CN117081928A - Communication method and device - Google Patents
Communication method and device Download PDFInfo
- Publication number
- CN117081928A CN117081928A CN202210494964.0A CN202210494964A CN117081928A CN 117081928 A CN117081928 A CN 117081928A CN 202210494964 A CN202210494964 A CN 202210494964A CN 117081928 A CN117081928 A CN 117081928A
- Authority
- CN
- China
- Prior art keywords
- verifier
- vnf
- measurer
- network element
- metric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 201
- 238000000034 method Methods 0.000 title claims abstract description 104
- 230000006870 function Effects 0.000 claims description 117
- 238000005259 measurement Methods 0.000 claims description 91
- 230000015654 memory Effects 0.000 claims description 45
- 230000004044 response Effects 0.000 claims description 42
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 38
- 238000012545 processing Methods 0.000 description 28
- 230000000694 effects Effects 0.000 description 21
- 238000013461 design Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 14
- 230000002159 abnormal effect Effects 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 10
- 230000003993 interaction Effects 0.000 description 9
- OOXMVRVXLWBJKF-DUXPYHPUSA-N n-[3-[(e)-2-(5-nitrofuran-2-yl)ethenyl]-1,2,4-oxadiazol-5-yl]acetamide Chemical compound O1C(NC(=O)C)=NC(\C=C\C=2OC(=CC=2)[N+]([O-])=O)=N1 OOXMVRVXLWBJKF-DUXPYHPUSA-N 0.000 description 7
- 230000003068 static effect Effects 0.000 description 7
- 230000001960 triggered effect Effects 0.000 description 7
- 230000001976 improved effect Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000001360 synchronised effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 238000010295 mobile communication Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000000712 assembly Effects 0.000 description 3
- 238000000429 assembly Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 235000019800 disodium phosphate Nutrition 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 206010000210 abortion Diseases 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000012517 data analytics Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000008093 supporting effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides a communication method and a device, belongs to the technical field of communication, and aims to solve the problem that a verifier cannot determine whether a VNF is credible or not through a measurer. In the method, in the case that the first verifier determines whether the first network element is trusted by using the first measurer, if the first verifier cannot determine whether the first measurer is trusted, the first verifier may request a second verifier with higher security to measure the first measurer to determine that the first measurer is trusted. In this way, the first verifier measures the first network element, e.g. the VNF, by means of the trusted first measurer, and can determine whether the first network element is trusted.
Description
Technical Field
The present application relates to the field of communications, and in particular, to a communication method and apparatus.
Background
Network function virtualization (network functions virtualization, NFV) refers to the stripping of network functions (functions virtualization, NF) of traditional types of communication devices from their physical devices and then running on commercial off-the-shelf hosts (COTS) in the form of software, such as virtual network functions (virtual network function, VNF), to enable flexible deployment. On this basis, the VNF may be trusted verified by remote attestation (remote attestation) to ensure security. The remote attestation may include, among other things, a measurer (attest) and a verifier (verifier). The metrics may be deployed near the VNF as in one machine room to collect evidence of the VNF. The verifier may be deployed remotely to determine whether the VNF is trusted based on evidence of the VNF.
However, the measurers are typically deployed with VNFs, which may also be attacked if the VNF is attacked, resulting in the measurers also not being trusted. At this point, the verifier cannot determine whether the VNF is authentic by the measurer.
Disclosure of Invention
The embodiment of the application provides a communication method and a communication device, which are used for solving the problem that a verifier cannot determine whether a VNF is credible or not through a measurer.
In order to achieve the above purpose, the application adopts the following technical scheme:
in a first aspect, a communication method is provided. The method comprises the following steps: in the case where the first verifier determines whether to use the first metric to measure the first network element as trusted, the first verifier sends a first request to the second verifier and receives a first response returned by the second verifier for the first request. Wherein the first request is for requesting the second verifier to initiate a measurement of the first measurer, the second verifier having a security higher than that of the first measurer, the first response being for indicating that the first measurer is trusted. In this way, the first verifier measures whether the first network element is trusted using the first metric.
According to the method of the first aspect, in the case that the first verifier cannot determine whether the first measurer is trusted, the first verifier may request a second verifier with higher security to measure the first measurer to determine that the first measurer is trusted. In this way, the first verifier measures the first network element, e.g. the VNF, by means of the trusted first measurer, and can determine whether the first network element is trusted.
One possible design, the first verifier sending a first request to the second verifier, includes: the first verifier obtains addressing information of the first measurer and sends a first request containing the addressing information to the second verifier so that the second verifier can find the first measurer and measure it.
Optionally, the first verifier obtains addressing information of the first measurer, including: in case the first verifier is a functional network element, the first verifier obtains identification information of the first network element. For example, the first measurer is usually located in the virtualization layer, and the functional network element may not be able to perceive the existence of the virtualization layer, and thus cannot obtain the identification information of the first measurer. In this case, the functional network element may provide information of the service layer, such as identification information of the first network element related to the first measurer, so that the second verifier finds the first measurer through the first network element. Or, in the case that the first verifier is a functional network manager, the first verifier acquires at least one of the following: identification information of the first measurer or identification information of the first network element. That is, the functional network element may obtain information of the virtualization layer, such as identification information of the first measurer, or obtain information of the service layer, such as identification information of the first network element. Thus, the functional network element can selectively provide the related information, without limitation.
Further, in case the first verifier is a functional network element, the identification information of the first network element comprises an identification of the network function NF. It will be appreciated that since the functional network element may not be aware of the presence of the virtualization layer, the first network element is a function of the service layer, i.e. NF, for the functional network element, and thus the identity of NF may be obtained. Or, in case the first verifier is a functional network manager, the identification information of the first network element comprises an identification of the virtual network function VNF. It can be appreciated that, since the functional network manager can perceive the existence of the virtualization layer, the first network element is a function of the virtualization layer, i.e. the VNF, for the functional network element, and thus the identifier of the VNF can be obtained.
One possible design is where a first measurer is deployed in the business domain and a second verifier is deployed in the administrative domain. That is, the second verifier may be deployed in a more secure network environment than the first measurer to ensure that the second verifier is more secure than the first measurer.
In one possible implementation, before the first verifier sends the first request to the second verification function, the method of the first aspect may further include: the first verifier determines that the first metric is a trusted doubtful metric. That is, the first verifier triggers the measurement of the first measurer if it is not possible to determine whether the first measurer is authentic. Otherwise, if the first verifier determines that the first measurer is trusted, the first measurer can be directly used for measuring the first network element without triggering measurement on the first measurer, so that invalid measurement flow is avoided, and communication overhead is saved.
Optionally, the first measurer is a trusted doubtful measurer, which means that: the first metrology is either an untrimmed metrology or the first metrology is a metrology that has been measured and the metrology credential fails. That is, for a trusted first measurer, its trusted state is time-limited. If the time limit is exceeded, the first metric needs to be re-measured to further improve security.
A possible design, the first verifier determining whether the first network element is trusted using the first metric, includes: the first verifier receives the indication information from the second network element; the second network element is associated with the first network element, and the indication information is used for indicating the first verifier to initiate measurement on the first network element; the first verifier determines to use the first metric to measure the first network element according to the indication information. That is, the metric for the first network element may be triggered by other network elements, such as the second network element. For example, the second network element may trigger a metric for the first network element if it determines that communication with the first network element is abnormal. Therefore, the measurement can be triggered according to the requirement, so that invalid measurement flow is avoided, and communication overhead is saved.
Optionally, the indication information includes identification information of a first network element, the first verifier stores a correspondence between identification information of each of the testers and identification information of a network element associated with the tester, and determines to use the first tester to measure the first network element according to the indication information, including: the first verifier determines a first metric corresponding to the first network element according to the identification information and the corresponding relation of the first network element. That is, even if the second network element initiates measurement on a plurality of network elements at the same time, the first measuring device can find the measuring device corresponding to each network element according to the identification information and the corresponding relation of the network elements, thereby realizing synchronous measurement on the plurality of network elements and improving the measuring efficiency.
One possible design, the first verifier measures, using a first metric, whether the first network element is trusted, comprising: the first verifier sends a second request to the first verifier; the second request is used for requesting the first measurer to measure the first network element; the first verifier receives a second response returned by the first measurer for the second request; the second response includes metric evidence of the first network element; the first verifier determines whether the first network element is trusted based on the metric evidence of the first network element. It can be seen that the first measurer is mainly used for collecting measurement evidence, and the first verifier is mainly used for verifying measurement evidence, so that loads of the first measurer and the first verifier can be uniformly distributed, and overall operation efficiency is improved.
Optionally, the metric evidence of the first network element includes at least one of: the operation data of the first network element, or the communication data of the first network element. It can be seen that the operation data and the communication data of the first network element are data with different dimensions, so that the first network element is measured through a plurality of dimensions, and the accuracy of measurement is ensured.
In one possible design, after the first verifier receives the first response returned by the second verifier for the first request, the method further includes: the first verifier measures whether the third network element is trusted using the first metric. Under the condition that the first measurer is trusted, the first verifier can directly measure other network elements by using the first measurer without triggering the measurement of the first measurer, so that invalid measurement flow is avoided, and communication overhead is saved.
In a second aspect, a communication method is provided. The method comprises the following steps: the second verifier receives the first request from the first verifier and determines a second measurer associated with the first measurer according to the first request; the first request is for requesting the second verifier to initiate a measurement of a first measure, the first measure being a measure associated with the first verifier, the second measure being higher in security than the first measure. In this manner, the second verifier measures the first measure by the second measure, determines that the first measure is authentic, and sends a first response to the first verifier indicating that the first verifier is authentic.
A possible design, the second verifier measures the first measure by the second measure, determines that the first measure is authentic, including: the second verifier sends a third request to the second verifier and receives a third response returned by the second verifier for the third request. Wherein the third request is for requesting the second surveyor to measure the first surveyor and the third response includes the measure evidence of the first surveyor. In this manner, the second verifier determines that the first measure is authentic based on the measure evidence of the first measure. It can be seen that the second measurer is mainly used for collecting measurement evidence, and the second verifier is mainly used for verifying measurement evidence, so that loads of the second measurer and the second verifier can be uniformly distributed, and overall operation efficiency is improved.
Optionally, the metric evidence of the first metric includes, without limitation, operation data of the first metric, such as start-up data of the first metric, operation data in a memory of the first metric, and the like.
Optionally, the third request is used to instruct the second measurer to provide the measurement proof, or the second verifier may also provide the measurement proof by default, which is not limited.
In another possible design, the second verifier measures the first measure by the second measure, and determines that the first measure is authentic, including: the second verifier sends a third request to the second verifier and receives a third response returned by the second verifier for the third request. Wherein the third request is for requesting the second measurer to measure the first measurer, and the third response includes an endorsement result of the first measurer, the endorsement result being for indicating the second measurer to determine that the first measurer is trusted. In this way, the second verifier determines that the first measurer is authentic by verifying the endorsement result. That is, in the case that the second metrology person endorses the first metrology person, for example, the second metrology person provides an endorsement result for determining that the first metrology person is trusted, the second metrology person can determine that the first metrology person is trusted only by verifying the endorsement result, for example, by verifying whether the endorsement is tampered, so that the operation amount of the second metrology person can be reduced, and the operation efficiency can be improved.
Optionally, the third request is used to instruct the second measurer to provide an endorsement result, or the second verifier may also provide an endorsement result by default, which is not limited.
A possible design, the first request includes addressing information of the first measurer, and the second verifier determines, according to the first request, a second measurer associated with the first measurer, including: the second verifier determines the first metric from the addressing information of the first metric such that the second verifier determines the second metric from the first metric.
Optionally, the addressing information of the first measurer includes at least one of: the identification information of the first measurer or the identification information of the first network element associated with the first measurer.
Optionally, the identification of the first network element comprises an identification of the network function NF, or the identification information of the first network element comprises an identification of the virtual network function VNF.
One possible design is where a first metric is deployed at the software layer and a second metric is deployed at the hardware layer. That is, the second metrology may be deployed in a more secure hardware environment than the first metrology to ensure that the second metrology is safer than the first metrology.
Further, the other technical effects of the communication method described in the second aspect may refer to the technical effects of the communication method described in the first aspect, and are not described herein.
In a third aspect, a communication device is provided. The communication device includes: means for performing the communication method of the first aspect, such as a transceiver module and a processing module. The transceiver module may be used to implement a function of receiving and sending messages of the communication device according to the third aspect, and the processing module may be used to implement other functions of the communication device except for receiving and sending messages, which is not limited.
Alternatively, the transceiver module may include a transmitting module and a receiving module. Wherein, the sending module is used for realizing the sending function of the communication device according to the third aspect, and the receiving module is used for realizing the receiving function of the communication device according to the third aspect.
Optionally, the communication device according to the third aspect may further include a storage module, where the storage module stores a program or instructions. The processing module, when executing the program or instructions, enables the communication device to perform the communication method of the first aspect.
The communication apparatus according to the third aspect may be a network device, such as the first verifier, or may be a chip (system) or other components or assemblies that may be disposed in the network device, or may be an apparatus including the network device, which is not limited in this aspect of the present application.
Further, the technical effects of the communication apparatus according to the third aspect may refer to the technical effects of the communication method according to the first aspect, and will not be described herein.
In a fourth aspect, a communication device is provided. The communication device includes: modules, such as a transceiver module and a processing module, for performing the communication method according to the second aspect. The transceiver module may be used to implement a function of receiving and sending messages of the communication device according to the fourth aspect, and the processing module may be used to implement other functions of the communication device except for receiving and sending messages, which is not limited.
Alternatively, the transceiver module may include a transmitting module and a receiving module. The sending module is used for realizing the sending function of the communication device according to the fourth aspect, and the receiving module is used for realizing the receiving function of the communication device according to the fourth aspect.
Optionally, the communication device according to the fourth aspect may further include a storage module, where the storage module stores a program or instructions. The processing module, when executing the program or instructions, causes the communication device to perform the communication method described in the second aspect.
The communication apparatus according to the fourth aspect may be a network device, such as the second verifier, a chip (system) or other parts or components that may be disposed in the network device, or an apparatus including the network device, which is not limited in the present application.
Further, the technical effects of the communication apparatus according to the fourth aspect may refer to the technical effects of the communication method according to the second aspect, and will not be described herein.
In a fifth aspect, a communication device is provided. The communication device includes: a processor configured to perform the communication method of the first or second aspect.
In one possible configuration, the communication device according to the fifth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the fifth aspect to communicate with other communication devices.
In one possible configuration, the communication device according to the fifth aspect may further comprise a memory. The memory may be integral with the processor or may be separate. The memory may be used for storing computer programs and/or data related to the communication method according to the first or second aspect.
In the present application, the communication apparatus according to the fifth aspect may be a network device, or a chip (system) or other part or component that may be provided in the network device, or an apparatus including the network device.
Further, the technical effects of the communication apparatus according to the fifth aspect may refer to the technical effects of the communication method according to the first aspect or the second aspect, and are not described herein.
In a sixth aspect, a communication device is provided. The communication device includes: a processor coupled to the memory, the processor configured to execute a computer program stored in the memory to cause the communication device to perform the communication method of the first or second aspect.
In one possible configuration, the communication device according to the sixth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the sixth aspect to communicate with other communication devices.
In the present application, the communication apparatus according to the sixth aspect may be a network device, or a chip (system) or other part or component that may be provided in the network device, or an apparatus including the network device.
Further, the technical effects of the communication apparatus according to the sixth aspect may refer to the technical effects of the communication method according to the first aspect or the second aspect, and will not be described herein.
In a seventh aspect, there is provided a communication apparatus comprising: a processor and a memory; the memory is configured to store a computer program which, when executed by the processor, causes the communication device to perform the communication method of the first or second aspect.
In one possible configuration, the communication device according to the seventh aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the seventh aspect to communicate with other communication devices.
In the present application, the communication apparatus according to the seventh aspect may be a network device, or a chip (system) or other part or component that may be provided in the network device, or an apparatus including the network device.
Further, the technical effects of the communication apparatus according to the seventh aspect may refer to the technical effects of the communication method according to the first aspect or the second aspect, and will not be described herein.
An eighth aspect provides a communication apparatus comprising: a processor; the processor is configured to execute the communication method according to the first or second aspect according to the computer program after being coupled to the memory and reading the computer program in the memory.
In one possible configuration, the communication device according to the eighth aspect may further comprise a transceiver. The transceiver may be a transceiver circuit or an interface circuit. The transceiver may be for use in a communication device according to the eighth aspect to communicate with other communication devices.
In the present application, the communication apparatus according to the eighth aspect may be a network device, or a chip (system) or other parts or components that may be provided in the network device, or an apparatus including the terminal or the network device.
Further, the technical effects of the communication apparatus according to the eighth aspect may refer to the technical effects of the communication method according to the seventh aspect, and will not be described herein.
In a ninth aspect, a communication system is provided. The communication system comprises a first verifier according to the first aspect and a second verifier according to the second aspect.
In a tenth aspect, there is provided a computer readable storage medium comprising: computer programs or instructions; the computer program or instructions, when run on a computer, cause the computer to perform the communication method of the first or second aspect.
In an eleventh aspect, there is provided a computer program product comprising a computer program or instructions which, when run on a computer, cause the computer to perform the communication method of the first or second aspect.
Drawings
FIG. 1 is a schematic diagram of a 5G system architecture;
FIG. 2 is a schematic flow chart of remote attestation;
FIG. 3 is a schematic diagram of the architecture of NFV;
FIG. 4 is a schematic diagram of an architecture of a remote attestation based NFV;
fig. 5 is a schematic diagram of a communication system according to an embodiment of the present application;
fig. 6 is a schematic diagram of a second architecture of the communication system according to the embodiment of the present application;
fig. 7 is a schematic flow chart of a communication method according to an embodiment of the present application;
fig. 8 is a second flow chart of a communication method according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 10 is a schematic diagram of a communication device according to an embodiment of the present application.
Detailed Description
The technical terms according to the embodiments of the present application will be described first.
1. Fifth generation (5th generation,5G) mobile communication system
Fig. 1 is a schematic architecture diagram of a 5G system, as shown in fig. 1, where the 5G system includes: AN Access Network (AN) and a Core Network (CN), and may further include: and (5) a terminal.
The terminal may be a terminal having a transceiver function, or a chip system that may be provided in the terminal. The terminal may also be referred to as a User Equipment (UE), an access terminal, a subscriber unit (subscriber unit), a subscriber station, a Mobile Station (MS), a remote station, a remote terminal, a mobile device, a user terminal, a wireless communication device, a user agent, or a user device. The terminals in embodiments of the present application may be mobile phones (mobile phones), cellular phones (cellular phones), smart phones (smart phones), tablet computers (pads), wireless data cards, personal digital assistants (personal digital assistant, PDAs), wireless modems (modems), handheld devices (handsets), laptop computers (lap computers), machine type communication (machine type communication, MTC) terminals, computers with wireless transceiving functions, virtual Reality (VR) terminals, augmented reality (augmented reality, AR) terminals, wireless terminals in industrial control (industrial control), wireless terminals in unmanned aerial vehicle (self driving), wireless terminals in smart grid (smart grid), wireless terminals in transportation security (transportation safety), wireless terminals in smart city (smart city), wireless terminals in smart home (smart home), roadside units with functions, RSU, etc. The terminal of the present application may also be an in-vehicle module, an in-vehicle part, an in-vehicle chip, or an in-vehicle unit built in a vehicle as one or more parts or units.
The AN is used for realizing the function related to access, providing the network access function for authorized users in a specific area, and determining transmission links with different qualities according to the level of the users, the service requirements and the like so as to transmit user data. The AN forwards control signals and user data between the terminal and the CN. The AN may include: an access network device, which may also be referred to as a radio access network device (radio access network, RAN) device.
The RAN device may be a device that provides access to the terminal. For example, the RAN device may include a gNB in a New Radio (NR) system, or one or a group (including multiple antenna panels) of base stations in the 5G, or may also be a network node, such as a baseband unit (building base band unit, BBU), or a Centralized Unit (CU) or a Distributed Unit (DU), an RSU with a base station function, or a wired access gateway, or a core network element of the 5G, constituting the gNB, a transmission point (transmission and reception point, TRP or transmission point, TP), or a transmission measurement function (transmission measurement function, TMF). Alternatively, the RAN device may also include an Access Point (AP) in a wireless fidelity (wireless fidelity, wiFi) system, a wireless relay node, a wireless backhaul node, various forms of macro base stations, micro base stations (also referred to as small stations), relay stations, access points, wearable devices, vehicle devices, and so on. Alternatively, the RAN apparatus may further include: the next generation mobile communication system, such as a 6G access network device, such as a 6G base station, or in the next generation mobile communication system, the network device may have other naming manners, which are covered by the protection scope of the embodiments of the present application, which is not limited in any way.
The CN is mainly responsible for maintaining subscription data of the mobile network and providing session management, mobility management, policy management, security authentication and other functions for the terminal. The CN mainly comprises the following network elements: user plane function (user plane function, UPF) network elements, authentication service function (authentication server function, AUSF) network elements, access and mobility management function (access and mobility management function, AMF) network elements, session management function (session management function, SMF) network elements, network slice selection function (network slice selection function, NSSF) network elements, network opening function (network exposure function, NEF) network elements, network function warehousing function (NF repository function, NRF) network elements, policy control function (policy control function, PCF) network elements, unified data management (unified data management, UDM) network elements, unified data storage (unified data repository, UDR), application function (application function, AF) network elements, and billing function (charging function, CHF) network elements.
Wherein the UPF network element is mainly responsible for user data processing (forwarding, receiving, charging, etc.). For example, the UPF network element may receive user data from a Data Network (DN), which is forwarded to the terminal through the access network device. The UPF network element may also receive user data from the terminal through the access network device and forward the user data to the DN. DN network elements refer to the operator network that provides data transmission services for subscribers. Such as the internet protocol (internet protocol, IP) Multimedia Services (IMS), the internet, etc. The DN may be an external network of the operator or a network controlled by the operator, and is configured to provide service to the terminal device.
The AUSF network element is mainly used for executing security authentication of the terminal.
The AMF network element is mainly used for mobility management in a mobile network. Such as user location updates, user registration networks, user handoffs, etc.
The SMF network element is mainly used for session management in a mobile network. Such as session establishment, modification, release. Specific functions are, for example, assigning internet protocol (internet protocol, IP) addresses to users, selecting a UPF that provides a message forwarding function, etc.
The PCF network element mainly supports providing a unified policy framework to control network behavior, provides policy rules for a control layer network function, and is responsible for acquiring user subscription information related to policy decision. The PCF network element may provide policies, such as quality of service (quality of service, qoS) policies, slice selection policies, etc., to the AMF network element, SMF network element.
The NSSF network element is mainly used to select network slices for the terminal.
The NEF network element is mainly used for supporting the opening of capabilities and events.
The UDM network element is mainly used for storing subscriber data, such as subscription data, authentication/authorization data, etc.
The UDR network element is mainly used for storing structured data, and the stored content includes subscription data and policy data, externally exposed structured data and application related data.
The AF network element mainly supports interactions with the CN to provide services, such as influencing data routing decisions, policy control functions or providing some services of a third party to the network side.
2. Remote attestation (remote attestation) technique
In recent years, as the number of embedded systems, network physical systems, and internet of things devices has greatly increased, many scenes such as home, office, factory, etc. of daily life have been involved in these systems or devices. These systems or devices can access the internet to provide corresponding network services to users, but at the same time expand the attack area of the attacker. For example, an attacker's malware may affect its security or steal private data when the drive of these systems or devices is upgraded. Alternatively, an attacker's malware may also turn these systems or devices into "zombie" devices, i.e., being maliciously manipulated as a source of distributed denial of service (distributed denial of service, DDoS) attacks. However, due to cost, size, and power, security is not generally a priority for these systems or devices, making it difficult to achieve self-protection against attacks.
In this case, we can verify the security of these systems or devices by remote attestation techniques to determine if they are under attack. Remote attestation includes a measurer (attest) and a verifier (verifier). The measurers and verifiers may be separate, e.g., the measurers may be deployed on the system or device side and the verifiers may be deployed remotely. The verifier may request that the metrology person perform a metrology of these systems or devices to obtain evidence (authentication). The verifier may verify the security of these systems or devices based on these proofs. The following is a detailed description.
FIG. 2 is a schematic diagram of a remote attestation process, as shown in FIG. 2, including:
s201, the verifier sends a challenge message to the measurer. Accordingly, the metrist accepts the challenge message from the challenger.
The challenge message may carry the request information. The request information is used to request the metrology party to perform a metrology, such as requesting the metrology party to perform a metrology of the system or device. The challenge message may also carry a random number uniquely corresponding to the current metric. The random number is used for the surveyor's metric usage.
S202, the measurer performs measurement.
The metrist may take the evidence needed for the metric from the system or device as described above based on the challenge message. For example, the measurer may acquire programs or files inside the systems or devices, etc., and calculate hash values corresponding to the programs or files according to random numbers.
S203, the measurer sends a response message to the verifier. Accordingly, the verifier receives the response message of the measurer.
The response message may be used to indicate that the metric is complete. The response message may carry the hash value described above.
S204, the verifier executes verification.
The verifier may compare the hash value in the response message with a preset hash value of the system or device described above. If the hash value in the response message is the same as the preset hash value of the system or device, it indicates that the program or software of these systems or devices has not been tampered with, so that the verifier can determine that these systems or devices are trusted devices, i.e. determine that verification passed. If the hash value in the response message is different from the preset hash value of the system or device, the program or software representing the system or device may be tampered with, so that the verifier can determine that the system or device is an untrusted device, i.e., determine that verification has failed.
3. Network function virtualization (network functions virtualization, NFV)
NFV refers to the stripping of network functions of a traditional type of communication device from its physical device and then running in software on a commercial off-the-shelf (COTS) host. IT can also be said that NFV is a Virtual entity (Virtual Instance) implemented by a virtualization technology in the borrowed internet technology (internet technology, IT), and a communication technology (conmmunication technology, CT) service of a conventional communication device is deployed on the Virtual entity. The virtual entity may be a Virtual Machine (VM) or a container (container), or any other possible virtualized functional entity, which is not specifically limited.
FIG. 3 is a schematic diagram of the architecture of the NFV, as shown in FIG. 3, which includes: network function virtualization infrastructure (network functions virtualization infrastructure, NFVI), virtual network functions (virtual network function, VNF), network element management system (element management system, EMS), management, automation, and network orchestration (management and orchestration, MANO).
Wherein NFVI may be used to provide virtual resources for VNF. NFVI includes hardware resources such as hardware's network, computing, storage, etc. devices. And, NFVI also includes software resources, such as a virtualization layer (virtualization layer) in which a virtual machine manager (hypervisor) or container management system may be included. The virtualization layer may virtualize hardware resources as virtual resources, e.g., virtual network, computing, storage, etc., functions for use by the VNF.
The EMS and the VNF are generally in a one-to-one correspondence, so as to configure and manage functions of the VNF.
The VNF is a virtualized NF. The VNF may be used to provide network services such as data forwarding, file sharing, directory services and IP configuration, etc. The VNF may be in the form of application software, i.e. an application software providing network services. The VNF may be deployed in a VM or a container. Taking a VM as an example, one VNF may be deployed onto one or more VMs, i.e. the one or more VMs may together provide the one VNF. The VNF may also be understood as NF in the operator network, as the operator network may not be aware of the VNF. In this case, if the VNF provides different network services, the NF morphology may also be different. For example, if the VNF provides a data transfer service, the NF may be a UPF network element; if the VNF provides mobility management services, the NF may be an AMF network element; if the VNF provides session management services, the NF may be an SMF network element; if the VNF provides policy management services, the NF may be a PCF network element, and so on. In the embodiment of the present application, the VNF may have an independent identifier (identifier), for example, an identifier of the VNF, to directly identify the VNF. Alternatively, the VNF may not have a separate identity, and the VNF may be indirectly identified by other identities associated with the VNF. For example, the identification of one or more VMs may be used to indirectly identify VNFs provided by the one or more VMs, or the identification of NFs may also be used to indirectly identify corresponding VNFs. It will be appreciated that VNF is NF for traffic, since traffic may not be able to perceive VNF.
The MANO may provide a framework for managing NFVI and VNF, e.g., the MANO may include: network function virtualization orchestrators (network functions virtualization orchestrator, NFVO), virtualization infrastructure management (virtualized infrastructure management, VIM), and virtual network function managers (network functions virtualization manager, VNFM).
NFVO is used for deployment and management of network services (network services), and coordinates deployment and management of VNFs according to network services. The NFVO may interface with an operations support system (operations support system, OSS) or a traffic support system (business support system, BSS) to obtain a traffic description of the network traffic. NFVO can deploy and manage corresponding network traffic according to the traffic description. Such as creating network traffic, managing the lifecycle of network traffic, and so forth. NFVO may coordinate VIM and VNFM deployment or manage the corresponding VNFs according to network traffic.
VNFM is used to deploy or manage the corresponding VNF. For example, the VNFM may obtain virtual network function descriptors (virtualized network function descriptor, VNFD) from the NFVO to add VNFs, delete VNFs, find VNFs, or manage VNFs according to the VNFD, such as status monitoring and adjustment of VNFs.
The VIM is configured to control the NFVI to provide corresponding virtual resources for the VNF. For example, the VIM may control the NFVI to provide corresponding virtual resources for the deployment or management of the VNF according to the NFVO schedule. The VIM may be a cloud platform, e.g., an open source cloud platform, such as OpenStack, or a commercial cloud platform, such as VMWare.
4. VNF security scheme based on remote attestation
FIG. 4 is a schematic diagram of an architecture of a remote attestation-based NFV, as shown in FIG. 4, where a verifier may be deployed in a MANO and a metrist may be deployed in a virtualization layer of the NFVI. NFV typically belongs to a service-based architecture (service based architecture, SBA) architecture, e.g. network elements or functions within NFV may communicate based on a third generation partnership project (3rd generation partnership project,3GPP) protocol, whereas a meter and a verifier typically do not belong to an SBA architecture, e.g. communication between a meter and a verifier is typically based on a european telecommunications standards institute (european telecommunications standards institute, ETSI) protocol, so that a profile and attestation checking function (profile and attestation check function, PACF) may also be deployed between a VNF and a verifier for enabling communication between the VNF and the verifier by protocol conversion. Based on this, 3 GPP-Security Association (security association, SA) 3#105e-213897 generally defines the implementation flow of a remote attestation-based VNF security scheme, as follows.
The measurement flow may be triggered by a certain service, for example, the NRF may trigger the PACF to initiate measurement traffic to a certain customer (customer) NF after receiving a registration request message for that customer NF. The PACF may send the verifier a measurement policy, along with a description of the network elements being measured, such as untrusted (untrusted) VNs. The verifier may request that the measurer measure various data of the untrusted VNF to obtain corresponding evidence. The verifier may verify the proof to arrive at a metric conclusion (attestation results) and send the metric conclusion to the PACF. The PACF may convert the metric conclusion from the ETSI protocol to the 3GPP protocol and send the converted metric conclusion to a relying party (VNF). As such, the relying party VNF may take subsequent actions based on the metrics conclusion. For example, the relying party VNF is an NRF, which may restrict an untrusted NF from registering with the network if the metrics are abnormal.
It will be appreciated that since the NFVI is typically co-located with the physical location of the VNF, e.g. deployed in a machine room. In this case, if the VNF is attacked, the NFVI may also be attacked as well, resulting in the same unreliability of the metrics deployed on the NFVI. At this time, the verifier still cannot prove whether the untrusted VNF is trusted or not according to the evidence provided by the measurer, and the measurement cannot be completed.
In summary, in order to solve the above technical problems, the embodiments of the present application provide a technical solution to avoid the problem that evidence provided by a measurer still cannot prove whether an untrusted VNF is trusted. The technical scheme of the application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various communication systems, such as a wireless fidelity (wireless fidelity, wiFi) system, a vehicle-to-object (vehicle to everything, V2X) communication system, an inter-device (D2D) communication system, a vehicle networking communication system, a fourth generation (4th generation,4G) mobile communication system, such as a long term evolution (long term evolution, LTE) system, a worldwide interoperability for microwave access (worldwide interoperability for microwave access, wiMAX) communication system, a 5G, such as a New Radio (NR) system, a future communication system, and the like.
The present application will present various aspects, embodiments, or features about a system that may include a plurality of devices, components, modules, etc. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, combinations of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplary," "for example," and the like are used to indicate an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion.
In the embodiment of the present application, "information", "signal", "message", "channel", and "signaling" may be used in a mixed manner, and it should be noted that the meaning of the expression is matched when the distinction is not emphasized. "of", "corresponding" and "corresponding" are sometimes used in combination, and it should be noted that the meanings to be expressed are matched when the distinction is not emphasized. Furthermore, references to "/" in this disclosure may be used to indicate an "or" relationship.
The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
To facilitate understanding of the embodiments of the present application, a communication system suitable for use in the embodiments of the present application will be described in detail with reference to the communication system shown in fig. 5. Fig. 5 is a schematic diagram of a communication system to which the communication method according to the embodiment of the present application is applicable.
As shown in fig. 5, the communication system may be applied to the above 5G system, and mainly includes at least one of the following: VNF, VNF Verifier (virtual network function-Verifier, V-Verifier), VNF measurer (virtual network function-attest, V-attest), hardware measurer (Hardware-attest, H-attest), hardware Verifier (Hardware-Verifier, H-Verifier).
Specific implementation of the VNF may refer to the above related description and will not be repeated. The VNF may be one or more, such as VNF1, VNF2, … VNFn, n being an integer greater than or equal to 1.
The VNF measurers are mainly used to measure the VNF to obtain corresponding evidence (authentication) for verifying whether the VNF is trusted. The VNF measurers may be one or more, such as VNF measurer 1, VNF measurer 2, … VNF measurer m, m being an integer greater than or equal to 1. One VNF measurer may measure the trustworthiness of one or more VNFs.
The VNF verifier is mainly used to verify whether the VNF is trusted or not based on evidence provided by the VNF measurer. The VNF verifier may verify the VNF locally or also request the remote server to verify the VNF, without limitation. The VNF verifier may be a functional network element or a network manager, without limitation.
The hardware metrics may be used to metric or endorse VNF metrics. Metrics may refer to: the hardware metrics measure the VNF metrics to obtain corresponding evidence and provide the evidence to the hardware verifier. Endorsements may refer to: after obtaining the corresponding evidence, the hardware measurer may verify whether the VNF measurer is trusted according to the evidence, thereby providing the hardware verifier with the measurement result of whether the VNF measurer is trusted. The hardware measure may be one or more, such as hardware measure 1, hardware measure 2, …, hardware measure x, where x is an integer greater than or equal to 1. One hardware measurer may measure or endorse the trustworthiness of one or more VNF measurers.
The hardware verifier may be used to provide the VNF verifier with a measurement result of whether the VNF measurer is trusted or not. For example, the hardware verifier may verify whether the VNF measurer is trusted based on evidence provided by the hardware measurer, thereby providing the VNF verifier with a measurement result of whether the VNF measurer is trusted. Alternatively, the hardware verifier may provide the VNF verifier with a measurement result of whether the VNF measurer is trusted or not according to the endorsement of the hardware measurer
In the embodiment of the application, the VNF measurers are typically deployed in an environment capable of measuring VNFs, so as to implement the measurement on the VNFs. It may be appreciated that if the VNF measurers are deployed within the VNF, the VNF measurers may not have the authority to measure the VNF. Thus, the deployment of VNF measurers in an environment capable of measuring VNFs generally refers to the deployment of VNF measurers outside the VNFs. The VNF measurers need to be deployed in layers or domains with the hardware measurers, that is, the VNF measurers and the hardware measurers are deployed in different layers or different domains respectively, so as to be isolated from each other in a deployment environment, and ensure the security of the measurement. The hardware metrics may be deployed at a layer or domain that is more secure than the VNF metrics.
Wherein different domains may refer to networks of different functions, e.g. the management network and the service network are different domains, the management network may also be referred to as management domain, and the service network may also be referred to as service domain. One domain may include different layers and the layers may be in a bearing relationship. For example, one domain may include: a hardware layer, a system layer, and an application layer. The security is from high to low, and is a hardware layer, a system layer and an application layer in sequence. At this time, the system layer may be carried on the hardware layer, and the application layer may be carried on the system layer.
VNF authenticators are typically deployed in an environment capable of communicating with the VNF such that the VNF authenticators can manage the VNF, such as initiate metrics for the VNF. The VNF measurers need to be deployed in layers or domains with the hardware measurers, that is, the VNF measurers and the hardware measurers are deployed in different layers or different domains respectively, so as to be isolated from each other in a deployment environment, and ensure the security of the measurement.
It will be readily appreciated that the communication system is described below in connection with a specific scenario.
As shown in fig. 6 (a), the deployment environment of the communication system includes a service domain and a management domain. VNF1, VNF2, … VNFn are deployed in the intra-service virtual machine layer, or VNF layer. One or more of VNFs 1, 2, … VNFn may act as VNF validators, i.e. the VNF validators may be multiple, to enable flexible deployment. The VNF measurers may be application 1 deployed in a system layer, also referred to as a virtualization layer, such as a Hypervisor or Host OS, within the traffic domain. The hardware measurer may be a chip, and is deployed in a hardware layer in a service domain, such as system hardware, firmware (firmware), a basic input output system (basic input output system, BIOS), an Operating System (OS), and the like. The hardware verifier may be an application 2 deployed within a administrative domain, such as MANO software of the administrative domain.
Alternatively, as shown in (b) of fig. 6, the deployment environment of the communication system includes a service domain and a management domain. VNF1, VNF2, … VNFn are deployed in the intra-service domain virtual machine layer. The VNF measurers and VNF validators may be deployed in a merged deployment, e.g., for application 1, in a system layer within the traffic domain, e.g., in a Hypervisor or Host OS. The hardware metrics and hardware verifiers may be deployed in combination, e.g., as chips, in the hardware of the administrative domain.
Alternatively, as shown in fig. 6 (c), the deployment environment of the communication system includes a service domain and a management domain. VNF1, VNF2, … VNFi are deployed in service domain virtual machine layer 1, vnfi+1, VNF i+2, … VNF n are deployed in service domain virtual machine layer 2, i is any integer between 1 and n. The virtual machine layer 1 and the virtual machine layer 2 are different application layers, that is, VNF1, VNF2, … VNFi, vnfi+1, VNF i+2, … VNFn can be isolated from each other to ensure safety. One or more of VNFs 1, 2, … may act as VNF validators, and similarly one or more of vnfi+1, VNF i+2, … VNFn may act as VNF validators. On this basis, VNF measurers may include VNF measurers 1 and VNF measurers 2.VNF measurer 1 may be an application 1 deployed in a system layer 1 of a service domain, such as Hypervisor1 or Host OS1, for measuring VNFs within virtual machine layer 1. VNF measurer 2 may be an application 2 deployed in a system layer 2 of a service domain, such as Hypervisor2 or Host OS2, for measuring VNFs within virtual machine layer 2. The system layer 1 and the system layer 2 are different system layers, that is, the VNF measurer 1 and the VNF measurer 2 can be isolated from each other to ensure safety. The hardware measurer and the hardware verifier may be deployed in a combined manner, such as in the application program 3, where the application program 3 may be a software with high trusted execution capability, such as a trusted module (vTPM) implemented by software, antivirus software, or a program with a biometric function, and the like, deployed in an operating system of a remote device in the administrative domain.
In the embodiment of the present application, before the VNF verifier triggers the VNF measurer to measure a certain untrusted VNF, the VNF verifier may request the hardware verifier to measure the VNF measurer. At this point, the hardware verifier may trigger the higher-security hardware measurer to measure or endorse the relatively lower-security VNF measurer, so as to provide the VNF verifier with a measurement result of whether the VNF measurer is trusted. At this time, if the measurement result indicates that the VNF measurer is trusted, the VNF verifier may trigger the VNF measurer to measure a certain untrusted VNF to verify whether the VNF is trusted. Otherwise, if the measurement result indicates that the VNF measurer is not trusted, the VNF verifier aborts the flow. That is, the VNF verifier uses the VNF measurer to verify an untrusted VNF based on determining that the VNF measurer is trusted to ensure that evidence provided by the VNF measurer can prove whether the untrusted VNF is trusted.
It is understood that VNF measurers trustworthiness may indicate that the VNF measurers may not have security risks. For example, the VNF measurer is a VNF measurer that performs security initiation, i.e., the operation procedure and initiation order of the VNF measurer are both performed according to a predetermined plan, the procedure of the VNF measurer is not tampered with, or the procedure operation index of the VNF measurer is within an expected range, etc. Similarly, VNF trust may indicate that the VNF may not have security risks. For example, the VNF is a VNF measurer that performs secure startup, i.e., the operation program and startup order of the VNF are both executed according to a predetermined schedule, the program of the VNF is not tampered with, or the program operation index of the VNF is within an expected range, and so on.
Furthermore, VNF validators and VNF measurers are typically deployed in an operator network to facilitate management and maintenance of VNFs by the operator network, but not by way of limitation. For example, VNF validators may be deployed in operator networks, VNF measurers in third party networks, or NFVI domains of public cloud platforms. In addition, the hardware verifier and the hardware measurer may be deployed in an operator network, or may be deployed in a third party network, such as an application network, without limitation.
It will be appreciated that VNF measurers, VNF validators, hardware measurers, and hardware validators are one exemplary naming that may be conveniently expressed for embodiments of the present application, and may be replaced with any other possible naming. For example, the VNF measurers may also be referred to as virtualized root of trust (virtual root of trust, VRoT), first measurers, or first metric functions, the VNF authenticators may also be referred to as first authenticators or first authentication functions, the hardware measurers may also be referred to as root of trust (RoT), second measurers, or second metric functions, and the hardware authenticators may also be referred to as second authenticators or second metric functions, without limitation.
It is to be understood that, in the following, the interaction procedure between each network element/function in the above-mentioned communication system will be specifically described by way of a method embodiment in conjunction with fig. 7 to 8.
The communication method provided by the embodiment of the application can be applied to the communication system, and is specifically applied to various scenes mentioned in the communication system, and is specifically described below.
Fig. 7 is a schematic flow chart of a communication method according to an embodiment of the present application. The communication method is applicable to the communication system, and is mainly applicable to communication among a VNF measurer, a VNF verifier, a hardware measurer and a hardware verifier. The VNF measurers may be one or more VNF measurers, for example, VNF measurers 1, VNF2, … VNFn, where n is an integer greater than or equal to 1, and each of the VNF measurers is deployed in one or more system layers. The VNF verifier, the hardware metrics, and the hardware verifier may be one to reduce solution complexity. The VNF measurers, VNF validators, hardware measurers, and deployment manners of hardware measurers may refer to the related descriptions in the above communication system, and will not be repeated.
Specifically, as shown in fig. 7, the flow of the communication method is as follows:
s700, the customer function (customer function, CF) triggers the VNF verifier to measure the VNF.
Wherein the CF may be a network function/element/device of various forms. In one possible way, the CF may be a network manager within the operator's network, such as a resource monitor. The CF may periodically trigger the VNF verifier to measure the VNF according to a policy pre-configured by the operator network. Alternatively, the CF may monitor the state of the VNF to trigger the measurement of the VNF by the VNF verifier based on the state of the VNF, e.g. the VNF is in a high load state for a long time. In another possible manner, the CF may be a functional network element in the operator network, and the CF may trigger measurement of the VNF according to the service flow execution situation. For example, the CF is an SMF network element, the VNF is a PCF network element, and if the SMF network element fails to subscribe to the PCF network element for multiple times, the SMF network element may trigger the VNF verifier to measure the PCF network element.
The CF may send a first message to the VNF verifier, the first message being usable to trigger the VNF verifier to initiate the metrics for the VNF. For example, the first message may be any possible message, without limitation. The first message may include identification information of the VNF. The first message may trigger the VNF verifier to initiate the measurement on the VNF through the message type or the identification information of the VNF carried by the first message. Alternatively, the first message may also carry an additional cell, by which the VNF verifier is triggered to initiate the measurement of the VNF.
The VNF identification information may be used to directly identify the VNF, e.g., the VNF identification information may include an Identifier (ID) of the VNF. Alternatively, the identification information of the VNF may be used to indirectly identify the VNF, e.g., the identification information of the VNF may include an identification of an NF corresponding to the VNF. It is understood that the identification information of the VNF, in particular, whether the VNF is identified or NF may depend on the CF capabilities. For example, if the CF's capabilities are able to support the functionality that the CF perceives to the virtual machine layer, i.e. the CF pre-configures the identity of the VNF, the CF provides the identity of the VNF. If the CF's capability supports the function that the CF perceives the service layer, but cannot perceive the function of the virtual machine layer, that is, the CF pre-configures the identity of the NF corresponding to the VNF, but does not configure the identity of the VNF, the CF provides the identity of the NF. Furthermore, the VNF may not have an identity, in which case the CF may also provide the VNF verifier with an identity of the NF to which the VNF corresponds. For example, in 5GC, the identity of the UDM network element at the service layer, i.e. the identity of the UDM network element, is 00111. However, the UDM network element is deployed through virtualization, and the identifier of the corresponding VNF in the NFVI is ab247a8cb. At this time, the CF is a functional network element, and the CF may pre-configure the identity of the VNF, thereby providing the identity of the VNF, i.e. ab247a8cb, to the VNF verifier. Alternatively, if the CF does not pre-configure the identity of the VNF, the CF may provide the identity of the UDM network element to the VNF verifier, 00111.
Optionally, the identification information of the VNF may further include at least one of: the machine room number of the VNF, the host number of the VNF, or the operating system number on the host of the VNF, etc. are used to locate the VNF, e.g. to locate the deployment location of the VNF, which may also be referred to as description information of the VNF or location information of the VNF. That is, since VNF metrics corresponding to the VNF may be disposed in the same physical location as in a machine room or on the same host, the VNF verifier can also address the VNF metrics corresponding to the VNF according to the identification information of the VNF.
It is understood that the CF may trigger metrics for multiple VNFs at the same time. In this case, the execution logic of the CF is similar for each VNF, and reference is made to the above understanding, and no further description is given.
Further, S700 is an optional step, e.g. the CF and the VNF verifier may be combined, i.e. the VNF verifier may contain functionality of the CF, and the VNF verifier may trigger metrics for the VNF itself.
S701, the VNF verifier determines that the VNF measurer is a trusted VNF measurer or that the VNF measurer is a trusted and suspected VNF measurer.
Wherein, the trusted VNF measurers refer to: the VNF measurer is a trusted VNF measurer that is measured or a trusted VNF measurer that is measured and the measurement credential is not stale, i.e., the VNF verifier determines that the VNF measurer is trusted. The reliable and suspected VNF measurers refer to: the VNF measurer is an unmeasured measurer, or the VNF measurer is a VNF measurer that has been measured and the measurement credentials fail, i.e., the VNF verifier does not determine whether the VNF measurer is trusted.
Specifically, the VNF verifier may determine, according to the identification information of the VNF, a VNF metric corresponding to the VNF.
The VNF verifier may locate the VNF according to the identification information of the VNF, and find a VNF metric at a deployment location of the VNF. For example, the identification information of the VNF includes a host number 1, and the VNF verifier may find, according to the host number 1, that the host corresponding to the host number 1 has the VNF metric 1 deployed thereon. Or, the VNF verifier is preconfigured with a correspondence between the identification information of the VNF and the identification information of the VNF measurer. The identifying information of the VNF measurer may be used to identify the VNF measurer, and may be used for the subsequent hardware verifier to find the hardware measurer corresponding to the VNF measurer according to the identifying information of the VNF measurer, and specific reference may be made to S702, which is not described herein. The identification information of the VNF measurers may include an identification of the VNF measurers. The identity of the VNF measurers may be an identity assigned to the VNF measurers by the operator network for the operator network to distinguish between different VNF measurers. Descriptive information of VNF measurers. Optionally, the identification information of the VNF measurers may further include at least one of: the machine room number of the VNF measurer, the host number of the VNF measurer, the operating system number on the host of the VNF measurer, the identifier of the VNF corresponding to the VNF measurer, the identifier of the NF corresponding to the VNF, etc. are used to locate the VNF measurer, for example, to locate the deployment location of the VNF measurer, which may also be referred to as the description information of the VNF measurer or the location information of the VNF measurer. The VNF verifier may traverse the correspondence according to the information of the VNF, thereby finding a VNF metric corresponding to the VNF.
For example, one example of the above correspondence relationship may be as shown in table 1 below.
TABLE 1
It will be appreciated that the above described approaches are only a few examples, as a limitation. For example, the VNF verifier may also determine the VNF metric in combination with locating and traversing the correspondence. For example, the identification information of the VNF includes a host number 2, and the VNF verifier may find, according to the host number 2, that the host corresponding to the host number 2 has the VNF metric 2 deployed thereon. And, the VNF verifier may also traverse the correspondence according to the identification information of the VNF to determine VNF measurers 2 and 3. Thus, the VNF verifier eventually determines that the VNF measurer that needs verification is VNF measurer 2.
After determining the VNF measurer corresponding to the VNF, the VNF verifier may determine, through security credentials or measurement records, or any other possible manner, whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer, which will be described in detail below.
In one possible approach, the VNF verifier may determine whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer based on the security credentials. The security credentials may be security credentials, i.e. measurement credentials, issued by the VNF verifier or the hardware verifier for a trusted VNF measurer. For example, after triggering a hardware verifier to initiate a measurement on a certain VNF measurer, the hardware verifier or the VNF verifier issues a security credential to the VNF measurer if it is determined that the VNF measurer is trusted, otherwise, does not issue a security credential. The security credentials may not be time-efficient, i.e. if a security credential is issued for a certain trusted VNF measurer, it indicates that the VNF measurer is subsequently trusted. That is, if the VNF measurer has security credentials, it indicates that the VNF measurer is a trusted VNF measurer that is being measured. If the VNF measurer does not have the security credentials, it indicates that the VNF measurer is an unexecuted VNF measurer, i.e., a trusted and suspected VNF measurer. Alternatively, the security credential may also be time-efficient, e.g., 1 day, 1 week, or 1 month, etc., to indicate that the VNF measurer to which the security credential corresponds is trusted for the duration of time, i.e., the VNF measurer is a trusted VNF measurer that has been measured and that the measurement credential has not failed. If this period of time is exceeded, the VNF measurer is not trusted and needs to re-measure. That is, the VNF measurers are those that are measured and the measurement credentials fail. Furthermore, the security credentials may be stored on the VNF verifier or the hardware verifier, associated with information of the VNF measurer. The previous trigger metrics may be whether the VNF metrics are trusted CF different from the CF of the present trigger. In the case where security credentials are stored by default on the VNF verifier, the VNF verifier may determine whether the VNF measurer has security credentials, e.g., determine whether information of the VNF measurer is associated with the security credentials. If the information of the VNF measurer is not associated with the security credentials, indicating that the VNF measurer does not have the security credentials, the VNF verifier may trigger the hardware verifier to initiate the measurement of the VNF measurer, performing S702-S706. If the information of the VNF measurer is associated with the security credentials, it indicates that the VNF measurer has the security credentials. In this case, if the security credential is not time-efficient, the VNF measurer is not required to be measured, and S707-S711 are performed. Alternatively, if the security credential is time-efficient, the VNF measurer may also determine whether the security credential is valid. If the security credentials are valid, then the VNF measurer need not be measured, and S707-S711 are performed. If the security credentials fail, the VNF measurer needs to be measured again, S702-S706 are performed.
In the case where security credentials are stored by default on the hardware verifier, the VNF verifier may request that the hardware verifier determine, based on the security credentials, whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer. The VNF verifier may provide the hardware verifier with the identification information of the VNF measurer, and the hardware verifier may perform a similar judgment as the VNF verifier according to the identification information of the VNF measurer, and the specific description may be referred to above and will not be repeated. Thereafter, the hardware verifier may indicate to the VNF verifier whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer. Of course, the hardware verifier may also provide the security credentials of the VNF measurers to the VNF verifier, so that the VNF verifier can determine whether the VNF measurers are trusted VNF measurers or trusted suspected VNF measurers by itself, and the specific implementation may refer to the related description and will not be repeated. In this case, if the VNF verifier times out and does not obtain the security credentials of the VNF measurer provided by the hardware verifier, the VNF verifier determines that the VNF measurer is a trusted and suspected VNF measurer.
Of course, in the case where the VNF verifier or the hardware verifier may store the security credentials, if the VNF verifier determines that the VNF measurer does not have the security credentials, the VNF verifier may also request the hardware verifier to determine whether the VNF measurer is trusted, and the specific implementation may refer to the related description and will not be repeated.
In another possible manner, the VNF verifier may determine whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer from the measurement records of the VNF measurers. For example, the metric record of a VNF measurer may be stored on a VNF verifier or a hardware verifier and associated with information of the VNF measurer.
In the case where the metric record is stored on the VNF verifier by default, the VNF verifier may determine whether the VNF measurer has the metric record, e.g., determine whether information of the VNF measurer is associated with the metric record. If the information of the VNF measurer is not associated with the measurement record, it indicates that the VNF measurer has not measured, i.e. the VNF measurer is a trusted and suspected VNF measurer. In this case, the VNF verifier may trigger the hardware verifier to initiate a measurement on the VNF measurer, performing S702-S711. If the information of the VNF measurer is associated to the measurement record, it indicates that the VNF measurer is a trusted VNF measurer, and S707-S711 are performed without measuring again.
In the case where the metric records are stored on the hardware verifier by default, the VNF verifier may request the hardware verifier to determine, from the metric records, whether the VNF measurer is a trusted VNF measurer or a trusted suspected VNF measurer. The VNF verifier may provide the hardware verifier with the identification information of the VNF measurer, and the hardware verifier may perform a similar judgment as the VNF verifier according to the identification information of the VNF measurer, and the specific description may be referred to above and will not be repeated.
Of course, in the case that the VNF verifier or the hardware verifier may store the metric record, if the VNF verifier determines that the VNF verifier does not have the metric record, the VNF verifier may also request the hardware verifier to determine, according to the metric record, whether the VNF verifier is a trusted VNF verifier or a trusted and suspected VNF verifier, and the specific implementation may also refer to the related description and will not be repeated.
It should be noted that if the VNF verifier is a network element with network management authority, such as a functional network manager, the VNF verifier may obtain each item of information in the identification information of the VNF measurer. In this case, the VNF verifier may use any one or more items of information of the identification information of the VNF measurer to characterize the VNF measurer, i.e., use the information to perform the processing logic described above with respect to the VNF measurer. If the VNF verifier is a network element without network management authority, such as a functional network element, the VNF verifier may not obtain relevant information of the virtualization layer because the VNF verifier cannot perceive the existence of the virtualization layer, such as the identification of the VNF measurer in the identification information of the VNF measurer, because the VNF measurer is generally located in the virtualization layer. In this case, the VNF verifier may use information other than the identity of the VNF measurer in the identity information of the VNF measurer to characterize the VNF measurer, e.g., the identity of NF, i.e., use the information to perform the processing logic described above with respect to the VNF measurer.
It may be appreciated that S701 is an optional step, e.g. the VNF verifier triggers the measurement of the VNF measurer by default, in which case S701 is not performed.
S702, the VNF verifier requests the hardware verifier to initiate a measurement on the VNF measurer.
Wherein the VNF verifier may send a second message to the hardware verifier. The second message may be used to request the hardware verifier to initiate a metric for the VNF measurer. For example, the second message may be any possible message, without limitation. The second message may include identification information of the VNF measurer. The second message may request the hardware verifier to initiate the measurement on the VNF measurer through the message type or the identification information of the VNF measurer carried by the second message. Alternatively, the first message may also carry an additional cell by which the hardware verifier is requested to initiate the measurement of the VNF measurer.
For the VNF verifier, if the VNF verifier is a network element with network management authority, such as a functional network manager, the VNF verifier may choose to carry any one or more items of information in the identification information of the VNF measurer in the second message, which is not limited. If the VNF verifier is a network element, such as a functional network element, that does not have network management authority, the VNF verifier defaults to carrying the identification information of the VNF measurer, such as the identification of NF, in the second message.
For the hardware verifier, after receiving the second message, the hardware verifier may determine, according to the identification information of the VNF measurer, a hardware measurer corresponding to the VNF measurer.
Specifically, the hardware verifier may locate the VNF measurers according to the identification information of the VNF measurers, and find the hardware measurers at the deployment location of the VNF measurers. For example, the identification information of the VNF measurer includes a host number 1, and the hardware verifier may find that the host corresponding to the host number 1 has the hardware verifier 1 deployed thereon according to the host number 1. Or, the hardware verifier is preconfigured with a correspondence between the identification information of the hardware measurer and the identification information of the VNF measurer. The hardware verifier may traverse the correspondence according to the identification information of the VNF measurer, thereby finding the hardware measurer corresponding to the VNF measurer. For example, one example of the correspondence relationship may be as shown in table 2 below.
TABLE 2
It will be appreciated that the above described approaches are only a few examples, as a limitation. For example, the hardware verifier may also determine the hardware measure by combining the positioning and traversing the corresponding relationship, and the specific implementation may refer to the related description of the VNF verifier and will not be repeated.
It should be noted that, since the hardware verifier is typically deployed in a third party network, the hardware verifier may not be able to identify an identity within the operator network, such as an identity of the VNF measurer. In this case, the hardware verifier may determine the hardware measurer corresponding to the VNF measurer according to other information in the identification information of the VNF measurer, such as an machine room number, a host number, and the like. Further, if the hardware measurer is one, the hardware verifier performs S703 by default after receiving the second message.
S703, the hardware verifier requests the hardware measurer to measure or endorse the VNF measurer.
Wherein the hardware verifier may send a third message to the hardware measure. The third message may be used to request the hardware verifier to measure or endorse the VNF measurer. For example, the third message may be any possible message, without limitation. The third message may include an identification of the VNF measurer. The third message may request, through a message type or an identity of the VNF measurer carried by the third message, that the hardware measurer measure or endorse the VNF measurer. Alternatively, the third message may also carry an additional cell by which the hardware measurer is requested to measure or endorse the VNF measurer.
Optionally, the third message may further include a policy indicated by the hardware verifier, which may be a metric or endorsement. That is, the hardware measurers may determine whether to measure or endorse the VNF measurers according to the indication of the policy. Where the policy indicated by the hardware verifier is a metric or endorsement, may depend on the capabilities of the hardware verifier. For example, if the hardware metrics' computational power is relatively strong, the hardware verifier may indicate that the policy is endorsed. If the computational power of the hardware verifier is relatively poor, the hardware verifier may indicate the policy as a metric. Alternatively, whether the policy indicated by the hardware verifier is a metric or endorsement may also depend on the management policy of the management domain or the security level set by the management domain to the traffic domain. For example, in the case where the security level is high, a metric is employed. In case of a low security level, endorsements are used. Of course, if the third message does not include a policy indicated by the hardware verifier, the hardware verifier may default to metric or endorse the VNF measurer.
S704, the hardware measurer measures or endorses the VNF measurer.
The hardware measurer may check the relevant processes, files, memories, etc. of the VNF measurer to obtain corresponding evidence. For example, the evidence may include operational data of the VNF measurers, e.g., may include at least one of: the layer-by-layer startup data of the VNF measurers, the memory data list of the VNF measurers, the system resource change sequence of the VNF measurers when running, or any other possible data, etc., are not limited. Wherein the layer-by-layer initiation data of the VNF measurer may be a sequence of hash values. For example, each layer of the VNF measurer may record a corresponding hash value, and multiple layers of the VNF measurer are sequentially started, e.g., from the BIOS to the application layer, to obtain the hash value sequence, which is used to indicate the layer-by-layer startup order of the VNF measurer. The in-memory data list of VNF measurers may be: the VNF measurers are the locations in memory of the programs. The sequence of system resource changes at the runtime of the VNF measurers may be: the occupancy of the memory and/or central processing unit (central processing unit, CPU) of the VNF measurer.
If the policy is a metric, the hardware metric may provide the hardware verifier with these pieces of evidence, i.e., execute S705. If the policy is endorsement, the hardware metrics determine an endorsement result based on the evidence that can be used to instruct the hardware metrics to determine whether the VNF metrics are trusted. For example, the hardware metrics may determine whether at least one of the following matches: whether the layer-by-layer starting sequence of the VNF measurer is matched with a preset layer-by-layer starting sequence, whether the positions of the programs of the VNF measurer in the memory are matched at preset positions, or whether the occupancy rate of the memory and/or the CPU of the VNF measurer is matched with a preset occupancy rate. In case any of the above at least one items do not match, the hardware metrics may determine that the VNF metrics are not trusted, performing S705. Alternatively, in the case where at least one of the above items matches, the hardware measurer may determine that the VNF measurer is authentic, and S705 is performed.
It should be understood that the above determination methods are merely examples, and are not limiting. For example, the hardware metrics may also determine that the VNF metrics are not trusted if none of the at least one items match. Alternatively, the hardware metrics may also determine that the VNF metrics are trusted if any of the at least one items do not match.
S705, the hardware metrics provide evidence or endorsement results to the hardware verifier.
Wherein the hardware metrics may send a fourth message to the hardware verifier. The fourth message may be used to provide evidence or endorsement results to the hardware verifier. For example, the fourth message may be any possible message, without limitation. The fourth message may include evidence of the VNF measurer, or metric evidence of the VNF measurer, which may be used to indicate whether the VNF measurer is trusted. That is, if the policy is a metric, the hardware metrics may encapsulate evidence of VNF metrics into a fourth message. If the policy is endorsement, the hardware metrics may generate a corresponding endorsement result according to whether the VNF metrics are trusted, sign the endorsement result, and then encapsulate the endorsement result into a fourth message.
For the hardware verifier, if the fourth message includes evidence of the VNF measurer, the hardware verifier may further determine a measurement result of the VNF measurer according to the evidence of the VNF measurer, where the measurement result may be used to instruct the hardware verifier to determine whether the VNF measurer is trusted, and a specific principle is similar to that of the hardware measurer, and will not be described herein. If the fourth message includes an endorsement result of the VNF measurer, the hardware verifier may verify whether the signature of the endorsement result is valid. At this point, if the signature of the endorsement result is valid, the hardware verifier may determine a metric result for the VNF measurer, and the metric result may be used to instruct the hardware verifier to determine that the VNF measurer is authentic. If the signature of the endorsement result is invalid, such as tampered with, the hardware verifier may determine a metric result for the VNF measurer, and the metric result may be used to instruct the hardware verifier to determine that the VNF measurer is not trusted.
S706, the hardware verifier provides the measurement result to the VNF verifier.
Wherein the hardware verifier may send a fifth message to the VNF verifier. The fifth message may be used to indicate whether the VNF measurer is trusted. For example, the fifth message may be any possible message, without limitation. The fifth message may include: the result of the VNF metric, and the identification information of the VNF metric, such as the identification of the VNF metric. Thus, when the VNF verifier receives the fifth message, it may determine whether the VNF verifier is trusted according to the measurement result of the VNF verifier and the identification information of the VNF measurement. If the VNF measurer is trusted, the VNF verifier triggers S707-S711 to implement the measurement of the VNF corresponding to the VNF measurer. If the VNF measurer is not trusted, the flow ends.
S707, the VNF verifier requests the VNF verifier to initiate a measurement of the VNF.
Wherein the VNF verifier may send a sixth message to the VNF measurer. The sixth message may be used to request the VNF for the measurement. For example, the sixth message may be any possible message, without limitation. The sixth message may include identification information of the VNF. The sixth message may request, through a message type or identification information of the VNF carried by the sixth message, that the VNF measurer initiate measurement on the VNF. Alternatively, the sixth message may also carry an additional cell to request the VNF measurer to initiate the measurement of the VNF via the cell.
S708, the VNF measurer initiates the measurement of the VNF.
The VNF measurer may obtain corresponding operation data from a VM in which the VNF is located, or a system layer in which the VNF is located, such as a Host OS, and may also be referred to as operation data of the VNF, which is recorded as first evidence. For example, the first evidence may include at least one of: network traffic data, memory and/or CPU occupancy, or any other possible data, etc., are not limited.
Optionally, the VNF measurer may also obtain interaction data inside the SBA architecture, which may also be referred to as internal interaction data of the VNF, from the VNF, such as from a traffic module inside the VNF, and record the second evidence. For example, the second evidence may include at least one of: the derivation of the key, the storage and update record, the signature of the key file, the signature of the key code, or any other possible data, etc., are not limited.
Optionally, the VNF measurer may also obtain interaction data between the VNF measurer and the network from the network side of the VNF, such as an access side network manager, and may also be referred to as external interaction data of the VNF, which is denoted as third evidence. For example, the third evidence may include at least one of: the number of abnormal situations, the number of service alarms, or any other possible data during transmission is not limited.
The external interaction data of the VNF and the internal interaction data of the VNF may also be understood as interaction data of the VNF or communication data of the VNF, which is not limited in particular. Furthermore, the first evidence, the second evidence, and the third evidence may be understood as static evidence and dynamic evidence. For example, the static evidence may include at least one of: the signature of the key file, the signature of the key code, or any other possible static data, etc., is not limited. Dynamic evidence may include at least one of: the network traffic data, the memory and/or CPU occupancy, deduction of the key, storage and update records, number of abnormal situations during transmission, number of service alarms, any other possible dynamic data, etc., are not limited.
S709, the VNF measurer provides evidence to the VNF verifier.
The VNF measurer may send a seventh message to the VNF verifier. The seventh message may be used to provide evidence to the VNF verifier. For example, the seventh message may be any possible message, such as a attestation response message, or an attestation notification message, which is not particularly limited. The seventh message may include: the identification of the VNF, and evidence obtained by the VNF measurer, e.g., includes at least one of: first evidence, second evidence, or third evidence, i.e., static evidence and dynamic evidence.
S710, the VNF verifier determines whether the VNF is authentic.
After receiving the seventh message, the VNF verifier may determine whether the VNF is trusted according to the evidence acquired by the VNF measurer. For example, the VNF verifier may determine whether at least one of the following matches: whether the signature of the key file is matched with the signature of the preset file, whether the signature of the key code is matched with the signature of the preset code, whether the network traffic data is matched with the preset traffic data, whether the memory and/or CPU occupancy is matched with the preset occupancy, deduction of a secret key, whether a storage and update record is matched with the preset record, whether the abnormal condition number of times in transmission is matched with the preset number of times, or whether the service warning number of times is matched with the preset number of times. If the number of data that does not match is greater than or equal to the preset number, the VNF verifier may determine that the VNF is not trusted. If the number of data that do not match is less than the preset number, the VNF verifier may determine that the VNF is authentic. The preset number may be set according to actual requirements, which is not limited.
S711, the VNF verifier performs alerting.
If the VNF verifier determines that the VNF is not trusted, the VNF verifier may perform an alert. For example, the VNF verifier may perform at least one of the following: the operator administrator or machine room network manager is notified, an alarm is raised for NFVI infrastructure, the VNF is recorded as untrusted, or any other possible operation, in a detection record or log, such as in a detection record of MANO or a log of a remote attestation system, without limitation.
It is understood that S711 is an optional step, for example, the VNF verifier determines that the VNF is authentic, and S711 is not performed.
In summary, the technical scheme provided by the embodiment of the application has the following technical effects:
1) By measuring or endorsing a VNF measurer with relatively low security by a hardware measurer with relatively high security, it may be determined whether the VNF measurer is trusted. Thus, in the case that the VNF measurer is trusted, the VNF verifier uses the VNF measurer to verify that an untrusted VNF is trusted to ensure that the evidence provided by the VNF measurer can prove whether the untrusted VNF is trusted.
2) Since the VNF measurers and VNF verifiers may be deployed within the operator network, the operator network may facilitate management and maintenance of the VNF measurers and VNF verifiers, such as configuring/updating policies of the VNF measurers, configuring/updating preset parameters for verifying whether the VNF is trusted, and so on.
3) For a trusted VNF measurer, the VNF verifier may not trigger the measurement of the VNF measurer any more, so as to avoid executing a redundancy flow, reduce equipment overhead, and improve operation efficiency.
4) The CF may initiate metrics for multiple VNFs simultaneously, which may improve the metrics efficiency and implement efficient metrics.
The flow of the communication method provided by the embodiment of the application under a specific scene is described in detail above with reference to fig. 7. The overall flow of the communication method is described below in connection with fig. 8.
Fig. 8 is a second schematic flow chart of a communication method according to an embodiment of the present application. The communication method is suitable for communication among a first verifier, a first measuring person, a second verifier and a second measuring person. The first verifier may be the VNF verifier, the first measurer may be the VNF measurer, the second verifier may be the hardware verifier, and the second measurer may be the hardware measurer.
As shown in fig. 8, the flow of the communication method is as follows:
s801, the first verifier sends a first request to the second verifier. The second verifier receives a first request from the first verifier.
Wherein the first verifier may send a first request to the second verifier in case it is determined whether the first network element (VNF described above) is trusted using the first authenticator (or the first authenticator associated with the first verifier).
The security of the second verifier may be higher than the security of the first measurer. For example, a first verifier is deployed in a business domain and a second verifier is deployed in a management domain. That is, the second verifier may be deployed in a more secure network environment than the first measurer to ensure that the second verifier is more secure than the first measurer.
The first request (the second message described above) may be used to request the second verifier to initiate a measurement on the first verifier. For example, the first request may include addressing information of the first measurer (the identification information of the VNF measurer described above). The first verifier obtains addressing information of the first measurer and sends a first request containing the addressing information to the second verifier so that the second verifier can find the first measurer and measure the first measurer.
Optionally, in case the first verifier is a functional network element, such as a network data analysis function (network data analytics function, NWDAF) network element, the first verifier obtains identification information of the first network element. For example, the first measurer is usually located in the virtualization layer, and the functional network element may not be able to perceive the existence of the virtualization layer, and thus cannot obtain the identification information of the first measurer. In this case, the functional network element may provide information of the service layer, such as identification information of the first network element related to the first measurer, so that the second verifier finds the first measurer through the first network element. Alternatively, in the case where the first verifier is a functional network management, such as element management (element management, EM) or operation management operation and maintenance (operation administration and maintenance, OAM) in NFV, the first verifier acquires at least one of: identification information of the first measurer or identification information of the first network element. That is, the functional network element may obtain information of the virtualization layer, such as identification information of the first measurer, or obtain information of the service layer, such as identification information of the first network element. Thus, the functional network element can selectively provide the related information, without limitation. On the basis of this, in case the first verifier is a functional network element, the identification information of the first network element comprises an identification of the network function NF. It will be appreciated that since the functional network element may not be aware of the presence of the virtualization layer, the first network element is a function of the service layer, i.e. NF, for the functional network element, and thus the identity of NF may be obtained. Or, in case the first verifier is a functional network manager, the identification information of the first network element comprises an identification of the virtual network function VNF. It can be appreciated that, since the functional network manager can perceive the existence of the virtualization layer, the first network element is a function of the virtualization layer, i.e. the VNF, for the functional network element, and thus the identifier of the VNF can be obtained.
In addition, the specific implementation of S801 may refer to the related description in S702, which is not described herein.
S802, the second verifier determines a second measuring person associated with the first measuring person according to the first request.
Wherein the second verifier may determine the first metric from the addressing information of the first metric such that the second verifier determines the second metric from the first metric. The security of the second measure is higher than the security of the first measure. The first measure is deployed at the software layer and the second measure is deployed at the hardware layer. That is, the second metrology may be deployed in a more secure hardware environment than the first metrology to ensure that the second metrology is safer than the first metrology.
In addition, the specific implementation of S802 may refer to the related description in S702, which is not described herein.
S803, the second verifier determines that the first measurer is authentic by measuring the first measurer with the second measurer.
In one possible embodiment, the second verifier sends a third request (the third message) to the second verifier and receives a third response (the fourth message) returned by the second verifier to the third request. Wherein the third request is for requesting the second surveyor to measure the first surveyor and the third response includes the measure evidence of the first surveyor. In this manner, the second verifier determines that the first measure is authentic based on the measure evidence of the first measure. It can be seen that the second measurer is mainly used for collecting measurement evidence, and the second verifier is mainly used for verifying measurement evidence, so that loads of the second measurer and the second verifier can be uniformly distributed, and overall operation efficiency is improved.
Optionally, the metric evidence of the first metric includes, without limitation, operation data of the first metric, such as start-up data of the first metric, operation data in a memory of the first metric, and the like. For example, the operational data of the first metrology person may include at least one of: information such as load occupancy rate of the processor, storage sequence of the internal memory, storage occupancy rate of the storage space and the like. The second verifier may verify whether the operation data are within a preset baseline value range, and if the operation data are not within the baseline value range, the operation data are abnormal, such as may be tampered, that is, the working state of the first measurer may be abnormal, and the first measurer is not trusted. Otherwise, if the operation data are within the baseline range, the operation data are normal, that is, the operation state of the first measurer is normal, and the first measurer is trusted. Optionally, the third request is used to instruct the second measurer to provide the measurement proof, or the second verifier may also provide the measurement proof by default, which is not limited.
Alternatively, in another possible design, the second verifier may send a third request (the third message described above) to the second verifier and receive a third response (the fourth message described above) returned by the second verifier to the third request. Wherein the third request is for requesting the second measurer to measure the first measurer, and the third response includes an endorsement result of the first measurer, the endorsement result being for indicating the second measurer to determine that the first measurer is trusted. In this way, the second verifier determines that the first measurer is authentic by verifying the endorsement result. That is, in the case that the second metrology person endorses the first metrology person, for example, the second metrology person provides an endorsement result for determining that the first metrology person is trusted, the second metrology person can determine that the first metrology person is trusted only by verifying the endorsement result, for example, by verifying whether the endorsement is tampered, so that the operation amount of the second metrology person can be reduced, and the operation efficiency can be improved.
Optionally, the third request is used to instruct the second measurer to provide an endorsement result, or the second verifier may also provide an endorsement result by default, which is not limited.
In addition, the specific implementation of S803 may refer to the related descriptions in S703-S705, which are not described herein.
S804, the second verifier sends the first response to the first verifier. The first verifier receives a first response returned by the second verifier for the first request.
The first response (the fifth message) may be used to indicate that the first verifier is trusted, and the specific implementation may also refer to the related description in S706, which is not repeated.
S805, the first verifier measures, using the first metric, whether the first network element is trusted.
Wherein the first verifier may send a second request (the sixth message described above) to the first measurer; the second request is used for requesting the first measurer to measure the first network element; the first verifier receives a second response (the seventh message) returned by the first measurer for the second request; the second response includes metric evidence of the first network element; the first verifier determines whether the first network element is trusted based on the metric evidence of the first network element. It can be seen that the first measurer is mainly used for collecting measurement evidence, and the first verifier is mainly used for verifying measurement evidence, so that loads of the first measurer and the first verifier can be uniformly distributed, and overall operation efficiency is improved.
Optionally, the metric evidence of the first network element includes at least one of: the operation data of the first network element, or the communication data of the first network element. It can be seen that the operation data and the communication data of the first network element are data with different dimensions, so that the first network element is measured through a plurality of dimensions, and the accuracy of measurement is ensured. For example, the operation data of the first network element may include at least one of the following: information such as load occupancy rate of the processor, storage sequence of the internal memory, storage occupancy rate of the storage space and the like. The first verifier may verify whether the operation data are within a preset baseline value range, and if the operation data are not within the baseline value range, the operation data are abnormal, such as may be tampered, that is, the working state of the first network element may be abnormal, and the first network element is not trusted. Otherwise, if the operation data are within the baseline range, the operation data are normal, that is, the working state of the first network element is normal, and the first network element is trusted.
In addition, the specific implementation of S803 may refer to the related descriptions in S707 to S711, which are not described herein.
In summary, in the case that the first verifier cannot determine whether the first measurer is trusted, the first verifier may request a second verifier with higher security to measure the first measurer to determine that the first measurer is trusted. In this way, the first verifier measures the first network element, e.g. the VNF, by means of the trusted first measurer, and can determine whether the first network element is trusted.
In connection with the above embodiment, one possible design, before S801, the first verifier may also determine that the first measurer is a trusted doubt measurer. That is, the first verifier triggers the measurement of the first measurer if it is not possible to determine whether the first measurer is authentic. Otherwise, if the first verifier determines that the first measurer is trusted, the first measurer can be directly used for measuring the first network element without triggering measurement on the first measurer, so that invalid measurement flow is avoided, and communication overhead is saved.
Optionally, the first measurer is a trusted doubtful measurer, which means that: the first metrology is either an untrimmed metrology or the first metrology is a metrology that has been measured and the metrology credential fails. That is, for a trusted first measurer, its trusted state is time-limited. If the time limit is exceeded, the first metric needs to be re-measured to further improve security.
In addition, the specific implementation of this design may refer to the related description in S701, which is not repeated.
In combination with the above embodiment, a possible design may be that, before S801, the first verifier may receive the indication information from the second network element (CF described above). The second network element is associated with the first network element, and the indication information is used for indicating the first verifier to initiate measurement on the first network element; the first verifier determines to use the first metric to measure the first network element according to the indication information. That is, the metric for the first network element may be triggered by other network elements, such as the second network element. For example, the second network element may trigger a metric for the first network element if it determines that communication with the first network element is abnormal. Therefore, the measurement can be triggered according to the requirement, so that invalid measurement flow is avoided, and communication overhead is saved.
Optionally, the indication information includes identification information of a first network element, the first verifier stores a correspondence between identification information of each of the testers and identification information of a network element associated with the tester, and determines to use the first tester to measure the first network element according to the indication information, including: the first verifier determines a first metric corresponding to the first network element according to the identification information and the corresponding relation of the first network element. That is, even if the second network element initiates measurement on a plurality of network elements at the same time, the first measuring device can find the measuring device corresponding to each network element according to the identification information and the corresponding relation of the network elements, thereby realizing synchronous measurement on the plurality of network elements and improving the measuring efficiency.
In addition, the specific implementation of this design may refer to the related description in S710, and will not be repeated.
In combination with the above embodiment, one possible design may be that after S804, the first verifier measures whether the third network element is trusted using the first measurer. That is, under the condition that the first measurer is trusted, the first verifier can directly measure other network elements by using the first measurer, and the measurement of the first measurer is not required to be triggered again, so that invalid measurement flow is avoided, and communication overhead is saved.
The communication method provided by the embodiment of the application is described in detail above with reference to fig. 7 to 8. A communication apparatus for performing the communication method provided by the embodiment of the present application is described in detail below with reference to fig. 9 to 10.
Fig. 9 is a schematic structural diagram of a communication device according to an embodiment of the present application. As shown in fig. 9, the communication apparatus 900 includes: a transceiver module 901 and a processing module 902. For convenience of explanation, fig. 9 shows only major components of the communication apparatus.
In some embodiments, the communication apparatus 900 may be adapted to perform the functions of the VNF verifier or the first verifier described above in the communication system shown in fig. 5.
The transceiver module 901 may be configured to perform a function of the VNF verifier or the first verifier in the above-described communication method to send and receive messages, such as the functions in the steps S702 and S705. The processing module 902 may perform other functions of the VNF verifier or the first verifier other than the transceiving of the message, such as the functions in the step S701 and the like.
For example, the processing module 902 is configured to, in a case where it is determined whether the first network element is trusted using the first metric, control the transceiver module 901 to send the first request to the second verifier, and receive a first response returned by the second verifier for the first request. Wherein the first request is for requesting the second verifier to initiate a measurement of the first measurer, the second verifier having a security higher than that of the first measurer, the first response being for indicating that the first measurer is trusted. As such, the processing module 902 is further configured to measure whether the first network element is trusted using the first metric.
Alternatively, the transceiver module 901 may include a transmitting module (not shown in fig. 9) and a receiving module (not shown in fig. 9). The transmitting module is configured to implement a transmitting function of the communication device 900, and the receiving module is configured to implement a receiving function of the communication device 900.
Optionally, the communication device 900 may further include a storage module (not shown in fig. 9) storing programs or instructions. The processing module 902, when executing the program or instructions, enables the communication device 900 to perform the communication method shown in fig. 7 or 8.
The communication apparatus 900 may be a network device, a chip (system) or other components or assemblies that may be disposed in the network device, or an apparatus including the network device, which is not limited in the present application.
In addition, the technical effects of the communication apparatus 900 may refer to the technical effects of the communication method shown in fig. 7 to 8, and will not be described herein.
In other embodiments, the communications device 900 may be adapted for use in the communications system shown in fig. 5 to perform the functions of the hardware verifier or the second verifier described above.
The transceiver module 901 may be configured to perform a function of the hardware verifier or the second verifier in the above communication method to send and receive messages, such as the functions in steps S702 and S705. The processing module 902 may perform other functions of the hardware verifier or the second verifier other than the sending and receiving of the message, such as the functions in the steps S703, S704, and the like.
For example, a transceiver module 901 for receiving a first request from a first verifier; a processing module 902 configured to determine, according to the first request, a second measure associated with the first measure; the first request is for requesting the second verifier to initiate a measurement of a first measure, the first measure being a measure associated with the first verifier, the second measure being higher in security than the first measure. As such, the processing module 902 is further configured to determine that the first measurer is trusted by the second measurer, thereby controlling the transceiver module 901 to send a first response to the first verifier, where the first response is used to indicate that the first verifier is trusted.
Alternatively, the transceiver module 901 may include a transmitting module (not shown in fig. 9) and a receiving module (not shown in fig. 9). The transmitting module is configured to implement a transmitting function of the communication device 900, and the receiving module is configured to implement a receiving function of the communication device 900.
Optionally, the communication device 900 may further include a storage module (not shown in fig. 9) storing programs or instructions. The processing module 902, when executing the program or instructions, enables the communication device 900 to perform the communication method shown in fig. 7 or 8.
The communication apparatus 900 may be a network device, a chip (system) or other components or assemblies that may be disposed in the network device, or an apparatus including the network device, which is not limited in the present application.
In addition, the technical effects of the communication apparatus 900 may refer to the technical effects of the communication method shown in fig. 7 to 8, and will not be described herein.
Fig. 10 is a schematic diagram of a second structure of the communication device according to the embodiment of the present application. The communication device may be a terminal, or may be a chip (system) or other part or component that may be provided in the terminal. As shown in fig. 10, the communication device 1000 may include a processor 1001. Optionally, the communication device 1000 may also include a memory 1002 and/or a transceiver 1003. Wherein the processor 1001 is coupled to the memory 1002 and the transceiver 1003, such as by a communication bus.
The following describes each constituent element of the communication apparatus 1000 in detail with reference to fig. 10:
the processor 1001 is a control center of the communication device 1000, and may be one processor or a collective term of a plurality of processing elements. For example, the processor 1001 is one or more central processing units (central processing unit, CPU), but may also be an integrated circuit specific (application specific integrated circuit, ASIC), or one or more integrated circuits configured to implement embodiments of the present application, such as: one or more microprocessors (digital signal processor, DSPs), or one or more field programmable gate arrays (field programmable gate array, FPGAs).
Alternatively, the processor 1001 may perform various functions of the communication apparatus 1000, such as performing the communication methods shown in fig. 8-10 described above, by running or executing a software program stored in the memory 1002 and invoking data stored in the memory 1002.
In a particular implementation, the processor 1001 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 10, as an embodiment.
In a specific implementation, as an embodiment, the communication apparatus 1000 may also include a plurality of processors, such as the processor 1001 and the processor 1004 shown in fig. 10. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 1002 is configured to store a software program for executing the solution of the present application, and the processor 1001 controls the execution of the software program, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, memory 1002 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1002 may be integral to the processor 1001 or may exist separately and be coupled to the processor 1001 through an interface circuit (not shown in fig. 10) of the communication device 1000, which is not specifically limited in this embodiment of the present application.
A transceiver 1003 for communication with other communication apparatuses. For example, the communication apparatus 1000 is a terminal, and the transceiver 1003 may be used to communicate with a network device or another terminal device. As another example, the communication apparatus 1000 is a network device, and the transceiver 1003 may be used to communicate with a terminal or another network device.
Alternatively, the transceiver 1003 may include a receiver and a transmitter (not separately shown in fig. 10). The receiver is used for realizing the receiving function, and the transmitter is used for realizing the transmitting function.
Alternatively, the transceiver 1003 may be integral to the processor 1001 or may exist separately and be coupled to the processor 1001 by an interface circuit (not shown in fig. 10) of the communication device 1000, which is not specifically limited in this embodiment of the present application.
It should be noted that the configuration of the communication apparatus 1000 shown in fig. 10 is not limited to the communication apparatus, and an actual communication apparatus may include more or less components than those shown, or may combine some components, or may be different in arrangement of components.
In addition, the technical effects of the communication device 1000 may refer to the technical effects of the communication method described in the above method embodiments, and are not described herein.
The embodiment of the application provides a communication system. The communication system includes: one or more of the terminals shown in fig. 8-10.
It should be appreciated that the processor in embodiments of the application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example but not limitation, many forms of random access memory (random access memory, RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced Synchronous Dynamic Random Access Memory (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (25)
1. A method of communication, the method comprising:
in the case that the first verifier determines whether to use the first metric to measure the first network element as trusted, the first verifier sends a first request to the second verifier; the first request is used for requesting the second verifier to initiate measurement of the first measurer, and the security of the second verifier is higher than that of the first measurer;
the first verifier receives a first response returned by the second verifier for the first request; the first response is used to indicate that the first metric is authentic;
the first verifier measures whether the first network element is trusted using the first measure.
2. The method of claim 1, wherein the first verifier sends a first request to a second verifier, comprising:
The first verifier obtains addressing information of the first measurer;
the first verifier sends the first request including the addressing information to the second verifier.
3. The method of claim 2, wherein the first verifier obtaining addressing information of the first measurer comprises:
in the case that the first verifier is a functional network element, the first verifier obtains an identifier of the first network element; or,
in the case that the first verifier is a functional network manager, the first verifier acquires at least one of the following: the identification information of the first measurer or the identification information of the first network element.
4. A method according to claim 3, wherein in case the first verifier is a functional network element, the identification information of the first network element comprises an identification of a network function NF; or in the case that the first verifier is a functional network manager, the identification information of the first network element includes an identification of a virtual network function VNF.
5. The method of any of claims 1-4, wherein the first verifier is deployed in a business domain and the second verifier is deployed in a management domain.
6. The method of any of claims 1-5, wherein prior to the first verifier sending the first request to the second verification function, the method further comprises:
the first verifier determines that the first metric is a trusted doubt metric.
7. The method of claim 6, wherein the first metric being a trusted suspect metric means: the first metrology tool is an untrimmed metrology tool or the first metrology tool is a metrology tool that has been metrology tool and the metrology document fails.
8. The method of any of claims 1-7, wherein the first verifier determining whether to use a first metric to measure a first network element is trusted comprises:
the first verifier receives indication information from a second network element; the second network element is associated with the first network element, and the indication information is used for indicating the first verifier to initiate measurement on the first network element;
and the first verifier determines to measure the first network element by using the first measure according to the indication information.
9. The method of claim 8, wherein the indication information includes identification information of the first network element, wherein the first verifier stores a correspondence between identification information of each of the measurers and identification information of the network element associated with the measurer, wherein the first verifier determines to measure the first network element using the first measurer according to the indication information, and wherein the step of determining the first network element using the first measurer includes:
And the first verifier determines the first metric corresponding to the first network element according to the identification information of the first network element and the corresponding relation.
10. The method according to any of claims 1-9, wherein the first verifier uses the first metric to measure whether the first network element is trusted, comprising:
the first verifier sending a second request to the first verifier; the second request is used for requesting the first measurer to measure the first network element;
the first verifier receives a second response returned by the first verifier for the second request; the second response includes metric evidence of the first network element;
the first verifier determines whether the first network element is trusted according to the metric evidence of the first network element.
11. The method of claim 10, wherein the metric evidence of the first network element comprises at least one of: the operation data of the first network element or the communication data of the first network element.
12. The method of any of claims 1-11, wherein after the first verifier receives a first response returned by the second verifier for the first request, the method further comprises:
The first verifier measures whether a third network element is trusted using the first metric.
13. A method of communication, the method comprising:
the second verifier receives a first request from the first verifier; the first request is for requesting the second verifier to initiate a measurement of a first measurer, the first measurer being a measurer associated with the first verifier;
the second verifier determines a second measure associated with the first measure according to the first request; the second measure has a higher security than the first measure;
the second verifier measures the first measure by the second measure and determines that the first measure is trusted;
the second verifier sends a first response to the first verifier; the first response is used to indicate that the first verifier is authentic.
14. The method of claim 13, wherein the second verifier measures the first measure by the second measure, determining that the first measure is trusted, comprising:
the second verifier sending a third request to the second verifier; the third request is used for requesting the second measurer to measure the first measurer;
The second verifier receives a third response returned by the second verifier for the third request; the third response includes metric evidence of the first metric;
the second verifier determines that the first measure is authentic based on the measure evidence of the first measure.
15. The method of claim 14, wherein the metric evidence of the first metric includes operational data of the first metric.
16. The method of claim 14 or 15, wherein the third request is for instructing the second metric to provide metric evidence.
17. The method of claim 13, wherein the second verifier measures the first measure by the second measure, determining that the first measure is trusted, comprising:
the second verifier sending a third request to the second verifier; the third request is used for requesting the second measurer to measure the first measurer;
the second verifier receives a third response returned by the second verifier for the third request; the third response includes an endorsement result by the first metric, the endorsement result being used to instruct the second metric to determine that the first metric is authentic;
The second verifier determines that the first measurer is authentic by verifying the endorsement result.
18. The method of claim 17, wherein the third request is to instruct the second metric to provide an endorsement result.
19. The method of any of claims 13-18, wherein the first request includes addressing information for the first metric, the second verifier determining, from the first request, a second metric associated with the first metric, comprising:
the second verifier determines the first measure according to the addressing information of the first measure;
the second verifier determines the second measure from the first measure.
20. The method of claim 19, wherein the addressing information of the first metrology tool includes at least one of: the identification information of the first measurer or the identification information of the first network element associated with the first measurer.
21. The method according to claim 20, wherein the identification information of the first network element comprises an identification of the network function NF or the identification information of the first network element comprises an identification of the virtual network function VNF.
22. The method of any of claims 13-21, wherein the first metric is deployed at a software layer and the second metric is deployed at a hardware layer.
23. A communication device, the device comprising: a module for performing the method of any one of claims 1-22.
24. A communication device, the communication device comprising a processor; the processor is configured to execute instructions stored in a memory to cause the communication device to perform the communication method of any one of claims 1-22.
25. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a computer program or instructions which, when run on a computer, cause the computer to perform the communication method according to any one of claims 1-22.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210494964.0A CN117081928A (en) | 2022-05-08 | 2022-05-08 | Communication method and device |
| PCT/CN2023/091397 WO2023216913A1 (en) | 2022-05-08 | 2023-04-27 | Communication method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210494964.0A CN117081928A (en) | 2022-05-08 | 2022-05-08 | Communication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117081928A true CN117081928A (en) | 2023-11-17 |
Family
ID=88708492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210494964.0A Pending CN117081928A (en) | 2022-05-08 | 2022-05-08 | Communication method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117081928A (en) |
| WO (1) | WO2023216913A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3183679A4 (en) * | 2014-08-22 | 2018-03-07 | Nokia Technologies Oy | A security and trust framework for virtualized networks |
| US10572237B2 (en) * | 2016-12-12 | 2020-02-25 | AT&T Intellectual Property I, I.P. | Managing software changes to virtual network functions |
| CN113938880B (en) * | 2020-06-29 | 2024-05-14 | 华为技术有限公司 | Application verification method and device |
| CN114024678A (en) * | 2020-07-15 | 2022-02-08 | 中国移动通信有限公司研究院 | Information processing method and system and related device |
| CN113542266B (en) * | 2021-07-13 | 2022-09-27 | 中国人民解放军战略支援部队信息工程大学 | Virtual network element trust measurement method and system based on cloud model |
-
2022
- 2022-05-08 CN CN202210494964.0A patent/CN117081928A/en active Pending
-
2023
- 2023-04-27 WO PCT/CN2023/091397 patent/WO2023216913A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023216913A1 (en) | 2023-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10972463B2 (en) | Blockchain-based NB-IoT devices | |
| US10986083B2 (en) | Hardware identification-based security authentication service for IoT devices | |
| EP3745645B1 (en) | Method, device, and system for guaranteeing service level agreement of application | |
| WO2020220865A1 (en) | Identity check method for network function service, and related device | |
| US10164983B2 (en) | Distributed authentication for internet-of-things resources | |
| US20220159446A1 (en) | Event Report Sending Method, Apparatus, and System | |
| US20210377054A1 (en) | Systems and methods for managing public key infrastructure certificates for components of a network | |
| US20220167153A1 (en) | Privacy control of user equipment and related apparatuses | |
| WO2013185413A1 (en) | Method and apparatus for controlling application right | |
| US11582689B2 (en) | Systems and methods for user-specific slice configuration for an application | |
| US11855977B2 (en) | Systems and methods for configuring a network function proxy for secure communication | |
| CN112512045A (en) | Communication system, method and device | |
| US20230171255A1 (en) | Computerized system and method for enhanced authorization of network data | |
| US20210282009A1 (en) | Integrity for mobile network data storage | |
| CN115296938B (en) | Cloud computing management system and cloud computing management method | |
| US11825396B2 (en) | Systems and methods for network based dynamic network slice selection control and federation | |
| CN115211159A (en) | Allocation resources of network slices | |
| CN116318795A (en) | Network security protection system | |
| CN117320002A (en) | Communication method and device | |
| CN117081928A (en) | Communication method and device | |
| US20220264316A1 (en) | Launching radio spectrum resources into a fifth generation (5g) network or other next generation networks | |
| CN116614312B (en) | Security verification method and system for cloud computing system | |
| WO2023216856A1 (en) | Service management method and apparatus | |
| CN117641342A (en) | Communication method and device | |
| US20230269588A1 (en) | Operating System Integrity Measurement and Attestation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |