CN111212424A - Method and system for authenticating UE during interoperation from EPS to 5GS - Google Patents

Method and system for authenticating UE during interoperation from EPS to 5GS Download PDF

Info

Publication number
CN111212424A
CN111212424A CN201811398991.8A CN201811398991A CN111212424A CN 111212424 A CN111212424 A CN 111212424A CN 201811398991 A CN201811398991 A CN 201811398991A CN 111212424 A CN111212424 A CN 111212424A
Authority
CN
China
Prior art keywords
information
encryption
algorithm
key
source information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811398991.8A
Other languages
Chinese (zh)
Other versions
CN111212424B (en
Inventor
陈伟
金逸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Spreadtrum Communications Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Communications Shanghai Co Ltd filed Critical Spreadtrum Communications Shanghai Co Ltd
Priority to CN201811398991.8A priority Critical patent/CN111212424B/en
Publication of CN111212424A publication Critical patent/CN111212424A/en
Application granted granted Critical
Publication of CN111212424B publication Critical patent/CN111212424B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0066Transmission or use of information for re-establishing the radio link of control information between different types of networks in order to establish a new radio link in the target network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface

Abstract

The invention provides a method and a system for authenticating UE during interoperation from EPS to 5GS, wherein the method comprises the following steps: the UE carries encrypted information in the 5GS registration request information, or the encrypted information and the first source information are sent to the MME through the AMF, then the MME decrypts the encrypted information to obtain decrypted information, and the decrypted information is compared with the first source information of the UE for verification so as to complete UE authentication; or the second source information carried in the 5GS registration request message and a first integrity check result corresponding to the second source information obtained by the UE through a preset algorithm are sent to the MME through the AMF; and then the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm by the acquired second source information, and compares the second integrity check result with the first integrity check result to finish the UE authentication. The invention can save air interface resources, effectively reduce network burden and coupling between modules, and promote the high-efficiency fusion of 4G and 5G networks.

Description

Method and system for authenticating UE during interoperation from EPS to 5GS
Technical Field
The invention relates to the technical field of interoperation between EPS and 5GS, in particular to a method and a system for authenticating UE during interoperation from EPS to 5 GS.
Background
Currently, a 5G (5th-Generation, fifth Generation mobile communication technology) protocol is being formulated, wherein a concept of a registration mode is newly introduced for an interoperation between a 5GS (5G System ) and an EPS (Evolved Packet System). The registration mode in 5G is divided into a single registration mode and a dual registration mode, where a single registration state is maintained by a UE (user equipment) in 5GS and EPS in the single registration mode, and independent registration states are respectively maintained by the UE in the dual registration mode in 5GC (5G networking, 5G Core network) and EPC (Evolved Packet Core, all-IP Packet Core, i.e., 4G Core network). In 5G, an N26 interface is used for interoperation between the 5GS and the EPS, and an N26 interface is used for an interface between an AMF (Authentication Management Function) and an MME (Mobile Management entity) to transfer a context during interoperation.
When the single registration has an N26 interface, the UE initiates a mobility registration update (mobility update) procedure from the EPS to the 5 GS:
when the UE sends a REGISTRATION REQUEST message, the 5G protocol specifies that an EPS NAS (Non-Access Stratum) message container field, TRACKING AREA UPDATE REQUEST (triggered tracking area UPDATE REQUEST, i.e., TAU REQUEST message) with content of 4G is carried in the message, and the TAU REQUEST message is integrity protected. After receiving the EPS NAS message container field, the AMF transfers the EPS NAS message container field to the MME. And the MME performs integrity check on the TAU request message in the field, after the integrity check is passed, the UE context is transferred to the AMF, and then the MME releases the UE context. If the integrity check fails, the MME provides a cause value to the AMF.
In addition, the MME is to check the TAU request message, which is actually an authentication of whether the UE identity is legitimate, because the reason is based on security considerations: if the UE is currently registered to the EPC, the MME directly transfers the UE context without checking. An attacker can forge a 5G mobile registration request message carrying a TAU request, which will cause the EPC to release the UE context and fail to provide service normally under 4G. At this time, the UE can normally provide service only after re-registration in the EPC, possibly requiring re-authentication as well. Therefore, in essence, the EPS NAS message container field carried by the registration request message is used for authenticating the UE identity.
Because the 4G NAS TAU request message is carried in the 5G NAS message, how the UE needs to acquire or construct the TAU request message in the 5G NAS message needs to be considered, the TAU request message includes a necessary field and an optional field, and some fields have longer lengths such as GUTI (global Unique Temporary UE Identity), UE network capacity (data transmission capability supported by the UE), and the like, and after the fields are sent to the MME, the MME does not parse or care about specific contents of the fields, so that carrying the fields not only wastes air interface resources, but also uses the 4G message in the 5G NAS module, thereby greatly increasing coupling between NAS modules.
Disclosure of Invention
The method and the system for authenticating the UE during the interoperation from the EPS to the 5GS can effectively reduce the message length carried by an air interface, thereby further saving air interface resources on the basis of ensuring the network security and effectively reducing the network burden; in addition, the method can also carry information irrelevant to EPS, reduce the coupling between modules and further promote the efficient fusion of 4G and 5G networks.
In a first aspect, the present invention provides a method for authenticating a UE during an inter-operation from EPS to 5GS, comprising:
the UE carries encrypted information in the 5GS registration request information, or the encrypted information and the first source information are sent to the MME through the AMF, then the MME decrypts the encrypted information to obtain decrypted information, and the decrypted information is compared with the first source information of the UE for verification so as to complete UE authentication;
or the second source information carried in the 5GS registration request message and a first integrity check result corresponding to the second source information obtained by the UE through a preset algorithm are sent to the MME through the AMF; and then the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm by the acquired second source information, and compares the second integrity check result with the first integrity check result to finish the UE authentication.
Optionally, the sending, by the UE, the registration request information carrying the encryption information, or the encryption information and the first source information to the MME through the AMF includes:
the method comprises the steps that a random number RAND generated by UE serves as first source information, the random number RAND is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and the first encryption information RES and the random number RAND are sent to an MME through AMF;
or the 4G-GUTI or the preset parameters are used as first source information, the 4G-GUTI is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information, and the first encryption information is sent to the MME through the AMF.
Optionally, the generating, by encrypting the random number RAND or the 4G-GUTI according to a preset encryption algorithm and a derivative key, first encryption information RES or first encryption information includes:
directly adopting 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, then the random number RAND and the first derived key are encrypted by f2 Algorithm, or EEA Algorithm (EPS Encryption Algorithm, evolved packet system Encryption Algorithm), or EPSNAS layer Encryption Algorithm to generate first Encryption information RES; or the 4G-GUTI and the first derivation key are encrypted by the f2 algorithm, the EEA algorithm or the EPS NAS layer encryption algorithm to generate first encryption information;
alternatively, the encryption of the key K by the EPS NAS is adoptedNASencGenerating a second derivative key by using an f2 algorithm, an EEA algorithm or an EPS NAS layer encryption algorithm as a key generation algorithm, and then executing a setting operation by a random number RAND generated by the UE to generate first encryption information RES; or, the first encryption information is generated by executing the setting operation by the 4G-GUTI or the preset parameter and the second derivative key.
Optionally, the encryption of the key K by the EPS NASNASencGenerating a second derivative key as EPS NAS encryption key K by using EEA algorithm as key generation algorithmNASencAnd generating a second derivative key by the EEA algorithm according to the first preset input parameter, wherein the first preset input parameterThe number comprises one or any combination of an uplink NAS signaling count value, a random number RAND length, a direction indication parameter and a bearer.
Optionally, the sending, by the AMF, the second source information carried in the 5GS registration request message and the first integrity check result corresponding to the second source information obtained by the preset algorithm to the MME includes:
the random number RAND generated by the UE is taken as the carried second source information, and then the second source information and the key K for EPS NAS integrity protection are carriedNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
or, taking the TAU request message with the shortest length carried by the UE in the registration request message as the carried second source information, and then taking the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
Optionally, the TAU request message with the shortest length carried by the UE in the registration request message includes a 6-byte security header and a 15-byte optional parameter, where the 15-byte optional parameter includes a PD, or a message ID, or a GUTI.
Optionally, the second source information and the key K for EPS NAS integrity protection are carriedNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, wherein the first integrity check result is carried source information and a secret key KNASintAnd generating the MAC by using an EIA Algorithm (EPS Integrity Algorithm, evolved packet system Integrity protection Algorithm), where the second preset input parameter includes one or any combination of an uplink NAS signaling count value, a direction indication parameter, and a bearer.
In a second aspect, the present invention provides a system for authenticating a UE during interoperation from EPS to 5GS, comprising:
a transmission unit: the method is used for sending the encryption information carried in the 5GS registration request information or the encryption information and the first source information to the MME through the AMF; or the second source information carried in the 5GS registration request message by the UE and a first integrity check result corresponding to the second source information obtained by a preset algorithm are sent to the MME through the AMF;
a decryption unit: the MME is used for decrypting the encrypted information to obtain decrypted information; or, the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm on the acquired second source information;
a comparison verification unit: the first source information is used for comparing and verifying the decryption information with the first source information of the UE so as to complete UE authentication; or comparing the second integrity check result with the first integrity check result to complete the UE authentication.
Optionally, the sending unit includes:
the first encryption sending module is used for taking a random number RAND generated by the UE as first source information, encrypting the RAND according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and sending the first encryption information RES and the random number RAND to the MME through the AMF;
the second encryption sending module is used for taking the 4G-GUTI or the preset parameters as first source information, encrypting the 4G-GUTI according to a preset encryption algorithm and a derivative key to generate first encryption information, and sending the first encryption information to the MME through the AMF;
a third encryption sending module, configured to use the random number RAND generated by the UE as the carried second source information, and then use the second source information and the key K for EPS NAS integrity protectionNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
a fourth encryption sending module, configured to use the TAU request message with the shortest length carried in the registration request message by the UE as the second source information carried in the registration request message, and then use the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
Optionally, the first encryption sending module includes:
a first encryption submodule: for directly employing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the random number RAND and the first derived key by f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information RES;
a second encryption submodule: for directly employing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the 4G-GUTI and the first derived key by using f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information;
preferably, the second encryption transmission module includes:
a third encryption submodule: for employing the encryption key K by EPS NASNASencGenerating a second derivative key by using an f2 algorithm, an EEA algorithm or an EPS NAS layer encryption algorithm as a key generation algorithm, and then executing a setting operation by a random number RAND generated by the UE to generate first encryption information RES;
a fourth encryption sub-module: using EPS NAS encryption Key KNASencAnd generating a second derivative key by using the f2 algorithm, the EEA algorithm or the EPSNAS layer encryption algorithm as a key generation algorithm, and then performing a setting operation by using the 4G-GUTI or the preset parameter and the second derivative key to generate the first encryption information.
The method and the system for authenticating the UE during the interoperation from the EPS to the 5GS provided by the embodiment of the invention are mainly characterized in that the information is encrypted at the UE side during the interoperation from the EPS to the 5GS, the MME decrypts the information and compares the information with the first source information to check the information, namely the UE carries the first source information and the encrypted information in the registration request message, or only carries the encrypted information; and then the MME decrypts the encrypted information in the same way after receiving the encrypted information, compares the decrypted information with the information of the UE and verifies the encrypted information, and if the encrypted information is consistent with the information of the UE, the UE is authenticated successfully.
Or, the MME authenticates the UE by performing integrity check on the second source information, that is, the UE carries the second source information and the MAC (first integrity check result of the second source information) in the registration request message. And after receiving the second source information, the MME generates an MAC (second integrity check result) for the second source information in the same mode, compares the second source information with the MAC (first integrity check result) on the UE side for verification, and if the second source information is consistent with the MAC (first integrity check result), the UE is authenticated successfully.
Therefore, the method can effectively reduce the message length carried by the air interface by adopting the encryption information at the UE side to authenticate the UE or by adopting the MME to carry out integrity verification on the second source information to authenticate the UE, thereby further saving air interface resources on the basis of ensuring the network security and effectively reducing the network burden; in addition, the method can also carry information irrelevant to EPS, reduce the coupling between modules and further promote the efficient fusion of 4G and 5G networks.
Drawings
Fig. 1 is a flowchart of a method for authenticating a UE when interoperating from EPS to 5GS according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for encrypting at a UE according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for encrypting a random number RAND at a UE according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for random number RAND pairing at the UE side according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a method for encrypting a 4G-GUTI on the UE side according to an embodiment of the present invention;
fig. 6 is a flowchart of a method for authenticating a UE by an MME performing integrity check on second source information according to the second embodiment of the present invention;
fig. 7 is a flowchart of a method for authenticating a UE by an MME performing integrity check on a random number RAND according to a second embodiment of the present invention;
fig. 8 is a flowchart of a method for authenticating the UE by the MME performing integrity check on the TAU request message with the shortest length in the second embodiment of the present invention;
fig. 9 is a schematic structural diagram of a system for authenticating a UE when an EPS interoperates with a 5GS according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a method and a system for authenticating UE during interoperation from EPS to 5GS, and as shown in figure 1, the method comprises the following steps:
the UE carries encrypted information in the 5GS registration request information, or the encrypted information and the first source information are sent to the MME through the AMF, then the MME decrypts the encrypted information to obtain decrypted information, and the decrypted information is compared with the first source information of the UE for verification so as to complete UE authentication;
or the second source information carried in the 5GS registration request message and a first integrity check result corresponding to the second source information obtained by the UE through a preset algorithm are sent to the MME through the AMF; and then the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm by the acquired second source information, and compares the second integrity check result with the first integrity check result to finish the UE authentication.
The method for authenticating the UE during the interoperation from the EPS to the 5GS provided by the embodiment of the invention mainly comprises the steps of encrypting information at the UE side, decrypting by the MME and comparing the information with first source information to check during the interoperation from the EPS to the 5GS, namely the UE carries the first source information and the encrypted information in a registration request message, or only carries the encrypted information; and then the MME decrypts the encrypted information in the same way after receiving the encrypted information, compares the decrypted information with the information of the UE and verifies the encrypted information, and if the encrypted information is consistent with the information of the UE, the UE is authenticated successfully.
Or, the MME authenticates the UE by performing integrity check on the second source information, that is, the UE carries the second source information and the MAC (first integrity check result of the second source information) in the registration request message. And after receiving the second source information, the MME generates an MAC (second integrity check result) for the second source information in the same mode, compares the second source information with the MAC (first integrity check result) on the UE side for verification, and if the second source information is consistent with the MAC (first integrity check result), the UE is authenticated successfully.
Therefore, the method can effectively reduce the message length carried by the air interface by adopting the encryption information at the UE side to authenticate the UE or by adopting the MME to carry out integrity verification on the second source information to authenticate the UE, thereby further saving air interface resources on the basis of ensuring the network security and effectively reducing the network burden; in addition, the method can also carry information irrelevant to EPS, reduce the coupling between modules and further promote the efficient fusion of 4G and 5G networks.
Example one
Optionally, as shown in fig. 2, in this embodiment, the UE mainly carries the first source information and the encryption information in the registration request message, or only carries the encryption information; and then the MME decrypts the encrypted information in the same way after receiving the encrypted information, compares the decrypted information with the information of the UE and verifies the encrypted information, and if the encrypted information is consistent with the information of the UE, the UE is authenticated successfully.
The encryption information can be generated by presetting a derivative key or using a key generation algorithm to generate a derivative key for encryption, the input parameters are from 1 to n, and the number and specific content of the input parameters can be set according to needs. Then, the first source information is encrypted using the derivative key and the encryption algorithm, and the encrypted information (first encryption information RES, first encryption information) is output.
Optionally, the sending, by the UE, the registration request information carrying the encryption information, or the encryption information and the first source information to the MME through the AMF includes:
the method comprises the steps that a random number RAND generated by UE serves as first source information, the random number RAND is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and the first encryption information RES and the random number RAND are sent to an MME through AMF;
or the 4G-GUTI or the preset parameters are used as first source information, the 4G-GUTI is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information, and the first encryption information is sent to the MME through the AMF.
Optionally, the generating, by encrypting the random number RAND or the 4G-GUTI according to a preset encryption algorithm and a derivative key, first encryption information RES or first encryption information includes:
directly adopting 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the random number RAND and the first derived key by f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information RES; or the 4G-GUTI and the first derivation key are encrypted by the f2 algorithm, the EEA algorithm or the EPS NAS layer encryption algorithm to generate first encryption information;
alternatively, the encryption of the key K by the EPS NAS is adoptedNASencGenerating a second derivative key by using the f2 algorithm, the EEA algorithm or the EPSNAS layer encryption algorithm as a key generation algorithm, and then performing a setting operation on the random number RAND generated by the UE to generate first encryption information RES; or, the first encryption information is generated by executing the setting operation by the 4G-GUTI or the preset parameter and the second derivative key.
For example, as shown in fig. 3, the first source information is a random number RAND generated by the UE, and the encryption algorithm adopts f2Algorithm, f2Algorithm (i.e. algorithm of EPC authenticating UE), the first derived key directly adopts USIM and 4G root key K stored in HSS/AuC. The random number RAND is encrypted by the f2 algorithm to generate first encryption information RES.
And then, the 5GS registration request message carries the random number RAND and the first encryption information RES, and the AMF transfers the random number RAND and the first encryption information RES to the MME for verification. The MME decrypts the first encrypted information RES by the same method, then compares the first encrypted information RES with the random number RAND in the registration request message for verification, and if the first encrypted information RES is identical with the random number RAND in the registration request message, the authentication is passed.
In addition, the length of the random number RAND and the first encryption information RES may take 16 bytes, and more preferably, the length of the random number RAND and the first encryption information RES takes 4 bytes or 8 bytes; and further, air interface signaling overhead can be further reduced.
For another example, as shown in fig. 4, the 5GS registration request message still carries the random number RAND and the first encryption information RES, but the step of generating the first encryption information RES is as follows:
firstly, K is put inNASenc(EPS NAS encryption key) and a first preset input parameter are used for generating a second derivative key through an EEA algorithm, wherein the first preset input parameter isThe input parameters include an uplink NAS signaling COUNT value (COUNT), a random number RAND length (len), a DIRECTION indication parameter (DIRECTION), a BEARER (BEARER), and the like. Wherein, the DIRECTION indication parameter DIRECTION and the BEARER BEARER are constant values; the DIRECTION indication parameter direct is used for indicating the DIRECTION (ascending or descending), and generally taking ascending; the BEARER is generally taken as SRB 2; the upstream NAS signaling COUNT value (COUNT) includes a NAS sequence number (key field) and a NAS overflow counter (overflow COUNT value).
Then, the random number RAND and the second derivative key are subjected to an exclusive or algorithm (i.e., an encryption algorithm), and first encryption information RES is generated.
The encryption algorithm includes an exclusive-or algorithm, other applicable encryption algorithms, and the like.
For another example, as shown in fig. 5, the 5GS registration request message carries the first source information 4G-GUTI, and K is addedNASencThe (EPSNAS encryption key) and the first preset input parameter generate a second derivative key through the EEA algorithm, wherein the first preset input parameter includes an uplink NAS signaling COUNT value (COUNT), a random number RAND length (len), a DIRECTION indication parameter (DIRECTION), a BEARER (BEARER), and the like. Wherein, the DIRECTION indication parameter DIRECTION and the BEARER BEARER are constant values; the DIRECTION indication parameter direct is used for indicating the DIRECTION (ascending or descending), and generally taking ascending; the BEARER is generally taken as SRB 2; the upstream NAS signaling COUNT value (COUNT) includes a NAS sequence number (key field) and a NAS overflow counter (overflow COUNT value).
The encrypted 4G-GUTI (i.e., the first encrypted information) is then generated by encrypting the first source information 4G-GUTI and the second derivative key. And the MME decrypts the encrypted 4G-GUTI and then checks whether the decrypted 4G-GUTI is correct to confirm whether the UE is successfully authenticated.
The encrypted first source information includes 4G-GUTI, parameters known by other UEs or network sides, such as eKSI (Key Identifier in E-UTRAN, Key group Identifier of E-UTRAN), NAS COUNT, and so on.
Example two
As shown in fig. 6, in the method according to this embodiment, the MME performs integrity check on the second source information to authenticate the UE, that is, the UE carries the second source information and the MAC (first integrity check result of the second source information) in the registration request message. And after receiving the second source information, the MME generates an MAC (second integrity check result) for the second source information in the same mode, compares the second source information with the MAC (first integrity check result) on the UE side for verification, and if the second source information is consistent with the MAC (first integrity check result), the UE is authenticated successfully.
Optionally, the sending, by the AMF, the second source information carried in the 5GS registration request message and the first integrity check result corresponding to the second source information obtained by the preset algorithm to the MME includes:
the random number RAND generated by the UE is taken as the carried second source information, and then the second source information and the key K for EPS NAS integrity protection are carriedNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
or, taking the TAU request message with the shortest length carried by the UE in the registration request message as the carried second source information, and then taking the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
Optionally, the TAU request message with the shortest length carried by the UE in the registration request message includes a 6-byte security header and a 15-byte optional parameter, where the 15-byte optional parameter includes a PD, or a message ID, or a GUTI.
Optionally, the second source information and the key K for EPS NAS integrity protection are carriedNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, wherein the first integrity check result is carried source information KNASintAnd generating the MAC by the second preset input parameter through an EIA algorithm, wherein the second preset input parameter comprises one or any combination of an uplink NAS signaling count value, a direction indication parameter and a bearer.
For example, as shown in fig. 7, the UE generates a random number RAND as the second source information carried, and uses a key KNASint(EPS NAS integrity protectionProtection key) generates a MAC (first integrity check result) for the random number RAND, and the integrity protection algorithm is EIA (EPS NAS integrity protection algorithm). The second preset input parameter includes one or any combination of an uplink NAS signaling COUNT value (COUNT), a DIRECTION indication parameter (DIRECTION), and a BEARER.
In addition, the secret key KNASintFrom KasmeGenerating;
the DIRECTION indication parameter direct is a constant value;
the BEARER is a constant value;
the length of the random number RAND and the first encryption information RES takes 4 bytes or 8 bytes.
The UE carries a random number RAND and a first integrity check result MAC in a 5GS registration request message and sends the random number RAND and the first integrity check result MAC to the MME through the AMF; preferably, the integrity protection algorithm comprises EIA, other applicable algorithms, and the like.
For another example, as shown in fig. 8, the UE carries the TAU request message (second source information) with the shortest length and the corresponding first integrity check result MAC (the first integrity check result MAC is included in the TAU request message) in the registration request message. The TAU request message, K, with the shortest length is carriedNASintAnd generating a first integrity check result MAC by a second preset input parameter through an EIA algorithm, wherein the second preset input parameter comprises one or any combination of an uplink NAS signaling COUNT value (COUNT), a DIRECTION indication parameter (DIRECTION) and a BEARER (BEARER).
In addition, the secret key KNASintIs EPS NAS integrity protection key, denoted by KasmeGenerating;
the EIA algorithm is an EPS NAS integrity protection algorithm;
the TAU request message with the shortest length contains a 6-byte security header and 15-byte mandatory parameters such as PD, message ID, GUTI, etc.;
COUNT is the current uplink NAS signaling COUNT;
direct indicates up;
BEARER indicates SRB 2.
An embodiment of the present invention further provides a system for authenticating a UE during interoperation between an EPS and a 5GS, where as shown in fig. 9, the system includes:
the transmission unit 11: the method is used for sending the encryption information carried in the 5GS registration request information or the encryption information and the first source information to the MME through the AMF; or the second source information carried in the 5GS registration request message by the UE and a first integrity check result corresponding to the second source information obtained by a preset algorithm are sent to the MME through the AMF;
the decryption unit 12: the MME is used for decrypting the encrypted information to obtain decrypted information; or, the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm on the acquired second source information;
the alignment verification unit 13: the first source information is used for comparing and verifying the decryption information with the first source information of the UE so as to complete UE authentication; or comparing the second integrity check result with the first integrity check result to complete the UE authentication.
The system for authenticating the UE during the interoperation from the EPS to the 5GS provided by the embodiment of the invention mainly adopts the encryption information at the UE side through the sending unit during the interoperation from the EPS to the 5GS, and the MME decrypts and compares the encryption information with the first source information to verify, namely the UE carries the first source information and the encryption information in the registration request message, or only carries the encryption information; then, after receiving the encrypted information, the MME decrypts the encrypted information by the decryption unit in the same mode, compares and verifies the decrypted information and the information of the UE by the comparison and verification unit, and if the decrypted information and the information of the UE are consistent, the UE is authenticated successfully.
Or, the sending unit authenticates the UE by performing integrity check on the second source information through the MME, that is, the UE carries the second source information and the MAC (first integrity check result of the second source information) in the registration request message. After receiving the second source information, the MME generates an MAC (second integrity check result) for the second source information in the same mode by the decryption unit, the second integrity check result is compared and verified with the MAC (first integrity check result) on the UE side by the comparison verification unit, and if the second integrity check result is consistent with the MAC on the UE side, the UE is authenticated successfully.
Therefore, the system can effectively reduce the message length carried by the air interface by adopting the encryption information at the UE side to authenticate the UE or by adopting the MME to carry out integrity verification on the second source information to authenticate the UE, thereby further saving air interface resources on the basis of ensuring the network security and effectively reducing the network burden; in addition, the system can also carry information irrelevant to EPS, reduce the coupling between modules and further promote the efficient fusion of 4G and 5G networks.
Optionally, the sending unit 11 includes:
the first encryption sending module is used for taking a random number RAND generated by the UE as first source information, encrypting the RAND according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and sending the first encryption information RES and the random number RAND to the MME through the AMF;
the second encryption sending module is used for taking the 4G-GUTI or the preset parameters as first source information, encrypting the 4G-GUTI according to a preset encryption algorithm and a derivative key to generate first encryption information, and sending the first encryption information to the MME through the AMF;
a third encryption sending module, configured to use the random number RAND generated by the UE as the carried second source information, and then use the second source information and the key K for EPS NAS integrity protectionNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
a fourth encryption sending module, configured to use the TAU request message with the shortest length carried in the registration request message by the UE as the second source information carried in the registration request message, and then use the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
Optionally, the first encryption sending module includes:
a first encryption submodule: for directly employing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the random number RAND and the first derived key by f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information RES;
a second encryption submodule: for direct miningUsing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the 4G-GUTI and the first derived key by using f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information;
preferably, the second encryption transmission module includes:
a third encryption submodule: for employing the encryption key K by EPS NASNASencGenerating a second derivative key by using an f2 algorithm, an EEA algorithm or an EPS NAS layer encryption algorithm as a key generation algorithm, and then executing a setting operation by a random number RAND generated by the UE to generate first encryption information RES;
a fourth encryption sub-module: using EPS NAS encryption Key KNASencAnd generating a second derivative key by using the f2 algorithm, the EEA algorithm or the EPSNAS layer encryption algorithm as a key generation algorithm, and then performing a setting operation by using the 4G-GUTI or the preset parameter and the second derivative key to generate the first encryption information.
The system of this embodiment may be configured to implement the technical solutions of the method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A method for authenticating UE during interoperation from EPS to 5GS, comprising:
the UE carries encrypted information in the 5GS registration request information, or the encrypted information and the first source information are sent to the MME through the AMF, then the MME decrypts the encrypted information to obtain decrypted information, and the decrypted information is compared with the first source information of the UE for verification so as to complete UE authentication;
or the second source information carried in the 5GS registration request message and a first integrity check result corresponding to the second source information obtained by the UE through a preset algorithm are sent to the MME through the AMF; and then the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm by the acquired second source information, and compares the second integrity check result with the first integrity check result to finish the UE authentication.
2. The method of claim 1, wherein the UE sending the encryption information carried in the registration request information, or the encryption information and the first source information to the MME via the AMF comprises:
the method comprises the steps that a random number RAND generated by UE serves as first source information, the random number RAND is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and the first encryption information RES and the random number RAND are sent to an MME through AMF;
or the 4G-GUTI or the preset parameters are used as first source information, the 4G-GUTI is encrypted according to a preset encryption algorithm and a derivative key to generate first encryption information, and the first encryption information is sent to the MME through the AMF.
3. The method of claim 2, wherein the generating the first encryption information RES or the first encryption information by encrypting the random number RAND or the 4G-GUTI according to a preset encryption algorithm and a derivative key comprises:
directly adopting 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the random number RAND and the first derived key by f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information RES;or the 4G-GUTI and the first derivation key are encrypted by the f2 algorithm, the EEA algorithm or the EPS NAS layer encryption algorithm to generate first encryption information;
alternatively, the encryption of the key K by the EPS NAS is adoptedNASencGenerating a second derivative key by using an f2 algorithm, an EEA algorithm or an EPS NAS layer encryption algorithm as a key generation algorithm, and then executing a setting operation by a random number RAND generated by the UE to generate first encryption information RES; or, the first encryption information is generated by executing the setting operation by the 4G-GUTI or the preset parameter and the second derivative key.
4. Method according to claim 3, wherein said encryption of key K by EPS NAS is performed byNASencGenerating a second derivative key as EPS NAS encryption key K by using EEA algorithm as key generation algorithmNASencAnd generating a second derivative key by a first preset input parameter through an EEA algorithm, wherein the first preset input parameter comprises one or any combination of an uplink NAS signaling count value, a random number RAND length, a direction indication parameter and a bearer.
5. The method according to any one of claims 1 to 4, wherein sending, by the AMF, the second source information carried in the 5GS registration request message and the first integrity check result corresponding to the second source information obtained by the preset algorithm to the MME comprises:
the random number RAND generated by UE is taken as the second source information carried, and then the second source information and the key K for EPSNAS integrity protectionNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
or, taking the TAU request message with the shortest length carried by the UE in the registration request message as the carried second source information, and then taking the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
6. The method of claim 5, wherein the TAU request message with the shortest length carried by the UE in the registration request message comprises a 6-byte security header and a 15-byte mandatory parameter, wherein the 15-byte mandatory parameter comprises PD, or message ID, or GUTI.
7. Method according to claim 5 or 6, wherein said second source information to be carried and the key K for EPSNAS integrity protectionNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, wherein the first integrity check result is carried source information and a secret key KNASintAnd generating the MAC by the second preset input parameter through an EIA algorithm, wherein the second preset input parameter comprises one or any combination of an uplink NAS signaling count value, a direction indication parameter and a bearer.
8. A system for authenticating a UE while interoperating from EPS to 5GS, comprising:
a transmission unit: the method is used for sending the encryption information carried in the 5GS registration request information or the encryption information and the first source information to the MME through the AMF; or the second source information carried in the 5GS registration request message by the UE and a first integrity check result corresponding to the second source information obtained by a preset algorithm are sent to the MME through the AMF;
a decryption unit: the MME is used for decrypting the encrypted information to obtain decrypted information; or, the MME obtains a second integrity check result corresponding to the second source information through a preset algorithm on the acquired second source information;
a comparison verification unit: the first source information is used for comparing and verifying the decryption information with the first source information of the UE so as to complete UE authentication; or comparing the second integrity check result with the first integrity check result to complete the UE authentication.
9. The system of claim 8, wherein the sending unit comprises:
the first encryption sending module is used for taking a random number RAND generated by the UE as first source information, encrypting the RAND according to a preset encryption algorithm and a derivative key to generate first encryption information RES, and sending the first encryption information RES and the random number RAND to the MME through the AMF;
the second encryption sending module is used for taking the 4G-GUTI or the preset parameters as first source information, encrypting the 4G-GUTI according to a preset encryption algorithm and a derivative key to generate first encryption information, and sending the first encryption information to the MME through the AMF;
a third encryption sending module, configured to use the random number RAND generated by the UE as the carried second source information, and then use the second source information and the key K for EPS NAS integrity protectionNASintGenerating MAC as a first integrity check result corresponding to the second source information according to an integrity protection algorithm, and sending the random number RAND and the MAC to the MME by the UE through the AMF;
a fourth encryption sending module, configured to use the TAU request message with the shortest length carried in the registration request message by the UE as the second source information carried in the registration request message, and then use the second source information and the key K for EPS NAS integrity protectionNASintAnd generating a MAC (media access control) according to an integrity protection algorithm, wherein the MAC is used as a first integrity check result corresponding to the second source information and is sent to the MME through the AMF.
10. The system according to claim 8 or 9, wherein the first encryption transmission module comprises:
a first encryption submodule: for directly employing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the random number RAND and the first derived key by f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information RES;
a second encryption submodule: for directly employing the 4G root key K or root key K stored in USIM or HSS/AuCasmeAs a first derived key, encrypting the 4G-GUTI and the first derived key by using f2 algorithm, EEA algorithm or EPS NAS layer encryption algorithm to generate first encryption information;
preferably, the second encryption transmission module includes:
a third encryption submodule: for employing the encryption key K by EPS NASNASencGenerating a second derivative key by using the f2 algorithm, the EEA algorithm or the EPSNAS layer encryption algorithm as a key generation algorithm, and then performing a setting operation on the random number RAND generated by the UE to generate first encryption information RES;
a fourth encryption sub-module: using EPS NAS encryption Key KNASencAnd generating a second derivative key by using the f2 algorithm, the EEA algorithm or the EPS NAS layer encryption algorithm as a key generation algorithm, and then executing setting operation by using the 4G-GUTI or preset parameters and the second derivative key to generate first encryption information.
CN201811398991.8A 2018-11-22 2018-11-22 Method and system for authenticating UE during interoperation from EPS to 5GS Active CN111212424B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811398991.8A CN111212424B (en) 2018-11-22 2018-11-22 Method and system for authenticating UE during interoperation from EPS to 5GS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811398991.8A CN111212424B (en) 2018-11-22 2018-11-22 Method and system for authenticating UE during interoperation from EPS to 5GS

Publications (2)

Publication Number Publication Date
CN111212424A true CN111212424A (en) 2020-05-29
CN111212424B CN111212424B (en) 2023-03-24

Family

ID=70789256

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811398991.8A Active CN111212424B (en) 2018-11-22 2018-11-22 Method and system for authenticating UE during interoperation from EPS to 5GS

Country Status (1)

Country Link
CN (1) CN111212424B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103476028A (en) * 2013-08-30 2013-12-25 大唐移动通信设备有限公司 NAS (Non Access Stratum) message treatment method and device during rollover of NAS COUNT
WO2017091959A1 (en) * 2015-11-30 2017-06-08 华为技术有限公司 Data transmission method, user equipment and network side device
US20180013568A1 (en) * 2016-03-10 2018-01-11 Futurewei Technologies, Inc. Authentication Mechanism for 5G Technologies
CN108781366A (en) * 2016-03-10 2018-11-09 华为技术有限公司 Authentication mechanism for 5g technologies

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103476028A (en) * 2013-08-30 2013-12-25 大唐移动通信设备有限公司 NAS (Non Access Stratum) message treatment method and device during rollover of NAS COUNT
WO2017091959A1 (en) * 2015-11-30 2017-06-08 华为技术有限公司 Data transmission method, user equipment and network side device
US20180013568A1 (en) * 2016-03-10 2018-01-11 Futurewei Technologies, Inc. Authentication Mechanism for 5G Technologies
CN108781366A (en) * 2016-03-10 2018-11-09 华为技术有限公司 Authentication mechanism for 5g technologies

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
""33899-130"", 《3GPP SPECS\33_SERIES》 *
"\"33501-f10\"", 《3GPP TSG_SA\\WG3_SECURITY》 *
"\"33501-f20\"", 《3GPP SPECS\\33_SERIES》 *

Also Published As

Publication number Publication date
CN111212424B (en) 2023-03-24

Similar Documents

Publication Publication Date Title
US10849191B2 (en) Unified authentication for heterogeneous networks
KR102033465B1 (en) Security equipment in communication between communication devices and network devices
US11178584B2 (en) Access method, device and system for user equipment (UE)
US9060270B2 (en) Method and device for establishing a security mechanism for an air interface link
US9241261B2 (en) Method, system and device for negotiating security capability when terminal moves
RU2480925C2 (en) Generation of cryptographic key
US9189632B2 (en) Method for protecting security of data, network entity and communication terminal
US8707045B2 (en) Method and apparatus for traffic count key management and key count management
US9668139B2 (en) Secure negotiation of authentication capabilities
CN101931955B (en) Authentication method, device and system
WO2020221252A1 (en) Method and apparatus for sending terminal sequence number and authentication method and apparatus
EP2296392A1 (en) Authentication method, re-certification method and communication device
KR20180066899A (en) Method and system for generating session key using Diffie-Hellman procedure
US11343673B2 (en) Enhanced aggregated re-authentication for wireless devices
WO2011131052A1 (en) Method and system for group-based authentication in machine to machine communication systems
CN1941695B (en) Method and system for generating and distributing key during initial access network process
US20220182822A1 (en) Methods and apparatus relating to authentication of a wireless device
US10320917B2 (en) Key negotiation processing method and apparatus
CN102572819B (en) Method, device and system for generating secret key
CN111212424B (en) Method and system for authenticating UE during interoperation from EPS to 5GS
WO2022078058A1 (en) Decryption method, server and storage medium
CN110366178A (en) A kind of authentication method and network element
WO2021109770A1 (en) Wireless network switching method and device
CN106612205B (en) Node authentication method, system and proxy node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant