CN116530119A - Method, device and system for protecting serial numbers in wireless network - Google Patents
Method, device and system for protecting serial numbers in wireless network Download PDFInfo
- Publication number
- CN116530119A CN116530119A CN202180079138.3A CN202180079138A CN116530119A CN 116530119 A CN116530119 A CN 116530119A CN 202180079138 A CN202180079138 A CN 202180079138A CN 116530119 A CN116530119 A CN 116530119A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- authentication
- message
- request message
- home network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 82
- 238000004891 communication Methods 0.000 claims description 58
- 238000007726 management method Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 claims description 5
- 238000013523 data management Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 abstract description 8
- 230000006870 function Effects 0.000 description 30
- 230000008901 benefit Effects 0.000 description 11
- 230000011664 signaling Effects 0.000 description 8
- DJGAAPFSPWAYTJ-UHFFFAOYSA-M metamizole sodium Chemical compound [Na+].O=C1C(N(CS([O-])(=O)=O)C)=C(C)N(C)N1C1=CC=CC=C1 DJGAAPFSPWAYTJ-UHFFFAOYSA-M 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000006243 chemical reaction Methods 0.000 description 4
- 230000001010 compromised effect Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000002441 reversible effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000009795 derivation Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- CSRZQMIRAZTJOY-UHFFFAOYSA-N trimethylsilyl iodide Substances C[Si](C)(C)I CSRZQMIRAZTJOY-UHFFFAOYSA-N 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Abstract
The present disclosure relates generally to UE authentication and authorization with a home network of a UE, and in particular to protecting a sequence number (SQN) of the UE during authentication and authorization MS ). If the UE indicates a synchronization failure to the core network through the authentication failure message, the SQN MS Is suppressed to prevent SQN MS Is hacked. SEAF/AMF saving SQN of SN MS And RAND (RAND) MS Is a copy of (c). Therefore, when the UE initiates the service request, the UE does not need to include the SQN in the service request message MS And RAND (RAND) MS Parameters.
Description
Technical Field
The present disclosure relates to terminal device authentication and authorization with a home network of a terminal device in a communication network.
Background
In a communication network, a User Equipment (UE) accesses the communication network via its USIM card. Access, including authentication and authorization, by UEs to the communication network is protected by various security mechanisms. Among the various security measures and requirements, protection of the sensitive data of the UE (including authentication and authorization parameters) is critical.
Disclosure of Invention
The present disclosure relates to UE authentication and authorization with a home network of a UE, and in particular to protecting a sequence number of the UE during authentication and authorization.
In some embodiments, a method of authenticating a terminal device in a communication network including a home network corresponding to the terminal device and a serving network serving the terminal device is disclosed. The method may be performed by a serving network element belonging to a serving network and may comprise: receiving a registration request message initiated by the terminal device, initiating a registration procedure to register the terminal device to the communication network, wherein the registration request message comprises a parameter and a random number, both generated by the terminal device, for authenticating the terminal device at the home network, and wherein the parameter corresponds to a sequence number configured by the terminal device; storing parameters and random numbers; and sending a first authentication request message to a first home network element belonging to the home network, wherein the first authentication request message comprises a parameter and a random number.
In other embodiments, a method for authenticating a service request initiated by a terminal device in a communication network comprising a home network corresponding to the terminal device and a service network serving the terminal device is disclosed. The method may be performed by a serving network element belonging to a serving network and may comprise: receiving a first service request message triggered by a terminal device requesting a service in a communication network; sending an authentication request message to a home network element belonging to a home network, wherein: the authentication request message includes a parameter and a random number, the random number and the parameter being generated by the terminal device and stored in the home network element, and the parameter corresponding to a sequence number configured by the terminal device, the random number and the sequence number being used to authenticate the terminal device at a communication network of the terminal device.
In other embodiments, an apparatus is disclosed. The device generally includes one or more processors, wherein the one or more processors are configured to implement any of the methods described above.
In other embodiments, a computer program product is disclosed. The computer program product may include a non-transitory computer-readable program medium having computer code stored thereon, which when executed by one or more processors causes the one or more processors to implement any of the methods described above.
The embodiments and alternatives of the above examples and other aspects thereof are explained in more detail in the following drawings, description and claims.
Drawings
Fig. 1 shows an exemplary communication network comprising a terminal device, an operator network, a data network and a service application.
Fig. 2 illustrates an exemplary network function or network node in a communication network.
Fig. 3 illustrates an exemplary network function or network node in a wireless communication network.
Fig. 4 illustrates an exemplary logic flow for UE registration authentication with a core network.
Fig. 5 illustrates an exemplary logic flow for making a UE service request to a core network.
Fig. 6 illustrates another exemplary logic flow for UE registration authentication with a core network.
Fig. 7 illustrates another exemplary logic flow for UE service request to a core network.
Detailed Description
The exemplary communication network, shown as 100 in fig. 1, may include terminal devices 110 and 112, an operator network 102, various service applications 140, and other data networks 150. For example, the operator network 102 may include an access network 120 and a core network 130. Operator network 102 may be configured to transfer voice, data, and other information (collectively referred to as data communications) between terminal devices 110 and 112, between terminal devices 110 and 112 and service application 140, or between terminal devices 110 and 112 and other data networks 150. Communication sessions and corresponding data paths may be established and configured for such data transmissions. Access network 120 may be configured to provide terminal devices 110 and 112 with network access to core network 130. The core network 130 may include various network nodes or network functions configured to control communication sessions and perform network access management and data communication routing. Service application 140 may be hosted by various application servers that are accessible by terminal devices 110 and 112 through core network 130 of operator network 102. Service application 140 may be deployed as a data network external to core network 130. Likewise, terminal devices 110 and 112 may access other data networks 150 through core network 130, and other data networks 150 may appear as data destinations or data sources for particular communication sessions instantiated in carrier network 102.
The core network 130 of fig. 1 may include various network nodes or functions that are geographically distributed and interconnected to provide network coverage of the service area of the carrier network 102. These network nodes or functions may be implemented as dedicated hardware network elements. Alternatively, these network nodes or functions may be virtualized and implemented as virtual machines or software entities. Each network node may be configured with one or more types of network functions. These network nodes or network functions may collectively provide provisioning and routing functions for the core network 130. The terms "network node" and "network function" are used interchangeably in this disclosure.
Fig. 2 further illustrates an exemplary division of network functions in the core network 130 of the communication network 200. Although only a single instance of a network node or function is shown in fig. 2, those of ordinary skill in the art will appreciate that each of these network nodes may be instantiated as multiple instances of network nodes distributed throughout core network 130. As shown in fig. 2, the core network 130 may include, but is not limited to, an access management network node (amann) 230, an authentication network node (AUNN) 260, a Network Data Management Network Node (NDMNN) 270, a Session Management Network Node (SMNN) 240, a Data Routing Network Node (DRNN) 250, a Policy Control Network Node (PCNN) 220, an Application Data Management Network Node (ADMNN) 210, and the like. In fig. 2, each solid line connection represents an exemplary signaling and data exchange between various types of network nodes over various communication interfaces. Such signaling and data exchanges may be carried by signaling or data information conforming to a predetermined format or protocol.
The embodiments of fig. 1 and 2 described above may be applied to both wireless and wireline communication systems. Fig. 3 illustrates an exemplary cellular wireless communication network 300 based on a general implementation of the communication network 200 of fig. 2. Fig. 3 illustrates a wireless communication network 300, which may include a User Equipment (UE) 310 (serving as the terminal device 110 of fig. 2), a Radio Access Network (RAN) 320 (serving as the access network 120 of fig. 2), a Data Network (DN) 150, and a core network 130, the core network 130 including an Access Management Function (AMF) 330 (serving as the AMNN 230 of fig. 2), a Session Management Function (SMF) 340 (serving as the SMNN 240 of fig. 2), an Application Function (AF) 390 (serving as the adnn 210 of fig. 2), a User Plane Function (UPF) 350 (serving as the DRNN 250 of fig. 2), a Policy Control Function (PCF) 322 (serving as the PCNN 220 of fig. 2), an authentication server function (AUSF) 360 (serving as the AUNN 260 of fig. 2), and a Universal Data Management (UDM) function 370 (serving as the UDMNN 270 of fig. 2). Furthermore, although fig. 3 shows only a single instance of some network functions or nodes of the wireless communication network 300 (and particularly the core network 130), one of ordinary skill in the art will appreciate that each of these network nodes or functions may have multiple instances distributed throughout the wireless communication network 300.
In fig. 3, UE 310 may be implemented as various types of mobile devices configured to access core network 130 via RAN 320. The UE 310 may include, but is not limited to, mobile phones, laptops, tablets, internet of things (IoT) devices, distributed sensor network nodes, wearable devices, and the like. The UE may also be a multi-access edge computing (MEC) capable UE supporting edge computing. For example, RAN 320 may include a plurality of radio base stations distributed in a service area of an operator network. Communication between UE 310 and RAN 320 may occur over an over-the-air (OTA) wireless interface, as shown at 311 in fig. 3.
With continued reference to fig. 3, the udm 370 may form a persistent store or database for user contracts and subscription data. The UDM may also include an authentication certificate store and handling function (ARPF, shown as 370 in fig. 3), storing long-term security certificates for user authentication, and performing the calculation of encryption keys using such long-term security certificates as input, as described in more detail below. To prevent unauthorized exposure of the UDM/ARPF data, the UDM/ARPF 370 may be located in a secure network environment of a network operator or third party.
AMF/SEAF 330 may communicate with RAN 320, SMF 340, AUSF 360, UDM/ARPF 370, and PCF 322 via communication interfaces indicated by the various solid lines connecting the network nodes or functions. The AMF/SEAF 330 may be responsible for UE-to-non-access stratum (NAS) signaling management and for providing registration and access of the UE 310 to the core network 130 and allocation of the SMF 340 to support the communication needs of a particular UE. The AMF/SEAF 330 may also be responsible for UE mobility management. The AMF may also include a secure anchor function (SEAF, as shown in 330 of fig. 3), which, as described in more detail below, interacts with the AUSF 360 and the UE 310 for user authentication and various levels of encryption/decryption key management. The AUSF 360 may terminate the user registration/authentication/key generation request from the AMF/SEAF 330 and interact with the UDM/ARPF 370 to complete such user registration/authentication/key generation.
The SMF 340 may be assigned by the AMF/SEAF 330 to a particular communication session instantiated in the wireless communication network 300. The SMF 340 may be responsible for assigning UPFs 350 to support communication sessions in the user data plane and data flows therein, and for provisioning/regulating the assigned UPFs 350 (e.g., for formulating packet detection and forwarding rules for the assigned UPFs 350). In addition to being assigned by the SMF 340, the UPF 350 may be assigned by the AMF/SEAF 330 for particular communication sessions and data flows. The UPFs 350 allocated and provided by the SMF 340 and the AMF/SEAF 330 may be responsible for data routing and forwarding and reporting network usage for a particular communication session. For example, UPF 350 may be responsible for routing end-to-end data flows between UE 310 and DN 150, between UE 310 and service application 140. DN 150 and service applications 140 can include, but are not limited to, data networks and services provided by operators of wireless communication network 300 or by third party data networks and service providers.
PCF 322 may be responsible for managing and providing AMF/SEAF 330 and SMF 340 with policies and rules applicable to the various levels of the communication session associated with UE 310. Thus, for example, AMF/SEAF 330 may allocate SMF 340 for a communication session in accordance with policies and rules associated with UE 310 and obtained from PCF 322. Likewise, SMF 340 may allocate UPF 350 to handle data routing and forwarding of communication sessions according to policies and rules obtained from PCF 322.
Although the exemplary embodiments of fig. 1-3 and the following description are based on cellular wireless communication networks, the scope of the present disclosure is not so limited and the underlying principles apply to other types of wireless and wireline communication networks.
Network identity and data security in the wireless communication network 300 of fig. 3 may be managed through user authentication procedures provided by the AMF/SEAF 330, AUSF 360, and UDM/ARPF 370. Specifically, the UE 310 may first communicate with the AMF/SEAF 330 for network registration and may then be authenticated by the AUSF 360 according to the user contract and subscription data in the UDM/ARPF 370. After user authentication with the wireless communication network 300, the communication session established for the UE 310 may be protected by various levels of encryption/decryption keys. The generation and management of various keys may be coordinated by AUSF 360 and other network functions in the communication network.
In a communication network, a UE and the communication network need to mutually authenticate in order to establish a secure link for protecting subsequent communications based on various security mechanisms. Such security mechanisms involve the UE, the home network of the UE (i.e., the operator with which the UE contracts), and may also involve the serving network of the UE. The serving network provides a serving access point (e.g., a base station in the vicinity of the UE) to the UE. The serving network interacts with the home network to authenticate the UE prior to service authorization.
From the UE's perspective, it is crucial to protect the privacy of the UE. When the UE attempts to access the communication network, the UE may need to follow a certain security procedure, such as initiating a registration request or a service request to the communication network to mutually authenticate with the home network/service network. As part of the security procedure, the home network may challenge the UE, for example, through an authentication request by the home network. In this challenge, the UE needs to verify a Message Authentication Code (MAC) sent to the UE. Through MAC verification, the UE verifies the validity of the challenge to ensure that the challenge is legitimate and that the challenge is sent by the real home network, not by the suspicious party. If the MAC authentication fails, the UE considers the security procedure to fail.
If the UE passes the MAC authentication, the UE can further check the freshness of the challenge. For this purpose, a sequence number (SQN) is used. Specifically, the UE maintains a SQN, denoted as SQN, from the UE side MS . The home network also maintains a corresponding SQN, denoted SQN HE . In normal operation, the two SQNs are synchronized. The UE pings the SQN associated with the challenge sent by the home network: if the SQN is within the correct range, verifying the freshness of the challenge; otherwise, the UE declares a synchronization failure. To recover from the synchronization failure, in some embodiments, the UE sends an authentication failure message to the home network. Authentication failure message carries the SQN maintained by the UE MS So the home network can use SQN MS Updating SQN HE . Thus, the home network and the UE may synchronize back with respect to the SQN. The home network may then be based on the updated SQN HE Retry the challenge.
Can be based on random numbers (RAND) and SQN HE The MAC as described above is derived or calculated and may be embedded in an authentication key (AUTN). In some scenarios, RAND and AUTN may be compromised because an attacker may capture or sniff these values from the communication network, or an attacker may obtain these values from a hacked database. An attacker may use these for victim UEsRAND and AUTN values for leakage. For example, an attacker may forge a challenge based on the compromised value and repeatedly send the forged challenge. Thus, while the UE may still detect that the SQN associated with the challenge is unsynchronized, the UE may be spoofed by a counterfeit challenge, deemed to pass the MAC verification. As described above, the UE attempts to recover from the synchronization failure and sends a carry SQN MS Is a failure to authenticate message. Then, an attacker may capture and export the SQN MS . Thus, the privacy and confidentiality of the UE are compromised.
To minimize the security risk, one solution is for the UE to pair SQNs when sending authentication failure messages MS Remains silent. For example, when a UE initiates a registration request or service request, the UE may choose to send a hidden SQN to the home network MS Instead of sending the SQN in an authentication failure message MS . In addition, home network elements such as AMFs may store SQNs MS And if the UE requests service, providing the SQN to the home network MS . Alternatively, the home network element may store another parameter, such as an authentication synchronization failure (AUTS) parameter, provided that the parameter is capable of deriving the SQN MS And (3) obtaining the product. Furthermore, since random numbers can be used to hide SQNs MS The home network element may also store random numbers so that the SQN may be disarmed from, for example, the AUTN MS Is hidden in the picture frame.
In the present disclosure, various embodiments are disclosed that aim to address the SQN under the above-described or other possible attacks MS Leakage problems.
UE registers with the core network (example 1)
Fig. 4 illustrates an exemplary logic flow for performing a UE registration and authentication procedure at a core network. Steps 1 to 10 in fig. 4 show specific exemplary steps of UE registration/authentication.
As shown in fig. 4, the UE initiates a registration request to a Serving Network (SN) element, such as SEAF or AMF. The following description is given by way of example of SEAF, but the same principles apply to AMF in SN or another core network element. The SN element interacts with a Home Network (HN) element of the UE, such as AUSF and/or UDM, to complete the registration/authentication procedure. Details are described below.
Step 1
UE generation of new random number RAND MS And retrieves the sequence number SQN MS . In some embodiments, this task may be performed by a Universal Subscriber Identity Module (USIM) of the UE. The sequence number may be selected as the highest value in the sequence number array consisting of previously accepted sequence numbers. Then, the UE performs the SQN MS And RAND (RAND) MS AUTS parameters are calculated. For example, AUTS parameters (hereinafter also referred to as AUTS) may be based on hidden SQNs MS ,SQN MS May be to SQN MS And RAND (RAND) MS The output of the exclusive or operation of (c). AUTS may also be based on Message Authentication Code (MAC) where it may be utilized in SQN MS And RAND (RAND) MS The MAC is encrypted as an input cryptographic function. In general, a MAC may be used to allow a recipient of a message to authenticate that the message is from an intended sender. In this disclosure, there is no limitation on how the AUTS parameters are calculated or encrypted.
The UE sends the signal with AUTS and RAND to the SEAF MS Is provided for a registration request message of (a). The registration request message may also include a sui (subscription hidden identifier) or a 5G-GUTI (5G globally unique temporary identifier) of the UE. It should be appreciated that given AUTS and RAND MS ,SQN MS The derivation or retrieval may be performed by using the reverse procedure, which corresponds to the manner in which the AUTS is generated.
Step 2
The SEAF sends an authentication request message to an AUSF belonging to a UE Home Network (HN). The authentication request message includes AUTS and RAND MS And may further include a sui or SUPI (subscription permanent identifier) of the UE, and an SN name of the serving network (serving network name).
Step 3
The AUSF forwards the content received from the authentication request message in step 2 to the UDM belonging to the HN of the UE in the authentication acquisition request message.
Step 4
UDM uses, for example, slave SQN MS Reverse process to generate AUTS retrieves SQN from AUTS MS . Then, the UDM deletes the RAND MS And store the SQN MS 。UThe DM also un-conceals the sui by invoking its subscription identifier un-conceal function (SIDF) and selects the authentication method. Utilizing existing sequence numbers of the home environment (SQN HE Which corresponds to SQN MS ) A new 5G HE (home environment) Authentication Vector (AV) is generated.
By deleting RAND MS UDM reduces RAND MS Risk of leakage, thereby reducing RAND-based MS Security attack risk of (a).
Step 5
The UDM transmits an authentication acquisition response message with the newly generated 5G HE AV to the AUSF.
Step 6
The AUSF creates a 5G SE (service environment) AV based on the 5G HE AV and sends the 5G SE AV to the SEAF in a nausf_ueauthentication_authentication response message.
Step 7
SEAF derives a random number (RAND) and an authentication key (AUTN) from the 5G SE AV. In particular, RAND may be in the form of an array of random bytes. AUTN includes a Message Authentication Code (MAC) that may be based on RAND and SQN HE Export, wherein SQN HE Can be derived from 5G HE AV. In some embodiments, the MAC may be RAND and SQN HE And (5) cascading. The SEAF then forwards the RAND and AUTN to the UE in an authentication request message. The authentication request message includes a challenge to the UE, and the AUTN may be used to prove the freshness and authenticity of the challenge.
Step 8
When receiving the authentication request message, the UE examines the MAC carried by the AUTN to verify the authenticity of the authentication request message. Assuming that the authenticity is verified, the UE further inspects the SQN HE Whether within the correct range to verify the freshness of the authentication request message. The correct range may be based on SQM MS 。
Based on the inspection result of the freshness in this step, step 9 or step 10 is performed.
Step 9
The freshness check in step 8 is successful. The UE and the UDM continue to complete the rest of the authentication procedure as shown in steps 9a, 9b and 9 c. In step 9c, due to the home environment and UE sequence number(i.e., SQN at UE side MS And SQN of UDM end HE ) Is synchronous, so when the authentication result is updated from AUSF to UDM, UDM deletes SQN derived in step 4 MS 。
Step 10
To ensure SQN HE The freshness check performed within the correct range fails. In step 10b, an authentication failure message is sent from the UE to the SEAF. The authentication failure message only indicates that the failure cause is synchronization failure, and does not indicate SQN MS . The SEAF forwards the failure message to the AUSF, which forwards it to the UDM, as shown in steps 10c and 10d, respectively. In step 10e, the UDM is based on the SQN retrieved in step 4 MS Initiate the resynchronization procedure and use SQN MS Updating SQN HE . The resynchronization procedure is similar to steps 5 to 9 and will not be described in detail here.
In this embodiment, to recover from a synchronization failure, the UDM relies on the SQN sent to it at an early stage of the authentication process before the UE detects the synchronization failure MS . When the synchronization fails, the UE only indicates the synchronization failure to the core network, and for SQN MS Remains silent. Thus, even if a fake challenge is sent to the UE, the SQN MS Nor will it leak.
UE requests service from the core network (example 2)
The UE in an idle state, such as a cm_idle (connection management idle) state or an rrc_idle (radio resource control idle) state, may initiate a service request procedure to transmit an uplink signaling message or user data, request an emergency service back-off, or as a response to a network paging request. An authentication procedure needs to be performed by the core network to authenticate the UE upon receipt of the service request. Similar to embodiment 1, in this embodiment, if the UE indicates a synchronization failure to the core network through an authentication failure message, the SQN is suppressed MS To prevent SQN MS Is hacked. Exemplary steps of this embodiment are shown in fig. 5.
Step 1
The UE initiates a service request by sending AN (access network) message to the access network. The access network may comprise a wireless access network or a wired access network. The AN message includes at least one of:
AN parameters;
service request comprising at least one of the following: a list of PDU sessions to be activated, a list of allowed PDU sessions, security parameters, PDU session status, 5G-S-TMSI, [ NAS message container ] ([ ] presentation parameters are optional), exemption indication;
AUTS; or (b)
·RAND MS 。
The UE may derive or obtain the AUTS and RAND in a similar manner to step 1 in embodiment 1 MS 。
Step 2
The AN sends the service request by sending AN N2 message to the AMF of the UE serving network. The N2 message includes at least one of:
n2 parameter;
a service request according to the service request parameters received from the UE in step 1;
AUTS; or (b)
·RAND MS 。
Step 3
The AMF initiates an authentication procedure with the UE home network by sending an authentication request message to the AUSF. The authentication request message includes AUTS and RAND MS And may also include the sui or SUPI of the UE and the SN name of the serving network.
Step 4
Step 4 includes further authentication interactions between the home network, the serving network and the UE. The details are similar to those of steps 5 to 10 of embodiment 1, and will not be described again.
Step 5
The UE is now authenticated by the core network and proceeds with subsequent service request procedures, e.g. establishing a signal connection with the AMF, to exchange signaling messages and establish the specific service requested by the UE.
UE registers with the core network (example 3)
Fig. 6 illustrates another exemplary logic flow for performing a UE registration and authentication procedure at a core network. Steps 1 to 15 in fig. 6 show specific exemplary steps of UE registration/authentication.
In this embodiment, upon receiving a registration request from the UE, the AMF/SEAF of the serving network stores the SQN MS . If there is a synchronization failure in the authentication process, the AMF/SEAF further updates the SQN after successful completion of the resynchronization MS . The following description is given by way of example of SEAF, but the same principles apply to AMF in SN or another core network element.
Step 1
UE generation of new random number RAND MS And retrieves the sequence number SQN MS . In some embodiments, this task may be performed by a Universal Subscriber Identity Module (USIM) of the UE. The sequence number may be selected as the highest value in the sequence number array consisting of previously accepted sequence numbers. Then, the UE performs the SQN MS And RAND (RAND) MS An authentication synchronization failure (AUTS) parameter is calculated. For example, AUTS parameters (hereinafter also referred to as AUTS) may be based on hidden SQNs MS ,SQN MS May be to SQN MS And RAND (RAND) MS The output of the exclusive or operation of (c). AUTS may also be based on Message Authentication Code (MAC) where it may be utilized in SQN MS And RAND (RAND) MS The MAC is encrypted as an input cryptographic function. In general, a MAC may be used to allow a recipient of a message to authenticate that the message is from an intended sender. In this disclosure, there is no limitation on how the AUTS parameters are calculated or encrypted.
The UE sends the signal with AUTS and RAND to the SEAF MS Is provided for a registration request message of (a). The registration request message may also include a sui (subscription hidden identifier) or a 5G-GUTI (5G globally unique temporary identifier) of the UE. It should be appreciated that SQN MS Using AUTS and RAND MS The derivation or retrieval may be performed using an inverse procedure, which corresponds to the manner in which the AUTS is generated.
In some embodiments, the UE may send the SQN MS Directly in the registration request message. Alternatively, the parameters of the transformation may be any of the transformed SQNs MS The conversion parameter may optionally be included in the registration request message.
Step 2
The UE stores the received AUTS and RAND from the UE MS 。
Alternatively, the SEAF may derive the SQN from the received registration request message based on, for example, the AUTS MS . The SEAF then stores the SQN MS And RAND (RAND) MS . Alternatively, the SEAF may store the converted parameters if they appear in the received registration request message.
Step 3
The SEAF sends an authentication request message to an AUSF belonging to a UE Home Network (HN). The authentication request message includes AUTS and RAND MS And may further include a sui or SUPI (subscription permanent identifier) of the UE, and an SN name of the serving network (serving network name).
Step 4
The AUSF forwards the content received from the authentication request message in step 2 to the UDM belonging to the HN of the UE in the authentication acquisition request message.
Step 5
UDM, e.g. using slave SQN MS Reverse process to generate AUTS, retrieving SQN from AUTS MS . Then, the UDM deletes the RAND MS And store the SQN MS . The UDM also un-conceals the sui by invoking its subscription identifier un-conceal function (SIDF) and selects the authentication method. Utilizing existing sequence numbers of the home environment (SQN HE Which corresponds to SQN MS ) A new 5G HE AV is generated.
By deleting RAND MS UDM reduces RAND MS Risk of leakage, thereby reducing RAND-based MS Is a risk of security attacks.
Step 6
The UDM transmits an authentication acquisition response message with the newly generated 5G HE AV to the AUSF.
Step 7
The AUSF creates a 5G SE AV based on the 5G HE AV and sends the 5G SE AV to the SEAF in a nausf_ueauthentication_authentication response message.
Step 8
SEAF derives a random number (RAND) and an authentication key (AUTN) from the 5G SE AV. Tool withIn the bulk, RAND may be in the form of an array of random bytes. AUTN includes a Message Authentication Code (MAC) that may be based on RAND and SQN HE Export, wherein SQN HE Can be derived from 5G HE AV. In some embodiments, the MAC may be RAND and SQN HE And (5) cascading. The SEAF then forwards the RAND and AUTN to the UE in an authentication request message. The authentication request message includes a challenge to the UE, and the AUTN may be used to prove the freshness and authenticity of the challenge.
Step 9
When receiving the authentication request message, the UE examines the MAC carried by the AUTN to verify the authenticity of the authentication request message. Assuming that the authenticity is verified, the UE further inspects the SQN HE Whether within the correct range to verify the freshness of the authentication request message. The correct range may be based on SQM MS 。
Based on the inspection result of the freshness in this step, step 9 or step 10 is performed.
Step 10
The freshness check in step 8 is successful. The UE and the UDM continue to complete the rest of the authentication procedure as shown in steps 9a, 9b and 9 c. In step 9c, the UE sequence number (i.e., SQN at UE end MS And SQN of UDM end HE ) Is synchronous, so when the authentication result is updated from AUSF to UDM, UDM deletes SQN derived in step 4 MS 。
Step 11
To ensure SQN HE The freshness check performed within the correct range fails. In step 10b, an authentication failure message is sent from the UE to the SEAF. The authentication failure message only indicates that the failure cause is synchronization failure, and does not indicate SQN MS . The SEAF forwards the failure message to the AUSF, which forwards it to the UDM, as shown in steps 10c and 10d, respectively. In step 10e, the UDM is based on the SQN retrieved in step 4 MS Initiate the resynchronization procedure and use SQN MS Updating SQN HE 。
Step 12
The UDM interacts with SEAF and UE to complete the resynchronization procedure, similar to steps 6 to 10 described above, and will not be repeated here.
Step 13
The UE authentication is successful. The SEAF sends a NAS security mode command message to the UE that includes a "request initial NAS message" flag.
Step 14
In response to the NAS security mode command message, the UE sends a NAS security mode complete message to the SEAF. NAS security mode complete messages are encrypted and integrity protected. In addition, the NAS security mode complete message includes the current SQN configured by the UE MS And RAND (RAND) MS Which may be stored in the USIM of the UE. Alternatively, the NAS security mode complete message may include the current RAND configured by the UE MS And a current AUTS based on the current SQN configured by the UE MS . Alternatively, the NAS security mode complete message may include parameters of the transition, which may be the current SQN MS Is a function of the conversion of any type of (1).
Step 15
Based on the parameters received in the NAS security mode complete message sent from the UE in step 14, SEAF updates the SQN MS And RAND (RAND) MS Or SEAF updates AUTS and RAND MS . In some implementations, if the received parameters include converted parameters, the SEAF also updates its local copy of the converted parameters.
In this embodiment, to recover from a synchronization failure, the UDM may rely on the SQN sent to it at an early stage of the authentication process before the UE detects the synchronization failure MS (or SQN) MS Such as AUTS). When the synchronization fails, the UE only indicates the synchronization failure to the core network, and for SQN MS Remains silent. Therefore, even if a fake challenge is sent to the UE, the SQN will not be compromised MS . Furthermore, when a registration request message is received from the UE, the SEAF stores the SQN MS And RAND (RAND) MS . After successful completion of the authentication procedure, the SEAF further requests the latest SQN from the UE MS And RAND (RAND) MS And update its SQN MS And RAND (RAND) MS Is a local copy of (c). In some embodiments, the SQN MS Can be presented in AUTS form or in any type of SQN MS Conversion forms. In one placeIn some embodiments, the SQN stored in the SEAF MS And RAND (RAND) MS May be used for subsequent procedures such as a UE service request procedure. The advantages and benefits of this embodiment become more apparent when combined with embodiment 4 described below.
UE requests service from the core network (example 4)
The UE in an idle state, such as a cm_idle state or an rrc_idle state, may initiate a service request procedure to send uplink signaling messages or user data, request emergency service back-off, or as a response to a network paging request. An authentication procedure needs to be performed by the core network to authenticate the UE upon receipt of the service request. In the authentication process, similar to embodiment 1, in the present embodiment, if the UE indicates a synchronization failure to the core network through an authentication failure message, the SQN is suppressed MS To prevent SQN MS Is hacked. In this embodiment, the SEAF/AMF of the SN saves the SQN MS (and/or AUTS, AUTS may be based on SQN MS Derived) and RAND MS Is a copy of (c). Thus, when the UE initiates a service request, the UE need not include the AUTS and RAND in the message MS Parameters. Exemplary steps of this embodiment are shown in fig. 7.
Step 1
The UE initiates a service request by sending AN (access network) message to the access network. The access network may comprise a wireless access network or a wired access network. The AN message includes at least one of:
AN parameters; or alternatively
Service request comprising at least one of the following: a list of PDU sessions to be activated, a list of allowed PDU sessions, security parameters, PDU session status, 5G-S-TMSI, [ NAS message container ], exemption indication;
in this step, the UE need not include the AUTS and RAN in the AN request MS Parameters.
Step 2
The AN sends the service request by sending AN N2 message to the AMF of the UE serving network. The N2 message includes at least one of:
n2 parameter; or alternatively
Service request according to the service request parameters received from the UE in step 1.
Step 3
The AMF initiates an authentication procedure with the UE home network by sending an authentication request message to the AUSF. The authentication request message includes AUTS and RAND stored in AMF MS And may also include the sui or SUPI of the UE and the SN name of the serving network. In some embodiments, if the AMF stores the SQN MS (instead of AUTS) and RAND MS The AMF may be based on SQN MS And RAND (RAND) MS AUTS is calculated.
Step 4
Step 4 includes further authentication interactions between the home network, the serving network and the UE. The details are similar to those of step 4 to step 15 in embodiment 3, and will not be described again.
Step 5
The UE is now authenticated by the core network and proceeds with subsequent service request procedures, e.g. establishing a signal connection with the AMF, to exchange signaling messages and establish the specific service requested by the UE.
In embodiment 4, among other benefits, when initiating a service request, the UE may rely on SEAF/AMF to provide SQM to the home network MS (or any type of SQN MS Conversion). In some embodiments, the UE and the SEAF/AMF may negotiate whether the SEAF/AMF is capable of providing SQNs MS Therefore the UE does not need to send SQN in the service request message MS . Furthermore, if the UE is not configured to send the SQN in the service request message MS SQN is then MS And still be protected from the aforementioned attacks.
In the above embodiment, in order to reduce the risk of the SQN of the UE leaking under attack, a procedure of authentication/registration of the UE in the core network is disclosed. Other procedures by which the UE requests service from the core network are also disclosed. Service network elements such as AMF or SEAF store and update SQN MS And RANDMS information that can be used for subsequent UE service requests. When initiating a service request, the UE can flexibly choose whether to include AUTS and RAND MS Parameters. When (when)The UE detects the synchronization failure in the authentication process, and the UE only needs to indicate the synchronization failure condition to the core network to perform resynchronization and perform SQN MS Keep silent.
The foregoing drawings and description provide specific example embodiments and implementations. The described subject matter may, however, be embodied in various different forms and, thus, the contemplated or claimed subject matter is not to be construed as limited to any example embodiments set forth herein. It is intended to provide a reasonably broad scope to the claimed or covered subject matter. Furthermore, for example, the subject matter may be embodied as methods, devices, components, systems, or non-transitory computer-readable media for storing computer code. Thus, embodiments may take the form of hardware, software, firmware, storage medium, or any combination thereof, for example. For example, the above-described method embodiments may be implemented by a component, apparatus, or system comprising a memory and a processor by executing computer code stored in the memory.
Throughout the specification and claims, the meaning of a term suggested or implied in the context may be slightly different in addition to the meaning explicitly set forth. Also, the phrase "in one embodiment/implementation" as used herein does not necessarily refer to the same embodiment, and the phrase "in another embodiment/implementation" as used herein does not necessarily refer to a different embodiment. For example, it is intended that claimed subject matter include all or a combination of some of the example embodiments.
Generally, the term may be understood, at least in part, through the use of context. For example, terms such as "and," "or," "and/or" as used herein may include a variety of meanings that may depend, at least in part, on the context in which such terms are used. Generally, if OR is used with an association list, such as A, B or C, it is intended to represent A, B and C for inclusion, and A, B or C for exclusive use. Furthermore, the term "one or more" as used herein, depending at least in part on the context, may be used to describe any feature, structure, or characteristic in the singular sense, or may be used to describe a combination of features, structures, or characteristics in the plural sense. Also, the terms "a," "an," or "the" and the like, as used herein, are to be construed as conveying either a singular usage or a plural usage, depending at least in part on the context. Furthermore, also depending at least in part on the context, the term "based on" may be understood as not necessarily intended to convey an exclusive set of factors, but may allow for the presence of additional factors that are not necessarily explicitly described.
Reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present solution should be or are in any single embodiment thereof. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment of the present solution. Thus, discussion of the features and advantages, and similar language, throughout this specification may, but do not necessarily, refer to the same embodiment.
Furthermore, the described features, advantages, and characteristics of the solution may be combined in any suitable manner in one or more embodiments. One of ordinary skill in the relevant art will recognize, in view of the description herein, that the present solution may be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the present solution.
Claims (19)
1. A method for authenticating a terminal device in a communication network comprising a home network corresponding to the terminal device and a serving network serving the terminal device, the method being performed by a serving network element belonging to the serving network, the method comprising:
receiving a registration request message initiated by the terminal device, initiating a registration procedure to register the terminal device with the communication network, wherein the registration request message comprises a parameter and a random number generated by the terminal device for authenticating the terminal device with the home network, and wherein the parameter corresponds to a sequence number configured by the terminal device;
storing the parameter and the random number; and
a first authentication request message is sent to a first home network element belonging to the home network, wherein the first authentication request message comprises the parameter and the random number.
2. The method of claim 1, further comprising:
sending a non-access stratum (NAS) security mode command message to the terminal device, where the NAS security mode command message includes a flag requesting the terminal device to send an initial NAS message;
receiving a NAS security mode complete message from the terminal device, wherein the NAS security mode complete message includes a current random number and a current parameter based on a current sequence number configured by the terminal device;
updating the random number based on the current random number; and
updating the parameters based on the current parameters.
3. The method of claim 2, wherein prior to sending the NAS security mode command message to the terminal device, the method further comprises:
receiving an authentication failure message from the terminal device indicating a synchronization failure, wherein the authentication failure message is triggered by the synchronization failure, the synchronization failure being associated with the registration procedure and detected by the terminal device; and
a second authentication request message is sent to the first home network element indicating the synchronization failure.
4. The method of claim 3, wherein,
after sending the first authentication request message to the first home network element, the method further comprises:
transmitting, by the first home network element, a first authentication acquisition request message to a second home network element belonging to the home network, wherein the first authentication acquisition request message comprises the parameter and the random number;
retrieving, by the second home network element, the sequence number from the parameter in the first authentication acquisition request message; and
after sending the second authentication request message to the first home network element indicating a synchronization failure, the method further comprises:
transmitting, by the first home network element, a second authentication acquisition request message to the second home network element; and
and initiating a resynchronization process with the terminal equipment according to the sequence number by the second home network unit.
5. The method of claim 4, wherein,
the serving network element comprises an AMF (access and mobility management function) or a SEAF (security anchor function);
the first home network element comprises an AUSF (authentication server function); and
the second home network element comprises a UDM (unified data management).
6. The method of claim 1, wherein the parameter comprises an authentication synchronization failure (AUTS) parameter.
7. A method for authenticating a service request initiated from a terminal device in a communication network comprising a home network corresponding to the terminal device and a service network serving the terminal device, the method being performed by a service network element belonging to the service network, the method comprising:
receiving a first service request message triggered by the terminal device requesting a service in the communication network; and
sending an authentication request message to a home network element belonging to the home network, wherein:
the authentication request message includes a parameter and a random number,
the random number and the parameter are generated by the terminal device and stored in the home network element, and
the parameter corresponds to a sequence number configured by the terminal device, the random number and the sequence number being used to authenticate the terminal device at the communication network of the terminal device.
8. The method of claim 7, wherein prior to receiving the first service request message, the method further comprises:
receiving a first message from the terminal device in the registration request process of the terminal device, wherein the first message comprises the random number and the parameter; and
storing the random number and the parameter.
9. The method of claim 8, wherein the first message comprises one of:
a registration request message; or alternatively
NAS security mode complete message.
10. The method of claim 7, wherein the first service request message comprises an N2 message sent from an access network node of the serving network.
11. The method of claim 7, wherein receiving the first service request message triggered by the terminal device requesting service in the communication network comprises:
receiving, by an access network node of the serving network, a second service request message from the terminal device requesting a service in the communication network; and
the first service request message is sent by the access network node to the serving network element.
12. The method of claim 11, wherein the first service request message includes the random number and the parameter, and wherein the second service request message includes the random number and the parameter.
13. The method of claim 7, wherein the authentication request message triggers the home network element to perform an authentication procedure to authenticate the terminal device in the communication network.
14. The method of claim 13, further comprising:
sending an NAS security mode command message to the terminal equipment, wherein the NAS security mode command message comprises a mark for requesting the terminal equipment to send an initial NAS message;
receiving a NAS security mode complete message from the terminal device, wherein the NAS security mode complete message includes a current random number and a current parameter based on a current sequence number configured by the terminal device;
updating the random number based on the current random number; and
updating the parameters based on the current parameters.
15. The method of claim 14, wherein prior to sending the NAS security mode command message to the terminal device, the method further comprises:
receiving an authentication failure message from the terminal device indicating a synchronization failure, wherein the authentication failure message is triggered by the synchronization failure, the synchronization failure being associated with the authentication procedure and detected by the terminal device; and
and sending a second authentication request message indicating the synchronization failure to the home network element.
16. The method of claim 7, wherein the serving network element comprises an AMF or SEAF, and wherein the home network element comprises an AUSF.
17. The method of claim 7, wherein the parameter comprises an aus parameter.
18. An apparatus comprising one or more processors, wherein the one or more processors are configured to implement the method of any of claims 1-17.
19. A computer program product comprising a non-transitory computer-readable program medium having computer code stored thereon, which when executed by one or more processors causes the one or more processors to implement the method of any of claims 1-17.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2021/079045 WO2022183427A1 (en) | 2021-03-04 | 2021-03-04 | Method, device, and system for protecting sequence number in wireless network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116530119A true CN116530119A (en) | 2023-08-01 |
Family
ID=83153838
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202180079138.3A Pending CN116530119A (en) | 2021-03-04 | 2021-03-04 | Method, device and system for protecting serial numbers in wireless network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116530119A (en) |
| WO (1) | WO2022183427A1 (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090259851A1 (en) * | 2008-04-10 | 2009-10-15 | Igor Faynberg | Methods and Apparatus for Authentication and Identity Management Using a Public Key Infrastructure (PKI) in an IP-Based Telephony Environment |
| CN101909052A (en) * | 2010-06-28 | 2010-12-08 | 中兴通讯股份有限公司 | Home gateway authentication method and system |
| CN107454045B (en) * | 2016-06-01 | 2020-09-11 | 宇龙计算机通信科技(深圳)有限公司 | Method, device and system for user IMS registration authentication |
| US10887295B2 (en) * | 2016-10-26 | 2021-01-05 | Futurewei Technologies, Inc. | System and method for massive IoT group authentication |
| US11330428B2 (en) * | 2017-05-08 | 2022-05-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Privacy key in a wireless communication system |
| CN109963281B (en) * | 2017-12-25 | 2021-05-11 | 华为技术有限公司 | Authentication method, device and system |
-
2021
- 2021-03-04 WO PCT/CN2021/079045 patent/WO2022183427A1/en active Application Filing
- 2021-03-04 CN CN202180079138.3A patent/CN116530119A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022183427A1 (en) | 2022-09-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106664561B (en) | System and method for securing pre-association service discovery | |
| US8397071B2 (en) | Generation method and update method of authorization key for mobile communication | |
| US20060059344A1 (en) | Service authentication | |
| CN108880813B (en) | Method and device for realizing attachment process | |
| CN112154624A (en) | User identity privacy protection for pseudo base stations | |
| US11082843B2 (en) | Communication method and communications apparatus | |
| CN101405987A (en) | Asymmetric cryptography for wireless systems | |
| US10582378B2 (en) | Message protection method, user equipment, and core network device | |
| WO2020207156A1 (en) | Verification method, apparatus, and device | |
| WO2018205148A1 (en) | Data packet checking method and device | |
| WO2021244509A1 (en) | Data transmission method and system, electronic device, and computer readable storage medium | |
| CN115004742A (en) | Method, device and system for anchor key generation and management for encrypted communication with service applications in a communication network | |
| CN110583036A (en) | Network authentication method, network equipment and core network equipment | |
| US20220303763A1 (en) | Communication method, apparatus, and system | |
| US20170078288A1 (en) | Method for accessing communications network by terminal, apparatus, and communications system | |
| WO2019007476A1 (en) | Secure communications using network access identity | |
| US10700854B2 (en) | Resource management in a cellular network | |
| WO2022067667A1 (en) | A method for preventing encrypted user identity from replay attacks | |
| US20230396602A1 (en) | Service authorization method and system, and communication apparatus | |
| CN112769568A (en) | Security authentication communication system and method in fog computing environment and Internet of things equipment | |
| WO2022067627A1 (en) | A method for preventing leakage of authentication sequence number of a mobile terminal | |
| CN116530119A (en) | Method, device and system for protecting serial numbers in wireless network | |
| WO2022067628A1 (en) | A method for preventing encrypted user identity from replay attacks | |
| WO2023142102A1 (en) | Security configuration update in communication networks | |
| WO2023082161A1 (en) | Secure information pushing by service applications in communication networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |