WO2013097504A1 - Decryption device and method for nas signalling in lte protocol monitoring and analysis - Google Patents

Decryption device and method for nas signalling in lte protocol monitoring and analysis Download PDF

Info

Publication number
WO2013097504A1
WO2013097504A1 PCT/CN2012/082089 CN2012082089W WO2013097504A1 WO 2013097504 A1 WO2013097504 A1 WO 2013097504A1 CN 2012082089 W CN2012082089 W CN 2012082089W WO 2013097504 A1 WO2013097504 A1 WO 2013097504A1
Authority
WO
WIPO (PCT)
Prior art keywords
nas
decryption
message
parameter
data structure
Prior art date
Application number
PCT/CN2012/082089
Other languages
French (fr)
Chinese (zh)
Inventor
贾林
刘元凯
李春林
朱明新
张立
王升平
刘继秋
Original Assignee
北京中创信测科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京中创信测科技股份有限公司 filed Critical 北京中创信测科技股份有限公司
Publication of WO2013097504A1 publication Critical patent/WO2013097504A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the invention belongs to the application field of communication network protocol monitoring and analysis technology. Background vein
  • LTE Long Term Evolution
  • 3G Third Generation
  • LTE can not only provide higher data rate and capacity, but also provide greater coverage. It can also reduce service delay and system operation cost, which helps operators to introduce more real-time performance. High-speed business, which attracts more high-end users.
  • the network structure and protocol of the LTE system have also undergone great changes.
  • the schematic diagram of the LTE network structure is shown in Figure 1.
  • the radio access part of the LTE system is composed of a node of the enhanced Node B (Enhanced Node B), and the core network part is mainly composed of a Mobi Management Management (MME), an S-GW (ServingGateway) entity, and a packet data network.
  • MME Mobi Management Management
  • S-GW ServingGateway
  • PGW Packet Data Network Gateway
  • PCRF Policy and Charging Rules Function
  • HSS Home Subscriber Server
  • the S1-MME interface the interface between the eNodeB entity and the ⁇ E entity, which transmits the S1 interface application protocol protocol (S1AP) protocol and is nested in the S1AP message.
  • S1AP S1 interface application protocol protocol
  • NAS Non-Access-Stratume
  • the purpose of the present invention is to decrypt the NAS message transmitted on the interface.
  • the S10 interface is the interface between the E entities.
  • the GTP Control Plane version 2 (GTPv2-C) protocol message is transmitted on the interface.
  • the S6a interface is an interface between the E entity and the HSS entity, and the Diameter protocol message is transmitted on the interface.
  • the main function of the non-access stratum protocol NAS between the UE and the E entity is to implement mobility management, session management, and security control of the UE. Therefore, in the technical application of monitoring and analyzing the LTE network protocol, Monitoring analysis of the NAS protocol is critical. However, in the LTE network, after the UE and the E entity are securely controlled and activated and encrypted, the NAS message is encrypted and transmitted. If the monitored NAS message is not decrypted, the LTE protocol monitoring and analysis system cannot implement the NAS.
  • the correct decoding and analysis of the message so the main purpose of the present invention is to: capture the monitoring message from the relevant network interface, extract relevant information, and implement in the LTE network protocol monitoring and analysis system without changing the deployment and configuration of the LTE network.
  • the captured NAS message is decrypted, so that the monitoring system correctly decodes and analyzes the NAS protocol.
  • the non-access layer protocol (GPRS Mobility Management, GMM, GPRS Session Management. GSM) message on the lub interface can be decrypted.
  • 2 is a simplified schematic diagram of a UMTS network structure, in which a non-access stratum protocol message on a Uu interface and a lub interface is encrypted, and a non-access stratum protocol message transmitted on the Iu interface is not encrypted, in a lub interface.
  • the key can be directly extracted from the message on the Iu interface to decrypt the encrypted message.
  • the present invention provides a method for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, which includes the following steps:
  • the first step is to extract, from the S1-MME interface, the S6a interface, or the UE security related message, the decryption parameters and UE identification information required for NAS decryption;
  • the NAS message decryption parameter data structure of the UE is searched or established in the NAS decryption parameter storage maintenance module by using the extracted UE identifier information, and the extracted decryption parameter is used.
  • the NAS message decryption parameter data structure member of the UE is assigned, and other member values of the decryption parameter data structure are derived according to the assigned parameters;
  • the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module by using the UE identifier corresponding to the NAS message that needs to be decrypted, and the encrypted NAS message is decrypted by using the member information in the structure.
  • the NAS message decryption parameter data structure includes the following members: LENGTH: the length of the NAS message that needs to be decrypted, in bits;
  • DIRECTION indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and ⁇ E to the UE as the downlink direction;
  • BEARER is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
  • COUNT The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
  • KEY The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
  • EEA The encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID.
  • ID length is one byte, and the ID value is given in the corresponding message of the NAS interaction.
  • a specific processing procedure for extracting a decryption parameter from a message related to UE security on an S6a interface is:
  • the first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
  • the process ends, and the process continues;
  • the fourth step is to delete the content of the AuthVector array of the UE, and use the extracted
  • the E-UTRAN authentication vector reassigns the AuthVector array and ends the process.
  • the specific processing procedure for extracting decryption parameters from the UE security related message on the S10 interface is:
  • the process In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information ( ⁇ Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
  • the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information.
  • the third step is to determine whether the UE's parameters contain a status of Current.
  • NAS—Decryption—Para data structure instance if not, a new NAS-Decryption-Para data structure instance is generated.
  • the State member in the instance is set to the Current state, and all member parameters in the instance are reset. The member is still set to the Current state;
  • the member of the Current state NAS_Decryption-Para data structure instance is assigned a parameter extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and the corresponding formula;
  • the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
  • the old KSIASME and old KASME parameters are extracted from the MM Context information; and the eighth step is to determine whether the UE parameter has a status of Not Current.
  • NAS Decryption—Para data structure instance, if no new data structure instance is generated, member state is set to Not Current state, and then all parameters in the instance are reset, and its state is still set to Not Current state;
  • the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
  • the tenth step ends the process.
  • the specific processing procedure for extracting the decryption parameter from the Authentication request/response message on the S1-MME interface is:
  • the authentication request and the authentication response message pair for a certain UE are input, and the RAND, AUTN, and KSIasme parameter information are extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message;
  • the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector.
  • the three parameters of AUTN and RES are equal respectively; the third step is to determine whether the corresponding authentication vector AV is found, and if not found, the process ends; if found, the Kasme is extracted from the authentication vector; The fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid values; Step 6, end the process.
  • the specific processing procedure for extracting the decryption parameter from the Security mode command/complete message on the S1-MME interface is:
  • the first step is to input a Security mode command and a Security modecomplete message for a certain UE, and extract the NAS KSI and Type of chipering algorithm parameters from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security mode complete
  • the uplink NAS message count is extracted from the message message, and the Security modecomplete message is used to determine that the SMC process between the UE and the MME entity is successfully executed.
  • the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the parameters of the UE; determine whether the corresponding instance is found, and if not found, the process ends; if found, the execution continues;
  • the third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance.
  • the extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the corresponding formula, and ends the process; the fourth step;
  • the fourth step when the NAS-Decryption-Para data structure instance found in the third step When the status is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current. If there is one, the instance is deleted, and if it does not exist, the fifth step is continued;
  • Wo II uses the Type of chipering algorithm information of the Tier to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc with the corresponding formula, and the instance is State state is set to Current;
  • the sixth step is to end the process.
  • the encrypted NAS message is decrypted in the following manner:
  • an encrypted NAS message for a certain UE is input, that is, in the NAS message header.
  • the Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message;
  • the process it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
  • the third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance.
  • the message count is related to the member assignment; the NAS Count is calculated using the corresponding formula;
  • the fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data.
  • the algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM;
  • the calculated key stream KEY STREAM and the encrypted portion of the NAS message are subjected to a bitwise exclusive OR operation to complete the decryption of the encrypted portion of the NAS message, and input the decrypted NAS message plaintext;
  • the sixth step ends the decryption process.
  • the present invention also provides a device for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, including:
  • the NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to the UE security on the S1- ⁇ E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from a GTPv2-C message related to UE security on the S10 interface;
  • the NAS message decryption parameter storage maintenance module is configured to perform storage and maintenance on the input NAS message decryption parameter, and derivate and calculate other NAS decryption parameters according to relevant parameters;
  • the NAS message decryption execution module is configured to implement decryption of the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
  • information related to UE security is extracted from a specific message on the S1_MME, S10, or S6a interface, and used to establish, derive, and maintain related parameters such as a key necessary for decrypting the NAS message.
  • the protocol monitoring and analysis system can decrypt the captured encrypted NAS message without changing the relevant configuration of the LTE network and pre-configuring the LTE network protocol monitoring and analysis system with the UE decryption-related data.
  • the data structure of the UE decryption parameter is also designed, and there are at most two instances of the data structure corresponding to each UE, which are divided into two states.
  • the operation of the decryption parameter in the solution and the operation of the NAS message decryption process to decrypt the parameter data structure of the UE can realize the synchronization of the information in the decryption parameter data structure with the security context information in the UE and the E entity in the LTE network, thereby ensuring The protocol monitors and analyzes the correct decryption of NAS messages.
  • FIG. 1 is a structural diagram of an LTE network
  • Figure 2 is a schematic diagram showing the structure of a UMTS network
  • Figure 3 is a block diagram showing the structure of the NAS message decryption device
  • Figure 4 shows the processing steps of the NAS message decryption method
  • FIG. 5 shows the process of processing the Authentication Information Request/Response message
  • Figure 6 shows the process of related GTPv2-C message processing
  • FIG 7 shows the Authentication request/response message processing
  • Figure 8 shows the Security mode command/complete message processing
  • Figure 9 shows the NAS message decryption process.
  • the technical solution can implement the decryption function of the NAS message exchanged between the captured mobile terminal UE and the ⁇ E entity, and the NAS message includes all encrypted NAS messages in the uplink and downlink directions.
  • the portion in the block is a structural diagram of the device of the present invention.
  • the block part describes the block diagram of the NAS message decryption device, and the part outside the block is the LTE network structure diagram.
  • the arrows in the figure describe the input and output of the device and the component modules of the present invention.
  • the NAS message decryption device is composed of three parts: a NAS message decryption parameter extraction module, a NAS message decryption parameter storage maintenance module, and a NAS message decryption execution module. Among them, the functions realized by each component are as follows:
  • the NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to UE security on the S1- ⁇ E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from the GTPv2-C message related to UE security on the S10 interface.
  • the NAS message decryption parameter storage maintenance module is configured to store and maintain the input NAS message decryption parameters, and derive other NAS decryption parameters according to relevant parameters.
  • the NAS message decryption execution module decrypts the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
  • Figure 4 shows the method of decrypting an encrypted NAS message, which mainly includes three major steps:
  • the NAS message decryption parameter data structure of the UE is found or established, and the NAS message decryption parameter data structure member of the UE is assigned with the decryption parameter outputted in step 1, and other member values of the decryption parameter data structure are derived according to the relevant parameters.
  • the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module, and the encrypted NAS message is decrypted by using the member information in the structure.
  • the parameters for decrypting the NAS protocol message in the LTE system are not fixed, but dynamically change with the interaction of the NAS signaling. Therefore, the corresponding data structure is required to record the parameters required for the NAS protocol decryption in real time.
  • LENGTH the length of the NAS message that needs to be decrypted, in bits
  • DIRECTION indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and ⁇ E to the UE as the downlink direction;
  • BEARER is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
  • COUNT The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
  • KEY The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
  • the encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID.
  • the ID length is one byte.
  • the ID value is given in the corresponding message of the NAS interaction.
  • BEARER is a constant
  • LENGTH is directly obtained from the corresponding encrypted NAS message
  • EEA ID is given by the corresponding NAS message
  • COUNT and KEY need to be derived from the corresponding data, and the derivation is calculated as follows:
  • COUNT : 0x00 I NAS OVERFLOW
  • NAS SQN (1)
  • NAS SQN is the last 8 bits of COUNT, and this value is transmitted in each NAS message;
  • NAS OVERFLOW is COUNT intermediate 16 bits, when NAS When the SQN value accumulates overflow, NAS OVERFLOW is incremented by 1.
  • Knasenc f (Kasme, 0x15
  • f is a key derivation function KDF (KEY DERIVED FUNCTION)
  • Kasme is a derived key of Knasenc
  • the length is 256 bits, which is generated by the HSS entity and transmitted in the authentication vector AV (AUTHENTICATION VECTOR);
  • Algorithmic! is the ID of the encryption and decryption algorithm EEA used.
  • the KSI is a security context identifier associated with the UE in the LTE. Each Kasme is uniquely associated by a KSI. The value is allocated by ⁇ E and transmitted in the NAS message.
  • the state is the state of the UE security context. Status, CURRENT and NOT CURRENT; EncryptionlD is the ID of the port decryption algorithm; UplinkNasOverf low, UplinkNasSQN, DownlinkNasOverf low, DownlinkNasSQN are the components of the uplink and downlink NAS COUNT respectively.
  • the parameter data structure corresponds to the security context of the UE in LTE, and is also uniquely identified by the KSI. For each UE, there are two instances of the data structure, one corresponding to the security context of the CURRENT state, and one corresponding to the NOT CURRENT. The security context of the state.
  • An authentication vector AV (AUTHENTICATION) for authenticating the UE for record keeping VECTOR
  • its data storage structure is as follows (C++ language description):
  • the AuthVector is an array of multiple authentication vectors AV.
  • AuthVector array structure corresponding to each UE, and the authentication vector information extracted from the diameter and GTPv2_C messages for the UE is stored.
  • the process of extracting and maintaining the NAS message decryption parameters is mainly: extracting the decryption parameter information from the UE security related messages on the S1_MME, S10, and S6a interfaces, and completing the storage, derivation, and maintenance operations of the NAS decryption parameters.
  • the extraction and maintenance processing of the decryption parameters are different for different messages on different interfaces. The following describes the interface as a unit.
  • the process extracts the authentication vector information for the UE from the diameter message.
  • the message related to the UE security on the S6a interface is the Authentication Information Request and the Authentication Information Response message of the Diameter protocol.
  • the first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
  • the process ends, and the process continues;
  • the third step extracting E-UTRAN authentication information for the UE from the message, that is, extracting each authentication quaternary information;
  • the fourth step the content of the AuthVector array of the UE is deleted, and the AuthVector array is re-assigned with the extracted E-UTRAN authentication vector, and the process ends.
  • the process extracts the security context information (Security Context) about the UE from the GTPv2-C protocol message.
  • the GTPv2_C protocol messages related to UE security on the S10 interface are the Identification Request and the Identification Response message, the Context Request and the Context Response message, the Forward Relocation Request, and the Forward Relocation Response message.
  • the process In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information ( ⁇ Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
  • the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information.
  • the third step it is determined whether the parameter of the UE contains a NAS-Decryption-Para data structure instance with a status of Current. If not, a new NAS-Decryption-Para data structure instance is generated, and the State member in the instance is set to the Current state. Then all the member parameters in the instance are reset, and the State member is still set to the Current state;
  • the current state NAS_Decryption-Para data structure instance is assigned a member by using parameters extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and formula 2;
  • the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
  • the old KSIASME, old KASME parameter is extracted from the MM Context information; and the eighth step is to determine whether the UE parameter contains a NAS-Decryption-Para data structure instance with a status of Not Current, and no new data structure instance is generated. , the member State is set to the Not Current state, and then all the parameters in the instance are reset, and the State is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
  • the tenth step ends the process
  • the process extracts the UE security parameters from the NAS messages.
  • the NAS messages related to the UE security information on the S1-MME interface include an Authentication request and an Authentication response message, a Security mode command, and a Security mode complete message.
  • the two pairs of messages contain different security information and roles, and the following describes their processing.
  • the first step enter the Authentication request and Authentication response message pairs for a certain UE.
  • the RAND, AUTN, and KSIasme parameter information is extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message.
  • the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector. , AUTN, RES three parameters are equal.
  • the third step it is judged whether the corresponding authentication vector AV is found, and if it is not found, the process ends, and when found, the Kasme is extracted from the authentication vector.
  • the fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid.
  • the first step is to input the Security mode command and the Security modecomplete message for a certain UE, and the NAS KSI and Type of chipering algorithm parameters are extracted from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security.
  • the modecomplete message message extracts the uplink NAS message count Upl ink NAS SN, and the Security modecomplete message determines that the SMC process between the UE and the MME entity is successfully executed.
  • the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the UE parameters; determine whether the corresponding instance is found, and if not found, the process ends, and the process continues to be found.
  • the third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance.
  • the extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the formula 2, ending the process; Then proceed to the fourth step.
  • the state of the NAS-Decryption-Para data structure instance found in the third step is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current, and the existence is deleted. Example, if it does not exist, continue to the fifth step.
  • Wo II uses the Type of chipering algorithm information of the ear to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc by using Equation 2, and will State State is set to Current
  • the sixth step is to end the process.
  • the process of decrypting the encrypted NAS message is mainly to calculate the key code stream by using the information extracted from the NAS message and the member information in the NAS-Decryption-Para data structure instance of the current state to decrypt the encrypted NAS message.
  • the first step is to input an encrypted NAS message for a certain UE, that is, in the NAS header.
  • the Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message.
  • the process it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
  • the third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance. Message count related member assignment; Calculate NAS Count using Equation 1;
  • the fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data.
  • the algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM.
  • the fifth step is to use the calculated key stream KEY STREAM and the encrypted part of the NAS message.
  • the row is XORed to complete the decryption of the encrypted portion of the NAS message, and the plaintext of the decrypted NAS message is input.
  • the sixth step ends the decryption process.
  • the method and apparatus of the present invention may be implemented by hardware, software, or a combination of hardware and software, by a microprocessor, a digital signal processor, a field programmable logic unit, or a gate array. Ways to achieve.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a decryption device for an NAS signalling in LTE protocol monitoring and analysis, comprised of three parts: a decryption parameter extracting module for an NAS message, a decryption parameter storage and maintenance module for the NAS message, and a decryption executing module for the NAS message. By means of the technical solution in the present invention, information about the security of UE is extracted from certain messages at the S1-MME, S10 or S6a interface, and is used to establish, derive, and maintain the associated parameters required for decrypting the NAS message. The decryption operations can be performed by a protocol monitoring and analysis system on the encrypted NAS messages captured, without changing the related configuration of the LTE network or configurations of the data related to UE decryption beforehand on the LTE network protocol monitoring and analysis system.

Description

一种 LTE协议监测分析中对 NAS信令解密装置及方法 脉领域  NAS signaling decryption device and method in LTE protocol monitoring and analysis
本发明属于通信网络协议监测分析技术应用领域。 背景脉  The invention belongs to the application field of communication network protocol monitoring and analysis technology. Background vein
作为 3G (Third Generation) 的演进技术, LTE不仅可以提供更高 的数据速率和容量、 更大的覆盖范围, 还可以降低业务的延迟以及系统 的运营成本, 有利于运营商推出更多实时性、 高速率业务, 从而吸引更 多的高端用户。 而相对于 UMTS系统, LTE系统的网络结构和协议也发生 了很大的变化, LTE网络结构示意图如图 1所示。  As an evolution technology of 3G (Third Generation), LTE can not only provide higher data rate and capacity, but also provide greater coverage. It can also reduce service delay and system operation cost, which helps operators to introduce more real-time performance. High-speed business, which attracts more high-end users. Compared with the UMTS system, the network structure and protocol of the LTE system have also undergone great changes. The schematic diagram of the LTE network structure is shown in Figure 1.
LTE系统的无线接入部分由增强节点 B (Enhanced Node B ) 一种节 点组成,核心网部分主要由移动管理实体 (Mobi l ity Management Entity, MME)、 S-GW (ServingGateway) 实体、 分组数据网络网关 (Packet Data Network Gateway, PDNGateway )实体及策略与计费规则功能(Pol icy and Charging Rules Function, PCRF) 实体等组成, 归属用户服务器 (Home Subscriber Server , HSS ) 为所有移动网络的共享实体。 本发明的技术 方案涉及到的接口和协议如以下所述:  The radio access part of the LTE system is composed of a node of the enhanced Node B (Enhanced Node B), and the core network part is mainly composed of a Mobi Management Management (MME), an S-GW (ServingGateway) entity, and a packet data network. The Packet Data Network Gateway (PDNGateway) entity and the Policy and Charging Rules Function (PCRF) entity are configured. The Home Subscriber Server (HSS) is a shared entity of all mobile networks. The interfaces and protocols involved in the technical solution of the present invention are as follows:
S 1 -MME接口, eNodeB实体和匪 E实体之间的接口, 该接口上传输的 是 S1接口应用咅盼协议 (Sl-interface Appl ication Part protocol , S1AP)协议,并在 S1AP消息中会嵌套传输非接入层(Non-Access-Stratum, NAS )协议消息, 而本发明的目的就是对该接口上传输的 NAS消息进行解 密。  The S1-MME interface, the interface between the eNodeB entity and the 匪E entity, which transmits the S1 interface application protocol protocol (S1AP) protocol and is nested in the S1AP message. The Non-Access-Stratume (NAS) protocol message is transmitted, and the purpose of the present invention is to decrypt the NAS message transmitted on the interface.
S10接口, 为匪 E实体之间的接口, 在该接口上传输的是 GTP控制协 议版本 2 (GTP Control Plane version2 , GTPv2- C) 协议消息。  The S10 interface is the interface between the E entities. The GTP Control Plane version 2 (GTPv2-C) protocol message is transmitted on the interface.
S6a接口, 为匪 E实体与 HSS实体之间的接口, 该接口上传输的是 Diameter协议消息。 在 LTE网络系统中, UE和匪 E实体之间的非接入层协议 NAS的主要 功能是实现 UE的移动性管理, 会话管理以及安全控制, 因此在监测分析 LTE网络协议的技术应用中,对 NAS协议的监测分析是至关重要的。但是 在 LTE网络中, UE和匪 E实体之间经过安全控制、 启动加密保护后, NAS 消息会被加密传输, 如果对监测到的 NAS消息不进行解密, LTE协议监测 分析系统是无法实现对 NAS消息的正确解码和分析的, 所以本发明的主 要目的是: 在不改动 LTE 网络部署及配置的情况下, 从相关的网络接口 捕获监测消息, 提取相关信息, 在 LTE 网络协议监测分析系统中实现对 捕获到的 NAS消息进行解密, 使监测系统对 NAS协议正确解码和分析。 The S6a interface is an interface between the E entity and the HSS entity, and the Diameter protocol message is transmitted on the interface. In the LTE network system, the main function of the non-access stratum protocol NAS between the UE and the E entity is to implement mobility management, session management, and security control of the UE. Therefore, in the technical application of monitoring and analyzing the LTE network protocol, Monitoring analysis of the NAS protocol is critical. However, in the LTE network, after the UE and the E entity are securely controlled and activated and encrypted, the NAS message is encrypted and transmitted. If the monitored NAS message is not decrypted, the LTE protocol monitoring and analysis system cannot implement the NAS. The correct decoding and analysis of the message, so the main purpose of the present invention is to: capture the monitoring message from the relevant network interface, extract relevant information, and implement in the LTE network protocol monitoring and analysis system without changing the deployment and configuration of the LTE network. The captured NAS message is decrypted, so that the monitoring system correctly decodes and analyzes the NAS protocol.
在通用移云力通信系统 ( Universal Mobi le Telecommunication Universal Mobi le Telecommunication
System, UMTS) 网络协议监测分析系统中, 可以对 lub接口上的非接入 层协议 (GPRS Mobility Management、 GMM, GPRS Session Management. GSM) 消息进行解密。 图 2为 UMTS网络结构的简单示意图, 其中 Uu接口 和 lub接口上的非接入层协议消息是加密传输的, 而在 Iu接口上传输的 非接入层协议消息是不加密的, 在 lub接口上进行监测分析协议时可直 接从 Iu接口上的消息提取出密钥对其加密的消息进行解密。 System, UMTS) In the network protocol monitoring and analysis system, the non-access layer protocol (GPRS Mobility Management, GMM, GPRS Session Management. GSM) message on the lub interface can be decrypted. 2 is a simplified schematic diagram of a UMTS network structure, in which a non-access stratum protocol message on a Uu interface and a lub interface is encrypted, and a non-access stratum protocol message transmitted on the Iu interface is not encrypted, in a lub interface. When the monitoring and analysis protocol is performed, the key can be directly extracted from the message on the Iu interface to decrypt the encrypted message.
这样的技术方案无法应用于 LTE 网络协议监测分析, 因为存在如下 缺陷: 由于 LTE网络系统相对于 UMTS网络系统, 其网络结构、 接口、 协 议都发生了很大的变化, 不能简单的从一个接口上提取信息, 就能实现 消息的解密,而且 LTE网络系统比 UMTS网络系统在安全机制上更加完善, 因此现有的近似方案是无法实现 LTE 网络协议监测分析时对加密的消息 解密。  Such a technical solution cannot be applied to the LTE network protocol monitoring and analysis, because the following defects exist: Since the LTE network system has a great change with respect to the UMTS network system, its network structure, interface, and protocol cannot be simply from one interface. By extracting the information, the message can be decrypted, and the LTE network system is more complete than the UMTS network system. Therefore, the existing approximation scheme cannot decrypt the encrypted message when the LTE network protocol is monitored and analyzed.
为了克服上述缺陷, 就需要解决下述技术问题: 对 NAS消息进行解 密而需要的相关安全参数的获取、 计算推导及维护。 对 NAS消息进行解 密所需要的所有安全参数要从 LTE网络多个接口上不同协议消息中获取, 并根据相关参数进行计算推导出必要的密钥, 而有的参数是动态变化的, 因此对 NAS消息解密的安全参数的获取、 计算及维护要与 LTE网络中 UE 和 MME中的安全上下文 (Security Context ) 同步一致。  In order to overcome the above drawbacks, it is necessary to solve the following technical problems: acquisition, calculation derivation and maintenance of relevant security parameters required for decrypting NAS messages. All the security parameters needed to decrypt the NAS message are obtained from different protocol messages on multiple interfaces of the LTE network, and the necessary keys are calculated according to the relevant parameters, and some parameters are dynamically changed, so the NAS is The acquisition, calculation and maintenance of the security parameters of the message decryption are consistent with the security context (Security Context) in the UE and the MME in the LTE network.
此外, 还需要解决下述技术问题: 对 S10接口上特定的 GTPv2-C协 议消息中的安全参数进行分析提取, 对 S6a接口上特定的 Diameter消息 中的安全参数进行分析提取, 以及对 S1-MME接口上特定的 NAS消息中的 安全参数进行分析提取。 发明内容 In addition, the following technical issues need to be addressed: Specific GTPv2-C protocol on the S10 interface The security parameters in the message are analyzed and extracted, and the security parameters in the specific Diameter message on the S6a interface are analyzed and extracted, and the security parameters in the specific NAS message on the S1-MME interface are analyzed and extracted. Summary of the invention
为了解决上述的技术问题, 本发明提出了一种 LTE协议监测分析中 对 NAS信令解密处理的方法, 包括如下步骤:  In order to solve the above technical problem, the present invention provides a method for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, which includes the following steps:
第一步, 从 S1-MME接口、 S6a接口, 或 S10接口上的和 UE安全相关 的消息中提取 NAS解密需要的解密参数及 UE标识信息;  The first step is to extract, from the S1-MME interface, the S6a interface, or the UE security related message, the decryption parameters and UE identification information required for NAS decryption;
第二步, 利用提取的 UE标识信息在 NAS解密参数存储维护模块中查 找或建立该 UE的 NAS消息解密参数数据结构, 用提取出的解密参数对该 In the second step, the NAS message decryption parameter data structure of the UE is searched or established in the NAS decryption parameter storage maintenance module by using the extracted UE identifier information, and the extracted decryption parameter is used.
UE的 NAS消息解密参数数据结构成员赋值, 并根据赋值后的参数推导出 解密参数数据结构其他成员值; The NAS message decryption parameter data structure member of the UE is assigned, and other member values of the decryption parameter data structure are derived according to the assigned parameters;
第三步, 利用与需要解密的 NAS消息对应的 UE标识在 NAS解密参数 存储维护模块中查找到该 UE的 NAS消息解密参数数据结构, 利用结构中 成员信息对加密 NAS消息进行解密。  In the third step, the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module by using the UE identifier corresponding to the NAS message that needs to be decrypted, and the encrypted NAS message is decrypted by using the member information in the structure.
根据本发明的一个方面, NAS消息解密参数数据结构包括如下成员: LENGTH: 为需要解密的 NAS消息的长度, 以比特为单位;  According to one aspect of the invention, the NAS message decryption parameter data structure includes the following members: LENGTH: the length of the NAS message that needs to be decrypted, in bits;
DIRECTION: 表示此解密 NAS消息的传输方向, 1 比特, 0表示上行 消息, 1表示下行消息, 规定 UE到匪 E为上行方向, 匪 E到 UE为下行方 向;  DIRECTION: indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and 匪 E to the UE as the downlink direction;
BEARER: 为承载 ID, 长度为 5比特, 对于解密 NAS消息时, 该值为 常量 0;  BEARER: is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
COUNT: NAS消息的计数, 长度为 32 比特, 其分为上行 NAS消息的 COUNT (UPLINK NAS COUNT)和下行 NAS消息 COUNT (DOWNLINK NAS COUNT); COUNT: The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
KEY: 为 NAS消息加解密使用的密钥 Knasenc , 长度为 128比特, 此 密钥需要在 NAS交互的上下文中计算推导出; KEY: The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
EEA: 为 NAS消息的加密解密算法, 由相应的算法 ID进行标识, ID 长度为一个字节, 该 ID值在 NAS交互的相应消息中给出。 根据本发明的一个方面, 从 S6a接口上的与 UE安全相关的消息中提 取解密参数的具体处理过程为:, EEA: The encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID. The ID length is one byte, and the ID value is given in the corresponding message of the NAS interaction. According to an aspect of the present invention, a specific processing procedure for extracting a decryption parameter from a message related to UE security on an S6a interface is:
第一步, 输入针对某个 UE的 Authentication Information Request 禾口 Authentication Information Response消息对;  The first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
第二步, 从该消息对的 Authentication Information Response 中 检查是否含有该 UE的 E-UTRAN相关鉴权信息, 没有则结束过程, 有则继 续执行;  In the second step, it is checked whether the E-UTRAN related authentication information of the UE is included in the Authentication Information Response of the message pair, and if not, the process ends, and the process continues;
第三步, 从消息中提取针对该 UE的 E-UTRAN鉴权信息, 即提取各个 鉴权四元组信息;  In the third step, extracting E-UTRAN authentication information for the UE from the message, that is, extracting each authentication quaternary information;
第四步, 对该 UE 的 AuthVector 数组内容进行删除, 并用提取的 The fourth step is to delete the content of the AuthVector array of the UE, and use the extracted
E-UTRAN鉴权向量对 AuthVector数组进行重新赋值, 结束过程。 The E-UTRAN authentication vector reassigns the AuthVector array and ends the process.
根据本发明的一个方面, 从 S10接口上的与 UE安全相关的消息中提 取解密参数的具体处理过程为:  According to an aspect of the present invention, the specific processing procedure for extracting decryption parameters from the UE security related message on the S10 interface is:
第一步,输入和 UE安全相关的 GTPv2-C协议 Identification Request 禾口 Identification Response,或 Context Request禾口 Context Response , 或 Forward Relocation Request禾口 Forward Relocation Response消息。 判断消息中是否含有 UE 的移动管理上下文信息 (匪 Context ) , 如果没 有则结束过程, 有则判断匪 Context中是否含有 UE的状态为 Current 的安全上下文信息 (Security Context ) ,没有则结束过程, 有则继续处 理;  In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information (匪Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
第二步, 从 Current的安全上下文信息中提取出安全参数 KSIASME, Number of Quadruplet , Used NAS Cipher, NAS Downl ink Count , NAS Upl ink Count , KASME参数, 以及可會 的 Authentication Quadruplet [0. . 4]参 数;  In the second step, the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information. Parameter
第三步, 判断 UE 的参数中是否含有状态为 Current 的 The third step is to determine whether the UE's parameters contain a status of Current.
NAS— Decryption— Para 数据结构实例, 没有则新生成一个该 NAS— Decryption— Para 数据结构实例, 实例中的 State 成员设置成 Current状态, 有则将该实例中的所有成员参数进行重置, 其 State成员 仍设置成 Current状态; 第四步,用从 Current的安全上下文信息中提取的参数对该 Current 状态 NAS— Decryption— Para 数据结构实例进行成员赋值, 并用得到的 Kasme, EncryptionID和相应的公式计算出加解密密钥 Knasenc; NAS—Decryption—Para data structure instance, if not, a new NAS-Decryption-Para data structure instance is generated. The State member in the instance is set to the Current state, and all member parameters in the instance are reset. The member is still set to the Current state; In the fourth step, the member of the Current state NAS_Decryption-Para data structure instance is assigned a parameter extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and the corresponding formula;
第五步, 如果从匪 Context中提取出了 UE的鉴权四元组信息, 则
Figure imgf000007_0001
In the fifth step, if the authentication quadruplet information of the UE is extracted from the 匪Context,
Figure imgf000007_0001
对 UE 的 AuthVector数组实例进行重新赋值; Reassigning the UE's AuthVector array instance;
第六步, 判断 MM Context信息中是否含有 UE的状态为 Not Current 的安全上下文, 没有则结束整个过程, 有则继续执行;  In the sixth step, it is determined whether the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
第七步, 从 MM Context信息中提取 old KSIASME, old KASME参数; 第八步, 判断 UE 参数中是否含有状态为 Not Current 的 In the seventh step, the old KSIASME and old KASME parameters are extracted from the MM Context information; and the eighth step is to determine whether the UE parameter has a status of Not Current.
NAS— Decryption— Para 数据结构实例, 没有则新生成一个该数据结构实 例, 成员 State设置成 Not Current状态, 有则将该实例中所有参数进 行重置, 其 State仍然设置成 Not Current状态; NAS—Decryption—Para data structure instance, if no new data structure instance is generated, member state is set to Not Current state, and then all parameters in the instance are reset, and its state is still set to Not Current state;
第九步, 用从 MM Context中提取的 Not Current的安全上下文信息 对该状态为 Not Current的 NAS— Decryption— Para数据结构实例进行赋 值, 其 KSI等于 old KSIASME, Kasme等于 old KASME, 其他参数仍为无 效值;  In the ninth step, the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
第十步, 结束该过程。  The tenth step ends the process.
根据本发明的一个方面, 从 S1-MME 接口上的 Authentication request/response消息中提取解密参数的具体处理过程为:  According to an aspect of the invention, the specific processing procedure for extracting the decryption parameter from the Authentication request/response message on the S1-MME interface is:
第一步, 输入针对某个 UE 的 Authentication request 和 Authentication response消息对, 从 Authentication request消息中 提取 RAND, AUTN, KSIasme参数信息, 从 Authentication response消 息中提取 RES参数 (Response );  In the first step, the authentication request and the authentication response message pair for a certain UE are input, and the RAND, AUTN, and KSIasme parameter information are extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message;
第二步, 利用提取的 RAND, AUTN, RES三个参数一起作为关键值, 在 UE的 AuthVector数组结构中查找相应的鉴权向量 AV, 其鉴权向量中 的 RAND, AUTN, XRES与提取的 RAND, AUTN, RES三个参数分别相等; 第三步, 判断是否查找到相应鉴权向量 AV,没有找到则结束过程, 找 到则从鉴权向量中提取 Kasme; 第四步, 判断当前 UE 参数中是否有状态为 Not Current 的 NAS— Decryption— Para 数据结构实例, 没有则新生成一个该 NAS— Decryption— Para数据结构实例, 其 State成员设置成 Not Current 状态; 有则对该 NAS— Decryption— Para数据结构实例中所有成员进行充 值, 其 State成员仍然设置成 Not Current状态; In the second step, using the extracted three parameters RAND, AUTN, and RES as key values, the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector. The three parameters of AUTN and RES are equal respectively; the third step is to determine whether the corresponding authentication vector AV is found, and if not found, the process ends; if found, the Kasme is extracted from the authentication vector; The fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
第五步, 利用上面提取的参数对 Not Current 状态的 NAS— Decryption— Para数据结构实例进行赋值, KSI等于提取的 KSIasme, Kasme 等于提取的 Kasme, Upl inkNasOverf low , Upl inkNasSQN , Downl inkNasOverflow, Downl inkNasSQN都等于 0, 其他成员为无效值; 第六步, 结束过程。  In the fifth step, the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid values; Step 6, end the process.
根据本发明的一个方面, 从 S1-MME 接口上的 Security mode command/complete消息中提取解密参数的具体处理过程为:  According to an aspect of the present invention, the specific processing procedure for extracting the decryption parameter from the Security mode command/complete message on the S1-MME interface is:
第一步, 输入针对某个 UE的 Security mode command和 Security modecomplete消息, 从 Security mode command消息中提耳又出 NAS KSI、 Type of chipering algorithm参数, 下行 NAS消息的计数 Downl ink NAS SN,从 Security modecomplete消息消息中提取上行 NAS消息计数 Upl ink NAS SN, Security modecomplete消息作用是可判断 UE和 MME实体之间 的 SMC过程成功执行;  The first step is to input a Security mode command and a Security modecomplete message for a certain UE, and extract the NAS KSI and Type of chipering algorithm parameters from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security mode complete The uplink NAS message count is extracted from the message message, and the Security modecomplete message is used to determine that the SMC process between the UE and the MME entity is successfully executed.
第二步, 利用提取的 NAS KSI 在 UE 的参数中查找相应的 NAS— Decryption— Para数据结构实例; 判断是否查找到相应的实例, 没有 找到则结束过程, 找到则继续执行;  In the second step, the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the parameters of the UE; determine whether the corresponding instance is found, and if not found, the process ends; if found, the execution continues;
第三步, 查看找到的该 NAS— Decryption— Para数据结构实例的状态, 判断是否为 Current , 是则用提取的 Type of chipering algorithm信息 更新该 NAS— Decryption— Para数据结构实例中的 EncryptionID成员, 用 提取的 upl ink Nas SN更新 Upl inkNasOverf low, Upl inkNasSQN成员, 用提取的 downl ink Nas SN更新 Downl inkNasOverflow, Downl inkNasSQN 成员, 并用相应的公式重新计算出 NAS加解密密钥 Knasenc , 结束过程; 不是则执行第四步;  The third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance. The extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the corresponding formula, and ends the process; the fourth step;
第四步, 当在第三步找到的 NAS— Decryption— Para数据结构实例的 状态为 Not Current时, 判断 UE参数是否存在另外的状态为 Current的 NAS— Decryption— Para数据结构实例, 存在则删除该实例, 不存在则继续 执行第五步; The fourth step, when the NAS-Decryption-Para data structure instance found in the third step When the status is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current. If there is one, the instance is deleted, and if it does not exist, the fifth step is continued;
第五步, 禾 II用提耳又的 Type of chipering algorithm信息设置查找 到的状态为 Not Current 的 NAS— Decryption— Para 数据结构实例成员 EncryptionID,用相应的公式计算出成员 Knasenc , 并将将该实例的状态 State设置成 Current;  In the fifth step, Wo II uses the Type of chipering algorithm information of the Tier to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc with the corresponding formula, and the instance is State state is set to Current;
第六步, 结束过程。  The sixth step is to end the process.
根据本发明的一个方面, 对加密 NAS消息进行解密采用如下的方式: 第一步, 输入针对某个 UE的加密 NAS消息, 即该 NAS消息头里的 According to an aspect of the present invention, the encrypted NAS message is decrypted in the following manner: In the first step, an encrypted NAS message for a certain UE is input, that is, in the NAS message header.
Security header type字段等于 0010或 0100, 以及该 NAS消息的上下 行方向; The Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message;
第二步, 判断当前该 UE 的参数中是否含有状态为 Current 的 NAS— Decryption— Para数据结构实例, 不存在则直接结束过程; 存在则继 续执行。  In the second step, it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
第三步, 对输入的 NAS消息计算出加密部分的长度 Length; 提取出 NAS消息头里的 SN参数, 并利用输入的 NAS消息上下行信息对 Current 状态的 NAS— Decryption— Para数据结构实例中的消息计数相关成员赋值; 利用相应的公式计算出 NAS Count;  The third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance. The message count is related to the member assignment; the NAS Count is calculated using the corresponding formula;
第四步, 利用 Current状态的 NAS— Decryption— Para数据结构实例 中 Knasenc , NAS消息加密部分的长度 Length, 计算出的 NAS Count , 输入的 NAS消息上下行信息, Current状态的 NAS— Decryption— Para数据 结构实例中 EncryptionID指定的算法计算出密钥流 KEY STREAM;  The fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data. The algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM;
第五步, 利用计算出的密钥流 KEY STREAM与 NAS消息的加密部分进 行按比特异或运算, 完成 NAS 消息加密部分的解密, 输入解密后的 NAS 消息明文;  In the fifth step, the calculated key stream KEY STREAM and the encrypted portion of the NAS message are subjected to a bitwise exclusive OR operation to complete the decryption of the encrypted portion of the NAS message, and input the decrypted NAS message plaintext;
第六步, 结束解密过程。  The sixth step ends the decryption process.
本发明还提出了一种 LTE协议监测分析中对 NAS信令解密处理的设 备, 包括: NAS消息解密参数提取模块,用于从 S1-匪 E接口上与 UE安全相关的 NAS消息中提取 NAS解密需要的参数及 UE标识信息, 及从 S6a接口上与 UE安全相关的 diameter消息中提取 NAS解密需要的参数及 UE标识信息, 或从 S10接口上与 UE安全相关的 GTPv2-C消息中提取 NAS解密需要的参 数及 UE标识信息; The present invention also provides a device for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, including: The NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to the UE security on the S1-匪E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from a GTPv2-C message related to UE security on the S10 interface;
NAS消息解密参数存储维护模块,用于对输入的 NAS消息解密参数进 行存储维护, 以及根据相关参数进行推导计算出其他 NAS解密参数; The NAS message decryption parameter storage maintenance module is configured to perform storage and maintenance on the input NAS message decryption parameter, and derivate and calculate other NAS decryption parameters according to relevant parameters;
NAS消息解密执行模块,用于根据从 NAS解密参数存储维护模块输出 的参数及加密 NAS消息本身的参数信息实现对输入的加密 NAS消息的解 密。 The NAS message decryption execution module is configured to implement decryption of the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
通过本发明的技术方案, 从 S 1_MME、 S10、 或 S6a接口上的特定消息 提取和 UE安全相关的信息, 用来建立、 推导、 维护 NAS消息解密必须的 密钥等相关参数。 可以不需要改变 LTE网络的相关配置、 以及对 LTE网 络协议监测分析系统预先进行和 UE解密相关数据的配置, 就可以实现协 议监测分析系统对捕获的加密 NAS消息进行解密操作。 此外, 在本发明 中, 还设计了 UE解密参数的数据结构, 并且对应每个 UE最多有两个该 数据结构的实例, 分为两种状态。 通过方案中的解密参数建立维护过程 以及 NAS消息解密过程对 UE解密参数数据结构的操作, 可实现解密参数 数据结构中的信息与 LTE网络中 UE和匪 E实体中的安全上下文信息同步, 保证了协议监测分析系统对 NAS消息的正确解密。 附图说明  Through the technical solution of the present invention, information related to UE security is extracted from a specific message on the S1_MME, S10, or S6a interface, and used to establish, derive, and maintain related parameters such as a key necessary for decrypting the NAS message. The protocol monitoring and analysis system can decrypt the captured encrypted NAS message without changing the relevant configuration of the LTE network and pre-configuring the LTE network protocol monitoring and analysis system with the UE decryption-related data. In addition, in the present invention, the data structure of the UE decryption parameter is also designed, and there are at most two instances of the data structure corresponding to each UE, which are divided into two states. The operation of the decryption parameter in the solution and the operation of the NAS message decryption process to decrypt the parameter data structure of the UE can realize the synchronization of the information in the decryption parameter data structure with the security context information in the UE and the E entity in the LTE network, thereby ensuring The protocol monitors and analyzes the correct decryption of NAS messages. DRAWINGS
下面结合附图及具体实施例对本发明再作进一步详细的说明: 附图 1所示为 LTE网络结构图;  The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. FIG. 1 is a structural diagram of an LTE network;
附图 2所示为 UMTS网络结构示意图;  Figure 2 is a schematic diagram showing the structure of a UMTS network;
附图 3所示为 NAS消息解密装置结构框图;  Figure 3 is a block diagram showing the structure of the NAS message decryption device;
附图 4所示为 NAS消息解密方法处理步骤;  Figure 4 shows the processing steps of the NAS message decryption method;
附图 5所示为 Authentication Information Request/ Response消 息处理的过程; 附图 6所示为相关 GTPv2-C消息处理的过程; Figure 5 shows the process of processing the Authentication Information Request/Response message; Figure 6 shows the process of related GTPv2-C message processing;
附图 7所示为 Authentication request/ response消息处理过禾呈; 附图 8所示为 Security mode command/complete消息处理过程; 附图 9所示为 NAS消息的解密过程。 具^ TOfcW  Figure 7 shows the Authentication request/response message processing; Figure 8 shows the Security mode command/complete message processing; Figure 9 shows the NAS message decryption process. With ^ TOfcW
在 LTE协议监测分析时, 本技术方案可实现对抓取的移动终端 UE和 匪 E实体之间交互的 NAS消息的解密功能,其 NAS消息包括上行和下行方 向的所有加密 NAS消息。  In the LTE protocol monitoring and analysis, the technical solution can implement the decryption function of the NAS message exchanged between the captured mobile terminal UE and the 匪E entity, and the NAS message includes all encrypted NAS messages in the uplink and downlink directions.
如图 3所示, 方框中的部分为本发明装置的组成结构图。 其中, 方 块部分描述的是 NAS消息解密装置结构框图,方块以外部分是 LTE网络结 构示意图,图中箭头描述的是本发明装置及组成模块的输入与输出。  As shown in Fig. 3, the portion in the block is a structural diagram of the device of the present invention. The block part describes the block diagram of the NAS message decryption device, and the part outside the block is the LTE network structure diagram. The arrows in the figure describe the input and output of the device and the component modules of the present invention.
NAS消息解密装置由三部分组成: NAS消息解密参数提取模块、 NAS 消息解密参数存储维护模块以及 NAS消息解密执行模块。 其中, 各组成 部分实现的功能如下:  The NAS message decryption device is composed of three parts: a NAS message decryption parameter extraction module, a NAS message decryption parameter storage maintenance module, and a NAS message decryption execution module. Among them, the functions realized by each component are as follows:
NAS消息解密参数提取模块:用于从 S1-匪 E接口上与 UE安全相关的 NAS消息中提取 NAS解密需要的参数及 UE标识信息, 及从 S6a接口上与 UE安全相关的 diameter消息中提取 NAS解密需要的参数及 UE标识信息, 或从 S10接口上与 UE安全相关的 GTPv2-C消息中提取 NAS解密需要的参 数及 UE标识信息。  The NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to UE security on the S1-匪E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from the GTPv2-C message related to UE security on the S10 interface.
NAS消息解密参数存储维护模块:用于对输入的 NAS消息解密参数进 行存储维护, 以及根据相关参数进行推导计算出其他 NAS解密参数。  The NAS message decryption parameter storage maintenance module is configured to store and maintain the input NAS message decryption parameters, and derive other NAS decryption parameters according to relevant parameters.
NAS消息解密执行模块:根据从 NAS解密参数存储维护模块输出的参 数及加密 NAS消息本身的参数信息实现对输入的加密 NAS消息的解密。  The NAS message decryption execution module: decrypts the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
附图 4示出了对加密的 NAS消息进行解密处理的方法, 主要包括三 大步骤:  Figure 4 shows the method of decrypting an encrypted NAS message, which mainly includes three major steps:
1)从 S1-MME接口、 S6a接口, 或 S10接口上的和 UE安全相关的消息 中提取 NAS解密需要的参数及 UE标识信息。  1) Extract parameters and UE identification information required for NAS decryption from the UE-related security messages on the S1-MME interface, the S6a interface, or the S10 interface.
2)利用步骤 1输出的 UE标识信息在 NAS解密参数存储维护模块中查 找或建立该 UE的 NAS消息解密参数数据结构, 并用步骤 1输出的解密参 数对该 UE的 NAS消息解密参数数据结构成员赋值, 并根据相关参数推导 出解密参数数据结构其他成员值。 2) Using the UE identification information outputted in step 1 in the NAS decryption parameter storage maintenance module The NAS message decryption parameter data structure of the UE is found or established, and the NAS message decryption parameter data structure member of the UE is assigned with the decryption parameter outputted in step 1, and other member values of the decryption parameter data structure are derived according to the relevant parameters.
3)利用与需要解密的 NAS消息对应的 UE标识在 NAS解密参数存储维 护模块中查找到该 UE的 NAS消息解密参数数据结构, 利用结构中成员信 息对加密 NAS消息进行解密。  3) Using the UE identifier corresponding to the NAS message that needs to be decrypted, the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module, and the encrypted NAS message is decrypted by using the member information in the structure.
在 LTE系统内对 NAS协议消息进行解密的参数不是固定的, 而是随 着 NAS信令的交互动态变化的, 因此需要相应的数据结构实时记录存储 NAS协议解密需要的参数。  The parameters for decrypting the NAS protocol message in the LTE system are not fixed, but dynamically change with the interaction of the NAS signaling. Therefore, the corresponding data structure is required to record the parameters required for the NAS protocol decryption in real time.
对 NAS协议进行解密需要的参数及进行存储的相应数据结构如下: The parameters required to decrypt the NAS protocol and the corresponding data structures to be stored are as follows:
LENGTH: 为需要解密的 NAS消息的长度, 以比特为单位; LENGTH: the length of the NAS message that needs to be decrypted, in bits;
DIRECTION: 表示此解密 NAS消息的传输方向, 1 比特, 0表示上行 消息, 1表示下行消息, 规定 UE到匪 E为上行方向, 匪 E到 UE为下行方 向;  DIRECTION: indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and 匪 E to the UE as the downlink direction;
BEARER: 为承载 ID, 长度为 5比特, 对于解密 NAS消息时, 该值为 常量 0;  BEARER: is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
COUNT: NAS消息的计数, 长度为 32 比特, 其分为上行 NAS消息的 COUNT (UPLINK NAS COUNT)和下行 NAS消息 COUNT (DOWNLINK NAS COUNT); COUNT: The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
KEY: 为 NAS消息加解密使用的密钥 Knasenc , 长度为 128比特, 此 密钥需要在 NAS交互的上下文中计算推导出; KEY: The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
EEA: 为 NAS消息的加密解密算法, 由相应的算法 ID进行标识, ID 长度为一个字节, 该 ID值在 NAS交互的相应消息中给出。  EEA: The encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID. The ID length is one byte. The ID value is given in the corresponding message of the NAS interaction.
以上输入参数中, BEARER为常量, LENGTH、 DIRECTION 由相应的加 密 NAS消息直接得到, EEA的 ID由相应 NAS消息给出, 而 COUNT、 KEY则 需要由相应的数据推导计算, 推导计算如下:  Among the above input parameters, BEARER is a constant, LENGTH, DIRECTION are directly obtained from the corresponding encrypted NAS message, the EEA ID is given by the corresponding NAS message, and COUNT and KEY need to be derived from the corresponding data, and the derivation is calculated as follows:
COUNT : = 0x00 I NAS OVERFLOW | | NAS SQN (1) 其公式(1)中, NAS SQN为 COUNT的最后 8比特, 该值在每个 NAS消 息中传输; NAS OVERFLOW为 COUNT中间 16比特, 当 NAS SQN值累加溢出 时, NAS OVERFLOW就加 1。 Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SNOW) | 0x0 001) (2) COUNT : = 0x00 I NAS OVERFLOW | | NAS SQN (1) In the formula (1), NAS SQN is the last 8 bits of COUNT, and this value is transmitted in each NAS message; NAS OVERFLOW is COUNT intermediate 16 bits, when NAS When the SQN value accumulates overflow, NAS OVERFLOW is incremented by 1. Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SNOW) | 0x0 001) (2)
其公式(2)中, f为密钥导出函数 KDF (KEY DERIVED FUNCTION), Kasme 为 Knasenc的导出密钥, 长度为 256比特, 由 HSS实体产生, 在鉴权向 量 AV (AUTHENTICATION VECTOR)中传输; algorithmic!为使用的加解密算 法 EEA的 ID。  In the formula (2), f is a key derivation function KDF (KEY DERIVED FUNCTION), Kasme is a derived key of Knasenc, and the length is 256 bits, which is generated by the HSS entity and transmitted in the authentication vector AV (AUTHENTICATION VECTOR); Algorithmic! is the ID of the encryption and decryption algorithm EEA used.
以上为 NAS消息进行解密的参数, 本发明中的 NAS消息解密参数存 储结构用 C++描述如下:  The above parameters for decrypting the NAS message, the NAS message decryption parameter storage structure in the present invention is described in C++ as follows:
Struct NAS— Decryption— Para {  Struct NAS—Decryption—Para {
int KSI;  Int KSI;
int State;  Int State;
unsigned char Kasme [32];  Unsigned char Kasme [32];
int EncryptionlD;  Int EncryptionlD;
unsigned char Knasenc [16];  Unsigned char Knasenc [16];
int Up 1 i nkNasOver f 1 ow;  Int Up 1 i nkNasOver f 1 ow;
int UplinkNasSQN;  Int UplinkNasSQN;
int Down 1 i nkNasOver f 1 ow;  Int Down 1 i nkNasOver f 1 ow;
int Downl inkNasSQN;  Int Downl inkNasSQN;
};  };
其中, KSI为 LTE中和 UE相关的安全上下文标识, 每个 Kasme都由 一个 KSI唯一关联, 该值由匪 E进行分配, 在 NAS消息中传输; State为 UE 安全上下文的状态, 其有两种状态, CURRENT 和 NOT CURRENT; EncryptionlD为力口解密算法 ID; UplinkNasOverf low, UplinkNasSQN, DownlinkNasOverf low, DownlinkNasSQN分别为上下行 NAS COUNT的组成 部分。  The KSI is a security context identifier associated with the UE in the LTE. Each Kasme is uniquely associated by a KSI. The value is allocated by 匪E and transmitted in the NAS message. The state is the state of the UE security context. Status, CURRENT and NOT CURRENT; EncryptionlD is the ID of the port decryption algorithm; UplinkNasOverf low, UplinkNasSQN, DownlinkNasOverf low, DownlinkNasSQN are the components of the uplink and downlink NAS COUNT respectively.
在使用时,该参数数据结构和 LTE中 UE的安全上下文对应,也由 KSI 进行唯一标识,对于每个 UE有两个数据结构的实例,一个对应于 CURRENT 状态的安全上下文, 一个对应于 NOT CURRENT状态的安全上下文。  In use, the parameter data structure corresponds to the security context of the UE in LTE, and is also uniquely identified by the KSI. For each UE, there are two instances of the data structure, one corresponding to the security context of the CURRENT state, and one corresponding to the NOT CURRENT. The security context of the state.
为记录保存对 UE 进行鉴权认证的鉴权向量 AV (AUTHENTICATION VECTOR), 其数据存储结构如下(C++语言描述): An authentication vector AV (AUTHENTICATION) for authenticating the UE for record keeping VECTOR), its data storage structure is as follows (C++ language description):
Struct NAS—AV {  Struct NAS—AV {
unsigned char Kasme [32];  Unsigned char Kasme [32];
unsigned char RAND口;  Unsigned char RAND port;
unsigned char AUTN [];  Unsigned char AUTN [];
unsigned char XRES [];  Unsigned char XRES [];
};  };
NAS—AV AuthVector [];  NAS—AV AuthVector [];
其中, Kasme、 RAND, AUTN、 XRES为鉴权向量 4元组的组成部分, 由 网络 HSS实体产生, 在相应的 diameter和 GTPv2_C消息中携带传输; AuthVector为保存多个鉴权向量 AV的数组。  The AuthVector is an array of multiple authentication vectors AV.
使用时, 对于每个 UE都有一个该 AuthVector数组结构对应, 存储 从 diameter和 GTPv2_C消息中提取出的针对该 UE的鉴权向量信息。  In use, there is one AuthVector array structure corresponding to each UE, and the authentication vector information extracted from the diameter and GTPv2_C messages for the UE is stored.
NAS消息解密参数的提取与维护过程主要是: 从 S1_MME、 S10、 S6a 接口上的与 UE安全相关的消息中提取出解密参数信息, 完成 NAS解密参 数的存储、 推导、 维护操作。 针对不同接口上的不同消息, 其解密参数 的提取与维护处理过程也不同, 下面以接口为单位进行描述。  The process of extracting and maintaining the NAS message decryption parameters is mainly: extracting the decryption parameter information from the UE security related messages on the S1_MME, S10, and S6a interfaces, and completing the storage, derivation, and maintenance operations of the NAS decryption parameters. The extraction and maintenance processing of the decryption parameters are different for different messages on different interfaces. The following describes the interface as a unit.
1.从 S6a接口上的与 UE安全相关的消息中提取解密参数  1. Extract the decryption parameters from the UE security-related messages on the S6a interface.
该过程从 diameter消息中提取出对 UE的鉴权向量信息。 S6a接口上 禾口 UE安全相关的消息为 Diameter协议的 Authentication Information Request禾口 Authentication Information Response消息。  The process extracts the authentication vector information for the UE from the diameter message. The message related to the UE security on the S6a interface is the Authentication Information Request and the Authentication Information Response message of the Diameter protocol.
具体过程如图 5所示:  The specific process is shown in Figure 5:
第一步, 输入针对某个 UE的 Authentication Information Request 禾口 Authentication Information Response消息对;  The first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
第二步, 从该消息对的 Authentication Information Response 中 检查是否含有该 UE的 E-UTRAN相关鉴权信息, 没有则结束过程, 有则继 续执行;  In the second step, it is checked whether the E-UTRAN related authentication information of the UE is included in the Authentication Information Response of the message pair, and if not, the process ends, and the process continues;
第三步, 从消息中提取针对该 UE的 E-UTRAN鉴权信息, 即提取各个 鉴权四元组信息; 第四步, 对该 UE 的 AuthVector 数组内容进行删除, 并用提取的 E-UTRAN鉴权向量对 AuthVector数组进行重新赋值, 结束过程。 In the third step, extracting E-UTRAN authentication information for the UE from the message, that is, extracting each authentication quaternary information; In the fourth step, the content of the AuthVector array of the UE is deleted, and the AuthVector array is re-assigned with the extracted E-UTRAN authentication vector, and the process ends.
2.从 S10接口上的与 UE安全相关的消息中提取解密参数  2. Extract the decryption parameters from the UE security related message on the S10 interface.
该过程从 GTPv2-C 协议消息中提取出关于 UE 的安全上下文信息 (Security Context )。S10接口上和 UE安全相关的 GTPv2_C协议消息为, Identification Request 禾口 Identification Response 消息, Context Request 禾口 Context Response 消息, Forward Relocation Request 禾口 Forward Relocation Response消息。  The process extracts the security context information (Security Context) about the UE from the GTPv2-C protocol message. The GTPv2_C protocol messages related to UE security on the S10 interface are the Identification Request and the Identification Response message, the Context Request and the Context Response message, the Forward Relocation Request, and the Forward Relocation Response message.
具体过程描如附图 6所示:  The specific process is shown in Figure 6:
第一步,输入和 UE安全相关的 GTPv2-C协议 Identification Request 禾口 Identification Response,或 Context Request禾口 Context Response , 或 Forward Relocation Request禾口 Forward Relocation Response消息。 判断消息中是否含有 UE 的移动管理上下文信息 (匪 Context ) , 如果没 有则结束过程, 有则判断匪 Context中是否含有 UE的状态为 Current 的安全上下文信息 (Security Context ) ,没有则结束过程, 有则继续处 理;  In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information (匪Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
第二步, 从 Current的安全上下文信息中提取出安全参数 KSIASME, Number of Quadruplet , Used NAS Cipher, NAS Downl ink Count , NAS Upl ink Count , KASME参数, 以及可會 的 Authentication Quadruplet [0. . 4]参 数;  In the second step, the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information. Parameter
第三步, 判断 UE 的参数中是否含有状态为 Current 的 NAS— Decryption— Para 数据结构实例, 没有则新生成一个该 NAS— Decryption— Para 数据结构实例, 实例中的 State 成员设置成 Current状态, 有则将该实例中的所有成员参数进行重置, 其 State成员 仍设置成 Current状态;  In the third step, it is determined whether the parameter of the UE contains a NAS-Decryption-Para data structure instance with a status of Current. If not, a new NAS-Decryption-Para data structure instance is generated, and the State member in the instance is set to the Current state. Then all the member parameters in the instance are reset, and the State member is still set to the Current state;
第四步,用从 Current的安全上下文信息中提取的参数对该 Current 状态 NAS— Decryption— Para 数据结构实例进行成员赋值, 并用得到的 Kasme, EncryptionID和公式 2计算出加解密密钥 Knasenc;  In the fourth step, the current state NAS_Decryption-Para data structure instance is assigned a member by using parameters extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and formula 2;
第五步, 如果从匪 Context中提取出了 UE的鉴权四元组信息, 则 对 UE 的 AuthVector数组实例进行重新赋值; In the fifth step, if the authentication quadruplet information of the UE is extracted from the 匪Context, Reassign the UE's AuthVector array instance;
第六步, 判断 MM Context信息中是否含有 UE的状态为 Not Current 的安全上下文, 没有则结束整个过程, 有则继续执行;  In the sixth step, it is determined whether the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
第七步, 从 MM Context信息中提取 old KSIASME, old KASME参数; 第八步, 判断 UE 参数中是否含有状态为 Not Current 的 NAS— Decryption— Para 数据结构实例, 没有则新生成一个该数据结构实 例, 成员 State设置成 Not Current状态, 有则将该实例中所有参数进 行重置, 其 State仍然设置成 Not Current状态;  In the seventh step, the old KSIASME, old KASME parameter is extracted from the MM Context information; and the eighth step is to determine whether the UE parameter contains a NAS-Decryption-Para data structure instance with a status of Not Current, and no new data structure instance is generated. , the member State is set to the Not Current state, and then all the parameters in the instance are reset, and the State is still set to the Not Current state;
第九步, 用从 MM Context中提取的 Not Current的安全上下文信息 对该状态为 Not Current的 NAS— Decryption— Para数据结构实例进行赋 值, 其 KSI等于 old KSIASME, Kasme等于 old KASME, 其他参数仍为无 效值;  In the ninth step, the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
第十步, 结束该过程;  The tenth step ends the process;
3.从 S1-MME接口上的与 UE安全相关的消息中提取解密参数 该过程从 NAS消息中提取出 UE的安全参数。 S1-MME接口上和 UE安 全信息相关的 NAS消息有 Authentication request禾口 Authentication response消息, Security mode command禾口 Security mode complete消 息。 这两对消息含有的安全信息和作用都不同, 以下分别描述对他们的 处理过程。  3. Extracting the decryption parameters from the UE security related messages on the S1-MME interface. The process extracts the UE security parameters from the NAS messages. The NAS messages related to the UE security information on the S1-MME interface include an Authentication request and an Authentication response message, a Security mode command, and a Security mode complete message. The two pairs of messages contain different security information and roles, and the following describes their processing.
1) Authentication request/response消息处理过禾呈  1) The Authentication request/response message has been processed
具体过程描述如图 7所示:  The specific process description is shown in Figure 7:
第一步, 输入针对某个 UE 的 Authentication request 和 Authentication response消息对。 从 Authentication request消息中 提取 RAND, AUTN, KSIasme参数信息, 从 Authentication response消 息中提取 RES参数 (Response)。  In the first step, enter the Authentication request and Authentication response message pairs for a certain UE. The RAND, AUTN, and KSIasme parameter information is extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message.
第二步, 利用提取的 RAND, AUTN, RES三个参数一起作为关键值, 在 UE的 AuthVector数组结构中查找相应的鉴权向量 AV, 其鉴权向量中 的 RAND, AUTN, XRES与提取的 RAND, AUTN, RES三个参数分别相等。 第三步, 判断是否查找到相应鉴权向量 AV,没有找到则结束过程, 找 到则从鉴权向量中提取 Kasme。 In the second step, using the extracted three parameters RAND, AUTN, and RES as key values, the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector. , AUTN, RES three parameters are equal. In the third step, it is judged whether the corresponding authentication vector AV is found, and if it is not found, the process ends, and when found, the Kasme is extracted from the authentication vector.
第四步, 判断当前 UE 参数中是否有状态为 Not Current 的 NAS— Decryption— Para 数据结构实例, 没有则新生成一个该 NAS— Decryption— Para数据结构实例, 其 State成员设置成 Not Current 状态; 有则对该 NAS— Decryption— Para数据结构实例中所有成员进行充 值, 其 State成员仍然设置成 Not Current状态;  The fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
第五步, 利用上面提取的参数对 Not Current 状态的 NAS— Decryption— Para数据结构实例进行赋值, KSI等于提取的 KSIasme, Kasme 等于提取的 Kasme, Upl inkNasOverf low , Upl inkNasSQN , Downl inkNasOverflow, Downl inkNasSQN都等于 0, 其他成员为无效值。  In the fifth step, the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid.
第六步, 结束过程;  The sixth step, the end process;
2)对 Security mode command/complete消息处理过禾呈  2) Processed the Security mode command/complete message
具体过程描述如图 8所示:  The specific process description is shown in Figure 8:
第一步, 输入针对某个 UE的 Security mode command禾口 Security modecomplete消息, 从 Security mode command消息中提耳又出 NAS KSI、 Type of chipering algorithm参数, 下行 NAS消息的计数 Downl ink NAS SN,从 Security modecomplete消息消息中提取上行 NAS消息计数 Upl ink NAS SN, Security modecomplete消息作用是可判断 UE和 MME实体之间 的 SMC过程成功执行。  The first step is to input the Security mode command and the Security modecomplete message for a certain UE, and the NAS KSI and Type of chipering algorithm parameters are extracted from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security. The modecomplete message message extracts the uplink NAS message count Upl ink NAS SN, and the Security modecomplete message determines that the SMC process between the UE and the MME entity is successfully executed.
第二步, 利用提取的 NAS KSI 在 UE 的参数中查找相应的 NAS— Decryption— Para数据结构实例; 判断是否查找到相应的实例, 没有 找到则结束过程, 找到则继续执行。  In the second step, the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the UE parameters; determine whether the corresponding instance is found, and if not found, the process ends, and the process continues to be found.
第三步, 查看找到的该 NAS— Decryption— Para数据结构实例的状态, 判断是否为 Current , 是则用提取的 Type of chipering algorithm信息 更新该 NAS— Decryption— Para数据结构实例中的 EncryptionID成员, 用 提取的 upl ink Nas SN更新 Upl inkNasOverf low, Upl inkNasSQN成员, 用提取的 downl ink Nas SN更新 Downl inkNasOverflow, Downl inkNasSQN 成员, 并用公式 2重新计算出 NAS加解密密钥 Knasenc , 结束过程; 不是 则执行第四步。 The third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance. The extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the formula 2, ending the process; Then proceed to the fourth step.
第四步, 当在第三步找到的 NAS— Decryption— Para数据结构实例的 状态为 Not Current时, 判断 UE参数是否存在另外的状态为 Current的 NAS— Decryption— Para数据结构实例, 存在则删除该实例, 不存在则继续 执行第五步。  In the fourth step, when the state of the NAS-Decryption-Para data structure instance found in the third step is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current, and the existence is deleted. Example, if it does not exist, continue to the fifth step.
第五步, 禾 II用提耳又的 Type of chipering algorithm信息设置查找 到的状态为 Not Current 的 NAS— Decryption— Para 数据结构实例成员 EncryptionID,用公式 2计算出成员 Knasenc ,并将将该实例的状态 State 设置成 Current  In the fifth step, Wo II uses the Type of chipering algorithm information of the ear to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc by using Equation 2, and will State State is set to Current
第六步, 结束过程。  The sixth step is to end the process.
对加密 NAS消息执行解密的过程主要是利用从 NAS消息中提取的信 息和 Current状态的 NAS— Decryption— Para数据结构实例中的成员信息 计算出密钥码流, 实现对加密 NAS消息的解密。  The process of decrypting the encrypted NAS message is mainly to calculate the key code stream by using the information extracted from the NAS message and the member information in the NAS-Decryption-Para data structure instance of the current state to decrypt the encrypted NAS message.
具体过程描述如图 9所示:  The specific process description is shown in Figure 9:
第一步, 输入针对某个 UE的加密 NAS消息, 即该 NAS消息头里的 The first step is to input an encrypted NAS message for a certain UE, that is, in the NAS header.
Security header type字段等于 0010或 0100, 以及该 NAS消息的上下 行方向。 The Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message.
第二步, 判断当前该 UE 的参数中是否含有状态为 Current 的 NAS— Decryption— Para数据结构实例, 不存在则直接结束过程; 存在则继 续执行。  In the second step, it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
第三步, 对输入的 NAS消息计算出加密部分的长度 Length; 提取出 NAS消息头里的 SN参数, 并利用输入的 NAS消息上下行信息对 Current 状态的 NAS— Decryption— Para数据结构实例中的消息计数相关成员赋值; 利用公式 1计算出 NAS Count;  The third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance. Message count related member assignment; Calculate NAS Count using Equation 1;
第四步, 利用 Current状态的 NAS— Decryption— Para数据结构实例 中 Knasenc , NAS消息加密部分的长度 Length, 计算出的 NAS Count , 输入的 NAS消息上下行信息, Current状态的 NAS— Decryption— Para数据 结构实例中 EncryptionID指定的算法计算出密钥流 KEY STREAM。  The fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data. The algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM.
第五步, 利用计算出的密钥流 KEY STREAM与 NAS消息的加密部分进 行按比特异或运算, 完成 NAS 消息加密部分的解密, 输入解密后的 NAS 消息明文。 The fifth step is to use the calculated key stream KEY STREAM and the encrypted part of the NAS message. The row is XORed to complete the decryption of the encrypted portion of the NAS message, and the plaintext of the decrypted NAS message is input.
第六步, 结束解密过程。  The sixth step ends the decryption process.
本领域的技术人员应该理解, 本发明的方法和装置可以采用硬件、 软件、 或硬件和软件相结合的方式, 通过微处理器、 数字信号处理器、 现场可编程逻 辑单元、 或门阵列等各种方式实现。  It should be understood by those skilled in the art that the method and apparatus of the present invention may be implemented by hardware, software, or a combination of hardware and software, by a microprocessor, a digital signal processor, a field programmable logic unit, or a gate array. Ways to achieve.
综上所述, 虽然本发明已以优选实施例披露如上, 然而其并非用以 限定本发明。 本发明所属技术领域的普通技术人员, 在不脱离本发明的 精神和范围内, 可作各种变动与修饰。 因此, 本发明的保护范围当视后 附的权利要求所界定的范围为准。  In summary, although the invention has been disclosed above in the preferred embodiments, it is not intended to limit the invention. Various changes and modifications can be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention is defined by the scope of the appended claims.

Claims

权 利 要 求 书 Claim
1、 一种 LTE协议监测分析中对传输非接入层 (NAS ) 信令解密处理 的方法, 其特征在于, 包括如下步骤: A method for decrypting a transmission non-access stratum (NAS) signaling in the LTE protocol monitoring and analysis, characterized in that the method comprises the following steps:
第一步, 从 S1-MME接口、 S6a接口, 或 S10接口上的和 UE安全相关 的消息中提取 NAS解密需要的解密参数及 UE标识信息;  The first step is to extract, from the S1-MME interface, the S6a interface, or the UE security related message, the decryption parameters and UE identification information required for NAS decryption;
第二步, 利用提取的 UE标识信息在 NAS解密参数存储维护模块中查 找或建立该 UE的 NAS消息解密参数数据结构, 用提取出的解密参数对该 UE的 NAS消息解密参数数据结构成员赋值, 并根据赋值后的参数推导出 解密参数数据结构其他成员值;  In the second step, the NAS message decryption parameter data structure of the UE is searched or established in the NAS decryption parameter storage maintenance module by using the extracted UE identification information, and the NAS decryption parameter data structure member of the UE is assigned with the extracted decryption parameter. And deriving other member values of the decryption parameter data structure according to the assigned parameters;
第三步, 利用与需要解密的 NAS消息对应的 UE标识在 NAS解密参数 存储维护模块中查找到该 UE的 NAS消息解密参数数据结构, 利用结构中 成员信息对加密 NAS消息进行解密。  In the third step, the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module by using the UE identifier corresponding to the NAS message that needs to be decrypted, and the encrypted NAS message is decrypted by using the member information in the structure.
2、 如权利要求 1所述的方法, 其特征在于, NAS消息解密参数数据 结构包括如下成员:  2. The method of claim 1 wherein the NAS message decryption parameter data structure comprises the following members:
长度 (LENGTH) : 为需要解密的 NAS消息的长度, 以比特为单位; 方向(DIRECTION) : 表示此解密 NAS消息的传输方向, 1 比特, 0表 示上行消息, 1表示下行消息, 规定 UE到匪 E为上行方向, 匪 E到 UE为 下行方向;  Length (LENGTH): The length of the NAS message that needs to be decrypted, in bits; Direction (DIRECTION): Indicates the transmission direction of this decrypted NAS message, 1 bit, 0 means uplink message, 1 means downlink message, specifies UE to 匪E is the uplink direction, and 匪E to the UE is the downlink direction;
承载 (BEARER): 为承载 ID, 长度为 5比特, 对于解密 NAS消息时, 该值为常量 0;  Bearer (BEARER): is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
计数 (COUNT) : NAS消息的计数, 长度为 32比特, 其分为上行 NAS消 息的 COUNT和下行 NAS消息 COUNT ;  Count (COUNT): The count of NAS messages, which is 32 bits in length, which is divided into COUNT for upstream NAS messages and COUNT for downstream NAS messages;
密钥 (KEY) : 为 NAS消息加解密使用的密钥 Knasenc , 长度为 128比 特, 此密钥需要在 NAS交互的上下文中计算推导出;  Key (KEY): The key Knasenc used for encryption and decryption of NAS messages, with a length of 128 bits. This key needs to be calculated and derived in the context of NAS interaction;
加解密算法 (EEA) : 为 NAS 消息的加密解密算法, 由相应的算法 ID 进行标识, ID长度为一个字节, 该 ID值在 NAS交互的相应消息中给出。  Encryption and Decryption Algorithm (EEA): The encryption and decryption algorithm for NAS messages, identified by the corresponding algorithm ID, with an ID length of one byte, which is given in the corresponding message of the NAS interaction.
3、 如权利要求 1所述的方法, 其特征在于, 从 S6a接口上的与 UE 安全相关的消息中提取解密参数的具体处理过程为: 第一步, 输入针对某个 UE 的鉴权信息请求(Authentication Information Request)禾口鉴权信息口向应 (Authentication Information Response)消息对; 3. The method according to claim 1, wherein the specific processing for extracting the decryption parameter from the UE security related message on the S6a interface is: The first step is to input an Authentication Information Request (Authentication Information Request) and an Authentication Information Response message pair for a certain UE;
第二步,从该消息对的鉴权信息响应中判断是否含有该 UE的 E-UTRAN 相关鉴权信息, 如果没有则结束过程, 否则继续执行;  In the second step, it is determined whether the E-UTRAN related authentication information of the UE is included in the authentication information response of the message pair, and if not, the process ends; otherwise, the execution continues;
第三步, 从该消息中提取针对该 UE的 E-UTRAN鉴权信息, 即提取各 个鉴权四元组信息;  In the third step, the E-UTRAN authentication information for the UE is extracted from the message, that is, each authentication quaternary information is extracted;
第四步,对该 UE的鉴权向量数组内容进行删除,并用提取的 E-UTRAN 鉴权向量对鉴权向量数组进行重新赋值, 结束过程。  In the fourth step, the content of the authentication vector array of the UE is deleted, and the extracted E-UTRAN authentication vector is used to re-assign the authentication vector array, and the process ends.
4、 如权利要求 1所述的方法, 其特征在于, 从 S10接口上的与 UE 安全相关的消息中提取解密参数的具体处理过程为:  The method according to claim 1, wherein the specific processing for extracting the decryption parameter from the UE security related message on the S10 interface is:
第一步, 输入和 UE 安全相关的 GTPv2-C 协议识别请求 (Identification Request)禾口识另 lj口向应 (Identification Response) , 或 上下文请求(Context Request)禾口上下文响应(Context Response) , 或转 发重定位请求 (Forward Relocation Request)禾口转发重定位口向应 (Forward Relocation Response)消息,判断消息中是否含有 UE的移动管 理上下文信息 (匪 Context ) , 如果没有则结束过程, 否则进一步判断移 动管理上下文信息中是否含有 UE 的状态为 Current 的安全上下文信息 (Security Context ) ,没有则结束过程, 否则继续处理;  The first step is to input the GTPv2-C protocol identification request related to the UE security, and identify the Identification Response, or the context request (Context Request) and the context response (Context Response), or Forwarding a Relocation Request (Forward Relocation Request) and forwarding a Forward Relocation Response message, determining whether the message contains the UE's mobility management context information (匪Context), and if not, ending the process, otherwise further determining the mobile Whether the management context information contains the security context information (Security Context) of the state of the UE, and if not, the process ends; otherwise, the processing continues;
第二步, 从 Current的安全上下文信息中提取出安全参数 KSIASME, The second step is to extract the security parameter KSIASME from the current security context information.
Number of Quadruplet , Used NAS Cipher, NAS Downl ink Count , NAS Upl ink Count , KASME参数, 以及可會 的 Authentication Quadruplet [0. . 4]参 数; Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and optional Authentication Quadruplet [0. . 4] parameters;
第三步, 判断 UE 的参数中是否含有状态为 Current 的 NAS— Decryption— Para 数据结构实例, 如果没有则新生成一个该 NAS— Decryption— Para数据结构实例, 其中实例中的状态(State)成员设 置为 Current状态, 如果有则将该实例中的所有成员参数进行重置, 其 中状态成员仍设置为 Current状态;  In the third step, it is determined whether the parameter of the UE contains a NAS-Decryption-Para data structure instance with a status of Current. If not, a new NAS-Decryption-Para data structure instance is generated, where the state member of the instance is set. The Current state, if any, resets all member parameters in the instance, where the state member is still set to the Current state;
第四步,用从 Current的安全上下文信息中提取的参数对该 Current 状态 NAS— Decryption— Para 数据结构实例进行成员赋值, 并用得到的 Kasme, EncryptionID, 禾 lj用公式 The fourth step is to use the parameters extracted from Current's security context information for the Current. State NAS - Decryption - Para data structure instance for member assignment, and use the resulting Kasme, EncryptionID, Wo lj formula
Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SN0W) | 0x0 Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SN0W) | 0x0
001) 001)
计算出加解密密钥 Knasenc , 其中, f 为密钥导出函数 KDF (KEY Calculate the encryption and decryption key Knasenc , where f is the key derivation function KDF (KEY
DERIVED FUNCTION), Kasme为 Knasenc的导出密钥, 长度为 256比特, 由 HSS 实体产生, 在鉴权向量 AV (AUTHENTICATION VECTOR)中传输, algorithmic!为使用的加解密算法 EEA的 ID; DERIVED FUNCTION), Kasme is Knasenc's derived key, which is 256 bits long, generated by the HSS entity, transmitted in the authentication vector AV (AUTHENTICATION VECTOR), and algorithmic! is the ID of the used encryption and decryption algorithm EEA;
第五步, 如果从移动管理上下文信息中提取出了 UE的鉴权四元组信  In the fifth step, if the authentication quaternary letter of the UE is extracted from the mobility management context information
[0. . 4]对 UE 的鉴权向量数组实例进行重新赋值; [0. . 4] Re-assigning an instance of the UE's authentication vector array;
第六步, 判断移动管理上下文信息中是否含有 UE 的状态为 Not Current的安全上下文, 没有则结束整个过程, 否则继续执行下一步; 第七步, 从移动管理上下文信息中提取 old KSIASME, old KASME参 数;  In the sixth step, it is determined whether the mobility management context information includes a security context in which the UE status is Not Current, and if not, the entire process is terminated; otherwise, the next step is continued; Step 7: Extracting old KSIASME, old KASME from the mobility management context information Parameter
第八步, 判断 UE 参数中是否含有状态为 Not Current 的 NAS— Decryption— Para数据结构实例,如果没有则新生成一个该数据结构 实例, 并将 State成员设置成 Not Current状态, 如果有则将该实例中 所有参数进行重置, 其 State成员仍然设置成 Not Current状态;  In the eighth step, determining whether the UE parameter includes a NAS-Decryption-Para data structure instance with a status of Not Current, if not, newly generating an instance of the data structure, and setting the State member to a Not Current state, if any, All parameters in the instance are reset, and their State members are still set to the Not Current state;
第九步, 用从移动管理上下文信息中提取的 Not Current 的安全上 下文信息对该状态为 Not Current的 NAS— Decryption— Para数据结构实 例进行赋值, 其 KSI等于 old KSIASME, Kasme等于 old KASME, 其他参 数仍为无效值;  In the ninth step, the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the mobility management context information, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are Still invalid value;
第十步, 结束该过程。  The tenth step ends the process.
5、 如权利要求 1所述的方法, 其特征在于, 从 S1-MME接口上的鉴 权请求 /响应(Authentication request/response)消息中提取解密参数 的具体处理过程为:  The method according to claim 1, wherein the specific processing of extracting the decryption parameter from the authentication request/response message on the S1-MME interface is:
第一步, 输入针对某个 UE的鉴权请求(Authentication request)和 鉴权响应(Authentication response)消息对, 从鉴权请求消息中提取 RAND , AUTN , KSIasme 参数信息, 从鉴权响应消息中提取 RES 参数 (Response ); In the first step, an authentication request and an authentication response message pair for a certain UE are input, and the authentication request message is extracted from the authentication request message. RAND, AUTN, KSIasme parameter information, extracting the RES parameter (Response) from the authentication response message;
第二步, 利用提取的 RAND, AUTN, RES三个参数一起作为关键值, 在 UE 的鉴权向量数组结构中查找相应的鉴权向量 AV, 其鉴权向量中的 RAND, AUTN, XRES与提取的 RAND, AUTN, RES三个参数分别相等;  In the second step, using the extracted three parameters RAND, AUTN, and RES as key values, the corresponding authentication vector AV is searched in the authentication vector array structure of the UE, and RAND, AUTN, XRES and extraction in the authentication vector are extracted. The three parameters of RAND, AUTN, and RES are equal;
第三步, 判断是否查找到相应鉴权向量 AV,如果没有找到则结束过 程, 否则从鉴权向量中提取 Kasme;  The third step is to determine whether the corresponding authentication vector AV is found, and if not, the process ends; otherwise, the Kasme is extracted from the authentication vector;
第四步, 判断当前 UE 参数中是否有状态为 Not Current 的 NAS— Decryption— Para 数据结构实例, 如果没有则新生成一个该 NAS— Decryption— Para数据结构实例, 其 State成员设置成 Not Current 状态; 否则对该 NAS— Decryption— Para数据结构实例中所有成员进行充 值, 其中 State成员设置成 Not Current状态;  The fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter. If not, a new NAS-Decryption-Para data structure instance is generated, and the State member is set to a Not Current state; Otherwise, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is set to the Not Current state;
第五步, 利用上面提取的参数对 Not Current 状态的 NAS— Decryption— Para数据结构实例进行赋值, KSI等于提取的 KSIasme, Kasme 等于提取的 Kasme , Upl inkNasOverf low , Upl inkNasSQN , Downl inkNasOverflow, Downl inkNasSQN都等于 0, 其他成员为无效值; 第六步, 结束过程。  In the fifth step, the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid values; Step 6, end the process.
6、 如权利要求 1所述的方法, 其特征在于, 从 S1-MME接口上的安 全模式命令 /完成(Security mode command/complete)消息中提取解密参 数的具体处理过程为:  The method according to claim 1, wherein the specific processing of extracting the decryption parameter from the security mode command/complete message on the S1-MME interface is:
第一步, 输入针对某个 UE的安全模式命令(Security mode command) 和安全模式完成(Security modecomplete)消息, 从安全模式命令消息中 提取出 NAS KSI、 Type of chipering algorithm参数, 下行 NAS消息的 计数 Downl ink NAS SN, 从安全模式完成消息中提取上行 NAS 消息计数 (Upl ink NAS SN), 安全模式完成消息的作用是可判断 UE和匪 E实体之 间的 SMC过程成功执行;  The first step is to input a security mode command and a security mode complete message for a certain UE, and extract a NAS KSI, a Type of chipering algorithm parameter, and a downlink NAS message count from the security mode command message. The downlink NAS message SN is extracted from the security mode completion message, and the security mode completion message is used to determine that the SMC process between the UE and the 匪E entity is successfully executed.
第二步, 利用提取的 NAS KSI 在 UE 的参数中查找相应的 NAS— Decryption— Para数据结构实例; 判断是否查找到相应的实例, 如果 没有找到则结束过程, 否则继续执行下一步; 第三步, 查看找到的该 NAS— Decryption— Para数据结构实例的状态, 判断是否为 Current , 如果是则用提取的 Type of chipering algorithm 信息更新该 NAS— Decryption— Para数据结构实例中的 EncryptionID成 员, 用提取的 upl ink Nas SN更新 Upl inkNasOverf low, Upl inkNasSQN 成员, 用提取的 downl ink Nas SN 更新 Downl inkNasOverf low、 Downl inkNasSQN成员, 并用公式 In the second step, the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the parameters of the UE; determine whether the corresponding instance is found, and if not, terminate the process; otherwise, continue to perform the next step; The third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. If yes, update the EncryptionID member in the NAS-Decryption-Para data structure instance with the extracted Type of chipering algorithm information. Update the Upl inkNasOverf low, Upl inkNasSQN member with the extracted upl ink Nas SN, and update the Downl inkNasOverf low, Downl inkNasSQN members with the extracted downl ink Nas SN, and use the formula
Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SN0W) | 0x0 Knasenc=f (Kasme, 0x15 | 0x01 1 0x0001 1 algorithmic! (AES/SN0W) | 0x0
001) 001)
重新计算出 NAS加解密密钥 Knasenc , 结束过程; 否则执行第四步; 第四步, 当在第三步找到的 NAS— Decryption— Para数据结构实例的 状态为 Not Current时, 判断 UE参数是否存在另外的状态为 Current的 NAS— Decryption— Para数据结构实例, 如果存在则删除该实例, 否则继续 执行第五步;  Recalculating the NAS encryption/decryption key Knasenc, ending the process; otherwise, performing the fourth step; Fourth, when the state of the NAS-Decryption-Para data structure instance found in the third step is Not Current, determining whether the UE parameter exists The other state is the Current NAS-Decryption-Para data structure instance, if it exists, delete the instance, otherwise continue to the fifth step;
第五步, 禾 II用提耳又的 Type of chipering algorithm信息设置查找 到的状态为 Not Current 的 NAS— Decryption— Para 数据结构实例成员 EncryptionID, 用前述公式计算出成员 Knasenc , 并将将该实例的状态 State设置成 Current;  In the fifth step, Wo II uses the Type of chipering algorithm information of the Tier to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc by the above formula, and will State State is set to Current;
第六步, 结束过程。  The sixth step is to end the process.
7、 如权利要求 1所述的方法, 其特征在于, 对加密 NAS消息进行解 密采用如下的方式:  7. The method according to claim 1, wherein the decrypting the encrypted NAS message is as follows:
第一步, 输入针对某个 UE的加密 NAS消息, 即该 NAS消息头里的 Security header type字段等于 0010或 0100, 以及该 NAS消息的上下 行方向;  The first step is to input an encrypted NAS message for a UE, that is, the Security header type field in the NAS header is equal to 0010 or 0100, and the uplink and downlink direction of the NAS message;
第二步, 判断当前该 UE 的参数中是否含有状态为 Current 的 NAS— Decryption— Para数据结构实例, 如果不存在则直接结束过程; 否则 继续执行下一步;  In the second step, it is determined whether the current parameter of the UE contains a NAS-Decryption-Para data structure instance with a status of Current, and if not, the process is directly terminated; otherwise, the next step is continued;
第三步, 对输入的 NAS消息计算出加密部分的长度 (Length) ; 提取 出 NAS消息头里的 SN参数,并利用输入的 NAS消息上下行信息对 Current 状态的 NAS— Decryption— Para数据结构实例中的消息计数相关成员赋值; 利用公式 The third step is to calculate the length of the encrypted part (Length) for the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance. The message count in the relevant member assignment; Using formula
COUNT : = 0x00 I I NAS OVERFLOW | | NAS SQN  COUNT : = 0x00 I I NAS OVERFLOW | | NAS SQN
计算出 NAS Count , 其中, NAS SQN为 COUNT的最后 8比特, 该值在 每个 NAS消息中传输, NAS OVERFLOW为 COUNT中间 16比特, 当 NAS SQN 值累加溢出时, NAS OVERFLOW就加 1 ;  Calculate the NAS Count, where NAS SQN is the last 8 bits of COUNT, the value is transmitted in each NAS message, and NAS OVERFLOW is the middle 16 bits of COUNT. When the NAS SQN value overflows, NAS OVERFLOW is incremented by 1;
第四步, 利用 Current状态的 NAS— Decryption— Para数据结构实例 中 Knasenc , NAS消息加密部分的长度 Length, 计算出的 NAS Count , 输入的 NAS消息上下行信息, Current状态的 NAS— Decryption— Para数据 结构实例中 EncryptionID指定的算法计算出密钥流 KEY STREAM;  The fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data. The algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM;
第五步, 利用计算出的密钥流 KEY STREAM与 NAS消息的加密部分进 行按比特异或运算, 完成 NAS 消息加密部分的解密, 输入解密后的 NAS 消息明文;  In the fifth step, the calculated key stream KEY STREAM and the encrypted portion of the NAS message are subjected to a bitwise exclusive OR operation to complete the decryption of the encrypted portion of the NAS message, and input the decrypted NAS message plaintext;
第六步, 结束解密过程。  The sixth step ends the decryption process.
8、 一种 LTE协议监测分析中对 NAS信令解密处理的设备, 其特征在 于, 包括:  8. A device for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, characterized in that:
NAS消息解密参数提取模块,用于从 S1-匪 E接口上与 UE安全相关的 NAS消息中提取 NAS解密需要的参数及 UE标识信息, 及从 S6a接口上与 UE安全相关的 diameter消息中提取 NAS解密需要的参数及 UE标识信息, 或从 S10接口上与 UE安全相关的 GTPv2-C消息中提取 NAS解密需要的参 数及 UE标识信息;  The NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to the UE security on the S1-匪E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from a GTPv2-C message related to UE security on the S10 interface;
NAS消息解密参数存储维护模块,用于对输入的 NAS消息解密参数进 行存储维护, 以及根据相关参数进行推导计算出其他 NAS解密参数; The NAS message decryption parameter storage maintenance module is configured to perform storage and maintenance on the input NAS message decryption parameter, and derivate and calculate other NAS decryption parameters according to relevant parameters;
NAS消息解密执行模块,用于根据从 NAS解密参数存储维护模块输出 的参数及加密 NAS消息本身的参数信息实现对输入的加密 NAS消息的解 密。 The NAS message decryption execution module is configured to implement decryption of the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
PCT/CN2012/082089 2011-12-30 2012-09-26 Decryption device and method for nas signalling in lte protocol monitoring and analysis WO2013097504A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110456334.6 2011-12-30
CN201110456334.6A CN102438241B (en) 2011-12-30 2011-12-30 To NAS signaling decryption device and method in a kind of LTE protocol monitoring analysis

Publications (1)

Publication Number Publication Date
WO2013097504A1 true WO2013097504A1 (en) 2013-07-04

Family

ID=45986076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/082089 WO2013097504A1 (en) 2011-12-30 2012-09-26 Decryption device and method for nas signalling in lte protocol monitoring and analysis

Country Status (2)

Country Link
CN (1) CN102438241B (en)
WO (1) WO2013097504A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208672A (en) * 2014-05-26 2015-12-30 北京信威通信技术股份有限公司 Channel information management method used for EPS network structure

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102438241B (en) * 2011-12-30 2016-03-16 北京中创信测科技股份有限公司 To NAS signaling decryption device and method in a kind of LTE protocol monitoring analysis
CN102665231B (en) * 2012-05-23 2015-02-18 北京中创信测科技股份有限公司 Method of automatically generating parameter configuration file for LTE (Long Term Evolution) system
CN102892112A (en) * 2012-09-10 2013-01-23 北京中创信测科技股份有限公司 Decryption device and method for radio resource control (RRC) signaling
CN104038934B (en) * 2014-06-30 2017-08-08 武汉虹信技术服务有限责任公司 The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network
CN105376792B (en) * 2014-08-19 2019-10-08 中国移动通信集团山西有限公司 A kind of S1 Interface User device context management monitoring method and device
CN104539587A (en) * 2014-12-09 2015-04-22 中国电子科技集团公司第十五研究所 Thing access and group interaction method used for Internet of things
CN104640107B (en) * 2014-12-09 2019-01-15 北京电旗通讯技术股份有限公司 NAS layers of ciphertext recognition methods of S1-MME interface in a kind of multiplex roles cooperation decryption LTE
CN106961681A (en) * 2017-02-10 2017-07-18 北京浩瀚深度信息技术股份有限公司 Multiplex roles cipher key processing method and device inside a kind of LTE system
CN108738015B (en) * 2017-04-25 2021-04-09 华为技术有限公司 Network security protection method, equipment and system
CN109120572A (en) * 2017-06-22 2019-01-01 中兴通讯股份有限公司 SIP signaling decryption method, device, system and computer readable storage medium
CN109982260B (en) * 2019-03-08 2021-01-26 杭州迪普科技股份有限公司 Signaling decryption method and device, electronic equipment and machine-readable storage medium
CN112073176B (en) * 2019-06-11 2022-03-11 大唐移动通信设备有限公司 Key updating method and device
CN110719302A (en) * 2019-12-12 2020-01-21 武汉绿色网络信息服务有限责任公司 Method and device for detecting signaling storm attack of Internet of things
CN111030876B (en) * 2019-12-25 2022-05-06 武汉绿色网络信息服务有限责任公司 NB-IoT terminal fault positioning method and device based on DPI
CN116684864B (en) * 2023-08-03 2023-11-03 武汉博易讯信息科技有限公司 4G-to-5G switching scene NAS decryption method, system, equipment and readable medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100272263A1 (en) * 2009-04-27 2010-10-28 Motorola, Inc. Decrypting a nas message traced to an e-utran
CN102300210A (en) * 2011-09-01 2011-12-28 重庆中天重邮通信技术有限公司 Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device
CN102438241A (en) * 2011-12-30 2012-05-02 北京中创信测科技股份有限公司 Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100272263A1 (en) * 2009-04-27 2010-10-28 Motorola, Inc. Decrypting a nas message traced to an e-utran
CN102300210A (en) * 2011-09-01 2011-12-28 重庆中天重邮通信技术有限公司 Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device
CN102438241A (en) * 2011-12-30 2012-05-02 北京中创信测科技股份有限公司 Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208672A (en) * 2014-05-26 2015-12-30 北京信威通信技术股份有限公司 Channel information management method used for EPS network structure
CN105208672B (en) * 2014-05-26 2019-02-22 北京信威通信技术股份有限公司 A kind of channel information management method for the EPS network architecture

Also Published As

Publication number Publication date
CN102438241A (en) 2012-05-02
CN102438241B (en) 2016-03-16

Similar Documents

Publication Publication Date Title
WO2013097504A1 (en) Decryption device and method for nas signalling in lte protocol monitoring and analysis
EP3576446B1 (en) Key derivation method
CN110493774B (en) Key configuration method, device and system
RU2728893C1 (en) Method of implementing safety, device and system
US9060270B2 (en) Method and device for establishing a security mechanism for an air interface link
KR101583234B1 (en) Methods and apparatuses for enabling non-access stratum(nas) security in lte mobile units
US9071962B2 (en) Evolved packet system non access stratum deciphering using real-time LTE monitoring
EP3340690B1 (en) Access method, device and system for user equipment (ue)
TWI332345B (en) Security considerations for the lte of umts
US20170359719A1 (en) Key generation method, device, and system
US11627458B2 (en) Key derivation algorithm negotiation method and apparatus
EP2529566B1 (en) Efficient terminal authentication in telecommunication networks
WO2019096075A1 (en) Method and apparatus for message protection
US20200228977A1 (en) Parameter Protection Method And Device, And System
EP3284276B1 (en) Security improvements in a cellular network
WO2019017837A1 (en) Network security management method and apparatus
US20200275276A1 (en) Security Protection Method and Apparatus
US10004017B2 (en) Switching method and switching system between heterogeneous networks
CN108293183B (en) Handover between E-UTRAN and WLAN
EP2648437B1 (en) Method, apparatus and system for key generation
WO2021063304A1 (en) Communication authentication method and related device
KR20100021384A (en) Non -access stratum protocol management method and system in mobile telecommunication system
WO2012022190A1 (en) Notifying key method for multi-system core network and multi-system network
WO2011054147A1 (en) Method, device and communication system for service processing
KR20130073728A (en) Authentication apparatus and method for long term evolution system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12863831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12863831

Country of ref document: EP

Kind code of ref document: A1