CN101406024A - Security considerations for the LTE of UMTS - Google Patents

Security considerations for the LTE of UMTS Download PDF

Info

Publication number
CN101406024A
CN101406024A CNA2007800101388A CN200780010138A CN101406024A CN 101406024 A CN101406024 A CN 101406024A CN A2007800101388 A CNA2007800101388 A CN A2007800101388A CN 200780010138 A CN200780010138 A CN 200780010138A CN 101406024 A CN101406024 A CN 101406024A
Authority
CN
China
Prior art keywords
authentication
key
counter
parameters
mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007800101388A
Other languages
Chinese (zh)
Inventor
帕特里克·菲施勒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LG Electronics Inc
Original Assignee
LG Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LG Electronics Inc filed Critical LG Electronics Inc
Publication of CN101406024A publication Critical patent/CN101406024A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key.

Description

The safety of the LTE of UMTS is considered
According to 35 U.S.C. § 119 (e), 60/797,459 the priority that the application requires the temporary patent application of submitting on March 22nd, 2,006 60/785,148 and submitted on May 3rd, 2006 is incorporated into this in the mode of quoting as proof with its full content.
Technical field
Present invention relates in general to wireless communication system, specifically, relate to the method for give information protection and transmission key value.
Background technology
Universal Mobile Telecommunications System (UMTS:universal mobile telecommunicationssystem) is the third generation (3G) asynchronous mobile communiation system of work in based on the WCDMA (WCDMA:wideband code division multipleaccess) of European system, global system for mobile communications (GSM:global system formobile communications) and GPRS (GPRS:general packetradio services).
The Long Term Evolution of UMTS (LTE:long term evolution) is in UMTS is carried out in the discussion of standardized third generation partner program (3GPP:3rd generation partnershipproject).3GPP LTE is a technology of supporting high speed packet communication.Proposed a lot of schemes for the LTE target, the target of these schemes comprises and reduces user cost and supplier's cost, improves service quality and expand and improve coverage and power system capacity.As the upper strata requirement, 3G LTE requires the flexible use that reduces every bit cost, increases service availability, frequency band, simple structure, open interface and sufficient power consumption of terminal.In general, in a sub-district, dispose a Node B (NodeB).A plurality of subscriber equipmenies (UE) can be arranged in a sub-district.
Fig. 1 is the block diagram of the network configuration of Universal Mobile Telecommunications System (E-UMTS) that evolution is shown.E-UMTS also can be described as the LTE system.This communication network is widely deployed as provides various communication services (for example, speech business and Packet data service).
As shown in Figure 1, the E-UMTS network comprises evolution UMTS Terrestrial radio access network network (E-UTRAN:Evolved UMTS Terrestrial Radio Access Network) and core network (CN:Core Network).E-UTRAN can comprise one or more enode b (eNodeB) 20.CN can comprise the node 10 that is used for registered user's equipment (UE) and be positioned at network end-point and be connected to one or more E-UTRAN IAD (AG:Access Gateway) 30 of external network.
As used herein, " descending " is meant from the communication of eNodeB 20 to UE 10, and " up " is meant the communication from UE to eNodeB.UE 10 is meant the communication equipment that the user carries, and can also refer to travelling carriage (MS:mobile station), user terminal (UT:user terminal), subscriber board (SS:subscriber station) or wireless device.
ENodeB 20 provides the end points of user's face and chain of command to UE 10.AG 30 provides session endpoint and mobile management function to UE10.ENodeB can be connected via the S1 interface with AG.
The fixed station that eNodeB normally communicates by letter with UE, and can also refer to base station (BS:basestation) or access point.An eNodeB can be disposed in each sub-district.Can between eNodeB, be used to send the interface of subscriber traffic or control traffic carrying capacity.
AG 30 also is called Mobility Management Entity/user entity (MME/UPE).AG can be divided into the part of carrying out the subscriber traffic processing and carry out the part that the control traffic carrying capacity is handled.Can utilize new interface between the AG of AG that carries out the subscriber traffic processing and the processing of execution control traffic carrying capacity, to carry out new traffic.
Can use the interface that E-UTRAN and CN are distinguished.A plurality of nodes can be connected between eNodeB 20 and the AG 30 via the S1 interface.ENodeB can be connected to each other via X2, and adjacent eNodeB can have the mesh network topology that comprises X2 interface.
Fig. 2 is a block diagram of describing the framework of typical E-UTRAN.In the figure, eNB 20 can carry out following function, that is, select IAD (AG) 30, between Radio Resource control (RRC:Radio Resource Control) active period to AG provide route, scheduling and transmission beep-page message, scheduling and transmission broadcast channel (BCCH:Broadcast Channel) information, uplink and downlink to UE dynamic assignment resource, dispose and provide that eNB measures, radio bearer control, wireless permission control (RAC:radio admission control) and the LTE_ACTIVE state mobility that is connected down control.
In E-UTRAN; AG 30 can carry out following function; that is, paging is started, the encryption of LTE-IDLE condition managing, user's face, is supported the encryption and the integrity protection of PDCP (PDCP:Packet DataConvergence Protocol) function, System Architecture Evolution (SAE:System ArchitectureEvolution) carrying control and Non-Access Stratum (NAS:Non-Access Stratum) signaling.
Fig. 3 and Fig. 4 describe the user face protocol stack of E-UTRAN and the block diagram of chain of command protocol stack.In these figure, according to following three layers of known Open System Interconnection (OSI:openinterconnection) master pattern in the field of wireless communications, protocol layer can be divided into ground floor (L1), the second layer (L2) and the 3rd layer (L3).
Physical layer (ground floor) utilizes physical channel to provide information transfer service to last layer.Physical layer is connected to medium access control (MAC:medium accesscontrol) layer that is positioned at last layer via transmission channel, and the data between MAC layer and the physical layer transmit via transmission channel.Between different physical layers (that is, between the transmitter side and receiver side of physical layer), transmit data via physical channel.
The MAC layer of layer 2 provides professional via logic channel to Radio Link control (RLC:Radio LinkControl) layer (last layer).The reliable transfer of data of rlc layer support of layer 2.It should be noted that the rlc layer among Fig. 3 and Fig. 4 is shown in broken lines, because if the RLC function realizes and just do not need rlc layer itself by the execution of MAC layer in the MAC layer.Layer 2 PDCP layer carried out and can be reduced the header compression function of unnecessary control information, so that the data of utilizing Internet protocol (IP:intemet protocol) grouping of IPv4 for example or IPv6 to send can send via the radio with less relatively bandwidth (wireless) interface effectively.
Radio Resource control (RRC) layer that is arranged in the lowermost portion of the 3rd layer (L3) only is limited to chain of command, and control relates to configuration, reconfigures and logic channel, transmission channel and the physical channel of releasing wireless loading (RB:radiobearer).Here, RB is provided by the business that provided for the transfer of data between terminal and UTRAN by the second layer (L2).
In Fig. 3, (end on the network side eNB) rlc layer and MAC layer can be carried out for example scheduling, the function of re-send request may (ARQ:Automatic Repeat request) and mixed automatic retransmission request (HARQ:Hybrid Automatic Repeat request) automatically.The function that (end on the network side AG) PDCP layer can be carried out for example header-compressed, integrity protection and encrypt for user's face.
In Fig. 4, (end on the network side eNB) rlc layer and MAC layer are carried out and function identical functions for the execution of user's face.In this figure, (end on the network side eNB) rrc layer can be carried out the function of for example broadcasting, paging, RRC connection management, radio bearer (RB) control, mobility functions and UE measurement report and control.(end on the network side aGW) PDCP layer can be carried out for example function of integrity protection and encryption for chain of command.(end on the network side aGW) NAS layer can carry out that for example SAE bearer management, authentication, idle mode mobility are handled, the paging among the LTE_IDLE is started and be used for signaling between aGW and the UE and the function of the security control of user's face.
NAS can be divided into 3 kinds of different conditions.The first, there is not the LTE_DETACHED state of RRC entity situation among the NAS; The second, do not exist RRC to connect the LTE_IDLE state of the situation of storing minimum UE information simultaneously; And the 3rd, set up the LTE_ACTIVE state that RRC connects situation.In addition, RRC can be divided into two kinds of different conditions (for example, RRC_IDLE and RRC_CONNECTED).In the RRC_IDLE state, in UE regulation during by the interrupted reception (DRX:Discontinuous Reception) of NAS configuration, UE can receiving system information and the broadcasting of paging information, and the identity (ID) of having distributed unique identification UE in trace regions to UE.In addition, in the RRC_IDLE state, do not store RRC environment (context) among the eNB.In the RRC_CONNECTED state, UE has the environment among E-UTRAN RRC connection and the E-UTRAN, so that can send data and/or receive data from network (eNB) to network (eNB).And UE can be to eNB reporting channel quality information and feedback information.In the RRC_CONNECTED state, E-UTRAN knows the sub-district under the UE, so that network can send data and/or receive data from UE to UE, network can be controlled the mobility (switching) of UE, and network can be carried out cell measurement for adjacent sub-district.
In the RRC_IDLE pattern, UE regulation paging DRX (the interrupted reception) circulation.That is, the specific paging occasion (paging occasion) of UE in the specific paging DRX circulation of each UE monitors paging signal.Paging occasion is the time interval during the transmission paging signal.UE has the paging occasion of himself.Send beep-page message in all sub-districts that belong to same trace regions.If UE moves to another trace regions from a trace regions, then UE will send the trace regions updating message to upgrade its position to network.
Summary of the invention
The features and advantages of the present invention are set forth in the following description, and partly obvious in explanation, perhaps can be from practice of the present invention is known.By the structure of in explanatory note and claim and accompanying drawing, specifically noting, can realize and obtain these purposes of the present invention and other advantage.
According to a kind of execution mode, a kind of method that gives information protection comprises according to first counter, message and encryption key and generates encrypting messages.This method also comprises according to any in the two of described first counter, integrity protection key and message or encrypting messages and generates unencrypted message authentication code (MAC), and sends the safe protected data that comprises MAC and encrypting messages via transmission medium.
On the one hand, this method also comprises via transmission medium and sends described first counter.
On the other hand, safe protected data also comprises described first counter.
On the one hand, transmission medium is unsafe.
More on the one hand, this method also comprises utilizes cryptographic algorithm to generate encrypting messages.
Aspect another, this method also comprises utilizes protection algorithm integrallty to generate described unencrypted MAC.
On the one hand, this method also comprises: when the safe protected data of each transmission first counter is increased progressively, so that the receiving entity basis is carried out second counter the detection of the transmission of safety protected data synchronously.
