WO2012096496A2 - Method and apparatus for encrypting short data in a wireless communication system - Google Patents

Method and apparatus for encrypting short data in a wireless communication system Download PDF

Info

Publication number
WO2012096496A2
WO2012096496A2 PCT/KR2012/000236 KR2012000236W WO2012096496A2 WO 2012096496 A2 WO2012096496 A2 WO 2012096496A2 KR 2012000236 W KR2012000236 W KR 2012000236W WO 2012096496 A2 WO2012096496 A2 WO 2012096496A2
Authority
WO
WIPO (PCT)
Prior art keywords
cmac
tek
short data
terminal
rng
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2012/000236
Other languages
English (en)
French (fr)
Other versions
WO2012096496A3 (en
Inventor
Young-Kyo Baek
Hyun-Jeong Kang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to CN201280012112.8A priority Critical patent/CN103430478B/zh
Priority to JP2013548363A priority patent/JP5855127B2/ja
Publication of WO2012096496A2 publication Critical patent/WO2012096496A2/en
Publication of WO2012096496A3 publication Critical patent/WO2012096496A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present invention relates to a wireless communication system, and more particularly, to a method and apparatus for encrypting a short data burst.
  • SMS Short Messaging Service
  • SMS delivers text messages of a limited length between MSs irrespective of the communication state of a receiving MS, in other words, between MSs in idle modes.
  • the SMS limits a text message to about 80 bytes on a liquid crystal screen.
  • the use rate of the SMS is soaring, from personal usages to business usages.
  • the SMS has recently found its use in a wide range of group messaging, scheduled message transmission, e-mail reception notification, personal credit information management, financial information notification, and the like.
  • an aspect of embodiments of the present disclosure is to provide a method and apparatus for encrypting short data transmitted in idle mode in a wireless communication system.
  • Another aspect of embodiments of the present disclosure is to provide a method and apparatus for encrypting short data transmitted by an idle mode terminal in a wireless communication system.
  • a method for encrypting short data at a terminal in a wireless communication system in which a short data burst is generated in idle mode, a Traffic Encryption Key (TEK) is generated using a Cipher-based Message Authentication Code (CMAC)-TEK prekey derived from an Authorization Key (AK) related to Security Association (SA) between the terminal and a Base Station (BS), the AK being acquired in advance through authentication during initial network entry, a nonce is constructed with a Packet Number (PN) identical to an uplink CMAC PN (CMAC-PN_U) transmitted together with a Ranging Request (RNG-REQ) message carrying the short data burst, the short data burst is encrypted using the TEK and the nonce, a Medium Access Control (MAC) Protocol Data Unit (PDU) is generated by attaching a MAC header and a CMAC digest for integrity protection to the RNG-REQ message carrying the encrypted short data burst,
  • CMAC Cipher-based Message Authentication
  • a method for decrypting short data at a BS in a wireless communication system in which a MAC PDU that includes an RNG-REQ message including an encrypted short data burst, a MAC header, and a CMAC digest for integrity protection is received from a terminal in idle mode, a TEK is generated using a CMAC-TEK prekey derived from an AK related to SA between the terminal and the BS, a nonce is constructed with a PN identical to an uplink CMAC PN (CMAC-PN_U) transmitted together with the RNG-REQ message, and the encrypted short data burst is decrypted using the TEK and the nonce.
  • the CMAC-PN_U is included in the CMAC digest.
  • a terminal apparatus for encrypting short data in a wireless communication system in which a generator generates a short data burst in idle mode, an encryptor generates a TEK using a CMAC-TEK prekey derived from an AK related to SA between the terminal and a BS, the AK being acquired in advance through authentication during initial network entry, constructs a nonce with a PN identical to an uplink CMAC PN (CMAC-PN_U) transmitted together with an RNG-REQ message carrying the short data burst, and encrypts the short data burst using the TEK and the nonce, and a transmitter generates a MAC PDU by attaching a MAC header and a CMAC digest for integrity protection to the RNG-REQ message carrying the encrypted short data burst, and transmits the MAC PDU in a radio signal to the BS.
  • the CMAC-PN_U is included in the CMAC digest.
  • a BS apparatus for decrypting short data in a wireless communication system, in which a receiver receives a MAC PDU that includes an RNG-REQ message including an encrypted short data burst, a MAC header, and a CMAC digest for integrity protection from a terminal in idle mode, and a decryptor generates a TEK using a CMAC-TEK prekey derived from an AK related to SA between the terminal and the BS, constructs a nonce with a PN identical to an uplink CMAC PN (CMAC-PN_U) transmitted together with the RNG-REQ message, and decrypts the encrypted short data burst using the TEK and the nonce.
  • the CMAC-PN_U is included in the CMAC digest.
  • FIGURE 1 illustrates short data transmission according to an embodiment of the present disclosure
  • FIGURE 2A illustrates a typical format of a Medium Access Control (MAC) Protocol Data Unit (PDU) including a Ranging Request (RNG-REQ) message;
  • MAC Medium Access Control
  • PDU Protocol Data Unit
  • RNG-REQ Ranging Request
  • FIGURE 2B illustrates a format of a MAC PDU including an encrypted short data burst according to an embodiment of the present disclosure
  • FIGURE 5 illustrates a block diagram of a structure for encrypting a short data
  • FIGURE 7 illustrates a terminal for encrypting a short data according to an embodiment of the present disclosure.
  • FIGURE 8 illustrates a BS for decrypting a short data according to an embodiment of the present disclosure.
  • FIGURES 1 through 8, discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged wireless communication system. A detailed description of known functions and operations will not be given lest it should obscure the subject matter of the present disclosure.
  • FIGURE 1 illustrates short data transmission according to a preferred embodiment of the present disclosure.
  • a Mobile Station (MS) 120 within the cell area of a Base Station (BS) 110 transmits an intended text message in a radio signal to the BS 110 and the BS 110 transmits the text message to a receiving terminal 130.
  • the receiving terminal 130 can be another cellular MS, a PC, and the like.
  • the BS 110 and the MS 120 are called an Advanced BS (ABS) and an Advanced MS (AMS), respectively, and an air interface between the ABS and the AMS is called an Advanced Air Interface (AAI).
  • ABS Advanced BS
  • AMS Advanced MS
  • AAI Advanced Air Interface
  • a terminal When generating short data in the idle mode, a terminal transmits the short data burst, that is, SMS payload in an RNG-REQ message used for location update without network reentry, thereby save power.
  • the MAC PDU includes a MAC header 210, payload 220 including an RNG-REQ message, and a Cipher-based Message Authentication Code (CMAC) Digest 230 for error check and integrity protection. If the RNG-REQ message is used for SMS transmission, a short data burst 225 is encapsulated in the payload 220.
  • the CMAC Digest 230 includes a PMK_SN and a CMAC-PN_U related to Security Association (SA) between a BS and the terminal and a CMAC value calculated for the RNG-REQ message, for integrity protection of the RNG-REQ message.
  • SA Security Association
  • the PMK_SN is the Serial Number (SN) of a Pairwise Master Key (PMK) to verify the integrity of the RNG-REQ message.
  • the CMAC-PN_U is a CMAC Packet Number (PN) used on an Uplink (UL).
  • the MAC PDU format illustrated in FIGURE 2A supports the integrity protection of the RNG-REQ message, but not encryption of the short data burst 225.
  • FIGURE 2B illustrates a format of a MAC PDU including an encrypted short data burst according to a preferred embodiment of the present disclosure.
  • the MAC PDU includes a MAC header 240, payload 250 including an RNG-REQ message, and a CMAC Digest 260 for error check and integrity protection. Especially, an encrypted short data burst 255 is encapsulated in the payload 250.
  • the CMAC Digest 260 includes a PMK_SN, a CMAC-PN_U, and a CMAC value calculated for the RNG-REQ message.
  • the short data burst 255 can be encrypted in an Advanced Encryption Standard with Counter mode (AES-CTR) encryption scheme.
  • AES-CTR is one of encryption schemes supported by the IEEE 802.16m standard, in which text is encrypted without integrity verification. That is, since the integrity of the entire RNG-REQ message is ensured by the CMAC Digest 260, a change in the size of the MAC PDU can be minimized by encrypting the short data burst 255 through AES-CTR.
  • the AES-CTR scheme needs inputs of a Traffic Encryption Key (TEK) and a nonce N.
  • the TEK is derived from a CMAC-TEK prekey which is generated using a Master Session Key (MSK) and an AK derived from the MSK.
  • MSK Master Session Key
  • the terminal can acquire the MSK in an authentication procedure when it initially accesses the network, that is, during network entry and initialization.
  • the TEK can be derived by the following equation.
  • TEK Dot16KDF (CMAC-TEKprekay,SAID
  • COUNTER_TEK 0
  • Dot16KDF represents a predetermined key derivation function
  • SAID is an SA identification that identifies the SA between the BS and the terminal
  • COUNTER_TEK is a counter value used to derive different TEKs from the same SAID.
  • the SAID and COUNTER_TEK can be preset. For example, the SAID is set to 0x02 and the COUTNER_TEK is set to 0.
  • a TEK generated based on the CMAC-TEK prekey, SAID 0x02
  • the first two bytes of the nonce is filled with the length of the short data burst. If the Station ID (STID) and the Flow ID (FID) have not been assigned for a service flow of the terminal, STID and FID fields is set to all zeros (0's).
  • the Encryption Key Sequence (EKS) field is filled with 0's and the PN used to construct the nonce is set to the same value as the CMAC-PN_U to be sent with the RNG-REQ message.
  • the reason for using the CMAC-PN_U is that the RNG-REQ message does not have a PN, unlike a traffic MAC PDU.
  • the RNG-REQ message can include an encryption indicator indicating whether the short data burst 255 is encrypted or not.
  • the encryption indicator is 1 bit long, indicating whether the short data burst encapsulated in the RNG-REQ message is encrypted.
  • [Table 2] below illustrates an exemplary format of an RNG-REQ message including the encryption indicator.
  • FIGURE 3 is a flowchart illustrating a short data encryption operation of a terminal according to an embodiment of the present disclosure.
  • the terminal determines not to encrypt the short data burst in block 304, it jumps to block 308. Alternatively, if the terminal determines to encrypt the short data burst in block 304, the terminal proceeds to block 306. In block 306, the terminal generates a TEK needed for encryption of the short data burst using authorization-related parameters acquired during the initial network entry, that is, a CMAC-TEK prekey generated using an MSK and an AK derived from the MSK, constructs a nonce using the PN of a MAC PDU including an RNG-REQ message in which the short data burst is to be encapsulated, and encrypts the short data burst using the TEK and the nonce.
  • the PN can be set to a CMAC-PN_U included in the MAC PDU.
  • the terminal determines whether to perform CMAC protection for the RNG-REQ message in which the short data burst will be encapsulated in block 308, which is optional.
  • the determination of block 308 can be made in advance, for example, in the negotiation procedure during the initial network entry. If the terminal determines to perform CMAC protection, the terminal goes to block 310 and otherwise, it jumps to block 312.
  • the terminal In block 310, the terminal generates a CMAC key using the CMAC-TEK prekey and derives a CMAC value from the CMAC key, to be included in a CMAC Digest of the MAC PDU along with the RNG-REQ message.
  • the terminal generates the RNG-REQ message that includes the encrypted short data burst and optionally further includes a CMAC indicator and an SMS encryption indicator, constructs the MAC PDU by adding a MAC header and the CMAC Digest to the RNG-REQ message, and transmits the MAC PDU in a radio signal to a BS in block 312.
  • FIGURE 4 is a flowchart illustrating a short data decryption operation of a BS according to an embodiment of the present disclosure.
  • the BS receives a MAC PDU including an RNG-REQ message from an idle-mode terminal in block 402 and determines whether the RNG-REQ message is CMAC-protected based on a CMAC indicator included in the RNG-REQ message in block 404. If the CMAC indicator indicates that the RNG-REQ message is CMAC-protected, the BS proceeds to block 406. Otherwise, the BS discards the RNG-REQ message in block 418.
  • the BS acquires an AK context from an authenticator according to information included in the RNG-REQ message in order to authenticate the terminal. If the BS already has the AK context related to the terminal, block 406 may not be performed.
  • the BS then generates a CMAC key using a CMAC-TEK prekey derived from the AK and verifies the CMAC of the RNG-REQ message using the CMAC key in block 408. More specifically, the BS calculates a CMAC value for the RNG-REQ message using the CMAC key and compares the calculated CMAC value with a CMAC value set in a CMAC Digest attached to the RNG-REQ message.
  • the BS determines that the CMAC valuation of the RNG-REQ message is valid in block 410. If the CMAC valuation of the RNG-REQ message is not valid, the BS discards the RNG-REQ message in block 418. Alternatively, if the CMAC valuation of the RNG-REQ message is valid, the BS determines whether a short data burst encapsulated in the RNG-REQ message has been encrypted based on an encryption indicator included in the RNG-REQ message in block 412. If the encryption indicator indicates that the short data burst has not been encrypted, the BS jumps to block 416. If the encryption indicator indicates that the short data burst has been encrypted, the BS proceeds to block 414. In another embodiment of the present disclosure, if it is regulated that a short data burst is always encrypted, an RNG-REQ message does not include an encryption indicator and thus the BS proceeds directly to block 414 without performing block 412.
  • the BS In block 414, the BS generates the same TEK as used for encryption of the short data burst in the terminal, using the CMAC-TEK prekey, constructs a nonce using a CMAC-PN_U attached to the RNG-REQ message, and decrypts the short data burst encapsulated in the RNG-REQ message using the TEK and the nonce in block 414.
  • the BS performs a process including display of the decrypted short data burst.
  • an indicator indicating encryption of a Mobile-Originated (MO) short data burst can be included in a Subscriber Station Basic Capability Request (SBC-REQ) message transmitted by the terminal during its initialization or in a Subscriber Station Basic Capability Response (SBC-RSP) message with which the BS replies to the terminal in response to the SBC-REQ message.
  • SBC-REQ Subscriber Station Basic Capability Request
  • SBC-RSP Subscriber Station Basic Capability Response
  • the indicator can be included in a Registration Request (REG-REQ) message transmitted by the terminal during network registration or in a Registration Response (REG-RSP) message that the BS transmits to the terminal in response to the REG-REQ message.
  • REG-REQ Registration Request
  • REG-RSP Registration Response
  • Table 3 illustrates an exemplary format of an SBC-REQ/RSP message or an REG-REQ/RSP message that includes an MO SNS encryption indicator.
  • FIGURE 5 is a block diagram of a structure for encrypting a short data by AES-CTR.
  • an AES-CTR encryption module 504 encrypts an input TEK 502.
  • a combiner 506 combines a short data burst 508 with the encrypted TEK, thus producing an encrypted short data burst 510.
  • the encrypted short data burst 510 is not attached with additional payload such as an EKS and a PN, compared to encrypted traffic data. While a MAC PDU carrying traffic data is encrypted, only the short data burst is encrypted in the process of generating a MAC PDU carrying an RNG-REQ message in the embodiment of the present disclosure.
  • FIGURES 6A and 6B illustrate a procedure for generating a TEK according to an embodiment of the present disclosure.
  • a 512-bit MSK 602 is generated from an Authentication, Authorization, and Accounting (AAA) server and transmitted to an authenticator during authentication of a terminal.
  • the terminal generates the same MSK as generated in the AAA server during the authentication.
  • the terminal and the authenticator derive a 160-bit PMK 604 by truncating the MSK 602 to 160 bits.
  • the derivation of the PMK 604 from the MSK 602 can be expressed as:
  • the BS and the terminal can derive an AK 606 from the PMK 604 in an Extensible Authentication Protocol (EAP)-based authorization procedure and share the AK 606 between them.
  • EAP Extensible Authentication Protocol
  • the AK 606 can be generated by:
  • AK Dot16KDF (PMK, AMS Address
  • AMS Address can be the MAC address or MS ID (MSID) of the terminal.
  • MSID is a random value generated using the MAC address of the MS as a seed.
  • ABSID is the ID of the BS.
  • a TEK 614 is generated based on the AK 606.
  • a CMAC-TEK prekey 610 is generated by performing a KDF using the AK 606.
  • the CMAC-TEK prekey 610 is derived by
  • AK_COUNT is a counter value used to ensure that different CMAC keys and TEKs are used for the same BS-terminal pairs.
  • the 128-bit TEK 614 is generated using the CMAC-TEK prekey 610 as follows.
  • TEKi Dot16KDF (CMAC-TEK prekey, SAID
  • COUNTER_TEK I
  • a CMAC_KEY_U and a CMAC_KEY_D for the uplink and downlink can be generated using the CMAC-TEK prekey 610, and a CMAC value in a CMAC Digest attached to an RNG-REQ message is generated using the CMAC_KEY_U.
  • the CMAC value is given as
  • CMAC value Truncate (CMAC (CMAC_KEY_U, AK ID
  • STID is the station identifier of the terminal. If an STID is not assigned to the terminal, the STID can be set to '000000000000'.
  • AKID identifies an AK for protecting the message, generated as follows, for example.
  • AK ID Dot16KDF (AK, 0b0000
  • an AMSID or an MS MAC address can be used.
  • the terminal generates a CMAC value using a CMAC-TEK key derived from a CMAC-TEK prekey and transmits an RNG-REQ message together with the CMAC value to the BS in block 310.
  • the BS verifies the RNG-REQ message by comparing a CMAC value generated using a CMAC key derived from the CMAC-TEK prekey with the CMAC value attached to the RNG-REQ message.
  • the operations according to the afore-described embodiments can be implemented by providing memories that stores program codes corresponding to the operations in the BS and the terminal. That is, the BS and the terminal perform the operations by reading the program codes from the memories through a processor or a Central Processing Unit (CPU) and executing the program codes. Specifically, both or either of the BS and the terminal is configured so as to perform short data burst encryption/decryption according to the embodiments of the present disclosure.
  • CPU Central Processing Unit
  • FIGURE 7 is a block diagram of a terminal for encrypting a short data according to an embodiment of the present disclosure. While components of the terminal are shown in FIGURE 7 as separately configured, a plurality of components can be incorporated into a controller or a processor.
  • a short data generator 702 generates a short data burst to be transmitted to the peer.
  • An encryptor 704 encrypts the short data burst received from the short data generator 702 based on authorization-related parameters received from a memory 712 under the control of a controller 710. Specifically, the controller 710 determines whether to encrypt the short data burst according to a preliminary negotiation or a preset rule and controls the encryptor 704 according to the determination.
  • the memory 712 stores authorization-related parameters acquired during initial network entry, including a CMACK-TEK prekey derived from an MSK and an AK by the controller 712 and provides the CMAC-TEK prekey to the encryptor 704 under the control of the controller 712.
  • the encryptor 704 generates a TEK needed for encryption of the short data burst using the CMAC-TEK prekey, constructs a nonce using the PN of a MAC PDU including an RNG-REQ message in which the short data burst is encapsulated, and encrypts the short data burst using the TEK and the nonce.
  • the PN can be equal to a CMAC-PN_U included in the MAC PDU.
  • a message generator 706 constructs an RNG-REQ message including the short data burst encrypted by the encryptor 704 and generates a MAC PDU including a CMAC Digest with a CMAC value generated using the CMAC-TEK prekey.
  • a transmitter 708 transmits the MAC PDU in a radio signal to the BS.
  • FIGURE 8 is a block diagram of a BS for decrypting a short data according to an embodiment of the present disclosure. While components of the BS are shown in FIGURE 8 as separately configured, a plurality of components can be incorporated into a controller or a processor.
  • a receiver 802 receives a MAC PDU including an RNG-REQ message in a radio signal.
  • a message interpreter 804 parses a MAC header, the RNG-REQ message, and a CMAC Digest from the MAC PDU received from the receiver 802 and interprets them. Especially, the message interpreter 804 interprets the RNG-REQ message under the control of a controller 810 and extracts a short data burst from the RNG-REQ message.
  • a decryptor 806 decrypts the encrypted short data burst received from the message interpreter 804 based on authorization-related parameters received from a memory 812 under the control of the controller 810. Specifically, the controller 810 determines whether to decrypt the short data burst according to an encryption indicator included in the RNG-REQ message and controls the decryptor 806 according to the determination. In addition, the controller 810 acquires an AK context for authenticating the terminal from an authenticator according to information included in the RNG-REQ message, derives a CMAC-TEK prekey based on the AK context, and stores the CMAC-TEK prekey in the memory 812.
  • the decryptor 806 generates the same TEK as used for encrypting the short data burst in the terminal using the CMAC-TEK prekey received from the memory 812, constructs a nonce using a CMAC-PN_U attached to the RNG-REQ message, and decrypts the encrypted short data burst using the TEK and the nonce.
  • a short data processor 808 performs a necessary operation including display or output of the decrypted short data burst on a display.
  • the terminal can transmit important information securely.
  • the short data is encrypted using authorization-related parameters already known to both a BS and the terminal in a known encryption scheme without using additional parameters. Therefore, security is provided to the short data without increasing system and signaling overhead.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
PCT/KR2012/000236 2011-01-10 2012-01-10 Method and apparatus for encrypting short data in a wireless communication system Ceased WO2012096496A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201280012112.8A CN103430478B (zh) 2011-01-10 2012-01-10 用于在无线通信系统中加密短数据的方法和设备
JP2013548363A JP5855127B2 (ja) 2011-01-10 2012-01-10 無線通信システムにおける短文データの暗号化方法及び装置

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2011-0002474 2011-01-10
KR20110002474 2011-01-10

Publications (2)

Publication Number Publication Date
WO2012096496A2 true WO2012096496A2 (en) 2012-07-19
WO2012096496A3 WO2012096496A3 (en) 2012-12-06

Family

ID=46455260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/000236 Ceased WO2012096496A2 (en) 2011-01-10 2012-01-10 Method and apparatus for encrypting short data in a wireless communication system

Country Status (5)

Country Link
US (2) US8625798B2 (enExample)
JP (1) JP5855127B2 (enExample)
KR (1) KR101916034B1 (enExample)
CN (1) CN103430478B (enExample)
WO (1) WO2012096496A2 (enExample)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10298386B1 (en) * 2009-06-26 2019-05-21 Marvell International Ltd. Method and apparatus for secure communications in networks
US8625798B2 (en) * 2011-01-10 2014-01-07 Samsung Electronics Co., Ltd. Method and apparatus for encrypting short data in a wireless communication system
US9209886B2 (en) * 2012-01-10 2015-12-08 Electronics And Telecommunications Research Institute Terminal and communication method thereof
US9942210B2 (en) * 2012-05-23 2018-04-10 Nokia Technologies Oy Key derivation method and apparatus for local access under control of a cellular network
US9497142B2 (en) 2012-11-30 2016-11-15 T-Mobile Usa, Inc. Triggering actions on a computing device
US9398448B2 (en) * 2012-12-14 2016-07-19 Intel Corporation Enhanced wireless communication security
US10671546B2 (en) 2015-09-30 2020-06-02 Hewlett Packard Enterprise Development Lp Cryptographic-based initialization of memory content
DE102017204184A1 (de) * 2017-03-14 2018-09-20 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Authentisierte Bestätigungs- und Aktivierungsnachricht
WO2018214052A1 (en) * 2017-05-24 2018-11-29 Qualcomm Incorporated Uplink small data transmission in inactive state
WO2019067056A1 (en) * 2017-09-28 2019-04-04 Apple Inc. METHODS AND ARCHITECTURES OF SECURE TELEMETRY
CN110130703A (zh) * 2018-02-08 2019-08-16 郑州大学 智能立体车库模拟系统
SG10201906806XA (en) * 2019-07-23 2021-02-25 Mastercard International Inc Methods and computing devices for auto-submission of user authentication credential
CN116249105A (zh) * 2021-12-07 2023-06-09 中国移动通信有限公司研究院 密钥更新方法及装置
US20240235823A1 (en) * 2023-01-05 2024-07-11 Qualcomm Incorporated Broadcast and/or groupcast security for device-to-device positioning
CN116389138B (zh) * 2023-04-07 2023-11-24 深圳市众志天成科技有限公司 一种基于数据传输时的信息安全保护方法及装置

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030023117A (ko) * 2001-09-12 2003-03-19 에스케이 텔레콤주식회사 공개키 기반의 무선단문메시지 보안 및 인증방법
US7991158B2 (en) * 2006-12-13 2011-08-02 Tyfone, Inc. Secure messaging
CN101203025B (zh) * 2006-12-15 2010-11-10 上海晨兴电子科技有限公司 安全的移动信息发送和接收方法
WO2009132599A1 (en) * 2008-04-30 2009-11-05 Mediatek Inc. Method for deriving traffic encryption key
US8666077B2 (en) * 2008-05-07 2014-03-04 Alcatel Lucent Traffic encryption key generation in a wireless communication network
KR20090126166A (ko) * 2008-06-03 2009-12-08 엘지전자 주식회사 트래픽 암호화 키 생성 방법 및 갱신 방법
US8543091B2 (en) * 2008-06-06 2013-09-24 Ebay Inc. Secure short message service (SMS) communications
WO2009150750A1 (ja) * 2008-06-13 2009-12-17 富士通株式会社 ゲートウェイ装置、無線送信制御方法及び無線通信システム
US8094635B2 (en) * 2008-09-17 2012-01-10 Qualcomm Incorporated Method and apparatus for implementing Short Message Service in wireless communication networks
US8707045B2 (en) * 2009-02-12 2014-04-22 Lg Electronics Inc. Method and apparatus for traffic count key management and key count management
KR20100109998A (ko) * 2009-04-02 2010-10-12 삼성전자주식회사 무선통신시스템에서 핸드오버 레인징 메시지의 인증 처리 장치 및 방법
US20110302416A1 (en) * 2010-03-15 2011-12-08 Bigband Networks Inc. Method and system for secured communication in a non-ctms environment
US8625798B2 (en) * 2011-01-10 2014-01-07 Samsung Electronics Co., Ltd. Method and apparatus for encrypting short data in a wireless communication system

Also Published As

Publication number Publication date
US9088890B2 (en) 2015-07-21
JP2014508436A (ja) 2014-04-03
US8625798B2 (en) 2014-01-07
JP5855127B2 (ja) 2016-02-09
WO2012096496A3 (en) 2012-12-06
US20120177199A1 (en) 2012-07-12
KR20120081036A (ko) 2012-07-18
CN103430478A (zh) 2013-12-04
CN103430478B (zh) 2016-08-24
US20140126721A1 (en) 2014-05-08
KR101916034B1 (ko) 2018-11-08

Similar Documents

Publication Publication Date Title
WO2012096496A2 (en) Method and apparatus for encrypting short data in a wireless communication system
US11122428B2 (en) Transmission data protection system, method, and apparatus
JP5175980B2 (ja) 位置プライバシー支援方法
US11228908B2 (en) Data transmission method and related device and system
CN102100030B (zh) 加密控制信号的方法
WO2011021883A2 (en) Method and apparatus for reducing overhead for integrity check of data in wireless communication system
EP2341724A2 (en) System and method for secure transaction of data between wireless communication device and server
CN101512537A (zh) 在自组无线网络中安全处理认证密钥资料的方法和系统
WO2016068655A1 (en) Method of performing device to device communication between user equipments
US20220303741A1 (en) Mtc key management for sending key from network to ue
US20230327857A1 (en) Communication Method and Apparatus
CN115567922A (zh) 使用单独的计数为多个nas连接提供安全性的方法以及相关的网络节点和无线终端
WO2022237561A1 (zh) 一种通信方法及装置
WO2024162661A1 (en) Methods and systems for performing post quantum cryptography based asymmetric key encryption during primary authentication
JP2023506791A (ja) プライバシー情報伝送方法、装置、コンピュータ機器及びコンピュータ読み取り可能な媒体
US10985915B2 (en) Encrypting data in a pre-associated state
CN101510825B (zh) 一种管理消息的保护方法及系统
KR20100092353A (ko) 트래픽 암호화 키 관리방법 및 장치
JP4677784B2 (ja) 集合型宅内ネットワークにおける認証方法及びシステム
KR20050107537A (ko) 무선 통신 시스템에서 사용자 인증 메시지 암호화 방법과장치 및 이를 위한 보안키 생성 방법
WO2020246860A1 (en) Method and apparatus for initiating a communication session using mission critical services
KR20100032277A (ko) 제어필드를 이용한 선택적인 제어신호 암호화 방법
KR20100030610A (ko) 선택적인 제어신호 암호화 방법
KR20100030553A (ko) 선택적인 제어 신호 암호화 방법
CN101646173A (zh) 终端私密性的保护方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12734755

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 2013548363

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12734755

Country of ref document: EP

Kind code of ref document: A2