CN111372250A - Base station determination method and apparatus, storage medium, and electronic apparatus - Google Patents
Base station determination method and apparatus, storage medium, and electronic apparatus Download PDFInfo
- Publication number
- CN111372250A CN111372250A CN201811605424.5A CN201811605424A CN111372250A CN 111372250 A CN111372250 A CN 111372250A CN 201811605424 A CN201811605424 A CN 201811605424A CN 111372250 A CN111372250 A CN 111372250A
- Authority
- CN
- China
- Prior art keywords
- base station
- terminal
- cell
- pseudo
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W60/00—Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/04—Terminal devices adapted for relaying to or from another terminal or user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and a device for judging a base station, a storage medium and an electronic device; wherein, the method comprises the following steps: the terminal receives an anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum; the terminal judges whether the base station accessed at this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container; if the judgment result is yes, the terminal reselects the cell for registration; and under the condition that the judgment result is negative, the terminal registers to the base station accessed this time. The invention solves the problem that the authenticity of the current access base station can not be determined after the private key of the base station is revealed in the related technology, and improves the security of the terminal access cell.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for determining a base station, a storage medium, and an electronic apparatus.
Background
The third Generation Partnership Project (3 GPP) has formulated specifications of various mobile networks, and the mobile networks deployed according to the specifications are also under attack from various pseudo base stations, so that a major reason why the attack can be implemented is that a terminal cannot perform authenticity identification on a base station, and thus various instructions sent by the pseudo base station are accepted.
In order to authenticate the base station (authetic), key information must be issued on the base station and the terminal, so that the base station can protect the sent message or part of the content in the message according to the key information, so that the terminal can authenticate the message sent by the base station according to the key information, and can authenticate the base station (the pseudo base station cannot access the mobile network to obtain the key information).
Fig. 1 is a schematic structural diagram of a mobile system in the prior art, as shown in fig. 1, including a terminal, a base station, an authentication function, an authentication service function, and a subscription data management function. The base station provides services provided by various mobile networks such as communication and the like for the terminal, such as eNB or gNB; the authentication function is a software function or a hardware device of a core network of the mobile network, and is used for interacting with the base station through signaling, so that the mobile network terminal can realize mutual authentication, such as mme (Mobility management entity), or seaf (security Anchor function), or amf (access and Mobility management function); the authentication service function is used for acquiring key information related to a user through a signaling interface with the subscription data management function and providing the information to the authentication function through the signaling interface, wherein the function can be AUSF, and the function can also be combined with the subscription data management function; the subscription data management function stores and processes user-related data, generates information for authenticating a user and user-related key information based on the user-related data, and provides the information and the key information to the authentication service function through a signaling interface, which may be udm (user Date management) or hss (home Subscriber server).
The existing scheme is that after a terminal accesses a mobile network, a public key of the mobile network is obtained through a signaling channel with a core network function, a base station of the mobile network stores a private key of the mobile network, so that the base station can use the private key to digitally sign a sent message, and the terminal can use the public key to verify the digital signature of the message, thereby realizing integrity verification of the message and authenticity identification of the base station. However, the method enables all the base stations to store the same private key, so that once one base station is attacked and reveals the private key, the private keys of all the base stations are revealed, and the security is very low.
In view of the above problems in the related art, no effective solution exists at present.
Disclosure of Invention
The embodiment of the invention provides a method and a device for judging a base station, a storage medium and an electronic device, which are used for at least solving the problem that the authenticity of a current access base station cannot be determined after a private key of the base station is leaked in the related technology.
According to an embodiment of the present invention, a method for determining a base station is provided, including: the terminal receives an anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum; the terminal judges whether the base station accessed at this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container; if the judgment result is yes, the terminal reselects the cell for registration; and under the condition that the judgment result is negative, the terminal registers to the base station accessed this time.
According to another embodiment of the present invention, a method for determining a base station includes: the network equipment function sends the anti-counterfeiting base station container protected by the non-access layer to the terminal; the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
According to still another embodiment of the present invention, there is provided a determination apparatus of a base station, applied to a terminal side, including: the receiving module is used for receiving the anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum; the judging module is used for judging whether the base station accessed at this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container; the selection module is used for reselecting the cell for registration under the condition that the judgment result is yes; and the registration module is used for registering to the base station accessed at this time under the condition that the judgment result is negative.
According to still another embodiment of the present invention, there is provided a base station determining apparatus, applied to a network device function side, including: the sending module is used for sending the anti-counterfeiting base station container which is protected by the non-access stratum security to the terminal; the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
According to a further embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the invention, after the terminal receives the anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum, whether the currently accessed base station is a pseudo base station or a pseudo relay base station is judged based on the parameters in the anti-counterfeiting base station container, so that the problem that the authenticity of the currently accessed base station cannot be determined after the private key of the base station is leaked in the related technology is solved, and the safety of the terminal access cell is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a prior art mobile system;
fig. 2 is a block diagram of a hardware structure of a terminal of a method for determining a base station according to an embodiment of the present invention;
fig. 3 is a flowchart of a determination method of a base station according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a terminal key issuing process according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a determination apparatus of a base station according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an alternative structure of a determination apparatus of a base station according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Example 1
The method provided by the first embodiment of the present application may be executed in a terminal, a computer terminal, or a similar computing device. Taking the operation on the terminal as an example, fig. 2 is a block diagram of a hardware structure of the terminal of the method for determining a base station according to the embodiment of the present invention. As shown in fig. 2, the terminal 10 may include one or more (only one shown in fig. 2) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those skilled in the art that the structure shown in fig. 2 is only an illustration and is not intended to limit the structure of the terminal. For example, the terminal 10 may also include more or fewer components than shown in FIG. 2, or have a different configuration than shown in FIG. 2.
The memory 104 may be used to store a computer program, for example, a software program and a module of an application software, such as a computer program corresponding to the determination method of the base station in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the terminal 10. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In this embodiment, a method for determining a base station operating in the terminal is provided, and fig. 3 is a flowchart of a method for determining a base station according to an embodiment of the present invention, as shown in fig. 3, the method includes the following steps:
step S302, the terminal receives an anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum;
step S304, the terminal judges whether the base station accessed this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container;
step S306, under the condition that the judgment result is yes, the terminal reselects the cell for registration;
and step S308, under the condition that the judgment result is negative, the terminal registers to the base station accessed this time.
Through the steps S302 to S304, after receiving the anti-fake base station container which is sent by the network device function and is protected by the non-access stratum, the terminal determines whether the currently accessed base station is a fake base station or a fake relay base station based on the parameters in the anti-fake base station container, so that the problem that the authenticity of the currently accessed base station cannot be determined after the private key of the base station is revealed in the related art is solved, and the security of the terminal accessing the cell is improved.
It should be noted that the network device functions in this embodiment include: authentication function, authentication service function, and subscription data management function.
In an optional implementation manner of this embodiment, the parameter of the anti-counterfeit base station container related in this embodiment includes at least one of the following: base station identification, cell identification, system information block 1, necessary system information, system information block 3, relay indication.
Based on the parameters of the anti-counterfeit base station container in the embodiment, the manner in which the terminal related to step S304 in this embodiment determines whether the base station accessed this time is a pseudo base station according to the parameters in the anti-counterfeit base station container may be:
step S304-11, under the condition that the anti-counterfeiting base station container has no relay indication, the terminal judges whether the base station identifier is consistent with the cell identifier;
step S304-12, under the condition that the base station identification is not consistent with the cell identification, the terminal determines that the base station accessed this time is a pseudo base station;
step S304-13, under the condition that the base station identification is consistent with the cell identification, the terminal continuously judges whether the cell frequency in the system message block 1 or the necessary system message is in the same range;
step S304-14, in the system message block 1 or the necessary system message, the cell frequency is not in the same range, and the terminal determines that the base station accessed this time is a pseudo base station;
step S304-15, in the system message block 1 or the necessary system message, the terminal determines that the base station accessed this time is the real and credible base station, if the cell frequency is in the same range.
Based on the parameters of the anti-counterfeit base station container in the above embodiment, the manner of determining, by the terminal in step S304 according to the parameters in the anti-counterfeit base station container, whether the base station accessed this time is a pseudo relay base station may be:
step S304-21, under the condition that the anti-counterfeiting base station container has a relay instruction, the terminal judges whether the cell adjacent to the base station identifier and the cell identifier can be found;
step S304-22, under the condition that the judgment result is negative, the terminal determines that the base station accessed this time is a pseudo relay base station;
step S304-23, under the condition that the judgment result is yes, the terminal continuously judges whether the cell frequency in the system message block 3 is in the same range;
step S304-24, under the condition that the cell frequencies in the system message block 3 are not in the same range, the terminal determines that the base station accessed this time is a pseudo relay base station;
and step S304-25, under the condition that the cell frequency in the system message block 3 is in the same range, the terminal determines that the base station accessed this time is a real and credible relay base station.
After determining the pseudo base station or the relay base station, in an optional implementation manner in this embodiment, the terminal reports the pseudo base station or the pseudo relay base station to the network.
The foregoing steps S302 to S308 are described from the terminal side, and in an alternative embodiment in this embodiment, as for the network device function side, the following manner may be included: the network equipment function sends the anti-counterfeiting base station container protected by the non-access layer to the terminal; the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
The present disclosure will be described below by way of example with reference to specific embodiments of the present embodiment;
fig. 4 is a schematic diagram of a terminal key issuing process according to an embodiment of the present invention, and as shown in fig. 4, the method of the process includes:
step S401: the base station and authentication function configures the setup request message via N2 to store the base station parameters including the base station ID, base station name, and base station cell list on the authentication function.
Step S402: a terminal initiates a service request message to a base station, wherein the message carries a cell identifier accessed by the terminal, and the service request message is a registration request message or a service request establishment message;
step S403: the base station forwards a service request message to an authentication function, wherein the message carries a cell identifier accessed by a terminal and an anti-counterfeiting base station container consisting of a system message block under the cell of the base station, and the anti-counterfeiting base station container comprises: system message block 1 or system message block 3 or a relay indication;
step S404: the authentication function sends an authentication request to the authentication service function, for example, sends an authentication request message, where the message may carry indication information, the authentication service function requests the subscription data management function for user authentication information, which includes a random string RAND, an authentication parameter AUTN, and a challenge response, and the request message may carry the indication information. If the subscription data management function receives the indication information, the generated challenge response is different from the challenge response generated when the indication information is not received, for example, the generated parameters are not completely the same except for RAND, or the generation function is different.
Step S405: the authentication service function sends an authentication response, such as sending an authentication response, to the authentication function, carrying authentication information, such as RAND and AUTN, and may also carry a user key, or a derived key, which is derived from the user key.
Step S406: the authentication function sends an authentication request to the terminal, such as sending a User authentication request message, where the message carries authentication information, such as RAND and AUTN.
Step S407: the terminal generates a challenge Response according to the Authentication information and the User key stored therein, and sends the Authentication Response to the Authentication function, for example, sends a User Authentication Response message, where the message carries a challenge Response XRES.
Step S408: the authentication function sends an authentication execution, such as an authentication configuration message, to the authentication service function, carrying the challenge response XRES.
Step S409: the authentication service function sends an authentication acknowledgement to the authentication function, such as sending an authenticating acknowledgment message.
Thus, the security protection mechanisms of the access layer and the non-access layer are successfully established, and the subsequent messages are completely protected by encryption.
Step S410: the authentication function returns a service request message to the terminal, the message is protected by a non-access stratum security protection mechanism, the message carries an anti-counterfeiting base station container, and the anti-counterfeiting base station container comprises: a base station identifier, a cell identifier, a system message block 1 or a system message block 3 or a relay indicator;
step S411: the terminal judges according to the parameters in the anti-counterfeiting base station container:
if the anti-counterfeiting base station container has no relay indication, the terminal firstly judges whether the base station identification is consistent with the cell identification, if not, the anti-counterfeiting base station is a pseudo base station, if so, the terminal continuously judges whether the cell frequency in the system message block 1 or the necessary system message is in the same range, if not, the terminal is a pseudo base station, otherwise, the terminal is a true and credible base station;
if the anti-counterfeiting base station container has a relay instruction, the terminal finds out a cell adjacent to the base station identifier and the cell identifier, if the cell cannot be found out, the cell is a pseudo relay base station, if the cell adjacent to the base station identifier and the cell identifier is found out, whether the cell frequency in the system message block 3 is in the same range is continuously judged, if the cell frequency is not in the same range, the cell is a pseudo relay base station, otherwise, the cell is a true and credible relay base station;
step S412: if the terminal judges that the access cell is a pseudo base station or a pseudo relay base station, performing detachment, cell reselection and re-registration; and after the terminal is successfully re-registered, reporting the parameters of the pseudo base station or the pseudo relay base station to a network operator.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
In this embodiment, a determination apparatus of a base station is further provided, and the apparatus is used to implement the foregoing embodiments and preferred embodiments, and details of which have been already described are omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 5 is a schematic structural diagram of a determination apparatus of a base station according to an embodiment of the present invention, which is applied to a terminal side, as shown in fig. 5, the apparatus includes: a receiving module 52, configured to receive an anti-counterfeit base station container, which is sent by the network device function and is protected by the non-access stratum; a judging module 54 coupled to the receiving module 52, configured to judge whether the base station accessed this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeit base station container; a selecting module 56, coupled to the determining module 54, configured to reselect the cell for registration if the determination result is yes; and the registering module 58 is coupled to the selecting module 46, and is configured to register with the currently accessed base station if the determination result is negative.
Optionally, the parameters of the anti-counterfeit base station container related in this embodiment include at least one of: base station identification, cell identification, system information block 1, necessary system information, system information block 3, relay indication.
Based on the parameters of the anti-counterfeit base station container, the determining module 54 in this embodiment includes: the first judging unit is used for judging whether the base station identifier is consistent with the cell identifier or not under the condition that the anti-counterfeiting base station container has no relay indication; the first determining unit is coupled with the first judging unit and used for determining that the base station accessed this time is a pseudo base station under the condition that the base station identification is not consistent with the cell identification; the second judging unit is coupled with the first determining unit and used for continuously judging whether the cell frequency in the system message block 1 or the necessary system message is in the same range under the condition that the base station identifier is consistent with the cell identifier; the second determining unit is coupled and connected with the second judging unit and is used for determining that the base station accessed at this time is a pseudo base station when the cell frequency is not in the same range in the system message block 1 or the necessary system message; and the third determining unit is coupled with the second judging unit and used for determining that the base station accessed at this time is a real and credible base station in the system message block 1 or the necessary system message when the cell frequency is in the same range.
Based on the parameters of the anti-counterfeit base station container, the determining module 54 in this embodiment includes: a third judging unit, configured to judge whether a cell adjacent to the base station identifier and the cell identifier can be found out in the case that the anti-counterfeit base station container has the relay indication; the fourth determining unit is coupled with the third judging unit and used for determining the base station accessed this time as a pseudo relay base station under the condition that the judging result is negative; a fourth judging unit, coupled to the fourth determining unit, configured to, if the judgment result is yes, continue to judge whether the cell frequencies in the system message block 3 are in the same range; a fifth determining unit, coupled to the fourth determining unit, configured to determine, when the cell frequencies in the system message block 3 are not in the same range, that the base station accessed this time is a pseudo relay base station; and a sixth determining unit, coupled to the fourth determining unit, configured to determine, when the cell frequencies in the system message block 3 are in the same range, that the currently accessed base station is a true and trusted relay base station.
Fig. 6 is a schematic diagram of an alternative structure of a determining apparatus of a base station according to an embodiment of the present invention, and as shown in fig. 6, the apparatus further includes: and a reporting module 62, coupled to the determining module 54, for reporting the pseudo base station or the pseudo relay base station to the network.
Fig. 5 and 6 described above are described from the terminal side, and for the network device function, include: the sending module is used for sending the anti-counterfeiting base station container which is protected by the non-access stratum security to the terminal; the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Example 3
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, the terminal receives the anti-fake base station container which is sent by the network device function and protected by the non-access layer;
s2, the terminal judges whether the base station accessed this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container;
s3, when the judgment result is yes, the terminal reselects the cell to register;
and S4, if the judgment result is negative, the terminal registers to the base station accessed this time.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, the terminal receives the anti-fake base station container which is sent by the network device function and protected by the non-access layer;
s2, the terminal judges whether the base station accessed this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container;
s3, when the judgment result is yes, the terminal reselects the cell to register;
and S4, if the judgment result is negative, the terminal registers to the base station accessed this time.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (14)
1. A method for judging a base station, comprising:
the terminal receives an anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum;
the terminal judges whether the base station accessed at this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container;
if the judgment result is yes, the terminal reselects the cell for registration;
and under the condition that the judgment result is negative, the terminal registers to the base station accessed this time.
2. The method of claim 1, wherein the parameters of the anti-counterfeit base station container include at least one of: base station identification, cell identification, system information block 1, necessary system information, system information block 3, relay indication.
3. The method according to claim 2, wherein the terminal determines whether the base station accessed this time is a pseudo base station according to the parameters in the anti-counterfeit base station container, including:
under the condition that the anti-counterfeiting base station container has no relay indication, the terminal judges whether the base station identifier is consistent with the cell identifier;
under the condition that the base station identification is not consistent with the cell identification, the terminal determines that the base station accessed at this time is a pseudo base station;
under the condition that the base station identification is consistent with the cell identification, the terminal continuously judges whether the cell frequency in the system message block 1 or the necessary system message is in the same range;
when the cell frequencies in the system message block 1 or the necessary system message are not in the same range, the terminal determines that the base station accessed at this time is a pseudo base station;
and in the system message block 1 or the necessary system message, the terminal determines that the base station accessed at this time is a real and credible base station, wherein the cell frequency is in the same range.
4. The method according to claim 2, wherein the terminal determining whether the base station accessed this time is a pseudo relay base station according to the parameters in the anti-counterfeit base station container comprises:
under the condition that the anti-counterfeiting base station container has the relay indication, the terminal judges whether a cell adjacent to the base station identifier and the cell identifier can be found;
under the condition that the judgment result is negative, the terminal determines the base station accessed this time as the pseudo relay base station;
if the judgment result is yes, the terminal continuously judges whether the cell frequencies in the system message block 3 are in the same range;
under the condition that the cell frequencies in the system message block 3 are not in the same range, the terminal determines that the base station accessed this time is the pseudo relay base station;
and under the condition that the cell frequencies in the system message block 3 are in the same range, the terminal determines that the base station accessed at this time is a real and credible relay base station.
5. The method of claim 1, further comprising:
and the terminal reports the pseudo base station or the pseudo relay base station to the network.
6. A method for judging a base station, comprising:
the network equipment function sends the anti-counterfeiting base station container protected by the non-access layer to the terminal;
the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
7. A judgment device of a base station, applied to a terminal side, comprising:
the receiving module is used for receiving the anti-counterfeiting base station container which is sent by the network equipment function and is protected by the non-access stratum;
the judging module is used for judging whether the base station accessed at this time is a pseudo base station or a pseudo relay base station according to the parameters in the anti-counterfeiting base station container;
the selection module is used for reselecting the cell for registration under the condition that the judgment result is yes;
and the registration module is used for registering to the base station accessed at this time under the condition that the judgment result is negative.
8. The apparatus of claim 7, wherein the parameters of the counterfeit-resistant base-station container include at least one of: base station identification, cell identification, system information block 1, necessary system information, system information block 3, relay indication.
9. The apparatus of claim 8, wherein the determining module comprises:
a first judging unit, configured to judge whether the base station identifier and the cell identifier are consistent under the condition that the anti-counterfeit base station container has no relay indication;
a first determining unit, configured to determine that the base station accessed this time is a pseudo base station when the base station identifier is inconsistent with the cell identifier;
a second determining unit, configured to continue to determine whether cell frequencies in the system message block 1 or the necessary system message are in the same range when the base station identifier and the cell identifier are consistent;
a second determining unit, configured to determine that the base station accessed this time is a pseudo base station, if the cell frequencies in the system message block 1 or the necessary system messages are not in the same range;
and a third determining unit, configured to determine, in the system message block 1 or the necessary system message, that the cell frequency is in the same range, that the currently accessed base station is a true and trusted base station.
10. The apparatus of claim 8, wherein the determining module comprises:
a third judging unit, configured to judge whether a cell adjacent to the base station identifier and the cell identifier can be found out under the condition that the anti-counterfeit base station container has the relay instruction;
a fourth determining unit, configured to determine, when the determination result is negative, that the base station accessed this time is the pseudo relay base station;
a fourth judging unit, configured to, if a judgment result is yes, continue to judge whether the cell frequencies in the system message block 3 are in the same range;
a fifth determining unit, configured to determine, when the cell frequencies in the system message block 3 are not in the same range, that the base station accessed this time is the pseudo relay base station;
a sixth determining unit, configured to determine, when the cell frequencies in the system message block 3 are in the same range, that the base station accessed this time is a true and trusted relay base station.
11. The apparatus of claim 7, further comprising:
and the reporting module is used for reporting the pseudo base station or the pseudo relay base station to a network.
12. A judgment device of a base station is applied to a network equipment function side, and is characterized by comprising:
the sending module is used for sending the anti-counterfeiting base station container which is protected by the non-access stratum security to the terminal;
the anti-fake base station container carries parameters, and the parameters are the basis for the terminal to judge whether the base station accessed at this time is a fake base station or a fake relay base station.
13. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 5 when executed.
14. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811605424.5A CN111372250A (en) | 2018-12-26 | 2018-12-26 | Base station determination method and apparatus, storage medium, and electronic apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811605424.5A CN111372250A (en) | 2018-12-26 | 2018-12-26 | Base station determination method and apparatus, storage medium, and electronic apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111372250A true CN111372250A (en) | 2020-07-03 |
Family
ID=71212429
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811605424.5A Pending CN111372250A (en) | 2018-12-26 | 2018-12-26 | Base station determination method and apparatus, storage medium, and electronic apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111372250A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112188492A (en) * | 2020-10-22 | 2021-01-05 | 中国联合网络通信集团有限公司 | Micro base station registration method and device and micro base station |
-
2018
- 2018-12-26 CN CN201811605424.5A patent/CN111372250A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112188492A (en) * | 2020-10-22 | 2021-01-05 | 中国联合网络通信集团有限公司 | Micro base station registration method and device and micro base station |
| CN112188492B (en) * | 2020-10-22 | 2022-08-26 | 中国联合网络通信集团有限公司 | Micro base station registration method and device and micro base station |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hussain et al. | LTEInspector: A systematic approach for adversarial testing of 4G LTE | |
| US10200861B2 (en) | Verification of cell authenticity in a wireless network using a system query | |
| AU2024201161A1 (en) | Enhanced registration procedure in a mobile system supporting network slicing | |
| US9668139B2 (en) | Secure negotiation of authentication capabilities | |
| WO2019062384A1 (en) | Method and device for public network user accessing private network | |
| CN108683690B (en) | Authentication method, user equipment, authentication device, authentication server and storage medium | |
| US20190289463A1 (en) | Method and system for dual-network authentication of a communication device communicating with a server | |
| CN110537356A (en) | Security update to telecommunication terminal configuration | |
| CN107835204A (en) | The security control of configuration file policing rule | |
| CN104604290B (en) | Mobile terminal for executing the method and system of the switching of mobile terminal and being intended for use in wireless cellular communication network | |
| EP3767982A1 (en) | Communication method and apparatus | |
| CN110073681B (en) | Method, apparatus and computer readable medium for internet of things device | |
| CN109792604A (en) | A kind of eUICC configuration file management method and relevant apparatus | |
| CN112492590A (en) | Communication method and device | |
| CN113676904B (en) | Slice authentication method and device | |
| JP2022530955A (en) | Methods and processes for validating multi-SIM devices and subscription information | |
| CN113055342B (en) | Information processing method and communication device | |
| CN113038467B (en) | Event information reporting method and communication device | |
| CN113302895B (en) | Method and apparatus for authenticating a group of wireless communication devices | |
| WO2019196963A1 (en) | Method and device for accessing network slice, storage medium, electronic device | |
| CN111372250A (en) | Base station determination method and apparatus, storage medium, and electronic apparatus | |
| US10492056B2 (en) | Enhanced mobile subscriber privacy in telecommunications networks | |
| Amgoune et al. | 5g: Interconnection of services and security approaches | |
| WO2021233286A1 (en) | Data processing method and apparatus, network device, and terminal | |
| CN111163466B (en) | Method for 5G user terminal to access block chain, user terminal equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |