CN104038934A - Non-access layer decryption method for LET core network real-time signaling monitoring - Google Patents
Non-access layer decryption method for LET core network real-time signaling monitoring Download PDFInfo
- Publication number
- CN104038934A CN104038934A CN201410307424.2A CN201410307424A CN104038934A CN 104038934 A CN104038934 A CN 104038934A CN 201410307424 A CN201410307424 A CN 201410307424A CN 104038934 A CN104038934 A CN 104038934A
- Authority
- CN
- China
- Prior art keywords
- nas
- message
- mme
- deciphering
- data structure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A non-access layer decryption method for LET core network real-time signaling monitoring comprises the steps that parameters relevant to NAS decoding are extracted from an S6a port and are stored, and the parameters comprise an AUTN, an random access parameter RAND, an expected outcome parameter XRES and a root secret key Kasme; the context of a user is managed through S1AP layer information of an S1-MME port; the parameters relevant to NAS decoding are extracted through NAS layer information of the S1-MME port, and a decoding secret key Knasenc is calculated according to the root secrete key Kasme obtained through the first step; the ciphertext part of encrypted information is exacted, and decoding is carried out by combining the ciphertext part and the parameters relevant to decoding. The information of the same user of the S6a port and the S1-MME port is related, a set of complete decoding parameters is acquired to be used for decoding, and safety and high efficiency are achieved.
Description
Technical field
The invention belongs to communication network protocol monitoring analysis field, particularly LTE Non-Access Stratum decrypt ciphertext method.
Background technology
3GPP Long Term Evolution (LTE) is as the most popular current mobile communication technology, compare 3G (Third Generation) Moblie (3G) technology, LTE has more high data rate and safer communication mode, and great changes have also occurred the network configuration of LTE simultaneously.
The wireless access part of LTE is only made up of the enhancing node eNodeB after multiple evolution (Enhanced Node B), core net part is mainly by mobile management entity (Mobility Management Entity, MME), gateway (Serving Gateway, S-GW), grouped data network gateway (Packet Date Network Gateway/PDN Gateway, P-GW), home signature user server (Home Subscriber Server, HSS) and strategy and charging control unit (Policy and Charging Rules Function, the composition such as PCRF).In the present invention in real time the signal collecting point of monitoring signaling analytical system just the part of nodes based on LTE core net framework dispose, mainly by the interfaces such as S1-MME (between eNodeB and MME), S6a (between HSS and MME), S10, S11 are carried out to original signaling data collection, then carry out signaling parsing and many interface conjunctionns and generate call detail record (Call Detail Record, CDR).
LTE system, in order to improve fail safe, has designed double-deck safety protecting mechanism, and one deck is radio access layer safety, and another layer is Non-Access Stratum (Non-Access-Stratum, NAS) signaling security.NAS signaling security comprises integrity protection and the ciphering process to data; integrity protection is the whether perfect mistake of data that verification is transmitted; encipherment protection is to transmit after converting data to ciphertext by certain algorithm; need first to carry out after data after completeness check deciphers again, could further obtain correct decoded result therefore receive.Main purpose of the present invention is: from multiple network interfaces of monitoring, extract the relevant information that deciphering needs, complete the NAS decrypt messages to S1-MME interface.
Complete the deciphering of NAS message, difficult point is how to obtain complete deciphering parameter, specifically need to obtain from S6a interface the root key Kasme of deciphering, obtain other parameter from S1-MME interface, need to solve following problem: how by S6a mouth and the same user's of S1-MME mouth information association, which user's deciphering parameter be made up of, how calculate also Dynamic Maintenance user's deciphering parameter, because the parameter in this structure will obtain from different messages, and these parameters change.
Summary of the invention
In order to address the above problem, the present invention proposes the Non-Access Stratum decryption method of the real-time monitoring signaling analytical system of a kind of LTE core net.
Technical solution of the present invention is the Non-Access Stratum decryption method of the real-time monitoring signaling of a kind of LTE core net, comprises the following steps,
Step 1, extracts to NAS and deciphers relevant parameter and preserve from S6a mouth, comprises authentication token AUTN, random access parameters R AND, expected result parameter X RES and root key Kasme;
Step 2, by S1-MME mouth S1AP layer message management user's context;
Step 3, deciphers relevant parameter by S1-MME mouth NAS layer message extraction to NAS, and according to step 1 gained root key, Kasme calculates decruption key Knasenc;
Step 4, the ciphertext part of extraction encrypting messages, is decrypted in conjunction with the relevant parameter of deciphering.
And step 1 is achieved as follows,
Catch the authentication information message of S6a mouth to Authentication Information Request/Answer, parse many group authentication vector, every group of authentication vector comprises authentication token AUTN, random access parameters R AND, expected result parameter X RES and root key Kasme;
Upgrade memory database according to gained authentication vector, described memory database is for storing the corresponding relation of AUTN, RAND, XRES and Kasme, AUTN, RAND and XRES in every group of authentication vector combine as key, and the Kasme in this group authentication vector is as value.
And, in second step, be achieved as follows about the S1AP layer signaling management user's context by S1-MME mouth,
S1-MME mouth utilizes the IP address of MME-UE-S1AP-ID and MME to set up Hash table 1 for key assignments, utilizes S-TMSI to set up Hash table 2 for key assignments, utilizes IMSI to set up in 3, three Hash tables of Hash table and all store user's context pointer for key assignments; Dynamic Maintenance is respectively taking MME-UE-S1AP-ID and S-TMSI as the Hash table 1 of key and the key assignments of Hash table 2, replaces old key assignments with new key assignments; In user's context, store S-TMSI and IMSI, while not having, acquiescence is filled out entirely 1, three Hash tables is set up associated;
Wherein, MME-UE-S1AP-ID is the mark of MME side to UE, and MME is mobile management entity, and S-TMSI is temporary mobile subscriber identity, and IMSI is international mobile subscriber identity.
And, step 3 extraction gained is deciphered relevant parameter to NAS and is deposited deciphering parameter data structure in, described deciphering parameter data structure comprises deciphering parameter KSI, Kasme, context_sate, cipher_algorithm_type, Knasenc, uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn and downlink_nas_over_flow
KSI is set of cipher key mark, for identifying root key Kasme;
Context_sate is the state of UE safe context, represents NOT CURRENT respectively with 0, with 1 mark CURRENT;
Cipher_algorithm_type is the ID of encryption and decryption algorithm used;
Uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn, downlink_nas_over_flow are respectively sequence number and the overflow values of up-downgoing message, and for calculating up-downgoing COUNT, described COUNT is message SN.
And, step 3 is deciphered in relevant parametric procedure to NAS by S1-MME mouth NAS layer message extraction, comprise the processing to Attach Request message Attach Request or tracing section updating request Tau Request, processing to authentication message to Authentication Request/Response, processing to security mode messages to Security mode Command/Complete, for the processing of other message of S1-MME mouth.
And, to the processing of Attach Request message Attach Request or tracing section updating request Tau Request, comprise the following steps,
Steps A 01, catches Attach Request message Attach Request or the tracing section updating request Tau Request of S1-MME mouth, extracts crucial field KSI and is stored in user's context;
Steps A 02, confirms in relative users context, whether have deciphering parameter data structure, be to enter steps A 03, otherwise directly return to terminal procedure;
Steps A 03, whether the KSI value of extracting in determining step A01 is invalid value, is the deciphering parameter data structure that empties relative users, terminal procedure, otherwise enter steps A 04;
Steps A 04, by the KSI comparison in KSI value and the deciphering parameter data structure extracted in steps A 01, deciphering parameter equal relative users can be used for deciphering, terminal procedure, the unequal deciphering parameter data structure of deleting relative users, the terminal procedure directly returned.
And the processing to authentication message to Authentication Request/Response, comprises the following steps,
Step B01, catches the authentication request message Authentication Request of S1-MME mouth, extracts field AUTN, RAND and KSI, is stored in user's context;
Step B02, catches the authentication response message Authentication Response of S1-MME mouth, extracts field RES, is stored in user's context;
Step B03 using AUTN, RAND in user's context and RES as key assignments, searches corresponding root key Kasme in memory database, finds and enters step B04, does not find and returns, terminal procedure;
Step B04, judges whether the deciphering parameter data structure of relative users exists, and does not exist and creates deciphering parameter data structure, and each member is initialized as to 0, otherwise directly deciphering parameter data structure member is initialized as to 0;
Step B05, is updated to the Kasme finding in step B03 the deciphering parameter data structure of relative users, and the KSI simultaneously step B01 being stored in user's context is updated to deciphering parameter data structure;
Step B06, terminal procedure.
And the processing to security mode messages to Security mode Command/Complete, comprises the following steps,
Step C01, catch the Security Mode Command message Security mode Command of S1-MME mouth, extract field KSI, Type of ciphering algorithm, Sequence number, obtain critical field, Type of ciphering algorithm is that encryption algorithm type, Sequence number are sequence number; The safe mode of catching S1-MME mouth completes message Security mode Complete, extracts critical field Sequence number;
Step C02, confirms that the deciphering parameter data structure of relative users exists, and KSI in deciphering parameter equates with the KSI value of extracting in step C01, enters step C03, otherwise directly return to terminal procedure if all satisfied;
Step C03, the field that step C01 is extracted is updated in deciphering parameter data structure, comprise Sequence number is assigned to corresponding uplink_nas_seq or downlink_nas_seq, then the context_sate in deciphering parameter is set to 1, uplink_nas_over_flow and downlink_nas_over_flow are set to 0;
Step C04, utilizes Kasme and Type of ciphering algorithm in deciphering parameter to derive and obtain decruption key Knasenc through canonical algorithm HMAC-SHA-256, and deposits in deciphering parameter data structure;
Step C05, terminal procedure.
And, for the processing of other message of S1-MME mouth, comprise the following steps,
Step D01, catches other message of S1-MME mouth, extracts field Security header type, Sequence number, and Security header type is security header type;
Step D02, confirms that the deciphering parameter data structure of relative users exists, and exists and enters step D03, otherwise directly return to terminal procedure;
Step D03, in the time that Security header type is 2, represent that corresponding message is encrypting messages, the field Sequence number that step D01 is extracted is updated to deciphering parameter data structure, when Sequence number is 255 while being maximum, corresponding uplink_nas_over_flow or downlink_nas_over_flow are overflowed to count value and add 1, then enter step D04; In the time that Security header type is worth for other, be non-encrypting messages, directly return to terminal procedure;
Step D04, terminal procedure.
And step 4 is achieved as follows,
Confirm that the deciphering parameter data structure in relative users context exists, and in deciphering parameter, context_sate is 1;
Calculate COUNT value, comprise and from deciphering parameter, extract downlink_nas_over_flow and downlink_nas_sqn, obtain counter NAS_OVERFLOW corresponding to message direction, calculate COUNT value according to following formula,
COUNT=0x00|NAS_OVERFLOW<<8|NAS_SQN
Wherein, NAS_SQN is the sequence number of 8bit, and maximum is that 255, NAS_SQN is the sequence number of 8bit, and maximum is that 255, NAS_OVERFLOW is the counter of 16bit, and whenever NAS_SQN reaches maximum, NAS_OVERFLOW adds 1;
Extract data and the length of the ciphertext part in encrypting messages, be decrypted obtain the type of cryptographic algorithm and decruption key Knasenc from deciphering parameter after.
The present invention obtains deciphering relevant parameter from different messages, and the deciphering parameter that ensures active user with treat that decrypt is corresponding.For clear message, can directly resolve; For encrypting messages, can not directly resolve, first obtain ciphertext part, then take out corresponding deciphering parameter and be decrypted, finally call analytical function and resolve this message.Comprise that the signaling data by catching S6a interface and S1-MME interface sets up respectively user's context, the signaling relevant with safeguard protection process to authentication on these two interfaces of special concern, therefrom extracts and deciphers relevant parameter to Non-Access Stratum.S6a interface is responsible for extracting the root key in deciphering parameter, and set up memory database, the relation of storage authentication vector and root key, S1-MME mouth be responsible for extracting and derive other deciphering relevant parameter, by associated S6a mouth and the same user's of S1-MME mouth information, obtain a set of complete deciphering parameter for deciphering, safe and efficient.
Brief description of the drawings
Fig. 1 is LTE security process figure of the prior art.
Fig. 2 is the NAS enciphering/deciphering schematic diagram of the embodiment of the present invention.
Fig. 3 is that the NAS decrypt messages of the embodiment of the present invention is processed overall flow figure.
Fig. 4 is the process chart to Attach request, TAU request message of the embodiment of the present invention.
Fig. 5 is the process chart to authentication process message of the embodiment of the present invention.
Fig. 6 is the process chart to safeguard protection process message of the embodiment of the present invention.
Embodiment
The present invention is based on software engineering is applied in the real-time signaling monitoring system of LTE core net.Below according to drawings and embodiments specific implementation of the present invention is described.
The general principle of the embodiment of the present invention is: pay close attention to the authentication process of S6a mouth, set up the relation between authentication vector (AV) and root key Kasme; Catch S1-MME mouth signaling data, by the S1AP layer signaling management user's context of this interface, the authentication of special concern S1-MME mouth and safeguard protection process, extract relevant parameter in this process by this interface NAS layer signaling and deposit the deciphering parameter data structure in this user's context in, be i.e. a corresponding a deciphering parameter of user; The user profile of associated S6a mouth and S1-MME mouth, so that the user of S1-MME mouth can find its corresponding root key Kasme, inserts deciphering parameter data structure by root key Kasme; Cryptographic algorithm EEA in root key Kasme and deciphering parameter data structure derives and obtains decruption key Knasenc through canonical algorithm HMAC-SHA-256, and this decruption key is decrypted NAS ciphertext together with corresponding user's deciphering parameter.
Because first the prerequisite of deciphering will solve the problem of S6a mouth and S1-MME mouth user information correlation, the present invention is specifically described as follows:
The security process that in prior art, LTE system relates to S6a mouth and S1-MME mouth as shown in Figure 1.Subscriber terminal equipment UE is initiated message 101 to MME, adheres to request (Attach request) or tracing section updating request (TAU request); The backward HSS of the MME request of receiving initiates message 102, i.e. authentication information request (Authentication information request); Message 103 is that loopback authentication information is replied (Authentication information answer), HSS responds by one or more authentication vector (AV) in message 103, and each authentication vector is made up of random access parameter (RAND), authentication token (AUTN), expected result parameter (XRES) and root key (Kasme); MME sends message 104 to UE, and message 104 is with the authentication request (Authentication request) of RAND and AUTN parameter; The AUTN that UE receives checking, examines by rear generation and expects result parameter (RES), and bring MME by message 105 by RES, and message 105 is Authentication Response (Authentication response); The RES that MME produces by XRES and the UE of relatively HSS generation, if the same authentication success, MME will initiate message 106 and start NAS integrity protection process, and message 106 is safe mode command (Secutity mode command); Whether UE check continuity is legal, starts Confidentiality protection process by sending message 107, and NAS message is thereafter by encrypted, and this message may be also encrypted simultaneously, and message 107 is that safe mode completes (Security mode complete).
Conventionally the correlating method of mentioning in data is all by IMSI (international mobile subscriber identity) association, and S6a mouth can obtain IMSI by catching Authentication Information Request message, but S1-MME mouth is difficult to obtain IMSI.Only have and adhere to for the first time or LTE network can not identify by temporary identity (GUTI) identification user and can carry IMSI while initiating Identity verification process when user terminal (UE), in other situation, generally only carry GUTI, and the probability that these processes occur is less, thereby S1-MME mouth is difficult to set up the relation of IMSI and user profile, and then be difficult to by IMSI S6a mouth is associated with S1-MME mouth.Correlating method in the present invention is proposed below:
Authentication vector is made up of random access parameter (RAND), authentication token (AUTN), expected result parameter (XRES) and root key (Kasme).Can carry many group authentication vector in S6a mouth Authentication Information Answer message, and MME can select AUTN in one group of original authentication vector wherein and RAND to issue UE to carry out network authentication.The parameter that UE stores according to oneself and the authentication vector parameter of receiving, calculate RES.By comparison, whether XRES has equated the certification of network to UE with RES, and equal authentication success shows that root key Kasme corresponding to this group authentication vector can be used for deciphering; Otherwise authentification failure, UE exits connection.After authentication success, the present invention by AUTN, RAND in this group authentication vector and XRES by the user information correlation of S6a mouth and S1-MME mouth.
In embodiment, the parameter that NAS deciphering needs has EEA, KEY, COUNT, BEARER, DIRECTION, LENGTH, can be with reference to the NAS enciphering/deciphering procedure chart in figure 2, in this figure taking cryptographic algorithm EEA as example, at transmitting terminal, NAS signaling message is encrypted, is decrypted at receiving terminal.Receiving terminal generates a group key stream (KEYSTREAM BLOCK) by the deciphering parameter such as key (KEY), algorithm (EEA) obtaining, and this key stream obtains clear-text message (PLAINTEXT BLOCK) after doing XOR with the ciphertext (CIPHERTEXT BLOCK) receiving.Below each parameter in Fig. 2 is described:
1.EEA is the type of the cryptographic algorithm of selection;
2.KEY is the decruption key Knasenc that root key Kasme derives by calculating, and length is 128bit, and Kasme is 256bit, and the result of its computing is intercepted to obtain to low 128bit;
3.COUNT is message SN, and the character string that itself is 24bit, in the time that cryptographic algorithm adopts EEA serial algorithm, is mended 8bit zero in a high position and formed 32bit message sequence.
COUNT=0x00|NAS_OVERFLOW<<8|NAS_SQN (1)
Wherein NAS_SQN is the sequence number of 8bit, and maximum is that 255, NAS_OVERFLOW is the counter of 16bit, and whenever NAS_SQN reaches maximum, NAS_OVERFLOW adds 1.
COUNT is only just clear 0 in the time that new EPS (grouping system of Evolved Packet System evolution) safe context is set up, and will calculate corresponding COUNT value by up-downgoing message direction respectively;
4.BEARER is the carrying ID of 5bit, for NAS message, is defaulted as 0;
5.DIRECTION represents the transmission direction of this NAS message to be deciphered, 1bit, and 0 represents upstream message, and 1 represents downstream message, and regulation UE is up to MME direction; LENGTH is the length of NAS message to be deciphered, and unit is bit.
Referring to Fig. 3, be that the NAS decrypt messages that the present embodiment provides is processed idiographic flow, for the sake of ease of implementation, will, taking interface as unit, introduce in detail NAS decryption method of the present invention according to the step of this flow chart below.
Step 1, extracts to NAS and deciphers relevant parameter and preserve from S6a mouth, comprises AUTN, RAND, XRES, Kasme.For setting up the relation between authentication vector (AV) and root key Kasme, be mainly to extract and decipher relevant parameter to NAS from S6a mouth message.
On this interface, deciphering relevant message to NAS has Authentication Information Request and Authentication Information Answer, and concrete operations are as follows:
The first step, catches the authentication information message of S6a mouth to Authentication Information Request/Answer, parses authentication vector AUTN, RAND, XRES, Kasme.
Second step, preserves the analysis result of the first step, can adopt database to realize.Those skilled in the art can adopt prior art to select to set up memory database voluntarily, and suggestion adopts Redis memory database.Because authorization data amount is little, and quicker in order to read and write data, the present embodiment is set up Redis memory database in advance, the corresponding relation of storage AUTN, RAND, XRES and Kasme.Message Authentication Information Answer is containing many group authentication vector, and AUTN, RAND and XRES in every group of authentication vector combine as key, and the Kasme in this group authentication vector is as value.Like this, the embodiment of the present invention is different with prior art, and use AUTN as associate field, realizes S6a mouth is associated with S1-MME mouth together with RAND, XRES.
The first step parses after authentication vector, i.e. renewable Redis memory database.Empty this database, remove the authentication vector that last time, authentication process was preserved, deposit the authentication vector of extracting in this process in database.
The 3rd step, finishes this process.
Step 2, by S1-MME mouth S1AP layer message management user's context.
Analyze the packet of S1-MME mouth, analysis before according to the present invention, it is less that this interface carries the message of IMSI, be difficult to set up the associated of IMSI and user profile, and major part can be carried the mark MME-UE-S1AP-ID of MME side to UE with user-dependent message (UE-associated signalling), only have beep-page message (PAGING) and initial UE message (INITIAL UE MESSAGE) not to be with MME-UE-S1AP-ID, but can carry S-TMSI or IMSI.S-TMSI is temporary mobile subscriber identity, is interim " representative " of IMSI.Therefore S1-MME mouth can utilize the IP address of MME-UE-S1AP-ID and MME to set up Hash table 1 for key assignments, utilizes S-TMSI to set up Hash table 2 for key assignments, utilizes IMSI to set up in 3, three Hash tables of Hash table and all store user's context pointer for key assignments.
S-TMSI is a temporary mark, on network, can often change this value; MME-UE-S1AP-ID is constant in S1 connects, but while reconnecting after S1 Connection Release, this value can change.Therefore the present embodiment Dynamic Maintenance is respectively taking MME-UE-S1AP-ID and S-TMSI as the Hash table 1 of key and the key assignments of Hash table 2, replaces old key assignments with new key assignments.
Must storage S-TMSI and IMSI in user's context, while not having acquiescence fill out complete 1 so that three Hash tables can be set up association.The example that is updated to of the Hash table 2 taking S-TMSI as key assignments describes below:
In the time carrying MME-UE-S1AP-ID in message and carry S-TMSI again, be first that key assignments is searched Hash table 1 by MME-UE-S1AP-ID and MME IP address, do not find newly-built Hash node of this key assignments; The S-TMSI (fixing tentatively as old S-TMSI) that finds this key assignments to extract in corresponding user's context compares with the S-TMSI (fixing tentatively as new S-TMSI) that current message carries, copy user context information corresponding in old S-TMSI Hash node to new S-TMSI Hash node if unequal, then use the node of the old S-TMSI of new S-TMSI Hash node replacement in Hash table 2; Equal need not upgrade the key assignments of Hash table 2.
Step 3, deciphers relevant parameter by S1-MME mouth NAS layer message extraction to NAS, according to step 1 gained Kasme, calculates decruption key Knasenc.The step 1 of embodiment remains on Kasme in Redis memory database, and this step is obtained Kasme from Redis memory database.
On this interface, decipher relevant message to NAS and mainly contain Authentication Request, Authentication Response, Security mode command, Security mode complete etc.
When concrete enforcement, those skilled in the art can set the data structure of preserving relevant parameter voluntarily.In embodiment, deciphering parameter data structure nas_uncipher_parameter is as follows by C language definition:
Wherein, KSI is the set of cipher key mark of 3bit, be used for identifying root key Kasme, by comparing the KSI in KSI and the corresponding deciphering Parameters data structure of carrying in encrypting messages, judge whether the root key Kasme in current deciphering parameter can be used to decipher this message; Context_sate is the state of UE safe context, has two states, represents NOTCURRENT (non-current) respectively with 0, with 1 mark CURRENT (current); Cipher_algorithm_type is cryptographic algorithm ID, and deciphering is also this algorithm; Knasenc is final by the decruption key calculating, uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn, downlink_nas_over_flow are respectively sequence number and the overflow values of up-downgoing message, for calculating up-downgoing COUNT.
In order to set up and to safeguard above-mentioned deciphering parameter data structure, in step 3 S1-MME mouth need special concern adhere to tracing section updating process in authentication and safeguard protection process.Below the processing for related news is elaborated:
1) processing to message Attach Request or Tau Request, specifically referring to Fig. 4:
The first step, catches Attach Request message or the Tau Request message of S1-MME mouth, extracts field KSI, and the critical field KSI of extraction is stored in user's context;
Second step, confirms that this user's deciphering parameter data structure exists, and in this user's context, whether has deciphering parameter data structure, is to enter the 3rd step, otherwise directly returns to terminal procedure;
The 3rd step, judges whether the KSI value of extracting in the first step is " 111 ", and " 111 " represent that the Kasme of this KSI mark is invalid value, cannot be used for deciphering; If this KSI is " 111 ", empty this user's deciphering parameter data structure, terminal procedure, otherwise enter the 4th step;
The 4th step, by the KSI in the KSI value of extracting in the first step and deciphering parameter data structure (the KSI value of extracting above) relatively, deciphering parameter equal that this user is described can be used to deciphering, terminal procedure, the unequal deciphering parameter data structure of deleting this user, the terminal procedure directly returned.Extracting for the first time in the process of deciphering parameter, attach request or tau request message are the message starting most, but after extracting for the first time the process of deciphering parameter and finishing, this user has just had complete deciphering parameter data structure, if then again receive attach request or tau request, by extracting the KSI of this message, if KSI is effective value, the deciphering of encrypting messages below can directly be deciphered with current existing deciphering parameter.
2) to the right processing of Authentication Request/Response message, specifically referring to Fig. 5:
The first step, catches the Authentication Request message of S1-MME mouth, extracts field AUTN, RAND and KSI, is stored in user's context;
Second step, catches the Authentication Response message of S1-MME mouth, extracts field RES, is stored in user's context;
The 3rd step using AUTN, RAND in user's context and RES as key assignments, is searched corresponding root key Kasme in Redis memory database, finds and enters the 4th step, does not find and returns, terminal procedure;
The 4th step, judges whether this user's deciphering parameter data structure exists, and does not exist and creates deciphering parameter data structure, and each member is initialized as to 0, otherwise directly deciphering parameter data structure member is initialized as to 0;
The 5th step, is updated to the Kasme finding in the 3rd step this user's deciphering parameter data structure, and the KSI simultaneously first step being stored in user's context is updated to deciphering parameter data structure;
The 6th step, terminal procedure;
3) to the right processing of Security mode Command/Complete message, specifically referring to Fig. 6:
The first step, catches the Security mode Command message of S1-MME mouth, extracts field KSI, Type of ciphering algorithm (encryption algorithm type), Sequence number (sequence number), obtains critical field; Catch the Security mode Complete message of S1-MME mouth, extract critical field Sequence number;
Second step, confirms that this user's deciphering parameter data structure exists, and KSI in deciphering parameter equates with the KSI value of extracting in the first step, enters the 3rd step, otherwise directly return to terminal procedure if all satisfied;
The 3rd step, the field that the first step is extracted is updated in deciphering parameter data structure, note Sequence number to be assigned to corresponding uplink_nas_seq or downlink_nas_seq, then the context_sate in deciphering parameter is set to 1, uplink_nas_over_flow and downlink_nas_over_flow (being NAS_OVERFLOW corresponding to message direction) are set to 0;
The 4th step, utilizes Kasme and Type of ciphering algorithm in deciphering parameter to derive and obtain decruption key Knasenc through canonical algorithm HMAC-SHA-256, and is deposited in deciphering parameter data structure;
The 5th step, terminal procedure.
4) for the processing of other message of S1-MME mouth
For this type of message, be and subscription authentication and the irrelevant message of safeguard protection process that the present embodiment upgrades the corresponding field in deciphering parameter data structure by the field Sequence number extracting in message, so that the COUNT value of secure processing device encrypts.Concrete steps are as follows:
The first step, catches this type of message of S1-MME mouth, extracts field Security header type (security header type), Sequence number;
Second step, confirms that this user's deciphering parameter data structure exists, and exists and enters the 3rd step, otherwise directly return to terminal procedure;
The 3rd step, in the time that Security header type is 2, represent that this message is encrypting messages, the field Sequence number that the first step is extracted is updated to deciphering parameter data structure, when Sequence number is 255 while being maximum, corresponding uplink_nas_over_flow or downlink_nas_over_flow are overflowed to count value and add 1, then enter the 4th step; In the time that Security header type is worth for other, be non-encrypting messages, directly return to terminal procedure;
The 4th step, terminal procedure.
Step 4, the ciphertext part of extraction encrypting messages, is decrypted in conjunction with deciphering parameter.
By step above, the present embodiment has completed extraction and the renewal of all deciphering parameters, will be decrypted ciphertext according to deciphering parameter below.For convenience of description, suppose that current encrypting messages is downstream message, as follows with the concrete decryption step that corresponding user's deciphering parameter is decrypted NAS ciphertext together about utilizing decruption key in step 4:
1. confirm that the deciphering parameter data structure in this user's context exists, and in deciphering parameter, context_sate is 1, is CURRENT state, can continue deciphering, otherwise return, and finishes decrypting process;
2. calculate COUNT value, comprise and from deciphering parameter, extract downlink_nas_over_flow and downlink_nas_sqn, calculate COUNT value according to formula (1);
3. extract data and the length (being LENGTH) of the ciphertext part in this message, with reference to required input in Fig. 2 NAS enciphering/deciphering procedure chart in the present invention, be decrypted obtain corresponding information from deciphering parameter after.Wherein, mainly comprise that EEA is the type of the cryptographic algorithm of selection, obtain according to cipher_algorithm_type in deciphering parameter, KEY is decruption key Knasenc.And BEARER=0, DIRECTION determines according to the transmission direction of this NAS message to be deciphered.
Specific embodiment described herein is only to the explanation for example of the present invention's spirit.Those skilled in the art can make various amendments or supplement or adopt similar mode to substitute described specific embodiment, but can't depart from spirit of the present invention or surmount the defined scope of appended claims.
Claims (10)
1. a Non-Access Stratum decryption method for the real-time monitoring signaling of LTE core net, is characterized in that: comprises the following steps,
Step 1, extracts to NAS and deciphers relevant parameter and preserve from S6a mouth, comprises authentication token AUTN, random access parameters R AND, expected result parameter X RES and root key Kasme;
Step 2, by S1-MME mouth S1AP layer message management user's context;
Step 3, deciphers relevant parameter by S1-MME mouth NAS layer message extraction to NAS, and according to step 1 gained root key, Kasme calculates decruption key Knasenc;
Step 4, the ciphertext part of extraction encrypting messages, is decrypted in conjunction with the relevant parameter of deciphering.
2. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 1, is characterized in that: step 1 is achieved as follows,
Catch the authentication information message of S6a mouth to Authentication Information Request/Answer, parse many group authentication vector, every group of authentication vector comprises authentication token AUTN, random access parameters R AND, expected result parameter X RES and root key Kasme;
Upgrade memory database according to gained authentication vector, described memory database is for storing the corresponding relation of AUTN, RAND, XRES and Kasme, AUTN, RAND and XRES in every group of authentication vector combine as key, and the Kasme in this group authentication vector is as value.
3. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 2, is characterized in that: in second step, is achieved as follows about the S1AP layer signaling management user's context by S1-MME mouth,
S1-MME mouth utilizes the IP address of MME-UE-S1AP-ID and MME to set up Hash table 1 for key assignments, utilizes S-TMSI to set up Hash table 2 for key assignments, utilizes IMSI to set up in 3, three Hash tables of Hash table and all store user's context pointer for key assignments;
Dynamic Maintenance is respectively taking MME-UE-S1AP-ID and S-TMSI as the Hash table 1 of key and the key assignments of Hash table 2, replaces old key assignments with new key assignments; In user's context, store S-TMSI and IMSI, while not having, acquiescence is filled out entirely 1, three Hash tables is set up associated;
Wherein, MME-UE-S1AP-ID is the mark of MME side to UE, and MME is mobile management entity, and S-TMSI is temporary mobile subscriber identity, and IMSI is international mobile subscriber identity.
4. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 3, it is characterized in that: step 3 extraction gained is deciphered relevant parameter to NAS and deposited deciphering parameter data structure in, described deciphering parameter data structure comprises deciphering parameter KSI, Kasme, context_sate, cipher_algorithm_type, Knasenc, uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn and downlink_nas_over_flow
KSI is set of cipher key mark, for identifying root key Kasme;
Context_sate is the state of UE safe context, represents NOT CURRENT respectively with 0, with 1 mark CURRENT;
Cipher_algorithm_type is the ID of encryption and decryption algorithm used;
Uplink_nas_sqn, uplink_nas_over_flow, downlink_nas_sqn, downlink_nas_over_flow are respectively sequence number and the overflow values of up-downgoing message, and for calculating up-downgoing COUNT, described COUNT is message SN.
5. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 4, it is characterized in that: step 3 is deciphered in relevant parametric procedure to NAS by S1-MME mouth NAS layer message extraction, comprise the processing to Attach Request message Attach Request or tracing section updating request Tau Request, processing to authentication message to Authentication Request/Response, processing to security mode messages to Security mode Command/Complete, for the processing of other message of S1-MME mouth.
6. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 5, is characterized in that: to the processing of Attach Request message Attach Request or tracing section updating request Tau Request, comprises the following steps,
Steps A 01, catches Attach Request message Attach Request or the tracing section updating request Tau Request of S1-MME mouth, extracts crucial field KSI and is stored in user's context;
Steps A 02, confirms in relative users context, whether have deciphering parameter data structure, be to enter steps A 03, otherwise directly return to terminal procedure;
Steps A 03, whether the KSI value of extracting in determining step A01 is invalid value, is the deciphering parameter data structure that empties relative users, terminal procedure, otherwise enter steps A 04;
Steps A 04, by the KSI comparison in KSI value and the deciphering parameter data structure extracted in steps A 01, deciphering parameter equal relative users can be used for deciphering, terminal procedure, the unequal deciphering parameter data structure of deleting relative users, the terminal procedure directly returned.
7. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 5, is characterized in that: the processing to authentication message to Authentication Request/Response, comprise the following steps,
Step B01, catches the authentication request message Authentication Request of S1-MME mouth, extracts field AUTN, RAND and KSI, is stored in user's context;
Step B02, catches the authentication response message Authentication Response of S1-MME mouth, extracts field RES, is stored in user's context;
Step B03 using AUTN, RAND in user's context and RES as key assignments, searches corresponding root key Kasme in memory database, finds and enters step B04, does not find and returns, terminal procedure;
Step B04, judges whether the deciphering parameter data structure of relative users exists, and does not exist and creates deciphering parameter data structure, and each member is initialized as to 0, otherwise directly deciphering parameter data structure member is initialized as to 0;
Step B05, is updated to the Kasme finding in step B03 the deciphering parameter data structure of relative users, and the KSI simultaneously step B01 being stored in user's context is updated to deciphering parameter data structure;
Step B06, terminal procedure.
8. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 5, is characterized in that: the processing to security mode messages to Security mode Command/Complete, comprise the following steps,
Step C01, catch the Security Mode Command message Security mode Command of S1-MME mouth, extract field KSI, Type of ciphering algorithm, Sequence number, obtain critical field, Type of ciphering algorithm is that encryption algorithm type, Sequence number are sequence number; The safe mode of catching S1-MME mouth completes message Security mode Complete, extracts critical field Sequence number;
Step C02, confirms that the deciphering parameter data structure of relative users exists, and KSI in deciphering parameter equates with the KSI value of extracting in step C01, enters step C03, otherwise directly return to terminal procedure if all satisfied;
Step C03, the field that step C01 is extracted is updated in deciphering parameter data structure, comprise Sequence number is assigned to corresponding uplink_nas_seq or downlink_nas_seq, then the context_sate in deciphering parameter is set to 1, uplink_nas_over_flow and downlink_nas_over_flow are set to 0;
Step C04, utilizes Kasme and Type of ciphering algorithm in deciphering parameter to derive and obtain decruption key Knasenc through canonical algorithm HMAC-SHA-256, and deposits in deciphering parameter data structure;
Step C05, terminal procedure.
9. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 5, is characterized in that: for the processing of other message of S1-MME mouth, comprises the following steps,
Step D01, catches other message of S1-MME mouth, extracts field Security header type, Sequence number, and Security header type is security header type;
Step D02, confirms that the deciphering parameter data structure of relative users exists, and exists and enters step D03, otherwise directly return to terminal procedure;
Step D03, in the time that Security header type is 2, represent that corresponding message is encrypting messages, the field Sequence number that step D01 is extracted is updated to deciphering parameter data structure, when Sequence number is 255 while being maximum, corresponding uplink_nas_over_flow or downlink_nas_over_flow are overflowed to count value and add 1, then enter step D04; In the time that Security header type is worth for other, be non-encrypting messages, directly return to terminal procedure;
Step D04, terminal procedure.
10. the Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core net according to claim 5, is characterized in that: step 4 is achieved as follows,
Confirm that the deciphering parameter data structure in relative users context exists, and in deciphering parameter, context_sate is 1;
Calculate COUNT value, comprise and from deciphering parameter, extract downlink_nas_over_flow and downlink_nas_sqn, obtain counter NAS_OVERFLOW corresponding to message direction, calculate COUNT value according to following formula,
COUNT=0x00|NAS_OVERFLOW<<8|NAS_SQN
Wherein, NAS_SQN is the sequence number of 8bit, and maximum is that 255, NAS_SQN is the sequence number of 8bit, and maximum is that 255, NAS_OVERFLOW is the counter of 16bit, and whenever NAS_SQN reaches maximum, NAS_OVERFLOW adds 1;
Extract data and the length of the ciphertext part in encrypting messages, be decrypted obtain the type of cryptographic algorithm and decruption key Knasenc from deciphering parameter after.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410307424.2A CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410307424.2A CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104038934A true CN104038934A (en) | 2014-09-10 |
| CN104038934B CN104038934B (en) | 2017-08-08 |
Family
ID=51469492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410307424.2A Active CN104038934B (en) | 2014-06-30 | 2014-06-30 | The Non-Access Stratum decryption method of the real-time monitoring signaling of LTE core network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104038934B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104640107A (en) * | 2014-12-09 | 2015-05-20 | 北京电旗通讯技术股份有限公司 | Method for recognizing S1-MME interface NAS-layer ciphertext in multi-interface matched decryption LTE (long term evolution) |
| CN105246099A (en) * | 2015-10-27 | 2016-01-13 | 合肥浩瀚深度信息技术有限公司 | Association method of S1-MME (Mobility Management Entity) interface and S11 interface signaling procedure under LTE (Long Term Evolution) system interior non-switching scene |
| WO2016082328A1 (en) * | 2014-11-24 | 2016-06-02 | 中兴通讯股份有限公司 | Signaling monitoring method and system |
| CN106961681A (en) * | 2017-02-10 | 2017-07-18 | 北京浩瀚深度信息技术股份有限公司 | Multiplex roles cipher key processing method and device inside a kind of LTE system |
| CN107005842A (en) * | 2014-12-02 | 2017-08-01 | 华为技术有限公司 | Method for authenticating, relevant apparatus and system in a kind of cordless communication network |
| CN108495279A (en) * | 2018-03-09 | 2018-09-04 | 北京全路通信信号研究设计院集团有限公司 | A kind of LTE-M signaling resolutions method and system |
| CN109120572A (en) * | 2017-06-22 | 2019-01-01 | 中兴通讯股份有限公司 | SIP signaling decryption method, device, system and computer readable storage medium |
| CN109327864A (en) * | 2018-11-07 | 2019-02-12 | 杭州迪普科技股份有限公司 | Flow processing method, device, equipment and storage medium |
| CN109982260A (en) * | 2019-03-08 | 2019-07-05 | 杭州迪普科技股份有限公司 | Decryption method, device, electronic equipment and the machine readable storage medium of signaling |
| CN112822674A (en) * | 2020-12-29 | 2021-05-18 | 联想未来通信科技(重庆)有限公司 | Decryption method and device of NAS (network attached storage) message |
| WO2022198671A1 (en) * | 2021-03-26 | 2022-09-29 | 华为技术有限公司 | Communication method and apparatus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
| CN102438241A (en) * | 2011-12-30 | 2012-05-02 | 北京中创信测科技股份有限公司 | Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis |
| US20120159151A1 (en) * | 2010-12-21 | 2012-06-21 | Tektronix, Inc. | Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring |
-
2014
- 2014-06-30 CN CN201410307424.2A patent/CN104038934B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120159151A1 (en) * | 2010-12-21 | 2012-06-21 | Tektronix, Inc. | Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring |
| CN102300210A (en) * | 2011-09-01 | 2011-12-28 | 重庆中天重邮通信技术有限公司 | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device |
| CN102438241A (en) * | 2011-12-30 | 2012-05-02 | 北京中创信测科技股份有限公司 | Device and method for decrypting NAS (Network Attached Storage) signaling in LTE (Long Term Evolution) protocol monitoring analysis |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10411987B2 (en) * | 2014-11-24 | 2019-09-10 | Zte Corporation | Signaling monitoring method and system |
| CN105704755B (en) * | 2014-11-24 | 2021-03-05 | 中兴通讯股份有限公司 | Signaling monitoring method and system |
| WO2016082328A1 (en) * | 2014-11-24 | 2016-06-02 | 中兴通讯股份有限公司 | Signaling monitoring method and system |
| CN105704755A (en) * | 2014-11-24 | 2016-06-22 | 中兴通讯股份有限公司 | Signaling monitoring method and system |
| CN107005842B (en) * | 2014-12-02 | 2019-12-24 | 华为技术有限公司 | Authentication method, related device and system in wireless communication network |
| CN107005842A (en) * | 2014-12-02 | 2017-08-01 | 华为技术有限公司 | Method for authenticating, relevant apparatus and system in a kind of cordless communication network |
| CN104640107B (en) * | 2014-12-09 | 2019-01-15 | 北京电旗通讯技术股份有限公司 | NAS layers of ciphertext recognition methods of S1-MME interface in a kind of multiplex roles cooperation decryption LTE |
| CN104640107A (en) * | 2014-12-09 | 2015-05-20 | 北京电旗通讯技术股份有限公司 | Method for recognizing S1-MME interface NAS-layer ciphertext in multi-interface matched decryption LTE (long term evolution) |
| CN105246099A (en) * | 2015-10-27 | 2016-01-13 | 合肥浩瀚深度信息技术有限公司 | Association method of S1-MME (Mobility Management Entity) interface and S11 interface signaling procedure under LTE (Long Term Evolution) system interior non-switching scene |
| CN106961681A (en) * | 2017-02-10 | 2017-07-18 | 北京浩瀚深度信息技术股份有限公司 | Multiplex roles cipher key processing method and device inside a kind of LTE system |
| CN109120572A (en) * | 2017-06-22 | 2019-01-01 | 中兴通讯股份有限公司 | SIP signaling decryption method, device, system and computer readable storage medium |
| CN108495279A (en) * | 2018-03-09 | 2018-09-04 | 北京全路通信信号研究设计院集团有限公司 | A kind of LTE-M signaling resolutions method and system |
| CN109327864A (en) * | 2018-11-07 | 2019-02-12 | 杭州迪普科技股份有限公司 | Flow processing method, device, equipment and storage medium |
| CN109982260A (en) * | 2019-03-08 | 2019-07-05 | 杭州迪普科技股份有限公司 | Decryption method, device, electronic equipment and the machine readable storage medium of signaling |
| CN112822674A (en) * | 2020-12-29 | 2021-05-18 | 联想未来通信科技(重庆)有限公司 | Decryption method and device of NAS (network attached storage) message |
| WO2022198671A1 (en) * | 2021-03-26 | 2022-09-29 | 华为技术有限公司 | Communication method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104038934B (en) | 2017-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104038934A (en) | Non-access layer decryption method for LET core network real-time signaling monitoring | |
| CN102438241B (en) | To NAS signaling decryption device and method in a kind of LTE protocol monitoring analysis | |
| CN106936570B (en) | Key configuration method, key management center and network element | |
| US20190036694A1 (en) | Operator-Assisted Key Establishment | |
| US20200228977A1 (en) | Parameter Protection Method And Device, And System | |
| EP3337088B1 (en) | Data encryption method, decryption method, apparatus, and system | |
| KR101929699B1 (en) | GPRS system key enforcement method, SGSN device, UE, HLR / HSS, and GPRS system | |
| CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
| CN106714152B (en) | Key distribution and receiving method, first key management center and first network element | |
| CN102300210A (en) | Method for decrypting cipher text of long term evolution (LTE) non-access stratum and signaling monitoring device | |
| CN108809637A (en) | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher | |
| CN103533539A (en) | Virtual SIM (subscriber identity module) card parameter management method and device | |
| US20160330620A1 (en) | Efficient Cellular Network Security Configuration | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| KR102491403B1 (en) | Method for enhancing security of subscriber identification module based on physical unclonable function and apparatus and system therefor | |
| CN101938741A (en) | Method, system and device for mutual authentication | |
| CN101699890A (en) | 3G-WLAN authentication method | |
| CN101521667A (en) | Method and device for safety data communication | |
| CN102045343B (en) | DC (Digital Certificate) based communication encrypting safety method, server and system | |
| CN101257358B (en) | Method and system for updating user cipher key | |
| CN102413463B (en) | Wireless media access layer authentication and key agreement method for filling variable sequence length | |
| Mundt et al. | General security considerations of LoRaWAN version 1.1 infrastructures | |
| CN108023884A (en) | A kind of encryption method of Networks and information security | |
| CN101938743B (en) | Generation method and device of safe keys | |
| CN110830421B (en) | Data transmission method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |