CN107708150B - Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal - Google Patents
Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal Download PDFInfo
- Publication number
- CN107708150B CN107708150B CN201711195237.XA CN201711195237A CN107708150B CN 107708150 B CN107708150 B CN 107708150B CN 201711195237 A CN201711195237 A CN 201711195237A CN 107708150 B CN107708150 B CN 107708150B
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- nas
- tested terminal
- controlling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/24—Testing correct operation
- H04L1/242—Testing correct operation by comparing a transmitted test signal with a locally generated replica
- H04L1/244—Testing correct operation by comparing a transmitted test signal with a locally generated replica test sequence generators
Abstract
The system and the method are based on a host computer and a system simulator, define an interface of a non-access stratum (NAS) in the narrow-band Internet of things, test the non-access stratum authentication function of the narrow-band Internet of things terminal, so as to perfect the requirement of the existing protocol consistency test, and ensure that the commercial terminal passing the authentication is interconnected and intercommunicated with network equipment of different manufacturers in the existing network aiming at the research and development, test and network access authentication work of NB-IOT.
Description
Technical Field
The invention relates to the field of communication, in particular to a method for testing consistency of authentication functions of a narrowband Internet of things terminal non-access stratum.
Background
Narrowband Band Internet of Things (NB-IoT) is one of many technologies of Low Power Wide Access (LPWA), which can support cellular data connection of Low Power devices in a Wide area network. The NB-IoT has four characteristics: the method has the advantages that firstly, the wide coverage is realized, improved indoor coverage is provided, and the NB-IoT has 20dB gain compared with the existing network under the same frequency band, and the coverage area is enlarged by 100 times; secondly, the system has the capacity of supporting massive connections, one NB-IoT sector can support 10 ten thousand connections, and the system supports low delay sensitivity, ultralow equipment cost, low power consumption and optimized network architecture; thirdly, the power consumption is lower, and the standby time of the NB-IoT terminal module can be as long as 10 years; fourth, lower module cost, enterprise expects a single contiguous module to exceed $ 5. The method can be widely applied to various vertical industries, such as remote meter reading, asset tracking, intelligent parking, intelligent agriculture and the like.
The NB-IoT accesses the network through the E-UTRA by using the uplink and downlink bandwidths of 180kHz, and can be directly deployed in a GSM network or an LTE network. There are three modes of deployment for NB-IoT: standard-alone operation, Guard-band operation and In-band operation. The downlink uses OFDMA multiple access technology, and the uplink uses SC-FDMA, which is divided into Single-tone (one uplink subcarrier) and Multi-tone (multiple uplink subcarriers). The NB-IoT of Rel13 employs half-duplex FDD, temporarily not TDD. The NB-IoT supports a Multi-carrier (Multi-PRB) approach, i.e., other non-anchor NB-IoT carriers can be additionally used to transmit data, specifically in combination with a deployment approach, such as inband + inband, inband + guardband, guardband + guardband, standard one + standard one, and combinations of standard one mode and guard-band or in-band are not supported. At present, operators in China plan to deploy NB-IoT on a GSM frequency band, and mainly focus on 800-900 MHz.
The core specification of NB-IoT technology, although written in LTE (long term evolution) specification, is still considered as an independent RAT (Radio Access Technologies), and its main difference from LTE technology is that it simplifies and adjusts the functions of LTE medium Access layer (MAC), Radio link control layer (RLC) and Packet Data Convergence Protocol (PDCP) layer protocols, adds new suspend-resume (suspend-resume) procedures to Radio Resource Control (RRC) layer, and introduces new dedicated messages and procedures in NAS protocol to quickly resume connection. NB-IoT is divided into three solutions: one is a Control Plane Solution (CP Solution, or called Control Plane CIoT EPS options), and the other is a User Plane Solution (UP Solution, or called User Plane CIoT EPS options) and uses both solutions simultaneously. Where CP solutions are mandatory to be supported by NB-IoT terminals, UP solutions are optional to be supported.
Meanwhile, TTCN-3(Testing and Test Control notification) is widely accepted in the industry as a general language for consistency Test of TD-LTE and subsequent 4G wireless mobile communication terminals, and the reliability and maturity of the consistency Test of the signaling of the terminal protocol stack are realized by using script Control. TTCN-3 test case code clearly defines parameters such as test conditions, test flow, configuration message content and the like of all test cases in the terminal consistency test, and tests whether the interpretation and implementation of the core protocol of the tested terminals (chips) of different manufacturers are consistent or not by running the script on the terminal consistency test instrument platform, thereby finally ensuring that the commercial terminals passing the authentication are interconnected and communicated with network equipment of different manufacturers in the current network.
The existing NB-IoT protocol consistency test system lacks interfaces and functions related to NB-IOT safety, and cannot perform safety function related tests on the NB-IOT terminal, so that normal network access and business use of the NB-IOT terminal are influenced.
Disclosure of Invention
In view of this, the invention provides a method and a system for testing consistency of a narrowband internet of things terminal non-access stratum authentication function, which define an interface of a non-access stratum NAS in an NB-IOT and test the narrowband internet of things terminal non-access stratum authentication function.
In a first aspect, a system for testing consistency of authentication functions of a narrowband internet of things terminal in a non-access stratum is provided, which includes:
the system comprises a terminal to be tested, a system simulator and a host computer, wherein the host computer is a control center of the test system and comprises a test case, a narrowband Internet of things system module, a non-access stratum (NAS) simulator and an external function module; the system simulator is used for providing functions such as wireless access control and simulating main functional modules such as a Radio Link Control (RLC), a Media Access Control (MAC) layer, a physical layer and a radio frequency part in a wireless communication protocol stack of the narrow-band Internet of things system; the tested terminal is connected with the system simulator through radio frequency;
the non-access stratum NAS simulator is provided with: the NAS control interface is used for interaction of the control information of the narrowband Internet of things system module and the NAS simulator; an interface for performing SRB signaling interaction with the narrowband Internet of things module, wherein the interface is used for transmitting uplink and downlink messages to be sent or received;
the system also comprises an interface between the NAS simulator and the system simulator, and the interface is used for sending and receiving a radio resource control layer protocol data unit of the narrowband Internet of things system;
the type of the NAS message transmitted between the test case and the system simulator comprises a downlink NAS message and an uplink NAS message, the downlink NAS message comprises downlink security protection information of the message and a downlink message protocol data unit, the downlink security protection information comprises a security header and a message authentication code indication bit, the downlink message PDU also comprises a downlink NAS message and an optional piggybacked NAS message list, and the message list can comprise one or more downlink NAS messages; the uplink NAS message comprises uplink security protection information and an uplink message protocol data unit, wherein the uplink security protection information comprises a security header and a counter NAS count, the uplink message protocol data unit further comprises an uplink NAS message and an optional uplink piggybacked NAS message list, and the message list can comprise one or more uplink NAS messages;
the test system also comprises an authentication request, an authentication rejection, an authentication response, an authentication failure and other authentication related NAS message templates which are used for sending and receiving matching of messages;
the test system also comprises a function for initializing the authentication parameters.
Preferably, the NAS control interface is configured to enable the narrowband internet of things system module to interact with control information of the NAS simulator, where the message sent by the control interface is an NAS control request message, and the received message is an NAS control confirmation message.
Preferably, the NAS control request message is divided into a common part and a request part, the common part indicates whether the core network security function part needs to reply the acknowledgement message by the bottom layer when sending the current NAS control request message; the request part indicates the specific content of the NAS control request message sent by the core network security function part, including an indication of the core network to start/restart/release the current NAS function, and an indication of the core network to read/set the current NAS count value.
Preferably, the interface performs SRB signaling interaction with the narrowband internet of things module, and is configured to transmit uplink and downlink messages to be sent or received, where the message entering the NAS simulator is a request message of the narrowband internet of things, the type of the request message is defined as a common part and a signaling part, the common part includes an ID of a serving cell, routing information of the SRB, and time information to be sent, and the signaling part includes a downlink RRC message and an NAS message.
Preferably, the NAS simulator is configured to send and receive a radio resource control layer protocol data unit of the narrowband internet of things system, where a request message of the radio resource control layer protocol data unit includes a downlink radio resource control layer message, and an indication message includes an uplink radio resource control layer message.
Preferably, the authentication request is a downlink NAS message, and the content of the message includes a security header of the message, a message protocol type, a specific type of the message, a KSI of NAS security context, a random number, an authentication token, and the like; the authentication rejection is a downlink NAS message, and the content of the message comprises a security header, a message protocol type, a specific message type and the like of the message. The authentication response is an uplink NAS message, and the content of the message comprises a safety head of the message, a message protocol type, a specific type of the message, corresponding authentication parameters and the like; the authentication failure is an uplink NAS message which comprises a security header of the message, a message protocol type, a specific type of the message, an EMM reason, an authentication failure parameter and the like.
Preferably, the function initialized by the authentication parameters is used for calculating and generating the required authentication parameters in the NBIOT system, and specifically includes a random value (random value), a Ciphering Key (CK), an integrity protection key (IK), an authentication token (AUTN), an expected response (XRES), an access stratum management key (Kasme), and the like.
Preferably, the NAS security function external function module includes a NAS integrity protection related function, a NAS ciphering protection related function, and a NAS decryption related function, and is configured to perform calling of a corresponding external function when processing the uplink and downlink NAS messages.
In a second aspect, a method for testing the consistency of the NAS security mode function of a narrowband internet of things terminal is provided, which includes the following steps:
s100, presetting a test platform, and initializing a narrow-band Internet of things system;
step S200, controlling a system simulator to set cell parameters, establishing a cell 1 and a cell 2, setting same frequency reselection parameters, broadcasting in a system broadcast message sib1 to allow same frequency cell reselection, and finishing broadcasting of system messages of the cell 1 and the cell 11 according to the configuration; setting the power of the cell 1 and closing the cell 2;
step S300, the tested terminal executes the starting operation, controls other testing modules in the testing platform to perform message interaction of a narrowband Internet of things core network registration process with the tested terminal, and pulls the tested terminal to a registration state;
s400, controlling the test platform and the system simulator to send a signaling of an authentication request;
step S500, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal, sending a signaling of authentication rejection, and releasing RRC layer link;
step S600, controlling a test platform to start a timer, monitoring whether a connection request sent by a tested terminal is received or not within a timer starting time period, if so, judging that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S700, controlling the test platform and the system simulator to send a paging message to the tested terminal, wherein the message carries a correct ID corresponding to the tested terminal, monitoring whether a paging response sent by the tested terminal is received or not within a certain time period, if so, judging that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S800, controlling the test platform to send an AT command prompting shutdown to command the tested terminal to shutdown, and then controlling the test platform to send an AT command prompting startup to command the tested terminal to start up so as to enable the tested terminal to recover from the previous abnormal state;
s900, controlling a test platform and a system simulator to perform message interaction of a narrowband Internet of things core network registration process with the tested terminal, and pulling the tested terminal to a registration state;
step S1000, controlling a test platform to call a function for initializing authentication parameters, initializing a group of abnormal authentication vectors with failed serial numbers, and controlling a system simulator to send an authentication request signaling with the authentication vectors to a tested terminal;
step S1100, controlling a test platform and a system simulator, receiving an authentication failure signaling from a tested terminal, detecting whether the signaling carries information corresponding to a failure type, if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
step S1200, controlling a test platform, updating an authentication random number, calling an authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and controlling a system simulator to send an authentication request signaling with the authentication vectors;
step 1300, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal. Detecting whether the authentication response parameters in the signaling are in accordance with the expected values calculated by the test platform, if so, continuing to execute the subsequent steps, and if the information is wrong, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
and step S1400, controlling the test platform to call a function for initializing the authentication parameters. Initializing a group of abnormal authentication vectors with an authentication management domain of 0, then controlling a system simulator, and sending an authentication request signaling with the authentication vectors to a tested terminal;
step S1500, controlling the test platform and the system simulator, receiving the authentication failure signaling from the tested terminal, and detecting whether the signaling carries the reason of 'non-EPS authentication refusal acceptance'. If the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrow-band Internet of things authentication function;
step S1600, controlling the test platform and the system simulator, sending an identity request signaling to the tested terminal, and requesting the IMSI of the tested terminal;
step S1700, controlling the test platform and the system simulator to receive the identity response sent by the tested terminal, detecting whether the response contains the IMSI of the tested terminal, if so, continuing to execute the subsequent steps, and if not, judging that the test case is abnormal;
step S1800, controlling the test platform, updating the authentication random number, calling the authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and sending an authentication request signaling with the authentication vectors;
and step S1900, controlling the test platform and the system simulator to receive the authentication response signaling sent by the tested terminal. And detecting whether the authentication response parameters in the signaling are consistent with the expected values calculated by the test platform. If the information is wrong, the tested terminal is considered to have no complete and correct narrow-band Internet of things authentication function;
s2000, controlling a test platform to call an authentication parameter initialization function, initializing a group of abnormal authentication vectors with wrong message authentication codes, and then controlling a system simulator to send an authentication request signaling to a tested terminal and carry the authentication vectors;
step S2100, controlling the test platform and the system simulator, receiving the authentication failure signaling from the tested terminal, detecting whether the signaling carries matched information, if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
step S2200, the terminal to be measured starts the timer T3418, and control the platform to be measured to start a timer based on T3418 and added with reasonable redundancy, and wait for the timer to be overtime, after the timer T3418 is overtime, the terminal to be measured will regard the current serving cell as forbidden;
and step S2300, controlling the test platform and the system simulator to send paging messages to the tested terminal. The message carries a correct ID corresponding to the tested terminal, whether a paging response sent by the tested terminal is received or not is monitored within a certain time span, if yes, the tested terminal is judged to have no complete and correct authentication function, and if not, the subsequent steps are continuously executed;
step S2400, controlling the tested platform and the system simulator to set the power of a cell 1 and a cell 2;
and S2500, controlling the tested platform to prompt a shutdown command, executing shutdown operation by the tested terminal, controlling the tested platform and the system simulator to perform signaling interaction of a shutdown process with the tested terminal, and finally finishing the test.
By the method and the system, a test module interface and a function of a non-access stratum NAS layer of a narrow-band Internet of things (NB-IoT) terminal can be designed, and a corresponding test flow is designed to perfect the existing protocol consistency test requirement, and the method and the system are used for aiming at research and development, test and network access authentication work of NB-IOT and ensuring that the commercial terminal passing the authentication is interconnected and communicated with network equipment of different manufacturers in the existing network.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
FIG. 1 is a schematic diagram of a test system of an embodiment of the invention;
FIG. 2 is a schematic diagram of a NAS simulator in accordance with an embodiment of the invention;
3-6 are flow charts of testing methods of embodiments of the present invention;
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
FIG. 1 is a schematic diagram of a test system according to an embodiment of the present invention. As shown in fig. 1, the test system includes a Host computer Host-PC, a system simulator SS, and a user equipment UE under test.
The Host computer Host-PC bears TTCN3 codes, generates compiling codes required by the operation of TTCN-3 and is used for controlling the system simulator SS to execute the test flow. The test model for the NAS layer test of the NB-IOT terminal consists of an upper computer, a System Simulator (SS) and a tested terminal. The Host computer Host-PC is a control center of the test system and comprises a test case, an NB-IOT system module, a non-access stratum NAS simulator and an external function module. The System Simulator (SS) provides functions such as Radio Access Control, and simulates main functional modules such as an RLC (Radio Link Control) layer, an MAC (Media Access Control) layer, a physical layer, and a Radio frequency part in a wireless communication protocol stack of the NB-IOT system. And connecting the tested terminal UE with the system simulator SS through a radio frequency line, and executing a test corresponding test case through the Host computer Host-PC to finish the test of the tested terminal.
The NAS simulator comprises an NAS safety function control module and an RRC/NAS message coding and decoding module, wherein the NAS safety control module defines the primitive type of control information of NAS safety information, and comprises integrity protection information, encryption protection information, NAS count value information, bearing ID information and information whether a safety function is started or not; in the RRC/NAS coding and decoding module, an independent downlink NAS message template of an NB-IOT third layer is defined, and a receiving and sending mechanism of the uplink NAS message and the downlink NAS message is defined.
The NAS security function external function module comprises an NAS integrity protection related function, an NAS encryption protection related function and an NAS decryption related function and is used for calling the corresponding external function when processing uplink and downlink NAS messages.
Meanwhile, a receiving and sending mechanism of the uplink and downlink NAS message is mainly defined in the NAS simulator RRC/NAS coding and decoding module. And a step of receiving an ASP primitive from a test case to an SRB interface is defined, wherein when the optional step receives the RRC primitive sent by the test case, whether the NAS primitive contains the NAS message is judged, if the NAS primitive exists, the NAS primitive is coded and sent after encryption (if needed) and integrity protection. And secondly, defining an optional step of receiving the ASP primitive from the SRB interface to the test case, judging whether the NAS primitive contains the NAS message or not when the optional step receives the RRC primitive from the SRB interface, decrypting (if needed) and performing integrity protection on the NAS message if the NAS message exists, and finally decoding and sending the NAS message to the test case. Thirdly, functional functions of coding and decoding of NAS messages are defined for decoding/coding uplink and downlink NAS messages.
FIG. 2 is a schematic diagram of a NAS simulator in accordance with an embodiment of the present invention. In the invention, firstly, an NAS control interface NAS ctrl of the NB-IOT is set in a non-access stratum NAS simulator in a TTCN-3 module of a Host computer Host-PC, and the control interface is used for the control information interaction between an NB-IOT system module and the NAS simulator. The message sent by the control interface is an NAS control request message, and the received message is an NAS control confirmation message.
The NAS control request message is divided into a common part and a request part, wherein the common part indicates whether the core network safety function part needs to reply an acknowledgement message or not when the current NAS control request message is sent; the request part indicates the specific content of the NAS control request message sent by the core network security function part, including an indication of the core network to start/restart/release the current NAS function, and an indication of the core network to read/set the current NAS count value.
In addition, an interface NB-SRB Port for carrying out SRB signaling interaction with the NB-IOT module is also arranged, the interface is used for transmitting uplink and downlink messages to be sent or received, and is a transmission interface of the NB-IOT system module and the NAS simulator for actual signaling. The message entering the NAS simulator is a request message of NB-IOT, the type of the request message is defined as a common part and a signaling part, the common part includes an ID of a serving cell, routing information of an SRB, and time information for transmission, and the signaling part includes a downlink RRC message and an NAS message.
In addition, the type of NAS message transmitted between the test case and the system simulator is also defined in the test system. The request is a downlink NAS message sent by the test case, and includes downlink security protection information and a downlink message PDU of the message, where the downlink security protection information includes a security header and a message authentication code indication bit, the downlink message PDU includes a downlink NAS message and an optional piggybacked NAS message list, and the message list may include one or more downlink NAS messages. The indication is an uplink NAS message received by the test case, and includes uplink security protection information and an uplink message PDU of the message, where the uplink security protection information includes a security header and an NAS count, the uplink message PDU includes an uplink NAS message and an optional uplink piggybacked NAS message list, and the message list may include one or more uplink NAS messages.
An interface SRB port of the NAS emulator and the system emulator is also defined, the interface SRB port being configured to send and receive RRC PDUs of the NB-IOT system, a request message of the RRC PDU comprising a downlink RRC message, and an indication message comprising an uplink RRC message.
Further, a primitive structure of a communication message is provided for testing a code implementation of a function, for example defining a type of security parameters, the security parameters including: the method comprises the following steps of key derivation algorithm, key sequence number of intersystem handover, root key of a non-access stratum, root key of an access stratum, integrity protection related information of an NAS layer, safety capability information of UE, authentication related parameters and the like.
According to the requirement of the test case, a type set of authentication abnormal conditions is further defined, including no error, message authentication code error, sequence number failure, message authentication code plus interval bit error and interval bit error.
Meanwhile, an NAS message template related to authentication is defined and used for sending and receiving matching of the message. The authentication request is a downlink NAS message, and the content of the message comprises a security header of the message, a message protocol type, a specific type of the message, KSI of NAS security context, a random number, an authentication token and the like. The authentication rejection is a downlink NAS message, and the content of the message comprises a security header, a message protocol type, a specific message type and the like of the message. The authentication response is an uplink NAS message, and the content of the message comprises a security header of the message, a message protocol type, a specific type of the message, corresponding authentication parameters and the like. The authentication failure is an uplink NAS message which comprises a security header of the message, a message protocol type, a message specific type, an EMM reason, an authentication failure parameter and the like.
Finally, according to the requirements of simulating a core network system and testing, a function for initializing authentication parameters is established, and the function is used for calculating and generating the required authentication parameters in the NBIOT system, and specifically comprises a random number (random value), a Ciphering Key (CK), an integrity protection key (IK), an authentication token (AUTN), an expected response (XRES), an access stratum management key (Kasme) and the like.
Fig. 3-6 are flowcharts of a testing method of an embodiment of the present invention. In the invention, the consistency test flow of the NAS security mode function of the NB-IOT terminal is as follows:
s100, presetting a test platform, and initializing an NB-IOT system;
step S200, controlling a system simulator to set cell parameters, establishing a cell 1 and a cell 2, setting same frequency reselection parameters, broadcasting in a system broadcast message sib1 to allow same frequency cell reselection, and finishing broadcasting of system messages of the cell 1 and the cell 11 according to the configuration; setting the power of cell 1 (in this embodiment, the power is set to-85 db), turning off cell 2;
step S300, the tested terminal executes the startup operation, controls other test modules in the test platform to perform information interaction of an NB-IOT core network registration process with the tested terminal, and pulls the tested terminal to a registration state (connection state);
s400, controlling the test platform and the system simulator to send a signaling of an authentication request;
step S500, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal, sending a signaling of authentication rejection, and releasing RRC layer link;
in this step, the terminal to be tested should enter a logout state and delete the stored globally unique temporary UE identity GUTI, the location area list, the key serial number idKSI, and the like, and always consider that the USIM card is illegal or removed before next reboot. The next step is to check the status.
Step S600, controlling the test platform to start a timer (in this embodiment, the length of the timer is set to 30 seconds), and monitoring whether a connection request sent by the terminal to be tested is received within a timer starting time period, if yes, determining that the terminal to be tested does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S700, controlling the test platform and the system simulator to send a paging message to the tested terminal, wherein the message carries a correct ID corresponding to the tested terminal, and monitoring whether a paging response sent by the tested terminal is received within a certain time period (set to 30 seconds in the embodiment), if yes, determining that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S800, controlling the test platform to send an AT command prompting shutdown to command the tested terminal to shutdown, and then controlling the test platform to send an AT command prompting startup to command the tested terminal to start up so as to enable the tested terminal to recover from the previous abnormal state; (ii) a
S900, controlling the test platform and the system simulator to perform information interaction of an NB-IOT core network registration process with the tested terminal, and pulling the tested terminal to a registration state (a connection state);
step S1000, controlling a test platform to call a function for initializing authentication parameters, initializing a group of abnormal authentication vectors with failed serial numbers, and controlling a system simulator to send an authentication request signaling with the authentication vectors to a tested terminal;
step S1100, controlling a test platform and a system simulator, receiving an authentication failure signaling from a tested terminal, detecting whether the signaling carries information corresponding to a failure type 'synch failure', if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct NB-IOT authentication function;
step S1200, controlling a test platform, updating an authentication random number, calling an authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and controlling a system simulator to send an authentication request signaling with the authentication vectors;
step 1300, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal. Detecting whether the authentication response parameters in the signaling are in accordance with the expected values calculated by the test platform, if so, continuing to execute the subsequent steps, and if the information is wrong, determining that the tested terminal does not have a complete and correct NB-IOT authentication function;
and step S1400, controlling the test platform to call a function for initializing the authentication parameters. Initializing a group of abnormal authentication vectors with an authentication management domain AMF field of 0, and then controlling a system simulator to send an authentication request signaling with the authentication vectors to a tested terminal;
step S1500, controlling the test platform and the system simulator, receiving the authentication failure signaling from the tested terminal, and detecting whether the signaling carries the reason of 'non-EPS authentication refusal acceptance'. If the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct NB-IOT authentication function;
step S1600, controlling the test platform and the system simulator, sending an identity request signaling to the tested terminal, and requesting the IMSI of the tested terminal;
step S1700, controlling the test platform and the system simulator to receive the identity response sent by the tested terminal, detecting whether the response contains the IMSI of the tested terminal, if so, continuing to execute the subsequent steps, and if not, judging that the test case is abnormal;
step S1800, controlling the test platform, updating the authentication random number, calling the authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and sending an authentication request signaling with the authentication vectors;
and step S1900, controlling the test platform and the system simulator to receive the authentication response signaling sent by the tested terminal. And detecting whether the authentication response parameter (RES) in the signaling is consistent with the expected value calculated by the test platform. If the information is wrong, the tested terminal is considered to have no complete and correct NB-IOT authentication function.
S2000, controlling a test platform to call an authentication parameter initialization function, initializing a group of abnormal authentication vectors of a message authentication code error MAC error, and then controlling a system simulator to send an authentication request signaling to a tested terminal and carry the authentication vectors;
step S2100, controlling the test platform and the system simulator, receiving the authentication failure signaling from the tested terminal, and detecting whether the signaling carries the matched information MAC failure. If the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct NB-IOT authentication function;
step S2200, the tested terminal starts a timer T3418, controls the tested platform to start a timer which is based on T3418 and added with reasonable redundancy, waits for the timer to be overtime, and after the timer T3418 is overtime, the tested terminal considers that the current service cell (cell 1) is forbidden;
and step S2300, controlling the test platform and the system simulator to send paging messages to the tested terminal. The message carries a correct ID corresponding to the terminal to be tested, and monitors whether a paging response (RRC connection request) sent by the terminal to be tested is received within a certain time period (30 seconds in this embodiment). If yes, judging that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S2400, controlling the tested platform and the system simulator to set the power of the cell 1 to be a proper neighboring cell (-91db), and set the power of the cell 2 to be good (-85 db);
at this time, the tested terminal should detect the cell 2 which is not forbidden, and initiate a Tracking Area Update (TAU) flow to the cell 2, and simultaneously control the tested platform and the system simulator to perform TAU signaling interaction with the tested terminal;
and S2500, controlling the tested platform to prompt a shutdown command, executing shutdown operation by the tested terminal, controlling the tested platform and the system simulator to perform signaling interaction of a shutdown process with the tested terminal, and finally finishing the test case.
At this time, the judgment test is passed, and the tested terminal is considered to have a complete and correct NB-IOT authentication function.
Therefore, the device for designing and realizing the function of the NAS simulator comprises an NAS simulator interface design, a related message template design, a related function design and the like. And provides a method for testing the authentication consistency of the NB-IOT terminal. The method can be used for protocol consistency test aiming at network access of the terminal supporting NB-IOT, perfects the function and content of the protocol consistency test, and makes up for the blank that the security test is lack in the existing NB-IOT protocol consistency test.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed over a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a memory device and executed by a computing device, or they may be separately fabricated into various integrated circuit modules, or multiple modules or steps thereof may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software. It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by hardware instructions of a computer program, and the computer program may be stored in a computer readable medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A narrowband Internet of things terminal non-access stratum authentication function consistency test system comprises:
the system comprises a tested terminal, a system simulator and a host computer, wherein the host computer is a control center of the test system and comprises a test case, a narrowband Internet of things system module, a non-access stratum (NAS) simulator and an external function module; the system simulator is used for providing a wireless access control function and simulating main function modules of a wireless link control (RLC), a Media Access Control (MAC) layer, a physical layer and a radio frequency part in a wireless communication protocol stack of the narrow-band Internet of things system; the tested terminal is connected with the system simulator through radio frequency;
the non-access stratum NAS simulator is provided with: the NAS control interface is used for interaction of the control information of the narrowband Internet of things system module and the NAS simulator; an interface for performing SRB signaling interaction with the narrowband Internet of things module, wherein the interface is used for transmitting uplink and downlink messages to be sent or received;
the system also comprises an interface between the NAS simulator and the system simulator, and the interface is used for sending and receiving a radio resource control layer protocol data unit of the narrowband Internet of things system;
the type of the NAS message transmitted between the test case and the system simulator comprises a downlink NAS message and an uplink NAS message, the downlink NAS message comprises downlink security protection information of the message and a downlink message protocol data unit, the downlink security protection information comprises a security header and a message authentication code indication bit, the downlink message PDU also comprises a downlink NAS message and an optional piggybacked NAS message list, and the message list can comprise one or more downlink NAS messages; the uplink NAS message comprises uplink security protection information and an uplink message protocol data unit, wherein the uplink security protection information comprises a security header and a counter NAS count, the uplink message protocol data unit further comprises an uplink NAS message and an optional uplink piggybacked NAS message list, and the message list can comprise one or more uplink NAS messages;
the test system also comprises an authentication request, an authentication rejection, an authentication response and an NAS message template related to authentication failure and authentication, and the NAS message template is used for sending and receiving matching of messages;
the test system also comprises a function for initializing the authentication parameters.
2. The system of claim 1, wherein the NAS control interface is configured to enable a narrowband internet of things system module to interact with control information of the NAS simulator, the message sent by the control interface is a NAS control request message, and the received message is a NAS control acknowledgement message.
3. The system of claim 2, wherein the NAS control request message is divided into a common part and a request part, the common part indicates whether the core network security function part needs to reply the acknowledgement message with the bottom layer when sending the current NAS control request message; the request part indicates the specific content of the NAS control request message sent by the core network security function part, including an indication that the core network starts/restarts/releases the current NAS function, and an indication that the core network reads/sets the current NAS count value.
4. The system of claim 1, wherein the interface for SRB signaling interaction with the narrowband internet of things module is configured to transmit uplink and downlink messages to be sent or received, where the message entering the NAS simulator is a request message of the narrowband internet of things, and a type of the request message is defined as a common part and a signaling part, where the common part includes an ID of a serving cell, routing information of the SRB, and time information for sending, and the signaling part includes a downlink RRC message and an NAS message.
5. The system of claim 1, wherein the NAS emulator interfaces with the system emulator to send and receive radio resource control layer protocol data units of the narrowband internet of things system, and wherein the request message of the radio resource control layer protocol data units comprises a downlink radio resource control layer message and the indication message comprises an uplink radio resource control layer message.
6. The system of claim 1, wherein the authentication request is a downlink NAS message, and the message content includes a security header of the message, a message protocol type, a message specific type, a KSI of NAS security context, a random number, and an authentication token; the authentication refusal is a downlink NAS message, and the message content comprises a safety head of the message, a message protocol type and a specific message type; the authentication response is an uplink NAS message, and the message content comprises a safety head of the message, a message protocol type, a specific message type and authentication corresponding parameters; the authentication failure is an uplink NAS message which comprises a security header of the message, a message protocol type, a specific message type, an EMM reason and an authentication failure parameter.
7. The system according to claim 1, wherein the function initialized with authentication parameters is used for calculating and generating required authentication parameters in the NBIOT system, and specifically comprises a random number (random value), a Ciphering Key (CK), an integrity protection key (IK), an authentication token (AUTN), an expected response (XRES), and an access stratum management key (Kasme).
8. The system according to claim 1, wherein the NAS security function external function module includes a NAS integrity protection related function, a NAS ciphering protection related function, and a NAS decryption related function, and is configured to perform a call of the corresponding external function when processing the uplink and downlink NAS messages.
9. A method for testing the consistency of the NAS security mode function of a narrowband Internet of things terminal comprises the following steps:
s100, presetting a test platform, and initializing a narrow-band Internet of things system;
step S200, controlling a system simulator to set cell parameters, establishing a cell 1 and a cell 2, setting same-frequency reselection parameters, and broadcasting in a system broadcast message sib1 to allow same-frequency cell reselection; setting the power of the cell 1 and closing the cell 2;
step S300, the tested terminal executes the starting operation, controls other testing modules in the testing platform to perform message interaction of a narrowband Internet of things core network registration process with the tested terminal, and pulls the tested terminal to a registration state;
s400, controlling the test platform and the system simulator to send a signaling of an authentication request;
step S500, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal, sending a signaling of authentication rejection, and releasing RRC layer link;
step S600, controlling a test platform to start a timer, monitoring whether a connection request sent by a tested terminal is received or not within a timer starting time period, if so, judging that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S700, controlling the test platform and the system simulator to send a paging message to the tested terminal, wherein the message carries a correct ID corresponding to the tested terminal, monitoring whether a paging response sent by the tested terminal is received or not within a certain time period, if so, judging that the tested terminal does not have a complete and correct authentication function, and if not, continuing to execute the subsequent steps;
step S800, controlling the test platform to send an AT command prompting shutdown to command the tested terminal to shutdown, and then controlling the test platform to send an AT command prompting startup to command the tested terminal to start up so as to enable the tested terminal to recover from the previous abnormal state;
s900, controlling a test platform and a system simulator to perform message interaction of a narrowband Internet of things core network registration process with the tested terminal, and pulling the tested terminal to a registration state;
step S1000, controlling a test platform to call a function for initializing authentication parameters, initializing a group of abnormal authentication vectors with failed serial numbers, and controlling a system simulator to send an authentication request signaling with the authentication vectors to a tested terminal;
step S1100, controlling a test platform and a system simulator, receiving an authentication failure signaling from a tested terminal, detecting whether the signaling carries information corresponding to a failure type, if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
step S1200, controlling a test platform, updating an authentication random number, calling an authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and controlling a system simulator to send an authentication request signaling with the authentication vectors;
step S1300, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal; detecting whether the authentication response parameters in the signaling are in accordance with the expected values calculated by the test platform, if so, continuing to execute the subsequent steps, and if the information is wrong, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
step S1400, controlling the test platform to call a function for initializing the authentication parameters; initializing a group of abnormal authentication vectors with an authentication management domain of 0, then controlling a system simulator, and sending an authentication request signaling with the authentication vectors to a tested terminal;
s1500, controlling a test platform and a system simulator, receiving an authentication failure signaling from a tested terminal, and detecting whether the signaling carries a reason of 'non-EPS authentication refusal acceptance'; if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrow-band Internet of things authentication function;
step S1600, controlling the test platform and the system simulator, sending an identity request signaling to the tested terminal, and requesting the IMSI of the tested terminal;
step S1700, controlling the test platform and the system simulator to receive the identity response sent by the tested terminal, detecting whether the response contains the IMSI of the tested terminal, if so, continuing to execute the subsequent steps, and if not, judging that the test case is abnormal;
step S1800, controlling the test platform, updating the authentication random number, calling the authentication initialization parameter, initializing a group of correct authentication vectors, calculating an expected authentication response, and sending an authentication request signaling with the authentication vectors;
step S1900, controlling the test platform and the system simulator to receive an authentication response signaling sent by the tested terminal; detecting whether the authentication response parameters in the signaling are in accordance with expected values calculated by the test platform, if so, continuing to execute the subsequent steps, and if the information is wrong, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
s2000, controlling a test platform to call an authentication parameter initialization function, initializing a group of abnormal authentication vectors with wrong message authentication codes, and then controlling a system simulator to send an authentication request signaling to a tested terminal and carry the authentication vectors;
step S2100, controlling the test platform and the system simulator, receiving the authentication failure signaling from the tested terminal, detecting whether the signaling carries matched information, if the information is matched, continuing to execute the subsequent steps, and if the information is not matched, determining that the tested terminal does not have a complete and correct narrowband Internet of things authentication function;
step S2200, the terminal to be measured starts the timer T3418, and control the platform to be measured to start a timer based on T3418 and added with reasonable redundancy, and wait for the timer to be overtime, after the timer T3418 is overtime, the terminal to be measured will regard the current serving cell as forbidden;
step S2300, controlling the test platform and the system simulator to send paging messages to the tested terminal; the message carries a correct ID corresponding to the tested terminal, whether a paging response sent by the tested terminal is received or not is monitored within a certain time span, if yes, the tested terminal is judged to have no complete and correct authentication function, and if not, the subsequent steps are continuously executed;
step S2400, controlling the tested platform and the system simulator to set the power of a cell 1 and a cell 2;
and S2500, controlling the tested platform to prompt a shutdown command, executing shutdown operation by the tested terminal, controlling the tested platform and the system simulator to perform signaling interaction of a shutdown process with the tested terminal, and finally finishing the test.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711195237.XA CN107708150B (en) | 2017-11-24 | 2017-11-24 | Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711195237.XA CN107708150B (en) | 2017-11-24 | 2017-11-24 | Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107708150A CN107708150A (en) | 2018-02-16 |
| CN107708150B true CN107708150B (en) | 2020-12-04 |
Family
ID=61185908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711195237.XA Active CN107708150B (en) | 2017-11-24 | 2017-11-24 | Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107708150B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2611829A (en) * | 2021-10-15 | 2023-04-19 | Inst Information Ind | Method for testing core network function entity, testing device and non-transitory computer-readable medium |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108810869B (en) * | 2018-06-11 | 2021-04-06 | 瓴泰科技(上海)有限公司 | NB-IOT (NB-IOT) -based terminal production test and terminal system registration solution method |
| CN108834134A (en) * | 2018-08-24 | 2018-11-16 | 中国信息通信研究院 | Narrowband internet-of-things terminal machine card interface test system and method |
| CN109347667B (en) * | 2018-10-17 | 2021-11-05 | 中国电子科技集团公司第四十一研究所 | 5G terminal simulator protocol parameter configuration design method |
| CN111225407B (en) * | 2018-11-27 | 2022-11-22 | 中国移动通信集团设计院有限公司 | Detection apparatus for NB-IoT terminal |
| CN109661039B (en) * | 2019-01-15 | 2020-07-21 | 北京泰德东腾通信技术有限公司 | Protocol consistency test method and system for 5G session establishment and release |
| CN110636537B (en) * | 2019-11-21 | 2020-04-10 | 翱捷科技(上海)有限公司 | TTCN-3-based multi-card mobile terminal test system and method thereof |
| CN111786848B (en) * | 2020-06-02 | 2022-03-04 | 北京电信技术发展产业协会 | Protocol consistency test method and system for 5G terminal unified access control |
| CN114125919A (en) * | 2021-11-16 | 2022-03-01 | 上海移远通信技术股份有限公司 | Test method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106130828A (en) * | 2016-08-30 | 2016-11-16 | 北京泰德东腾通信技术有限公司 | Protenchyma networked terminals conformance test method and system |
| CN106209521A (en) * | 2016-08-30 | 2016-12-07 | 北京泰德东腾通信技术有限公司 | The conforming method of testing of terminal IMS registration and system |
| WO2017120278A1 (en) * | 2016-01-05 | 2017-07-13 | Interdigital Patent Holdings, Inc. | Enhancements to nas protocol to transmit small data over signaling plane |
| CN106961726A (en) * | 2016-01-12 | 2017-07-18 | 中兴通讯股份有限公司 | A kind of data transmission method, apparatus and system |
-
2017
- 2017-11-24 CN CN201711195237.XA patent/CN107708150B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017120278A1 (en) * | 2016-01-05 | 2017-07-13 | Interdigital Patent Holdings, Inc. | Enhancements to nas protocol to transmit small data over signaling plane |
| CN106961726A (en) * | 2016-01-12 | 2017-07-18 | 中兴通讯股份有限公司 | A kind of data transmission method, apparatus and system |
| CN106130828A (en) * | 2016-08-30 | 2016-11-16 | 北京泰德东腾通信技术有限公司 | Protenchyma networked terminals conformance test method and system |
| CN106209521A (en) * | 2016-08-30 | 2016-12-07 | 北京泰德东腾通信技术有限公司 | The conforming method of testing of terminal IMS registration and system |
Non-Patent Citations (2)
| Title |
|---|
| "Adding NB-IoT keys and processes";VODAFONE Group,et al;《3GPP TSG-SA3 Meeting#82 S3-160308》;20160205;1-10 * |
| "TD-LTE中NAS层安全机制测试";高迎迎等;《2013全国无线及移动通信学术大会论文集》;20130801;157-160 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2611829A (en) * | 2021-10-15 | 2023-04-19 | Inst Information Ind | Method for testing core network function entity, testing device and non-transitory computer-readable medium |
| GB2611829B (en) * | 2021-10-15 | 2024-02-14 | Inst Information Ind | Method for testing core network functional entity, testing device and non-transitory computer-readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107708150A (en) | 2018-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107708150B (en) | Method and system for testing consistency of authentication function of non-access stratum of narrow-band internet of things terminal | |
| CN107947907B (en) | Method and system for testing consistency of non-access stratum security modes of narrow-band internet of things terminal | |
| US8797940B2 (en) | Setup and configuration of relay nodes | |
| US20100254274A1 (en) | Method of Monitoring Cells in Wireless Communication Systems | |
| CN110546993B (en) | Cell reselection method, device, mobile terminal and storage medium | |
| US20140328187A1 (en) | Network Connectivity Management in Wireless Apparatus | |
| US8295223B2 (en) | Wireless connection method and device | |
| CN106576292A (en) | Method and apparatus for scanning access point in wireless lan system | |
| JP7143515B2 (en) | Information processing equipment and communication system | |
| WO2020216070A1 (en) | Pseudo base station identification method, and related device and system | |
| EP2163040A1 (en) | Private base station and radio network entity | |
| CN111786847B (en) | Fifth generation mobile communication terminal consistency test method and system | |
| CN106416335B (en) | Identity suspension method for mobile equipment | |
| TWI621370B (en) | User equipment of device-to-device communications and resource selection method thereof | |
| US20180176777A1 (en) | Methods and apparatuses of device identity check in a core network for a wireless network | |
| CN114339814A (en) | Relay communication information configuration method and device and electronic equipment | |
| CN106888447B (en) | Method and system for processing auxiliary USIM application information | |
| JP6930620B1 (en) | Electronic information storage medium, information writing method, and program | |
| US20220141740A1 (en) | System and method for communicating radio access technology characteristics | |
| JP6749886B2 (en) | Network equipment | |
| US9414302B2 (en) | Wireless communication system, mobile station, CSG type base station, home subscriber server, program, integrated circuit, and base station | |
| CN111866872A (en) | Communication method and device | |
| CN111294846B (en) | Method, device and system for testing communication function of access network equipment | |
| WO2022027458A1 (en) | Radio link monitoring and recovery method, apparatus, and device, and medium | |
| US20230413169A1 (en) | Prioritizing a Private Enterprise Deployed Cellular Network over a Wi-Fi Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |