KR102017373B1 - METHOD FOR SUBSCRIBER AUTHENTICATION IN CELLUAR IoT DEVICE, IoT DEVICE FOR SUBSCRIBER AUTHENTICATION, AND BASE STATION APPARATUS FOR SUBSCRIBER AUTHENTICATION - Google Patents

Abstract

The present invention provides a subscriber authentication method, an IoT apparatus, and a base station apparatus that do not use a SIM card or a USIM card in a 3GPP mobile communication system based IoT / Internet of Things service. The subscriber authentication method includes the step of authenticating the subscriber using a measurement value that is a characteristic of the IoT apparatus, wherein the subscriber authentication is a subscriber identity module (SIM) card or a universal subscriber identity module (USIM) card. The subscriber authentication may be performed by using a measured value that is a unique characteristic of the IoT apparatus without using a.

Description

Subscriber authentication method of mobile communication-based IoT device, IoT device for subscriber authentication and base station device for subscriber authentication {METHOD FOR SUBSCRIBER AUTHENTICATION IN CELLUAR IoT DEVICE

The present invention relates to subscriber authentication, and more particularly, to subscriber authentication of a mobile communication-based IoT apparatus.

The Internet of Things (IoT) or the Internet of Small Things (IOST) is a network that connects things that deliver a small amount of data with just a battery, without the need for power. Low power, low cost transmission technology is required, and service is possible even without high speed, high cost network.

The Internet of Things or Internet of Things has a structure in which as many as thousands to tens of thousands of terminals / devices / devices are connected to a central device such as a base station, and various communication systems for the IoT are optimized. come. A communication system for the IoT is basically a communication system capable of supporting features such as low power, low complexity, low cost, low transmission rate, wide coverage, and multiple simultaneous connection devices to provide competitive IoT services. .

The 3GPP mobile communication standardization organization is establishing a standard for the Internet of Things called 'LTE-M' similar to Long Term Evolution (LTE) and a standard for the Internet of Things called 'NB-LTE'. LTE-M and NB-LTE are 3GPP-based technologies that are global standards.

LTE-M uses Category 1 terminals defined in 3GPP Release 8 and adds Power Saving Mode (PSM) functionality defined in Release 12. LTE-M uses nationwide LTE network, so nationwide service is available, and licensed band frequency is used, so there is no deterioration in communication quality due to frequency interference, and global expansion is possible through roaming.

3GPP has standardized Category 0 in Release 12 and Standardized Category M in Release 13, and at the same time standardized NB-IoT as a clean-slate solution for more efficient internet communication.

Unlike LTE-M or NB-IoT, which is based on the 3GPP standard, which uses a carrier's licensed band, SIGFOX and LoRa are the Internet of things that use an unlicensed band. The Internet of Things requires a low power wide area network. LTE-M and NB-IoT are narrowing and slowing down to support Things / small Things in LTE networks, which are originally aimed at high-speed broadband wireless networks, and SIGFOX and LoRa aim to transmit small amounts of information at low power from the beginning. One technique.

Internet of Things (IoT) services, such as car control and CCTV, already exist, but the Internet of Things can be applied to much smaller and less expensive objects, and its power consumption is so low that it can be used for a long time (target: more than 10 years) with only the built-in battery. . Services can be extended to a variety of areas, such as tracking such as parts management and metering such as electricity / water / gas reading.

All mobile communication systems for the wireless Internet service, including the Internet of Things (IoT) service or the Internet of Things (IoT) service, have a star topology in which a base station and a plurality of terminals are connected. have. These base stations and terminals form a Radio Access Network (RAN) or an AS layer in the entire mobile communication network. The base station is connected to the upper core network (CN), and the CN includes a server that performs authentication by converting subscriber information into a DB.

When a terminal is connected to a new base station in a mobile communication system, the terminal must be authenticated through a type of authentication to determine whether the terminal is entitled to receive service from the mobile communication network. There are various methods depending on the situation, but the authentication process is based on the subscriber unique ID called the International Mobile Subscriber Identity (IMSI) stored in the SIM card or the USIM card of the terminal.

For security purposes, the current 3GPP LTE mobile communication system does not send IMSI directly unless CN requests subscriber's IMSI, and sends and receives the result value derived from IMSI as a parameter. This value is not only an IMSI value but also various other parameters depending on the situation.

Therefore, in order to use the service in the 3GPP mobile communication system, the use of a subscriber identity module (SIM) card / USIM (universal subscriber identity module) card is essential, and for the specificity and security of the mobile communication business, the terminal and the SIM card / USIM SIM card Must be separated independently. For reference, as the unique ID of the terminal device, a permanent ID of IMEI exists independently. In the case of IMEI, the user can easily know the exact value, but in the case of IMSI it is generally not disclosed to subscribers, only the serial number of the SIM card / USIM card is disclosed. For this reason, the SIM card / USIM card should have a separate memory and provide an interface with the terminal device.

As a result, the price of the SIM card / USIM card itself reaches several US dollars, leading to a large unit price increase due to unconditional purchase of additional SIM card / USIM card.

At present, no subscriber authentication scheme based on such a SIM card or USIM card is established in the 3GPP standard.

In particular, the IoT communication system of the IoT communication system has a terminal form that delivers a small amount of data of a small size, such as a sensor, with only a battery without a constant power supply. The unit price of the terminal devices should be very low, so it is expected to be USD $ 1 to $ 2. Only when such a low price and a battery can be operated for up to several years can the base of the Internet of Things communication system be expanded and the Internet of Things can be opened in earnest.

However, in the case of the 3GPP mobile communication system-based small internet communication system, all terminal devices of the small internet must be equipped with a SIM card for subscriber authentication. Although the price of the SIM card itself is already close to $ 10 and is about $ 5 even if it is inexpensive, the price of the SIM card is greatly increased as soon as the SIM card is mounted on the small internet terminal device, greatly exceeding the target price of $ 1 to $ 2. Therefore, there is a problem that the small Internet service based on the 3GPP mobile communication network will fail by losing its competitiveness in the market.

An object of the present invention is to provide a subscriber authentication method of a mobile communication-based IoT apparatus without using a subscriber identity module (SIM) or universal subscriber identity module (USIM) card, an IoT apparatus for subscriber authentication, and a subscriber. It is to provide a base station apparatus for authentication. More specifically, an object of the present invention is a mobile communication-based IoT that identifies and authenticates a subscriber by generating a random code using a random number that can be generated at the same time after the base station and the IoT terminal are synchronized with each other after time and frequency synchronization. The present invention provides a subscriber authentication method, an IoT apparatus for subscriber authentication, and a base station device for subscriber authentication.

In addition, an object of the present invention is the timing adjustment value measured by the base station in the initial base station connection process using the Physical Random Access Channel (PRACH) channel defined in the 3GPP standard to improve the security of such a random code to indicate the terminal device Subscriber authentication method of a mobile communication-based IoT apparatus for identifying and authenticating a subscriber by generating a random code by using external factors such as a frequency offset and a frequency offset, an IoT apparatus for subscriber authentication, and a base station apparatus for subscriber authentication To provide.

In one aspect, the present invention provides a subscriber authentication method of a mobile communication-based IoT apparatus. The subscriber authentication method includes the step of authenticating the subscriber using a measurement value that is a characteristic of the IoT apparatus, wherein the subscriber authentication is a subscriber identity module (SIM) card or a universal subscriber identity module (USIM) card. It is characterized in that the subscriber authentication is performed by using the measured value that is a unique characteristic of the IoT apparatus without using a.

The measured value is shared between the IoT apparatus, the base station, and the authentication server, and the IoT apparatus may generate a random code for authenticating the subscriber using the measured value.

The measurement value may include at least one of a timing adjustment value, a frequency offset, and a traffic volume measurement value.

The subscriber authentication may include generating, by the IoT apparatus, the first random code using the measured value as a generation factor of the first random code, and by the IoT apparatus, transmitting the first random code to the base station. It may include the step of transmitting.

The subscriber authentication may include recovering a unique ID of the IoT apparatus using the first random code and the generation factor of the first random code received by the base station, and the base station upwards to the IoT apparatus. The method may further include transmitting information for link transmission.

The subscriber authentication may include generating, by the IoT apparatus, the second random code by using a measurement value, which is a characteristic of the IoT apparatus, as a generation factor of the second random code, and by the IoT apparatus. The method may further include transmitting the second random code to the authentication server through the base station.

The first random code and the second random code generate a hash value having a length equal to a unique ID of the IoT apparatus by singly or combining the generation factors, and then determine the unique ID and the hash value of the IoT apparatus. Can be generated by XOR operation.

The subscriber authentication may include restoring a unique ID of the IoT apparatus using the second random code received by the authentication server, and authenticating the IoT apparatus using the unique ID. It may further comprise the step of processing.

The unique ID of the IoT apparatus generates a hash value having the same length as the first random code or the second random code by combining or generating the generation factors, and then, the unique ID of the IoT apparatus may be compared with the first random code or the second random code. The hash value may be restored by an XOR operation.

Storing, by the IoT apparatus, the base station, and the authentication server, a unique ID of the IoT apparatus, synchronizing time synchronization between the IoT apparatus and the base station before the subscriber authentication; The method may further include starting a random access process and transmitting, by the base station, the timing adjustment value to the IoT apparatus and the authentication server.

The subscriber authentication method may automatically change the generation factor of the random code by updating the timing offset even after initial authentication when using the timing offset as the generation factor of the first random code or the second random code.

After the connection between the IoT apparatus and the mobile communication network is completed, the subscriber authentication method may block the connection with the base station when the IoT apparatus or the mobile communication network generates a certain number of authentication requests.

According to another aspect of the present invention, the present invention provides a mobile communication-based IoT apparatus for subscriber authentication. The IoT apparatus includes a memory storing a unique ID of the IoT apparatus, a transceiver for transmitting and receiving a wireless signal, and a processor operatively coupled to the transceiver, wherein the processor is a subscriber identity module (SIM) card or USIM. (universal subscriber identity module) It is characterized by using the measured value which is a characteristic of the IoT apparatus for the subscriber authentication without using a card.

According to another aspect of the present invention, the present invention provides a base station apparatus for subscriber authentication of a mobile communication-based IoT apparatus. The base station apparatus includes a transceiver for transmitting and receiving a wireless signal, and a processor operating in conjunction with the transceiver, wherein the processor does not use a subscriber identity module (SIM) card or a universal subscriber identity module (USIM). It is characterized in that the measured value which is a unique characteristic of the device is used for the subscriber authentication.

According to a subscriber authentication method of a mobile communication-based IoT apparatus, an IoT apparatus for subscriber authentication, and a base station apparatus for subscriber authentication, a central apparatus such as a base station and a plurality of IoT terminals or things connected thereto A subscriber when operating an IoT terminal for IoT / Internet of Things service in a communication system similar to a mobile communication system having a star topology network to which an Internet device is connected, for example, a 3GPP mobile communication system. It is possible to authenticate subscribers with high security without using a SIM card / USIM card including authentication information. As a result, the 3GPP mobile communication system can solve the problem of unit price increase caused by the installation of the SIM card / USIM card of the Internet of Things / Internet terminal device, which is expected to be a big obstacle to the expansion of the IoT / Internet of Things service based on the existing 3GPP mobile communication system. Successful business settlement is possible by expanding the base of IoT and IoT services.

1 is a block diagram of an IoT apparatus according to an embodiment of the present invention.
2 is a block diagram of a base station apparatus according to an embodiment of the present invention.
3 is a diagram illustrating an example of an authentication procedure upon initial access of a mobile communication-based IoT apparatus according to an embodiment of the present invention.
4 is a diagram illustrating a process of converting a UE ID (User Equipment ID) into a random code according to an embodiment of the present invention.
FIG. 5 is a diagram illustrating a process of deriving a UE ID from a random code according to an embodiment of the present invention.

As the inventive concept allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the written description. However, this is not intended to limit the present invention to specific embodiments, it should be understood to include all changes, equivalents, and substitutes included in the spirit and scope of the present invention.

Terms including the first, second, etc. may be used to describe various components, but the components are not limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component. The term and / or includes any of a plurality of related description items or a combination of a plurality of related description items.

When a component is said to be "connected" or "connected" to another component, it may be directly connected or connected to that other component, but there may be other components in between. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, "includes." Or "have." And the like are intended to indicate that there is a feature, number, step, action, component, part, or combination thereof described in the specification, one or more other features, or number, step, action, component, part, etc. Or it does not exclude in advance the possibility of the presence or addition of them in combination.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art, and are not construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

The terminal may be a mobile station (MS), user equipment (UE), user terminal (UT), wireless terminal, access terminal (AT), terminal, fixed or mobile subscriber unit, subscriber station (SS) Subscriber Stations, cellular telephones, wireless devices, wireless communication devices, Wireless Transmit / Receive Units (WTRUs), mobile nodes, mobiles, mobile stations, personal digital assistants (PDAs) ), Smartphone, laptop, netbook, personal computer, wireless sensor, consumer electronics (CE) or other terms.

Various embodiments of the terminal may be photographed such as a cellular telephone, a smartphone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, or a digital camera having a wireless communication function. Devices, wearable devices with wireless communications capabilities, gaming devices with wireless communications capabilities, music storage and playback appliances with wireless communications capabilities, Internet home appliances with wireless Internet access and browsing, as well as combinations of such functions It may include a portable unit or terminals, but is not limited thereto.

A base station generally refers to a fixed point for communicating with a terminal, and includes a base station, a Node-B, an eNode-B, an advanced base station (ABS), HR-BS, site controller, base transceiver system (BTS), access point (AP), or any other type of interfacing device capable of operating in a wireless environment may be included.

The base station may also include other base stations and / or network elements (not shown), such as a base station controller (BSC), a radio network controller (RNC), relay nodes, and the like. may be part of a radio access network. The base station may be configured to transmit and / or receive wireless signals within a particular geographic area, which may be referred to as a cell (not shown).

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, and in describing the present invention with reference to the accompanying drawings, the same or corresponding elements are denoted by the same reference numerals, and duplicated thereto. The description will be omitted.

Subscriber authentication method and apparatus of a mobile communication-based IoT apparatus of the present invention is similar in concept to a random code that can be generated at the same time after the base station and the IoT terminal (including the IoT terminal) is synchronized with each other after time and frequency synchronization Subscribers are identified and authenticated by generating specific numeric strings or signals with or without external measurement factors (eg, timing adjustments, frequency offsets, etc.) defined in the 3GPP standard.

Since the SIM card / USIM card is not used, IoT terminal devices must store a User Equipment (UE) ID, which is a kind of unique ID (eg, IMSI, IMEI, or serial number), in the device itself. These numbers should be stored in a form that cannot be deleted or modified by software approach, providing strong security.

The mobile operator stores information on the UE ID in the authentication server.

The IoT terminal device synchronizes time with the base station through a synchronization process with the base station.

Once synchronized with the base station, the IoT terminal device must perform an RACH (Random Access Channel) process to receive an access permission from the base station. The latter part of the RACH process corresponds to the process of being certified and licensed for use.

Directly transmitting the UE ID in the authentication process is vulnerable to hacking. Therefore, without transmitting the UE ID directly, a random code composed of letters or numbers using the UE ID as an input factor is transmitted to the base station, and the base station transmits it to the authentication server. .

The hash function can be used to maximize the security of the generated random code.

The authentication server generates the UE ID in the same way that the random code generation method and the input factor and the output factor of the IoT terminal apparatus are changed to the random code and the UE ID, respectively, and permits authentication through the existing 3GPP authentication procedure.

In order to generate the same random code between the authentication server and the IoT terminal, mutual time synchronization must be matched. The base station and the authentication server are already synchronized by their own time management scheme, and because the IoT terminal device performs the cell synchronization process and the synchronization is already synchronized before the RACH process between the base station and the IoT terminal device, the same random It is possible to generate numbers simultaneously.

Even if mutual time synchronization is correct, there may be some time synchronization error, so that the generated random code is maintained for a predetermined time (short time) to secure a certain time synchronization margin. In addition, if authentication for the same random code is requested again within the corresponding time, the authentication of the IoT terminal device is rejected and the UE ID of the specific IoT terminal device connected to the random code is changed to unavailable to reject the future authentication. do. In some cases, you can specify an ID as unavailable for one duplicate attempt, but you can also set it to a specific number of attempts.

Nevertheless, the above-described method and apparatus basically use a code generated by a method of generating a random code as a hash function associated with a UE ID which is an internal unique ID, thereby obtaining main information and random code for the IoT terminal device. If the creation method is leaked to the outside, it is vulnerable to external hacking.

In order to cope with such a problem, a characteristic (eg, timing adjustment value, frequency offset, etc.) unique to each IoT terminal device is added as an external factor required for random code generation. For successful authentication, the authentication server also needs to obtain a common value for the external factor used in addition to the random code generation, so it uses an external factor that can be shared with the base station and the authentication server.

Conventionally, a random code generation method based on the unique characteristics of each terminal device has existed, but this method has a difficulty in obtaining all the characteristics of each terminal device before the terminal device is sold. In addition, the obtained information must be stored in a server or a system related to authentication, and thus, the IoT service in which tens of thousands of IoT terminal devices are connected to one base station is not suitable for storing the corresponding information about all IoT terminal devices. The problem is that it requires a lot of memory and the implementation complexity also increases.

To overcome this, the present invention uses various measurements specified in the 3GPP standard as an external factor for random code generation. For example, in the case of a timing offset (timing adjustment value), the base station may measure the distance to the IoT terminal device through the delay time value in the RACH process. Based on this time delay, a timing offset to be adjusted to adjust the transmission time is transmitted to the IoT terminal device. The information is protected through link protection or ciphering of 3GPP control message, which makes it strong for external hacking. Since the timing offset is transmitted, there may be a disadvantage in that it is vulnerable to hacking in the wireless section. To overcome this drawback, the timing offset that will be used as a random code generation factor can enhance security by increasing the resolution than the timing adjustment value transmitted and received.

The mobile communication system is a first step for normal communication with the base station and the CN (Core Network), whether it is a synchronous system or an asynchronous system. In the case of 3GPP LTE, a primary synchronization signal (PSS), a secondary synchronization signal (SSS) signal, a system frame number (SFN) included in a physical broadcast channel (PBCH) and a master information block (MIB), and various timing measurement processes You are motivated. Therefore, the CN (Core Network), the base station, and the terminal can know the same time synchronization or offset with the reference time of each device, so that all of them can be operated at the same time. Of course, there may be some timing offset, but the value is not large.

After time synchronization, the UE identifies the most basic parameters of the base station through system information block (SIB) data demodulation, and finally informs the base station of its existence through uplink RACH (Random Access Channel) process and grants permission to use the base station. You will be asked. When first attempting to access the base station, the terminal receives authentication from the base station / CN in this RACH process.

 In one step of the RACH process, the UE does not transmit its own IMSI but transmits an associated value or a random value to be authenticated. In the case of transmitting a random value, an additional process is added to the general authentication process.

Random code generation using timing offset and base station ID In addition to external factors, all other measurement values that may be characteristic of each terminal that can be shared by the base station and the terminal may be used as a generation factor of the random code. . For example, there are traffic volume measurements, frequency offsets, and the like. Since the timing offset value is protected by a control message, only the IoT terminal device, the base station, and the authentication server can be known, and thus have strong security. In the case of frequency offset, it is not directly transmitted or received information, so it has stronger security. Therefore, these measures can be used in combination as a random code generation factor to further maximize security.

According to an embodiment of the present invention, the IMSI is embedded in the IoT terminal in order to remove the SIM card / USIM card from the IoT, in particular, the Internet of things such as NB-IoT, but frequency offset and timing offset for enhanced security. The IMSI is encoded once more using the value measured by the same real UE and BS. In particular, in the case of frequency offset, since the base station and the terminal are not directly exchanged information, security can be maximized. That is, in the case of the frequency offset, the hardware characteristics are almost the same value even if the base station and the terminal do not communicate with each other, and the third party other than the base station and the terminal can not know this value can be enhanced security.

Specifically, all the terminals measure the frequency offset between the base station and the terminal in the time synchronization process, and the base station also estimates the frequency offset using a physical random access channel (PRACH) preamble. Therefore, when the terminal transmits a PRACH preamble without frequency offset correction, the base station estimates the frequency offset to a value close to the frequency offset measured by the terminal itself. The granularity for frequency offset considering the estimation error is introduced and displayed as a certain number, and the value is used as a generation factor for generating a random code.

In the case of the timing offset, it is difficult for a third party to measure the value because the timing offset between the base station and the terminal is measured. However, in the case of the timing offset, the base station must measure and inform the terminal so that some security is required. You may lose your sex. In order to improve this aspect, the timing offset changes due to the movement of the terminal are occasionally updated to continuously change the random code.

According to the embodiments of the present invention, in the above-described time synchronization and RACH process, a CN (Core Network) / base station and a terminal can generate a mutual copy of random code generation factors without mounting a SIM card / USIM card in the IoT terminal device. The present invention proposes a subscriber authentication method and apparatus that performs authentication based on a random number or external factors (eg, timing adjustment value, frequency offset, etc.) to maintain the same level of security. In addition, the security of the authentication process is maximized by reflecting the unique hardware characteristics or other characteristics of each terminal device in the generation of the random code. According to embodiments of the present invention, the IMSI is embedded in the IoT terminal to remove the SIM card / USIM card from the IoT, in particular, the IoT, such as NB-IoT, but frequency offset for enhanced security. The IMSI may be encoded once again using values measured by the actual terminal and the base station such as and a timing offset.

1 is a block diagram of an IoT apparatus (including an IoT apparatus) according to an exemplary embodiment. Referring to FIG. 1, the IoT apparatus 100 includes a transceiver 120 that transmits and receives a wireless signal, a processor 110 that operates in conjunction with the transceiver, and a transmit / receive antenna 130.

The transceiver 120 transmits or receives a radio frequency signal with a base station through the antenna 130, receives data and control signals from the base station through the antenna 130 through downlink, and the base station It transmits data and control signals through uplink. The transceiver 120 may be configured to modulate the signals to be transmitted by the antenna 130 and to demodulate the signals received by the antenna 130.

The processor 110 may control the transceiver 120 to determine a time point for transmitting the control signal. In addition, the processor 110 performs a random code generation process for subscriber authentication.

Processor 110 may be a general purpose processor, special purpose processor, conventional processor, digital signal processor (DSP), microprocessor, one or more microprocessors associated with a DSP core, controller, microcontroller, application specific integrated circuit specific integrated circuits (ASICs), field programmable gate array (FPGA) circuits, integrated circuits (ICs), state machines, and the like. The processor 110 may perform signal coding, data processing, power control, input / output processing, and / or any other functionality that enables the terminal to operate in a wireless environment. The processor 110 may be coupled to the transceiver 120.

Antenna 130 may be an antenna configured to transmit and / or receive RF signals. Antenna 130 may be configured to transmit and / or receive any combination of wireless signals.

2 is a block diagram of a base station apparatus according to an embodiment of the present invention. 2, the base station apparatus 200 includes a transceiver 220, a processor 210, and an antenna 230.

The transceiver 220 transmits or receives a radio frequency signal to and from the IoT apparatus 100 through the antenna 230, and downlinks to the IoT apparatus 100 through the antenna 230. It transmits data and control signals through, and receives the data and control signals from the IoT apparatus 100 through the uplink (uplink). The transceiver 220 may be configured to modulate the signals to be transmitted by the antenna 230 and to demodulate the signals received by the antenna 230.

The processor 210 may control the transceiver 220 to determine when to transmit a control signal. The processor 210 may generate a user equipment (UE) ID from the random code generated by the IoT apparatus 100.

The processor 210 may be a general purpose processor, special purpose processor, conventional processor, digital signal processor (DSP), microprocessor, one or more microprocessors associated with a DSP core, controller, microcontroller, application specific integrated circuit specific integrated circuits (ASICs), field programmable gate array (FPGA) circuits, integrated circuits (ICs), state machines, and the like. The processor 210 may perform signal coding, data processing, power control, input / output processing, and / or any other functionality that enables a terminal to operate in a wireless environment. The processor 210 may be coupled to the transceiver 220.

Hereinafter, a subscriber authentication method using a timing offset as a generation factor of a random code in the Internet of Things, in particular, the Internet of Things, will be described step by step.

3 is a diagram illustrating an example of an authentication procedure upon initial connection of a mobile communication-based IoT apparatus (including an IoT apparatus) according to an embodiment of the present invention. Referring to FIG. 3, in a first step, an IoT terminal device (hereinafter referred to as a terminal) (UE) 100 stores a UE ID (User Equipment ID), which is a terminal unique ID, in a device internal memory. At this time, the UE ID has the same bit length as the International Mobile Subscriber Identity (IMSI). Home Subscriber Server (HSS) 400, which is an authentication server of a CN, also stores the same UE ID.

In step 2, the terminal 100 synchronizes time with the base station eNB 200 through a time synchronization process (S101).

In step 3, the terminal 100 randomly selects a PRACH preamble code and starts the RACH process (S102).

In step 4, the base station 200 calculates a timing adjustment value TA by measuring a timing offset between the base station 200 and the terminal 100 based on the PRACH preamble transmitted by the IoT apparatus 100 (S103). .

In step 5, the base station 200 stores the calculated timing adjustment value TA and transmits the value with the temporary C-RNTI to the corresponding terminal 100 using a random access response (RAR) (S104). Similarly, the base station also transmits a timing adjustment value to the CN (Core Network) (not shown in FIG. 3).

In step 6, the terminal 100 pre-authenticates the received timing adjustment value TA using a random code generation factor together with various time display values currently synchronized including a stored UE unique ID and a system frame number. A first random code (RAND ID) is generated by a method agreed with the server (HSS) 400. The first random code (RAND ID) may be generated using a hash value as shown in FIG. 4 for security (S105).

In step 7, the terminal 100 transmits the first random code generated using the unique ID (UE ID) of the corresponding terminal to the base station 200 as the temporary C-RNTI received from the base station 200 (the terminal ID) ( S106).

In step 8, the base station 200 restores the unique ID (UE ID) of the terminal as shown in FIG. 5 using the received first random code and the timing adjustment value TA (S107).

In step 9, the base station 200 transmits information necessary for uplink transmission including the final C-RNTI to the terminal 100 transmitting the temporary C-RNTI (RRC connection setup) (S108).

In step 10, the terminal 100 generates a second random code RAND ID by using a hash value as illustrated in FIG. 4 by a method promised with the HSS 400 in advance (S109). In this case, security may be enhanced by generating a new random code by using additional information obtained from data transmission and reception with a previous base station such as C-RNTI as a generation factor in random code generation. When additional information such as C-RNTI is used as a generation factor of random code generation, it should be used according to the existing LTE Globally Unique Temporary Identifier (GUTI) structure such as Mobility Management Entity (MME) ID.

That is, a random code is generated and used to have the same number of bits in place of the existing UE ID so that authentication can be successfully performed within the standard without changing the standard of the existing 3GPP LTE mobile communication system. Even in the secure communication based on, the compatibility problem with the standard can be solved by generating a new random code having the same number of bits each time a permanent or temporary UE ID is required or reusing the random code generated in the initial access.

In step 11, the terminal 100 transmits an Attach Request message to the mobility management entity (MME) 300 (S110). Initial authentication of 3GPP begins with the MME 300 receiving an Attach Request message. The Attach Request message sends information such as UE ID (User Equipment ID) and SN ID (Serving Network ID) together. At this time, the UE ID is transmitted using the above-described second random code and without encryption and integrity protection.

In step 12, the MME 300 transmits an Authentication Data Request message to the HSS 400 together with the received second random ID (S111).

In the thirteenth step, the HSS 400 is a method of generating a random code in the terminal 100 and the same method in which only an input factor and an output factor are changed into a random code and a UE ID, respectively, as shown in FIG. 5 using the same generation factor value. As described above, a unique ID (UE ID) of the terminal is derived from the received second random code (S112).

In step 14, the HSS 400 accesses an authentication center (AUC) using a unique ID of the terminal, finds a unique key of the terminal, and performs an AKA (Authentication and Key Agreement) algorithm. Then, the authentication data response message is transmitted to the MME 300 together with the authentication vector (AV) that is the result of performing the AKA algorithm (S113). The AV includes an XRES (Expected Response) value and an Authentication Token (AUTN) required for authentication.

In step 15, the MME 300 transmits an Authentication Request message to the terminal 100 together with the AUTN which is part of the AV (S114). AUTN includes a message authentication code (MAC) value to be used for authentication, a sequence number (SQN), and an authentication management field (AMF).

In step 16, the terminal 100 performs an AKA algorithm using the received AUTN, and compares the generated XMAC (Expected Message Authentication Code) value with the MAC value of the received AUTN to perform network authentication (S115).

If the XMAC value and the MAC value match in step 17, the network authentication is successfully completed, and the terminal 100 transmits an Authentication Response message together with the RES value resulting from performing the AKA algorithm to the MME 300 (S116).

Finally, in step 18, the MME 300 compares the RES value received from the terminal 100 with the XRES value received from the HSS 400 to perform terminal authentication (S117). If the RES value and the XRES value match, the terminal authentication is completed successfully.

4 is a diagram illustrating a process of converting a UE ID (User Equipment ID) into a random code according to an embodiment of the present invention. Referring to FIG. 4, the IoT apparatus alone or combines the generation factors of the random code (eg, external factors such as a random number, a timing adjustment value, and a frequency offset) 420. After generating the hash value 430 having the same length as the ID, the random code 440 may be generated by an XOR operation of the UE ID 410 and the hash value 430.

FIG. 5 is a diagram illustrating a process of deriving a UE ID from a random code according to an embodiment of the present invention.

Referring to FIG. 5, the base station and the authentication server separately or combine the generation factors of the random code (eg, external factors such as a random number, a timing adjustment value, a frequency offset, etc.) 520 and the random code and the combination thereof. After generating a hash value 530 of the same length, a user equipment ID (UE ID) which is a unique ID of a terminal by an XOR operation of the random code 510 and the hash value 530 transmitted from the IoT apparatus ( 540 may be generated.

Although there is not a large time synchronization between the authentication server, the base station, and the IoT terminal, although there is a timing offset to some extent, the validity period of the generated random code is defined in advance, and authentication is performed using the same code within the validity period. In addition, if authentication for the same random code is duplicated, it is regarded as an authentication failure and the service can be denied.

The authentication method using the frequency offset is also possible, and in this case, since the frequency offset is not actually exchanged between the base station and the terminal, it can be said that the security is higher than the case of using the timing offset.

In the embodiment of the authentication method using the frequency offset, the terminal measures the frequency offset of the base station and the terminal in step 2 of the above-described steps, and the base station in step 4. Since the frequency offset values measured by the base station and the terminal are almost the same, the frequency offset transmission is not necessary in step 5. From step 6, use the frequency offset value measured by each other instead of the timing adjustment value. Of course, you can mix the two values.

In the case of the small internet, most terminal devices in the form of sensors are virtually mobile. Therefore, since the connected base station is difficult to be changed except when the small internet apparatus connected to a specific base station may be moved to another base station, the base station ID may also be used as a generation factor in the random code generation algorithm. If the base station ID is changed, the authentication server may add a process of confirming that the connection with the small Internet terminal through the base station is connected to the authentication process.

In the 3GPP standard, even after a successful connection between the initial base station and the terminal, the timing offset with the terminal can be measured again intermittently or periodically. Therefore, even after initial authentication, the security can be maximized by automatically changing the random code generation factor while updating the timing offset.

In addition, when using a frequency offset as another embodiment of the present invention as a random code generation factor, three problems can be assumed.

만큼의 횟수만 full search를 진행하면 원하는 값을 얻을 확률이 50퍼센트가 넘어가게 된다. 이동통신을 이용한 사물인터넷 통신의 경우 대역폭이 200kHz이기 때문에 추정 오차를 고려하여, 발생되는 랜덤 코드의 길이는 대략적으로 8비트로 나올 수 있는 경우의 수는

이다. 이는 생일 공격에 의해 충분히 추정 가능하다는 취약점을 가지게 된다. 따라서 상기 취약점을 극복하기 위해 본 발명에서는 단말과 망 사이의 연결이 완료된 후에도 망에 인증을 하고자 하는 접근이 감지되면 연결을 차단하고 새로운 기지국을 통해서 인증을 해야만 사용 가능하도록 할 수 있다.First of all, there is a case that an attack is attempted by a birthday attack. The birthday attack is an attack based on the birthday paradox.

If you do a full search as many times as many times, the probability of obtaining the desired value is over 50%. In the case of IoT communication using mobile communication, since the bandwidth is 200 kHz, the length of the generated random code can be approximately 8 bits considering the estimation error.

to be. This has the vulnerability that it can be estimated sufficiently by birthday attacks. Therefore, in order to overcome the above vulnerabilities, in the present invention, even after the connection between the terminal and the network is completed, if an access to authenticate the network is detected, the connection can be blocked and used only after authentication through a new base station.

Second, frequency offset can be estimated using SDR (Software Defined Radio) equipment. SDR equipment is a software-based wireless transmit / receive equipment, and can access a mobile communication service only through software control of a signal of a desired frequency band. Therefore, this equipment is accessible to both the terminal and the base station is required for security. In order to solve this problem, in the present invention, after the connection between the terminal and the network is completed, when an access requesting for another authentication is detected on the terminal or the network, the present invention can be used only after the connection is blocked and authenticated through a new base station. You can do that.

Finally, the accuracy of the estimated frequency offset is 1/1000 of the bandwidth, and the error can be about 200 Hz. If the frequency offset is less than 200Hz, there is a problem about the accuracy of the frequency offset between the terminal and the base station. In the present invention, the problem can be solved by intentionally giving a frequency offset larger than the error during the RACH process.

In the present invention, in addition to the above-described timing offset (timing adjustment value) and frequency offset as the random code generation factor, all other measurement values that may be characteristic of each terminal that can be shared by the base station and the terminal may be used as the generation factor of the random code. Can be. In addition, these factors may be implemented alone or in combination.

A number of embodiments of the invention have been described. Nevertheless, the foregoing description is for illustrative purposes and does not limit the scope of the invention as defined by the scope of the following claims. Accordingly, other embodiments may be within the scope of the following claims, and various modifications may be made without departing from the scope of the present invention. Additionally, some of the steps described above are order independent and can be performed in a different order than described.

100: IoT apparatus 110: processor
120: transceiver 130: antenna
200: base station 210: processor
220: transceiver 230: antenna
300: Mobility Management Entity (MME) 400: Home Subscriber Server (HSS)
410: User Equipment ID (UE ID) 420: Generation factor of the random code
430: hash value 440: random code
510: random code 520: generation factor of the random code
530: Hash Function 540: User Equipment ID (UE ID)

Claims (14)

As a subscriber authentication method of a mobile communication-based IoT device,
And authenticating the subscriber using measured values that are inherent characteristics of the IoT apparatus.
The subscriber authentication performs subscriber authentication using a measurement that is a characteristic of the IoT apparatus without using a subscriber identity module (SIM) card or a universal subscriber identity module (USIM) card.
The IoT apparatus generates a random code for authenticating the subscriber using the measured value,
And the measured value is shared between the IoT apparatus, the base station, and the authentication server. delete The method of claim 1,
And the measured value includes at least one of a timing adjustment value, a frequency offset, and a traffic volume measurement value. The method of claim 1,
The step of authenticating the subscriber
Generating, by the IoT apparatus, the first random code using the measured value as a generation factor of the first random code; And
And transmitting, by the IoT apparatus, the first random code to the base station. The method of claim 4, wherein
The step of authenticating the subscriber
Restoring a unique ID of the IoT apparatus using the first random code and the generation factor of the first random code received by the base station; And
The base station further comprises the step of transmitting information for uplink transmission to the IoT apparatus, subscriber authentication method. The method of claim 5,
The step of authenticating the subscriber
Generating, by the IoT apparatus, the second random code using a measurement value, which is a characteristic of the IoT apparatus, as a generation factor of the second random code; And
And transmitting, by the IoT apparatus, the second random code to the authentication server through the base station. The method of claim 6,
The first random code and the second random code generate a hash value having a length equal to a unique ID of the IoT apparatus by singly or combining the generation factors, and then determine the unique ID and the hash value of the IoT apparatus. Subscriber authentication method, characterized in that generated by the XOR operation. The method of claim 7, wherein
The step of authenticating the subscriber
Restoring a unique ID of the IoT apparatus by using the second random code received by the authentication server; And
And authenticating, by the authentication server, the authentication of the IoT apparatus using the unique ID. The method of claim 8,
The unique ID of the IoT apparatus generates a hash value having a length equal to the first random code or the second random code by combining or generating the generation factors, and then, the unique ID of the IoT apparatus and the second random code. And the hash value is restored by an XOR operation of the hash value. The method of claim 9,
Before the subscriber authentication step
Storing, by the IoT apparatus, the base station, and the authentication server, a unique ID of the IoT apparatus;
Synchronizing time synchronization between the IoT apparatus and the base station;
Starting, by the IoT apparatus, a random access process; And
And calculating, by the base station, a timing adjustment value and transmitting the timing adjustment value to the IoT apparatus and the authentication server. The method of claim 10,
And using a timing offset as a generation factor of the first random code or the second random code, updating the timing offset even after initial authentication to automatically change the generation factor of the random code. The method of claim 11,
And after the connection between the IoT apparatus and the mobile communication network is completed, disconnecting the connection with the base station when a certain number of authentication requests occur for the IoT apparatus or the mobile communication network. In the mobile communication-based IoT device for subscriber authentication,
A memory for storing a unique ID of the IoT apparatus;
A transceiver for transmitting and receiving wireless signals;
And a processor operating in conjunction with the transceiver, wherein the processor
Without using a subscriber identity module (SIM) card or universal subscriber identity module (USIM) card, measurement values that are unique to the IoT device are used for subscriber authentication,
The IoT apparatus generates a random code for authenticating the subscriber using the measured value,
And the measured value is shared between the IoT apparatus, the base station apparatus, and the authentication server. A base station apparatus for subscriber authentication of a mobile communication-based IoT apparatus,
A transceiver for transmitting and receiving wireless signals;
And a processor operating in conjunction with the transceiver, wherein the processor
Without using a subscriber identity module (SIM) card or universal subscriber identity module (USIM), measurement values that are unique to the IoT device are used for subscriber authentication,
The IoT apparatus generates a random code for authenticating the subscriber using the measured value,
The measured value is shared between the IoT apparatus, the base station apparatus and the authentication server, the base station apparatus for subscriber authentication.

Images