CN105530100A - VoLTE secure communication method - Google Patents
VoLTE secure communication method Download PDFInfo
- Publication number
- CN105530100A CN105530100A CN201610018888.0A CN201610018888A CN105530100A CN 105530100 A CN105530100 A CN 105530100A CN 201610018888 A CN201610018888 A CN 201610018888A CN 105530100 A CN105530100 A CN 105530100A
- Authority
- CN
- China
- Prior art keywords
- key
- volte
- recipient
- digital signature
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a VoLTE secure communication method. A symmetric encryption algorithm RC4 and an asymmetric encryption algorithm RSA are simultaneously used for executing end-to-end secure communication of a VoLTE communication mode; wherein the high-efficiency symmetric encryption algorithm RC4 is used for encrypting call voice data; the asymmetric encryption algorithm RSA is used for digitally signing and verifying the call voice data to confirm the reliability of a data source; and a symmetrically encrypted key is encrypted by the a public key of the asymmetric encryption algorithm RSA and is negotiated with a receiver, so as to guarantee the security of the voice encryption key. The encryption key of each voice session is generated randomly and is destroyed after the session is finished. The proposed VoLTE secure communication method is used for comprehensively and efficiently realizing secret transmission, authentication and signature and key negotiation of both VoLTE communication parties and well considering the requirements of VoLTE voice on the transmission speed, the voice quality and the security.
Description
Technical field
The present invention relates to a kind of VoLTE safety communicating method to realize the end-to-end speech encryption of voice on VoLTE, belong to mobile communication security technology area.
Background technology
The 4G system in current China and even the world is comparatively perfect, and runs speech network also progressively in beginning based on the IMS of packet domain information transmission.Numerous advantages of packet domain information transmission allow traditional telephone network become a trend to the transition of IP network.The daily talk business of people after if VoLTE will being applied to, overriding concern be exactly the problem of its communication security.When subscriber equipment needs access IMS business network, first need to carry out authentication.This certification is called that the flow process of " IMS authentication and key agreement " (IMSAKA) completes based on one.Because Session Initiation Protocol itself lacks the protection of enforceable confidentiality and integrity; therefore require in IMS system must accept enforceable integrity protection during customer equipment to access business network, the key that IMSAKA produces after consulting then is used to set up this security association.The analysis found that; the safety protecting mechanism of IMS network can well resist registration hijack attack; but user in the discovery procedure of P-CSCF due to do not have realize message safety protection; Denial of Service attack (DoS attack) may be there is; therefore IMS network is attacked for existing great majority certain defensive ability/resistance ability, but still there is larger security risk.
Because as user, to access packet domain be need the encryption key distribution flow process through IMSAKA, and this requirements of process subscriber equipment and IMS network carry out twice independently certification and netkey distribute and wherein there is leak, may spoof attack be caused.For this problem, we must be optimized existing key agreement mechanisms.At present the mode based on symmetric password encryption can be directly used to carry out in Tone Via process end to end.But the shortcoming of symmetric cryptographic algorithm needs transmission and receiving terminal to carry out key agreement in advance before a communication, guarantees that encryption and decryption uses identical key.Based on above problem, Diffie and Hellman proposes the system of public key cryptography.Because open key algorithm is based on the difficult problem on some computation complexities mostly, wherein a lot of principle all comes from the knowledge such as number theory, the algorithm realization of these problems often relates to the operation of modular multiplication or exponent arithmetic, therefore needs more computational resources relative to the method for traditional block cipher encryption.This shows that Tone Via at network is like this for the occasion that requirement of real-time is very high, utilizing public key algorithm voice data to be encrypted not is a good method.
Based on to case studies such as the treatment effeciency in above-mentioned technical method and fail safes, the present invention proposes a kind of new VoLTE safety communicating method, wherein relate to symmetric encipherment algorithm, rivest, shamir, adelman, Digital Signature Algorithm etc.
Symmetric encipherment algorithm refers to that encryption and decryption use the cryptographic algorithm of same key, and it requires that transmit leg and recipient are before secure communication, decides through consultation a key.The fail safe of symmetry algorithm depends on key, leaks key and just means anyone decrypt messages that can send them or receive, so the confidentiality of key is most important.
The basic process that rivest, shamir, adelman realizes confidential information exchange is: Party A generates pair of secret keys and disclosed as Public key to other side by a handle wherein; Party A is sent to again after the Party B obtaining this Public key uses this double secret key confidential information to be encrypted; Party A is decrypted the information after encryption with another private key oneself preserved again.Party A can only with the deciphering of its private key by any information after its public-key encryption, and the confidentiality of rivest, shamir, adelman is relatively good.
Digital signature, others the hop count word string that cannot forge only having the sender of information to produce exactly, this hop count word string is also valid certificates sender being sent to information authenticity simultaneously.Digital signature should have following features: debit can confirm or confirm the signature of originating party, and anyone can not copy.Digital signature is a process for encryption, and digital signature authentication is a process for deciphering.Digital signature can the integrality of guarantee information transmission, the generation authentication being carried out to sender, prevents denial behavior.
Summary of the invention
Technical problem: the invention provides a kind of can guarantee transmission of speech information further speed, quality and fail safe VoLTE safety communicating method.
Technical scheme: VoLTE safety communicating method of the present invention, uses symmetric encipherment algorithm RC4 to be encrypted call voice data, uses rivest, shamir, adelman RSA to carry out digital signature and checking to call voice data simultaneously; Hold consultation with recipient again after the key of symmetric cryptography is encrypted by the PKI of rivest, shamir, adelman RSA.
Further, the concrete steps of the inventive method are as follows:
(1) transmit leg gets out the speech data information that will transmit, digest calculations is carried out to described speech data information, obtain informative abstract, then described informative abstract RSA private key is encrypted and obtains digital signature, and described digital signature is attached on speech data information;
(4) transmit leg produces a symmetric cryptographic key at random, is encrypted, forms ciphertext with symmetric encipherment algorithm RC4 to the described speech data information with digital signature;
(5) the transmit leg symmetric cryptographic key of RSA PKI to random generation before of recipient is encrypted, and sends the key after encryption to recipient together with ciphertext;
(6) recipient receives ciphertext and the key after encrypting, first be decrypted with the key after RSA private key pair encryption, obtain symmetric cryptographic key, then with described symmetric cryptographic key, RC4 deciphering is carried out to ciphertext, obtain the speech data information with digital signature;
(8) digital signature that the RSA PKI of recipient's transmit leg is deciphered described step (6) in the speech data information obtained is decrypted, and obtains informative abstract;
(9) recipient carries out computing by the digest calculations method identical with step (1) to the speech data information with digital signature that described step (6) obtains, and obtains new informative abstract;
(10) new informative abstract and described step (8) are deciphered the informative abstract obtained and are compared by recipient, if consistent, illustrate that the voice messaging received is not tampered, then trust this voice messaging, obtain its content, otherwise shield this voice messaging.
Further, in the inventive method, symmetric cryptographic key will be destroyed after this end of conversation.
Beneficial effect: the present invention compared with prior art, has the following advantages:
In voice communication system, communication speech data volume is general larger, also high to delay requirement.By adopting the higher symmetric cryptography RC4 algorithm of efficiency to be encrypted communication speech data, the requirement of VoLTE voice more can be met.Then with asymmetric RSA Algorithm, negotiation is encrypted to the key of each encrypt voice data, utilizes the flexible feature of asymmetric encryption and decryption better.
Symmetrical and the asymmetric encipher-decipher method of the VoLTE safety communicating method integrated use proposed, achieve the secrecy transmission of VoLTE communicating pair, certification and signature and key agreement efficiently, take into account the requirement of VoLTE voice transfer to transmission speed, voice quality and fail safe preferably.
Accompanying drawing explanation
Fig. 1 is a kind of the general frame of VoLTE safety communicating method.
Embodiment
Below in conjunction with embodiment and Figure of description, the present invention is further illustrated.VoLTE carries out IP-based voice communication based on LTE mobile communication technology basis, is following important voice communication mode.First it will complete the access of IMS agreement and the foundation of basic communication link, and then realize speech data transmission end to end.
According to Fig. 1, we illustrate the implementation process of safety communicating method on VoLTE.First, on the basis of VoLTE agreement, have transmit leg to be A, recipient is B.Transmit leg and recipient need the IMS access and the basic communication link establishment that first realize VoLTE.Implementation step is as follows:
(1) transmit leg A completes the two-way authentication with business network by IMSAKA.
(2) A and CSCF-A sets up communication.
(3) recipient B completes the two-way authentication with business network by IMSAKA.
(4) B and CSCF-B sets up communication.
(5) A sends session invitation request to CSCF-A.
(6) CSCF-A is by checking that SIP request relevant field is routed to CSCF-B.
(7) session invitation request is sent to B by CSCF-B.
(8) B confirms session invitation request, call setup.
Next the foundation of method is securely communicated:
(1) transmit leg A generates a random encryption key;
(2) transmit leg A carries out digest calculations to speech data information, obtains informative abstract;
(3) transmit leg A is encrypted informative abstract RSA private key and obtains digital signature, and is attached on speech data information;
(4) transmit leg A produces a key at random, is encrypted the speech data information that will send with symmetric encipherment algorithm RC4, forms ciphertext;
(5) the transmit leg A key of RSA PKI to random generation before of recipient is encrypted, and sends the key after encryption to recipient together with ciphertext;
(6) recipient B receives ciphertext and the key after encrypting, and is first decrypted with the key after RSA private key pair encryption, obtains symmetric cryptographic key;
(7) recipient B carries out RC4 deciphering with symmetric cryptographic key to ciphertext again, obtains speech data information expressly;
(8) the RSA PKI of recipient B transmit leg is decrypted digital signature, obtains informative abstract;
(9) the identical digest algorithm of recipient B obtains new informative abstract to expressly carrying out computing;
(10) new informative abstract and the informative abstract received compare by recipient B, if unanimously, illustrate that the voice messaging received is not tampered.
(11), after this end of conversation, being used for the symmetric cryptographic key of encrypted voice data will be destroyed;
So just to achieve voice messaging based on VoLTE by transmit leg encrypted transmission to the object of recipient, effectively guarantee the fail safe of session.
Above-described embodiment is only the preferred embodiment of the present invention; be noted that for those skilled in the art; under the premise without departing from the principles of the invention; some improvement and equivalent replacement can also be made; these improve the claims in the present invention and are equal to the technical scheme after replacing, and all fall into protection scope of the present invention.
Claims (3)
1. a VoLTE safety communicating method, is characterized in that, the method uses symmetric encipherment algorithm RC4 to be encrypted call voice data, uses rivest, shamir, adelman RSA to carry out digital signature and checking to call voice data simultaneously; Hold consultation with recipient again after the key of symmetric cryptography is encrypted by the PKI of rivest, shamir, adelman RSA.
2. a kind of VoLTE safety communicating method as claimed in claim 1, it is characterized in that, the method concrete steps are as follows:
(1) transmit leg gets out the speech data information that will transmit, digest calculations is carried out to described speech data information, obtain informative abstract, then described informative abstract RSA private key is encrypted and obtains digital signature, and described digital signature is attached on speech data information;
(4) transmit leg produces a symmetric cryptographic key at random, is encrypted, forms ciphertext with symmetric encipherment algorithm RC4 to the described speech data information with digital signature;
(5) the transmit leg symmetric cryptographic key of RSA PKI to random generation before of recipient is encrypted, and sends the key after encryption to recipient together with ciphertext;
(6) recipient receives ciphertext and the key after encrypting, first be decrypted with the key after RSA private key pair encryption, obtain symmetric cryptographic key, then with described symmetric cryptographic key, RC4 deciphering is carried out to ciphertext, obtain the speech data information with digital signature;
(8) digital signature that the RSA PKI of recipient's transmit leg is deciphered described step (6) in the speech data information obtained is decrypted, and obtains informative abstract;
(9) recipient carries out computing by the digest calculations method identical with step (1) to the speech data information with digital signature that described step (6) obtains, and obtains new informative abstract;
(10) new informative abstract and described step (8) are deciphered the informative abstract obtained and are compared by recipient, if consistent, illustrate that the voice messaging received is not tampered, then trust this voice messaging, obtain its content, otherwise shield this voice messaging.
3. a kind of VoLTE safety communicating method as claimed in claim 1 or 2, it is characterized in that, described symmetric cryptographic key will be destroyed after this end of conversation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610018888.0A CN105530100A (en) | 2016-01-12 | 2016-01-12 | VoLTE secure communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610018888.0A CN105530100A (en) | 2016-01-12 | 2016-01-12 | VoLTE secure communication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105530100A true CN105530100A (en) | 2016-04-27 |
Family
ID=55772114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610018888.0A Pending CN105530100A (en) | 2016-01-12 | 2016-01-12 | VoLTE secure communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105530100A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106060807A (en) * | 2016-05-24 | 2016-10-26 | 中国科学院信息工程研究所 | Message transmission method applicable to circuit domain encrypted communication |
| CN107231237A (en) * | 2017-06-02 | 2017-10-03 | 上海斐讯数据通信技术有限公司 | A kind of safe credit method and system |
| CN107249002A (en) * | 2017-07-20 | 2017-10-13 | 云南电网有限责任公司电力科学研究院 | A kind of method, system and device for improving intelligent electric energy meter security |
| WO2017197968A1 (en) * | 2016-05-17 | 2017-11-23 | 中兴通讯股份有限公司 | Data transmission method and device |
| CN107733836A (en) * | 2016-08-11 | 2018-02-23 | 中国电信股份有限公司 | VoLTE and GSM encryption voice intercommunication method and system |
| CN111769934A (en) * | 2020-07-08 | 2020-10-13 | 深圳思凯微电子有限公司 | Data transmission method, system and computer readable storage medium |
| CN112751868A (en) * | 2020-12-30 | 2021-05-04 | 武汉海昌信息技术有限公司 | Heterogeneous encryption transmission method, storage medium and system |
| CN113779634A (en) * | 2021-09-17 | 2021-12-10 | 江苏通付盾区块链科技有限公司 | Data storage method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103986583A (en) * | 2014-05-29 | 2014-08-13 | 上海斐讯数据通信技术有限公司 | Dynamic encryption method and encryption communication system thereof |
| CN104424446A (en) * | 2013-08-21 | 2015-03-18 | 中外建设信息有限责任公司 | Safety verification and transmission method and system |
-
2016
- 2016-01-12 CN CN201610018888.0A patent/CN105530100A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424446A (en) * | 2013-08-21 | 2015-03-18 | 中外建设信息有限责任公司 | Safety verification and transmission method and system |
| CN103986583A (en) * | 2014-05-29 | 2014-08-13 | 上海斐讯数据通信技术有限公司 | Dynamic encryption method and encryption communication system thereof |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017197968A1 (en) * | 2016-05-17 | 2017-11-23 | 中兴通讯股份有限公司 | Data transmission method and device |
| CN106060807A (en) * | 2016-05-24 | 2016-10-26 | 中国科学院信息工程研究所 | Message transmission method applicable to circuit domain encrypted communication |
| CN107733836A (en) * | 2016-08-11 | 2018-02-23 | 中国电信股份有限公司 | VoLTE and GSM encryption voice intercommunication method and system |
| CN107733836B (en) * | 2016-08-11 | 2020-11-24 | 中国电信股份有限公司 | Encrypted voice intercommunication method and system for VoLTE and mobile communication system, IM-MGW and VOLTE network system |
| CN107231237A (en) * | 2017-06-02 | 2017-10-03 | 上海斐讯数据通信技术有限公司 | A kind of safe credit method and system |
| CN107249002A (en) * | 2017-07-20 | 2017-10-13 | 云南电网有限责任公司电力科学研究院 | A kind of method, system and device for improving intelligent electric energy meter security |
| CN107249002B (en) * | 2017-07-20 | 2021-02-23 | 云南电网有限责任公司电力科学研究院 | Method, system and device for improving safety of intelligent electric energy meter |
| CN111769934A (en) * | 2020-07-08 | 2020-10-13 | 深圳思凯微电子有限公司 | Data transmission method, system and computer readable storage medium |
| CN111769934B (en) * | 2020-07-08 | 2023-12-08 | 深圳思凯微电子有限公司 | Data transmission method, system and computer readable storage medium |
| CN112751868A (en) * | 2020-12-30 | 2021-05-04 | 武汉海昌信息技术有限公司 | Heterogeneous encryption transmission method, storage medium and system |
| CN113779634A (en) * | 2021-09-17 | 2021-12-10 | 江苏通付盾区块链科技有限公司 | Data storage method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104486077B (en) | A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission | |
| CN105530100A (en) | VoLTE secure communication method | |
| CN104618110B (en) | A kind of VoIP security conferences session key transmission method | |
| CN101277512B (en) | Method for ciphering wireless mobile terminal communication | |
| CN106936788B (en) | A kind of cryptographic key distribution method suitable for VOIP voice encryption | |
| CN102111416B (en) | Real time data encryption transmission method for voice over internet protocol (VoIP) | |
| CN101971559A (en) | Method and apparatus to enable lawful intercept of encrypted traffic | |
| Wang et al. | A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes | |
| CN102547688A (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
| CN101277513B (en) | Method for ciphering wireless mobile terminal communication | |
| CN112468490B (en) | Authentication method for access of power grid terminal layer equipment | |
| KR101297936B1 (en) | Method for security communication between mobile terminals and apparatus for thereof | |
| CN105792193A (en) | End-to-end voice encryption method of mobile terminal based on iOS operating system | |
| CN111756726A (en) | SIP security authentication method supporting State cipher algorithm | |
| CN101790160A (en) | Method and device for safely consulting session key | |
| WO2017197968A1 (en) | Data transmission method and device | |
| Subashri et al. | Real time implementation of Elliptic Curve Cryptography over a open source VoIP server | |
| KR101210938B1 (en) | Encrypted Communication Method and Encrypted Communication System Using the Same | |
| CN100583733C (en) | Method for realizing safety of media flow and communication system | |
| CN105763571A (en) | SIP-based asymmetric voice encryption | |
| CN104753869A (en) | SIP protocol based session encryption method | |
| Haddad et al. | A proposed protocol for internet key exchange (IKE) | |
| Jiang et al. | An identity-based security mechanism for P2P VoIP | |
| GB2376392A (en) | Legal interception of encrypted IP traffic | |
| Zhu et al. | ECC-based authenticated key agreement protocol with privacy protection for VoIP communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160427 |
|
| RJ01 | Rejection of invention patent application after publication |