of developing in order to meet industry user's command scheduling demand, applying towards specific industry, in system, a large amount of wireless users share a small amount of wireless channel, take command scheduling as main body application, is a kind of multipurpose, dynamical wireless communication system.Trunked communication system is applied in the fields such as government department, public safety, emergency communication, electric power, civil aviaton, petrochemical industry and army widely.
Due to the confidentiality that trunked communication system transmission information is had relatively high expectations, this just needs trunked communication system to have encryption function.Encryption requirements mainly comprises four aspects: full-service is encrypted, and comprises video-encryption, the concurrent encryption of multi-service; Eat dishes without rice or wine to encrypt and End to End Encryption, to trunking signal, encrypt, provide the whole network cryptosync mechanism; Adopt the close chip of business, to reduce the impact on terminal; Realizing fail soft communicates by letter with the safety encipher under network-off direct-passing.
Wherein, eat dishes without rice or wine to encrypt and comprise: it is constant that voice eat dishes without rice or wine to use key (KEY) in coded communication process, and utilizes synchronous code (COUNT) to carry out synchronously, then by key stream generator, generating different keystream block.A keystream block is encrypted a packet.
According to the description of 3GPP agreement, COUNT is protocol Data Unit (PDU) frame counter, " Hyper Frame Number (HFN)+SYN (SN) ", consists of, and total length is 32 bits.Wherein SN is included in PDU, and HFN is safeguarded by eNB and UE.HFN is the Hyper Frame Number in LTE standard.During COUNT session establishment, initial value is zero, and SN first starts counting, and when SN overflows, the numerical value of HFN adds 1, SN and continues counting.The length of SN only has 12 bits, so communication process will overflow to certain time length SN.
Because LTE safety encipher system requires the COUNT in a ciphering process, must not repeat, once repeat, threaten the fail safe of this call password.In addition, in order to guarantee the ageing of cluster multi call business, generally in a communication process, do not carry out key backrush, namely keep HFN constant, lag UE synchronous of access of guarantee.So, according to SN, get maximum 12bit length, the longest call 20ms of each PDU bag calculates, and each call is the longest must not surpass 2
12* 20ms=82S.
It is safe that cluster multi call is conversed within safety call duration, if exceed safety call duration, password is easy to be cracked.Obviously, in prior art, safety call duration is too short, cannot meet the demand of cluster multi call safety.
Summary of the invention
The embodiment of the present invention proposes a kind of synchronous method of cluster multi call safety encipher, increases safety call duration, the fail safe that has further improved cluster multi call.
The technical scheme of the embodiment of the present invention is as follows:
The method that cluster multi call safety encipher is synchronous, is characterized in that, described method comprises:
By cluster multi call call, the time is determined N in limited time;
In the PDCP PDCP of transmission trunking group calling information layer protocol data cell PDU, by the extended length N position of SYN SN;
Adopt stream cipher arithmetic by the synchronous code COUNT that comprises the rear SN of expansion, when encrypting and/or decipher, carry out cryptosync.
Described PDU comprises: the PDCP Data PDU of the PDCP Data PDU of control plane Signaling Radio Bearer data, the PDCP Data PDU of 12 bit SN values or 7 bit SN values.
Described expansion comprises: the data division after former SN is expanded.
Described expansion comprises: at three reserved places of described pdu header, expand.
Described expansion comprises: the data division after three reserved places of described pdu header and former SN is expanded.
Described N is the smallest positive integral value that is more than or equal to Y,
sN1 is the length of SN before expansion, and X is that call is prescribed a time limit; M is the longest air time of PDU.
From technique scheme, can find out, in embodiments of the present invention in the PDCP layer PDU of transmission trunking group calling information, by the extended length N position of SN; Then, adopt stream cipher arithmetic by the COUNT that comprises the rear SN of expansion, when encrypting and/or decipher, carry out cryptosync.Because SN expands, be equivalent to so increase safety call duration, the fail safe that has therefore correspondingly improved cluster multi call.
Accompanying drawing explanation
Fig. 1 is the PDCP Data pdu header structural representation that uses 12bit SN value in prior art
Fig. 2 eats dishes without rice or wine to encrypt schematic diagram for using;
Fig. 3 is for being used the PDCP Data pdu header structural representation of 20bit SN value.
Embodiment
For making the object, technical solutions and advantages of the present invention express clearlyer, below in conjunction with drawings and the specific embodiments, the present invention is further described in more detail.
In embodiments of the present invention, by SN figure place expansion N position in PDU head, COUNT consists of the SN after expanding and HFN, and total length is still 32; Adopt stream cipher arithmetic, by the COUNT that comprises the rear SN of expansion, encryption and decryption is carried out to cryptosync.Owing to adopting technique scheme, by cluster multi call call in limited time the time determine N, safety call duration can meet group calling needs on the one hand, in a communication process, SN no longer overflows on the other hand, so eNB and UE are without safeguarding HFN value again.In addition, because SN is elongated, no longer overflow, greatly reduce communication system step-out probability.
The safety of eating dishes without rice or wine is to carry out at PDCP layer, and its safety encipher is the PDU for three types: the PDCP Data PDU of the PDCP Data PDU of control plane Signaling Radio Bearer (SRB) data, the PDCP Data PDU that uses 12bit SN value and use 7bit SN value.The PDCP Data PDU of the most normal use 12bit SN value of take below describes as example.
The PDCP Data PDU that uses 12bit SN value, its data packet head form as shown in Figure 1.Wherein, can know after D/C it is three reserved places, PDCP SN takies 12, is data to be encrypted after PDCP SN.
Accompanying drawing 2 is to adopt technical solution of the present invention to eat dishes without rice or wine to encrypt schematic diagram, and left side is transmit leg, and right side is recipient.By key, COUNT, bearer, dir and length, by stream cipher arithmetic, to expressly encoding and obtain ciphertext blocks, wherein utilize COUNT to carry out cryptosync; Recipient is according to key, COUNT, bearer, dir and length, and by stream cipher arithmetic, to ciphertext blocks, decoding obtains Plaintext block, wherein utilizes COUNT to carry out cryptosync.The process of above-mentioned coding and decoding and cryptosync is prior art.The implication of input parameter, referring to table one.
Table one
Referring to accompanying drawing 3, take that to use the PDCP Data PDU of 12bit SN value be example, get N=8, after PDU data packet head is improved, its SN length becomes 20bit.Wherein, the SN of expansion is positioned at the data division after former SN.Certainly, need to expand 3 following SN, can also expand at three reserved places of pdu header.Data division after three reserved places of pdu header and former SN is expanded simultaneously.
Because the length of COUNT is constant, be 32 bits.So, according to the SN length after expansion, just can know the figure place of HFN, but can not learn the concrete numerical value of HFN.Can calculate in several ways the concrete numerical value of knowing HFN.For example: cluster group number and 2
(32-SN1)mould remainder number, SN1 is wherein the length of SN after expansion.
Wherein, adopt following technical approach can calculate the expansion figure place N of SN.N is the smallest positive integral value that is more than or equal to Y,
sN1 is the length of SN before expansion, and X is that call is prescribed a time limit; M is the longest air time of PDU.For example, X is 5.825 hours, M=20ms SN1=12, and Y=8, determines N=8 so.In a calling talk process, SN increases to 20 by 12.
Because SN is that each PDU bag adds one and increases progressively, so the longest in a communication process, can count 2
20inferior, according to each PDU bag call 20ms, to calculate, the duration of call can reach 5.825h.The synchronization loss minimum time that may cause due to packet loss in addition, that is to say that SN overflows the time: 5.825h.And the duration of call calculating before SN does not improve is 82S, the synchronization loss minimum time that may cause due to packet loss is also 82S.So, adopt technical scheme of the present invention well to improve the problem of safety call duration, SN greatly reduces the probability of synchronization loss when no longer overflowing.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (6)
1. the synchronous method of cluster multi call safety encipher, is characterized in that, described method comprises:
By cluster multi call call, the time is determined N in limited time;
In the PDCP PDCP of transmission trunking group calling information layer protocol data cell PDU, by the extended length N position of SYN SN;
Adopt stream cipher arithmetic by the synchronous code COUNT that comprises the rear SN of expansion, when encrypting and/or decipher, carry out cryptosync.
2. the synchronous method of cluster multi call safety encipher according to claim 1, it is characterized in that, described PDU comprises: the PDCP Data PDU of the PDCP Data PDU of control plane Signaling Radio Bearer data, the PDCP Data PDU of 12 bit SN values or 7 bit SN values.
3. the synchronous method of cluster multi call safety encipher according to claim 1, is characterized in that, described expansion comprises: the data division after former SN is expanded.
4. the synchronous method of cluster multi call safety encipher according to claim 1, is characterized in that, described expansion comprises: at three reserved places of described pdu header, expand.
5. the synchronous method of cluster multi call safety encipher according to claim 1, is characterized in that, described expansion comprises: the data division after three reserved places of described pdu header and former SN is expanded.
6. the synchronous method of cluster multi call safety encipher according to claim 1, is characterized in that, described N is the smallest positive integral value that is more than or equal to Y,
sN1 is the length of SN before expansion, and X is that call is prescribed a time limit; M is the longest air time of PDU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210359297.1A CN103686616B (en) | 2012-09-24 | 2012-09-24 | A kind of method of cluster group call security encryption synchronization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210359297.1A CN103686616B (en) | 2012-09-24 | 2012-09-24 | A kind of method of cluster group call security encryption synchronization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103686616A true CN103686616A (en) | 2014-03-26 |
| CN103686616B CN103686616B (en) | 2016-12-21 |
Family
ID=50322643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210359297.1A Expired - Fee Related CN103686616B (en) | 2012-09-24 | 2012-09-24 | A kind of method of cluster group call security encryption synchronization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103686616B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105307159A (en) * | 2014-06-25 | 2016-02-03 | 普天信息技术有限公司 | Air interface encryption method for cluster communication group calling service |
| CN105323725A (en) * | 2014-05-26 | 2016-02-10 | 普天信息技术有限公司 | Air interface encryption method for cluster communication group calling service |
| WO2017054203A1 (en) * | 2015-09-30 | 2017-04-06 | 华为技术有限公司 | Data transmission method and device |
| WO2018098687A1 (en) * | 2016-11-30 | 2018-06-07 | 华为技术有限公司 | Method and device for security processing |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8208498B2 (en) * | 2007-10-30 | 2012-06-26 | Qualcomm Incorporated | Methods and systems for HFN handling at inter-base station handover in mobile communication networks |
| CN101742513B (en) * | 2008-11-26 | 2014-01-01 | 大唐移动通信设备有限公司 | Counter check processing method, system and equipment |
-
2012
- 2012-09-24 CN CN201210359297.1A patent/CN103686616B/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323725A (en) * | 2014-05-26 | 2016-02-10 | 普天信息技术有限公司 | Air interface encryption method for cluster communication group calling service |
| CN105307159A (en) * | 2014-06-25 | 2016-02-03 | 普天信息技术有限公司 | Air interface encryption method for cluster communication group calling service |
| WO2017054203A1 (en) * | 2015-09-30 | 2017-04-06 | 华为技术有限公司 | Data transmission method and device |
| WO2018098687A1 (en) * | 2016-11-30 | 2018-06-07 | 华为技术有限公司 | Method and device for security processing |
| CN109863769A (en) * | 2016-11-30 | 2019-06-07 | 华为技术有限公司 | The method and apparatus of safe handling |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103686616B (en) | 2016-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4671776B2 (en) | Confidential processing apparatus and confidential processing method | |
| CN1323507C (en) | Short block processing method in block encryption algorithm | |
| CN103402198B (en) | A kind of method that radio communication terminal encryption parameter transmits | |
| CN103369523B (en) | A kind of method improving cluster downlink safety | |
| CN106797376B (en) | Method and apparatus for handling packet loss in mobile communication network | |
| CN103945371B (en) | A kind of method that End to End Encryption synchronizes | |
| US8437739B2 (en) | Method and apparatus for generating a cryptosync | |
| CN111835509B (en) | Anti-loss one-way encryption method and device based on hash function and password | |
| CN105307159A (en) | Air interface encryption method for cluster communication group calling service | |
| CN110771191A (en) | Method and apparatus for implementing bearer-specific changes as part of a connection reconfiguration affecting a security key being used | |
| CN103209409A (en) | Communications System | |
| KR102256875B1 (en) | How to provide security for multiple NAS connections using separate counts, and associated network nodes and wireless terminals | |
| CN103686616A (en) | Cluster group call security encryption synchronization method | |
| CN103813272A (en) | Cluster group calling downlink transmission method | |
| KR20150055004A (en) | Streaming alignment of key stream to unaligned data stream | |
| CN102348203A (en) | Method for realizing encryption synchronization | |
| CN102740287A (en) | Non-access stratum (NAS) message coding and decoding method and device | |
| CN105992203A (en) | Speech communication encryption key negotiation method and system based on same | |
| JP2010034860A (en) | Ip network communicating method which has security function, and communicating system | |
| CN105323725A (en) | Air interface encryption method for cluster communication group calling service | |
| EP1406423B1 (en) | Network structure for encrypting of mobile communication system terminal and the method of realizing it | |
| CN104158788A (en) | Method of end-to-end data transmission | |
| KR20100081901A (en) | Method for transmitting and receiving data using random linear coding | |
| KR20090024604A (en) | Method of transmitting and receiving data in wireless communication system | |
| Huo et al. | Physical layer phase encryption for combating the traffic analysis attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161221 Termination date: 20210924 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |