CN100550902C - A kind of method of improved IP Multimedia System Authentication and Key Agreement - Google Patents
A kind of method of improved IP Multimedia System Authentication and Key Agreement Download PDFInfo
- Publication number
- CN100550902C CN100550902C CNB200510069328XA CN200510069328A CN100550902C CN 100550902 C CN100550902 C CN 100550902C CN B200510069328X A CNB200510069328X A CN B200510069328XA CN 200510069328 A CN200510069328 A CN 200510069328A CN 100550902 C CN100550902 C CN 100550902C
- Authority
- CN
- China
- Prior art keywords
- control function
- function unit
- conversation control
- call conversation
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The method of a kind of improved IP Multimedia System Authentication and Key Agreement of the present invention said method comprising the steps of: the correctness of subscriber equipment check MAC Address, if authentication failed, the user refuses network; Otherwise the user continues to verify SQN or the RN that is included in the authentication marks
IdxWhether can accept; If check successfully, subscriber equipment will calculate RES and send to Proxy Call Session Control Function so, and subscriber equipment also calculates encryption key and Integrity Key simultaneously; Proxy Call Session Control Function sends to the query call conversation control function to message, and wherein the query call conversation control function requires home subscriber servers to provide the address of service call conversation control function; The query call conversation control function sends to service call conversation control function to RES.The inventive method has been eliminated redirection attack, network spoofing and the sequence number difficult management of prior art, has improved fail safe.
Description
Technical field
The present invention relates to the Authentication and Key Agreement method in the communication field, in particular, the method for the Authentication and Key Agreement of a kind of improved IP Multimedia System in the communication field (IMS AKA).
Background technology
3G (Third Generation) Moblie partnership project (3GPP) is being carried out the definition work based on the standard of the 3G (Third Generation) Moblie of WCDMA, and this standard can provide the high-speed mobile communications business based on circuit domain and packet domain.In order to ensure IP in fixed network, mobile network in real time, the interoperability of non-real-time service, 3GPP is organized in and has defined IP Multimedia System (IP multimedia subsystem is hereinafter to be referred as IMS) on the packet domain.In IMS, Authentication and Key Agreement adopts and the similar mechanism of UMTS (general mobile land system) Authentication and Key Agreement (AKA), and it is a request/response protocol.Authentication and Key Agreement among the IMS is called as IMS AKA, and it provides two-way authentication between user and the IMS to strengthen the access security ability of IMS network.
The flow process of the IMS AKA of prior art is such:
(1). user equipment (UE) sends a Session initiation Protocol session initiation protocol registration information to Proxy Call Session Control Function P-CSCF, wherein comprises the open identity IMPU of privately owned identity IMPI of IP multimedia and IP multimedia.P-CSCF and query call conversation control function I-CSCF send to service call conversation control function S-CSCF to session initiation protocol registration message.
(2) .S-CSCF is to home subscriber servers HSS request authentication vector.
(3) .HSS transmission Ciphering Key responds to S-CSCF, and each Ciphering Key comprises following element: a random number RA ND, the response XRES of an expectation, an encryption key CK, an Integrity Key IK and an authentication marks AUTN.
(4) .S-CSCF sends authentication request to UE, comprises random number RA ND, authentication marks AUTN, encryption key CK and Integrity Key IK.P-CSCF stores these keys, and random number RA ND and authentication marks AUTN are sent to UE.
(5) .UE receives AUTN, and comprising MAC and SQN, UE calculates XMAC, and checks whether XMAC equals MAC and SQN is in correct scope.If these checks are successful, UE will calculate RES so, and send to P-CSCF.UE calculates CK and IK simultaneously.P-CSCF sends to I-CSCF to message, and wherein I-CSCF requires HSS to provide the address of S-CSCF.Then, I-CSCF sends to S-CSCF to RES.
(6) .S-CSCF obtains XRES, and the RES that it and UE are sent is compared, if identical, authentification of user network success so.
There is following defective in this agreement of prior art:
(1). be subjected to redirection attack easily
Suppose user and P-CSCF in visit net, and the assailant just operating the equipment that base station functions is arranged, false base station, it broadcasts the identity of HSS this equipment for we.In case the assailant has intercepted connection from the user, he just lures the user to quarter on the wireless channel of false base station.The assailant sends connection request with user identity to the visit net that he selects then, and transmits information between user and S-CSCF faithfully.User side and S-CSCF authentication all will be successfully, by the cryptographic key protection communication of setting up.In this way, the assailant can be redirected customer service and be flow to non-purpose network.
(2). the active attack in the net of easily being damaged
Destroyed when a network, the assailant can eavesdrop and destroy the information that network sends or receives, and can forge authentication data request and send to home network by destroying network.Can obtain the Ciphering Key of Any user in this way, not limited by user's physical location.The assailant also can imitate any subscriber who destroys network.And can use the Ciphering Key imitation of acquisition to destroy network.By the authentication data request that floods to HSS, the assailant can impel counter SQN
HSSReach peak.Because SQN
HSSMaximum limited, can shorten lifetime of mobile radio station like this.
(3). the sequence number difficult management
Sequence number is by counter SQN
HSSProduce SQN
ISIMChecking, SQN
HSSIn home network, SQN
ISIMAt mobile radio station.Two counters do not match and may be caused by the home network failure, i.e. SQN
HSS<SQN
ISIMAt this moment will abandon Ciphering Key, the heavy SQN that adjusts synchronously of initialization
HSSValue.As long as sequence number is incorrect, the user just judges the home network synchronization failure, to the heavy synchronization request of home network initialization.This may cause false heavy synchronization request.Because sequence number does not necessarily just mean counter SQN in correct scope
HSSFailure also may be caused by assailant a pair of RAND and the AUTN with mistake that reset, and Ciphering Key also may cause synchronization failure in the unordered use of S-CSCF, yet the user can not be distinguished the real causes of sequence number errors.And the weight of forging increased the overhead of signaling synchronously, and may delete untapped Ciphering Key.
Therefore, there is defective in prior art, and awaits improving and development.
Summary of the invention
The object of the present invention is to provide a kind of method of improved IP Multimedia System Authentication and Key Agreement, overcome the deficiency of above-mentioned prior art IMS AKA agreement, be redirection attack, network spoofing and sequence number difficult management, propose a kind of safer method of Authentication and Key Agreement more easily.
The technical scheme of method of the present invention is as follows:
A kind of method of improved IP Multimedia System Authentication and Key Agreement said method comprising the steps of: 0
(1). subscriber equipment sends a session initiation protocol registration information to Proxy Call Session Control Function, wherein comprise the open identity of privately owned identity of IP multimedia and IP multimedia, Proxy Call Session Control Function and query call conversation control function send to service call conversation control function to session initiation protocol registration message;
(2). the request of service call conversation control function hair user data is to Proxy Call Session Control Function, and Proxy Call Session Control Function sends first random number to subscriber equipment then;
(3). described subscriber equipment returns a response, sends second random number and message authentication code to service call conversation control function through Proxy Call Session Control Function and query call conversation control function;
(4). after receiving the user data response, service call conversation control function is to the home subscriber servers request authentication data of home network;
(5). the correctness of the message authentication code that described home subscriber servers checking is received, if be proved to be successful, return a collection of Ciphering Key and give service call conversation control function;
(6). service call conversation control function sends authentication request to subscriber equipment, comprise the 3rd random number, authentication marks, encryption key and Integrity Key, Proxy Call Session Control Function is stored these keys, and the 3rd random number and authentication marks are sent to subscriber equipment;
(7). the correctness of subscriber equipment check MAC Address, if authentication failed, the user refuses network; Otherwise the user continues to verify SQN or the RN that is included in the authentication marks
IdxWhether can accept; If check successfully, subscriber equipment will calculate RES and send to Proxy Call Session Control Function so, and subscriber equipment also calculates encryption key and Integrity Key simultaneously; Proxy Call Session Control Function sends to the query call conversation control function to message, and wherein the query call conversation control function requires home subscriber servers to provide the address of service call conversation control function; The query call conversation control function sends to service call conversation control function to RES;
(8). service call conversation control function obtains Expected Response, and the RES that it and subscriber equipment are sent is compared, if identical, authentification of user success so.
Described method, wherein, described each Ciphering Key comprises following element: described the 3rd random number, Expected Response, encryption key, Integrity Key, and authentication marks.
Described method, wherein, described resist to reset two kinds of methods are arranged: as use SQN mechanism, then check SQN; As use RN
IdxMechanism is then checked RN
Idx
The method of a kind of improved IP Multimedia System Authentication and Key Agreement provided by the present invention is because network passes through U
MACAnd the RES authenticated user, the user is by MAC and RN
IdxThe checking network, if be proved to be successful, the user just can guarantee network or its home network so, or the visit net of being verified by home network; And, by checking RN
Idx, the user guarantees that Ciphering Key is predetermined by this visit net, and does not have usedly in the past, can remove sequence number thus, gets rid of synchronously heavy; Resist redirection attack; Resist the destruction web influence, compare, well improved its three defectives with existing IMS AKA: redirection attack, network spoofing and sequence number difficult management, improved fail safe.
Description of drawings
Fig. 1 is an improved IMS AKA agreement schematic flow sheet of the present invention.
Embodiment
Below in conjunction with accompanying drawing the enforcement that improves protocol scheme is described in further detail.
The method of improved IP Multimedia System Authentication and Key Agreement of the present invention, as shown in Figure 1, it may further comprise the steps:
(1). subscriber equipment sends a session initiation protocol registration information to Proxy Call Session Control Function, wherein comprises the open identity of privately owned identity of IP multimedia and IP multimedia.Proxy Call Session Control Function and query call conversation control function send to service call conversation control function to session initiation protocol registration message; If the open identity IMPU of IP multimedia does not register in S-CSCF, S-CSCF is made as registered symbol uncertainly in HSS so, this means that the initialization registration carries out or do not complete successfully.If IMPU is registered, S-CSCF is arranged to registered to registered symbol so.Whether HSS detection IMPI and IMPU belong to same user simultaneously;
(2). service call conversation control function hair user data request user data request is to Proxy Call Session Control Function, and Proxy Call Session Control Function sends the first random number FRESH to subscriber equipment then;
(3). subscriber equipment returns a response user data response, sends the second random number R N and message authentication code U through Proxy Call Session Control Function and query call conversation control function
MACGive service call conversation control function, wherein U
MAC=F
k(FRESH||RN||ID
SN);
(4). after receiving the user data response, service call conversation control function comprises ID to the home subscriber servers HSS of home network request authentication data Authentication data request
U, FRESH, RN, U
MAC
(5). the U that home subscriber servers HSS checking is received
MACCorrectness, if authentication failed, HSS returns a refusal notice, comprises ID
U, in a single day FRESH and RN. have notice, the S-CSCF refusal.If be proved to be successful, return a collection of Ciphering Key and give service call conversation control function S-CSCF, (RAND, XRES, IK, CK, AUTN) ....Each Ciphering Key comprises following element: one the 3rd random number RA ND, Expected Response XRES, encryption key CK, Integrity Key IK and authentication token string AUTH, wherein XRES=F
k(RAND), IK=G
k(RAND), CK=G
k /(RAND), AUTN=idx||RN
Idx|| MAC, 1≤idx≤m, RN
Idx=H
k(idx||RN), MAC=F
k(RAND||idx||RN
Idx);
(6). service call conversation control function sends authentication request Auth_request to subscriber equipment, comprises random number RA ND, authentication marks AUTN, encryption key CK and Integrity Key IK.Proxy Call Session Control Function is stored these keys, and random number RA ND and authentication marks AUTN are sent to subscriber equipment;
(7). the correctness of subscriber equipment check MAC, if authentication failed, the user refuses network.Otherwise the user continues to verify SQN or the RN that is included among the AUTN
IdxWhether can accept.If check successfully, subscriber equipment will calculate RES, RES=F so
k(RAND) and send user authentication response to Proxy Call Session Control Function P-CSCF.Subscriber equipment also calculates encryption key and Integrity Key simultaneously; Proxy Call Session Control Function sends to the query call conversation control function to message, and wherein the query call conversation control function requires HSS to provide the address of service call conversation control function.Then, the query call conversation control function sends to service call conversation control function to RES;
Resist anti-the playback herein two kinds of methods arranged:
1. use SQN mechanism, then check SQN
2. use RN
IdxMechanism is checked RN
Idx
(8). service call conversation control function obtains XRES, and the RES that it and subscriber equipment are sent is compared, if identical, authentification of user success so; If etc., then do not refuse.
In the method for the invention, network passes through U
MACAnd the RES authenticated user, the user is by MAC and RN
IdxThe checking network.If be proved to be successful, the user just can guarantee network or its home network so, or the visit net of being verified by home network.And, by checking RN
Idx, the user guarantees that Ciphering Key is predetermined by this visit net, and does not use in the past.
Below explain technique effect of the present invention:
1. remove sequence number, get rid of synchronously heavy
Use RN
IdxCan resist Replay Attack, avoid the synchronization mechanism of UMTS AKA.RN
IdxVerification method as follows: each RN
IdxCan only be with once, each RN
IdxAs a nonce.User side is safeguarded a unworn nonce tabulation, and each tabulation is by the ID of network
SNPoint out.After receiving user data requests, the user uses RN and U
MACResponse.The user calculates nonce response order RN then
Idx=H
k(idx||RN), and the nonce of this calculating be added to ID
NiIn the tabulation of indication.The RN that receives when user rs authentication
IdxThe time, whether only need check RN
IdxAt ID
NiIn the tabulation of indication.If do not exist, RN
IdxUnacceptable; Otherwise, can accept.Accepting under the situation, the user is RN
IdxDeletion from tabulation.
2. resist the effect of redirection attack
The user safeguards (RN, an ID in his database
SN) record.By checking U
MAC, home network guarantees that the user is really at his visit net.When producing Ciphering Key, home network is inserted RN
IdxIn Ciphering Key, RN
IdxBe that RN adds an index.After receiving the Ciphering Key request, the user judges what whether this vector was sent by its visit net, because the user can verify the RN that comprises in whether asking
IdxBe to derive from the RN that sends to S-CSCF.Therefore, this method can be resisted redirection attack, has improved the defective of original IMS AKA.
3. resist the effect of destroying web influence
Suppose that the visit net is destroyed, the assailant can listen to the information of any transmission and acceptance, and the information of making up sends to S-CSCF.But because assailant's access authentication vector, he just can imitate the visit net and the user sets up communication session certainly.He also can imitate any subscriber of visit net.The home network of now supposing user U does not have to destroy, and user U roams into a visit net that does not have destruction.Want analog subscriber U, the assailant must send it back a correct response RES according to authentication request.Yet the user can not obtain RES from destroying net, transmits between HSS and S-CSCF because comprise the Ciphering Key of RES, does not relate to the visit net, so the assailant can't analog subscriber.Next whether, having a look the assailant can analog network, have two kinds may:
A. suppose that the user visited in the past and destroy network and assailant the Ciphering Key of not using that it was scheduled to is arranged.The assailant can use these Ciphering Key simulation visited network so.With to resist redirection attack similar, not that not destroy network predetermined because the user can verify out Ciphering Key, simulation will be failed.
B. suppose that the assailant does not have user's Ciphering Key, the assailant is by sending FRESH and ID
SNBegin authentication to the user, the user uses RN and U
MACResponse.The assailant is the consumer premise Ciphering Key by destroying network then.Yet by checking U
MAC, HSS can judge the user not in not destroying network, refuses this request.
Adopt this method, compare, well improved its three defectives with existing IMS AKA: redirection attack, network spoofing and sequence number difficult management, improved fail safe.
Should be understood that the above-mentioned description at specific embodiment of the present invention is comparatively concrete, can not therefore be interpreted as the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.
Claims (3)
1, a kind of method of improved IP Multimedia System Authentication and Key Agreement said method comprising the steps of:
(1). subscriber equipment sends a session initiation protocol registration message to the Proxy Call Session Control Function unit, wherein comprise the open identity of privately owned identity of IP multimedia and IP multimedia, Proxy Call Session Control Function unit and query call conversation control function unit send to the service call conversation control function unit to session initiation protocol registration message;
(2). the hair user data request of service call conversation control function unit is to the Proxy Call Session Control Function unit, and the Proxy Call Session Control Function unit sends first random number to subscriber equipment then;
(3). described subscriber equipment returns a response, sends second random number and message authentication code to the service call conversation control function unit through Proxy Call Session Control Function unit and query call conversation control function unit;
(4). after receiving the user data response, the service call conversation control function unit is to the home subscriber servers request authentication data of home network;
(5). the correctness of the message authentication code that described home subscriber servers checking is received, if be proved to be successful, return a collection of Ciphering Key and give the service call conversation control function unit;
(6). the service call conversation control function unit sends authentication request to subscriber equipment, comprise the 3rd random number, authentication marks, encryption key and Integrity Key, these keys are stored in the Proxy Call Session Control Function unit, and the 3rd random number and authentication marks are sent to subscriber equipment;
(7). the correctness of subscriber equipment check MAC Address, if authentication failed, the user refuses network; Otherwise the user continues to verify SQN or the RN that is included in the authentication marks
IdxWhether can accept; If check successfully, subscriber equipment will calculate RES and send to the Proxy Call Session Control Function unit so, and subscriber equipment also calculates encryption key and Integrity Key simultaneously; The Proxy Call Session Control Function unit sends to query call conversation control function unit to message, and wherein query call conversation control function unit requires home subscriber servers to provide the address of service call conversation control function unit; Query call conversation control function unit sends to the service call conversation control function unit to RES, and wherein SQN is a sequence number, RN
IdxBe the response order, RES is response;
(8). the service call conversation control function unit obtains Expected Response, and the RES that it and subscriber equipment are sent is compared, if identical, authentification of user success so.
2, method according to claim 1 is characterized in that, described each Ciphering Key comprises following element: the 3rd random number, Expected Response, encryption key, Integrity Key, and authentication marks.
3, method according to claim 2 is characterized in that, resisting resets two kinds of methods: as use SQN mechanism, then check SQN; As use RN
IdxMechanism is then checked RN
Idx
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510069328XA CN100550902C (en) | 2005-05-13 | 2005-05-13 | A kind of method of improved IP Multimedia System Authentication and Key Agreement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510069328XA CN100550902C (en) | 2005-05-13 | 2005-05-13 | A kind of method of improved IP Multimedia System Authentication and Key Agreement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1863194A CN1863194A (en) | 2006-11-15 |
| CN100550902C true CN100550902C (en) | 2009-10-14 |
Family
ID=37390522
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510069328XA Expired - Fee Related CN100550902C (en) | 2005-05-13 | 2005-05-13 | A kind of method of improved IP Multimedia System Authentication and Key Agreement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100550902C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101013937A (en) * | 2007-02-08 | 2007-08-08 | 华为技术有限公司 | Method and apparatus for preventing media proxy from hacker attack |
| CN101119381B (en) * | 2007-09-07 | 2013-01-16 | 中兴通讯股份有限公司 | Method and system for preventing playback attack |
| CN101527632B (en) * | 2008-03-06 | 2011-12-28 | 华为技术有限公司 | Method, device and system for authenticating response messages |
| CN101729532B (en) * | 2009-06-26 | 2012-09-05 | 中兴通讯股份有限公司 | Method and system for transmitting delay media information of IP multimedia subsystem |
| CN101626572B (en) * | 2009-08-05 | 2011-12-07 | 中兴通讯股份有限公司 | Information authentication method and information authentication system of transmission device management service |
| CN105827661B (en) * | 2016-05-31 | 2020-05-19 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for secure communication |
-
2005
- 2005-05-13 CN CNB200510069328XA patent/CN100550902C/en not_active Expired - Fee Related
Non-Patent Citations (1)
| Title |
|---|
| US2003/0204608A1 2003.10.30 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1863194A (en) | 2006-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lin et al. | One-pass GPRS and IMS authentication procedure for UMTS | |
| US7933591B2 (en) | Security in a mobile communications system | |
| US8457597B2 (en) | Method for authenticating a mobile unit attached to a femtocell that operates according to code division multiple access | |
| CN101272251B (en) | Authentication and cryptographic key negotiation method, authentication method, system and equipment | |
| EP2347613B1 (en) | Authentication in a communication network | |
| CN101030854B (en) | Method and apparatus for inter-verifying network between multi-medium sub-systems | |
| US8230035B2 (en) | Method for authenticating mobile units attached to a femtocell that operates according to code division multiple access | |
| CN100550902C (en) | A kind of method of improved IP Multimedia System Authentication and Key Agreement | |
| CN102006294A (en) | IP multimedia subsystem (IMS) multimedia communication method and system as well as terminal and IMS core network | |
| CN101640887A (en) | Authentication method, communication device and communication system | |
| Zhang et al. | Dynamic group based authentication protocol for machine type communications | |
| WO2009045310A2 (en) | Method for authenticating a mobile unit attached to a femtocell that operates according to code division multiple access | |
| Cao et al. | UPPGHA: Uniform Privacy Preservation Group Handover Authentication Mechanism for mMTC in LTE‐A Networks | |
| Sharma et al. | Improved IP multimedia subsystem authentication mechanism for 3G-WLAN networks | |
| US20040043756A1 (en) | Method and system for authentication in IP multimedia core network system (IMS) | |
| CN100459804C (en) | Device, system and method of authenticating when terminal to access second system network | |
| Ahmadian et al. | New attacks on UMTS network access | |
| CN107454045A (en) | A kind of method, apparatus and system of the certification of user's IMS registration | |
| CN101198148B (en) | Information distribution method for mobile terminal | |
| CN1802029A (en) | Method and apparatus for realizing bidirectional authentication of terminal and network using SIM card | |
| CN101651677A (en) | Method for solving IMS network DNS spoofing attack based on chaos encryption algorithm | |
| CN105704716A (en) | VoWi-Fi network access method and device | |
| CN101232707B (en) | Method for distinguishing subscriber terminal authority identifying type in IMS network and I-CSCF | |
| RU2384018C2 (en) | Expansion of signaling communications protocol | |
| CN101662475A (en) | Authentication method of accessing WAPI terminal into IMS network, system thereof and terminal thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091014 Termination date: 20190513 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |