CN104066087A - Method for dynamically selecting length of authentication vector set - Google Patents
Method for dynamically selecting length of authentication vector set Download PDFInfo
- Publication number
- CN104066087A CN104066087A CN201410322705.5A CN201410322705A CN104066087A CN 104066087 A CN104066087 A CN 104066087A CN 201410322705 A CN201410322705 A CN 201410322705A CN 104066087 A CN104066087 A CN 104066087A
- Authority
- CN
- China
- Prior art keywords
- amount
- ciphering key
- time
- length
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method for dynamically selecting the length K of an EPS AKA authentication vector set. According to the method, a network model is designed with message communication traffic and bit communication traffic as measurement factors, and an integrally optimal value K which meets the requirements of the message communication traffic and the bit communication traffic is selected as the authentication vector length; consequently, the defects that by the adoption of an existing method, the length to be selected of the authentication vector set is limited, an obtained value is non-unique, and a certain error exists. Through the method, an existing scheme only with the message communication traffic as a measurement standard is optimized, the coping capacity of a network at the time of a sudden change of network traffic is effectively improved, and reasonable optimal configuration of whole network resources is achieved.
Description
Technical field
The invention belongs to mobile communication technology field, particularly a kind of choice of dynamical method of Ciphering Key group length when user security accessing mobile communication network.
Background technology
The security framework of 3-G (Generation Three mobile communication system) UMTS (Universal Mobile Telecommunication System) and the 4th Generation Mobile Communication System LTE (Long Term Evolution) all adopts AKA (Authentication and KeyAgreement) protocol to ensure user security access network.Home network HE/HLR in AKA agreement (HomeEnvironment/Home Location Register) once transmits multiple Ciphering Key to service network SN/MME (Service Network/MobilityManagement Entity), forms Vector Groups.The size of Ciphering Key group length K, will directly affect the most optimum distribution of resources of whole network.
In 3GPP agreement, advise that Ciphering Key group length is 5, and existing other Ciphering Key group length choosing methods mainly contain two kinds: a kind of is certification amount and Ciphering Key group length during resident based on last SN, choosing Ciphering Key group length change step is 1, then obtains taking message communicating amount minimum or message communicating amount average minimum as criterion; Another kind is the authentication rate of Based Network Monitoring, under Poisson distribution occasion, sets up the Mathematical Modeling of normalization message communicating amount and Ciphering Key group length relation, finds the corresponding relation of choosing between authentication rate and Ciphering Key group length.But these two kinds of methods are all just chosen message communicating amount for weighing the factor, exist K value to be selected space little, obtain the not unique drawback of K value; And there is certain error with the model of Poisson distribution.In AKA, HE sends K group AV to MME, if these AV exhaust, MME need to ask another authenticating identity.Obviously, the size of Ciphering Key group length and message communicating amount, bit communications amount are all relevant.
How to utilize to greatest extent overall network resource, make network rationally choose dynamically Ciphering Key group length according to current business demand, become the important topic in moving communicating field.
Summary of the invention
The object of the invention is to solve existing method and have that Ciphering Key group length to be selected space is little, the value of obtaining is not unique and have the problem of certain error, network ruuning situation, a kind of choice of dynamical method of Ciphering Key group length is provided, the method simultaneously, taking message communicating amount and bit communications amount as weighing the factor, has improved the utilance of whole Internet resources.
The innovation of the inventive method is mainly manifested in: add this measurement factor of bit communications amount, design new choosing method, obtain the best Ciphering Key group length of current network, the safe access operation of completing user.
The choosing method of Ciphering Key group length provided by the invention comprises following steps:
Whether the current residing service network SN of user (Service Network) that the first, network monitor is initiated request is in switching state.If SN, in switching state, utilizes the authentication request speed λ of the current network of monitoring, estimate the certification amount M in current time T; If SN is in non-switching state, the direct certification amount M in timing statistics T;
The second, definition Ciphering Key waste rate, the space K' to be selected of the qualified Ciphering Key group of Preliminary screening length;
Three, weigh the factor according to bit communications amount, two of message communicating amounts, set selection principle, obtain Ciphering Key group length initial value K* under current network;
Four, optimize initial value K
*.Statistics actual authentication amount M', decision event " the
inferior ADR request " whether occur; Before not occurring, there is K
new=K
*; After generation, have
Described in the first step of the present invention, the computational methods of certification amount M are:
1. when SN is in non-switching state, by the actual authentication amount M in HE/HLR monitoring current time T;
2. when SN is in switching state, if t
ifor the time that SN switches the front last ADR of execution, t
i+1for switching the time occurring, t
i~t
i+1uAR the number of carrying out is during this time m, authentication rate
so, obtain the certification amount M=λ T in the T time before SN switches.
Second step definition Ciphering Key waste rate of the present invention, to dwindle the space to be selected of seeking Ciphering Key group length, method is:
Certification amount M in monitoring current network time T, two waste rate γ of definition Ciphering Key
1and γ
2, wherein,
1. overall waste rate γ
1: represent in time T or SN switch before final stage be not more than the Ciphering Key being dropped in the time of T and account for the percentage of total Ciphering Key that this time period obtains.Set γ
1< ε, ε ∈ (0,1) is the positive number that can set according to real network situation.
2. local wave rate γ
2: represent in time T or SN switch before final stage be not more than Ciphering Key that K group AV that in time of T, the last ADR of execution obtains is dropped and account for the percentage of total Ciphering Key that this time period obtains.Here set local wave rate γ
2be not more than 50%.
The present invention's the 3rd step is obtained Ciphering Key group length initial value K under current network
*method:
The K value set K' to be selected determining according to constraints, from small to large by message communicating amount and the sequence of bit communications amount, and obtains respectively its corresponding K value sequence k'={k '
1, k '
2..., k '
length (K')| k '
i∈ K'}, k "=k "
1, k "
2..., k "
length (K')| k "
j∈ K'}, i, j represent the positional information of its place sequence; Obtain same K value at sequence k', k " position and sequence, be designated as d={d
1, d
2..., d
length (K')| d
i, as k '
i=k "
jtime, d
i=i+j; Obtain initial value K
*=k '
i, k '
ifor min{d
icorresponding K value.
The present invention the 4th step optimizing demonstration Vector Groups length initial value K
*method be:
Setting authentication amount fluctuation range is α, when actual authentication amount reaches after a certain value, keeps initial value K always
*=K
iwill cause unnecessary bit communications amount.For this reason, choosing as follows of Ciphering Key group length optimized: if actual authentication amount M' meets
m' ∈ M
new, decision event " the
inferior ADR request " whether occur; Before not occurring, there is K
new=K
*; After generation, have
here, α ∈ [0,1] is actual authentication amount and the difference and the ratio of estimating certification amount, M of estimating certification amount
newfor the certification amount of estimating.
Advantage of the present invention and good effect
The invention has the beneficial effects as follows: the invention discloses a kind of choosing method of Ciphering Key group length K, the method comprises: the certification demand M that estimates or add up current network; The bit communications amount, message communicating amount of trying to achieve EPS AKA respectively with the mathematical relationship of Ciphering Key group length K, in conjunction with bit communications amount, two criterions of message communicating amount, rational Ciphering Key group length K is chosen in algorithm for design compromise.The present invention has optimized the only existing scheme taking message communicating amount as criterion, dynamically update according to the actual conditions of current network, effectively improve the adaptibility to response of network when network traffic is undergone mutation, realized the reasonably optimizing configuration of whole Internet resources.
Brief description of the drawings
Fig. 1 is a kind of Ciphering Key group length choice of dynamical method flow diagram disclosed by the invention;
Fig. 2 is EPS AKA flow chart involved in the present invention;
Fig. 3 is the simplified model of verification process in update cycle T involved in the present invention;
Fig. 4 is the renewal schematic diagram under a kind of network model disclosed by the invention;
Fig. 5 is a kind of network scenario in the embodiment of the present invention;
Fig. 6 obtains initial value K in the embodiment of the present invention
*presentation process figure;
Fig. 7 is message communicating amount performance comparison figure in the embodiment of the present invention;
Fig. 8 is bit communications amount performance comparison figure in the embodiment of the present invention;
Fig. 9 is message communicating amount ratio and bit communications amount ratio tendency chart in the embodiment of the present invention.
Embodiment
Describe hereinafter with reference to Fig. 1-8 pair embodiments of the present invention.
Taking EPS AKA as example, as shown in Figure 1.In service in real network, must solve three problems: the one, how to obtain the mathematical relationship between Ciphering Key group length and bit communications amount, message communicating amount.The 2nd, how to set up real network model, and the acquisition methods of the certification amount M in previous time T under definite heterogeneous networks state.The 3rd, after the certification amount M in known previous time T, how to design the method for choosing Ciphering Key group length.
For problem one, set up the mathematical relationship of bit communications amount, message communicating amount and Ciphering Key group length K:
The angle of the bit length that interacting message number, interaction message take when EPS AKA carries out, in the time there is no available AV in SN, need five interacting messages, bit communications amount is the summation of these five message-lengths, that is: (875+608 × K) (b); In the time having available AV in SN, only need three message, bit communications amount is the summation of these three message-lengths, i.e. 491 (b).So bit communications amount, message communicating amount when M certification are respectively:
with
For problem two, set up network model, determine the acquisition methods of the certification amount M in previous time T under heterogeneous networks state.
For ease of analyzing, simplify EPS AKA verification process.Fig. 2 is the simplified model of verification process in time T: ADR represents Ciphering Key request and response process; UAR represents user authentication request and response process; τ
1represent that user enters the SN moment; τ
n, 1represent to carry out the ADR moment the N time; τ
2represent that user leaves the SN moment; τ
n,krepresent to carry out after the N time ADR, carry out the moment of the inferior UAR of k (1≤k≤K); When k represents to upgrade Ciphering Key group length, in K AV, use k.
Based on Fig. 2, network scenario as shown in Figure 3 of design, and the acquisition methods of certification amount M in previous time T under heterogeneous networks state: when UE enters SN
rtime, if t
ifor the time that SN switches the front last ADR of execution, t
i+1for switching the time occurring, t
i~t
i+1uAR the number of carrying out is during this time m, authentication rate
so, estimate SN and switch the certification amount M=λ T in the front T time; When UE enters SN
rafter, upgrade K value taking T as the time cycle; Obtain the actual authentication amount M in current time T by HE/HLR monitoring; When UE enters SN
r+1time, repeat said process.
For problem three, after the certification amount M in known previous time T, 4 explanation the present invention choose the method for Ciphering Key group length by reference to the accompanying drawings.
The first, estimate or the interior certification amount M of timing statistics T.
If current SN is in switching state,, according to the authentication rate λ of the current network of HE/HLR monitoring, can estimate the certification number of times M in next time T by M=λ T; Otherwise, get certification number of times in the previous T time as the certification number of times M in next T time period.
The second, utilize constraints, screen qualified K value set K'.
Initial setting K ∈ [1, min (M, K
max)] (K is positive integer), K
maxfor the Up limit of network settings.
Two constraintss:
1. overall waste rate γ
1: represent in time T or SN switch before final stage be not more than the Ciphering Key being dropped in the time of T and account for the percentage of total Ciphering Key that this period obtains.Set γ
1< ε, ε ∈ (0,1) is the positive number that can set according to real network situation.
2. local wave rate γ
2: represent in time T or SN switch before final stage be not more than Ciphering Key that K group AV that in time of T, the last ADR of execution obtains is dropped and account for the percentage of total Ciphering Key that this period obtains.Here set local wave rate γ
2be not more than 50%.
Three,, according to bit communications amount B (M, K') and message communicating amount S (M, K'), design selection principle, tentatively chooses K
*.
1. sort from small to large S (M, K'), B (M, K'), obtain respectively corresponding K value sequence k'={k '
1, k '
2..., k '
length (K')| k '
i∈ K'}, k''={k "
1, k "
2..., k "
length (K')| k "
j∈ K'}, i, j represent the positional information of its place sequence.
2. obtain position and the sequence of same K value at sequence k', k'', be designated as d={d
1, d
2..., d
length (K')| d
i, as k '
i=k "
jtime, d
i=i+j.
3. obtain initial value K
*=k '
i, i.e. mind
icorresponding K value k '
i.
Four, the actual authentication amount M' of statistics network, optimizes K
*, determine final Ciphering Key group length K
new.
Setting authentication amount fluctuation range is α, when actual authentication amount reaches after a certain value, keeps initial value K always
*=k '
iwill cause unnecessary bit communications amount.For this reason, choosing as follows of Ciphering Key group length optimized:
1. judgement
whether set up, if be false, K
new=K
*; If set up, carry out next step.
2.
before inferior ADR request does not occur, K
new=K
*; After generation
The present invention is elaborated taking the network scenario shown in accompanying drawing 5 as embodiment.Parameter is set to: if | t
i+1-t
i|=10, T=10 and m=23, α=15%, ε=0.1, K
max=50, HE/HLR monitoring and statistics M '
1=26.
For the moment 1:
1. in estimated time T, certification amount M:SN is in switching state, and λ=2.3, estimate UE certification amount M=λ T=23 in the T time before switching;
2. utilize the definition of Ciphering Key waste rate, screen qualified K value set K'.
Initial K ∈ [1, min (22,50)], by two constraintss:
with
obtain qualified K value set K'={1,2,3,4,5,6,8,12}.
3. according to bit communications amount B (M, K') and message communicating amount S (M, K'), design selection principle, tentatively chooses K
*.
Sort from small to large S (M, K'), B (M, K'), obtain respectively corresponding K value sequence k'={12,8,6,5,4,3,2,1}, k "={ 12,8,6,4,5,3,2,1}; Obtain d={2,4,6,9,9,12,14,16}, mind
icorresponding K value k '
1=12; Obtain initial value K
*=12.
Above-mentioned three steps are chosen initial value K
*process as shown in Figure 6.Fig. 6 (a) shows whole K to be selected
*value; Fig. 6 (b) shows the K value set K' value that meets the constraint of Ciphering Key waste rate: 1,2,3,4,5,6,8,12; Fig. 6 (c) shows by bit communications amount B (23, K') and message communicating amount acquisition K
*=12.
4. be M ' by actual authentication amount M'
1=26, optimize K
*determine final Ciphering Key group length K
new.Due to 24 < M '
1≤ 27 set up, and have K while carrying out the 1st, 2 ADR
new=12, while carrying out the 3rd ADR, there is K
new=3.
The inventive method is chosen final K under certification amount M=23
newmessage communicating amount and bit communications amount contrast situation respectively as shown in Figure 7 and Figure 8.The inventive method expands behind K value to be selected space, has obtained less message communicating amount; Keeping, under the minimum message traffic, significantly having reduced the consumption of bit communications amount.
The inventive method is at α=15%, ε=0.1 time, while getting the positive integer of M ∈ [8,100], with the contrast situation of now methodical message communicating amount ratio and bit communications amount ratio as shown in Figure 9.Visible, the inventive method compared with the conventional method, has minimum message communicating amount ratio and bit communications amount ratio.
For the moment 2:
Choice of dynamical algorithm is identical with the moment 1, and unique difference is: in the moment 2, SN is in non-switching state, and certification amount M obtains based on HE/HLR monitoring and statistics, i.e. M=26 now.Then, repeat in the moment 1 2.~4. step, obtain result: if
time, K
new=13; If M' ∈ (26,30] time, K while carrying out the 1st, 2 ADR, had
new=13, while carrying out the 3rd ADR, there is K
new=4.
Claims (5)
1. a choice of dynamical method for Ciphering Key group length K in certification and key agreement mechanism, is characterized in that, described method comprises following steps:
Whether the current residing service network SN of user that the first, network monitor is initiated request is in switching state; If SN, in switching state, utilizes the authentication request speed λ of the current network of monitoring, estimate the certification amount M in current time T; If SN is in non-switching state, the direct certification amount M in timing statistics T;
The second, definition Ciphering Key waste rate, the space K' to be selected of the qualified Ciphering Key group of Preliminary screening length;
Three, weigh the factor according to bit communications amount, two of message communicating amounts, set selection principle, obtain Ciphering Key group length initial value K under current network
*;
Four, optimize initial value K
*; Statistics actual authentication amount M', event " the
inferior ADR request " do not occur before, K
new=K
*; After this event occurs,
2. method according to claim 1, is characterized in that, the computational methods of first step certification amount M are:
1. when SN is in non-switching state, by the actual authentication amount M in HE/HLR monitoring current time T;
2. when SN is in switching state, if t
ifor the time that SN switches the front last ADR of execution, t
i+1for switching the time occurring, t
i~t
i+1uAR the number of carrying out is during this time m, authentication rate
so, obtain the certification amount M=λ T in the T time before SN switches.
3. method according to claim 1, is characterized in that, second step definition Ciphering Key waste rate, and to dwindle the space to be selected of seeking Ciphering Key group length, the method is:
Certification amount M in monitoring current network time T, two waste rate γ of definition Ciphering Key
1and γ
2, wherein,
1. overall waste rate γ
1: represent in time T or SN switch before final stage be not more than the Ciphering Key being dropped in the time of T and account for the percentage of total Ciphering Key that this period obtains; If γ
1< ε, ε ∈ (0,1) is a positive number of setting according to real network situation;
2. local wave rate γ
2: represent in time T or SN switch before final stage be not more than Ciphering Key that K group AV that in time of T, the last ADR of execution obtains is dropped and account for the percentage of total Ciphering Key that this period obtains; Here set local wave rate γ
2be not more than 50%.
4. method according to claim 1, is characterized in that, obtains Ciphering Key group length initial value K under current network described in the 3rd step
*method:
Here the selection principle of design is: the K value set K' to be selected determining according to constraints, from small to large by message communicating amount and the sequence of bit communications amount, and obtains respectively corresponding K value sequence k'={k
1', k
2' ..., k '
length (K')| k
i' ∈ K}', k "=k "
1, k "
2..., k "
length (K')| k "
j∈ K'}, i, j represent the positional information of its place sequence; Obtain same K value at sequence k', k " in position and sequence, be designated as d={d
1, d
2..., d
length (K')| d
i, work as k
i'=k "
jtime, d
i=i+j; Obtain initial value K
*=k '
i, k '
ifor min{d
icorresponding K value.
5. method according to claim 1, is characterized in that, the 4th step optimizing demonstration Vector Groups length initial value K
*method be:
Setting authentication amount fluctuation range is α, when actual authentication amount reaches after a certain value, keeps initial value K always
*=K
iwill cause unnecessary bit communications amount; For this reason, choosing as follows of Ciphering Key group length optimized: if actual authentication amount M' meets
m' ∈ M
new, event " the
inferior ADR request " do not occur before, K
new=K
*; After this event occurs,
here, α ∈ [0,1] is actual authentication amount and the difference and the ratio of estimating certification amount, M of estimating certification amount
newfor the certification amount of estimating.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410322705.5A CN104066087A (en) | 2014-07-08 | 2014-07-08 | Method for dynamically selecting length of authentication vector set |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410322705.5A CN104066087A (en) | 2014-07-08 | 2014-07-08 | Method for dynamically selecting length of authentication vector set |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104066087A true CN104066087A (en) | 2014-09-24 |
Family
ID=51553575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410322705.5A Pending CN104066087A (en) | 2014-07-08 | 2014-07-08 | Method for dynamically selecting length of authentication vector set |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104066087A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625306A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Method, system and equipment for authentication |
| CN102638794A (en) * | 2007-03-22 | 2012-08-15 | 华为技术有限公司 | Authentication and key negotiation method, and authentication method, system and equipment |
| CN103458410A (en) * | 2009-09-21 | 2013-12-18 | 华为技术有限公司 | Certification processing method and device |
-
2014
- 2014-07-08 CN CN201410322705.5A patent/CN104066087A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638794A (en) * | 2007-03-22 | 2012-08-15 | 华为技术有限公司 | Authentication and key negotiation method, and authentication method, system and equipment |
| CN103458410A (en) * | 2009-09-21 | 2013-12-18 | 华为技术有限公司 | Certification processing method and device |
| CN102625306A (en) * | 2011-01-31 | 2012-08-01 | 电信科学技术研究院 | Method, system and equipment for authentication |
Non-Patent Citations (3)
| Title |
|---|
| JA AFER AL-SARAIREH: ""Analyses Authentication and Key Agreement (AKA) Protocol for UMTS Mobile Networks"", 《IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS》 * |
| YI-BINGLIN: ""Reducing authentication signaling traffic in third-generation mobile network"", 《IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS》 * |
| 刘红: ""异构无线网络密钥协商和认证向量研究"", 《中国优秀硕士学位论文全文数据库》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | An intelligent SDN framework for 5G heterogeneous networks | |
| CN110536342A (en) | A kind of network mode control method and terminal, storage medium | |
| Duan et al. | Fast authentication in 5G HetNet through SDN enabled weighted secure-context-information transfer | |
| Xu et al. | Telecom big data assisted BS resource analysis for LTE/5G systems | |
| US20210204148A1 (en) | Real-time intelligent ran controller to support self-driving open ran | |
| WO2021088766A1 (en) | Handover method, handover device, and network system | |
| EP4014436A1 (en) | Methods, apparatus and machine-readable media relating to machine-learning in a communication network | |
| Rasheed et al. | An overview of mobile edge computing: Architecture, technology and direction | |
| WO2021179176A1 (en) | Federated learning in telecom communication system | |
| CN104244268A (en) | Method and device for network coverage along high-speed rail | |
| CN109391498A (en) | The management method and the network equipment of networking component | |
| CN102891877A (en) | Online processing system and method for implementing terminal application | |
| CN103918326A (en) | Method of estimating mobility of user equipment and wireless device | |
| CN116472748A (en) | Estimating total energy consumption of a user equipment | |
| TWI551162B (en) | A method, system, and device for reporting mobile information | |
| CN109041255B (en) | Access method and UE | |
| CN103906102B (en) | Of short duration resident inspection optimization method and system | |
| CN110429982A (en) | Data transmission method and relevant apparatus | |
| Huang et al. | Prospect of 5G intelligent networks | |
| CN106304065A (en) | Method, controller and network system for delaying authentication of user equipment | |
| CN104469798A (en) | Communication network load condition information forecasting method based on Markov chain | |
| JP2013517684A (en) | Method for controlling resource usage within a communication system | |
| Wei et al. | A mobility load balancing optimization method for hybrid architecture in self-organizing network | |
| CN104066087A (en) | Method for dynamically selecting length of authentication vector set | |
| WO2012109936A1 (en) | Wireless parameter self-optimization method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140924 |