CN104038934B - The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network - Google Patents
The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network Download PDFInfo
- Publication number
- CN104038934B CN104038934B CN201410307424.2A CN201410307424A CN104038934B CN 104038934 B CN104038934 B CN 104038934B CN 201410307424 A CN201410307424 A CN 201410307424A CN 104038934 B CN104038934 B CN 104038934B
- Authority
- CN
- China
- Prior art keywords
- nas
- message
- mme
- mouthfuls
- deciphering parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network, including extract from S6a mouthfuls the parameter related to NAS decryption and preservation, including authentication token AUTN, random access parameter RAND, expected result parameter XRES and root key Kasme;Pass through MME mouthfuls of S1AP layers of message management user's contexts of S1;By MME mouthfuls of NAS layers of message extractions of S1 parameter related to NAS decryption, decruption key Knasenc is calculated according to step one gained root key Kasme;The cipher text part of encryption message is extracted, is decrypted with reference to the related parameter of decryption.Information of the invention by associating S6a mouthfuls and MME mouthfuls of same users of S1, obtaining the deciphering parameter of complete set is used to decrypt, safe and efficient.
Description
Technical field
The invention belongs to communication network protocol monitoring analysis field, more particularly to LTE Non-Access Stratums ciphertext decryption method.
Background technology
3GPP Long Term Evolutions (LTE) are as most popular mobile communication technology at present, compared to 3G (Third Generation) Moblie
(3G) technology, LTE have more high data rate and safer communication mode, while LTE network structure also there occurs it is very big
Change.
LTE wireless access part is only made up of the enhancing node eNodeB (Enhanced Node B) after multiple evolution,
Core network part is main by mobile management entity (Mobility Management Entity, MME), gateway (Serving
Gateway, S-GW), grouped data network gateway (Packet Date Network Gateway/PDN Gateway, P-GW),
Home signature user server (Home Subscriber Server, HSS) and strategy and charging control unit (Policy and
Charging Rules Function, PCRF) etc. composition.The signal collecting point of real-time monitoring signaling analysis system in the present invention
The part of nodes for being based on LTE core network framework is disposed, mainly by S1-MME (between eNodeB and MME),
The interface such as S6a (between HSS and MME), S10, S11 carries out original signaling data collection, then carries out signaling resolution and connects more
Mouth association generation call detail record (Call Detail Record, CDR).
LTE system devises double layer security protection mechanism to improve security, and one layer is radio access layer safety, separately
One layer is Non-Access Stratum (Non-Access-Stratum, NAS) signaling security.NAS signaling rescue bag contains the integrality to data
Protection and ciphering process, integrity protection are the whether perfect mistakes of data of verification transmission, and encipherment protection is to pass through data
Certain algorithm is converted into transmitting after ciphertext, therefore receive needs first to carry out after completeness check decrypts again, can just enter one after data
Step obtains correct decoded result.The main object of the present invention is:Extract what decryption needed from multiple network interfaces of monitoring
Relevant information, completes to decrypt the NAS message of S1-MME interface.
The decryption of NAS message is completed, difficult point is how to obtain complete deciphering parameter, it is specific to need to obtain from S6a interfaces
The root key Kasme of decryption is taken, other parameters are obtained, it is necessary to solve following problem from S1-MME interface:How by S6a mouthfuls
With the information association of S1-MME mouthfuls of same users, which the deciphering parameter of user be made up of, how to be calculated and Dynamic Maintenance user
Deciphering parameter because the parameter in the structure will be obtained from different messages, and these parameters are changes.
The content of the invention
In order to solve the above problems, the present invention proposes a kind of real-time the non-of monitoring signaling analysis system of LTE core network and connect
Enter a layer decryption method.
Technical solution of the present invention is a kind of Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network, including following
Step,
Step one, the parameter related to NAS decryption and preservation, including authentication token AUTN, random access are extracted from S6a mouthfuls
Parameter RAND, expected result parameter XRES and root key Kasme;
Step 2, passes through S1-MME mouthfuls of S1AP layers of message management user's context;
Step 3, by S1-MME mouthfuls of NAS layers of message extraction parameter related to NAS decryption, according to step one gained root
Key Kasme calculates decruption key Knasenc;
Step 4, extracts the cipher text part of encryption message, is decrypted with reference to the related parameter of decryption.
Moreover, step one realize it is as follows,
The authentication information message of S6a mouthfuls of capture is to Authentication Information Request/Answer, solution
Multigroup authentication vector is separated out, every group of authentication vector includes authentication token AUTN, random access parameter RAND, expected result parameter
XRES and root key Kasme;
According to gained authentication vector update memory database, the memory database be used for store AUTN, RAND, XRES with
Kasme corresponding relation, using AUTN, RAND and XRES combination in every group of authentication vector as key, in this group of authentication vector
Kasme is used as value.
Moreover, it is as follows on the S1AP layer signaling managements user's context realization by S1-MME mouthfuls in second step,
The S1-MME mouthfuls of IP address using MME-UE-S1AP-ID and MME are that key assignments sets up Hash table 1, are using S-TMSI
Key assignments sets up Hash table 2, is set up using IMSI for key assignments in Hash table 3, three Hash tables and stores user's context pointer;It is dynamic
State safeguards the key assignments of Hash table 1 and Hash table 2 respectively by key of MME-UE-S1AP-ID and S-TMSI, is replaced with new key assignments
Old key assignments;S-TMSI and IMSI is stored in user's context, acquiescence fills out complete 1 when no, three Hash tables is set up association;
Wherein, MME-UE-S1AP-ID is mark of the MME sides to UE, and MME is mobile management entity, and S-TMSI is interim shifting
Dynamic CUSTOMER ID, IMSI is international mobile subscriber identity.
Moreover, step 3 extracts the gained parameter deposit deciphering parameter data structure related to NAS decryption, the decryption ginseng
Number data structures include deciphering parameter KSI, Kasme, context_sate, cipher_algorithm_type, Knasenc,
Uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn and downlink_nas_over_flow,
KSI identifies for key group, for identifying root key Kasme;
Context_sate is the state of UE safe contexts, represents NOT CURRENT with 0 respectively, with 1 mark
CURRENT;
Cipher_algorithm_type is encryption and the ID of decryption algorithm used;
uplink_nas_sqn、uplink_nas_over_flow、downlink_nas_sqn、downlink_nas_
Over_flow is the sequence number and overflow value of up-downgoing message respectively, is message for calculating up-downgoing COUNT, the COUNT
Sequence number.
Moreover, step 3 is by S1-MME mouthfuls of NAS layers of message extraction parametric procedure related to NAS decryption, including it is right
Attach Request message Attach Request or tracing section updating request Tau Request processing, to authentication message pair
Authentication Request/Response processing, to security mode messages to Security mode Command/
Complete processing, for the processing of S1-MME mouthfuls of other message.
Moreover, asking Attach Request message Attach Request or tracing section updating Tau Request processing, bag
Include following steps,
Step A01, Attach Request message Attach Request or tracing section updating the request Tau of S1-MME mouthfuls of capture
Request, extracts crucial field KSI and is stored in user's context;
Step A02, confirms to whether there is deciphering parameter data structure in relative users context, is then to enter step A03,
Otherwise directly return, terminal procedure;
Whether the KSI values extracted in step A03, judgment step A01 are invalid value, are the decryption ginsengs for emptying relative users
Number data structure, terminal procedure, otherwise into step A04;
Step A04, the KSI values extracted in step A01 are compared with the KSI in deciphering parameter data structure, equal then phase
It can be used for decrypting using the deciphering parameter at family, terminal procedure is unequal then directly to return to the deciphering parameter for deleting relative users
Data structure, terminal procedure.
Moreover, the processing to authentication message to Authentication Request/Response, comprises the following steps,
Step B01, the authentication request message Authentication Request of S1-MME mouthfuls of capture, extract field
AUTN, RAND and KSI, are stored in user's context;
Step B02, the authentication response message Authentication Response of S1-MME mouthfuls of capture, extract field
RES, is stored in user's context;
Step B03, using AUTN, RAND and RES in user's context as key assignments, searches correspondence in memory database
Root key Kasme, find then enter step B04, do not find, return, terminal procedure;
Step B04, judges that the deciphering parameter data structure of relative users whether there is, in the absence of then establishment deciphering parameter number
0 is initialized as according to structure, and by each member, deciphering parameter data structure member is directly otherwise initialized as 0;
Step B05, updates the deciphering parameter data structure to relative users, simultaneously by the Kasme found in step B03
KSI step B01 being stored in user's context, which updates, arrives deciphering parameter data structure;
Step B06, terminal procedure.
Moreover, the processing to security mode messages to Security mode Command/Complete, including following step
Suddenly,
Step C01, the Security Mode Command message Security mode Command of S1-MME mouthfuls of capture, extract field
KSI, Type of ciphering algorithm, Sequence number, obtain critical field, Type of
Ciphering algorithm are that encryption algorithm type, Sequence number are sequence number;The safe mould of S1-MME mouthfuls of capture
Formula completion message Security mode Complete, extract critical field Sequence number;
Step C02, confirms that the deciphering parameter data structure of relative users is present, and the KSI in deciphering parameter and step C01
The KSI values of middle extraction are equal, and step C03 is entered if being satisfied by, and otherwise directly return, terminal procedure;
Step C03, the field that step C01 is extracted is updated into deciphering parameter data structure, including by Sequence
Number is assigned to corresponding uplink_nas_seq or downlink_nas_seq, then by the context_ in deciphering parameter
Sate is set to 1, and uplink_nas_over_flow and downlink_nas_over_flow are set into 0;
Step C04, is calculated using the Kasme in deciphering parameter and Type of ciphering algorithm by standard
Method HMAC-SHA-256 is derived by decruption key Knasenc, and is stored in deciphering parameter data structure;
Step C05, terminal procedure.
Moreover, the processing of other message for S1-MME mouthfuls, comprises the following steps,
Step D01, other message of S1-MME mouthfuls of capture extract field Security header type, Sequence
Number, Security header type are security header type;
Step D02, confirms that the deciphering parameter data structure of relative users is present, exists and then enter step D03, otherwise directly
Return, terminal procedure;
Step D03, when Security header type are 2, it is encryption message to represent corresponding message, by step D01
The field Sequence number of extraction, which update, arrives deciphering parameter data structure, when Sequence number are 255 i.e. maximum
During value, corresponding uplink_nas_over_flow or downlink_nas_over_flow is overflowed into count value and adds 1, Ran Houjin
Enter step D04;When Security header type are other values, it is non-encrypted message, directly returns, terminal procedure;
Step D04, terminal procedure.
Moreover, step 4 realization is as follows,
Confirm that the deciphering parameter data structure in relative users context is present, and context_sate is in deciphering parameter
1;
Calculate COUNT values, including the extraction downlink_nas_over_flow and downlink_nas_ from deciphering parameter
Sqn, obtains the corresponding counter NAS_OVERFLOW of message direction, COUNT values is calculated according to following formula,
COUNT=0x00 | NAS_OVERFLOW < < 8 | NAS_SQN
Wherein, NAS_SQN is 8bit sequence number, maximum be 255, NAS_SQN be 8bit sequence number, maximum is
255, NAS_OVERFLOW be 16bit counter, and whenever NAS_SQN reaches maximum, then NAS_OVERFLOW adds 1;
The data and length of the cipher text part in encryption message are extracted, the type of AES is obtained from deciphering parameter
It is decrypted with after decruption key Knasenc.
The present invention obtains decryption relevant parameter from different messages, and ensures that the deciphering parameter of active user disappears with to be decrypted
Breath is corresponding.For clear message, can directly it parse;For encryption message, it is impossible to directly parse, then obtain ciphertext first
Part, then takes out corresponding deciphering parameter and is decrypted, finally call analytical function to parse the message.Including passing through capture
The signaling data of S6a interfaces and S1-MME interface sets up user's context respectively, pay special attention on the two interfaces with authentication and
The related signaling of safeguard protection process, therefrom extracts the parameter related to Non-Access Stratum decryption.S6a interfaces are responsible for extracting decryption ginseng
Root key in number, and the relation of memory database, storage authentication vector and root key is set up, it is responsible for for S1-MME mouthfuls extracting and pushing away
Other decryption relevant parameters are led, by associating the information of S6a mouthfuls and S1-MME mouthfuls of same users, the decryption ginseng of complete set are obtained
Number is used to decrypt, safe and efficient.
Brief description of the drawings
Fig. 1 is LTE security process figure of the prior art.
Fig. 2 is the NAS enciphering/deciphering schematic diagrames of the embodiment of the present invention.
Fig. 3 is the NAS message decryption processing overall flow figure of the embodiment of the present invention.
Fig. 4 is the embodiment of the present invention to Attach request, the process chart of TAU request message.
Fig. 5 is the process chart to authentication process message of the embodiment of the present invention.
Fig. 6 is the process chart to safeguard protection procedure message of the embodiment of the present invention.
Embodiment
The present invention is applied in the real-time signaling monitoring system of LTE core network based on software engineering.Below according to accompanying drawing and reality
Apply example the present invention is implemented and illustrate.
The general principle of the embodiment of the present invention is:The authentication process of S6a mouthfuls of concern, sets up authentication vector (AV) and root key
Relation between Kasme;S1-MME mouthfuls of signaling datas are captured, it is special by the S1AP layer signaling management user's contexts of the interface
Authentication and safeguard protection process that Guan Zhu be S1-MME mouthfuls, relevant parameter during being somebody's turn to do be extracted by NAS layers of signaling of the interface and is deposited
Enter the deciphering parameter data structure in the user's context, i.e., one a deciphering parameter of user's correspondence;S6a mouthfuls and S1- of association
MME mouthfuls of user profile, so that S1-MME mouthfuls of users can find its corresponding root key Kasme, root key Kasme is inserted
Deciphering parameter data structure;Root key Kasme passes through canonical algorithm with the AES EEA in deciphering parameter data structure
HMAC-SHA-256 is derived by decruption key Knasenc, and the decruption key is together with the deciphering parameter of corresponding user to NAS
Ciphertext is decrypted.
Because the problem of premise of decryption first has to solve S6a mouthfuls with S1-MME mouthfuls of user information correlations, the present invention is carried out
It is described as follows:
In the prior art LTE system be related to S6a mouthfuls and S1-MME mouthfuls security process it is as shown in Figure 1.Subscriber terminal equipment
UE initiates message 101, i.e. attach request (Attach request) or tracing section updating request (TAU request) to MME;
MME receives the backward HSS of request and initiates message 102, i.e. authentication information request (Authentication information
request);Message 103 is that loopback authentication information replys (Authentication information answer), and HSS is disappearing
Responded in breath 103 by one or more authentication vectors (AV), each authentication vector is by random access parameter (RAND), certification
Token (AUTN), expected result parameter (XRES) and root key (Kasme) composition;MME sends message 104 to UE, and message 104 is
Authentication request (Authentication request) with RAND and AUTN parameters;UE will verify the AUTN received, examine
MME is brought by RES by rear generation expected result parameter (RES), and by message 105, message 105 is Authentication Response
(Authentication response);MME is if the same reflected by comparing the RES that the XRES and UE of HSS generations are produced
Weigh successfully, MME will initiate message 106 and start NAS integrity protection processes, and message 106 is safe mode command (Secutity
mode command);Whether UE check continuities are legal, start Confidentiality protection process by sending message 107, thereafter
NAS message will be encrypted, while the message may be also encrypted, message 107 is that safe mode completes (Security mode
complete)。
The correlating method mentioned in usual data is associated by IMSI (international mobile subscriber identity), and S6a mouthfuls lead to
IMSI can be obtained by crossing capture Authentication Information Request message, but S1-MME mouthfuls are difficult to obtain
IMSI.Only when user terminal (UE) attachment for the first time or LTE network can not recognize user by temporary identifications (GUTI)
And IMSI can be carried when initiating Identity verification process, it is other in the case of it is general only carry GUTI, and what these processes occurred
Probability is smaller, thus S1-MME mouthfuls are difficult the relation of IMSI and user profile set up, so be difficult to S6a mouthful by IMSI and
S1-MME mouthfuls of associations.The correlating method in the present invention is set forth below:
Authentication vector is close by random access parameter (RAND), authentication token (AUTN), expected result parameter (XRES) and root
Key (Kasme) is constituted.Multigroup authentication vector can be carried in S6a mouthfuls of Authentication Information Answer message,
And MME can select AUTN and RAND in the original authentication vector of one of which to issue UE progress network authentications.UE according to
The parameter of oneself storage and the authentication vector parameter received, calculate RES.By comparing XRES completion nets whether equal with RES
Certification of the network to UE, equal then certification success shows that the corresponding root key Kasme of this group of authentication vector can be used for decrypting;Otherwise
Authentification failure, UE exits connection.After certification success, the present invention i.e. will by AUTN, RAND and XRES in this group of authentication vector
S6a mouthfuls with S1-MME mouthfuls of user information correlation.
In embodiment, the parameter that NAS decryption needs has EEA, KEY, COUNT, BEARER, DIRECTION, LENGTH, can
With reference to the NAS enciphering/deciphering procedure charts in Fig. 2, in the figure by taking AES EEA as an example, NAS signaling message is carried out in transmitting terminal
Encryption, is decrypted in receiving terminal.One group of the deciphering parameters such as key (KEY), the algorithm (EEA) that receiving terminal passes through acquisition generation is close
Key stream (KEYSTREAM BLOCK), the key stream does with the ciphertext (CIPHERTEXT BLOCK) received and obtained after XOR
To clear-text message (PLAINTEXT BLOCK).Each parameter in Fig. 2 is illustrated below:
1.EEA is the type of the AES of selection;
2.KEY is the decruption key Knasenc that root key Kasme is derived by calculating, and length is 128bit, and
Kasme is 256bit, and the result of its computing is carried out to intercept to obtain low 128bit;
3.COUNT is message SN, itself is 24bit character string, EEA serial algorithms are used in AES
When, mend 8bit zero in a high position and constitute 32bit message sequences.
COUNT=0x00 | NAS_OVERFLOW < < 8 | NAS_SQN (1)
Wherein NAS_SQN is 8bit sequence number, maximum be 255, NAS_OVERFLOW be 16bit counter, often
When NAS_SQN reaches maximum, then NAS_OVERFLOW adds 1.
COUNT is only when new EPS (grouping system of Evolved Packet System evolution) safe context is set up
Just clear 0, and to calculate correspondence COUNT values by up-downgoing message direction respectively;
4.BEARER is 5bit carrying ID, for NAS message, is defaulted as 0;
5.DIRECTION represents the transmission direction of this NAS message to be decrypted, and 1bit, 0 expression upstream message, 1 expression is descending
Message, regulation UE to MME directions are up;LENGTH is the length of NAS message to be decrypted, and unit is bit.
It is the NAS message decryption processing idiographic flow that the present embodiment is provided referring to Fig. 3, for the sake of ease of implementation, under
The NAS decryption methods of the present invention will be discussed in detail in face in units of interface, the step of according to the flow chart.
Step one, the parameter related to NAS decryption and preservation, including AUTN, RAND, XRES, Kasme are extracted from S6a mouthfuls.
To set up the relation between authentication vector (AV) and root key Kasme, mainly extracted from S6a mouthfuls of message and decrypt phase with NAS
The parameter of pass.
On the interface message related to NAS decryption have Authentication Information Request and
Authentication Information Answer, concrete operations are as follows:
The first step, the authentication information message of S6a mouthfuls of capture is to Authentication Information Request/
Answer, parses authentication vector AUTN, RAND, XRES, Kasme.
Second step, preserves the analysis result of the first step, can use database realizing.Those skilled in the art can be voluntarily
Memory database is set up using prior art selection, it is proposed that use Redis memory databases.Because authorization data amount is small, and it is
More rapidly, the present embodiment pre-establishes Redis memory databases to read-write data, storage AUTN, RAND, XRES and Kasme's
Corresponding relation.Message Authentication Information Answer contain multigroup authentication vector, with every group of authentication vector
AUTN, RAND and XRES combination as key, the Kasme in this group of authentication vector is used as value.So, the embodiment of the present invention and existing
There is technology different, with AUTN and RAND, XRES together as associate field, realization associates S6a mouthfuls with S1-MME mouthfuls.
The first step is parsed after authentication vector, you can update Redis memory databases.The database is emptied, that is, is removed
The authentication vector that secondary authentication process is preserved, database is stored in by the authentication vector extracted during this.
3rd step, terminates the process.
Step 2, passes through S1-MME mouthfuls of S1AP layers of message management user's context.
The packet of S1-MME mouthfuls of analysis, according to the analysis before the present invention, the message that the interface carries IMSI is less, difficult
To set up associating for IMSI and user profile, and most of message (UE-associated signalling) related to user
Mark MME-UE-S1AP-ID of the MME sides to UE, only beep-page message (PAGING) and initial UE message (INITIAL can be carried
UE MESSAGE) without MME-UE-S1AP-ID, but S-TMSI or IMSI can be carried.S-TMSI is temporarily moved subscriber identification
Code, is IMSI interim " representative ".Therefore S1-MME mouthfuls can be set up using MME-UE-S1AP-ID and MME IP address for key assignments
Hash table 1, is that key assignments sets up Hash table 2 using S-TMSI, is that key assignments is set up in Hash table 3, three Hash tables using IMSI
Store user's context pointer.
S-TMSI is often to change the value on a temporary mark, network;MME-UE-S1AP-ID is in a S1 connection
In be constant, but when being reconnected after S1 Connection Releases, the value can change.Therefore the present embodiment Dynamic Maintenance is respectively with MME-
UE-S1AP-ID and S-TMSI is the Hash table 1 of key and the key assignments of Hash table 2, and old key assignments is replaced with new key assignments.
S-TMSI and IMSI must be stored in user's context, acquiescence fills out complete 1 when no, so that three Hash tables can be built
Vertical association.Illustrated below by taking renewals of the S-TMSI for the Hash table 2 of key assignments as an example:
When i.e. carrying MME-UE-S1AP-ID carries S-TMSI again in message, MME-UE-S1AP-ID and MME are first passed through
IP address is that key assignments searches Hash table 1, and a key assignments then newly-built Hash node is not found;Find the key assignments and then extract corresponding
S-TMSI (fixing tentatively as old S-TMSI) and the S-TMSI (fixing tentatively as new S-TMSI) that current message is carried in user's context compares
Compared with, copy corresponding user context information in old S-TMSI Hash node to new S-TMSI Hash node if unequal,
Then nodes of the old S-TMSI in Hash table 2 is replaced with new S-TMSI Hash node;It is equal then without update Hash table 2 key
Value.
Step 3, by S1-MME mouthfuls of NAS layers of message extraction parameter related to NAS decryption, according to obtained by step one
Kasme, calculates decruption key Knasenc.Kasme is maintained in Redis memory databases by the step of embodiment one, this
Step obtains Kasme from Redis memory databases.
On the interface message related to NAS decryption mainly have Authentication Request,
Authentication Response, Security mode command, Security mode complete etc..
When it is implemented, those skilled in the art can preserve the data structure of relevant parameter with sets itself.In embodiment,
Deciphering parameter data structure nas_uncipher_parameter is defined as follows with C language:
Wherein, KSI is 3bit key group mark, for identifying root key Kasme, is carried by comparing in encryption message
KSI and corresponding decryption Parameters data structure in KSI, whether can use the root key Kasme that judges in current decryption parameter
To decrypt this message;Context_sate is the state of UE safe contexts, has two states, is represented respectively with 0
NOTCURRENT (non-present), with 1 mark CURRENT (current);Cipher_algorithm_type is AES ID, solution
Close is also the algorithm;Knasenc is the decruption key obtained eventually through calculating, uplink_nas_sqn, uplink_nas_
Over_flow, downlink_nas_sqn, downlink_nas_over_flow are the sequence number of up-downgoing message respectively and overflow
Go out value, for calculating up-downgoing COUNT.
In order to set up and safeguard above-mentioned deciphering parameter data structure, S1-MME mouthfuls need to pay special attention to attachment in step 3
With the authentication during tracing section updating and safeguard protection process.The processing for related news is described in detail below:
1) to message Attach Request or Tau Request processing, referring specifically to Fig. 4:
The first step, the Attach Request message or Tau Request message of S1-MME mouthfuls of capture extract field KSI,
The critical field KSI of extraction is stored in user's context;
Second step, confirms that the deciphering parameter data structure of the user is present, i.e., with the presence or absence of decryption in the user's context
Parameters data structure, is then to enter the 3rd step, otherwise directly returns, terminal procedure;
3rd step, whether be " 111 ", " 111 " represent that the Kasme of KSI marks is if judging the KSI values extracted in the first step
Invalid value, it is impossible to for decrypting;If the KSI is " 111 ", the deciphering parameter data structure of the user is emptied, terminal procedure,
Otherwise the 4th step is entered;
4th step, by the KSI (KSI above extracted in the KSI values extracted in the first step and deciphering parameter data structure
Value) compare, it is equal, illustrate that the deciphering parameter of the user can be used to decrypt, terminal procedure, it is unequal that then directly return deletion should
The deciphering parameter data structure of user, terminal procedure.First time extract deciphering parameter during, attach request or
Tau request message is the message most started, but after the process of first time extraction deciphering parameter terminates, the user just has
Complete deciphering parameter data structure, if be then received again by attach request or tau request, pass through and extracts
The KSI of the message, if KSI be virtual value, behind encryption message decryption can directly with present it is existing decryption join
Count to decrypt.
2) to the processing of Authentication Request/Response message pair, referring specifically to Fig. 5:
The first step, S1-MME mouthful of Authentication Request message of capture, extraction field AUTN, RAND and
KSI, is stored in user's context;
Second step, the Authentication Response message of S1-MME mouthfuls of capture extracts field RES, is stored in use
In the context of family;
3rd step, using AUTN, RAND and RES in user's context as key assignments, is searched in Redis memory databases
Corresponding root key Kasme, finds and then enters the 4th step, do not find, return, terminal procedure;
4th step, judges that the deciphering parameter data structure of the user whether there is, in the absence of then establishment deciphering parameter data
Structure, and each member is initialized as 0, deciphering parameter data structure member is directly otherwise initialized as 0;
5th step, the deciphering parameter data structure to the user is updated by the Kasme found in the 3rd step, while by the
The KSI that one step is stored in user's context, which updates, arrives deciphering parameter data structure;
6th step, terminal procedure;
3) to the processing of Security mode Command/Complete message pair, referring specifically to Fig. 6:
The first step, the Security mode Command message of S1-MME mouthfuls of capture extracts field KSI, Type of
Ciphering algorithm (encryption algorithm type), Sequence number (sequence number), obtain critical field;Capture S1-
MME mouthfuls of Security mode Complete message, extracts critical field Sequence number;
Second step, confirms that the deciphering parameter data structure of the user is present, and carried in the KSI and the first step in deciphering parameter
The KSI values taken are equal, and the 3rd step is entered if being satisfied by, and otherwise directly return, terminal procedure;
3rd step, the field that the first step is extracted is updated into deciphering parameter data structure, is noted Sequence
Number is assigned to corresponding uplink_nas_seq or downlink_nas_seq, then by the context_ in deciphering parameter
Sate is set to 1, by uplink_nas_over_flow and downlink_nas_over_flow (the i.e. corresponding NAS_ of message direction
OVERFLOW) it is set to 0;
4th step, passes through canonical algorithm using the Kasme in deciphering parameter and Type of ciphering algorithm
HMAC-SHA-256 is derived by decruption key Knasenc, and is deposited into deciphering parameter data structure;
5th step, terminal procedure.
4) for the processing of S1-MME mouthfuls of other message
It is the message unrelated with subscription authentication and safeguard protection process for such message, the present embodiment is disappeared by extracting
Field Sequence number in breath update the corresponding field in deciphering parameter data structure, to calculate decryption
COUNT values.Comprise the following steps that:
The first step, S1-MME mouthfuls of such message of capture, extraction field Security header type (security header type),
Sequence number;
Second step, confirms that the deciphering parameter data structure of the user is present, exists and then enter the 3rd step, otherwise directly return
Return, terminal procedure;
3rd step, when Security header type are 2, it is encryption message to represent the message, and the first step is extracted
Field Sequence number update arrive deciphering parameter data structure, when Sequence number be 255 i.e. maximum when,
Corresponding uplink_nas_over_flow or downlink_nas_over_flow are overflowed into count value and add 1, subsequently into the
Four steps;When Security header type are other values, it is non-encrypted message, directly returns, terminal procedure;
4th step, terminal procedure.
Step 4, extracts the cipher text part of encryption message, is decrypted with reference to deciphering parameter.
By above the step of, the present embodiment completes the extraction and renewal of all deciphering parameters, below will be according to decryption
Ciphertext is decrypted parameter.For convenience of description, it is assumed that current crypto message is downstream message, on utilizing decryption in step 4
The specific decryption step that NAS ciphertexts are decrypted together with the deciphering parameter of corresponding user for key is as follows:
1. confirm that the deciphering parameter data structure in the user's context is present, and context_sate is in deciphering parameter
1, as CURRENT states can then continue decryption, otherwise return, and terminate decrypting process;
2. COUNT values are calculated, including the extraction downlink_nas_over_flow and downlink_ from deciphering parameter
Nas_sqn, COUNT values are calculated according to formula (1);
3. the data and length (i.e. LENGTH) of the cipher text part in the message are extracted, with reference to Fig. 2 NAS in the present invention
Input needed for enciphering/deciphering procedure chart, is decrypted after obtaining corresponding information from deciphering parameter.Wherein, mainly including EEA
It is the type of the AES of selection, is obtained according to cipher_algorithm_type in deciphering parameter, KEY is decruption key
Knasenc.And depending on the transmission direction of BEARER=0, DIRECTION according to this NAS message to be decrypted.
Specific embodiment described herein is only to spirit explanation for example of the invention.Technology neck belonging to of the invention
The technical staff in domain can be made various modifications or supplement to described specific embodiment or be replaced using similar mode
Generation, but without departing from the spiritual of the present invention or surmount scope defined in appended claims.
Claims (1)
1. a kind of Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network, it is characterised in that:Comprise the following steps,
Step one, the parameter related to NAS decryption and preservation, including authentication token AUTN, random access parameter are extracted from S6a mouthfuls
RAND, expected result parameter XRES and root key Kasme;
Step one realize it is as follows,
The authentication information message of S6a mouthfuls of capture is parsed to Authentication Information Request/Answer
Multigroup authentication vector, every group of authentication vector include authentication token AUTN, random access parameter RAND, expected result parameter XRES and
Root key Kasme;
According to gained authentication vector update memory database, the memory database be used for store AUTN, RAND, XRES with
Kasme corresponding relation, using AUTN, RAND and XRES combination in every group of authentication vector as key, in this group of authentication vector
Kasme is used as value;
Step 2, passes through S1-MME mouthfuls of S1AP layers of message management user's context;
It is as follows on the S1AP layer signaling managements user's context realization by S1-MME mouthfuls in step 2,
The S1-MME mouthfuls of IP address using MME-UE-S1AP-ID and MME are that key assignments sets up Hash table 1, are key assignments using S-TMSI
Hash table 2 is set up, is set up using IMSI for key assignments in Hash table 3, three Hash tables and stores user's context pointer;
The key assignments of Dynamic Maintenance Hash table 1 respectively by key of MME-UE-S1AP-ID and S-TMSI and Hash table 2, with new key
Value replaces old key assignments;S-TMSI and IMSI is stored in user's context, acquiescence fills out complete 1 when no, make three Hash table foundation
Association;
Wherein, MME-UE-S1AP-ID is mark of the MME sides to UE, and MME is mobile management entity, and S-TMSI is interim mobile use
Family identification code, IMSI is international mobile subscriber identity;
Step 3, by S1-MME mouthfuls of NAS layers of message extraction parameter related to NAS decryption, according to step one gained root key
Kasme calculates decruption key Knasenc;
Step 3 extracts the gained parameter deposit deciphering parameter data structure related to NAS decryption, the deciphering parameter data knot
Structure includes deciphering parameter KSI, Kasme, context_sate, cipher_algorithm_type, Knasenc, uplink_
Nas_sqn, uplink_nas_over_flow, downlink_nas_sqn and downlink_nas_over_flow,
KSI identifies for key group, for identifying root key Kasme;
Context_sate is the state of UE safe contexts, represents NOT CURRENT with 0 respectively, with 1 mark CURRENT;
Cipher_algorithm_type is encryption and the ID of decryption algorithm used;
uplink_nas_sqn、uplink_nas_over_flow、downlink_nas_sqn、downlink_nas_over_
Flow is the sequence number and overflow value of up-downgoing message respectively, is message sequence for calculating up-downgoing COUNT, the COUNT
Number;Step 3 is by S1-MME mouthfuls of NAS layers of message extraction parametric procedure related to NAS decryption, including attach request is disappeared
Attach Request or tracing section updating request Tau Request processing are ceased, to authentication message to Authentication
Request/Response processing, the processing to security mode messages to Security mode Command/Complete,
For the processing of S1-MME mouthfuls of other message;
Processing to Attach Request message Attach Request or tracing section updating request Tau Request, including following step
Suddenly,
Step A01, Attach Request message Attach Request or tracing section updating the request Tau of S1-MME mouthfuls of capture
Request, extracts crucial field KSI and is stored in user's context;
Step A02, confirms to whether there is deciphering parameter data structure in relative users context, is then to enter step A03, otherwise
Directly return, terminal procedure;
Whether the KSI values extracted in step A03, judgment step A01 are invalid value, are the deciphering parameter numbers for emptying relative users
According to structure, terminal procedure, otherwise into step A04;
Step A04, the KSI values extracted in step A01 are compared with the KSI in deciphering parameter data structure, equal, are mutually applied
The deciphering parameter at family can be used for decrypting, and terminal procedure is unequal then directly to return to the deciphering parameter data for deleting relative users
Structure, terminal procedure;
Processing to authentication message to Authentication Request/Response, comprises the following steps,
Step B01, the authentication request message Authentication Request of S1-MME mouthfuls of capture, extraction field AUTN,
RAND and KSI, is stored in user's context;
Step B02, the authentication response message Authentication Response of S1-MME mouthfuls of capture, extract field RES, protect
It is stored in user's context;
Step B03, using AUTN, RAND and RES in user's context as key assignments, searches corresponding in memory database
Key Kasme, finds and then enters step B04, do not find, return, terminal procedure;
Step B04, judges that the deciphering parameter data structure of relative users whether there is, in the absence of then establishment deciphering parameter data knot
Structure, and each member is initialized as 0, deciphering parameter data structure member is directly otherwise initialized as 0;
Step B05, the deciphering parameter data structure to relative users is updated by the Kasme found in step B03, while will step
The KSI that rapid B01 is stored in user's context, which updates, arrives deciphering parameter data structure;
Step B06, terminal procedure;
Processing to security mode messages to Security mode Command/Complete, comprises the following steps,
Step C01, the Security Mode Command message Security mode Command of S1-MME mouthfuls of capture, extraction field KSI,
Type of ciphering algorithm, Sequence number, obtain critical field, Type of ciphering
Algorithm is that encryption algorithm type, Sequence number are sequence number;The safe mode completion message of S1-MME mouthfuls of capture
Security mode Complete, extract critical field Sequence number;
Step C02, confirms that the deciphering parameter data structure of relative users is present, and the KSI in deciphering parameter in step C01 with carrying
The KSI values taken are equal, and step C03 is entered if being satisfied by, and otherwise directly return, terminal procedure;
Step C03, the field that step C01 is extracted is updated into deciphering parameter data structure, including by Sequence number
Corresponding uplink_nas_seq or downlink_nas_seq are assigned to, then the context_sate in deciphering parameter is set to
1, uplink_nas_over_flow and downlink_nas_over_flow are set to 0;
Step C04, passes through canonical algorithm using the Kasme in deciphering parameter and Type of ciphering algorithm
HMAC-SHA-256 is derived by decruption key Knasenc, and is stored in deciphering parameter data structure;
Step C05, terminal procedure;
For the processing of S1-MME mouthfuls of other message, comprise the following steps,
Step D01, other message of S1-MME mouthfuls of capture extract field Security header type, Sequence
Number, Security header type are security header type;
Step D02, confirms that the deciphering parameter data structure of relative users is present, exists and then enter step D03, otherwise directly return
Return, terminal procedure;
Step D03, when Security header type are 2, it is encryption message to represent corresponding message, and step D01 is extracted
Field Sequence number update arrive deciphering parameter data structure, when Sequence number be 255 i.e. maximum when,
Corresponding uplink_nas_over_flow or downlink_nas_over_flow is overflowed into count value and adds 1, subsequently into step
Rapid D04;When Security header type are other values, it is non-encrypted message, directly returns, terminal procedure;
Step D04, terminal procedure;
Step 4, extracts the cipher text part of encryption message, is decrypted with reference to the related parameter of decryption,
Step 4 realization is as follows,
Confirm that the deciphering parameter data structure in relative users context is present, and context_sate is 1 in deciphering parameter;
COUNT values, including the extraction downlink_nas_over_flow and downlink_nas_sqn from deciphering parameter are calculated,
The corresponding counter NAS_OVERFLOW of message direction is obtained, COUNT values are calculated according to following formula,
COUNT=0x00 | NAS_OVERFLOW < < 8 | NAS_SQN
Wherein, NAS_SQN is 8bit sequence number, maximum be 255, NAS_SQN be 8bit sequence number, maximum is 255,
NAS_OVERFLOW is 16bit counter, and whenever NAS_SQN reaches maximum, then NAS_OVERFLOW adds 1;
The data and length of the cipher text part in encryption message are extracted, the type that AES is obtained from deciphering parameter is conciliate
It is decrypted after key Knasenc.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410307424.2A CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410307424.2A CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104038934A CN104038934A (en) | 2014-09-10 |
CN104038934B true CN104038934B (en) | 2017-08-08 |
Family
ID=51469492
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410307424.2A Active CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104038934B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105704755B (en) * | 2014-11-24 | 2021-03-05 | 中兴通讯股份有限公司 | Signaling monitoring method and system |
CN107005842B (en) * | 2014-12-02 | 2019-12-24 | 华为技术有限公司 | Authentication method, related device and system in wireless communication network |
CN104640107B (en) * | 2014-12-09 | 2019-01-15 | 北京电旗通讯技术股份有限公司 | NAS layers of ciphertext recognition methods of S1-MME interface in a kind of multiplex roles cooperation decryption LTE |
CN105246099A (en) * | 2015-10-27 | 2016-01-13 | 合肥浩瀚深度信息技术有限公司 | Association method of S1-MME (Mobility Management Entity) interface and S11 interface signaling procedure under LTE (Long Term Evolution) system interior non-switching scene |
CN106961681A (en) * | 2017-02-10 | 2017-07-18 | 北京浩瀚深度信息技术股份有限公司 | Multiplex roles cipher key processing method and device inside a kind of LTE system |
CN109120572A (en) * | 2017-06-22 | 2019-01-01 | 中兴通讯股份有限公司 | SIP signaling decryption method, device, system and computer readable storage medium |
CN108495279B (en) * | 2018-03-09 | 2020-02-14 | 北京全路通信信号研究设计院集团有限公司 | LTE-M signaling analysis method and system |
CN109327864A (en) * | 2018-11-07 | 2019-02-12 | 杭州迪普科技股份有限公司 | Flow processing method, device, equipment and storage medium |
CN109982260B (en) * | 2019-03-08 | 2021-01-26 | 杭州迪普科技股份有限公司 | Signaling decryption method and device, electronic equipment and machine-readable storage medium |
CN112822674A (en) * | 2020-12-29 | 2021-05-18 | 联想未来通信科技(重庆)有限公司 | Decryption method and device of NAS (network attached storage) message |
WO2022198671A1 (en) * | 2021-03-26 | 2022-09-29 | 华为技术有限公司 | Communication method and apparatus |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
CN102438241A (en) * | 2011-12-30 | 2012-05-02 | 北京中创信测科技股份有限公司 | Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159151A1 (en) * | 2010-12-21 | 2012-06-21 | Tektronix, Inc. | Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring |
-
2014
- 2014-06-30 CN CN201410307424.2A patent/CN104038934B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
CN102438241A (en) * | 2011-12-30 | 2012-05-02 | 北京中创信测科技股份有限公司 | Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis |
Also Published As
Publication number | Publication date |
---|---|
CN104038934A (en) | 2014-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104038934B (en) | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network | |
CN102438241B (en) | To NAS signaling decryption device and method in a kind of LTE protocol monitoring analysis | |
Van Den Broek et al. | Defeating IMSI catchers | |
CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
CN102300210B (en) | LTE Non-Access Stratum ciphertext decryption methods and its monitoring signaling device | |
Choudhury et al. | Enhancing user identity privacy in LTE | |
CN108809637A (en) | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher | |
CN109076339A (en) | The unified certification frame of heterogeneous network | |
CN106714152B (en) | Key distribution and receiving method, first key management center and first network element | |
CN108683510A (en) | A kind of user identity update method of encrypted transmission | |
CN100488281C (en) | Method for acquring authentication cryptographic key context from object base station | |
CN108809635A (en) | Anchor key generation method, equipment and system | |
CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
CN113228721A (en) | Communication method and related product | |
CN107295508A (en) | A kind of LTE network entity authentication and key updating method | |
CN107046548A (en) | A kind of packet filtering method under secret protection | |
CN101938741A (en) | Method, system and device for mutual authentication | |
CN101860863A (en) | Enhanced encryption and integrity protection method | |
CN101699890A (en) | 3G-WLAN authentication method | |
CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
CN101005489A (en) | Method for protecting mobile communication system network safety | |
CN106714153B (en) | Key distribution, generation and reception method and related device | |
CN108023884A (en) | A kind of encryption method of Networks and information security | |
CN104602231B (en) | A kind of method and apparatus of more new pre-shared key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |