CN102307091B - Method and device for protecting signalling in NAS (non-access stratum) layer - Google Patents

Method and device for protecting signalling in NAS (non-access stratum) layer Download PDF

Info

Publication number
CN102307091B
CN102307091B CN201110302515.3A CN201110302515A CN102307091B CN 102307091 B CN102307091 B CN 102307091B CN 201110302515 A CN201110302515 A CN 201110302515A CN 102307091 B CN102307091 B CN 102307091B
Authority
CN
China
Prior art keywords
algorithm
aes algorithm
eea
eia
mme
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110302515.3A
Other languages
Chinese (zh)
Other versions
CN102307091A (en
Inventor
吴鹏程
习建德
崔丽娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201110302515.3A priority Critical patent/CN102307091B/en
Publication of CN102307091A publication Critical patent/CN102307091A/en
Application granted granted Critical
Publication of CN102307091B publication Critical patent/CN102307091B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method and a device for protecting signaling in an NAS (non-access stratum) layer. Through applying the technical scheme provided by the embodiment of the invention, an AES (advanced encryption standard) algorithm composed of an EIA (EPS integrity algorithm) with 128 bit or other bits and an EEA (EPS encryption algorithm) with 128 bit or other bits can be used for protecting the signaling in the NAS layer, thus the protection of the signalling in the NAS layer is not restricted by the 128-bit-secret-key-length set in the prior art that the AES algorithm is used for encrypting the signalling in the NAS layer, and the secret key length in the AES algorithm can be flexibly selected according to the actual requirements. By using more varied algorithms and algorithm combination to protect the signalling in the NAS layer, the flexibility requirements in the actual application scenes can be satisfied, the diversity of protection strategies on the signalling in the NAS layer can be increased, and the security can be improved in the process of protecting the signalling in the NAS layer.