According to alternative embodiment of the present invention, a kind of transmitter that can work in communication network comprises processor and receiver.This processor is constructed to give information protect and operates; so that generate encrypting messages, and generate unencrypted message authentication code (MAC) according to any in the two of described first counter, integrity protection key and this message or encrypting messages according to first counter, message and encryption key.This transmitter is constructed to send the safe protected data that comprises MAC and encrypting messages via transmission medium.
According to another alternative embodiment, a kind of method that transmits key value in communication system, this method comprise that reception comprises the authentication request of first parameters for authentication and at least one key value, wherein, carries out integrity protection and encryption to described at least one key value.This method also comprises to authentication ' unit and transmits first parameters for authentication; Receive first Integrity Key, first encryption key and second parameters for authentication that all generates according to first parameters for authentication from authentication ' unit.Another operation comprises according to first Integrity Key and first encryption key described at least one key value is decrypted.
According to an alternative embodiment again, a kind of method that transmits key value in communication system, this method comprise and send the authentication request with first parameters for authentication and at least one key value, so that this at least one key value is carried out integrity protection and encryption.This method can also comprise that reception has the authentication response of second parameters for authentication that generates according to first parameters for authentication.
From subsequently with reference to the detailed description of accompanying drawing to execution mode, those skilled in the art will be clearer above-mentioned and other execution mode, the invention is not restricted to embodiment disclosed herein.
Description of drawings
Accompanying drawing is included further understanding of the invention to be provided and to be merged in and to constitute the application's a part, shows embodiments of the present invention, and is used from specification one and explains principle of the present invention.The feature of in different accompanying drawings, representing of the present invention, element with same numeral with aspect representative according to one or more plant execution modes identical, be equal to or similarly feature, element and aspect.In the accompanying drawings:
Fig. 1 is for example block diagram of the communication network of evolved universal mobile communication system (E-UMTS) of illustration;
Fig. 2 is the block diagram that the framework of typical E-UTRAN is shown;
Fig. 3 is the block diagram that the user face protocol stack of E-UTRAN is shown;
Fig. 4 is the block diagram that the chain of command protocol stack of E-UTRAN is shown;
Fig. 5 illustrates the security-related various entities of chain of command;
Fig. 6 illustrates via transmission medium to send for example block diagram of the method for the safe protected data of MAC and encrypting messages;
Fig. 7 illustrates the block diagram that integrity protection and method of encrypting are provided independently;
Fig. 8 is the block diagram that illustrates the method for U panel data complete protection;
Fig. 9 illustrates a kind of method that LRRC is generated second group of expectation key;
Figure 10 illustrates the method for distributing LRRC encryption key and/or Integrity Key;
Figure 11 illustrates for example typical AKA process of the parameters for authentication of random challenge (RAND) and authentication token (AUTN) of utilizing;
Figure 12 illustrates the AKA process of utilizing parameters for authentication and at least one secret value; And
Figure 13 is the block diagram of mobile communication terminal.
Embodiment
Below will be in detail with reference to preferred implementation of the present invention, its example is shown in the drawings.Under possible situation, use identical Reference numeral to represent identical or similar parts in the accompanying drawings.
Fig. 5 illustrates the security-related various entities (for example UE 10, eNodeB 20 and AG 30) of chain of command.For example, Non-Access Stratum (NAS) signaling that relates to encryption and integrity protection realizes on eNodeB 20 and termination usually.Destination node normally AG 30 or on, and activation be can't help eNodeB control usually.In the example shown, NAS and upper strata RRC conduct are handled with one deck, and are referred to as URRC.
For user's face, can in IAD (or specifically, user entity (UPE:user plane entity)), finish encryption.Encryption in UPE may increase other and consider safely.For the RRC signaling of termination in eNodeB (RRC of lower floor) provides encryption, or, the MAC signaling that terminates in eNodeB encrypts and integrity protection is not a Core Feature for providing.
Usually NAS and the URRC message that for example generates is protected in expectation in UE 10 and AG 30.The encryption of these message and integrity protection can utilize known technology to finish.
In general networks, re-send request may (ARQ) sequence number (SN) generally includes in eNodeB automatically, and encrypts and carry out in AG usually.Yet according to a kind of execution mode, sequence number can be introduced among AG and/or the UE.Sequence number can be represented last several of COUNT-C/I value, for example, this sequence number can be used as to setting up message authentication code (MAC:messageauthentication code) (undoubtedly, the MAC layer of describing among this MAC and Fig. 1 is different) the input parameter of algorithm, and can be used as input to cryptographic algorithm.
Do not need independent COUNT-C and COUNT-I value.Therefore, change at key, algorithm changes or encryptions/integrality when beginning or stopping, can not using at the independent activationary time of encryption and integrality and use single activationary time.That is, AG and UE can indicate sending entity to start new key or algorithm with the sequence number that uses, and when receiving entity need switch to new key or algorithm with the sequence number of use.
Fig. 6 is illustrated in to send for example block diagram of the safe protected data of MAC and encrypting messages in the transmission medium.Specifically, Fig. 6 illustrates the cryptographic algorithm that receives various parameters, and these parameters comprise COUNT-C and/or COUNT-I value, input message, encryption key and optionally other imports data.Optionally the example of input data comprises the direction (being upstream or downstream) of radio bearer/flow identification and communication etc.Input message can be URRC message, and can also comprise other NAS message.
Shown integrity protection (IP) algorithm also receives various parameters, and these parameters comprise COUNT-C and/or COUNT-I value, input message, IP key and optionally other imports data.In exemplary embodiment, the integrity protection and the encryption of input message are carried out concurrently, yet this point is not a necessary condition.
Cryptographic algorithm can be configured to generate encrypting messages according to Counter Value (or a plurality of value), input message and encryption key.Similarly, the IP algorithm can be configured to according to Counter Value (or a plurality of value), integrity protection key and input message and encrypt input message any in the two generate unencrypted message authentication code (MAC).Then, can send the safe protected data that comprises MAC and encrypting messages via transmission medium.
IP key and encryption key performance are separate keys (separate key), yet this point is not a necessary condition, and if desired, can and encrypt the two and use single key (single key) integrity protection.Can also utilize other replacement scheme to carry out the encryption of MAC.
The various aspects of the execution mode of Fig. 6 relate to the protection of URRC message.Yet the protection of user plane messages and the RRC of lower floor (LRRC) message can be to realize with the similar mode of method shown in Figure 6.In addition, for lower floor's rrc layer, owing in eNodeB, ARQ and LRRC are handled, so UE and eNodeB can be in the ARQ layers and do not carry out in lower floor's rrc layer and encrypt.
Fig. 7 illustrates the block diagram that integrity protection and method of encrypting are provided independently.Specifically, the figure shows the integrity protection that provides at the RRC of lower floor 100, and in 105 encryption that provides of Radio Link control (RLC) layer.
At first integrity protection is described, the IP algorithm that illustrates receives various parameters, and these parameters comprise COUNT-I value, input message, IP key and optionally other imports data.The IP algorithm can be configured to generate unencryption MAC according to Counter Value (for example, sequence number), integrity protection key and input message.Then, generate integrality protected data (for example, Service Data Unit (SDU:service data unit)).SDU can comprise MAC, input (unencrypted) message and counter.
At RLC 105, to cryptographic algorithm input SDU, COUNT-C value and encryption key.Cryptographic algorithm can be configured to generate encrypting messages (that is, encrypting SDU) according to these inputs.The result of these operations generates to comprise the safe protected data of encrypting SDU.
Note, owing to carry out integrity protection and encryption individually, the more sequence number of sequence number that this process requires in usually need the execution mode than Fig. 6.
Fig. 8 is the block diagram that is depicted as the method for U panel data complete protection.The integrity protection that is known that the U panel data can cause huge expense.Overhead issues often takes place when using less data block (for example, the data block of VoIP).These situations are embodied by less usually PDCPPDU.
In order to reduce or to minimize the expense that causes by integrity protection, the protection of U panel data is operated to move to the eNodeB/UE physical layer, and available MAC replaces Cyclical Redundancy Check (CRC:cyclic redundancy check).This configuration prevents or minimizes the potential threat to air interface.The advantage of the technology of Fig. 8 is between the transmission period on the physics air interface, does not need to add other CRC sign indicating number to check whether packet correctly receives (that is, not sending wrong).
The operation of Fig. 8 relates to sending entity and receiving entity.In one embodiment, sending entity is eNodeB, and receiving entity is UE.In this example, the operation of frame 200 and frame 205 can be carried out by eNodeB, and the operation of frame 210 and frame 215 can be carried out by UE.In alternative embodiment, sending entity is UE, and receiving entity is eNodeB.In this alternative example, the operation of UE and eNodeB exchange, so that UE carries out the operation of frame 200 and frame 205, eNodeB carries out the operation of frame 210 and frame 215.Only as example, Fig. 8 further describes the example that relates to the transmission from eNodeB to UE.
At frame 200, the MAC algorithm that illustrates receives various parameters (for example, COUNT-I, integrity protection key and the input message (for example, MAC PDU1 and MAC PDU 2) that can comprise U panel data piece).The MAC algorithm can be configured to generate integrity protection message, is expressed as MAC in the drawings.The result of these operations forms safe protected data, and these data comprise (integrality is shielded) MAC, input message and optional sequence number.Can wander back to, the Counter Value in transmission and receiver side can be kept by sequence number (SN).
At frame 205, the safety protected data is handled to send this data to receiving entity (for example UE).Contingent exemplary process comprises chnnel coding, modulation, transmission etc.Then send this safe protected data, receive these data by UE at frame 210 subsequently by eNodeB.UE can utilize routine techniques (for example, demodulation, channel-decoding etc.) to handle received safe protected data.
At frame 215, and with frame 200 in the mode described similar, the MAC algorithm can be configured to generate MAC.This 2nd MAC value is followed with a received MAC (that is the MAC that generates at frame 200) and is compared.If these MAC values are different, then there is the reception mistake in expression, or the data of communicating by letter between eNodeB and UE are damaged (for example, man-in-the-middle attack) in some modes.In addition, if a MAC value is different with the 2nd MAC value or not corresponding, then can send re-send request may to sending entity (for example eNodeB).What emphasize is that re-send request may does not need to use CRC herein.
(for example COUNT-C COUNT-I) safeguards all to require various counters to URRC, U plane and LRRC in all cases.A kind of technology of safeguarding these counters is to add explicit counter to each grouping that sends via air interface.If find that afterwards grouping lacks the COUNT-C/COUNT-I value, then, just still can realize synchronously as long as the grouping that sends does not exceed half of sequence number (SN) space.
Yet, be configured to the situation that harmless unordered (insequence) sends for RLC (outside ARQ), do not need to add the synchronous explicit sequence of the COUNT-C/COUNT-I value that is used between transmit leg and the recipient.But usually to received grouping or be shown as the grouping that abandons count (for example, similar) with movably receiving window (MRW:move receiving window) process just much of that, reduce expense thus.The minimizing of this expense is very tangible under the situation that has only abandoned several groupings.
In UMTS, for example, the COUNT-C/COUNT-I value is utilized the START value or is utilized fixed value (for example, 0) to carry out initialization under the situation of using new key.In LTE, security context is kept in expectation as far as possible for a long time usually.Therefore generic instance is the example that wherein (is used for chain of command at least) and only uses new key, and this will reduce for initialization COUNT-C and COUNT-I value and the needs of transmission START value.
If expectation key reconsul usefulness, it is just much of that to send the START value when setting up the signaling connection.For the user plane bearer among the UMTS, for example, when setting up, radio bearer sends the START value by UE usually.Under the situation of present embodiment, the START value will only need to send when reality is used.
In general, the type that the content of expectation transmits can influence whether keep COUNT-C/COUNT-I value (for example value of LRRC) when the variation of eNodeB, or whether should reinitialize these values when this incident takes place.Two kinds of situations all are possible, and within instruction of the present invention.
In GSM and UMTS, for example, encryption key (CK) and Integrity Key (IK) are generated by authentication and key agreement (AKA:authentication and key agreement) process usually.For example, in UMTS, AKA produces two kinds of different keys; A kind of key is used for integrity protection, and second key is used for encrypting.In one embodiment, these keys can be used for encryption and the integrity protection of URRC (RRC and the NAS that terminate at AG).
For LRRC among the eNodeB and the URRC/NAS among the AG are realized separate keys, need second group key.Fig. 9 is depicted as the method that LRRC generates the second desired group key.First operation provides the AKA process at URRC CK and IK key, LRRC CK and IK key.The second actuator-activated URRC encrypts and integrity protection.The 3rd operates in distribution LRRC CK and IK key on the safe floor.This example requires HLR, VLR, SIM card are changed (this is not desirable operation usually) usually.
Just to distribute LRRC encryption key and/or Integrity Key be a kind of like this technology once set up to encrypt connect on URRC/NAS, that is, this technology can be implemented as and reduce must conflict (impact) that existing key generation technique is forced in the AKA process.Figure 10 shows a kind of like this method.In Figure 10, first operation provides the AKA process at URRC CK and IK key.The second actuator-activated URRC encrypts and integrity protection.The 3rd operates in distribution LRRC CK and IK key on the safe floor.The 4th actuator-activated LRRC key.Illustrated operation requires to begin systematically to encrypt in AG usually.Require two steps, this has reduced the speed of session initiation process illustrated procedures system.
Figure 11 illustrates for example typical AKA process of the parameters for authentication of random challenge (RAND) and authentication token (AUTN) of utilizing.Specifically, as first operation, has the authentication request of the first parameters for authentication RAND and AUTN by the UE reception.
In second operation, transmit first parameters for authentication to authentication ' unit (for example, SIM card).The algorithm related with SIM card for example can determine whether first parameters for authentication authenticates to the AKA process and started by authorized entity.
In the 3rd operation, SIM card further generates second group of parameter, and this parameter comprises IK key, CK key and second parameters for authentication (for example response (RES) value).Second group of parameter is usually as the response of the first parameters for authentication RAND and AUTN is generated.
In the 4th operation, then transmit this second group of parameter to UE from SIM card.In the 5th operation, UE generates authentication response RES in response, and this authentication response RES is sent to AG, so that for example can verify the authenticity of UE and/or SIM card.
Figure 12 is an example of utilizing the AKA process of parameters for authentication and at least one key value.Although Figure 11 and Figure 12 have a plurality of common aspect, the execution mode of Figure 10 has used one or more key value in each stage of handling.
In first operation, has the authentication request of the first parameters for authentication RAND and AUTN by the UE reception.Authentication request can also comprise at least one key value (for example LRRC IP/CK key) after integrity protection and the encryption.
In second operation, transmit first parameters for authentication RAND and the AUTN to authentication ' unit (for example, SIM card).The algorithm related with SIM card can be determined that for example whether first parameters for authentication authenticates to the AKA process and be started by authorized entity.
In the 3rd operation, SIM card further generates second group of parameter, and this parameter comprises IK key, CK key and second parameters for authentication (for example response (RES) value).Second group of parameter is usually as the response of the first parameters for authentication RAND and AUTN is generated.
In the 4th operation, second parameters for authentication, IK key and the CK key of the institute with good grounds first parameters for authentication RAND and AUTN generation is sent to UE from SIM card.
The 5th operation comprises according to IP key and CK key at least one key value (for example LRRC IP/CK key) is decrypted.If desired, the 5th operation can be additionally or is alternatively verified the integrality of at least one key value.
In the 6th operation, UE can be used as response and generates authentication response RES, and this authentication response RES is sent to AG, so that for example can verify the authenticity of UE and/or SIM card.
An advantage of this process is to have transmitted for example LRRC key in the AKA process.Thus, when generating new URRC key, the LRRC key is simultaneously obtainable, and this will reduce from the released state of LTE changes the required time to free/active status.The LRRC set of cipher key can generate and be sent to AG in eNodeB.Alternatively, the LRRC set of cipher key can be selected by HLR, and is sent to AG, then sends to UE/eNodeB.
Figure 13 is the block diagram that can be configured to the mobile communication terminal 300 of UE according to the embodiment of the present invention.Device 300 for example is illustrated as mobile phone, and can be configured to carry out the whole bag of tricks described herein.Mobile communications device 300 (for example comprises processing unit 310, microprocessor or digital signal processor), RF module 335, power management module 305, antenna 340, battery 355, display 315, keypad 320, optional user identification module (SIM) card 325, memory cell 330 (for example, flash memory, ROM or SRAM), loud speaker 345 and microphone 350.
The user comes input instruction information (for example telephone number) by by the button of lower keyboard 320 or utilize the voice activation of microphone 350.Processing unit 310 receptions and processing instruction information are to carry out appropriate functional (for example, dialing phone number).Can extract operating data to carry out function from memory cell 330.In addition, processing unit 310 can be on display 315 idsplay order and operation information so that user's reference.
Processor 310 sends the command information (for example, sending the wireless signal that comprises voice communication data) that starts communication to RF portion 335.RF portion 335 comprises the Receiver And Transmitter that receives and launch wireless signal.Transmitting and receiving of antenna 340 auxiliary wireless signals.When receiving wireless signal, RF module 335 can and be converted to base band frequency to be handled by processing unit 310 with signal forwarding.Signal after the processing will be converted to the sense of hearing or the visual information via for example loud speaker 345 outputs.
Processing unit 310 is carried out the whole bag of tricks and other operation disclosed herein.It will be apparent to those skilled in the art that mobile communications device 300 can easily utilize processing unit 310 for example or other data or digital processing unit to realize in independent mode or with the mode of external support logic combination.Although the present invention describes in the environment of mobile communication, the present invention also can be used to utilize in any wireless communication system of mobile device (for example, being equipped with the PDA and the laptop computer of wireless communication ability).In addition, the particular term of using in order to describe the present invention do not limit the scope of the present invention to particular type wireless communication system (for example, UMTS).The present invention also can be used for other wireless communication system that for example TDMA, CDMA, FDMA, WCDMA etc. utilize different air interfaces and/or physical layer.
Preferred implementation of the present invention can be implemented as method, equipment or the goods that utilize standard program and/or engineering to produce the product of software, firmware, hardware or its combination in any.Term used herein " goods (article of manufacture) " with hardware logic (for example is meant, integrated circuit (IC) chip, field programmable gate array (FPGA:Field Programmable Gate Array), application-specific integrated circuit (ASIC) (ASIC:Application Specific Integrated Circuit) etc.) or computer-readable medium (for example, magnetic storage medium (for example, hard disk, floppy disk, tape etc.), optical storage (CD-ROM, CD etc.), volatibility and Nonvolatile memory devices (for example, EEPROM, ROM, PROM, RAM, DRAM, SRAM, firmware, FPGA (Field Programmable Gate Array) etc.)) code of Shi Xianing or logic.By the code in processor access and the object computer computer-readable recording medium.
Can or obtain implementing the code of preferred implementation from file server via network via transmission medium.In this case, wherein the goods of code can comprise transmission medium (for example, Network transmission line, wireless transmission medium, the signal via spatial transmission, radio wave, infrared signal etc.).Certainly, one skilled in the art would recognize that and to carry out many modifications to this configuration without departing from the scope of the invention, and goods can comprise any information bearing medium well known in the prior art.
Logic realization shown in the figure has been described the concrete operations specifically to occur in sequence.In alternative embodiment, can when still realizing preferred implementation of the present invention, carry out, revise or remove certain logic operations with different order.In addition, can when still deferring to enforcement of the present invention, in above-mentioned logic, add step.
Above-mentioned execution mode and advantage only are exemplary, should not be interpreted as limitation of the present invention.These instructions can easily be applied in the device and processing of other types.Description of the invention is exemplary, but not is used for limiting the scope of claim.Those skilled in the art will know various alternatives, modification and modified example.

Claims (26)

1, a kind of method of the protection that gives information, this method may further comprise the steps:
Generate encrypting messages according to first counter, message and encryption key;
Generate unencrypted message authentication code (MAC) according to any in the two of described first counter, integrity protection key and described message or described encrypting messages; And
Send the safe protected data that comprises MAC and described encrypting messages via transmission medium.
2, method according to claim 1, this method is further comprising the steps of:
Send described first counter via described transmission medium.
3, method according to claim 1, wherein, described safe protected data also comprises described first counter.
4, method according to claim 1, wherein said transmission medium is unsafe.
5, method according to claim 1, this method is further comprising the steps of:
Utilize cryptographic algorithm to generate described encrypting messages.
6, method according to claim 1, this method is further comprising the steps of:
Utilize protection algorithm integrallty to generate described unencrypted MAC.
7, method according to claim 1, this method is further comprising the steps of:
Described first counter is increased progressively when sending described safe protected data each, wherein, receiving entity carries out second counter according to the detection to the transmission of described safe protected data synchronously.
8, a kind of transmitter that can in communication network, work, this transmitter comprises:
Processor, its protection operation that gives information, wherein said processor is constructed to:
Generate encrypting messages according to first counter, message and encryption key;
Generate unencrypted message authentication code (MAC) according to any in the two of described first counter, integrity protection key and described message or described encrypting messages; And
Transmitter, it is constructed to send the safe protected data that comprises MAC and described encrypting messages via transmission medium.
9, transmitter according to claim 8, wherein, described transmitter also is constructed to:
Send described first counter via described transmission medium.
10, transmitter according to claim 8, wherein, described safe protected data also comprises described first counter.
11, transmitter according to claim 8, wherein, described transmission medium is unsafe.
12, transmitter according to claim 8, wherein said processor also is constructed to:
Utilize cryptographic algorithm to generate described encrypting messages.
13, transmitter according to claim 8, wherein said processor also is constructed to:
Utilize protection algorithm integrallty to generate described unencrypted MAC.
14, transmitter according to claim 8, wherein said processor also is constructed to:
Described first counter is increased progressively when sending described safe protected data each, wherein, receiving entity carries out second counter according to the detection to the transmission of described safe protected data synchronously.
15, a kind of method that in communication system, transmits key value, this method may further comprise the steps:
Reception comprises the authentication request of first parameters for authentication and at least one key value, wherein, described at least one key value has been carried out integrity protection and encryption;
Transmit described first parameters for authentication to authentication ' unit;
Receive first Integrity Key, first encryption key and second parameters for authentication that all generates according to described first parameters for authentication from described authentication ' unit; And
According to described first Integrity Key and described first encryption key described at least one key value is decrypted.
16, method according to claim 15, this method is further comprising the steps of:
Send authentication response to network entity, wherein, described authentication response comprises the information that the reliability of the sending entity that sends described authentication response is verified.
17, method according to claim 15, wherein, described authentication ' unit is constructed to and subscriber identification module (SIM) cartoon letters.
18, method according to claim 15, wherein, described at least one key value comprises integrality (IK) key.
19, method according to claim 15, wherein, described at least one key value comprises encryption (CK) key.
20, method according to claim 15, wherein, described first parameters for authentication comprises random challenge (RAND) and authentication token (AUTN).
21, a kind of method that in communication system, transmits key value, this method may further comprise the steps:
Forwarding step sends the authentication request that comprises first parameters for authentication and at least one key value, wherein, described at least one key value has been carried out integrity protection and encryption; And
Receiving step receives the authentication response that comprises second parameters for authentication that generates according to described first parameters for authentication.
22, method according to claim 21 wherein, is carried out described forwarding step by network entity.
23, method according to claim 21 wherein, receives described authentication response at upper strata Radio Resource control (URRC) layer.
24, method according to claim 21, wherein, described at least one key value comprises integrality (IK) key.
25, method according to claim 21, wherein, described at least one key value comprises encryption (CK) key.
26, method according to claim 21, wherein, described first parameters for authentication comprises random challenge (RAND) and authentication token (AUTN).
CNA2007800101388A 2006-03-22 2007-03-21 Security considerations for the LTE of UMTS Pending CN101406024A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US78514806P 2006-03-22 2006-03-22
US60/785,148 2006-03-22
US60/797,459 2006-05-03

Publications (1)

Publication Number Publication Date
CN101406024A true CN101406024A (en) 2009-04-08

Family

ID=40538850

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA2007800101388A Pending CN101406024A (en) 2006-03-22 2007-03-21 Security considerations for the LTE of UMTS
CN2007800102249A Expired - Fee Related CN101405987B (en) 2006-03-22 2007-03-22 Asymmetric cryptography for wireless systems

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN2007800102249A Expired - Fee Related CN101405987B (en) 2006-03-22 2007-03-22 Asymmetric cryptography for wireless systems

Country Status (1)

Country Link
CN (2) CN101406024A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143490A (en) * 2010-01-28 2011-08-03 联芯科技有限公司 Method and device for generating message identifying code in LTE (Long Term Evolution) system
CN102378174A (en) * 2010-08-25 2012-03-14 大唐移动通信设备有限公司 Access method, device and system of user terminal of SIM (Subscriber Identity Module) card
WO2012083873A1 (en) * 2010-12-22 2012-06-28 华为技术有限公司 Method, apparatus and system for key generation
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
CN102835136A (en) * 2010-04-15 2012-12-19 高通股份有限公司 Apparatus and method for signaling enhanced security context for session encryption and integrity keys
US9084110B2 (en) 2010-04-15 2015-07-14 Qualcomm Incorporated Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network
US9191812B2 (en) 2010-04-15 2015-11-17 Qualcomm Incorporated Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node
US9197669B2 (en) 2010-04-15 2015-11-24 Qualcomm Incorporated Apparatus and method for signaling enhanced security context for session encryption and integrity keys
CN108476211A (en) * 2015-11-02 2018-08-31 瑞典爱立信有限公司 Wireless communication

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9210578B2 (en) * 2012-07-12 2015-12-08 Nokia Technologies Oy Methods and apparatus for authentication
CN104519487A (en) * 2013-09-30 2015-04-15 中兴通讯股份有限公司 Method and device for processing PDCP (packet data convergence protocol) count values
CN109150504A (en) * 2017-06-14 2019-01-04 深圳市中兴微电子技术有限公司 A kind of method that realizing data transmission and processing and Advanced Encryption Standard system
CN111866884B (en) * 2019-04-26 2022-05-24 华为技术有限公司 Safety protection method and device
US11683334B2 (en) * 2020-12-30 2023-06-20 T-Mobile Usa, Inc. Cybersecurity system for services of interworking wireless telecommunications networks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050129236A1 (en) * 2003-12-15 2005-06-16 Nokia, Inc. Apparatus and method for data source authentication for multicast security
JP4554968B2 (en) * 2004-03-26 2010-09-29 株式会社日立製作所 Wireless communication terminal device in ad hoc network

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143490B (en) * 2010-01-28 2013-07-31 联芯科技有限公司 Method and device for generating message identifying code in LTE (Long Term Evolution) system
CN102143490A (en) * 2010-01-28 2011-08-03 联芯科技有限公司 Method and device for generating message identifying code in LTE (Long Term Evolution) system
US9084110B2 (en) 2010-04-15 2015-07-14 Qualcomm Incorporated Apparatus and method for transitioning enhanced security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network
CN102835136A (en) * 2010-04-15 2012-12-19 高通股份有限公司 Apparatus and method for signaling enhanced security context for session encryption and integrity keys
US9191812B2 (en) 2010-04-15 2015-11-17 Qualcomm Incorporated Apparatus and method for transitioning from a serving network node that supports an enhanced security context to a legacy serving network node
US9197669B2 (en) 2010-04-15 2015-11-24 Qualcomm Incorporated Apparatus and method for signaling enhanced security context for session encryption and integrity keys
CN102835136B (en) * 2010-04-15 2016-04-06 高通股份有限公司 For being session encryption and the contextual apparatus and method of Integrity Key signaling enhanced security
CN102378174A (en) * 2010-08-25 2012-03-14 大唐移动通信设备有限公司 Access method, device and system of user terminal of SIM (Subscriber Identity Module) card
WO2012083873A1 (en) * 2010-12-22 2012-06-28 华为技术有限公司 Method, apparatus and system for key generation
CN102625300A (en) * 2011-01-28 2012-08-01 华为技术有限公司 Generation method and device for key
WO2012100749A1 (en) * 2011-01-28 2012-08-02 华为技术有限公司 Key generating method and apparatus
US9049594B2 (en) 2011-01-28 2015-06-02 Huawei Technologies Co., Ltd. Method and device for key generation
CN102625300B (en) * 2011-01-28 2015-07-08 华为技术有限公司 Generation method and device for key
CN108476211A (en) * 2015-11-02 2018-08-31 瑞典爱立信有限公司 Wireless communication
US11374941B2 (en) 2015-11-02 2022-06-28 Telefonaktiebolaget Lm Ericsson (Publ) Wireless communications

Also Published As

Publication number Publication date
CN101405987A (en) 2009-04-08
CN101405987B (en) 2011-09-28

Similar Documents

Publication Publication Date Title
US8832449B2 (en) Security considerations for the LTE of UMTS
CN101406024A (en) Security considerations for the LTE of UMTS
US8627092B2 (en) Asymmetric cryptography for wireless systems
US9801072B2 (en) Non-access stratum architecture and protocol enhancements for long term evolution mobile units
KR100956823B1 (en) Method of processing a security mode message in a mobile communication system
CN103945376B (en) The wireless device and method that re-cipher key is carried out in the case where reducing packet loss conditions for high throughput wireless communication
EP2208294B1 (en) Method of repairing a security failure
KR102460648B1 (en) Method and apparatus for implementing bearer specific changes as part of connection reconfiguration affecting the security keys used
JP5365822B2 (en) Communications system
KR20090032624A (en) Providing apparatus and method capable of protecting privacy mac frame in ieee 802.15.4 networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20090408