WO2010083695A1 - Method and apparatus for securely negotiating session key - Google Patents

Method and apparatus for securely negotiating session key Download PDF

Info

Publication number
WO2010083695A1
WO2010083695A1 PCT/CN2009/074792 CN2009074792W WO2010083695A1 WO 2010083695 A1 WO2010083695 A1 WO 2010083695A1 CN 2009074792 W CN2009074792 W CN 2009074792W WO 2010083695 A1 WO2010083695 A1 WO 2010083695A1
Authority
WO
WIPO (PCT)
Prior art keywords
session key
key
session
module
access gateway
Prior art date
Application number
PCT/CN2009/074792
Other languages
French (fr)
Chinese (zh)
Inventor
梁丽
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010083695A1 publication Critical patent/WO2010083695A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Definitions

  • the present invention relates to a key processing technique, and more particularly to a method and apparatus for securely negotiating a session key. Background technique
  • VoIP voice over IP
  • IP Internet Protocol
  • SK Session Key
  • FIG. 1 shows an example of two access gateways (AGs) performing point-to-point direct negotiation to acquire SK.
  • AG1 which is the key initiator, sends a request message to the key receiver AG2 (LMESSAGE). ), which carries the relevant information of the session key negotiation; after receiving the relevant information of the session key negotiation, the AG2 sends a response message (R_MESSAGE) to the AG1, so that the two parties can be based on a specific security protocol such as the Secure Real-Time Transport Protocol (SRTP).
  • SRTP Secure Real-Time Transport Protocol
  • the media stream is separately encrypted and decrypted using the obtained session key.
  • the point-to-point direct negotiation mode is not very applicable to the application scenario of the group switching device such as the AG. Because there are many users of the AG, if multiple users need to make calls at the same time, the number of message interactions of the key negotiation is very large, which will result in A waste of a large amount of system resources.
  • SS assigns session keys to AG1 and AG2 that need to make calls and transmits them to AG1 and AG2 through signaling channels, as shown in Figure 2.
  • the encryption of the session key mainly has the following methods:
  • the original key is manually configured for each AG as a preset shared key, and the SS directly encrypts the session key with the original key.
  • a key pair is configured for each AG using a public key infrastructure (PKI), the key pair including a public key and a private key, and the SS encrypts the session key with the public key of each AG.
  • PKI public key infrastructure
  • a DH (Differ-Hellman) exchange is performed before each call, and the SS encrypts the session key with the key exchanged by the DH.
  • the above three methods have their own disadvantages, and the disadvantages of the preset shared key are: the algorithm is simple, the security is poor, and it is easy to be cracked; the disadvantage of the public key is that: PKI is required. System support, and the PKI system currently used in the communication field has yet to be established, so this method is temporarily not feasible; the disadvantage of DH exchange is that: although the security is high, due to the complexity of the algorithm, and each call Before the DH exchange, the calculation is too large, which seriously affects the performance of the system. For these reasons, voice security guarantees in current NGN systems are difficult to achieve. Summary of the invention
  • the main object of the present invention is to provide a method and apparatus for securely negotiating a session key that is easy to implement and effective under a non-secure channel to ensure the security of voice calls.
  • a method for securely negotiating a session key After the access gateway successfully registers with the softswitch, the two obtain a shared key separately, and each stores the shared key by itself; the method further includes: the registered access gateway The softswitch is requested by the access gateway before each session is performed. Assigning a session key to the session, and encrypting the assigned session key with the shared key, and then transmitting the encrypted session key to the access gateway;
  • the shared session key is decrypted by the shared key to obtain a session key.
  • the method further includes:
  • the access gateway encrypts the media stream to be sent in the session with the decrypted session key, or decrypts the media stream received in the session.
  • the algorithm for encrypting or decrypting the session key by using the shared key is MD5.
  • a device for negotiating a session key including a shared key generation and storage module, a session key allocation module, a session key encryption module, a session key sending module, a session key receiving module, and a session secret Key decryption module, where:
  • a shared key generation and storage module configured to generate a shared key after the access gateway successfully registers with the softswitch, and store the generated shared key
  • a session key allocation module configured to allocate a session key for each session
  • An encryption module of the session key configured to use the shared key to perform a strong secret on the assigned session key
  • a sending module of the session key configured to send the encrypted session key
  • a receiving module of the session key configured to receive the encrypted session key
  • a decryption module of the session key configured to decrypt the received encrypted session key by using the shared key.
  • the generating and storing modules of the shared key are respectively located in the access gateway and the soft switch;
  • the allocation module of the session key and the encryption module of the session key are located in the softswitch, and the decryption module of the session key is located in the access gateway;
  • the sending module of the session key is located in the soft switch, and the receiving mode of the session key
  • the block is located in the access gateway.
  • the device further includes an encryption module of the media stream and a decryption module of the media stream, where: the encryption module of the media stream is configured to encrypt the media stream to be sent in the session by using the decrypted session key;
  • a decryption module of the media stream configured to decrypt the media stream received in the session by using the decrypted session key.
  • the encryption module of the media stream and the decryption module of the media stream are located in the access gateway.
  • the present invention performs a shared key negotiation only when the access gateway registers with the softswitch, and the obtained shared key is always stored on the access gateway and the softswitch during the entire working period.
  • the softswitch encrypts the assigned session key each time using the shared key obtained by negotiation.
  • the access gateway decrypts the encrypted session key each time by using the shared key obtained by negotiation.
  • the method is not only easy to implement, but also greatly reduces the amount of calculation, and further reduces system overhead.
  • the shared key is obtained through the key negotiation mode of the DH exchange, so that the security is high and the session key is not easily stolen, thereby ensuring the security of the media stream transmitted in the session. Therefore, the present invention is well suited for use in NGN systems currently built on IPv4 networks that are not integrated with IPsec to ensure voice call security.
  • FIG. 1 is a schematic diagram of a point-to-point direct negotiation of a prior art access gateway to obtain a session key
  • FIG. 2 is a schematic diagram of a prior art softswitch assigning a session key
  • FIG. 3 is a schematic diagram of a security negotiation session key according to the present invention.
  • FIG. 4 is a schematic diagram of an apparatus for securely negotiating a session key according to the present invention.
  • 5a and 5b are flowcharts of the access gateway requesting registration by the access gateway of the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to make the present invention more clearly understood by those skilled in the art, the implementation of the present invention will be described in detail with reference to the accompanying drawings.
  • FIG. 3 is a schematic diagram of a security negotiation session key according to the present invention. As shown in FIG. 3, the method for securely negotiating a session key according to the present invention includes the following steps:
  • Step A After the AG registers with the SS successfully, the two obtain the shared key KEY-AG and KEY-SS respectively, and store the shared key in each.
  • Step B Before each session of the registered AG, the SS allocates SK to the session according to the request of the AG, and encrypts the allocated SK by using the shared key KEY-SS;
  • the SS side encrypts SK according to formula (1):
  • KEY-SALT MD5 ( KEY-SS, SK ) ( 1 )
  • the encryption algorithm used in formula (1) is MD5. In practical applications, other encryption algorithms can also be used, which are not listed here.
  • Step C the SS sends the encrypted session key to the AG;
  • the SS can send the encrypted session key KEY-SALT in the crypto attribute line by adding a crypto attribute line in the Session Description Protocol (SDP) descriptor in the Add Context (ADD) message.
  • SDP Session Description Protocol
  • ADD Add Context
  • Step D each time the AG receives the encrypted session key, decrypts the encrypted session key with the shared key KEY-AG to obtain SK;
  • decryption should use the same algorithm as encryption, such as MD5.
  • step E may be performed: the AG encrypts the media stream to be sent in the session with the decrypted session key, or decrypts the media stream received in the session.
  • the AG side may encrypt the media stream to be sent in this session according to a specific security protocol, such as SRTP, and then send the encrypted media stream.
  • SRTP a specific security protocol
  • the AG decrypts the encrypted media stream with the same session key.
  • the session key may be encrypted by the SS with the shared key obtained in the registration process of the call recipient AG and transmitted to the call recipient AG, except that the registration process is the registration process of the call receiver AG to the SS. .
  • the present invention provides a device for securely negotiating a session key.
  • the device includes:
  • a shared key generation and storage module configured to generate a shared key after the AG successfully registers with the SS, and store the generated shared key; wherein the shared key generation and storage module are respectively located in the AG and the SS ;
  • a session key allocation module configured to allocate a session key for each session; wherein, the allocation module of the session key is located in the SS;
  • An encryption module of the session key configured to encrypt the allocated session key by using the shared key; wherein the encryption module of the session key is located in the SS;
  • a sending module of the session key configured to send the encrypted session key; wherein, the sending module of the session key is located in the SS;
  • a receiving module of the session key configured to receive the encrypted session key; wherein, the receiving module of the session key is located in the AG;
  • a decryption module of the session key configured to decrypt the received encrypted session key by using the shared key; wherein the decryption module of the session key is located in the AG.
  • the device further includes: an encryption module of the media stream, configured to encrypt the media stream to be sent in the session by using the decrypted session key; and a decryption module of the media stream, configured to utilize the decrypted session secret The key decrypts the media stream received in the session;
  • the encryption module of the media stream and the decryption module of the media stream are located in the AG.
  • the present invention always encrypts the session key allocated each time by using the shared key negotiated in the registration process, which is easy to implement and safe and convenient. Enter one Step by step, even if the encrypted media stream is intercepted during transmission, the voice information cannot be recovered because the session key is difficult to obtain, and therefore the present invention can effectively ensure the security of the voice call.
  • the process of obtaining the shared key KEY-AG and KEY-SS by the AG and SS respectively through the registration process is described in detail below.
  • the registration process is based on the H.248 protocol.
  • the initial shared key Ki usually 128 bits in length
  • Gateway device identifier MGID usually 128 bits in length
  • the base g and modulus for DH exchange P, g are usually chosen in 2, 3, 5, 7 and 9.
  • P is a prime number and is usually 768 bits long.
  • Step 401 The AG sends a service change (ServiceChange) message to the SS to request registration, and the ServiceChange message carries an X field for authentication, including: Algorithm ID, random number Rand_mg, key A for DH exchange, and digital signature MG AUTH for access gateway;
  • X field for authentication including: Algorithm ID, random number Rand_mg, key A for DH exchange, and digital signature MG AUTH for access gateway;
  • the AG first generates a random number Rand_mg, typically 64 bits, and a private number a for DH exchange, which is typically a 32-bit random number;
  • MG A UTH MD5 ( Ki, MGID, A, Rand_mg ) ( 3 )
  • MD5 algorithm is used to calculate the digital signature MG AUTH .
  • other encryption algorithms may also be used, which are not enumerated here; So, you get four X fields for authentication:
  • the invention uses the MD5 algorithm and is assigned a value of 1;
  • Steps 402 to 404 the SS calculates the authentication value MGRES by using the random number Rand_mg, the key A, and the algorithm ID in the received ServiceChange message, and determines whether the authentication value MGRES is equal to the digital signature MG AUTH of the AG. If the two are equal, Then the SS sends a correct Reply message to the AG, otherwise, sends an error Reply message, and ends the current authentication process;
  • the authentication value MGRES is calculated according to formula (4):
  • Step 405 After sending the correct Reply message to the AG, the SS first calculates the key B for DH exchange by using the private number b generated by itself, and calculates the shared key KEY-SS by using the key A and the private number b, and then Regenerating the random number Rand_ss, and then calculating the digital signature SSAUTH of the SS by using the key B, the shared key KEY-SS, the random number Rand_ss, and the algorithm ID;
  • the SS After the SS confirms that the authentication information sent by the legal AG is sent, the SS first generates a private number b for the DH exchange, which is usually a 32-bit random number, and calculates the density for the DH exchange according to the formula (5).
  • Key B is usually a 32-bit random number
  • SS generates a random number Rand_ss, usually 64 bits, and calculates the digital signature SS AUTH of SS according to formula (7):
  • Step 406 the SS sends a Modify message to the AG, where the Modify message carries the field for authentication obtained by step 405, including Ea, random, dhkey, and key information:
  • Ea - algorithm ID the invention uses the MD5 algorithm and is assigned a value of 1;
  • Random - SS generation a random number used to calculate SS AUTH , assigned Rand_ss; dhkey - the key used by SS for DH exchange based on g, b, P, assigned B; key - SS is calculated
  • the digital signature is assigned to SS AUTH .
  • Steps 407 ⁇ 409 after receiving the Modify message, the AG first calculates the shared key KEY-AG by using its own private number a and the key B in the Modify message, and then uses the shared key KEY-AG and the received random number.
  • the number Rand_ss, the key B and the algorithm ID calculate the authentication value SSRE S , and determine whether the authentication value SSRES is equal to the digital signature SS AUTH of the SS. If the two are equal, the AG sends the correct Reply message to the SS, otherwise, the error Reply is sent. Message, and end the current certification process;
  • the SS can periodically authenticate the AG to prevent the illegal entity from impersonating the AG to send a message to the SS, or to impersonate the SS to send a message to the AG.
  • the authentication process is as follows: Said:
  • Step 410 The SS sends a Modify message to the AG for authentication.
  • the Modify message carries a field for authentication, including: an algorithm ID, a random number d, and a digital signature SS AUTH of the SS.
  • the SS first generates a random number d, usually 128 bits, and then uses the shared key KEY-SS to calculate the digital signature SS AUTH of the SS according to equation (10):
  • SS AUTH MD5 ( KEY-SS , d ) ( 10 )
  • the field for authentication is obtained, including ea, random and key information: ea - algorithm ID, the invention adopts the MD5 algorithm and is assigned a value of 1;
  • Random - SS generated a random number used to calculate SS AUTH , assigned the value d;
  • the AG calculates the digital signature MG AUTH of the AG by using the shared key KEY-AG, the random number d, and the algorithm ID, and then sends the correct Reply message to the SS, and
  • the Reply message carries a field for authentication, including: an algorithm ID and a digital signature MG AUTH of the AG; if the SS is illegal, the AG sends an error Reply message to the SS, and the Reply message is in the Reply message. Does not carry any authentication field to prevent the illegal entity from obtaining the authentication information of the AG and ends the current authentication process.
  • AG calculates the authentication value SSRES according to formula (11):
  • the AG uses the shared key KEY-AG, MGID, and SS to carry the random number d carried in the Modify message to calculate the digital signature MG AUTH of the AG according to formula (12):
  • Ea - algorithm ID the invention uses the MD5 algorithm and is assigned a value of 1;
  • Step 414 after receiving the correct Reply message, the SS calculates the authentication value MGRES of the AG by using the shared key KEY-SS, the MGID, the random number d, and the algorithm ID carried in the correct Reply message, and determines the authentication value. Whether MGRES is equal to the digital signature MG auth of the AG. If the two are equal, the AG is legal, so the authentication succeeds; otherwise, if the AG is illegal, the authentication fails;
  • MGRES MD5 ( KEY-SS , MGID, d ) ( 13 ) At this point, the entire authentication process ends. If the authentication fails, the illegal AG cannot obtain the session key, thereby ensuring the security of the media stream transmitted in the session.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a method for securely negotiating a session key and includes: after an access gateway registered to a softswitch successfully, both the access gateway and the softswitch obtaining a shared key separately and storing the shared key in itself separately; before the registered access gateway implements each session, the softswitch distributing a session key for the session according to the request of the access gateway and encrypting the session key distributed every time with the shared key, and then transferring the encrypted session key to the access gateway; the access gateway decrypting the encrypted session key with the shared key and obtaining the session key every time when it receives the encrypted session key. The present invention also discloses an apparatus for securely negotiating a session key. The present invention can further assure the safety of the voice communication at the same time with assuring the safety of the session key, and is easy to be implemented.

Description

安全协商会话密钥的方法及装置 技术领域  Method and device for securely negotiating session key
本发明涉及密钥处理技术, 尤其涉及一种安全协商会话密钥的方法及 装置。 背景技术  The present invention relates to a key processing technique, and more particularly to a method and apparatus for securely negotiating a session key. Background technique
在下一代网络(NGN ) 系统中, 运营商为了减少建设成本和方便用户 接入, 网络电话(VoIP )的信令和媒体数据均通过互联网 (Internet )传输。 由于互联网协议(IP )网络是一个开放的网络, 其安全性不高, 因此, 为了 防止用户电话被窃听, 需要对会话中传输的媒体流进行加密以保障语音通 话安全, 其中, 用于加密媒体流的密钥称为会话密钥 (SK, Session Key )。  In the Next Generation Network (NGN) system, in order to reduce construction costs and facilitate user access, voice over IP (VoIP) signaling and media data are transmitted over the Internet. Since the Internet Protocol (IP) network is an open network, its security is not high. Therefore, in order to prevent the user from being eavesdropped, the media stream transmitted in the session needs to be encrypted to ensure the security of the voice call. The key of the stream is called the session key (SK, Session Key).
目前, 现有技术中关于会话密钥的协商方式主要有两种: 点对点直接 协商与软交换(SS )分配密钥。  Currently, there are two main methods for negotiating session keys in the prior art: point-to-point direct negotiation and softswitch (SS) allocation of keys.
图 1示出了两个接入网关(AG )点对点直接协商获取 SK的实例, 如 图 1所示:在进行呼叫前,作为密钥发起方的 AG1向密钥接收方 AG2发送 请求消息 (LMESSAGE ), 其中携带会话密钥协商的相关信息; AG2接收 会话密钥协商的相关信息后,向 AG1发送应答消息(R_MESSAGE ),这样, 双方就可根据具体的安全协议如安全实时传输协议(SRTP )用获得的会话 密钥分别加密和解密媒体流。 但是, 点对点直接协商方式不是非常适用于 AG这种组交换设备的应用场景, 因为 AG的用户 4艮多, 如果多个用户同时 需要进行呼叫, 则密钥协商的消息交互数量非常多, 会造成大量系统资源 的浪费。  FIG. 1 shows an example of two access gateways (AGs) performing point-to-point direct negotiation to acquire SK. As shown in FIG. 1, before the call is made, AG1, which is the key initiator, sends a request message to the key receiver AG2 (LMESSAGE). ), which carries the relevant information of the session key negotiation; after receiving the relevant information of the session key negotiation, the AG2 sends a response message (R_MESSAGE) to the AG1, so that the two parties can be based on a specific security protocol such as the Secure Real-Time Transport Protocol (SRTP). The media stream is separately encrypted and decrypted using the obtained session key. However, the point-to-point direct negotiation mode is not very applicable to the application scenario of the group switching device such as the AG. Because there are many users of the AG, if multiple users need to make calls at the same time, the number of message interactions of the key negotiation is very large, which will result in A waste of a large amount of system resources.
因此,业界大多倾向于 SS分配密钥的方式: SS为需要进行呼叫的 AG1 和 AG2分配会话密钥并通过信令通道传送给 AG1和 AG2, 如图 2所示。  Therefore, the industry mostly prefers the way SS assigns keys: SS assigns session keys to AG1 and AG2 that need to make calls and transmits them to AG1 and AG2 through signaling channels, as shown in Figure 2.
其中, 由于信令通道也存在不安全性, 因此为了保证会话密钥不被窃 取, 需要对会话密钥进行加密。 现有技术中对会话密钥的加密主要有以下 几种方式: Among them, because the signaling channel is also insecure, in order to ensure that the session key is not stolen To retrieve, the session key needs to be encrypted. In the prior art, the encryption of the session key mainly has the following methods:
1、 预设共享密钥  1, the default shared key
为每个 AG手工配置原始密钥作为预设共享密钥, SS直接采用该原始 密钥对会话密钥加密。  The original key is manually configured for each AG as a preset shared key, and the SS directly encrypts the session key with the original key.
2、 公共密钥  2, public key
利用公钥基础设施(PKI )为每个 AG配置一个密钥对, 该密钥对包括 公钥和私钥, SS用每个 AG的公钥对会话密钥进行加密。  A key pair is configured for each AG using a public key infrastructure (PKI), the key pair including a public key and a private key, and the SS encrypts the session key with the public key of each AG.
3、 DH交换  3, DH exchange
每次呼叫前都进行一次 DH ( Differ-Hellman ) 交换, SS用 DH交换得 到的密钥对会话密钥进行加密。  A DH (Differ-Hellman) exchange is performed before each call, and the SS encrypts the session key with the key exchanged by the DH.
然而, 上述三种方式各有不可忽视的缺点, 其中, 预设共享密钥这种 方式的缺点是: 算法筒单、 安全性差、 容易被破解; 公共密钥这种方式的 缺点是: 需要 PKI系统的支持, 而目前应用于通讯领域的 PKI系统还有待 建立, 所以这种方式暂时不具备可行性; DH交换这种方式的缺点是: 虽然 安全性高, 但由于算法复杂, 且每次呼叫前都要进行一次 DH 交换, 所以 计算量过大, 严重影响系统的性能。 由于这些原因, 导致目前 NGN系统中 的语音安全性保障难以实现。 发明内容  However, the above three methods have their own disadvantages, and the disadvantages of the preset shared key are: the algorithm is simple, the security is poor, and it is easy to be cracked; the disadvantage of the public key is that: PKI is required. System support, and the PKI system currently used in the communication field has yet to be established, so this method is temporarily not feasible; the disadvantage of DH exchange is that: although the security is high, due to the complexity of the algorithm, and each call Before the DH exchange, the calculation is too large, which seriously affects the performance of the system. For these reasons, voice security guarantees in current NGN systems are difficult to achieve. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种非安全通道下容易实施且 有效的安全协商会话密钥的方法及装置, 以保证语音通话的安全。  In view of this, the main object of the present invention is to provide a method and apparatus for securely negotiating a session key that is easy to implement and effective under a non-secure channel to ensure the security of voice calls.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
一种安全协商会话密钥的方法, 接入网关向软交换注册成功后, 二者 分别获取共享密钥, 并各自在自身存储所述共享密钥; 该方法还包括: 已注册的接入网关每次进行会话前, 所述软交换根据接入网关的请求 为会话分配会话密钥, 并且用所述共享密钥对所分配的会话密钥进行加密, 之后将加密的会话密钥发送给所述接入网关; A method for securely negotiating a session key. After the access gateway successfully registers with the softswitch, the two obtain a shared key separately, and each stores the shared key by itself; the method further includes: the registered access gateway The softswitch is requested by the access gateway before each session is performed. Assigning a session key to the session, and encrypting the assigned session key with the shared key, and then transmitting the encrypted session key to the access gateway;
所述接入网关每次收到加密的会话密钥后, 均用所述共享密钥对已加 密的会话密钥进行解密, 获取会话密钥。  Each time the access gateway receives the encrypted session key, the shared session key is decrypted by the shared key to obtain a session key.
其中, 所述接入网关解密会话密钥后, 该方法还包括:  After the access gateway decrypts the session key, the method further includes:
所述接入网关用解密后的会话密钥对会话中需发送的媒体流加密、 或 对会话中接收到的媒体流解密。  The access gateway encrypts the media stream to be sent in the session with the decrypted session key, or decrypts the media stream received in the session.
其中, 所述用共享密钥对会话密钥进行加密或解密的算法为 MD5。 一种安全协商会话密钥的装置, 包括共享密钥的产生及存储模块、 会 话密钥的分配模块、 会话密钥的加密模块、 会话密钥的发送模块、 会话密 钥的接收模块和会话密钥的解密模块, 其中:  The algorithm for encrypting or decrypting the session key by using the shared key is MD5. A device for negotiating a session key, including a shared key generation and storage module, a session key allocation module, a session key encryption module, a session key sending module, a session key receiving module, and a session secret Key decryption module, where:
共享密钥的产生及存储模块, 用于在接入网关向软交换注册成功后产 生共享密钥, 并存储所述已产生的共享密钥;  a shared key generation and storage module, configured to generate a shared key after the access gateway successfully registers with the softswitch, and store the generated shared key;
会话密钥的分配模块, 用于为每次会话分配会话密钥;  a session key allocation module, configured to allocate a session key for each session;
会话密钥的加密模块, 用于利用所述共享密钥对所分配的会话密钥进 行力口密;  An encryption module of the session key, configured to use the shared key to perform a strong secret on the assigned session key;
会话密钥的发送模块, 用于发送加密的会话密钥;  a sending module of the session key, configured to send the encrypted session key;
会话密钥的接收模块, 用于接收加密的会话密钥;  a receiving module of the session key, configured to receive the encrypted session key;
会话密钥的解密模块, 用于利用所述共享密钥对收到的已加密的会话 密钥进行解密。  A decryption module of the session key, configured to decrypt the received encrypted session key by using the shared key.
其中, 所述共享密钥的产生及存储模块分别位于所述接入网关及软交 换中;  The generating and storing modules of the shared key are respectively located in the access gateway and the soft switch;
所述会话密钥的分配模块及会话密钥的加密模块位于所述软交换中, 所述会话密钥的解密模块位于所述接入网关中;  The allocation module of the session key and the encryption module of the session key are located in the softswitch, and the decryption module of the session key is located in the access gateway;
所述会话密钥的发送模块位于所述软交换中, 所述会话密钥的接收模 块位于所述接入网关中。 The sending module of the session key is located in the soft switch, and the receiving mode of the session key The block is located in the access gateway.
另外, 所述装置还包括媒体流的加密模块和媒体流的解密模块, 其中: 媒体流的加密模块, 用于利用解密后的会话密钥对会话中需发送的媒 体流进行加密;  In addition, the device further includes an encryption module of the media stream and a decryption module of the media stream, where: the encryption module of the media stream is configured to encrypt the media stream to be sent in the session by using the decrypted session key;
媒体流的解密模块, 用于利用解密后的会话密钥对会话中接收到的媒 体流进行解密。  A decryption module of the media stream, configured to decrypt the media stream received in the session by using the decrypted session key.
其中, 所述媒体流的加密模块及媒体流的解密模块位于所述接入网关 中。  The encryption module of the media stream and the decryption module of the media stream are located in the access gateway.
由以上技术方案可以看出, 本发明仅在接入网关向软交换进行注册时 进行一次共享密钥协商, 所获得的共享密钥在整个工作期间将一直分别存 储在接入网关和软交换上, 软交换每次均用协商获得的共享密钥对分配的 会话密钥进行加密, 相应地, 接入网关每次都用协商获得的共享密钥对已 加密的会话密钥解密, 因此这种方式不仅容易实施, 而且能大大减少计算 量, 进一步地能减少系统开销。 并且, 该共享密钥是通过 DH 交换的密钥 协商方式获得的, 因此安全性高、 会话密钥不容易被窃取, 进而能保证会 话中传输的媒体流的安全。所以,本发明非常适用于当前建立在未集成 IPsec 的 IPv4网络上的 NGN系统中, 来确保语音通话安全。 附图说明  It can be seen from the above technical solution that the present invention performs a shared key negotiation only when the access gateway registers with the softswitch, and the obtained shared key is always stored on the access gateway and the softswitch during the entire working period. The softswitch encrypts the assigned session key each time using the shared key obtained by negotiation. Accordingly, the access gateway decrypts the encrypted session key each time by using the shared key obtained by negotiation. The method is not only easy to implement, but also greatly reduces the amount of calculation, and further reduces system overhead. Moreover, the shared key is obtained through the key negotiation mode of the DH exchange, so that the security is high and the session key is not easily stolen, thereby ensuring the security of the media stream transmitted in the session. Therefore, the present invention is well suited for use in NGN systems currently built on IPv4 networks that are not integrated with IPsec to ensure voice call security. DRAWINGS
图 1为现有技术接入网关点对点直接协商获取会话密钥的示意图; 图 2为现有技术软交换分配会话密钥的示意图;  1 is a schematic diagram of a point-to-point direct negotiation of a prior art access gateway to obtain a session key; FIG. 2 is a schematic diagram of a prior art softswitch assigning a session key;
图 3为本发明安全协商会话密钥的示意图;  3 is a schematic diagram of a security negotiation session key according to the present invention;
图 4为本发明安全协商会话密钥的装置的示意图;  4 is a schematic diagram of an apparatus for securely negotiating a session key according to the present invention;
图 5a和图 5b为本发明接入网关向软交换请求注册的流程图。 具体实施方式 为使本发明所属技术领域的技术人员更清楚地了解本发明, 现结合附 图详细说明本发明的实现过程。 5a and 5b are flowcharts of the access gateway requesting registration by the access gateway of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to make the present invention more clearly understood by those skilled in the art, the implementation of the present invention will be described in detail with reference to the accompanying drawings.
图 3为本发明安全协商会话密钥的示意图, 如图 3所示, 本发明安全 协商会话密钥的方法包括以下步骤:  FIG. 3 is a schematic diagram of a security negotiation session key according to the present invention. As shown in FIG. 3, the method for securely negotiating a session key according to the present invention includes the following steps:
步骤 A, AG 向 SS 注册成功后, 二者分别获取共享密钥 KEY-AG、 KEY-SS, 并各自在自身存储共享密钥。  Step A: After the AG registers with the SS successfully, the two obtain the shared key KEY-AG and KEY-SS respectively, and store the shared key in each.
步骤 B, 已注册的 AG每次进行会话前, SS根据 AG的请求为会话分 配 SK, 并且用共享密钥 KEY-SS对所分配的 SK进行加密;  Step B: Before each session of the registered AG, the SS allocates SK to the session according to the request of the AG, and encrypts the allocated SK by using the shared key KEY-SS;
其中, SS侧按公式( 1 )对 SK进行加密:  Among them, the SS side encrypts SK according to formula (1):
KEY-SALT=MD5 ( KEY-SS, SK ) ( 1 ) 公式(1 )中采用的加密算法是 MD5, 在实际应用中, 也可采用其他加 密算法, 此处不再——列举。  KEY-SALT=MD5 ( KEY-SS, SK ) ( 1 ) The encryption algorithm used in formula (1) is MD5. In practical applications, other encryption algorithms can also be used, which are not listed here.
步骤 C, SS将加密的会话密钥发送给 AG;  Step C, the SS sends the encrypted session key to the AG;
根据现有技术, SS可以通过在增加上下文(ADD )消息中的会话描述 协议 (SDP ) 描述符中增加密码 (crypto ) 属性行, 将加密的会话密钥 KEY-SALT放在 crypto属性行中发送给 AG。  According to the prior art, the SS can send the encrypted session key KEY-SALT in the crypto attribute line by adding a crypto attribute line in the Session Description Protocol (SDP) descriptor in the Add Context (ADD) message. Give AG.
步骤 D, AG每次收到加密的会话密钥后,均用共享密钥 KEY-AG对已 加密的会话密钥解密, 获取 SK;  Step D, each time the AG receives the encrypted session key, decrypts the encrypted session key with the shared key KEY-AG to obtain SK;
当然, 解密应采用与加密同样的算法, 如 MD5。  Of course, the decryption should use the same algorithm as encryption, such as MD5.
进一步地, 还可执行步骤 E: AG用解密后的会话密钥对会话中需发送 的媒体流加密、 或对会话中接收到的媒体流解密。  Further, step E may be performed: the AG encrypts the media stream to be sent in the session with the decrypted session key, or decrypts the media stream received in the session.
例如, 当 AG作为呼叫发起方时, 如图 3所示, AG侧可根据具体的安 全协议如 SRTP用会话密钥对本次会话需发送的媒体流进行加密,进而将加 密过的媒体流发送给作为呼叫接收方的另一 AG (图中未示), 呼叫接收方 AG则用相同的会话密钥对该加密过的媒体流进行解密。 类似地, 该会话密 钥可由 SS用与呼叫接收方 AG的注册流程中获取的共享密钥加密后传送给 呼叫接收方 AG, 不同之处在于该注册流程为呼叫接收方 AG向 SS的注册 流程。 For example, when the AG is used as the call originator, as shown in FIG. 3, the AG side may encrypt the media stream to be sent in this session according to a specific security protocol, such as SRTP, and then send the encrypted media stream. Give another AG (not shown) as the call recipient, call receiver The AG decrypts the encrypted media stream with the same session key. Similarly, the session key may be encrypted by the SS with the shared key obtained in the registration process of the call recipient AG and transmitted to the call recipient AG, except that the registration process is the registration process of the call receiver AG to the SS. .
为实现上述安全协商会话密钥的方法, 本发明相应提供了一种安全协 商会话密钥的装置, 如图 4所示, 该装置包括:  In order to implement the foregoing method for securely negotiating a session key, the present invention provides a device for securely negotiating a session key. As shown in FIG. 4, the device includes:
共享密钥的产生及存储模块, 用于在 AG向 SS注册成功后产生共享密 钥, 并存储已产生的共享密钥; 其中, 所述共享密钥的产生及存储模块分 别位于 AG及 SS中;  a shared key generation and storage module, configured to generate a shared key after the AG successfully registers with the SS, and store the generated shared key; wherein the shared key generation and storage module are respectively located in the AG and the SS ;
会话密钥的分配模块, 用于为每次会话分配会话密钥; 其中, 所述会 话密钥的分配模块位于 SS中;  a session key allocation module, configured to allocate a session key for each session; wherein, the allocation module of the session key is located in the SS;
会话密钥的加密模块, 用于利用所述共享密钥对所分配的会话密钥进 行加密; 其中, 所述会话密钥的加密模块位于 SS中;  An encryption module of the session key, configured to encrypt the allocated session key by using the shared key; wherein the encryption module of the session key is located in the SS;
会话密钥的发送模块, 用于发送加密的会话密钥; 其中, 所述会话密 钥的发送模块位于 SS中;  a sending module of the session key, configured to send the encrypted session key; wherein, the sending module of the session key is located in the SS;
会话密钥的接收模块, 用于接收加密的会话密钥; 其中, 所述会话密 钥的接收模块位于 AG中; 及  a receiving module of the session key, configured to receive the encrypted session key; wherein, the receiving module of the session key is located in the AG;
会话密钥的解密模块, 用于利用所述共享密钥对收到的已加密的会话 密钥进行解密; 其中, 所述会话密钥的解密模块位于 AG中。  a decryption module of the session key, configured to decrypt the received encrypted session key by using the shared key; wherein the decryption module of the session key is located in the AG.
进一步地, 所述装置还包括: 媒体流的加密模块, 用于利用解密后的 会话密钥对会话中需发送的媒体流进行加密; 及媒体流的解密模块, 用于 利用解密后的会话密钥对会话中接收到的媒体流进行解密;  Further, the device further includes: an encryption module of the media stream, configured to encrypt the media stream to be sent in the session by using the decrypted session key; and a decryption module of the media stream, configured to utilize the decrypted session secret The key decrypts the media stream received in the session;
其中, 媒体流的加密模块及媒体流的解密模块位于 AG中。  The encryption module of the media stream and the decryption module of the media stream are located in the AG.
由以上分析可知, 本发明一直采用注册流程中协商获得的共享密钥对 每次分配的会话密钥进行加密, 这种方式容易实施、 且安全又筒便。 进一 步地, 经过加密后的媒体流在传输过程中即使被截获, 由于难以得到会话 密钥而不能恢复出语音信息, 因此, 本发明能有效地确保语音通话的安全。 It can be seen from the above analysis that the present invention always encrypts the session key allocated each time by using the shared key negotiated in the registration process, which is easy to implement and safe and convenient. Enter one Step by step, even if the encrypted media stream is intercepted during transmission, the voice information cannot be recovered because the session key is difficult to obtain, and therefore the present invention can effectively ensure the security of the voice call.
下面详细说明 AG与 SS通过注册流程分别获取共享密钥 KEY-AG、 KEY-SS的过程, 该注册流程是基于 H.248协议运行的。  The process of obtaining the shared key KEY-AG and KEY-SS by the AG and SS respectively through the registration process is described in detail below. The registration process is based on the H.248 protocol.
在说明之前, 先介绍一下将在注册过程中使用到的四个静态配置的鉴 权认证参数:  Before the description, let's introduce the authentication parameters of the four static configurations that will be used during the registration process:
初始共享密钥 Ki, 长度通常为 128位;  The initial shared key Ki, usually 128 bits in length;
网关设备识别码 MGID, 长度通常为 128位;  Gateway device identifier MGID, usually 128 bits in length;
用于 DH交换的底数 g和模数 P, g通常在 2、 3、 5、 7和 9中选值, P 为质数, 其长度通常为 768位。  The base g and modulus for DH exchange P, g are usually chosen in 2, 3, 5, 7 and 9. P is a prime number and is usually 768 bits long.
这些鉴权认证参数在初始配置时就由 AG本身和管理该 AG的 SS分别 获知, 并不在 H.248协议接口上公开传送。  These authentication and authentication parameters are known by the AG itself and the SS managing the AG in the initial configuration, and are not publicly transmitted on the H.248 protocol interface.
如图 5a和图 5b所示, AG向 SS请求注册的流程包括以下步骤: 步骤 401 , AG向 SS发送服务更改( ServiceChange ) 消息请求注册, 且 ServiceChange消息中携带有用于认证的 X字段, 包括: 算法 ID、 随机 数 Rand_mg、 用于 DH交换的密钥 A及接入网关的数字签名 MGAUTH; 以下详述用于认证的 X字段的由来: As shown in FIG. 5a and FIG. 5b, the process for the AG to request registration from the SS includes the following steps: Step 401: The AG sends a service change (ServiceChange) message to the SS to request registration, and the ServiceChange message carries an X field for authentication, including: Algorithm ID, random number Rand_mg, key A for DH exchange, and digital signature MG AUTH for access gateway; The following details the origin of the X field used for authentication:
AG首先产生一个通常为 64位的随机数 Rand_mg、 以及一个用于 DH 交换的私人数字 a, 其通常为 32位的随机数;  The AG first generates a random number Rand_mg, typically 64 bits, and a private number a for DH exchange, which is typically a 32-bit random number;
接着, 按公式(2 )计算用于 DH交换的密钥 A:  Next, calculate the key A for DH exchange according to formula (2):
A=gamod ( P ) ( 2 ) A=g a mod ( P ) ( 2 )
然后, 按公式(3 )计算 AG的数字签名 MGAUTH: Then, calculate the digital signature MG AUTH of the AG according to formula (3):
MGAUTH=MD5 ( Ki, MGID, A, Rand_mg ) ( 3 ) 这里, 计算数字签名 MGAUTH时采用 MD5算法, 实际应用中, 也可选 用其他的加密算法, 在此不再——列举; 如此, 即得到四个用于认证的 X字段: MG A UTH=MD5 ( Ki, MGID, A, Rand_mg ) ( 3 ) Here, the MD5 algorithm is used to calculate the digital signature MG AUTH . In actual applications, other encryption algorithms may also be used, which are not enumerated here; So, you get four X fields for authentication:
X-EA——算法 ID, 本发明采用 MD5算法, 并赋值为 1;  X-EA - algorithm ID, the invention uses the MD5 algorithm and is assigned a value of 1;
X-RANDOM—— AG 生成、 用于计算 MGAUTH的随机数, 赋值为 Rand_mg; X-RANDOM - the random number generated by the AG for calculating MG AUTH , assigned as Rand_mg;
X-DH—— AG根据 g、 a、 P计算出来的用于 DH交换的密钥, 赋值为 X-DH - the key used by the AG for DH exchange based on g, a, P, assigned
A; A;
X-AUTH—— AG计算出来的数字签名, 赋值为 MGAUTHX-AUTH - The digital signature calculated by the AG, assigned the value MG AUTH .
步骤 402~404 , SS利用收到的 ServiceChange消息中的随机数 Rand_mg、 密钥 A及算法 ID计算鉴权值 MGRES, 并判断鉴权值 MGRES是否等于 AG 的数字签名 MGAUTH, 如果二者相等, 则 SS向 AG发送正确应答( Reply ) 消息, 否则, 发送错误 Reply消息, 并结束当前认证流程; Steps 402 to 404, the SS calculates the authentication value MGRES by using the random number Rand_mg, the key A, and the algorithm ID in the received ServiceChange message, and determines whether the authentication value MGRES is equal to the digital signature MG AUTH of the AG. If the two are equal, Then the SS sends a correct Reply message to the AG, otherwise, sends an error Reply message, and ends the current authentication process;
其中, 按公式(4 )计算鉴权值 MGRES:  Wherein, the authentication value MGRES is calculated according to formula (4):
MGRES=MD5 ( Ki, MGID, A, Rand_mg ) ( 4 ) 如果 MGRES=MGAUTH, 则说明是合法的 AG发过来的认证信息, 故认 证通过; 否则认证拒绝。 MGRE S =MD5 ( Ki, MGID, A, Rand_mg ) ( 4 ) If MGRE S = MG AUT H, it means that the authentication information sent by the legal AG is passed, so the authentication passes; otherwise, the authentication is rejected.
步骤 405, SS向 AG发送正确 Reply消息后, 首先利用自身生成的私 人数字 b计算得到用于 DH交换的密钥 B, 并利用密钥 A和私人数字 b计 算得到共享密钥 KEY-SS, 接着再生成随机数 Rand_ss , 然后利用所述密钥 B、 共享密钥 KEY-SS、 随机数 Rand_ss及算法 ID计算得到 SS的数字签名 SSAUTH;  Step 405: After sending the correct Reply message to the AG, the SS first calculates the key B for DH exchange by using the private number b generated by itself, and calculates the shared key KEY-SS by using the key A and the private number b, and then Regenerating the random number Rand_ss, and then calculating the digital signature SSAUTH of the SS by using the key B, the shared key KEY-SS, the random number Rand_ss, and the algorithm ID;
其中, SS确认是合法的 AG发过来的认证信息后, SS首先产生一个用 于 DH交换的私人数字 b, 其通常为 32位的随机数, 并按公式( 5 )计算用 于 DH交换的密钥 B:  After the SS confirms that the authentication information sent by the legal AG is sent, the SS first generates a private number b for the DH exchange, which is usually a 32-bit random number, and calculates the density for the DH exchange according to the formula (5). Key B:
B=gbmod ( P ) ( 5 ) B=g b mod ( P ) ( 5 )
并按公式( 6 )计算将与 AG共享的鉴权密钥 KEY-SS: KEY-SS= Abmod ( P ) = gabmod ( P ) ( 6 ) And calculate the authentication key KEY-SS to be shared with the AG according to formula (6): KEY-SS= A b mod ( P ) = g ab mod ( P ) ( 6 )
接着 SS再生成一个通常为 64位的随机数 Rand_ss , 按公式( 7 )计算 SS的数字签名 SSAUTH: Then SS generates a random number Rand_ss, usually 64 bits, and calculates the digital signature SS AUTH of SS according to formula (7):
SSAUTH=MD5 ( KEY-SS, Ki, B , Rand_ss ) ( 7 ) 步骤 406 , SS向 AG发送修改( Modify )消息, 所述 Modify消息中携 带有由步骤 405得到的用于认证的字段, 包括 ea、 random, dhkey和 key 信息: SS AUTH = MD5 ( KEY-SS, Ki, B, Rand_ss ) (7) Step 406, the SS sends a Modify message to the AG, where the Modify message carries the field for authentication obtained by step 405, including Ea, random, dhkey, and key information:
ea——算法 ID, 本发明采用 MD5算法, 并赋值为 1 ;  Ea - algorithm ID, the invention uses the MD5 algorithm and is assigned a value of 1;
random—— SS生成、 用于计算 SS AUTH的随机数, 赋值为 Rand_ss; dhkey—— SS根据 g、 b、 P计算出来的用于 DH交换的密钥,赋值为 B; key—— SS计算出来的数字签名, 赋值为 SSAUTHRandom - SS generation, a random number used to calculate SS AUTH , assigned Rand_ss; dhkey - the key used by SS for DH exchange based on g, b, P, assigned B; key - SS is calculated The digital signature is assigned to SS AUTH .
步骤 407~409, AG收到 Modify消息后, 首先利用自身的私人数字 a 及 Modify消息中的密钥 B计算得到共享密钥 KEY-AG,再利用该共享密钥 KEY-AG及收到的随机数 Rand_ss、密钥 B与算法 ID计算鉴权值 SSRES,并 判断鉴权值 SSRES是否等于 SS的数字签名 SSAUTH, 如果二者相等, 则 AG 向 SS发送正确 Reply消息, 否则, 发送错误 Reply消息, 并结束当前认证 流程; Steps 407~409, after receiving the Modify message, the AG first calculates the shared key KEY-AG by using its own private number a and the key B in the Modify message, and then uses the shared key KEY-AG and the received random number. The number Rand_ss, the key B and the algorithm ID calculate the authentication value SSRE S , and determine whether the authentication value SSRES is equal to the digital signature SS AUTH of the SS. If the two are equal, the AG sends the correct Reply message to the SS, otherwise, the error Reply is sent. Message, and end the current certification process;
其中, 按公式(8 )计算共享密钥 KEY-AG:  Wherein, the shared key KEY-AG is calculated according to formula (8):
KEY-AG= Bamod ( P ) = gabmod ( P ) ( 8 ) 按公式( 9 )计算鉴权值 SSRES: KEY-AG= B a mod ( P ) = g ab mod ( P ) ( 8 ) Calculate the authentication value SSRES according to formula ( 9 ):
SSRES: MD5 ( KEY- AG, Ki, B , Rand_ss ) ( 9 ) 如果 SSRES=SSAUTH, 则说明是合法的 SS发过来的信息, 这表示 AG与 SS相互鉴权认证成功, 也即表示 AG向 SS请求注册成功。 之后, SS就可 以利用该注册过程中获得的共享密钥 KEY-SS对会话密钥加密, AG则可利 用共享密钥 KEY-AG对被加密的会话密钥解密。 由于本发明一直使用注册 过程获得的共享密钥对每次呼叫的会话密钥加密, 故用于生成该共享密钥 的私人数字 a、 b会在整个 H.248协议会话期间始终保留 /使用。 如果注册失 败, 则 SS、 AG就均不能使用共享密钥。 SSRES: MD5 ( KEY- AG, Ki, B, Rand_ss ) ( 9 ) If SSRE S =SS AUT H, it means that the information sent by the legal SS is successful, which means that the mutual authentication of the AG and the SS is successful, that is, The AG requests the SS to register successfully. After that, the SS can encrypt the session key by using the shared key KEY-SS obtained in the registration process, and the AG can decrypt the encrypted session key by using the shared key KEY-AG. Since the invention has been used for registration The shared key obtained by the process encrypts the session key for each call, so the private numbers a, b used to generate the shared key are always reserved/used throughout the H.248 protocol session. If the registration fails, neither SS nor AG can use the shared key.
在 AG向 SS成功注册后的 H.248协议接口运行过程中, 为防止非法实 体冒充 AG向 SS发送消息, 或冒充 SS向 AG发送消息, SS可定期向 AG 进行鉴权, 该鉴权过程如下所述:  During the operation of the H.248 protocol interface after the AG successfully registers with the SS, the SS can periodically authenticate the AG to prevent the illegal entity from impersonating the AG to send a message to the SS, or to impersonate the SS to send a message to the AG. The authentication process is as follows: Said:
步骤 410 , SS向 AG发送 Modify消息进行鉴权, Modify消息中携带有 用于认证的字段, 包括: 算法 ID、 随机数 d及 SS的数字签名 SSAUTH; 以下说明这些用于认证的字段的由来: Step 410: The SS sends a Modify message to the AG for authentication. The Modify message carries a field for authentication, including: an algorithm ID, a random number d, and a digital signature SS AUTH of the SS. The following describes the origin of the fields used for authentication:
SS首先产生一个通常为 128位的随机数 d,然后使用共享密钥 KEY-SS 按公式( 10 )计算 SS的数字签名 SSAUTH: The SS first generates a random number d, usually 128 bits, and then uses the shared key KEY-SS to calculate the digital signature SS AUTH of the SS according to equation (10):
SSAUTH=MD5 ( KEY-SS , d ) ( 10 ) 如此, 即得到用于认证的字段, 包括 ea、 random和 key信息: ea——算法 ID, 本发明采用 MD5算法, 并赋值为 1 ; SS AUTH =MD5 ( KEY-SS , d ) ( 10 ) In this way, the field for authentication is obtained, including ea, random and key information: ea - algorithm ID, the invention adopts the MD5 algorithm and is assigned a value of 1;
random—— SS生成、 用于计算 SSAUTH的随机数, 赋值为 d; Random - SS generated, a random number used to calculate SS AUTH , assigned the value d;
key—— SS计算出来的数字签名, 赋值为 SSAUTHKey - the digital signature calculated by SS, assigned the value SS AUTH .
步骤 411~413 , AG收到 Modify 消息后, 利用共享密钥 KEY- AG及 Modify消息中的随机数 d与算法 ID计算鉴权值 SSRES ,并判断鉴权值 SSRES 是否等于 SS的数字签名 SSauth, 如果二者相等, 说明是合法的 SS发过来 的认证信息, 则 AG利用共享密钥 KEY-AG、 随机数 d及算法 ID计算 AG 的数字签名 MGAUTH, 之后向 SS发送正确 Reply消息, 且所述 Reply消息 中携带有用于认证的字段, 包括: 算法 ID及 AG的数字签名 MGAUTH; 否 贝' J , 说明 SS是非法的, 则 AG向 SS发送错误 Reply消息, 且所述 Reply 消息中不携带任何认证字段, 以防止非法实体获取 AG 的鉴权信息, 并结 束当前鉴权流程。 其中, AG按公式( 11 )计算鉴权值 SSRES: Steps 411~413, after receiving the Modify message, the AG calculates the authentication value SSRES by using the random number d in the shared key KEY-AG and the Modify message and the algorithm ID, and determines whether the authentication value SSRES is equal to the digital signature SS auth of the SS. If the two are equal, indicating that the authentication information is sent by the legal SS, the AG calculates the digital signature MG AUTH of the AG by using the shared key KEY-AG, the random number d, and the algorithm ID, and then sends the correct Reply message to the SS, and The Reply message carries a field for authentication, including: an algorithm ID and a digital signature MG AUTH of the AG; if the SS is illegal, the AG sends an error Reply message to the SS, and the Reply message is in the Reply message. Does not carry any authentication field to prevent the illegal entity from obtaining the authentication information of the AG and ends the current authentication process. Among them, AG calculates the authentication value SSRES according to formula (11):
SSRES=MD5 ( KEY- AG, d ) ( 11 ) SSRE S =MD5 ( KEY- AG, d ) ( 11 )
以下说明所述正确 Reply消息中用于认证的字段的由来:  The following describes the origin of the field used for authentication in the correct Reply message:
AG使用共享密钥 KEY-AG、 MGID和 SS在 Modify消息中携带过来的 随机数 d按公式( 12 )计算 AG的数字签名 MGAUTH: The AG uses the shared key KEY-AG, MGID, and SS to carry the random number d carried in the Modify message to calculate the digital signature MG AUTH of the AG according to formula (12):
MGAUTH=MD5 ( KEY- AG, MGID, d ) ( 12 ) 如此, 即得到用于认证的字段, 包括 ea和 key信息: MG A UTH=MD5 ( KEY- AG, MGID, d ) ( 12 ) In this way, the fields for authentication, including ea and key information, are obtained:
ea——算法 ID, 本发明采用 MD5算法, 并赋值为 1;  Ea - algorithm ID, the invention uses the MD5 algorithm and is assigned a value of 1;
key—— AG计算出来的数字签名, 赋值为 MGAUTHKey - the digital signature calculated by the AG, assigned the value MG AUTH .
步骤 414, SS收到正确 Reply消息后, 利用共享密钥 KEY-SS、 MGID, 随机数 d以及所述正确 Reply消息中携带的算法 ID, 计算出 AG的鉴权值 MGRES, 并判断鉴权值 MGRES是否等于 AG的数字签名 MGauth。 如果二者 相等, 则说明 AG是合法的, 因此鉴权成功; 否则, 说明 AG是非法的, 则 鉴权失败; Step 414, after receiving the correct Reply message, the SS calculates the authentication value MGRES of the AG by using the shared key KEY-SS, the MGID, the random number d, and the algorithm ID carried in the correct Reply message, and determines the authentication value. Whether MGRES is equal to the digital signature MG auth of the AG. If the two are equal, the AG is legal, so the authentication succeeds; otherwise, if the AG is illegal, the authentication fails;
其中, SS按公式( 13 )计算 MGRES:  Where SS calculates MGRES according to formula (13):
MGRES = MD5 ( KEY-SS , MGID, d ) ( 13 ) 至此, 整个鉴权过程结束。 如果鉴权失败, 非法的 AG就不能获得会 话密钥, 进而保证会话中传输的媒体流的安全。  MGRES = MD5 ( KEY-SS , MGID, d ) ( 13 ) At this point, the entire authentication process ends. If the authentication fails, the illegal AG cannot obtain the session key, thereby ensuring the security of the media stream transmitted in the session.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种安全协商会话密钥的方法, 接入网关向软交换注册成功后, 二 者分别获取共享密钥, 并各自在自身存储所述共享密钥; 其特征在于, 该 方法还包括:  A method for securely negotiating a session key. After the access gateway successfully registers with the softswitch, the two obtain the shared key separately, and each of the storage keys is stored in the storage gateway. The method further includes:
已注册的接入网关每次进行会话前, 所述软交换根据接入网关的请求 为会话分配会话密钥, 并且用所述共享密钥对所分配的会话密钥进行加密, 之后将加密的会话密钥发送给所述接入网关;  Each time the registered access gateway performs a session, the softswitch assigns a session key to the session according to the request of the access gateway, and encrypts the allocated session key with the shared key, and then encrypts the session key. Sending a session key to the access gateway;
所述接入网关每次收到加密的会话密钥后, 均用所述共享密钥对已加 密的会话密钥进行解密, 获取会话密钥。  Each time the access gateway receives the encrypted session key, the shared session key is decrypted by the shared key to obtain a session key.
2、 根据权利要求 1所述的安全协商会话密钥的方法, 其特征在于, 所 述接入网关解密会话密钥后, 该方法还包括:  The method for securely negotiating a session key according to claim 1, wherein after the access gateway decrypts the session key, the method further includes:
所述接入网关用解密后的会话密钥对会话中需发送的媒体流加密、 或 对会话中接收到的媒体流解密。  The access gateway encrypts the media stream to be sent in the session with the decrypted session key, or decrypts the media stream received in the session.
3、根据权利要求 1或 2所述的安全协商会话密钥的方法,其特征在于, 所述用共享密钥对会话密钥进行加密或解密的算法为 MD5。  The method for securely negotiating a session key according to claim 1 or 2, wherein the algorithm for encrypting or decrypting the session key with the shared key is MD5.
4、 一种安全协商会话密钥的装置, 其特征在于, 该装置包括共享密钥 的产生及存储模块、 会话密钥的分配模块、 会话密钥的加密模块、 会话密 钥的发送模块、 会话密钥的接收模块和会话密钥的解密模块, 其中:  A device for securely negotiating a session key, the device comprising a shared key generation and storage module, a session key allocation module, a session key encryption module, a session key sending module, and a session a key receiving module and a session key decrypting module, wherein:
共享密钥的产生及存储模块, 用于在接入网关向软交换注册成功后产 生共享密钥, 并存储所述已产生的共享密钥;  a shared key generation and storage module, configured to generate a shared key after the access gateway successfully registers with the softswitch, and store the generated shared key;
会话密钥的分配模块, 用于为每次会话分配会话密钥;  a session key allocation module, configured to allocate a session key for each session;
会话密钥的加密模块, 用于利用所述共享密钥对所分配的会话密钥进 行力口密;  An encryption module of the session key, configured to use the shared key to perform a strong secret on the assigned session key;
会话密钥的发送模块, 用于发送加密的会话密钥;  a sending module of the session key, configured to send the encrypted session key;
会话密钥的接收模块, 用于接收加密的会话密钥; 会话密钥的解密模块, 用于利用所述共享密钥对收到的已加密的会话 密钥进行解密。 a receiving module of the session key, configured to receive the encrypted session key; a decryption module of the session key, configured to decrypt the received encrypted session key by using the shared key.
5、 根据权利要求 4所述的安全协商会话密钥的装置, 其特征在于, 所 述共享密钥的产生及存储模块分别位于所述接入网关及软交换中。  The device for securely negotiating a session key according to claim 4, wherein the shared key generation and storage module is located in the access gateway and the softswitch, respectively.
6、 根据权利要求 5所述的安全协商会话密钥的装置, 其特征在于, 所 述会话密钥的分配模块及会话密钥的加密模块位于所述软交换中, 所述会 话密钥的解密模块位于所述接入网关中。  The apparatus for securely negotiating a session key according to claim 5, wherein the session key allocation module and the session key encryption module are located in the softswitch, and the session key is decrypted. The module is located in the access gateway.
7、 根据权利要求 6所述的安全协商会话密钥的装置, 其特征在于, 所 述会话密钥的发送模块位于所述软交换中, 所述会话密钥的接收模块位于 所述接入网关中。  The apparatus for securely negotiating a session key according to claim 6, wherein the sending module of the session key is located in the softswitch, and the receiving module of the session key is located in the access gateway. in.
8、 根据权利要求 4所述的安全协商会话密钥的装置, 其特征在于, 所 述装置还包括媒体流的加密模块和媒体流的解密模块, 其中:  The device for securely negotiating a session key according to claim 4, wherein the device further comprises an encryption module of the media stream and a decryption module of the media stream, wherein:
媒体流的加密模块, 用于利用解密后的会话密钥对会话中需发送的媒 体流进行加密;  An encryption module of the media stream, configured to encrypt the media stream to be sent in the session by using the decrypted session key;
媒体流的解密模块, 用于利用解密后的会话密钥对会话中接收到的媒 体流进行解密。  A decryption module of the media stream, configured to decrypt the media stream received in the session by using the decrypted session key.
9、 根据权利要求 8所述的安全协商会话密钥的装置, 其特征在于, 所 述媒体流的加密模块及媒体流的解密模块位于所述接入网关中。  9. The apparatus for securely negotiating a session key according to claim 8, wherein the encryption module of the media stream and the decryption module of the media stream are located in the access gateway.
PCT/CN2009/074792 2009-01-23 2009-11-04 Method and apparatus for securely negotiating session key WO2010083695A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910077579.0 2009-01-23
CN200910077579.0A CN101790160A (en) 2009-01-23 2009-01-23 Method and device for safely consulting session key

Publications (1)

Publication Number Publication Date
WO2010083695A1 true WO2010083695A1 (en) 2010-07-29

Family

ID=42355513

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074792 WO2010083695A1 (en) 2009-01-23 2009-11-04 Method and apparatus for securely negotiating session key

Country Status (2)

Country Link
CN (1) CN101790160A (en)
WO (1) WO2010083695A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917711B (en) * 2010-08-25 2015-09-16 中兴通讯股份有限公司 A kind of method of mobile communication system and voice call encryption thereof
CN103888263B (en) * 2014-04-04 2017-07-11 国建正坤数字科技(北京)有限公司 A kind of security solution method for being applied to mobile business affairs system
CN103997796A (en) * 2014-05-28 2014-08-20 工业和信息化部电信传输研究所 Method for processing service data
CN104486077B (en) * 2014-11-20 2017-09-15 中国科学院信息工程研究所 A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission
CN107454042A (en) * 2016-05-31 2017-12-08 中兴通讯股份有限公司 Message sending, receiving method and device
CN110719161A (en) * 2018-07-13 2020-01-21 杭州海康威视数字技术股份有限公司 Security parameter interaction method, device, equipment and system
CN109845184A (en) * 2018-08-29 2019-06-04 区链通网络有限公司 A kind of data ciphering method and device of instant messaging
CN110493263B (en) * 2019-09-17 2022-05-24 北京元安物联技术有限公司 Gateway offline authentication method, device and system and computer readable storage medium
CN115801388B (en) * 2022-11-11 2024-04-09 中国联合网络通信集团有限公司 Message transmission method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700640A (en) * 2005-06-17 2005-11-23 中兴通讯股份有限公司 Security system and method for accessing fixed network user to IP multimedia subsystem
US20080162939A1 (en) * 2006-12-28 2008-07-03 Yong Lee Multi-hop wireless network system and authentication method thereof
CN101330504A (en) * 2007-06-28 2008-12-24 中兴通讯股份有限公司 Method for implementing transport layer safety of SIP network based on sharing cryptographic key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700640A (en) * 2005-06-17 2005-11-23 中兴通讯股份有限公司 Security system and method for accessing fixed network user to IP multimedia subsystem
US20080162939A1 (en) * 2006-12-28 2008-07-03 Yong Lee Multi-hop wireless network system and authentication method thereof
CN101330504A (en) * 2007-06-28 2008-12-24 中兴通讯股份有限公司 Method for implementing transport layer safety of SIP network based on sharing cryptographic key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Access security for IP-based services (Release 8)", 3GPP TS 33.203 V8.5.0, December 2008 (2008-12-01), pages 17 - 24 *

Also Published As

Publication number Publication date
CN101790160A (en) 2010-07-28

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
WO2010083695A1 (en) Method and apparatus for securely negotiating session key
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
EP1169833B1 (en) Key management between a cable telephony adapter and associated signaling controller
WO2017185692A1 (en) Key distribution and authentication method, apparatus and system
CN104683304B (en) A kind of processing method of secure traffic, equipment and system
US7813509B2 (en) Key distribution method
US7957320B2 (en) Method for changing a group key in a group of network elements in a network system
KR100852146B1 (en) System and method for lawful interception using trusted third parties in voip secure communications
CN1602611A (en) Lawful interception of end-to-end encrypted data traffic
JP2003298568A (en) Authenticated identification-based cryptosystem with no key escrow
WO2009021441A1 (en) Transmitting and receiving method, apparatus and system for security policy of multicast session
WO2010124482A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
WO2009143766A1 (en) Method, system for distributing key and method, system for online updating public key
WO2011041962A1 (en) Method and system for end-to-end session key negotiation which support lawful interception
WO2007073659A1 (en) Terminal access method based on h.323 protocol applied to packet network
WO2023231817A1 (en) Data processing method and apparatus, and computer device and storage medium
WO2008040213A1 (en) Message encryption and signature method, system and device in communication system
WO2016134631A1 (en) Processing method for openflow message, and network element
RU2006140776A (en) POSSIBILITY OF QUICK AND PROTECTED CONNECTIONS FOR MOBILE UNIT
Ignjatic et al. MIKEY-RSA-R: An additional mode of key distribution in Multimedia Internet KEYing (MIKEY)
WO2017197968A1 (en) Data transmission method and device
WO2008083607A1 (en) Method and system of safely transferring media stream
ES2402862T3 (en) A method and system to distribute the session key through zones with multiple access controllers, Gatekeeper, according to the direct routing mode
CN116321158A (en) Certificate-based local UE authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09838662

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09838662

Country of ref document: EP

Kind code of ref document: A1