RU2173505C2 - Information ciphering method - Google Patents

Abstract

FIELD: ciphering information stream (voice signal or data) to be transmitted in mobile communication system. SUBSTANCE: mobile communication system transmits information in compliance with multiple- access mode with time- division of channels between network (MSC, BSS) and particular mobile station (MS) out of a number of mobile stations. Proposed ciphering methods are used when information (B1, B2) of particular user is to be transmitted in two or more time spaces (TS1, TS2) within one frame. According to proposed ciphering methods various parameters (Kc, FN, PS) used in the course of ciphering are modified depending on sequence number of each of frame time spaces being used. For example, ciphering key (Kc) and frame number (FN) are modified depending on sequence number of respective time space (TSn) and known ciphering algorithm (A5) is used to obtain modified ciphering sequence (PSm'). Proposed method makes it possible to avoid essential changes in signaling protocol of system and in hardware used. EFFECT: enhanced ciphering reliability. 6 cl, 4 dwg

Description

Technical field
The invention relates to a method for encrypting information transmitted between a fixed network and a mobile station in a time division multiple access mobile radio communication system.

 More specifically, the present invention relates to methods for more securely encrypting transmitted information for a mobile station carried out by a network under conditions where multiple allocated time slots are used for the same user (mobile station).

State of the art
The GSM (Pan-European Mobile Telephone Network) network, generally accepted for use in Europe, is a mobile radio communications network that uses a time division multiple access (TDMA) channel. As with other mobile radio networks, the GSM network uses access control and encryption of transmitted messages. The GSM network specifications are described in the GSM specification 03.20, May 1994, issued by the European Telecommunications Standards Institute (ETSI), hereinafter referred to as ETSI / GSM 03.20. This document describes the various algorithms used in access checks and encryption.

 Algorithm A3 is used to perform real checks of access rights between the network and the subscriber device, algorithm A5 is used to encrypt the transmitted payload information, algorithm A8 is used to generate the encryption key Kc from the random key RAND from the subscriber key Ki.

 As a rule, in mobile radio communication systems with time division of channels only one allocated time interval per connection is used (see ETSI / GSM 05.02).

 It was suggested that two or more time slots, not necessarily consecutive, be used for frame transmission (see ETSI / STC SMG3, T doc SMG3 WPA 95A dated August 29, 1995 (Nokia Telecommunications), in particular, clause 5 "HSCSD Architecture"). This provides the advantage of being able to transmit large amounts of information per unit of time (especially applicable when transmitting data), but it has the disadvantage of increasing the bandwidth.

SUMMARY OF THE INVENTION
The use of two or more allocated time intervals (slots) in the GSM system for the same transmission of a radio signal in accordance with the aforementioned leads to certain problems when it is necessary to use encryption and access control.

 The most obvious procedure would be to process each of the allocated time intervals separately and to use information processing procedures in accordance with previously known principles. However, such procedures would require a very significant change in existing signaling protocols and hardware used both in the network and in mobile stations.

 It would be desirable to avoid such modifications to existing standards and equipment as much as possible. The use of the same pseudo-random sequence (PSP) for all the allocated time intervals within the same frame and for a given number of frames was proposed in the aforementioned document of the European Telecommunications Standards Institute ETSI / T doc SMG3, "First HSCSD stage 2 draft". The disadvantage of this method is that it is characterized by a compromise between the strength of encryption and the simplicity of the procedure. If two separate packets belonging to the same user are transmitted in this way using the same encryption sequence (pseudo-random sequence), then the influence of encryption can be eliminated in a relatively simple way, namely, by performing simple processing in accordance with the logical exclusive-OR operation "

 It is an object of the present invention to provide methods for providing reliable encryption in a TDMA mobile radio communication system of the type that uses two or more time slots for the same transmission, without requiring significant changes to the signaling protocol and / or system equipment.

 In this aspect, the method corresponding to the invention is characterized by the features set forth in paragraph 1 of the claims. Another method corresponding to the invention is characterized by the features set forth in paragraph 3 of the claims. In addition, the methods corresponding to the invention are characterized by the features set forth in paragraphs 4 and 5.

Brief Description of the Drawings
The methods of the invention will be described below with reference to the illustrative drawings.

 FIG. 1 is a schematic representation of signal transmission between a network and a mobile station in a mobile radio communication system during an authorization procedure.

 FIG. 2 is a flowchart illustrating a known encryption procedure in the system shown in FIG. 1.

 FIG. 3 is a flowchart schematically illustrating the algorithms used in the two methods of the invention.

 FIG. 4 is a flowchart illustrating the algorithms used in the third method of the invention.

Detailed Description of Preferred Embodiments
In FIG. 1 is a schematic representation of a mobile radio communication system, for example, a GSM system. The system comprises a network side, indicated in the drawing as “network”, and a side of the mobile station, indicated in the drawing as “mobile station”.

 The network side includes the BSS base station system, which is connected to the MSC switching center of the mobile stations, which, in turn, is connected to a public switched telephone network (not shown). The BSS base station typically includes a BTS base transceiver station and a base station BSC controller (not shown). In a real situation, a plurality of base stations are connected to the switching center MSC of the mobile stations on the network side, while the side of the mobile stations provides for a plurality of mobile stations that can simultaneously communicate with the base station system BSS. The network side and the side of the mobile stations transmit information via radio signals via the air interface, which is indicated in FIG. 1 reference number TR.

 Before real information will be transmitted and received between the network and this mobile station MS, the network must check the access rights of the mobile station MS. This access check is carried out in accordance with known principles, the network being i.e. the base station system BSS transmits a random number (the so-called "random call") RAND to the mobile station MS via a dedicated DCCH control channel.

 The mobile station MS receives a random number RAND and generates an SPES response (character response) from this random number and from the eigen-key Ki of the mobile station in accordance with a predetermined algorithm A3, as described on page 50 of the aforementioned ETSI / GSM 03.20 document.

 At the same time, the mobile station MS compiles the encryption key Kc from the key Ki in accordance with another algorithm A8, although only the SPES response is transmitted to the base station BSS. In this case, the encryption key Kc is used when performing encryption in the mobile station as follows. In the base station system BSS, a comparison is made with the corresponding SPES values calculated by the switching center MSC of the mobile stations in accordance with the same conventional algorithms A3 and A8. Upon receipt of the result of the match, it is decided that the mobile station has the right of access, and therefore, communication may continue. The ongoing transmission of information is then encrypted in accordance with the specified A5 algorithm, as described on pages 48-49 of the ETSI / GSM document.

 Thus, the network includes an algorithm block AN, which has memory functions and performs access check in accordance with algorithms A3 and A8 and encryption in accordance with algorithm A5. The mobile station MS contains an AM algorithm unit that has memory functions and performs access check in accordance with the same algorithms A3 and A8 and encryption in accordance with algorithm A5.

 The encryption key Kc is generated in the switching center MS of the mobile stations based on the encryption key Ki of the mobile station, which is known in the switching center of the mobile stations. After completing the authorization check (algorithm A5), the switching center MSC of the mobile stations sends the key Kc to the base station system BSS, and encryption of the payload information can begin using the matching encryption key Kc.

 In FIG. 2 schematically illustrates a method for encrypting and formatting payload information for transmission in two time slots TSI, TS2 in accordance with the aforementioned method proposed by NOKIA.

 Typically, payload information is divided, for example, based on a frame of a speech signal, into one or more blocks of 114 bits each. One such block is encrypted in accordance with the A5 algorithm and transmitted in a packet in a predetermined time interval, and interleaving with another neighboring block may additionally be carried out. Then follows the next encrypted block. As shown in FIG. 2, if there are two time intervals in this frame and if the information block is divided into two subblocks B1 and B2 of 114 bits each, then each block is encrypted with the same PS pseudorandom sequence of 114 bits, as usual, by performing two logical operations " exclusive OR "as shown in FIG. 2.

 The pseudo-random sequence PS is obtained from the sequence number FN of the frame in which the time intervals TS1, TS2 are located, the information of which (blocks B1 and B2) must be encrypted. As a result, two encrypted information blocks BK1 and BK2 are formed, and these blocks are then formatted by entering the input sequence and learning in a known manner (indicated by the X in Fig. 2). As mentioned above, the disadvantage of this encryption method is that the same encryption sequence is used twice for two separate time intervals, which means that unencrypted information can be recovered from each of these time intervals using the logical exclusive-OR operation "for this encrypted information.

 In accordance with the present invention, the sequence number of the time interval or some equivalent of this number is introduced into the frame as an additional parameter during encryption. As a result, when transmitting in two time intervals within the same frame, the transmitted information will be independently encrypted and the encryption reliability will thereby be further increased compared to the case when only the frame number is used (in addition to the encryption key). If, as is usually the case, a user uses only one time interval per frame, then time-dependent encryption is not required, since the user-defined encryption key is unique to a particular time interval. By modifying the input parameters (code key Kc, frame number FN) in direct proportion to the sequence number of the time interval in the frame, in accordance with the present invention, it is possible to apply the original algorithms without requiring a significant change in the signaling protocol, as described above, or radio communication equipment.

 In FIG. 3 is a flowchart illustrating the use of the original algorithm A5 with modified input values, in accordance with the present invention.

Block AB in FIG. 3 symbolizes the original algorithm A5, which is defined in accordance with GSM 03.20. The encryption key Kc is then modified in accordance with the sequence number TSn = TS1 of the corresponding time interval, namely, the time interval in the frame during which the first block B1 is to be transmitted, respectively of FIG. 2 (possibly alternating with respect to the neighboring block, although the principle is the same). In this regard, circle 1 conditionally denotes the computational algorithm ALG1 to obtain a modified encryption key value Kc1. The same algorithm can be used for all time intervals in the frame, so that
ALG1 (Kc, TSn) = Kcn '.

 There is no need to modify all encryption keys, and one key can be identical to the normal encryption key Kc for a given time interval.

Similarly, the frame sequence number FN is modified depending on the sequence number TSn = TS1 of the corresponding time interval in the frame during which the first block B1 shown in FIG. 2. Circle 2 conventionally denotes the computational algorithm ALG2 to obtain a modified value of the frame sequence number FN '. The same algorithm can be used for all time frames of the frame, so
ALG2 (FN, TSn) = FNn '.

 The two algorithms ALG1 and ALG2 do not have to be the same.

 In addition, one of the modified FNn 'frame numbers may be identical to the regular FN number.

 In both of the above cases, the result is an output value in the form of a modified pseudo-random sequence PSm ', which is used in the same way as that shown in FIG. 2.

It should be borne in mind that the sequence PSm 'can be generated by any of the following methods:
a) by using only the modified value Kc 'of the encryption key and the unchanged value FN of the frame number, i.e. Algorithm 2 is not used; or
b) by using only the modified value FN 'of the frame number FN and the unchanged value of the encryption key Kc, i.e. Algorithm 1 is not used.

 In FIG. 4 shows a block diagram similar to the block diagram of FIG. 3, but in this case with completely unchanged input values Kc, FN for algorithm A5. Instead, the sequence number of the time slot TSn (or a value equivalent to this sequence number) is used as a control value for the ALG3 algorithm, conventionally denoted by circle 3, to modify the usual pseudorandom sequence PS obtained from Kc and FN. This ALG3 algorithm may include certain permutation, shift, reordering of values, etc. in the pseudo-random sequence PS, so as to obtain a new sequence PSm '. The sequence can be further subdivided into blocks of 114 bits before conversion, and values in one or more blocks can be mixed to obtain new values with an unchanged number of bits (114) in each block.

 It is also possible to combine the algorithms ALG1, 2 of FIG. 3 with the ALG3 algorithm of FIG. 4.

 The above embodiments of the inventive method relate to transmission cases. However, it should be borne in mind that in the case of reception, when the received information must be decrypted, the values of Kc and FN and the sequence PS must be modified to obtain, respectively, Kc ', FN' and PSm 'in accordance with the agreed algorithms ALG1, ALG2 and ALG3, as described higher.

Claims (6)

 1. A method of encrypting information transmitted between a fixed network (MSC, BSS) and a mobile station (MS) in a mobile radio communication system that operates in accordance with a time division multiple access mode, the information being divided into at least two blocks (B1, B2) and transmitted in at least two time intervals (TS1, TS2) corresponding to the said blocks in each frame in the sequence of frames, the encryption is carried out by a) forming a pseudo-random sequence (PS ) in accordance with the specified encryption algorithm (A5) using the encryption key (Kc) and the sequence number (FN) of the frame in which the information is transmitted, b) performing the logical operation “Exclusive OR” for the mentioned pseudo-random sequence (PS) and each block ( B1 and B2) unencrypted information to obtain encrypted information (BK1, BK2), characterized in that c) modify the said encryption key (Kc) in accordance with a given algorithm (ALGl) and depending on the sequence number of the time interval (TSn) for the floor Modified encryption key (Kc '), d) form a modified pseudo-random sequence (PSm') using the modified encryption key (Kc ') obtained for each of the time intervals used, in accordance with the mentioned encryption algorithm (A5) and e) said logical exclusive-OR operation using a modified pseudo-random sequence (PSm ') for each block (B1 and B2) of unencrypted information.  2. The method according to claim 1, characterized in that said operation (e) is performed for the information block (B1), which belongs to the time interval (TS1), the sequence number of which was used to form the aforementioned modified encryption key.  3. A method of encrypting information transmitted between a fixed network (N) and a mobile station (MS) in a mobile radio communication system that operates in accordance with a time division multiple access mode, the information being divided into at least two blocks (B1 , B2) and transmitted in at least two time intervals (TS1, TS2) corresponding to the said blocks in each frame in the sequence of frames, the encryption being carried out by a) forming a pseudo-random sequence (PS) in correspondence with the specified encryption algorithm (A5) using the encryption key (Kc) and serial number (FN) of the frame in which the information is transmitted, b) performing the logical operation "Exclusive OR" for the mentioned pseudo-random sequence (PS) and each block (B1 and B2) unencrypted information to obtain encrypted information (BK1, BK2), characterized in that c) modify said frame number (FN) in accordance with a predetermined algorithm (ALG2) and depending on the sequence number of the corresponding time interval (TSn), d) form a modified pseudo-random sequence (PSm ') using the obtained frame number (FN') modified for each of the time slots used in accordance with the encryption algorithm (A5), and e) perform the logical operation “Exclusive OR” with using a modified pseudo-random sequence (PSm ') for each block (B1 and B2) of unencrypted information.  4. The method according to claim 3, characterized in that the algorithm (ALG1) used to modify the encryption key (Kc) includes the logical operation "Exclusive OR".  5. A method of encrypting information transmitted between a fixed network (N) and a mobile station (MS) in a mobile radio communication system that operates in accordance with a time division multiple access mode, the information being divided into at least two blocks (B1 , B2) and is transmitted in at least two time intervals (TS1, TS2) corresponding to the said blocks in each frame in the sequence of frames, the encryption being carried out by a) forming a pseudo-random sequence (PS) with and using the encryption key (Kc) and the sequence number (FN) of the frame in which the information is transmitted, in accordance with the specified encryption algorithm (A5), b) performing the logical operation "Exclusive OR" for the mentioned pseudo-random sequence and each block of unencrypted information (INFO1) characterized in that c) modify said encryption key (Kc) in accordance with a predetermined algorithm (ALGl) and, depending on the sequence number of the corresponding time interval (TSn), d) form a pseudo-random sequence l (PSm ') using the obtained encryption key (Kc'), modified for each of the used time intervals, and in accordance with the mentioned encryption algorithm (A5), e) modify the mentioned frame number (FN) in accordance with the specified algorithm (ALG2 ) and depending on the sequence number of the corresponding time interval (TSn), a) form a modified pseudorandom sequence (PSm ') using the obtained modified frame number (FN') in accordance with the above encryption algorithm (A5) and g) in The logical exclusive-OR operation is performed using a modified pseudo-random sequence (PSm ') for each block (B1 and B2) of unencrypted information.  6. A method of encrypting information transmitted between a fixed network (N) and a mobile station (MS) in a mobile radio communication system that operates in accordance with a time division multiple access mode, the information being divided into at least two blocks (B1 , B2) and is transmitted in at least two time intervals (TS1, TS2) corresponding to the said blocks in each frame in the sequence of frames, the encryption being carried out by a) forming a pseudo-random sequence (PS) with and using the encryption key (Kc) and the sequence number (FN) of the frame in which the information is transmitted, in accordance with the specified encryption algorithm (A5), b) performing the logical operation "Exclusive OR" for the mentioned pseudo-random sequence and each block of unencrypted information (INFO1) characterized in that c) form a modified pseudo-random sequence (PSm ') using a pseudo-random sequence (PS) depending on the sequence number (TSn) of the time interval within which transmit an information block (B1 or B2), which is encrypted with a modified pseudo-random sequence, in accordance with a predetermined algorithm (ALG3) and d) perform the logical operation “Exclusive OR” using a modified pseudo-random sequence (PSm ') for each block (B1 and B2 ) unencrypted information and for each of the used time intervals.

Images