Description

Guard method and the equipment of NAS layer signaling
Technical field
The present invention relates to communication technical field, particularly a kind of guard method and equipment of NAS layer signaling.
Background technology
At LTE(Long Term Evolution, Long Term Evolution), MME(Mobility Management Entity, Mobility Management Entity) and UE(User Equipment, subscriber equipment, be terminal equipment) between NAS(Non Access Stratum, Non-Access Stratum) layer signaling connect in, there is NAS security mechanism.Once security process is set up, all NAS layer signalings all will be by safeguard protection, comprises and encrypting and integrity protection.In the time that being attached to network, UE need to carry out authentication to user, be UE, MME and HSS(Home Subscriber Server, home subscriber server) between carry out EPS(Evolved Packet System, evolved packet system) AKA(Authentication and Key Agreement, authentication and key agreement) process, in this process, HSS can issue EPS authentication vector to MME.This authentication vector is a four-tuple: random value RAND, authentication token AUTN, key K aSME, Expected Response value XRES.MME uses random value RAND and authentication token AUTN to authenticate UE, UE receives these two values simultaneously network is authenticated, can be from USIM(Universal Subscriber Identity Module in verification process, global user's identification) the root key K that preserves of card deduces out a key K aSME, so that the calculating of follow-up other keys.
As shown in Figure 1, for the schematic flow sheet of the process of establishing of NAS security mechanism of the prior art, specifically describe as follows.
Step S101, MME select to encrypt and protection algorithm integrallty, according to the key K in the EPS authentication vector of selecting in EPS AKA process aSMEwith the protection algorithm integrallty of selecting, generate integrity protection key.By integrity protection key and protection algorithm integrallty to NAS layer signaling---security mode command(safe mode command) message carries out integrity protection; security mode command message comprises NAS security algorithms(NAS security algorithm rule), NAS key set identifier(NAS key designated identification), UE security capability(terminal security ability); afterwards, security mode command message is sent to UE by MME.Opening timing device T3460 after sending.
In concrete enforcement scene, the formation of security mode command message is as shown in table 1
The contents list of table 1 security mode command message
Step S102, UE are after receiving security mode command message; taking-up NAS security algorithms(wherein comprises cryptographic algorithm and the protection algorithm integrallty of selection); use the protection algorithm integrallty that wherein MME specifies, calculation of integrity Protective Key also carries out integrity protection verification to message.
If step S103 verification succeeds, UE can use the NAS security algorithms(carrying in security mode command message to comprise cryptographic algorithm and the protection algorithm integrallty of selection), the key K of deducing out according to its UE this locality aSMEcalculate new NAS encryption key K nASencwith NAS integrity protection key K nASintand security mode complete message is carried out to NAS integrity protection and NAS encipherment protection, then, security mode complete message is sent to MME; MME receives after security mode complete message, stop timing device T3460.
After NAS layer signaling (security mode command message and security mode complete message) is mutual, safe context is successfully established.NAS signaling afterwards all will be used the algorithm of selection to carry out safeguard protection.
Wherein, the formation of security mode complete message is as shown in table 2
The contents list of table 2 security mode complete message
in existing technical scheme; when MME selects EIA(EPS Integrity Algorithm; protection algorithm integrallty) 2 and EEA(EPS Encryption Algorithm; cryptographic algorithm) 2 o'clock; use AES(Advanced Encryption Standard; Advanced Encryption Standard) 128 keys are encrypted and integrity protection, as the algorithm in the security capabilities in agreement, are described as follows:
UE, in network registry, can inform the security algorithm set that UE supports, specifically as shown in table 3.
The list of table 3 UE security capabilities information word
MME is according to the security capabilities of UE, and algorithm ability and the algorithm priority supported in conjunction with self, select corresponding algorithm.If when selecting aes algorithm, can use 128-EEA2 to be encrypted, to use 128-EIA2 to carry out integrity protection to message to NAS layer signaling.After having passed through security mode command message and Security mode complete message mutual, NAS layer security process set up.
In calculation of integrity Protective Key, use the K of 256 nASencwith input of character string S.
Concrete, character string S's is composed as follows:
- FC = 0x15
- P0 = algorithm type distinguisher
- L0 = length of algorithm type distinguisher (i.e. 0x00 0x01)
- P1 = algorithm identity
- L1 = length of algorithm identity (i.e. 0x00 0x01)
Wherein, the list of the corresponding algorithm type classification of algorithm type distinguisher is as shown in 4.
Table 4 algorithm type classification
Derive function KDF(Key Derivation Function by key), draw the NAS encryption key K of 256 nASencwith NAS integrity protection key K nASint.For EIA2-128 and EEA2-128, get low 128 as integrity protection key K nASencwith encryption key K nASint.
In concrete enforcement scene, the encryption round number of aes algorithm and the relationship description of key length are as follows:
The value of wheel number Nr depends on the length of grouping and key.
For AES, in the time that key length is 128 bit, Nr=10;
In the time that key length is 192 bit, Nr=12;
In the time that key length is 256 bit, Nr=14.
Specifically as shown in table 5.
The encryption round of table 5 aes algorithm is counted the corresponding relation list of Nr and key length
In the process that realizes the embodiment of the present invention, applicant finds that prior art at least exists following problem:
In the prior art; fixing use key length is 128, for the foundation of the security system in NAS SMC process interface, when selecting aes algorithm; can only select key length is that the AES-128 of 128 carries out integrity protection and encryption, cannot use AES-192 and AES-256.After safe mode is set up, the NAS layer signaling in Signalling exchange can only be used EIA2-128 to carry out integrity protection and be encrypted with EEA2-128.In addition, key length is fixed, and easily causes DoS attack.
Moreover, based on existing technical scheme, if want to use algorithm more flexible at network side, the AES-128 of fixed key length obviously can not meet the demands.AES-128 is a kind of algorithm the shortest in aes algorithm, selects separately this algorithm, is unfavorable for network security.
Summary of the invention
The embodiment of the present invention provides a kind of guard method and equipment of NAS layer signaling, solves the problem that the fail safe that can only use the algorithm of 128 when NAS signaling protection based on aes algorithm in prior art and cause reduces.
For achieving the above object, the embodiment of the present invention provides a kind of guard method of NAS layer signaling on the one hand, comprising:
Mobility Management Entity MME is according to the corresponding algorithm selective rule of terminal equipment, select Advanced Encryption Standard aes algorithm, wherein, described aes algorithm specifically comprises the protection algorithm integrallty EIA of 128 or other figure places, and the cryptographic algorithm EEA of 128 or other figure places;
Described MME sends the safe mode command security mode command message of protecting by described aes algorithm, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment;
What described MME received that described terminal equipment sends pass through, and safe mode that described aes algorithm protects completes security mode complete message, sets up NAS layer security process.
On the other hand, the embodiment of the present invention also provides a kind of MME, at least comprises:
Select module, for according to the corresponding algorithm selective rule of terminal equipment, select aes algorithm, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module, for sending the security mode command message of protecting by the selected aes algorithm of described selection module, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment;
Receiver module, for receiving the security mode complete message that the selected aes algorithm of described selection module is protected of passing through of described terminal equipment transmission, sets up NAS layer security process.
On the other hand, the embodiment of the present invention also provides a kind of guard method of NAS layer signaling, at least comprises the following steps:
Terminal equipment receives the security mode command message of protecting by aes algorithm that MME sends, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message;
Described terminal equipment is determined described aes algorithm according to the figure place information of described EIA and EEA, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
If verification succeeds, described terminal equipment sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process.
On the other hand, the embodiment of the present invention also provides a kind of terminal equipment, at least comprises:
Receiver module, the security mode command message of protecting by aes algorithm sending for receiving MME, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message;
Processing module, the EIA carrying for the received described security mode command message of described receiver module and the figure place information of EEA are determined described aes algorithm, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module, for when the described processing module verification succeeds, sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process.
Compared with prior art, the technical scheme that the embodiment of the present invention proposes has the following advantages:
By the technical scheme of the application embodiment of the present invention, can be by the EIA of 128 or other figure places, and the aes algorithm that the EEA of 128 or other figure places forms is protected NAS layer signaling, thereby, while being no longer subject to using aes algorithm to carry out the encryption of NAS layer signaling, key length is fixed as the restriction of 128, can select flexibly according to actual needs the key length of aes algorithm, use more changeable algorithm and algorithm combination to protect NAS layer signaling, not only meet the requirement on flexibility in practical application scene, and increase NAS layer signaling and protected tactful diversity, improve the fail safe of NAS layer signaling protection process.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the process of establishing of NAS security mechanism of the prior art;
The schematic flow sheet of the guard method of a kind of NAS layer signaling that Fig. 2 proposes for the embodiment of the present invention;
The schematic flow sheet of the guard method of a kind of NAS layer signaling that Fig. 3 proposes for the embodiment of the present invention;
The schematic flow sheet of the guard method of the NAS layer signaling under a kind of concrete application scenarios that Fig. 4 proposes for the embodiment of the present invention;
Fig. 5 is the structural representation of a kind of MME of embodiment of the present invention proposition;
Fig. 6 is the structural representation of a kind of terminal equipment of embodiment of the present invention proposition.
Embodiment
As stated in the Background Art, between MME and UE, once NAS layer security process set up, all NAS Signalling exchanges all can be subject to the protection of safe context.In such protection process, need to use integrity protection and encryption, the algorithm of use mainly comprises SNOW 3G and AES.
At present, in LTE inside, the aes algorithm using in NAS layer Signalling exchange, only using key length is the algorithm of 128 bit lengths, is called for short AES-128.But in actual application, for aes algorithm, at least also having key length is the algorithm (AES-192, AES-256) of 192,256 bit lengths.And the aes algorithm of existing fixed key length (128) also cannot meet the demand variable to key length to operator, cannot use flexibly AES-192 and AES-256 to be encrypted and integrity protection NAS layer signaling.
Further, at some special dimensions, communication security is had to stricter requirement, need to do stricter protection to Content of Communication, and fixed key length is obviously provided convenience for cracking, and is unfavorable for the intensity of safeguard protection.
For the problems referred to above; the embodiment of the present invention has proposed a kind of flexible use aes algorithm and has realized the method that NAS layer signaling protected; can be by the EIA of 128 or other figure places; and the aes algorithm that the EEA of 128 or other figure places forms is protected NAS layer signaling; thereby; strengthen the diversity of key figure place, improve the intensity of safeguard protection.
As shown in Figure 2, the schematic flow sheet of the guard method of a kind of NAS layer signaling proposing for the embodiment of the present invention, the method specifically comprises the following steps:
Step S201, MME be according to the corresponding algorithm selective rule of terminal equipment, selects aes algorithm, and wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places.
It is pointed out that in order to ensure MME and the terminal equipment side consistency for aes algorithm content understanding, before this step is carried out, also comprise following flow process:
The information aggregate of alternative aes algorithm is sent to described terminal equipment by described MME; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
In actual application scenarios, the concrete form of the information aggregate of alternative aes algorithm is like this similar to the UE security capability information element shown in aforesaid table 3, but difference is to have removed the restriction of 128 for aes algorithm in the information aggregate of alternative aes algorithm that the embodiment of the present invention proposes, and the aes algorithm of 192 and 256 other figure places that derive even from now on all can comprise wherein.
Concrete transmitting time can select terminal equipment in network registry, and certainly, as long as completed corresponding processing before this step is carried out, the variation of concrete time can't affect protection scope of the present invention.
In actual applications, the concrete processing procedure of this step is as follows:
Described MME is according to the security capabilities information of described terminal equipment, and the algorithm ability of supporting in conjunction with described MME self, and the algorithm precedence information comprising in the information aggregate of alternative aes algorithm, for described terminal equipment is selected aes algorithm.
Wherein, for concrete application scenarios; the EIA that above-mentioned aes algorithm is included and EEA can have identical algorithm figure place; also can there is different algorithm figure places; can determine according to actual needs; changeable like this algorithm combination and secret key bits array are closed, and have increased the diversity of NAS layer signaling protection scheme, have also improved corresponding fail safe.
Step S202, described MME send the security mode command message of protecting by described aes algorithm, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment.
In concrete enforcement scene, the concrete processing procedure of this step is as follows:
First, described MME is according to the key in EPS authentication vector, and included EIA and EEA in described aes algorithm, generates respectively integrity protection key and the encryption key of corresponding figure place.
Then, described MME carries out conservation treatment by described integrity protection key and encryption key to security mode command message.
Afterwards, the security mode command message after conservation treatment is sent to described terminal equipment by described MME.
It is pointed out that the mode of carrying the figure place information of EIA included in described aes algorithm and EEA in described security mode command message, specifically comprise following two kinds:
Mode one, by the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
Wherein, described key length field, is specially and replaces Spare half octet field, adds the field in described security mode command message to, and the length of this key length field is nibble.
The information content in described key length field, is specially the identification information that the corresponding figure place of the figure place information of described EIA and the figure place information of EEA combines.
Corresponding identification information can preset with the corresponding relation of concrete figure place, also can notify by the signaling sending in advance, consistent to the understanding of this corresponding relation with maintenance in terminal equipment at MME.
In sum, mode one is equivalent to the field in existing security mode command message to revise, original Spare half octet field is revised as to key length field, for example, this key length field can be referred to as Key Length field, by such field, can directly carry corresponding identification information, inform the combination of the corresponding algorithm figure place of terminal equipment.
Information in mode two, NAS security algorithm rule NAS security algorithms field by described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
Wherein, the information in described NAS security algorithms field, specifically comprises the identification information of figure place information of described EIA and the identification information of the figure place information of EEA.
Corresponding identification information can preset with the corresponding relation of concrete figure place, also can notify by the signaling sending in advance, consistent to the understanding of this corresponding relation with maintenance in terminal equipment at MME.
In sum, mode two is equivalent to the field in existing security mode command message to expand, and the field structure in security mode command message is not modified, the implication of content in original NAS Security algorithms field is expanded, the algorithm information of other figure places beyond enabling to indicate 128, thereby, inform the corresponding algorithm figure place of terminal equipment.
In actual application process, specifically adopt which kind of mode to determine according to actual needs, such variation does not affect protection scope of the present invention.
Step S203, described MME receive the security mode complete message that described aes algorithm is protected of passing through of described terminal equipment transmission, set up NAS layer security process.
In actual application scenarios, the processing procedure of this step is specially:
Described MME verifies described security mode complete message according to described aes algorithm.
In the time being proved to be successful, described MME determines that safe context is successfully established, and completes the foundation of NAS layer security process.
In actual application scenarios; complete in this step; after setting up NAS layer security process between MME and terminal equipment; other NAS layer signalings of transmitting between MME and terminal equipment need to be carried out conservation treatment according to selected aes algorithm in step S201 equally; until this NAS layer security process termination, or between MME and terminal equipment, trigger new NAS layer security process and set up.
Need to further be pointed out that, for fear of the delay of the corresponding processing procedure causing because of transmission of messages problem, in above-mentioned processing procedure, MME is sending to terminal equipment after corresponding message, can start corresponding timer, if do not receive yet the response message that terminal equipment returns before timer expired, determine corresponding processing procedure failure and finish to work as pretreatment process, so still carry out other processing to again initiating corresponding processing procedure, need need to determine according to concrete application scenarios, such variation does not affect protection scope of the present invention.
Corresponding with above-mentioned processing procedure, in terminal equipment side, need to the security mode command message of protecting by described aes algorithm be received accordingly and be processed, and the mutual and processing of triggering following NAS layer signaling.
Concrete, as shown in Figure 3, the schematic flow sheet of the guard method of a kind of NAS layer signaling proposing for the embodiment of the present invention, the method specifically comprises the following steps:
Step S301, terminal equipment receive the security mode command message of protecting by aes algorithm that MME sends, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message.
Wherein, for concrete application scenarios; the EIA that above-mentioned aes algorithm is included and EEA can have identical algorithm figure place; also can there is different algorithm figure places; can determine according to actual needs; changeable like this algorithm combination and secret key bits array are closed, and have increased the diversity of NAS layer signaling protection scheme, have also improved corresponding fail safe.
Further, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, in a word bright similar with aforesaid step S202, comprise equally two kinds of modes, be not repeated.
On the other hand, in order to ensure MME and the terminal equipment side consistency for aes algorithm content understanding, before this step is carried out, also comprise following flow process:
Described terminal equipment receives the information aggregate of alternative aes algorithm of described MME transmission; concrete; the information aggregate of this alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
In actual application scenarios, the concrete form of the information aggregate of alternative aes algorithm is like this similar to the UE security capability information element shown in aforesaid table 3, but difference is to have removed the restriction of 128 for aes algorithm in the information aggregate of alternative aes algorithm that the embodiment of the present invention proposes, and the aes algorithm of 192 and 256 other figure places that derive even from now on all can comprise wherein.
Step S302, described terminal equipment are determined described aes algorithm according to the figure place information of described EIA and EEA, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places.
If verification succeeds, performs step S303;
If verification is unsuccessful, process according to existing processing scheme, do not repeat them here.
In concrete enforcement scene, the processing procedure of this step, specifically comprises:
Described terminal equipment, according to the figure place information of described EIA and EEA, is determined included EIA and the EEA of described aes algorithm in the information aggregate of described alternative aes algorithm.
Described terminal equipment, according to described EIA and EEA, generates respectively integrity protection key and the encryption key of corresponding figure place.
Described terminal equipment carries out verification by described integrity protection key and encryption key to security mode command message.
Step S303, described terminal equipment send the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process.
In concrete enforcement scene, the processing procedure of this step, specifically comprises:
If verification succeeds, described terminal equipment, according to the key from deducing out in this locality, by described EIA and EEA, generates respectively new integrity protection key and the encryption key of corresponding figure place.
Described terminal equipment carries out conservation treatment by described new integrity protection key and encryption key to security mode complete message.
The security mode complete message after conservation treatment is sent to described MME by described terminal equipment, sets up NAS layer security process.
In actual application scenarios; complete in this step; after setting up NAS layer security process between MME and terminal equipment; other NAS layer signalings of transmitting between MME and terminal equipment need to be carried out conservation treatment according to determined aes algorithm in step S302 equally; until this NAS layer security process termination, or between MME and terminal equipment, trigger new NAS layer security process and set up.
Compared with prior art, the technical scheme that the embodiment of the present invention proposes has the following advantages:
By the technical scheme of the application embodiment of the present invention, can be by the EIA of 128 or other figure places, and the aes algorithm that the EEA of 128 or other figure places forms is protected NAS layer signaling, thereby, while being no longer subject to using aes algorithm to carry out the encryption of NAS layer signaling, key length is fixed as the restriction of 128, can select flexibly according to actual needs the key length of aes algorithm, use more changeable algorithm and algorithm combination to protect NAS layer signaling, not only meet the requirement on flexibility in practical application scene, and increase NAS layer signaling and protected tactful diversity, improve the fail safe of NAS layer signaling protection process.
Below, in conjunction with concrete application scenarios, the technical scheme that the embodiment of the present invention is proposed describes.
As shown in Figure 4, the schematic flow sheet of the guard method of the NAS layer signaling under a kind of concrete application scenarios proposing for the embodiment of the present invention, the method specifically comprises the following steps:
Step S401, MME send to UE the security algorithm set that UE supports.
First; similar with prior art; at UE in network registry; MME can inform its security algorithm set of supporting of UE (being the UE security capability information shown in aforesaid table 3); certainly; in actual application scenarios, as long as carry out carrying out such notice before NAS layer security process starting, such variation does not affect protection scope of the present invention.
But, in order to realize the application of aes algorithm of multiple figure place, in the technical scheme that the embodiment of the present invention proposes, need the restriction of 128 of the 128-EIA2 in UE security capability information and 128-EEA2 to remove, can use AES-192 and AES-256.
Step S402, MME send the security mode command message of the figure place information of carrying aes algorithm to UE.
Corresponding to aforesaid technical scheme, the embodiment of the present invention is two kinds of modes based in aforesaid step S202 respectively, and the technical scheme of dividing two kinds of application scenarioss to propose the embodiment of the present invention describes.
Application scenarios one, the information of carrying aes algorithm by the new field in security mode command message.
In this application scene, need to change the structure of security mode command message, in security mode command message structure body, increase Key Length field, i.e. previously described key length field.
The structure of adding the security mode command message after Key Length field is specifically as shown in table 6.
Table 6 increases the structural representation list of the security mode command message of IE
Wherein, Key Length field has replaced the Spare half octet field in former security mode command message, defines specifically referring to above-mentioned table 6 accordingly.
In actual application scenarios, the length of above-mentioned Key Length field is consistent with the definition of former Spare half octet field, be still 4 (4 bit, 1/2 byte), in order to represent the figure place information of EIA included in aes algorithm and EEA, can preset the corresponding relation of the figure place information combination of 4 bit-identify information and EIA and EEA, thereby, the identification information that carries four in only need to the Key Length field in security mode command message sends to terminal equipment, terminal equipment is according to corresponding corresponding relation, determine the figure place information combination of corresponding EIA and EEA, thereby, determine the particular content of the selected aes algorithm of MME.
The technical scheme proposing for the clearer description embodiment of the present invention, in a kind of concrete application scenarios, the embodiment of the present invention has provided the corresponding relation example of a kind of identification information of Key Length field and the figure place information of aes algorithm, specifically as shown in table 7.
The corresponding relation list of the identification information of table 7 Key Length field and the figure place information of aes algorithm
Wherein, the identification information of Key Length field has taken 4 bit, except the identification information that above-mentioned several combinations of values form, other multiple combinations of values are also remained, for convenience's sake, can be by equal remaining other combinations of values and 128-EEA2, the EAS algorithm of 128-EIA2 is corresponding.
Certainly, the definition of above-mentioned corresponding relation is a kind of concrete example, in concrete enforcement scene, can adjust accordingly according to actual needs and configure, and the variation of concrete corresponding relation definition can't affect protection scope of the present invention.
Further, the embodiment of the present invention describes the integrity protection key in MME use EIA2 and EEA2 situation and calculating and the use procedure of encryption key.
In calculation of integrity Protective Key, use the K of following 256 aSMEwith input of character string S.
Character string S is composed as follows:
- FC = 0x15
- P0 = algorithm type distinguisher
- L0 = length of algorithm type distinguisher (i.e. 0x00 0x01)
- P1 = algorithm identity
- L1 = length of algorithm identity (i.e. 0x00 0x01)
Wherein, in the situation that carrying out integrity protection cipher key calculation, P0=0x02, algorithm P1=0x02.
In the situation that being encrypted cipher key calculation, P0=0x01, algorithm P1=0x02.
Based on above stated specification, MME selects Key Length represented length, specifies EIA2 and EEA2 to use AES-128 or AES-192, AES-256, concrete, can decide according to priority or configuration the length of integrity protection key and encryption key.
If select key length be 192, MME get KDF function Output rusults low 192 as key.
If select key length be 256, MME get KDF function Output rusults whole 256 as key.
In concrete enforcement scene, integrity protection key and encryption key length are not necessarily identical.
Concrete, for this kind of application scenarios, the setting of the embodiment of the present invention based on aforesaid table 7, provides a kind of concrete processing procedure example of this step, is described as follows.
First, MME has selected Key Length=0010, and the length of selecting encryption key is 128, and the length of integrity protection key is 256.
Then, the KDF that MME gets generation encryption key derives low 128 inputs as encryption of function result, and gets low 256 inputs as encryption and integrity protection that generation integrity protection key is put off KDF function result.
Thereby; encryption function is used the encryption function of AES-128; and the encryption key of 128 is encrypted security mode command message; integrity protection function is used the integrity protection function of AES-256, and the 256 integrity protection keys that are carry out integrity protection to security mode command message.
Finally, in the time that MME initiates the process of establishing of NAS layer security process, security mode command message is issued to UE.
Said process is the concrete example of one of this application scene, and the variation of concrete processing procedure can not affect protection scope of the present invention.
Application scenarios two, the information of carrying aes algorithm by the original field after the expansion in security mode command message.
In this application scene, do not need the structure of security mode command message to change, but need to expand the content of original field in security mode command message.
Concrete, the NAS Security algorithms field comprising in security mode command message can be expanded, 192-EIA2,192-EEA2,256-EIA2,256-EEA2 algorithm can be carried, the structure of security mode command message can be do not revised like this.
The technical scheme proposing for the clearer description embodiment of the present invention, in a kind of concrete application scenarios, the embodiment of the present invention has provided a kind of example that NAS Security algorithms field is expanded, the aes algorithm that need to carry due to NAS Security algorithms field comprises EEA and EIA, so, the content of NAS Security algorithms field can represent respectively EIA and EEA by the information combination of different bits, and the corresponding relation of the figure place information of corresponding identification information and aes algorithm is respectively as shown in table 8 and table 9.
The partial content (bit 1 to bit 3) of table 8 NAS Security algorithms field and the corresponding relation of protection algorithm integrallty
The partial content (bit 5 to bit 7) of table 9 NAS Security algorithms field and the corresponding relation of cryptographic algorithm
Further; because the length of NAS Security algorithms field is 8 (8 bit; 1 byte) except the given bit 1 to bit 3 of above-mentioned table 8; and beyond the given bit 5 to bit 7 of table 9; bit 4 and bit 8 can directly be set to 0; or by the combination of other numerical value, form new expansion content, such variation does not affect protection scope of the present invention.
In sum, be set to 0 scene based on bit 4 and bit 8, the content of above-mentioned NAS Security algorithms field has been carried out following expansion:
Cryptographic algorithm expansion:
" 0000 2" EEA0 Null ciphering algorithm(null-encryption algorithm)
" 0001 2" 128-EEA1 SNOW 3G based algorithm(SNOW 3G algorithm)
" 0010 2" 128-EEA2 AES based algorithm(AES algorithm)
" 0011 2" 192-EEA2 AES based algorithm(AES algorithm)
" 0100 2" 256-EEA2 AES based algorithm(AES algorithm)
Protection algorithm integrallty expansion:
" 0001 2" 128-EIA1 SNOW 3G(SNOW 3G algorithm)
" 0010 2" 128-EIA2 AES(AES algorithm)
" 0011 2" 192-EIA2 AES(AES algorithm)
" 0100 2" 256-EIA2 AES(AES algorithm)
It is to be noted; the given a kind of preferred exemplary of the corresponding relation instruction embodiment of the present invention of above-mentioned extend type and concrete sign content; in concrete enforcement scene, can adjust according to actual needs, such variation does not affect protection scope of the present invention.
Based on above-mentioned Information expansion; MME is selecting after corresponding aes algorithm; apply corresponding algorithm and generate integrity protection key and encryption key; and according to corresponding key, security mode command message is encrypted; in NAS Security algorithms field in this security mode command message, carry the identification information of corresponding aes algorithm.
Step S403, UE resolve the content of the NAS security algorithms field in the security mode command message of receiving, if algorithm instruction is aes algorithm, in security algorithm set, obtain corresponding aes algorithm according to corresponding information.
Concrete, two kinds of application scenarioss in corresponding aforesaid step S402, the concrete processing procedure that UE obtains corresponding aes algorithm according to corresponding information in security algorithm set also comprises following two kinds of situations.
Corresponding to the application scenarios one in aforesaid step S402, UE, according to the content of the Key Length field in security mode command message, directly determines the combination of the selected EEA of MME and EIA, obtains corresponding algorithm in security algorithm set.
Corresponding to the application scenarios two in aforesaid step S402, UE is according to the content of the NAS Security algorithms field in security mode command message, determine respectively the type of the selected EIA of MME by bit 1 to bit 3, determine the type of the selected EEA of MME by bit 5 to bit 7, and obtain corresponding algorithm in security algorithm set.
Step S404, UE carry out integrity protection verification according to obtained aes algorithm to security mode command message.
In this step; according to being similar to MME calculation of integrity Protective Key in step S402 and the process of encryption key; UE generates corresponding integrity protection key and encryption key in this locality, and according to corresponding key, security mode command message is carried out to integrity protection verification.
If verification succeeds, performs step S405.
Step S405, UE use the selected aes algorithm of MME to be encrypted and integrity protection security mode complete message, and issue MME.
Step S406, MME receive security mode complete message, and after verification succeeds, confirm that NAS layer security process is successfully established.
The processing procedure of this step is that MME carries out integrity protection verification according to the selection result of the aes algorithm of this locality storage, and concrete checking procedure is not repeated.
After NAS layer security process set up, the NAS Signalling exchange between MME and UE just need to carry out integrity protection and encipherment protection according to the selected aes algorithm of MME in step S402.
Compared with prior art, the technical scheme that the embodiment of the present invention proposes has the following advantages:
By the technical scheme of the application embodiment of the present invention, can be by the EIA of 128 or other figure places, and the aes algorithm that the EEA of 128 or other figure places forms is protected NAS layer signaling, thereby, while being no longer subject to using aes algorithm to carry out the encryption of NAS layer signaling, key length is fixed as the restriction of 128, can select flexibly according to actual needs the key length of aes algorithm, use more changeable algorithm and algorithm combination to protect NAS layer signaling, not only meet the requirement on flexibility in practical application scene, and increase NAS layer signaling and protected tactful diversity, improve the fail safe of NAS layer signaling protection process.
In order to realize the technical scheme of the embodiment of the present invention, the embodiment of the present invention also provides a kind of MME, and its structural representation as shown in Figure 5.
Select module 51, for according to the corresponding algorithm selective rule of terminal equipment, select aes algorithm, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module 52, for sending the security mode command message of protecting by the selected aes algorithm of described selection module 51, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment;
Receiver module 53, for receiving the security mode complete message that the selected aes algorithm of described selection module 51 is protected of passing through of described terminal equipment transmission, sets up NAS layer security process.
Wherein, described sending module 52; also in described selection module 51 according to the corresponding algorithm selective rule of terminal equipment; before selecting aes algorithm; the information aggregate of alternative aes algorithm is sent to described terminal equipment; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
Concrete, described selection module 51, specifically for according to the security capabilities information of described terminal equipment, and the algorithm ability of supporting in conjunction with described MME self, and the algorithm precedence information comprising in the information aggregate of alternative aes algorithm, for described terminal equipment is selected aes algorithm.
Further, described sending module 52, specifically for:
According to the key in EPS authentication vector, with included EIA and EEA in described aes algorithm, generate respectively integrity protection key and the encryption key of corresponding figure place;
By described integrity protection key and encryption key, security mode command message is carried out to conservation treatment;
Security mode command message after conservation treatment is sent to described terminal equipment;
Wherein, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
On the other hand, described receiver module 53, specifically for:
According to the selected aes algorithm of described selection module 51, described security mode complete message is verified;
In the time being proved to be successful, determine that safe context is successfully established, complete the foundation of NAS layer security process.
Need to further be pointed out that; described sending module 52 and described receiver module 53; also, for set up NAS layer security process between described MME and described terminal equipment after, transmit with described terminal equipment other NAS signalings of protecting by the selected aes algorithm of described selection module 51.
On the other hand, the embodiment of the present invention also provides a kind of terminal equipment, and its concrete structural representation as shown in Figure 6, at least comprises:
Receiver module 61, the security mode command message of protecting by aes algorithm sending for receiving MME, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message;
Processing module 62, the EIA carrying for the received described security mode command message of described receiver module 61 and the figure place information of EEA are determined described aes algorithm, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module 63, for when described processing module 62 verification succeeds, sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process.
Concrete, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
On the other hand; described receiver module 61; also for before receiving the security mode command message of protecting by aes algorithm of MME transmission; receive the information aggregate of alternative aes algorithm of described MME transmission; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
Further, described processing module 62, specifically for:
According to the EIA carrying in described security mode command message and the figure place information of EEA, in the information aggregate of the received alternative aes algorithm of described receiver module 61, determine included EIA and the EEA of described aes algorithm;
According to described EIA and EEA, generate respectively integrity protection key and the encryption key of corresponding figure place;
By described integrity protection key and encryption key, security mode command message is carried out to verification.
On the other hand, described sending module 63, specifically for:
In the time of described processing module 62 verification succeeds, the key of deducing out in this locality according to described terminal equipment, by described EIA and EEA, generates respectively new integrity protection key and the encryption key of corresponding figure place;
By described new integrity protection key and encryption key, security mode complete message is carried out to conservation treatment;
Security mode complete message after conservation treatment is sent to described MME, set up NAS layer security process.
Need to further be pointed out that; described sending module 63 and described receiver module 61; also for set up NAS layer security process between described MME and described terminal equipment after, and other NAS signalings that between described MME, transmission is protected by described aes algorithm.
Compared with prior art, the technical scheme that the embodiment of the present invention proposes has the following advantages:
By the technical scheme of the application embodiment of the present invention, can be by the EIA of 128 or other figure places, and the aes algorithm that the EEA of 128 or other figure places forms is protected NAS layer signaling, thereby, while being no longer subject to using aes algorithm to carry out the encryption of NAS layer signaling, key length is fixed as the restriction of 128, can select flexibly according to actual needs the key length of aes algorithm, use more changeable algorithm and algorithm combination to protect NAS layer signaling, not only meet the requirement on flexibility in practical application scene, and increase NAS layer signaling and protected tactful diversity, improve the fail safe of NAS layer signaling protection process.
Through the above description of the embodiments, those skilled in the art can be well understood to the embodiment of the present invention and can realize by hardware, and the mode that also can add necessary general hardware platform by software realizes.Based on such understanding, the technical scheme of the embodiment of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise that each implements the method described in scene in order to make a computer equipment (can be personal computer, server, or network equipment etc.) carry out the embodiment of the present invention in some instructions.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram of preferably implementing scene, the module in accompanying drawing or flow process might not be that the enforcement embodiment of the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device of implementing in scene can be distributed in the device of implementing scene according to implementing scene description, also can carry out respective change and be arranged in the one or more devices that are different from this enforcement scene.The module of above-mentioned enforcement scene can be merged into a module, also can further split into multiple submodules.
The invention described above embodiment sequence number, just to describing, does not represent the quality of implementing scene.
Disclosed is above only the several concrete enforcement scene of the embodiment of the present invention, and still, the embodiment of the present invention is not limited thereto, and the changes that any person skilled in the art can think of all should fall into the traffic limits scope of the embodiment of the present invention.

Claims (26)

1. a guard method for Non-Access Stratum NAS layer signaling, is characterized in that, at least comprises the following steps:
Mobility Management Entity MME is according to the corresponding algorithm selective rule of terminal equipment, select Advanced Encryption Standard aes algorithm, wherein, described aes algorithm specifically comprises the protection algorithm integrallty EIA of 128 or other figure places, and the cryptographic algorithm EEA of 128 or other figure places;
Described MME sends the safe mode command security mode command message of protecting by described aes algorithm, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment;
What described MME received that described terminal equipment sends pass through, and safe mode that described aes algorithm protects completes security mode complete message, sets up NAS layer security process;
Wherein, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithm rule NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA;
Wherein, described key length field, is specially and replaces nibble Spare half octet field for subsequent use, adds the field in described security mode command message to, and the length of described key length field is nibble;
The information content in described key length field, is specially the identification information that the corresponding figure place of the figure place information of described EIA and the figure place information of EEA combines.
2. the method for claim 1, is characterized in that, described MME, according to the corresponding algorithm selective rule of terminal equipment, before selecting aes algorithm, also comprises:
The information aggregate of alternative aes algorithm is sent to described terminal equipment by described MME; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
3. the method for claim 1, is characterized in that, described MME, according to the corresponding algorithm selective rule of terminal equipment, selects aes algorithm, is specially:
Described MME is according to the security capabilities information of described terminal equipment, and the algorithm ability of supporting in conjunction with described MME self, and the algorithm precedence information comprising in the information aggregate of alternative aes algorithm, for described terminal equipment is selected aes algorithm.
4. the method as described in claim 1 or 3, is characterized in that, described EIA and described EEA have identical algorithms figure place or algorithms of different figure place.
5. the method for claim 1, is characterized in that, described MME sends the security mode command message of protecting by described aes algorithm to described terminal equipment, specifically comprise:
Described MME is according to the key in evolved packet system EPS authentication vector, and included EIA and EEA in described aes algorithm, generates respectively integrity protection key and the encryption key of corresponding figure place;
Described MME carries out conservation treatment by described integrity protection key and encryption key to security mode command message;
The security mode command message after conservation treatment is sent to described terminal equipment by described MME.
6. the method for claim 1, is characterized in that, the information in described NAS security algorithms field, specifically comprises:
The identification information of the identification information of the figure place information of described EIA and the figure place information of EEA.
7. the method for claim 1, is characterized in that, described MME receives the security mode complete message that described aes algorithm is protected of passing through of described terminal equipment transmission, sets up NAS layer security process, is specially:
Described MME verifies described security mode complete message according to described aes algorithm;
In the time being proved to be successful, described MME determines that safe context is successfully established, and completes the foundation of NAS layer security process.
8. the method for claim 1, is characterized in that, described MME receives the security mode complete message that described aes algorithm is protected of passing through of described terminal equipment transmission, after setting up NAS layer security process, also comprises:
Other NAS signalings that between described MME and described terminal equipment, transmission is protected by described aes algorithm.
9. a MME, is characterized in that, at least comprises:
Select module, for according to the corresponding algorithm selective rule of terminal equipment, select aes algorithm, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module, for sending the security mode command message of protecting by the selected aes algorithm of described selection module, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message to described terminal equipment;
Receiver module, for receiving the security mode complete message that the selected aes algorithm of described selection module is protected of passing through of described terminal equipment transmission, sets up NAS layer security process;
Wherein, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
10. MME as claimed in claim 9, is characterized in that, described sending module, also for:
In described selection module according to the corresponding algorithm selective rule of terminal equipment; before selecting aes algorithm; the information aggregate of alternative aes algorithm is sent to described terminal equipment; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
11. MME as claimed in claim 9, is characterized in that, described selection module, specifically for:
According to the security capabilities information of described terminal equipment, and the algorithm ability of supporting in conjunction with described MME self, and the algorithm precedence information comprising in the information aggregate of alternative aes algorithm, for described terminal equipment is selected aes algorithm.
12. MME as claimed in claim 9, is characterized in that, described sending module, specifically for:
According to the key in EPS authentication vector, with included EIA and EEA in described aes algorithm, generate respectively integrity protection key and the encryption key of corresponding figure place;
By described integrity protection key and encryption key, security mode command message is carried out to conservation treatment;
Security mode command message after conservation treatment is sent to described terminal equipment.
13. MME as claimed in claim 9, is characterized in that, described receiver module, specifically for:
According to the selected aes algorithm of described selection module, described security mode complete message is verified;
In the time being proved to be successful, determine that safe context is successfully established, complete the foundation of NAS layer security process.
14. MME as claimed in claim 9, is characterized in that,
Described sending module and described receiver module, also for set up NAS layer security process between described MME and described terminal equipment after, transmit with described terminal equipment other NAS signalings of protecting by the selected aes algorithm of described selection module.
The guard method of 15. 1 kinds of NAS layer signalings, is characterized in that, at least comprises the following steps:
Terminal equipment receives the security mode command message of protecting by aes algorithm that MME sends, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message;
Described terminal equipment is determined described aes algorithm according to the figure place information of described EIA and EEA, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
If verification succeeds, described terminal equipment sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process;
Wherein, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA;
Wherein, described key length field, is specially and replaces Spare half octet field, adds the field in described security mode command message to, and the length of described key length field is nibble;
The information content in described key length field, is specially the identification information that the corresponding figure place of the figure place information of described EIA and the figure place information of EEA combines.
16. methods as claimed in claim 15, is characterized in that, described EIA and described EEA have identical algorithms figure place or algorithms of different figure place.
17. methods as claimed in claim 15, is characterized in that, the information in described NAS security algorithms field, specifically comprises:
The identification information of the identification information of the figure place information of described EIA and the figure place information of EEA.
18. methods as claimed in claim 15, is characterized in that, described terminal equipment also comprises before receiving the security mode command message of protecting by aes algorithm of MME transmission:
Described terminal equipment receives the information aggregate of alternative aes algorithm of described MME transmission; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
19. methods as claimed in claim 18, is characterized in that, described terminal equipment is determined described aes algorithm according to the figure place information of described EIA and EEA, and according to described aes algorithm, described security mode command message are carried out to verification, specifically comprise:
Described terminal equipment, according to the figure place information of described EIA and EEA, is determined included EIA and the EEA of described aes algorithm in the information aggregate of described alternative aes algorithm;
Described terminal equipment, according to described EIA and EEA, generates respectively integrity protection key and the encryption key of corresponding figure place;
Described terminal equipment carries out verification by described integrity protection key and encryption key to security modecommand message.
20. methods as claimed in claim 15, is characterized in that, if verification succeeds, described terminal equipment sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process, specifically comprises:
If verification succeeds, described terminal equipment, according to the key from deducing out in this locality, by described EIA and EEA, generates respectively new integrity protection key and the encryption key of corresponding figure place;
Described terminal equipment carries out conservation treatment by described new integrity protection key and encryption key to security mode complete message;
The security mode complete message after conservation treatment is sent to described MME by described terminal equipment, sets up NAS layer security process.
21. methods as claimed in claim 15, is characterized in that, described terminal equipment sends the security mode complete message of protecting by described aes algorithm to described MME, after setting up NAS layer security process, also comprise:
Other NAS signalings that between described terminal equipment and described MME, transmission is protected by described aes algorithm.
22. 1 kinds of terminal equipments, is characterized in that, at least comprise:
Receiver module, the security mode command message of protecting by aes algorithm sending for receiving MME, the figure place information of carrying EIA included in described aes algorithm and EEA in described security mode command message;
Processing module, the EIA carrying for the received described security mode command message of described receiver module and the figure place information of EEA are determined described aes algorithm, and according to described aes algorithm, described security mode command message is carried out to verification, wherein, described aes algorithm specifically comprises the EIA of 128 or other figure places, and the EEA of 128 or other figure places;
Sending module, for when the described processing module verification succeeds, sends the security mode complete message of protecting by described aes algorithm to described MME, set up NAS layer security process;
Wherein, in described security mode command message, carry the mode of the figure place information of EIA included in described aes algorithm and EEA, specifically comprise:
By the information in the key length field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA; Or,
By the information in the NAS security algorithms field in described security mode command message, the figure place information of carrying EIA included in described aes algorithm and EEA.
23. terminal equipments as claimed in claim 22, is characterized in that, described receiver module, also for:
Before receiving the security mode command message of protecting by aes algorithm of MME transmission; receive the information aggregate of alternative aes algorithm of described MME transmission; the information aggregate of described alternative aes algorithm at least comprises the protection algorithm integrallty EIA of 128 and other figure places, and the cryptographic algorithm EEA of 128 and other figure places.
24. terminal equipments as claimed in claim 23, is characterized in that, described processing module, specifically for:
According to the EIA carrying in described security mode command message and the figure place information of EEA, in the information aggregate of the received alternative aes algorithm of described receiver module, determine included EIA and the EEA of described aes algorithm;
According to described EIA and EEA, generate respectively integrity protection key and the encryption key of corresponding figure place;
By described integrity protection key and encryption key, security mode command message is carried out to verification.
25. terminal equipments as claimed in claim 22, is characterized in that, described sending module, specifically for:
In the time of described processing module verification succeeds, the key of deducing out in this locality according to described terminal equipment, by described EIA and EEA, generates respectively new integrity protection key and the encryption key of corresponding figure place;
By described new integrity protection key and encryption key, security mode complete message is carried out to conservation treatment;
Security mode complete message after conservation treatment is sent to described MME, set up NAS layer security process.
26. terminal equipments as claimed in claim 22, is characterized in that,
Described sending module and described receiver module, also for set up NAS layer security process between described MME and described terminal equipment after, and other NAS signalings that between described MME, transmission is protected by described aes algorithm.
CN201110302515.3A 2011-10-09 2011-10-09 Method and device for protecting signalling in NAS (non-access stratum) layer Active CN102307091B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110302515.3A CN102307091B (en) 2011-10-09 2011-10-09 Method and device for protecting signalling in NAS (non-access stratum) layer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110302515.3A CN102307091B (en) 2011-10-09 2011-10-09 Method and device for protecting signalling in NAS (non-access stratum) layer

Publications (2)

Publication Number Publication Date
CN102307091A CN102307091A (en) 2012-01-04
CN102307091B true CN102307091B (en) 2014-10-29

Family

ID=45380906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110302515.3A Active CN102307091B (en) 2011-10-09 2011-10-09 Method and device for protecting signalling in NAS (non-access stratum) layer

Country Status (1)

Country Link
CN (1) CN102307091B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103260156B (en) * 2012-02-15 2015-12-02 中国移动通信集团公司 Key stream generating apparatus and method, Confidentiality protection device and method
EP3800914B1 (en) 2016-01-05 2024-05-01 Huawei Technologies Co., Ltd. Avoiding a man-in-the-middle attack on an attach request message

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
3GPP.3GPP System Architecture Evolution (SAE):Security architecture.《3GPP》.2010,第5.1.4.2节、第7.2.4.4、7.2.4a节、第B.1.3、B.2.3节. *

Also Published As

Publication number Publication date
CN102307091A (en) 2012-01-04

Similar Documents

Publication Publication Date Title
JP6492115B2 (en) Encryption key generation
US10931445B2 (en) Method and system for session key generation with diffie-hellman procedure
EP3197123B1 (en) Method, terminal, and network server for information encryption and decryption and key management
EP2033479B1 (en) Method and apparatus for security protection of an original user identity in an initial signaling message
KR101490214B1 (en) Systems and methods for encoding exchanges with a set of shared ephemeral key data
US11700245B2 (en) Key distribution method, key receiving method, first key management system, and first network element
CN112738804B (en) Safety protection method and device
CN105553981B (en) A kind of wlan network rapid authentication and cryptographic key negotiation method
CN101720539A (en) Key refresh sae/lte system
CN104092663A (en) Encryption communication method and encryption communication system
KR20190051086A (en) Mtc key management for key derivation at both ue and network
Noh et al. Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks
CN104303450A (en) Determination of cryptographic keys
Ouaissa et al. New security level of authentication and key agreement protocol for the IoT on LTE mobile networks
KR102219086B1 (en) HMAC-based source authentication and secret key sharing method and system for Unnamed Aerial vehicle systems
CN109756324A (en) Cryptographic key negotiation method, terminal and gateway in a kind of Mesh network
CN106992866A (en) It is a kind of based on wireless network access methods of the NFC without certificate verification
Abdo et al. EC-AKA2 a revolutionary AKA protocol
CN102307091B (en) Method and device for protecting signalling in NAS (non-access stratum) layer
CN108966214A (en) Authentication method, the wireless network safety communication method and device of wireless network
CN111835691B (en) Authentication information processing method, terminal and network equipment
CN115885496A (en) Communication method and related device
CN102612027B (en) Safety transmission method of data in wireless communication system
CN118802307A (en) Communication authentication method, related device, storage medium and computer program product
Shoniregun TM Daniel Caragata m.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant