CN112400335B - Method and computing device for performing data integrity protection - Google Patents
Method and computing device for performing data integrity protection Download PDFInfo
- Publication number
- CN112400335B CN112400335B CN201880095240.0A CN201880095240A CN112400335B CN 112400335 B CN112400335 B CN 112400335B CN 201880095240 A CN201880095240 A CN 201880095240A CN 112400335 B CN112400335 B CN 112400335B
- Authority
- CN
- China
- Prior art keywords
- key
- wireless communication
- communication device
- next hop
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Abstract
The source network node performs the following actions during the reconstruction process: determining that an unused next hop parameter, next hop link counter pair exists; based on the determining step, calculating a horizontal derivative key and a vertical derivative key; computing a security token using the level derivative key; and sending the horizontal derived key, the vertical derived key, the security token, and the next hop link counter to a target network node.
Description
Technical Field
The present disclosure relates generally to wireless network communications, and more particularly, to methods and computing devices for performing data integrity protection.
Background
In a cellular system, when a link between a network node (e.g., a base station) and a wireless communication device (e.g., a User Equipment (UE)) deteriorates, the network node will initiate a handover procedure.
The handover procedure involves the preparation of the target node to which the source node will transfer the necessary context of the wireless communication device so that the wireless communication device can continue the session in the target node. The source node will then send a handover command to the wireless communication device, the command including information needed to access the target node. The wireless communication device will then use this information to access the target node and continue the session in the target node.
However, in some cases, the wireless communication device may not receive the handover command due to rapid deterioration of radio conditions. In this case, the wireless communication apparatus may experience Radio Link Failure (RLF). To get rid of this situation, the wireless communication device may reselect a better cell/node and attempt an operation commonly referred to as a "re-establishment procedure". This involves the wireless communication device sending a reestablishment message, enabling the target node to identify the wireless communication device and to reinitialize the security of the link and reestablish radio resources.
Typically, the re-establishment procedure may be invoked only if security has previously been established between the wireless communication device and the network node. However, in current wireless networks, the reestablishment request (e.g., UE to base station) and reestablishment response (or simply reestablishment message, e.g., sent from base station to UE) are sent without encryption.
Drawings
While the appended claims set forth the features of the present technology with particularity, the technology, together with its objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which:
fig. 1 depicts a wireless network environment in which various embodiments may be employed.
FIG. 2 depicts a computer hardware architecture used in various embodiments.
Fig. 3 depicts the current keychain model.
Fig. 4 depicts the current reconstruction process.
Fig. 5 shows an alternative reconstruction process.
Fig. 6 depicts a scenario in which additional signaling is required if a vertical derivative key is delivered to the target node.
Fig. 7 depicts a reconstruction process according to an embodiment.
Fig. 8 depicts a handover preparation procedure performed by a source node according to an embodiment.
Fig. 9 depicts a handover preparation procedure performed by a UE in accordance with an embodiment.
Fig. 10 depicts a handover preparation procedure performed by a target node according to an embodiment.
Detailed Description
In various embodiments, the source network node performs the following actions in the reconstruction process: determining that an unused next hop parameter, next hop link counter pair exists; calculating a horizontal derivative key and a vertical derivative key based on the determining step; computing a security token using the level derivative key; and sending the horizontal derivative key, the vertical derivative key, the security token and the next hop link counter to a target network node.
In one embodiment, calculating the level-derived key comprises the source network node calculating the level-derived key from a current activation key for communications between the source network node and the wireless communication device.
According to one embodiment, computing the vertical derivative key comprises the source network node computing the vertical derivative key according to an unused next hop parameter.
In one embodiment, the source network node performs additional actions, including: determining that there is no unused next hop parameter, next hop link counter pair, for the second wireless communication device; calculating a second horizontal derivative key without creating a vertical derivative key based on a determination that there is no unused next hop parameter, next hop link counter pair; computing a second security token using the second level derivative key; and sending the second level derivative key, a second security token, and a previous next hop link counter 0 to a target node.
According to one embodiment, the source network node performs additional actions, including: the wireless communication device is identified based on the identifier included in the reestablishment request, and a corresponding security token is retrieved.
In various embodiments, the target network node performs the following actions in the reconstruction process: determining that the horizontal derivative key and the vertical derivative key have been received by the wireless communication device that is the subject of the communication reestablishment request; verifying authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device and a security token received from a source network node; sending an encrypted reconstruction command to the wireless communication device, wherein the reconstruction command is encrypted using a key calculated with the received horizontal derivative key as a base key; and computing a ciphering and integrity protection key using the vertical derivative key as a base key.
According to one embodiment, the target network node performs additional actions including: subsequent messages sent to the wireless communication device are encrypted and integrity protected using the encryption and integrity protection key.
In one embodiment, the target network node performs additional actions, including: decrypting and verifying the integrity of subsequent messages received from the wireless communication device using the encryption and integrity protection key.
According to one embodiment, the target network node performs additional actions including: determining that only a level derivative key is received for the second wireless communication device; verifying authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device and a security token received from a source network node; and transmitting the encrypted re-establishment command to the second wireless communication apparatus using a key calculated with the received horizontal derivative key as a basic key.
In one embodiment, the target network node performs additional actions, including: compute ciphering and integrity protection keys for the second wireless communication device using the level-derived key for the second wireless communication device as a base key.
In various embodiments, a wireless communication device (e.g., user equipment) performs the following actions in a re-establishment procedure: receiving a reestablishment message including a value of a next hop link counter; decrypting the received reconstruction message using a key calculated using the level derivative key as a base key; determining that the next hop link counter has changed based on a comparison of a received next hop link counter value and a previously received next hop link counter value; and deriving a new key using the vertical key derivation and deriving encryption and integrity protection keys using the vertical derived key as a base key based on the determining step.
In one embodiment, the wireless communication device performs additional actions including using new keys and ciphering and integrity protection keys for subsequent communications.
According to one embodiment, the wireless communication device performs additional actions, including: receiving a second reconstruction message comprising a second value for a next hop link counter; determining that the next hop link counter has not changed based on a comparison of a received second next hop link counter value and a previously received next hop link counter value; and using a level derived key as a basis for all keys used for encrypting and integrity protecting subsequent messages, based on a determination that the next hop link counter has not changed.
In one embodiment, the wireless communication device performs additional actions, including: calculating a horizontal derivative key; computing a security token using the computed level derivative key; and the security token is sent to the target network node in a reestablishment request.
A general description of a wireless network environment in which the various embodiments described herein may be performed will now be described with reference to fig. 1. The RAN of fig. 1 includes one or more network nodes (e.g., base stations, enhanced (evolved) node bs, etc.) that interact with wireless communication devices. For example, fig. 1 depicts a wireless communication device 102 in communication with a network node (e.g., a radio base station) 104 within a RAN.
In one embodiment, the RAN of fig. 1 has many components not shown, including other network nodes, other wireless communication devices, wireless infrastructure, wired infrastructure, and other devices common in communication networks. Example implementations of the wireless communication device 102 include smartphones, tablets, laptops, and non-traditional devices (e.g., home appliances or other parts of the "internet of things").
Fig. 2 illustrates the basic (computing device) hardware architecture found in the devices depicted in the present disclosure, according to one embodiment. Different devices also have other components, some of which are common to both and others of which are not. The hardware architecture depicted in fig. 2 includes logic circuitry 202, memory 204, transceiver 206, and more than one antenna, represented by antenna 208. Each of these elements is communicatively linked to each other by one or more data paths 210. Examples of data paths include electrical wires, conductive paths on a microchip, and wireless connections.
The term "logic circuit" as used herein refers to a circuit (a type of electronic hardware) designed to perform a complex function of mathematical logic definition. Examples of logic circuitry include a microprocessor, controller, or application specific integrated circuit. When the present disclosure relates to a device that performs an action, it should be understood that this also means that logic integrated with the device is actually performing the action.
Possible implementations of the memory 204 include: a volatile data store; a non-volatile data store; an electrical storage; a magnetic memory; an optical storage; random access memory ("RAM"); a cache memory; and a hard disk drive.
The following description will sometimes refer to components similar to those shown in fig. 1 and 2, without specific reference to fig. 1 and 2. It should be understood, however, that all methods described herein can be performed by the components listed in these figures, and that references to components without a particular reference number are for convenience only. Also, for each process described, in one embodiment, the steps are performed in the order specified by the language. In other embodiments, the steps are performed in a different order.
In newer wireless communication systems, encryption may be performed using a horizontally derived key because wireless communication devices and networks require a security key to perform encryption. Thus, the wireless communication device derives a new key using a horizontal key derivation method, and uses the derived key for a reconstruction process (e.g., derives a decryption key from the key and for decrypting a reconstruction message from the network node). However, this approach has drawbacks. In the latest mobile wireless communication schemes, the security model requires the network node to use vertical key derivation when a new { NH, NCC } pair is available at the source node. This is done to ensure two-step forward security of the data. As a result of using horizontally derived keys on the wireless communication device and vertically derived keys on the network node, the reconstruction will fail and this will result in a fallback procedure that will result in additional signaling and a delayed (to establish security) fallback procedure for the user plane data, which defeats the purpose of first reconstructing using such an alternative procedure.
The overall problem can be summarized as follows: using the horizontal derivative key at the wireless communication device (e.g., UE) to decrypt the reestablishment message from the network node (e.g., from the base station) is not useful if the target node uses the vertical derivative key as the base key to encrypt the reestablishment message in the downlink. Therefore, a fallback procedure needs to be invoked to re-establish security, which will result in additional signaling and delay of user plane data.
In general, in wireless communication systems, it is assumed that Radio Access Network (RAN) nodes may be in an exposed location, which makes them vulnerable to unauthorized access. Thus, when a wireless communication device moves from one node to another, sufficient security is required to protect the keys. This is called forward security. This means that even if a potential attacker knows the current key used between a node and a wireless communication device, it is computationally infeasible for the attacker to derive a key to be used between another node and the wireless communication device for future connections. In currently used systems, this forward security is satisfied after 2 hops (i.e., a potential attacker cannot guess the key after 2 handovers).
The general principle of handover key handling used in current mobile networks is depicted in fig. 3. Whenever necessary at a wireless communication device and networkWhen an initial AS security context is established between network nodes, both the core network node (such AS AMF) and the wireless communication device derive K gNB And a next hop parameter (NH). K gNB And NH are both represented by K ASME And (3) derivation. NH Link counter (NCC) with each K gNB Associated with the NH parameter. Each K gNB Is associated with the NCC corresponding to the NH value from which it was derived. At initial setup, K gNB Directly from K ASME Derived, and then considered to be associated with a virtual NH parameter having an NCC value equal to zero. At initial setup, the derived NH value is associated with NCC value 1.
Wireless communication device and node use K gNB To protect communications between them. K for use between a wireless communication device and a target node at handover gNB Is referred to as K gNB Is K from current activation) gNB Or derived from the NH parameter. If K is gNB Is K activated from present gNB Derived, this is called horizontal key derivation (see fig. 3); if K is gNB Is derived from the NH parameter, the derivation is referred to as vertical key derivation (see fig. 3). In handover with vertical key derivation, K is used where NH is used as the target node gNB Before, it is further bound to the target PCI and its frequency EARFCN-DL. In a handover with horizontal key derivation, the currently active K gNB At K used as target node gNB It is further bound to the target PCI and its frequency EARFCN-DL before.
Since the NH parameter can only be calculated by the wireless communication device and the core network node (e.g. the AMF), it is arranged such that the NH parameter is provided from the MME to the network node in such a way that forward security can be achieved after 2 hops as described above.
Figure 4 shows a general reconstruction process currently in use. The re-establishment procedure will succeed if the wireless communication device is re-established in the target node having the wireless communication device context (i.e., the prepared target node). Preparation of the target node includes communicating a wireless communication device context including a security context to the target node (step 401). The security context includes derivation by the source nodeAnd passed to the target node gNB *. If the source node has an unused { NH, NCC } pair, it performs vertical key derivation. The source node first derives its frequency ARFCN-DL from the target PCI, and either from the currently active K in case of horizontal key derivation gNB Or K is calculated from NH in the case of vertical key derivation gNB *。
Next, the source node will { K } gNB The NCC pair is forwarded to the target node. K to be received by target node gNB Direct use as K to be used with a wireless communication device gNB . The target node receives the NCC value and K from the source node gNB And (6) associating. Note that in the above process, the rebuild message (step 408) is not encrypted. Thus, the wireless communication device receives the NCC value contained in the reestablishment message (i.e., step 408 in fig. 4), and updates K based on the received NCC value gNB (i.e., the value based on the NCC value is derived using the horizontal or vertical key) and uses the new K in the rest of the communication gNB (i.e., beginning at step 409). Note that in this case (i.e., steps 410 and 411), an additional reconfiguration message is needed to signal the configuration of the signaling radio bearer 2(SRB2) and the Data Radio Bearer (DRB). After this process, user plane data transfer may resume at the target node.
One disadvantage of the reconstruction procedure described in fig. 4 is that it requires an additional reconfiguration step to recover the DRB. One way to avoid this additional step is to encrypt the reconstructed message using a new security key and thus include the SRB2 and DRB configuration in this encrypted message. This avoids the need for a separate reconfiguration message (steps 410 and 411 in fig. 4). Such an alternative process for reconstruction is depicted in fig. 5.
However, the process of fig. 5 may only work if a public key known to both the wireless communication device and the target node is used as the base key in step 508/509 of fig. 5. This may only be done if the key is derived horizontally (i.e., using the current K) gNB And a key derived from the current NCC value). However, as described above, the source node performs with it having an unused { NH, NCC } pairRow vertical key derivation. Thus, in step 1, the source node includes a vertically derived key for use by the target node, and thus, the reconstruction process will fail because there is a key mismatch between the node and the wireless communication device in step 508/509 (i.e., the wireless communication device uses the horizontally derived key to decrypt the reconstructed message, which has been encrypted by the target node using the vertically derived key).
One way is to include an additional indication in the handover request message (step 501) to indicate whether to derive K using horizontal key derivation or vertical key derivation gNB . With this scheme, however, the target node must first reestablish AS (access stratum) security before data transfer. This requires that additional messages (e.g., security mode command procedures) be performed over the air interface before AS security, and hence data transmission, is restored. This first counteracts the advantages of using encrypted reconstructed messages and results in a significant amount of additional signaling (even when compared to the baseline solution of fig. 4). This problem is illustrated in fig. 6, where steps 609 to 614 represent the additional signalling required.
In one embodiment, if there is an unused { NH, NCC } pair at the source node, both the horizontal derivative key and the vertical derivative key are sent to the destination node. The target node then uses the horizontal derivative key to complete the reconstruction process (i.e., to encrypt the reconstruction message), but switches to the vertical derivative key for subsequent communications. This ensures that the 2-hop forward security principle is maintained while avoiding additional signaling (e.g., via the RRCSetup as shown in fig. 6) resulting from the fallback procedure.
A handover preparation procedure and a re-establishment procedure according to one embodiment are depicted in fig. 7.
Turning to fig. 7, a reconstruction process according to one embodiment proceeds as follows. Upon detecting a radio link failure, the wireless communication device performs cell selection resulting in a reselection of the target node at step 704. In step 705, the wireless communication device transmits a RACH message to a target node over a random access channel. At step 706, the target node sends a random access response to the wireless communication device. In a step 707, the process is repeated,wireless communication device uses horizontal key derivation to derive a new K gNB (this is in conjunction with H-K gNB Same), and used to compute a security token. At step 708, the wireless communication device transmits a reestablishment request including the wireless communication device ID and the computed security token to the target node. In step 709, the target node sends a rebuild message (using the slave H-K) gNB Derived novel K RRCenc Encryption) optionally including SRB2 and DRB configuration and NCC values. In step 710, the wireless communication device uses H-K gNB Decrypt the reconstructed message. If the NCC value increases (i.e., does not equal the NCC value stored in the wireless communication device), the wireless communication device derives a new key using vertical key derivation, and the new key will be V-K gNB *. In step 711, the wireless communication device sends a reestablishment complete message to the target node. The message is used by the wireless communication device based on V-K gNB The derived new key is encrypted and integrity protected.
Turning to fig. 8, a handover preparation procedure according to a modification of the embodiment will now be described. The process begins at block 801. The wireless communication device sends a measurement report to the source node identifying one or more suitable target nodes for handover. At block 802, the source node checks whether there is an unused { NH, NCC } pair. If the source node has an unused { NH, NCC } pair, the process moves to blocks 803 and 805, at which block 803 and 805 the source node derives two keys as follows:
(1) gNB H-K*:this is a horizontally derived K gNB Using the current 256-bit K gNB As the input key (which is one of the inputs to the key derivation function).
(2) gNB V-K*:This is a vertically derived K gNB It uses unused NH as the input key (which is one of the inputs to the key derivation function).
For H-K gNB Sum V-K gNB Two derivation ways, the source node uses the following additional parameters as input to a Key Derivation Function (KDF). FC 0x70, P0 PCI (target physical cell ID), L0 PCI length (i.e., 0x 000 x02), and P1 ARFCN-DL (target physical cell ID)Cell downlink frequency), L1 — length of ARFCN-DL.
Then, at block 807, the source node computes KRRCint using H-KgNB, and then computes a security token, which is an authentication token for verifying the UE, using the computed KRRCint as a basic key.
If at block 802 there are no unused { NH, NCC } pairs at the source node, then the source node need only derive a key (the key and H-K) using the horizontal key derivation method described previously (at block 806) gNB The same). The key is used as the derived K RRCint A base of (A), K RRCint And subsequently used to compute a security token as described above (block 807).
The source node then prepares the target node for the arrival of the wireless communication device. To make this preparation, the source node sends the following information (contained in the handover request message) to the target node, among other information. H-K gNB *、V-K gNB (if there are unused { NH, NCC } pairs), security token (calculated as above), and NCC (block 808).
Fig. 9 and 10 depict a wireless communication device and a target node process, respectively, for completing a re-establishment.
Turning to fig. 9, at block 901, a wireless communication device derives H-K using horizontal key derivation gNB And based on H-K gNB Derive new K RRCenc . Wireless communication device use K RRCenc The reconstructed message from the target node is decrypted. At the same time, the wireless communication device is based on H-K gNB Derivative K RRCint . At block 902, the wireless communication device determines whether the received NCC value increases/changes compared to the stored NCC. If so, at block 903, the wireless communication device derives V-K using vertical key derivation using NH and the new NCC value gNB *. At block 904, the wireless communication device is based on V-K gNB Deriving K from RRCenc And K RRCint And use them for further messages. At block 905, the wireless communication device uses K RRCenc Encrypting the reconstructed complete message and using K RRCint Integrity protecting it.
Turning to fig. 10, at block 1001, the target node begins a reestablishment process (e.g., after receiving a reestablishment request from the wireless communication device). At block 1002, the target node determines whether a V-K has been received for the wireless communication device gNB H-K and gNB *. At block 1003, the target node is based on H-K gNB Derive new K RRCenc And using the derived K RRCenc To encrypt the reconstructed message. At block 1004, the target node is based on V-K gNB Derive new K RRCenc And uses it to decrypt the reconstruction completion message.
If V-K is not received for the wireless communication device gNB H-K and gNB both, then processing moves to block 1005, where the target node is based on H-K gNB New K RRCenc And encrypts the reconstruction information using the KRRCenc. At 1005, the target node uses the same K RRCenc To decrypt the reconstruction completion message.
As shown in fig. 7, after handover preparation is completed (i.e., after the handover request message is transmitted), the wireless communication device encounters a radio link failure and cannot receive a handover command. The wireless communication device then reselects the prepared target node and performs access in the target node by initiating a random access procedure. The wireless communication device also calculates a new security key K using horizontal key derivation gNB . As previously described, the input and source nodes of this process are used to derive H-K gNB The inputs are the same. Thus, the key derived by the wireless communication device will match the aforementioned H-K gNB Same. The wireless communication device is then further based on H-K gNB Derivative K RRCint And uses it to calculate a security token for authentication of the wireless communication device. The security token is included in the reestablishment request message along with the UE ID (step 708 of fig. 7).
The target node receives the security token and identifies the wireless communication device based on the UE ID and verifies the authenticity of the wireless communication device by matching the received security token with the security token received in the handover request message (step 1 of fig. 5).
In-pair wireless communication deviceAfter authentication, the target node will send the use slave H-K gNB Derived K RRCenc An encrypted reconstructed message. The message also includes the NCC value received in the handover request message (i.e., step 701). Note that this message is also integrity protected. To integrity protect this message, the target node may utilize the use of H-K gNB Derived K RRCint Or using V-K gNB Derived K RRCint . One of these methods should be standardized (i.e., the wireless communication device and the node should use the same method).
Upon receiving the reestablishment message, the wireless communication device first checks the NCC value and compares it to the stored NCC value. If the NCC value has changed, the wireless communication device derives a new key using vertical key derivation (the input for this is as discussed in connection with FIG. 8 for deriving V-K) gNB The input of x is the same). Thus, the wireless communication device calculates a new V-K gNB *. The wireless communication device also communicates with the H-K through the use of gNB Associated K RRCint Or with newly calculated V-K gNB Associated K RRCint To check the integrity of the message and thereby verify the authenticity of the received reconstructed message (for which both the target node and the wireless communication device should use the same basic key).
If a new V-K is derived gNB Then the corresponding RRC key (i.e., K) RRCint ,K RRCenc ,K UPenc (optional) and K UPint (optional) is according to a new derivative of V-K gNB Derived from (i). These are used for subsequent communications. In particular, newly derived K RRCint And K RRCenc For integrity protection and encryption, respectively, of the reconstruction completion message (step 711). Thus, starting from step 711, the target node also switches to the corresponding keys for decryption/encryption and integrity protection/verification (i.e., using V- KgNB K derived as a basic key RRCint And K RRCenc )。
In summary, various embodiments described herein relate to a source network node that performs the following actions. After deciding to prepare (one or more cells of) the target network node, the source network node will:
(1) check if there is an unused { NH, NCC } pair.
(2) If there is an unused { NH, NCC } pair:
(2) (a) calculating a horizontal derivative key and a vertical derivative key,
(2) (b) computing a security token using the level-derived key, and
(2) (c) sending the horizontal derivative key, the vertical derivative key, the security token, and the NCC to the target network node.
(3) If there is no unused { NH, NCC } pair:
(3) (a) only the level derivative key is calculated,
(3) (b) computing a security token using the horizontally derived key, and
(3) (c) sending the level derivative key, the security token and the NCC to the target network node.
To further summarize, various embodiments described herein relate to a target network node performing the following actions. Upon receiving a reestablishment request from the wireless communication device:
(1) information about the wireless communication device is retrieved (based on the UE-ID included in the re-establishment request) and a corresponding security token is retrieved.
(2) If both the horizontal derivative Key (H-Key) and the vertical derivative Key (V-Key) are received simultaneously for the corresponding wireless communication device:
(2) (a) verifying the authenticity of the wireless communication device by comparing the security token received from the wireless communication device with the security token received from the source network node (i.e., if they match, the wireless communication device is authentic, if they do not match, the wireless communication device is not authentic).
(2) (b) if the wireless communication device is authenticated, transmitting an encrypted reestablishment command to the wireless communication device using a Key calculated using the received H-Key as a basic Key.
(2) (c) calculating encryption and integrity protection keys using the V-Key as a base Key, and encrypting/decrypting and integrity protecting/verifying subsequent messages transmitted to/received from the wireless communication device using the keys.
(3) If a level-derived (H-Key) is received only for the corresponding UE:
(3) (a) verifying the authenticity of the wireless communication device by comparing the security token received from the wireless communication device with the security token received from the source network node (i.e., if they match, the wireless communication device is authentic, if they do not match, the wireless communication device is not authentic).
(3) (b) if the wireless communication device is authenticated, transmitting an encrypted reestablishment command to the wireless communication device using a Key calculated with the received H-Key as a basic Key.
(3) (c) calculating encryption and integrity protection keys using the H-Key as a base Key, and encrypting/decrypting and integrity protecting/verifying subsequent messages transmitted to/received from the wireless communication device using the keys.
To further summarize, various embodiments described herein relate to a wireless communication device that performs the following actions. Upon initiating the re-establishment procedure, the wireless communication device will:
(1) the level derived Key (H-Key) is computed and used to compute the security token and sent to the target network node in a reestablishment request.
(2) A rebuild message is received and the received NCC value is retrieved.
(3) The authenticity of the received reconstruction is verified using a Key calculated with the H-Key as the base Key.
(4) If the message has been validated, the received NCC value is compared to the stored NCC value.
(4) (a) if the NCC value has not changed, the wireless communication device uses the H-Key as a basis for all keys used to encrypt and integrity protect subsequent messages.
(4) (b) if the NCC value has changed, the wireless communication device derives a new Key using a vertical Key derivation (V-Key), derives encryption and integrity protection keys using the V-Key as a base Key, and uses these keys for subsequent communications.
It should be understood that the exemplary embodiments described herein should be considered in a descriptive sense only and not for purposes of limitation. Descriptions of features or aspects within each embodiment should generally be considered as available for other similar features or aspects in other embodiments. It will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope as set forth in the following claims. For example, the acts described in connection with the various flow diagrams may be reordered in a manner apparent to those skilled in the art.
Claims (17)
1. A method performed by a source network node, the method comprising:
determining that an unused next hop parameter, next hop link counter pair exists;
calculating a horizontal derivative key and a vertical derivative key based on the determining step;
computing a security token using the level derivative key; and
and sending the horizontal derivative key, the vertical derivative key, the security token and the next hop link counter to a target network node.
2. The method of claim 1, wherein calculating the level-derived key comprises the source network node calculating the level-derived key from a current activation key used for communication between the source network node and a wireless communication device.
3. The method of claim 1, wherein computing the vertical derivative key comprises the source network node computing the vertical derivative key according to an unused next hop parameter.
4. The method of claim 1, further comprising:
determining that there is no unused next hop parameter, next hop link counter pair, for the second wireless communication device;
calculating a second horizontal derivative key without creating a vertical derivative key based on determining that there is no unused next hop parameter, next hop link counter pair;
computing a second security token using the second horizontally derived key; and
sending the second horizontally derived key, a second security token, and a previous next hop link counter to the target network node.
5. The method of claim 1, further comprising:
the wireless communication device is identified based on the identifier included in the reestablishment request, and a corresponding security token is retrieved.
6. A method performed on a target network node, the method comprising:
determining that a horizontal derivative key and a vertical derivative key of the wireless communication device have been received;
verifying authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device and a security token received from a source network node;
sending an encrypted reconstruction command to the wireless communication device, wherein the reconstruction command is encrypted using a key calculated using the received horizontal derivative key as a base key; and
a ciphering and integrity protection key is calculated using the vertical derivative key as a base key.
7. The method of claim 6, further comprising:
subsequent messages sent to the wireless communication device are encrypted and integrity protected using the encryption and integrity protection key.
8. The method of claim 6, further comprising:
decrypting and verifying the integrity of subsequent messages received from the wireless communication device using the encryption and integrity protection key.
9. The method of claim 6, further comprising:
determining that only the level derivative key was received for the second wireless communication device;
verifying authenticity of the wireless communication device based on a comparison of a security token received from the wireless communication device and a security token received from a source network node; and
transmitting the encrypted re-establishment command to the second wireless communication apparatus using a key calculated with the received level-derived key as a basic key.
10. The method of claim 6, further comprising: a ciphering and integrity protection key for a second wireless communication device is calculated using a horizontally derived key for the second wireless communication device as a base key.
11. A method performed by a wireless communication device, the method comprising:
receiving a reestablishment message including a value of a next hop link counter;
decrypting the received reconstruction message using a key calculated with a horizontal derivative key as a base key;
determining that the next hop link counter has changed based on a comparison of the received next hop link counter value and a previously received next hop link counter value; and
deriving a new key using vertical key derivation based on the determining step, and deriving encryption and integrity protection keys using the vertical derived key as a base key.
12. The method of claim 11, further comprising: using the new key and the ciphering and integrity protection keys for subsequent communications.
13. The method of claim 11, further comprising:
receiving a second reconstruction message comprising a second value for a next hop link counter;
determining that the next hop link counter has not changed based on a comparison of a received second next hop link counter value and a previously received next hop link counter value; and
based on a determination that the next hop link counter has not changed, using a horizontally derived key as a basis for all keys used for encrypting and integrity protecting subsequent messages.
14. The method of claim 11, further comprising:
calculating the level derivative key;
computing a security token using the computed level derivative key; and
the security token is sent to a target network node in a reestablishment request.
15. A computing device comprising a processor and a memory, the processor configured to perform the method of any of claims 1-14.
16. A system comprising a source network node configured to perform the method of any of claims 1 to 5, a target network node configured to perform the method of any of claims 6 to 10, and a wireless communication device configured to perform the method of any of claims 11 to 14.
17. A non-transitory computer readable medium having stored thereon computer executable instructions for performing the method of any one of claims 1 to 14.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2018/099195 WO2020029075A1 (en) | 2018-08-07 | 2018-08-07 | Method and computing device for carrying out data integrity protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112400335A CN112400335A (en) | 2021-02-23 |
| CN112400335B true CN112400335B (en) | 2022-09-09 |
Family
ID=69413928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201880095240.0A Active CN112400335B (en) | 2018-08-07 | 2018-08-07 | Method and computing device for performing data integrity protection |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112400335B (en) |
| WO (1) | WO2020029075A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116158189A (en) * | 2021-09-23 | 2023-05-23 | 苹果公司 | Fast radio link failure recovery |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215485A (en) * | 2010-04-04 | 2011-10-12 | 中兴通讯股份有限公司 | Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system |
| CN102316451A (en) * | 2010-07-02 | 2012-01-11 | 电信科学技术研究院 | Method and device for processing next hop chain counter |
| CN104604271A (en) * | 2013-09-02 | 2015-05-06 | 华为技术有限公司 | Communication method, network side device, and user equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102238668B (en) * | 2010-05-07 | 2015-08-12 | 北京三星通信技术研究有限公司 | A kind of method of being carried out X2 switching by gateway |
| EP2609775A1 (en) * | 2010-08-27 | 2013-07-03 | Nokia Siemens Networks Oy | Handover of connection of user equipment |
| US9351160B2 (en) * | 2012-05-07 | 2016-05-24 | Telefonaktiebolaget L M Ericsson (Publ) | Base station and method in relay node mobility |
| KR102078866B1 (en) * | 2013-08-09 | 2020-02-19 | 삼성전자주식회사 | SCHEME FOR Security key management for PDCP distribution in dual connectivity |
| US9497673B2 (en) * | 2013-11-01 | 2016-11-15 | Blackberry Limited | Method and apparatus to enable multiple wireless connections |
-
2018
- 2018-08-07 CN CN201880095240.0A patent/CN112400335B/en active Active
- 2018-08-07 WO PCT/CN2018/099195 patent/WO2020029075A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102215485A (en) * | 2010-04-04 | 2011-10-12 | 中兴通讯股份有限公司 | Method for guaranteeing safety of multi-carrier switching or reconstructing in multi-carrier communication system |
| CN102316451A (en) * | 2010-07-02 | 2012-01-11 | 电信科学技术研究院 | Method and device for processing next hop chain counter |
| CN104604271A (en) * | 2013-09-02 | 2015-05-06 | 华为技术有限公司 | Communication method, network side device, and user equipment |
Non-Patent Citations (5)
| Title |
|---|
| Anand Prasad.TS 33.401.《3GPP System Architecture Evolution (SAE) * |
| LTE无线接入网UE侧控制平面的协议实现;陶涛;《中国优秀硕士学位论文全文数据库 (信息科技辑)》;20120430(第4期);第3-4章 * |
| LTE网络切换密钥更新方案分析与改进;朱诗兵;《信息系统与网络》;20170130;第47卷(第1期);全文 * |
| S3-181784 "Security handling at RRC state transitions (changes to S3-181456)";Qualcomm Incorporated;《3GPP tsg_sa\WG3_Security》;20180514;全文 * |
| Security architecture》.2018, * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020029075A1 (en) | 2020-02-13 |
| CN112400335A (en) | 2021-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10958631B2 (en) | Method and system for providing security from a radio access network | |
| JP6979420B2 (en) | Security configuration for communication between communication devices and network devices | |
| JP6759232B2 (en) | Authentication and key sharing with complete forward secrecy | |
| US8145195B2 (en) | Mobility related control signalling authentication in mobile communications system | |
| US9729523B2 (en) | Method, network element, and mobile station for negotiating encryption algorithms | |
| KR102112542B1 (en) | Method and system for generating session key using Diffie-Hellman procedure | |
| JP5774096B2 (en) | Air interface key update method, core network node, and radio access system | |
| WO2009152755A1 (en) | Method and system for generating an identity identifier of a key | |
| WO2020216338A1 (en) | Parameter sending method and apparatus | |
| WO2019095990A1 (en) | Communication method and device | |
| CN114698150A (en) | Re-establishing radio resource control connections | |
| CN109819439B (en) | Method for updating key and related entity | |
| CN112400335B (en) | Method and computing device for performing data integrity protection | |
| CN111835691B (en) | Authentication information processing method, terminal and network equipment | |
| CN108271154B (en) | Authentication method and device | |
| CN110830996B (en) | Key updating method, network equipment and terminal | |
| WO2018201381A1 (en) | Key generation method and related devices | |
| WO2019024937A1 (en) | Key negotiation method, apparatus and system | |
| CN109688581A (en) | A kind of safe transmission method and device of data | |
| CN110169128B (en) | Communication method, device and system | |
| CN101902736A (en) | Update method of air interface secret key, core net node and radio access system | |
| WO2018126750A1 (en) | Key delivery method and device | |
| KR20150135715A (en) | Apparatus and method for protecting privacy of user in mobile communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |