CN114040386A - Method, device and equipment for determining replay message - Google Patents
Method, device and equipment for determining replay message Download PDFInfo
- Publication number
- CN114040386A CN114040386A CN202010703743.0A CN202010703743A CN114040386A CN 114040386 A CN114040386 A CN 114040386A CN 202010703743 A CN202010703743 A CN 202010703743A CN 114040386 A CN114040386 A CN 114040386A
- Authority
- CN
- China
- Prior art keywords
- public key
- user public
- message
- suci
- replay
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000006870 function Effects 0.000 claims description 14
- 238000013523 data management Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000000354 decomposition reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000005215 recombination Methods 0.000 description 2
- 230000006798 recombination Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000004275 electron-induced Auger electron spectroscopy Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a method, a device and equipment for determining a replay message. The method for determining the replay message is applied to network side equipment and comprises the following steps: receiving a user public key in a SUCI message of a user hidden identifier; and determining whether the SUCI message is a replay message or not according to the user public key and the user public key which is stored by the network side equipment. The method can achieve the purpose of determining whether the SUCI message is the replay message by acquiring the user public key in the SUCI message and according to the user public key and the user public key stored in the network side equipment, thereby being used for effectively detecting SUCI replay attack.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a device for determining a replay message.
Background
The 5G security standard employs ECIES (integrated circuit encryption Scheme) to protect SUPI (Subscription Permanent Identifier) to protect privacy of the user.
As shown in fig. 1, the steps of this scheme are as follows:
1. when a UE (User Equipment or terminal) connects to a network for the first time, it encrypts a SUPI (User Permanent Identifier) using ECIES to generate a SUCI (User hidden Identifier), and transmits the SUCI to a SEAF (SEcurity Anchor Function) through a registration request message.
2. The SEAF passes the SUCI to the AUSF (Authentication Server Function), which in turn passes the SUCI to the UDM (Unified Data Management Function).
3. The UDM decrypts the SUCI to obtain SUPI, finds the Profile (user Profile) of the UE from SUPI, and thus determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA').
4. The UE and the network authenticate each other using the selected authentication protocol.
5. After the authentication is finished, both the UE and the AUSF acquire a session root key K derived based on the long-term key KAUSF。
The procedure for the UE to encrypt SUPI is as follows: firstly, UE randomly generates an ECDH private key APRIAnd deducing an ECDH public key APUB. The UE then uses its own private key aPRIECDH public key B of the Henan networkPUBGenerating a shared secret key KECDH. UE slave KECDHRendering an encryption key KEAES count encrypted initial value, integrity key KMReferred to as key data KD, i.e.
Where the KDF is a key derivation function,
is ECDH public key A of UEPUBDecimal number of (d). The leftmost of KD is the encryption key KEWith intermediate AES count encrypted initial valueThe rightmost side is an integrity key KM。
SUPI is a globally unique long term identity assigned by the 5G network to the user, and includes the type of SUPI and the value of the user identity, which is commonly used in 5G as the IMSI. The IMSI consists of a Mobile Country Code (MCC), a Mobile Network Code (MNC), and a Mobile Subscriber Identity Number (MSIN). The MCC and MNC are home network identities and the MSIN is used to identify the subscriber in a network, which is related to the privacy of the subscriber and therefore needs to be encrypted.
Use of K based on AES counting encryption modeEEncrypting MSIN for SUPI using KMAnd completing protection on the MSIN encrypted message to generate an integrity protection Tag.
Tag=HMAC–SHA-256(KM,KE{MSIN})
The SUCI content is as follows:
sui ═ type of SUPI + home network identity + route identity + protection scheme identity + BPUB + APUB + KE { MSIN } + Tag;
wherein the home network identifier is used to find the corresponding home network, the route identifier is used to find the corresponding UDM in the same home network, and "+" represents the message concatenation.
Encryption of SUPI using the ECIES scheme prevents attackers from obtaining the SUPI of a UE over the air. It is vulnerable to replay attacks because the current ECIES scheme does not allow the network side to confirm whether the received SUCI was last sent by the UE to the network.
The SUCI replay attack is simple, an attacker obtains the effective SUCI of a user at an air interface and then replays the SUCI to a network at the air interface, and the UDM generates an authentication vector and sends an authentication request message containing the RAND and the AUTN to the attacker like processing the SUCI of a normal user.
And the attacker forwards the authentication request message to the legal UE. If an attacker uses replay attacks multiple times, the UDM and the UE have to spend a lot of resources to process replay messages and authentication request messages because these messages are legitimate, thereby causing DOS attacks on the UDM and the UE. DOS attacks on the UE may cause the processing power of the UE to decrease and quickly consume battery power. DOS attacks on UDMs can cause a reduction in the processing power of UDMs and a slow response of requests to legitimate UEs.
In the prior art, a one-time random number (nonce) or a timestamp is used to prevent replay attack and mitigate DoS scheme, for a nonce mode, a nonce N is introduced into an encryption operation, a network side receives an encrypted value and then decrypts the encrypted value to obtain N, and whether N is new or not is verified first, and if not, it indicates that replay attack is detected. This approach requires that the generated random number has not been previously present, and how the network side detects whether N has been previously used is difficult.
Disclosure of Invention
The invention provides a method, a device and equipment for determining replay messages, which are used for effectively detecting SUCI replay attacks.
To solve the above technical problem, an embodiment of the present invention provides the following solutions:
one aspect of the embodiments of the present invention provides a method for determining a replay message, which is applied to a network device, and the method includes:
receiving a user public key in a SUCI message of a user hidden identifier;
and determining whether the SUCI message is a replay message or not according to the user public key and the user public key which is stored by the network side equipment.
Optionally, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the network side device, includes:
and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on the unified data management UDM functional entity and the user public key stored by the UDM functional entity.
Optionally, a storage manner of the user public key on the unified data management UDM functional entity includes:
the user public key stored on the UDM functional entity is not bound with the identity of the terminal; alternatively, the first and second electrodes may be,
and the user public key stored on the UDM functional entity is bound with the identity of the terminal.
Optionally, when the user public key is not bound to the identity of the terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the database of the UDM functional entity, including:
querying in a database of the UDM functional entity by using a user public key in the SUCI message, and if the user public key in the SUCI message appears, determining that the SUCI message is a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
Optionally, after storing the user public key in the SUCI message in the database of the UDM functional entity, the method further includes:
analyzing the SUCI to obtain KE{MSIN};
Decrypting the KE{ MSIN }, obtaining SUPI;
wherein SUCI is SUPI type + Home network identity + route identity + protection scheme identity + BPUB+APUB+KE{MSIN}+Tag;
Wherein A isPUBIs the user's public key, BPUBIs the public key of the network, Tag ═ HMAC-SHA-256 (K)M,KE{ MSIN }), MSIN is the mobile subscriber identification number, KEFor encrypting the secret key, KMIs an integrity key.
Optionally, when the user public key is bound to the identity of the terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the database of the UDM functional entity, including:
analyzing the SUCI to obtain KE{MSIN};
Decryption KE{ MSIN }, obtaining SUPI; wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, the user public key is bound with the identity of the terminal and stored in the database of the UDM functional entity.
Optionally, the user public key is in [0,2 ]n]A random number that varies within a range, where n is the length of the user public key.
Optionally, the length of the user public key is greater than or equal to 256 bits.
Optionally, the user public key is stored on the network side device in a first-in first-out manner.
Optionally, the storing the user public key on the network side device in a first-in first-out manner includes:
determining a storage space with preset capacity, and if the data volume of the user public key needing to be stored exceeds the preset capacity, removing the earliest stored user public key of the exceeding part; alternatively, the first and second electrodes may be,
and determining a preset time period, and if the stored user public key has a user public key with the storage duration exceeding the preset time period, shifting out the user public key with the storage duration exceeding the preset time period.
According to another aspect of the present invention, there is also provided a device for determining a replay message, applied to a network side device, the device including:
the receiving module is used for receiving a user public key in the SUCI message of the user hidden identifier;
and the processing module is used for determining whether the SUCI message is a replay message according to the user public key and the user public key stored by the network side equipment.
Optionally, the processing module is specifically configured to: and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on a unified data management function (UDM) functional entity and the user public key stored by the UDM functional entity.
Optionally, a storage manner of the user public key on the unified data management UDM functional entity includes: the user public key stored on the UDM functional entity is not bound with the identity of the terminal; alternatively, the first and second electrodes may be,
and the user public key stored on the UDM functional entity is bound with the identity of the terminal.
Optionally, when the user public key is not bound to the identity of the terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the database of the UDM functional entity, including:
querying in a database of the UDM functional entity by using a user public key in the SUCI message, and if the user public key in the SUCI message appears, determining that the SUCI message is a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
Optionally, when the user public key is bound to the identity of the terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the database of the UDM functional entity, including:
analyzing the SUCI to obtain KE{MSIN};
Decrypting the KE{ MSIN }, obtaining SUPI;
wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, the user public key is bound with the identity of the terminal and stored in the database of the UDM functional entity.
An embodiment of the present invention further provides a network device, including:
a transceiver for receiving a user public key in a user hidden identifier SUCI message;
and the processor is used for determining whether the SUCI message is a replay message or not according to the user public key and the user public key stored by the network side equipment.
An embodiment of the present invention further provides a communication device, including: a processor, a memory storing a computer program which, when executed by the processor, performs the method as described above.
Embodiments of the present invention also provide a computer-readable storage medium including instructions that, when executed on a computer, cause the computer to perform the method as described above.
The scheme of the invention at least comprises the following beneficial effects:
according to the scheme of the invention, the UDM determines whether the SUCI message is a replay message by receiving the user public key in the SUCI message and comparing the user public key with the user public key stored in the network side equipment; further, when the UE public key is not bound with the identity of the UE and is stored in the UDM, the network UDM queries the UDM using the user public key, and if the user public key is found, it is determined that the UE is a replay attack. If not, storing the user public key on the UDM and decrypting KE{ MSIN }, obtaining SUPI, and generating an authentication vector; the UE public key and the identity binding of the UE are stored on the UDM, and the network UDM firstly decrypts the KE{ MSIN }, yielding SUPI. According to SUPI, whether the UE has sent the user public key before is searched, if so, the UE is judged to be replay attack. If not, the user public key and the identity binding of the UE are stored on the UDM, and an authentication vector is generated, so that the method can be used for effectively detecting SUCI replay attack.
Drawings
FIG. 1 is a flow chart of SUPI protection by ECIES in the prior art;
FIG. 2 is a flow chart of a method for determining a replay message according to an embodiment of the invention;
FIG. 3 is a schematic diagram of a determining apparatus for replaying a message according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 2, an embodiment of the present invention provides a method for determining a replay message, which is applied to a network side device, where the method includes:
And step 22, determining whether the SUCI message is a replay message according to the user public key and the user public key already stored by the network side equipment. That is, the user public key in the sui message may be compared with the user public key already stored in the network side device, so as to be a basis for determining whether the sui message is a replay attack message. Here, the user public key that the network-side device has stored is, in general, the user public key in the SUCI message stored in the network-side device after the terminal normally sends the SUCI message before, and the user public key stored in the network-side device may include a plurality of user public keys. Alternatively, the user public key may be at [0,2 ]n]A random number that varies within a range, where n is the length of the user public key. Typically, n is an integer greater than or equal to 256, i.e., representing a user public key having a length greater than or equal to 256 bits.
In the above embodiment, for the terminal, it generates the same probability 1/2 of the user's public keyn(e.g., n is an integer greater than or equal to 256) is completely negligible. Accordingly, the error rate of the network side device for replaying the attack according to the judgment of the user public key in the SUCI message generated by the terminal can be ignored. For an attacker, since the attacker acquires the SUCI message generated before the terminal, the user public key in the SUCI message is already stored in the network side device as the user public key, and after the network side device receives the SUCI message, the network side device easily knows that the user public key in the SUCI message already exists in the user public key stored in the network side device through comparison, so that the SUCI message can be determined to be a replay message, and the SUCI replay message can be effectively detected.
As can be seen from the above, the method for determining a replay message provided in this embodiment can achieve the purpose of determining whether the sui message is a replay message by obtaining the user public key in the sui message and according to the user public key and the user public key already stored in the network side device, so that the method can be used for effectively detecting the sui replay attack.
In the above implementation, step 12 may include:
step 121, determining whether the SUCI message is a replay message according to the storage mode of the user public key on the unified data management UDM functional entity and according to the user public key and the user public key already stored by the UDM functional entity.
Here, step 121 may specifically include:
step 1211, when the user public key is not bound to the identity of the terminal and is stored in the UDM functional entity, determining whether the sui message is a replay message according to the user public key and the user public key already stored in the database of the UDM functional entity.
In application, the step 1211 may specifically include:
when the user public key is not bound with the identity of a terminal and is stored on the UDM functional entity, the user public key in the SUCI message is used for inquiring in a database of the UDM functional entity, and if the user public key in the SUCI message appears, the SUCI message is determined to be a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
After storing the user public key in the SUCI message in the database of the UDM functional entity, the method may further include:
analyzing the SUCI to obtain KE{MSIN};
Decryption KE{ MSIN }, obtaining SUPI; wherein SUCI is SUPI type + Home network identity + route identity + protection scheme identity + BPUB+APUB+KE{MSIN}+Tag;
Wherein A isPUBIs the user's public key, BPUBIs the public key of the network, Tag ═ HMAC-SHA-256 (K)M,KE{MSIN}),MSIN is mobile subscriber identification number, KEFor encrypting the secret key, KMIs an integrity key.
And 1212, binding the user public key with the identity of the terminal, storing the user public key on the UDM functional entity, and determining whether the SUCI message is a replay message according to the user public key and the user public key already stored in the database of the UDM functional entity.
In application, the step 1212 may specifically include:
analyzing the SUCI to obtain KE{MSIN};
Decrypting KE { MSIN }, and obtaining SUPI; in KE { MSIN }, MSIN is a mobile subscriber identification number, and KE is an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, binding the user public key and the identity of the terminal, storing the user public key and the identity of the terminal in a database of the UDM functional entity, and generating an authentication vector.
The method for determining the replay message has better compatibility with the existing standard system, does not need to modify the SUPI encryption scheme, and can be realized only by storing the user public key on the UDM functional entity at the network side. Compared with the existing scheme, the method has the advantages of easier implementation and better effect because the public key of the user is used as the judgment basis of the replay attack.
In the above embodiment, the user public key is stored in the UDM functional entity in a first-in first-out manner.
Specifically, the method comprises the following steps:
determining a storage space with a preset capacity C, and if the data volume D of the user public key to be stored exceeds the preset capacity C, removing the earliest stored user public key of a part (namely a D-C part) exceeding the preset capacity C; alternatively, the first and second electrodes may be,
determining a preset time period T (such as days and months), and if the user public key with the storage duration exceeding the preset time period T exists in the stored user public keys, removing the user public key with the storage duration exceeding the preset time period, namely removing the first stored user public key, wherein the quantity of the first stored user public key is the quantity of data stored in the earliest time unit (such as days and months).
In an embodiment of the present invention, the network-side UDM determines whether the received SUCI message is a replay message by comparing the user public key received from the terminal side with the previous user public key stored in the database. The scheme has better compatibility with the existing standard system, the SUPI encryption scheme is not required to be modified, and only the user public key is required to be stored in the UDM of the network. Compared with the existing scheme, the scheme is easier to implement because the user public key is used as the judgment basis of the replay attack. As shown in fig. 3, another embodiment of the present invention provides a device 30 for determining a replay message, which is applied to a network side device, and includes:
a receiving module 31, configured to receive a user public key in a user hidden identifier SUCI message;
and the processing module 32 is configured to determine whether the SUCI message is a replay message according to the user public key and the user public key that has been stored by the network side device.
Optionally, the processing module 32 may be specifically configured to: and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on a unified data management function (UDM) functional entity and the user public key stored by the UDM functional entity.
In a specific application, the processing module 32 is further configured to: the user public key is not bound with the identity of the terminal, and when the user public key is stored on the UDM functional entity, whether the SUCI message is a replay message is determined according to the user public key and the user public key already stored in a database of the UDM functional entity; alternatively, the first and second electrodes may be,
and the user public key is bound with the identity of the terminal, is stored on the UDM functional entity, and determines whether the SUCI message is a replay message or not according to the user public key and the user public key which is already stored in a database of the UDM functional entity.
Wherein, when the user public key is not bound to the identity of the terminal and is stored in the UDM functional entity, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in a database of the UDM functional entity, may include:
when the user public key is not bound with the identity of a terminal and is stored on the UDM functional entity, the user public key in the SUCI message is used for inquiring in a database of the UDM functional entity, and if the user public key in the SUCI message appears, the SUCI message is determined to be a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
After storing the user public key in the SUCI message in the database of the UDM functional entity, the method may further include:
analyzing the SUCI to obtain KE{MSIN};
Decryption KE{ MSIN }, obtaining SUPI, and generating an authentication vector; wherein SUCI is SUPI type + Home network identity + route identity + protection scheme identity + BPUB+APUB+KE{MSIN}+Tag;
Wherein A isPUBIs the user's public key, BPUBIs the public key of the network, Tag ═ HMAC-SHA-256 (K)M,KE{ MSIN }), MSIN is the mobile subscriber identification number, KEFor encrypting the secret key, KMIs an integrity key.
Wherein, when the user public key is bound with the identity of the terminal and stored in the UDM functional entity, determining whether the SUCI message is a replay message according to the user public key and the user public key already stored in the database of the UDM functional entity, includes:
analyzing the SUCI to obtain KE{MSIN};
Decrypting KE { MSIN }, and obtaining SUPI; wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, binding the user public key and the identity of the terminal, storing the user public key and the identity of the terminal on the UDM functional entity, and generating an authentication vector.
Alternatively, the user public key may be at [0,2 ]n]A random number that varies within a range, where n is the length of the user public key. Generally, n is an integer of 256 or more, that is, represents that the length of the user public key is 256 bits or more.
Due to the limited storage space on the UDM, the user public key can be stored in a first-in first-out manner on the UDM functional entity.
The user public key is stored on the UDM functional entity in a first-in first-out mode, and the method comprises the following steps:
determining a storage space with preset capacity, and if the data volume of the user public key needing to be stored exceeds the preset capacity, removing the earliest stored user public key of the exceeding part; alternatively, the first and second electrodes may be,
and determining a preset time period, and if the stored user public key of the network side has a user public key of which the storage time length exceeds the preset time period, moving out the user public key of which the storage time length exceeds the preset time period.
It should be noted that, the apparatus 20 for determining a replay message provided in the embodiment of the present invention can implement all the method steps implemented by the method for determining a replay message in the embodiment, and can achieve the same technical effect, and detailed descriptions of the same parts and beneficial effects as those of the method embodiment in this embodiment are not repeated herein.
As shown in fig. 4, another embodiment of the present invention provides a network device 40, including:
a transceiver 41 for receiving a user public key in a user hidden identifier SUCI message;
and the processor 42 is configured to determine whether the SUCI message is a replay message according to the user public key and the user public key that has been stored by the network side device.
Optionally, the processor 42 is specifically configured to: and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on a unified data management function (UDM) functional entity and the user public key stored by the UDM functional entity.
In particular applications, the processor 42 is further operable to: the user public key is not bound with the identity of the terminal, and when the user public key is stored on the UDM functional entity, whether the SUCI message is a replay message is determined according to the user public key and the user public key already stored in a database of the UDM functional entity; alternatively, the first and second electrodes may be,
and the user public key is bound with the identity of the terminal, is stored on the UDM functional entity, and determines whether the SUCI message is a replay message or not according to the user public key and the user public key which is already stored in a database of the UDM functional entity.
Wherein, when the user public key is not bound to the identity of the terminal and is stored in the UDM functional entity, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in a database of the UDM functional entity, may include:
when the user public key is not bound with the identity of a terminal and is stored on the UDM functional entity, the user public key in the SUCI message is used for inquiring in a database of the UDM functional entity, and if the user public key in the SUCI message appears, the SUCI message is determined to be a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
After storing the user public key in the SUCI message in the database of the UDM functional entity, the method may further include:
analyzing the SUCI to obtain KE{MSIN};
Decryption KE{ MSIN }, obtaining SUPI; wherein SUCI is SUPI type + Home network identity + route identity + protection scheme identity + BPUB+APUB+KE{MSIN}+Tag;
Wherein A isPUBIs the user's public key, BPUBIs the public key of the network, Tag ═ HMAC-SHA-256 (K)M,KE{ MSIN }), MSIN is the mobile subscriber identification number, KEFor encrypting the secret key, KMIs an integrity key.
Wherein, when the user public key is bound with the identity of the terminal and stored in the UDM functional entity, determining whether the SUCI message is a replay message according to the user public key and the user public key already stored in the database of the UDM functional entity, includes:
analyzing the SUCI to obtain KE{MSIN};
Decrypting KE { MSIN }, and obtaining SUPI; wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, binding the user public key and the identity of the terminal, storing the user public key and the identity of the terminal on the UDM functional entity, and generating an authentication vector.
Alternatively, the user public key may be at [0,2 ]n]A random number that varies within a range, where n is the length of the user public key. Generally, n is an integer of 256 or more, that is, represents that the length of the user public key is 256 bits or more.
Due to the limited storage space on the UDM, the user public key can be stored in a first-in first-out manner on the UDM functional entity.
The user public key is stored on the UDM functional entity in a first-in first-out mode, and the method comprises the following steps:
determining a storage space with preset capacity, and if the data volume of the user public key needing to be stored exceeds the preset capacity, removing the earliest stored user public key of the exceeding part; alternatively, the first and second electrodes may be,
and determining a preset time period, and if the stored user public key has a user public key with the storage time length exceeding the preset time period, shifting out the user public key with the storage time length exceeding the preset time period.
In the network device 40, the transceiver 41 and the processor 42 may be communicatively connected through a bus interface, the function of the processor 42 may also be implemented by the transceiver 41, and the function of the transceiver 41 may also be implemented by the processor 42. It should be noted that, the network device provided in the embodiment of the present invention can implement all the method steps implemented by the method for determining a playback message in the embodiment, and can achieve the same technical effect, and details of the same parts and beneficial effects as those of the method embodiment in this embodiment are not described herein again.
Another embodiment of the present invention provides a communication apparatus, including: a processor, a memory storing a computer program which, when executed by the processor, performs the method of determining a replay message as described above. All the implementation manners in the above method embodiment are applicable to this embodiment, and the same technical effect can be achieved. Yet another embodiment of the present invention provides a computer-readable storage medium including instructions that, when executed on a computer, cause the computer to perform the method for determining a replay message as described above. All the implementation manners in the above method embodiment are applicable to this embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (18)
1. A method for determining replay messages, applied to a network side device, the method comprising:
receiving a user public key in a SUCI message of a user hidden identifier;
and determining whether the SUCI message is a replay message or not according to the user public key and the user public key which is stored by the network side equipment.
2. The method for determining whether the SUCI message is a replay message according to the user public key and the user public key that has been stored in the network-side device according to claim 1, comprising:
and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on the unified data management UDM functional entity and the user public key stored by the UDM functional entity.
3. The method for determining replay messages of claim 2, wherein the storing of said user public key in a unified data management, UDM, functional entity comprises:
the user public key stored on the UDM functional entity is not bound with the identity of the terminal; alternatively, the first and second electrodes may be,
and the user public key stored on the UDM functional entity is bound with the identity of the terminal.
4. The method for determining whether the SUCI message is a replay message according to claim 3, wherein when the user public key is not bound to the identity of the terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in the database of the UDM function entity comprises:
querying in a database of the UDM functional entity by using a user public key in the SUCI message, and if the user public key in the SUCI message appears, determining that the SUCI message is a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
5. The method for determining replay messages of claim 4, wherein after storing the user public key in the SUCI message in the database of the UDM functional entity, further comprising:
analyzing the SUCI to obtain KE{MSIN};
Decrypting the KE{ MSIN }, obtaining SUPI;
wherein SUCI is SUPI type + Home network identity + route identity + protection scheme identity + BPUB+APUB+KE{MSIN}+Tag;
Wherein A isPUBIs the user's public key, BPUBIs the public key of the network, Tag ═ HMAC-SHA-256 (K)M,KE{ MSIN }), MSIN is the mobile subscriber identification number, KEFor encrypting the secret key, KMIs an integrity key.
6. The method for determining a replay message of claim 3, wherein when a user public key is bound to the identity of a terminal, determining whether the SUCI message is a replay message according to the user public key and a user public key already stored in a database of the UDM functional entity comprises:
analyzing the SUCI to obtain KE{MSIN};
Decryption KE{ MSIN }, obtaining SUPI; wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, the user public key is bound with the identity of the terminal and stored in the database of the UDM functional entity.
7. The method for determining a replay message of claim 1,
the user public key is in [0,2 ]n]A random number that varies within a range, where n is the length of the user public key.
8. The method for determining a replay message of claim 7,
the length of the user public key is greater than or equal to 256 bits.
9. The method for determining a replay message of claim 1,
and the user public key is stored on the network side equipment in a first-in first-out mode.
10. The method for determining replay messages of claim 9, wherein the user public key is stored in a first-in-first-out manner on the network side device, comprising:
determining a storage space with preset capacity, and if the data volume of the user public key needing to be stored exceeds the preset capacity, removing the earliest stored user public key of the exceeding part; alternatively, the first and second electrodes may be,
and determining a preset time period, and if the stored user public key has a user public key with the storage duration exceeding the preset time period, shifting out the user public key with the storage duration exceeding the preset time period.
11. A device for determining replay messages, the device being applied to a network side device, the device comprising:
the receiving module is used for receiving a user public key in the SUCI message of the user hidden identifier;
and the processing module is used for determining whether the SUCI message is a replay message according to the user public key and the user public key stored by the network side equipment.
12. The apparatus for determining replay messages of claim 11, wherein the processing module is specifically configured to:
and determining whether the SUCI message is a replay message or not according to a storage mode of a user public key on a unified data management function (UDM) functional entity and the user public key stored by the UDM functional entity.
13. A device for determining replay messages according to claim 12, characterised in that said storage of said user public key on a unified data management, UDM, functional entity comprises:
the user public key stored on the UDM functional entity is not bound with the identity of the terminal; alternatively, the first and second electrodes may be,
and the user public key stored on the UDM functional entity is bound with the identity of the terminal.
14. The apparatus for determining whether the SUCI message is a replay message according to claim 13, wherein when the user public key is not bound to the identity of the terminal, determining whether the SUCI message is a replay message based on the user public key and a user public key already stored in the database of the UDM function entity comprises:
querying in a database of the UDM functional entity by using a user public key in the SUCI message, and if the user public key in the SUCI message appears, determining that the SUCI message is a replay message; otherwise, storing the user public key in the SUCI message into a database of the UDM functional entity.
15. The apparatus for determining a replay message of claim 13, wherein when the user public key is bound to the identity of the terminal, determining whether the SUCI message is the replay message according to the user public key and a user public key already stored in a database of the UDM function entity comprises:
analyzing the SUCI to obtain KE{MSIN};
Decrypting the KE{ MSIN }, obtaining SUPI;
wherein, KE{ MSIN }, MSIN being the mobile subscriber identification number, KEIs an encryption key;
according to SUPI, searching a user public key in the SUCI previously sent by the terminal stored in the UDM functional entity, and determining that the SUCI message is a replay message; otherwise, the user public key is bound with the identity of the terminal and stored in the database of the UDM functional entity.
16. A network device, comprising:
a transceiver for receiving a user public key in a user hidden identifier SUCI message;
and the processor is used for determining whether the SUCI message is a replay message or not according to the user public key and the user public key stored by the network side equipment.
17. A communication device, comprising: a processor, a memory storing a computer program which, when executed by the processor, performs the method of any of claims 1 to 10.
18. A computer-readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010703743.0A CN114040386A (en) | 2020-07-21 | 2020-07-21 | Method, device and equipment for determining replay message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010703743.0A CN114040386A (en) | 2020-07-21 | 2020-07-21 | Method, device and equipment for determining replay message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114040386A true CN114040386A (en) | 2022-02-11 |
Family
ID=80134073
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010703743.0A Pending CN114040386A (en) | 2020-07-21 | 2020-07-21 | Method, device and equipment for determining replay message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114040386A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019137792A1 (en) * | 2018-01-12 | 2019-07-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Validation of subscription concealed identifiers in mobile networks |
| EP3518491A1 (en) * | 2018-01-26 | 2019-07-31 | Nokia Technologies Oy | Registering or authenticating user equipment to a visited public land mobile network |
| CN110475247A (en) * | 2018-05-11 | 2019-11-19 | 电信科学技术研究院有限公司 | Message treatment method and device |
| WO2020093864A1 (en) * | 2018-11-05 | 2020-05-14 | 华为技术有限公司 | Key agreement method, related apparatus and system |
| CN111404670A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Key generation method, UE and network equipment |
-
2020
- 2020-07-21 CN CN202010703743.0A patent/CN114040386A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019137792A1 (en) * | 2018-01-12 | 2019-07-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Validation of subscription concealed identifiers in mobile networks |
| EP3518491A1 (en) * | 2018-01-26 | 2019-07-31 | Nokia Technologies Oy | Registering or authenticating user equipment to a visited public land mobile network |
| CN110475247A (en) * | 2018-05-11 | 2019-11-19 | 电信科学技术研究院有限公司 | Message treatment method and device |
| WO2020093864A1 (en) * | 2018-11-05 | 2020-05-14 | 华为技术有限公司 | Key agreement method, related apparatus and system |
| CN111404670A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Key generation method, UE and network equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gope et al. | An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks | |
| EP2634956B1 (en) | Communicating an identity to a server | |
| US11018866B2 (en) | Dynamic second factor authentication for cookie-based authentication | |
| US20130170643A1 (en) | Method and system for transmitting subscriber identity information, user equipment, network device | |
| KR101753859B1 (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
| US20130291071A1 (en) | Method and Apparatus for Authenticating a Communication Device | |
| Nashwan | AAA-WSN: Anonymous access authentication scheme for wireless sensor networks in big data environment | |
| US9473474B2 (en) | Communicating an identity of a group shared secret to a server | |
| Tanveer et al. | LAKE-6SH: Lightweight user authenticated key exchange for 6LoWPAN-based smart homes | |
| EP3337088A1 (en) | Data encryption method, decryption method, apparatus, and system | |
| WO2011088658A1 (en) | Method, server and system for authenticating identification information in domain name system (dns) messages | |
| Tsai et al. | Secure delegation-based authentication protocol for wireless roaming service | |
| CN108616521B (en) | Network access method, device, equipment and readable storage medium | |
| Wang et al. | A secure key agreement protocol based on chaotic maps | |
| Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
| Choudhury | HashXor: A lightweight scheme for identity privacy of IoT devices in 5G mobile network | |
| Wang et al. | Comments on an advanced dynamic ID-based authentication scheme for cloud computing | |
| CN111641498A (en) | Key determination method and device | |
| EP1995908A1 (en) | Method, system, apparatus and bsf entity for preventing bsf entity from attack | |
| CN105959099A (en) | Method for encrypting SSR password | |
| Momeni | A lightweight authentication scheme for mobile cloud computing | |
| CN111836260A (en) | Authentication information processing method, terminal and network equipment | |
| CN114040386A (en) | Method, device and equipment for determining replay message | |
| EP3125595A1 (en) | Method to provide identification in privacy mode | |
| Halbouni et al. | Wireless Security Protocols WPA3: A Systematic Literature Review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |