CN109691017A - 消息保护方法、用户设备和核心网设备 - Google Patents

消息保护方法、用户设备和核心网设备 Download PDF

Info

Publication number
CN109691017A
CN109691017A CN201780056174.1A CN201780056174A CN109691017A CN 109691017 A CN109691017 A CN 109691017A CN 201780056174 A CN201780056174 A CN 201780056174A CN 109691017 A CN109691017 A CN 109691017A
Authority
CN
China
Prior art keywords
random number
exception response
signature
message
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780056174.1A
Other languages
English (en)
Other versions
CN109691017B (zh
Inventor
陈璟
胡力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN109691017A publication Critical patent/CN109691017A/zh
Application granted granted Critical
Publication of CN109691017B publication Critical patent/CN109691017B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请实施例提供一种消息保护方法、用户设备和核心网设备。其中,方法包括:向核心网设备发送未受安全保护的请求消息,请求消息包括第一随机数;接收异常响应消息,异常响应消息包括第三随机数和签名;根据所述第三随机数、签名和获取到的凭证,确定异常响应消息是否为有效消息。本申请实施例提供的消息保护方法,可以对用户设备与核心网设备之间未建立安全上下文之前传输的消息进行安全保护,提升了网络通信的安全性。

Description

PCT国内申请,说明书已公开。

Claims (40)

  1. PCT国内申请,权利要求书已公开。
CN201780056174.1A 2017-01-25 2017-01-25 消息保护方法、用户设备和核心网设备 Active CN109691017B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/072665 WO2018137195A1 (zh) 2017-01-25 2017-01-25 消息保护方法、用户设备和核心网设备

Publications (2)

Publication Number Publication Date
CN109691017A true CN109691017A (zh) 2019-04-26
CN109691017B CN109691017B (zh) 2022-02-01

Family

ID=62978898

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780056174.1A Active CN109691017B (zh) 2017-01-25 2017-01-25 消息保护方法、用户设备和核心网设备

Country Status (4)

Country Link
US (1) US10582378B2 (zh)
EP (1) EP3565178B1 (zh)
CN (1) CN109691017B (zh)
WO (1) WO2018137195A1 (zh)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MX2020008451A (es) 2018-02-15 2020-09-28 Ericsson Telefon Ab L M Metodo para mejorar la seguridad de la transmision de datos.
US11469881B2 (en) * 2018-12-26 2022-10-11 Korea Institute Of Science And Technology Apparatus and method for forgery prevention of digital information
US11336438B2 (en) * 2020-03-31 2022-05-17 EMC IP Holding Company LLC Remote approval and execution of restricted operations
US11522879B2 (en) * 2020-05-20 2022-12-06 At&T Intellectual Property I, L.P. Scrubber for distributed denial of service attacks targetting mobile networks

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802017A (zh) * 2005-07-15 2006-07-12 华为技术有限公司 一种防止重放攻击的认证方法
CN1802018A (zh) * 2005-07-15 2006-07-12 华为技术有限公司 一种消息认证方法
CN102055744A (zh) * 2009-11-06 2011-05-11 中兴通讯股份有限公司 一种ip多媒体子系统紧急呼叫业务的实现系统及方法
US20150013015A1 (en) * 2013-03-14 2015-01-08 General Instrument Corporation Method and apparatus for group licensing of device features
CN105792194A (zh) * 2016-04-25 2016-07-20 中国联合网络通信集团有限公司 基站合法性的认证方法、认证装置、网络设备、认证系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8639939B2 (en) * 2006-07-07 2014-01-28 Sandisk Technologies Inc. Control method using identity objects
GB0822599D0 (en) * 2008-12-11 2009-01-21 Vodafone Plc Securing network rejection
US8566465B2 (en) * 2010-09-17 2013-10-22 At&T Intellectual Property I, L.P. System and method to detect and mitigate distributed denial of service attacks using random internet protocol hopping
US20120323717A1 (en) * 2011-06-16 2012-12-20 OneID, Inc. Method and system for determining authentication levels in transactions
US9083531B2 (en) * 2012-10-16 2015-07-14 Symantec Corporation Performing client authentication using certificate store on mobile device
US10588019B2 (en) * 2016-05-05 2020-03-10 Qualcomm Incorporated Secure signaling before performing an authentication and key agreement

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802017A (zh) * 2005-07-15 2006-07-12 华为技术有限公司 一种防止重放攻击的认证方法
CN1802018A (zh) * 2005-07-15 2006-07-12 华为技术有限公司 一种消息认证方法
CN102055744A (zh) * 2009-11-06 2011-05-11 中兴通讯股份有限公司 一种ip多媒体子系统紧急呼叫业务的实现系统及方法
US20150013015A1 (en) * 2013-03-14 2015-01-08 General Instrument Corporation Method and apparatus for group licensing of device features
CN105792194A (zh) * 2016-04-25 2016-07-20 中国联合网络通信集团有限公司 基站合法性的认证方法、认证装置、网络设备、认证系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱英敏: "IEEE802.16无线城域网安全子层分析与研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Also Published As

Publication number Publication date
WO2018137195A1 (zh) 2018-08-02
EP3565178A1 (en) 2019-11-06
EP3565178A4 (en) 2019-11-06
US20190349753A1 (en) 2019-11-14
US10582378B2 (en) 2020-03-03
CN109691017B (zh) 2022-02-01
EP3565178B1 (en) 2021-03-17

Similar Documents

Publication Publication Date Title
Norrman et al. Protecting IMSI and user privacy in 5G networks
CN108293223B (zh) 一种数据传输方法、用户设备和网络侧设备
US10904750B2 (en) Key obtaining method and device, and communications system
WO2021155758A1 (zh) 密钥获取方法及装置
US10582378B2 (en) Message protection method, user equipment, and core network device
CN113016202A (zh) 5g系统中的初始非接入层协议消息的保护
WO2020010515A1 (en) Identity-based message integrity protection and verification for wireless communication
CN101931953B (zh) 生成与设备绑定的安全密钥的方法及系统
WO2020248624A1 (zh) 一种通信方法、网络设备、用户设备和接入网设备
WO2019096075A1 (zh) 一种消息保护的方法及装置
CN113518312B (zh) 一种通信方法、装置及系统
CN103503411A (zh) 针对移动用户的安全机制
EP3700245A1 (en) Communication method and device
Zhang et al. Dynamic group based authentication protocol for machine type communications
CN108235300B (zh) 移动通信网络用户数据安全保护方法及系统
Singh et al. Dynamic group based efficient access authentication and key agreement protocol for MTC in LTE-A networks
CN101483870A (zh) 跨平台的移动通信安全体系的实现方法
WO2022127656A1 (zh) 鉴权认证方法和相关装置
RU2688251C1 (ru) Беспроводная связь
US20080176572A1 (en) Method of handoff
CN105764052A (zh) Td-lte鉴权认证和保护性加密方法
Amgoune et al. 5g: Interconnection of services and security approaches
Ouaissa et al. Group access authentication of machine to machine communications in LTE networks
CN111182548B (zh) 伪网络设备识别方法及通信装置
CN108282775B (zh) 面向移动专用网络的动态附加认证方法及系统

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant