CN102497634B - Method for strengthening network communication security and wireless access device - Google Patents
Method for strengthening network communication security and wireless access device Download PDFInfo
- Publication number
- CN102497634B CN102497634B CN201210031589.2A CN201210031589A CN102497634B CN 102497634 B CN102497634 B CN 102497634B CN 201210031589 A CN201210031589 A CN 201210031589A CN 102497634 B CN102497634 B CN 102497634B
- Authority
- CN
- China
- Prior art keywords
- channel
- channel switching
- switching information
- parameter
- timing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 title claims abstract description 21
- 238000005728 strengthening Methods 0.000 title abstract description 7
- 238000010295 mobile communication Methods 0.000 claims abstract description 6
- 238000012549 training Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000009826 distribution Methods 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 abstract description 2
- 230000011664 signaling Effects 0.000 description 18
- 241000209094 Oryza Species 0.000 description 5
- 235000007164 Oryza sativa Nutrition 0.000 description 5
- 235000021186 dishes Nutrition 0.000 description 5
- 235000009566 rice Nutrition 0.000 description 5
- 239000000203 mixture Substances 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for strengthening network communication security, wherein the network is a network of a global system for mobile communications (GSM). The method comprises the following steps that: during a mobile terminal conversation process, a network side sends channel switching information to the mobile terminal regularly or irregularly according to a security policy; and the mobile terminal carries out channel switching according to the received channel switching information. In addition, the invention discloses a wireless access device. According to the invention, a communication channel of a mobile terminal in a GSM network will not be fixed at a certain physical channel; therefore, an illegal network intruder can not collect information aiming at a specific channel and efficiency of attack initiation can be substantially reduced, so that security of an air interface can be strengthened.
Description
Technical field
The present invention relates to field of wireless communication, particularly relate to a kind of method and the radio reception device that strengthen network communication security.
Background technology
At present, the cryptographic algorithm major part that (Global System for Mobile Communications, GSM) eats dishes without rice or wine in global system for mobile communications is A51 algorithm.The cracking trajectory of this algorithm mainly contains two large classes now:
A, plaintext attack, this attack mode needs assailant to intercept and capture the Frame of needs, and knows the content of these frames before decryption, then utilizes the bright ciphertext comparison of encryption forward and backward data composition to crack.If the rule of descending protocol message is more fixing, then illegal network effractor guesses that successful possibility will be very large, communication key (Communication Key, Kc) will be cracked with higher probability, thus serious impact is caused on secure session.
B, ciphertext only attack, in this attack mode, even if illegal network effractor does not guess the content of message, relation when also can utilize space interface signaling message coding between redundancy check code and message content, sets up equation group, and constantly collects signaling and carry out disappearing unit.If illegal network effractor collects signaling message enough together, just can initiate ciphertext only attack, also can crack session Kc with higher probability.
Gsm system is in call establishment, generally first distribute Separate Dedicated Control Channel (Stand-aloneDedicated Control Channel, SDCCH), by the distribution of channel assignment order finishing service channel (Traffic Channel, TCH) on SDCCH channel.Therefore, if illegal network effractor is to the calling successfully following the tracks of certain user, can consider first to complete on SDCCH to crack, and on SDCCH, get the information of the TCH channel distributed for this user, and then trace into specific TCH channel, obtain the call-information of user.
Encrypted command in gsm system issues with clear-text way, the encryption of this encrypted command be signaling on wave point after this encrypted command, the space interface signaling sent after encrypted command all transmits with encrypted test mode, further, the signaling sequence transmitted under normal circumstances has certain feature.Such as, for caller, the Article 1 downlink signaling after having encrypted is likely Call Proceeding; For called, Article 1 upstream message is likely Call Confirmed, and the content of message is easy to conjecture.Such assailant carries out plaintext attack with regard to likely utilizing these message, obtains the bright ciphertext cracked.
On TCH channel, according to agreement, network side can periodically on the SACCH channel that TCH is adjoint to mobile phone sending system message, comprising: system message 5, system message 5bis, system message 5ter, system message 6.These message may be utilized initiation plaintext attack by illegal network effractor.Such as system message 5, system message 5bis, system message 5ter, because message content is relatively fixing, illegal network effractor ratio is easier to conjecture.In addition due to these message be all on relatively-stationary channel the cycle issue, illegal network effractor can initiate ciphertext only attack, even if do not carry out conjecture expressly, also within the regular hour, system message data frame enough together can be collected on fixing channel, relation before utilizing A5 to encrypt during signalling coding between redundancy check code and message content, set up equation group, by breaking cryptographic keys of solving an equation.
In the invention process, inventor finds in above-mentioned background technology, still carry out on former channel alternately owing to having encrypted later subscriber signaling, after having encrypted, the content of part messages is easy to conjecture simultaneously, and central processing unit (Central Processing Unit, CPU)/field programmable gate array (FieldProgrammable GateArray, FPGA) calculation processing power is more and more stronger, price also constantly reduces, the cost making illegal network effractor initiate bright ciphertext only attack is more and more lower, crack GSMA51 algorithm and become possibility day by day, the fail safe of eating dishes without rice or wine of what this was serious had influence on GSM.Although adopt the A53 cryptographic algorithm upgraded in GSM can promote the fail safe of GSM, but mobile phones a large amount of on existing network and equipment all also do not support A53 algorithm due to the restriction of hardware, software, therefore, under the operation commercial city of very great GSM requires to adopt and do not change the prerequisite of A51 algorithm and existing network mobile terminal, the fail safe of GSM is promoted.
Summary of the invention
Technical problem to be solved by this invention is, provides a kind of method for strengthening network communication security and radio reception device.The communication security improving and eat dishes without rice or wine in GSM network can be reached.
In order to solve the problems of the technologies described above, on the one hand, The embodiment provides a kind of method strengthening network communication security, described network is global system for mobile communications GSM network, described method comprises: in network side and communication of mobile terminal process, described network side is according to the security strategy transmitting channel handover information preset to described mobile terminal, and described security strategy comprises: send described channel switching information to terminal timing or not timing; Described mobile terminal carries out channel switching according to described channel switching information.
On the other hand, The embodiment provides a kind of radio reception device, comprise: acquiring unit, for obtaining channel switching information and security strategy, described channel switching information is used to indicate corresponding mobile terminal and carries out channel switching, and described security strategy comprises: send described channel switching information to terminal timing or not timing; Transmitting element, in mobile terminal calling process according to the described channel switching information of transmission of the timing of the security strategy of described storage or not timing to described mobile terminal.
Adopt the technical scheme that the embodiment of the present invention provides, the signaling information of the mobile terminal in GSM network can be made not to be fixed on a certain physical channel transmit, so illegal network effractor just cannot collect information for particular channel, the efficiency of launching a offensive will reduce greatly, therefore can strengthen the fail safe of eating dishes without rice or wine.
Accompanying drawing explanation
Fig. 1 is a kind of schematic flow sheet strengthening a specific embodiment of the method for network communication security in the present invention;
Fig. 2 is the schematic diagram of a specific embodiment of the channel occupancy situation of carrying out channel switching in the present invention in a community;
Fig. 3 is the composition schematic diagram of a specific embodiment of a kind of network access equipment in the present invention.
Embodiment
Below with reference to the accompanying drawings embodiments of the invention are described.See Fig. 1, it is the schematic flow sheet strengthening a specific embodiment of the method for network communication security a kind of in the present invention.The method comprises:
101, network side is according to the security strategy transmitting channel handover information preset to described mobile terminal, and described security strategy comprises: send described channel switching information to terminal timing or not timing.
Described network is GSM network.
The relevant parameter that the concrete available channel of this security strategy switches sets, as, the strategy of setting regular time parameter or not timing time parameter, wherein, described regular time parameter is for indicating the moment of timed sending channel switching information, described not timing time parameter is for indicating the moment of not timing transmitting channel handover information, its concrete parameter can be included in the number of times of transmitting channel handover information in a session, interval time or concrete moment etc., in embodiments of the present invention this number of times is not limited, can only there is 1 time, also can have repeatedly, be determined on a case-by-case basis.Above-mentioned delivery time can be specified one by one by list, also can produce according to certain rule, and as produced at random by certain probability distribution, then security strategy also comprises setting generation these lists of delivery time or the strategy of rule.
Described security strategy also can comprise the setting of each parameter in channel switching information, as adopted the particular content of channel handoff parameter in every secondary channel switching.The composition of concrete channel handoff parameter and define visible following explanation.
Wherein, channel switching information can be channel assignment order, also can be channel switching command, when conversation initialization generally by the information of channel assignment order assignment current sessions, and in process thereafter, when needs carry out channel switching, be then will be switched to which channel by channel switching command appointment to conversate.Channel handoff parameter is included in above-mentioned two kinds of orders, as Mobile Allocation Index Offset (MobileAllocation Index Offset, MAIO), HSN (Hopping Sequence Number, HSN) one or more and in training sequence number (Training Sequence Code, TSC) parameter.
Channel switching information also only can refer to above-mentioned channel handoff parameter, and channel handoff parameter can be issued to mobile terminal by other order, switches as long as mobile terminal can parse these parameters in order and carry out channel according to these parameters.
Also can when assigning at every turn, change one or more (its change strategy also can be the part in above-mentioned security strategy) in these parameters above-mentioned, like this, the different moment in the same session, communication signaling and the voice of wireless network and mobile terminal will be on a different channel, even not same frequency sends, as shown in Figure 2.In Fig. 2, what same longitudinal square represented the different channel of same amount of time takies situation, what same horizontal square represented same channel different time sections takies situation, thin slash square is then represented as the different channel that different time sections in session A takies, and black box then represents the different channel that different time sections in session B takies.
The span of above-mentioned three kinds of parameters can with reference to as follows:
MAIO:Mobile allocation index offset(0 to N 1,6bits)。
HSN:Hopping sequence(generator)number(0 to 63,6bits)。
TSC:Training Sequence Code(0 to 7,3bits)。
Due to these parameters issue be all by encryption after signaling send, if illegal network effractor does not know these parameters, just cannot know next signaling of encrypting of next moment will send on which channel, also just cannot launch a offensive.In one cell, the possible combination of these parameters has more than 8 (TSC) * 64 (HSN) * 3 (MAIO) * 8 (channel)=12288 kind, and institute to illegally network effractor also can not by guessing that parameter know subsequent time signaling can send on which channel.
In addition on the one hand, because the signaling of mobile terminal and voice are dispersed in, different channels (as Dedicated Control Channel and Traffic Channel) is upper to be sent, even if illegal network effractor has cracked the key of this session of mobile terminal by conjecture clear-text way, but still cannot know these parameters above-mentioned of mobile terminal.Because the signaling of mobile terminal each on each physical channel or voice are not send continuously, or not distinguishing which signaling belongs to this mobile terminal, therefore cannot crack other signalings of this mobile terminal, also cannot initiate effective monitoring.
102, described mobile terminal carries out channel switching according to its channel switching information received.
Simultaneously, it should be noted that in a session, network side can repeatedly (concrete number of times and delivery time, which channel sends wait and all can be determined by security strategy) timing or the transmitting channel handover information of not timing, so flow process is a process that can repeatedly carry out as shown in Figure 1.
Accordingly, embodiments of the invention additionally provide and a kind ofly timing or not timing notice mobile terminal can carry out the network equipment of channel switching, and this equipment can be the radio reception device in GSM network, as base station.As shown in Figure 3, be the one composition schematic diagram of the radio reception device in the embodiment of the present invention.This equipment comprises: acquiring unit 12, for obtaining channel switching information and security strategy, described channel switching information is used to indicate corresponding mobile terminal and carries out channel switching, and described security strategy comprises: send described channel switching information to terminal timing or not timing; Transmitting element 14, in mobile terminal calling process according to the described channel switching information of transmission of the timing of the security strategy of described storage or not timing to described mobile terminal.
Wherein, described acquiring unit 12 comprises time parameter and obtains subelement, for obtain described security strategy fixed in the time time parameter or not timing time parameter strategy of setting, described regular time parameter is for indicating the moment of timed sending channel switching information, and described not timing time parameter is for indicating the moment of not timing transmitting channel handover information.
Described acquiring unit 12 also can comprise in following subelement one or more: first obtains subelement, for obtaining the Mobile Allocation Index Offset parameter in channel switching information; Second obtains subelement, for obtaining the HSN parameter in channel switching information; 3rd obtains subelement, for obtaining the training sequence parameter in channel switching information.
To consistent with preceding method of the definition of above-mentioned information, strategy and parameter and explanation.
In an embodiment of the present invention, the channel of mobile terminal and network side communication is not fixed, and so illegal network effractor just cannot collect information for specific physical channel, and the efficiency of launching a offensive will reduce greatly, therefore can strengthen the fail safe of eating dishes without rice or wine.The embodiment provided in the present invention is all effective for the GSM communication network of the cryptographic algorithm adopted in the cryptographic algorithm collection (as A51, A52 and A53 etc.) of A5.
On the basis of reference above-described embodiment, the embodiment of the present invention additionally provides following technical scheme:
1, strengthen a method for network communication security, described network is global system for mobile communications GSM network, and described method comprises:
In network side and communication of mobile terminal process, described network side is according to the security strategy transmitting channel handover information preset to described mobile terminal, and described security strategy comprises: send described channel switching information to terminal timing or not timing;
Described mobile terminal carries out channel switching according to described channel switching information.
2, the method as described in 1, described security strategy comprises the strategy of setting regular time parameter or not timing time parameter, described regular time parameter is for indicating the moment of timed sending channel switching information, and described not timing time parameter is for indicating the moment of not timing transmitting channel handover information.
3, the method as described in 2, described channel switching information is channel assignment order or channel switching command.
4, the method as described in 3, described channel assignment order or channel switching command comprise channel handoff parameter, described channel handoff parameter comprise in Mobile Allocation Index Offset, HSN and training sequence parameter one or more.
5, the method according to any one of 1 to 4, described channel is that Dedicated Control Channel is or/and Traffic Channel.
6, a radio reception device, described equipment comprises:
Acquiring unit, for obtaining channel switching information and security strategy, described channel switching information is used to indicate corresponding mobile terminal and carries out channel switching, and described security strategy comprises: send described channel switching information to terminal timing or not timing;
Transmitting element, in mobile terminal calling process according to the described channel switching information of transmission of the timing of the security strategy of described storage or not timing to described mobile terminal.
7, the equipment as described in 6, described acquiring unit comprises:
Time parameter obtains subelement, for obtain described security strategy fixed in the time time parameter or not timing time parameter strategy of setting, described regular time parameter is for indicating the moment of timed sending channel switching information, and described not timing time parameter is for indicating the moment of not timing transmitting channel handover information.
8, the equipment as described in 7, described acquiring unit also comprises in following subelement one or more:
First obtains subelement, for obtaining the Mobile Allocation Index Offset parameter in channel switching information;
Second obtains subelement, for obtaining the HSN parameter in channel switching information;
3rd obtains subelement, for obtaining the training sequence parameter in channel switching information.
Above disclosedly be only embodiments of the invention, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.
Claims (6)
1. strengthen a method for network communication security, described network is global system for mobile communications GSM network, it is characterized in that, described method comprises:
In network side and communication of mobile terminal process, described network side is according to the security strategy transmitting channel handover information preset to described mobile terminal, and described security strategy comprises: send described channel switching information to terminal timing or not timing;
Described mobile terminal carries out channel switching according to described channel switching information;
Wherein, described security strategy comprises the strategy of setting regular time parameter or not timing time parameter, described regular time parameter is for indicating the moment of timed sending channel switching information, described not timing time parameter is for indicating the moment of not timing transmitting channel handover information, described regular time parameter or not timing time parameter are included in the number of times or concrete moment that send described channel switching information in a session, described number of times is one or many, and the described concrete moment is by specifying by list or being produced by probability distribution;
Described security strategy also comprises the setting of channel handoff parameter in channel switching information, described channel handoff parameter comprise in Mobile Allocation Index Offset, HSN and training sequence parameter one or more, when described security strategy is also included in channel assignment, one or more in change Mobile Allocation Index Offset, HSN and training sequence parameter.
2. the method for claim 1, is characterized in that, described channel switching information is channel assignment order or channel switching command.
3. method as claimed in claim 2, it is characterized in that, described channel assignment order or channel switching command comprise channel handoff parameter.
4. method as claimed any one in claims 1 to 3, it is characterized in that, described channel is that Dedicated Control Channel is or/and Traffic Channel.
5. a radio reception device, is characterized in that, described equipment comprises:
Acquiring unit, for obtaining channel switching information and security strategy, described channel switching information is used to indicate corresponding mobile terminal and carries out channel switching, and described security strategy comprises: send described channel switching information to terminal timing or not timing;
Transmitting element, in mobile terminal calling process according to the described channel switching information of transmission of the described security strategy timing stored or not timing to described mobile terminal;
Wherein, described acquiring unit comprises:
Time parameter obtains subelement, for obtain described security strategy fixed in the time time parameter or not timing time parameter strategy of setting, described regular time parameter is for indicating the moment of timed sending channel switching information, described not timing time parameter is for indicating the moment of not timing transmitting channel handover information, described regular time parameter or not timing time parameter are included in the number of times or concrete moment that send described channel switching information in a session, described number of times is one or many, and the described concrete moment is by specifying by list or being produced by probability distribution;
Described security strategy also comprises the setting of channel handoff parameter in channel switching information, described channel handoff parameter comprise in Mobile Allocation Index Offset, HSN and training sequence parameter one or more, when described security strategy is also included in channel assignment, one or more in change Mobile Allocation Index Offset, HSN and training sequence parameter.
6. equipment as claimed in claim 5, it is characterized in that, described acquiring unit also comprises in following subelement one or more:
First obtains subelement, for obtaining the Mobile Allocation Index Offset parameter in channel switching information;
Second obtains subelement, for obtaining the HSN parameter in channel switching information;
3rd obtains subelement, for obtaining the training sequence parameter in channel switching information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210031589.2A CN102497634B (en) | 2008-03-24 | 2008-03-24 | Method for strengthening network communication security and wireless access device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210031589.2A CN102497634B (en) | 2008-03-24 | 2008-03-24 | Method for strengthening network communication security and wireless access device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100269741A Division CN101277528B (en) | 2008-03-24 | 2008-03-24 | Method for reinforcing network communication security and wireless access equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102497634A CN102497634A (en) | 2012-06-13 |
| CN102497634B true CN102497634B (en) | 2015-04-15 |
Family
ID=46189414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210031589.2A Expired - Fee Related CN102497634B (en) | 2008-03-24 | 2008-03-24 | Method for strengthening network communication security and wireless access device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102497634B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102396800B1 (en) * | 2015-11-19 | 2022-05-11 | 삼성전자 주식회사 | Method and apparatus for supporting public safety network access in a wireless communication system |
| CN115314126B (en) * | 2022-08-05 | 2024-03-29 | 浙江瑞瀛物联科技有限公司 | ZigBee communication anti-interference method, device, system and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1846367A (en) * | 2003-09-10 | 2006-10-11 | 松下电器产业株式会社 | Secure communication method, transmission apparatus and reception apparatus |
-
2008
- 2008-03-24 CN CN201210031589.2A patent/CN102497634B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1846367A (en) * | 2003-09-10 | 2006-10-11 | 松下电器产业株式会社 | Secure communication method, transmission apparatus and reception apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102497634A (en) | 2012-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179558B (en) | Group system group exhales encryption implementation method and system | |
| CN109362108A (en) | A kind of methods, devices and systems of safeguard protection | |
| CN101925059B (en) | Method and system for generating keys in switching process | |
| CN103875196A (en) | Method and apparatus for supporting multiple frequency bands efficiently in mobile communication system | |
| CN103037512B (en) | A kind of method that message based on pattern is transmitted | |
| CN101072236A (en) | Method and apparatus for setting ciphering activation time in a wireless communications system | |
| CN105142136B (en) | A kind of method of anti-pseudo-base station attack | |
| CN101164257A (en) | System and method for encryption processing in a mobile communication system | |
| CN102056160A (en) | Method, device and system for generating key | |
| Zhang et al. | Dynamic group based authentication protocol for machine type communications | |
| CN101820621A (en) | Key updating method based on local information collaboration | |
| CN101867931B (en) | Device and method for realizing non access stratum in wireless communication system | |
| CN102497634B (en) | Method for strengthening network communication security and wireless access device | |
| EP2263395B1 (en) | Improving security in telecommunications systems | |
| EP2840819B1 (en) | Methods and systems for slow associated control channel signaling | |
| CN101166177B (en) | A method and system for initialization signaling transmission at non access layer | |
| CN101128033B (en) | Method for changing encryption algorithm in relocation | |
| CN101277528B (en) | Method for reinforcing network communication security and wireless access equipment | |
| CN104521261B (en) | Being provided in communication network can the method for Lawful intercept, user's set and base transceiver station | |
| CN101902737A (en) | Method and system for synchronizing integrity protection counter of SRB3 (Signaling Radio Bearer 3) and SRB4 | |
| CN109729522A (en) | Eat dishes without rice or wine encryption method and device under fail soft mode | |
| CN101287297A (en) | Method for enhancing terminal switching efficiency, asynchronous switching method and transceiver for base station | |
| CN105025476B (en) | A kind of mobile encrypted communication mechanism of space-time separation | |
| CN106060939B (en) | Communication means, communication device, access point and the website of WLAN | |
| CN110225518A (en) | Method, terminal device and the network equipment of message transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171220 Address after: The white Kuizhen Hulan District double village Tuen 150500 Heilongjiang Shuangshan city in Harbin Province Patentee after: Jiao Zhenfeng Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150415 Termination date: 20180324 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |