WO2013097504A1 - Dispositif et procédé de décryptage de signalisation nas en surveillance et analyse de protocole lte - Google Patents

Dispositif et procédé de décryptage de signalisation nas en surveillance et analyse de protocole lte Download PDF

Info

Publication number
WO2013097504A1
WO2013097504A1 PCT/CN2012/082089 CN2012082089W WO2013097504A1 WO 2013097504 A1 WO2013097504 A1 WO 2013097504A1 CN 2012082089 W CN2012082089 W CN 2012082089W WO 2013097504 A1 WO2013097504 A1 WO 2013097504A1
Authority
WO
WIPO (PCT)
Prior art keywords
nas
decryption
message
parameter
data structure
Prior art date
Application number
PCT/CN2012/082089
Other languages
English (en)
Chinese (zh)
Inventor
贾林
刘元凯
李春林
朱明新
张立
王升平
刘继秋
Original Assignee
北京中创信测科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京中创信测科技股份有限公司 filed Critical 北京中创信测科技股份有限公司
Publication of WO2013097504A1 publication Critical patent/WO2013097504A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the invention belongs to the application field of communication network protocol monitoring and analysis technology. Background vein
  • LTE Long Term Evolution
  • 3G Third Generation
  • LTE can not only provide higher data rate and capacity, but also provide greater coverage. It can also reduce service delay and system operation cost, which helps operators to introduce more real-time performance. High-speed business, which attracts more high-end users.
  • the network structure and protocol of the LTE system have also undergone great changes.
  • the schematic diagram of the LTE network structure is shown in Figure 1.
  • the radio access part of the LTE system is composed of a node of the enhanced Node B (Enhanced Node B), and the core network part is mainly composed of a Mobi Management Management (MME), an S-GW (ServingGateway) entity, and a packet data network.
  • MME Mobi Management Management
  • S-GW ServingGateway
  • PGW Packet Data Network Gateway
  • PCRF Policy and Charging Rules Function
  • HSS Home Subscriber Server
  • the S1-MME interface the interface between the eNodeB entity and the ⁇ E entity, which transmits the S1 interface application protocol protocol (S1AP) protocol and is nested in the S1AP message.
  • S1AP S1 interface application protocol protocol
  • NAS Non-Access-Stratume
  • the purpose of the present invention is to decrypt the NAS message transmitted on the interface.
  • the S10 interface is the interface between the E entities.
  • the GTP Control Plane version 2 (GTPv2-C) protocol message is transmitted on the interface.
  • the S6a interface is an interface between the E entity and the HSS entity, and the Diameter protocol message is transmitted on the interface.
  • the main function of the non-access stratum protocol NAS between the UE and the E entity is to implement mobility management, session management, and security control of the UE. Therefore, in the technical application of monitoring and analyzing the LTE network protocol, Monitoring analysis of the NAS protocol is critical. However, in the LTE network, after the UE and the E entity are securely controlled and activated and encrypted, the NAS message is encrypted and transmitted. If the monitored NAS message is not decrypted, the LTE protocol monitoring and analysis system cannot implement the NAS.
  • the correct decoding and analysis of the message so the main purpose of the present invention is to: capture the monitoring message from the relevant network interface, extract relevant information, and implement in the LTE network protocol monitoring and analysis system without changing the deployment and configuration of the LTE network.
  • the captured NAS message is decrypted, so that the monitoring system correctly decodes and analyzes the NAS protocol.
  • the non-access layer protocol (GPRS Mobility Management, GMM, GPRS Session Management. GSM) message on the lub interface can be decrypted.
  • 2 is a simplified schematic diagram of a UMTS network structure, in which a non-access stratum protocol message on a Uu interface and a lub interface is encrypted, and a non-access stratum protocol message transmitted on the Iu interface is not encrypted, in a lub interface.
  • the key can be directly extracted from the message on the Iu interface to decrypt the encrypted message.
  • the present invention provides a method for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, which includes the following steps:
  • the first step is to extract, from the S1-MME interface, the S6a interface, or the UE security related message, the decryption parameters and UE identification information required for NAS decryption;
  • the NAS message decryption parameter data structure of the UE is searched or established in the NAS decryption parameter storage maintenance module by using the extracted UE identifier information, and the extracted decryption parameter is used.
  • the NAS message decryption parameter data structure member of the UE is assigned, and other member values of the decryption parameter data structure are derived according to the assigned parameters;
  • the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module by using the UE identifier corresponding to the NAS message that needs to be decrypted, and the encrypted NAS message is decrypted by using the member information in the structure.
  • the NAS message decryption parameter data structure includes the following members: LENGTH: the length of the NAS message that needs to be decrypted, in bits;
  • DIRECTION indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and ⁇ E to the UE as the downlink direction;
  • BEARER is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
  • COUNT The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
  • KEY The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
  • EEA The encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID.
  • ID length is one byte, and the ID value is given in the corresponding message of the NAS interaction.
  • a specific processing procedure for extracting a decryption parameter from a message related to UE security on an S6a interface is:
  • the first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
  • the process ends, and the process continues;
  • the fourth step is to delete the content of the AuthVector array of the UE, and use the extracted
  • the E-UTRAN authentication vector reassigns the AuthVector array and ends the process.
  • the specific processing procedure for extracting decryption parameters from the UE security related message on the S10 interface is:
  • the process In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information ( ⁇ Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
  • the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information.
  • the third step is to determine whether the UE's parameters contain a status of Current.
  • NAS—Decryption—Para data structure instance if not, a new NAS-Decryption-Para data structure instance is generated.
  • the State member in the instance is set to the Current state, and all member parameters in the instance are reset. The member is still set to the Current state;
  • the member of the Current state NAS_Decryption-Para data structure instance is assigned a parameter extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and the corresponding formula;
  • the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
  • the old KSIASME and old KASME parameters are extracted from the MM Context information; and the eighth step is to determine whether the UE parameter has a status of Not Current.
  • NAS Decryption—Para data structure instance, if no new data structure instance is generated, member state is set to Not Current state, and then all parameters in the instance are reset, and its state is still set to Not Current state;
  • the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
  • the tenth step ends the process.
  • the specific processing procedure for extracting the decryption parameter from the Authentication request/response message on the S1-MME interface is:
  • the authentication request and the authentication response message pair for a certain UE are input, and the RAND, AUTN, and KSIasme parameter information are extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message;
  • the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector.
  • the three parameters of AUTN and RES are equal respectively; the third step is to determine whether the corresponding authentication vector AV is found, and if not found, the process ends; if found, the Kasme is extracted from the authentication vector; The fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid values; Step 6, end the process.
  • the specific processing procedure for extracting the decryption parameter from the Security mode command/complete message on the S1-MME interface is:
  • the first step is to input a Security mode command and a Security modecomplete message for a certain UE, and extract the NAS KSI and Type of chipering algorithm parameters from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security mode complete
  • the uplink NAS message count is extracted from the message message, and the Security modecomplete message is used to determine that the SMC process between the UE and the MME entity is successfully executed.
  • the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the parameters of the UE; determine whether the corresponding instance is found, and if not found, the process ends; if found, the execution continues;
  • the third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance.
  • the extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the corresponding formula, and ends the process; the fourth step;
  • the fourth step when the NAS-Decryption-Para data structure instance found in the third step When the status is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current. If there is one, the instance is deleted, and if it does not exist, the fifth step is continued;
  • Wo II uses the Type of chipering algorithm information of the Tier to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc with the corresponding formula, and the instance is State state is set to Current;
  • the sixth step is to end the process.
  • the encrypted NAS message is decrypted in the following manner:
  • an encrypted NAS message for a certain UE is input, that is, in the NAS message header.
  • the Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message;
  • the process it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
  • the third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance.
  • the message count is related to the member assignment; the NAS Count is calculated using the corresponding formula;
  • the fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data.
  • the algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM;
  • the calculated key stream KEY STREAM and the encrypted portion of the NAS message are subjected to a bitwise exclusive OR operation to complete the decryption of the encrypted portion of the NAS message, and input the decrypted NAS message plaintext;
  • the sixth step ends the decryption process.
  • the present invention also provides a device for decrypting and processing NAS signaling in the LTE protocol monitoring and analysis, including:
  • the NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to the UE security on the S1- ⁇ E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from a GTPv2-C message related to UE security on the S10 interface;
  • the NAS message decryption parameter storage maintenance module is configured to perform storage and maintenance on the input NAS message decryption parameter, and derivate and calculate other NAS decryption parameters according to relevant parameters;
  • the NAS message decryption execution module is configured to implement decryption of the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
  • information related to UE security is extracted from a specific message on the S1_MME, S10, or S6a interface, and used to establish, derive, and maintain related parameters such as a key necessary for decrypting the NAS message.
  • the protocol monitoring and analysis system can decrypt the captured encrypted NAS message without changing the relevant configuration of the LTE network and pre-configuring the LTE network protocol monitoring and analysis system with the UE decryption-related data.
  • the data structure of the UE decryption parameter is also designed, and there are at most two instances of the data structure corresponding to each UE, which are divided into two states.
  • the operation of the decryption parameter in the solution and the operation of the NAS message decryption process to decrypt the parameter data structure of the UE can realize the synchronization of the information in the decryption parameter data structure with the security context information in the UE and the E entity in the LTE network, thereby ensuring The protocol monitors and analyzes the correct decryption of NAS messages.
  • FIG. 1 is a structural diagram of an LTE network
  • Figure 2 is a schematic diagram showing the structure of a UMTS network
  • Figure 3 is a block diagram showing the structure of the NAS message decryption device
  • Figure 4 shows the processing steps of the NAS message decryption method
  • FIG. 5 shows the process of processing the Authentication Information Request/Response message
  • Figure 6 shows the process of related GTPv2-C message processing
  • FIG 7 shows the Authentication request/response message processing
  • Figure 8 shows the Security mode command/complete message processing
  • Figure 9 shows the NAS message decryption process.
  • the technical solution can implement the decryption function of the NAS message exchanged between the captured mobile terminal UE and the ⁇ E entity, and the NAS message includes all encrypted NAS messages in the uplink and downlink directions.
  • the portion in the block is a structural diagram of the device of the present invention.
  • the block part describes the block diagram of the NAS message decryption device, and the part outside the block is the LTE network structure diagram.
  • the arrows in the figure describe the input and output of the device and the component modules of the present invention.
  • the NAS message decryption device is composed of three parts: a NAS message decryption parameter extraction module, a NAS message decryption parameter storage maintenance module, and a NAS message decryption execution module. Among them, the functions realized by each component are as follows:
  • the NAS message decryption parameter extraction module is configured to extract parameters and UE identification information required for NAS decryption from the NAS message related to UE security on the S1- ⁇ E interface, and extract the NAS from the diameter message related to the UE security on the S6a interface. Decrypting required parameters and UE identification information, or extracting parameters and UE identification information required for NAS decryption from the GTPv2-C message related to UE security on the S10 interface.
  • the NAS message decryption parameter storage maintenance module is configured to store and maintain the input NAS message decryption parameters, and derive other NAS decryption parameters according to relevant parameters.
  • the NAS message decryption execution module decrypts the input encrypted NAS message according to the parameter output from the NAS decryption parameter storage maintenance module and the parameter information of the encrypted NAS message itself.
  • Figure 4 shows the method of decrypting an encrypted NAS message, which mainly includes three major steps:
  • the NAS message decryption parameter data structure of the UE is found or established, and the NAS message decryption parameter data structure member of the UE is assigned with the decryption parameter outputted in step 1, and other member values of the decryption parameter data structure are derived according to the relevant parameters.
  • the NAS message decryption parameter data structure of the UE is found in the NAS decryption parameter storage maintenance module, and the encrypted NAS message is decrypted by using the member information in the structure.
  • the parameters for decrypting the NAS protocol message in the LTE system are not fixed, but dynamically change with the interaction of the NAS signaling. Therefore, the corresponding data structure is required to record the parameters required for the NAS protocol decryption in real time.
  • LENGTH the length of the NAS message that needs to be decrypted, in bits
  • DIRECTION indicates the transmission direction of the decrypted NAS message, 1 bit, 0 indicates the uplink message, 1 indicates the downlink message, and specifies that the UE is in the uplink direction and ⁇ E to the UE as the downlink direction;
  • BEARER is a bearer ID, which is 5 bits in length. When decrypting a NAS message, the value is a constant 0;
  • COUNT The count of NAS messages, which is 32 bits in length, which is divided into COUNT (UPLINK NAS COUNT) and Downstream NAS message COUNT (DOWNLINK NAS COUNT) of the uplink NAS message;
  • KEY The key Knasenc used for encryption and decryption of NAS messages, which is 128 bits in length. This key needs to be calculated and derived in the context of NAS interaction.
  • the encryption and decryption algorithm for NAS messages is identified by the corresponding algorithm ID.
  • the ID length is one byte.
  • the ID value is given in the corresponding message of the NAS interaction.
  • BEARER is a constant
  • LENGTH is directly obtained from the corresponding encrypted NAS message
  • EEA ID is given by the corresponding NAS message
  • COUNT and KEY need to be derived from the corresponding data, and the derivation is calculated as follows:
  • COUNT : 0x00 I NAS OVERFLOW
  • NAS SQN (1)
  • NAS SQN is the last 8 bits of COUNT, and this value is transmitted in each NAS message;
  • NAS OVERFLOW is COUNT intermediate 16 bits, when NAS When the SQN value accumulates overflow, NAS OVERFLOW is incremented by 1.
  • Knasenc f (Kasme, 0x15
  • f is a key derivation function KDF (KEY DERIVED FUNCTION)
  • Kasme is a derived key of Knasenc
  • the length is 256 bits, which is generated by the HSS entity and transmitted in the authentication vector AV (AUTHENTICATION VECTOR);
  • Algorithmic! is the ID of the encryption and decryption algorithm EEA used.
  • the KSI is a security context identifier associated with the UE in the LTE. Each Kasme is uniquely associated by a KSI. The value is allocated by ⁇ E and transmitted in the NAS message.
  • the state is the state of the UE security context. Status, CURRENT and NOT CURRENT; EncryptionlD is the ID of the port decryption algorithm; UplinkNasOverf low, UplinkNasSQN, DownlinkNasOverf low, DownlinkNasSQN are the components of the uplink and downlink NAS COUNT respectively.
  • the parameter data structure corresponds to the security context of the UE in LTE, and is also uniquely identified by the KSI. For each UE, there are two instances of the data structure, one corresponding to the security context of the CURRENT state, and one corresponding to the NOT CURRENT. The security context of the state.
  • An authentication vector AV (AUTHENTICATION) for authenticating the UE for record keeping VECTOR
  • its data storage structure is as follows (C++ language description):
  • the AuthVector is an array of multiple authentication vectors AV.
  • AuthVector array structure corresponding to each UE, and the authentication vector information extracted from the diameter and GTPv2_C messages for the UE is stored.
  • the process of extracting and maintaining the NAS message decryption parameters is mainly: extracting the decryption parameter information from the UE security related messages on the S1_MME, S10, and S6a interfaces, and completing the storage, derivation, and maintenance operations of the NAS decryption parameters.
  • the extraction and maintenance processing of the decryption parameters are different for different messages on different interfaces. The following describes the interface as a unit.
  • the process extracts the authentication vector information for the UE from the diameter message.
  • the message related to the UE security on the S6a interface is the Authentication Information Request and the Authentication Information Response message of the Diameter protocol.
  • the first step is to input an Authentication Information Request message for a UE and an Authentication Information Response message pair;
  • the process ends, and the process continues;
  • the third step extracting E-UTRAN authentication information for the UE from the message, that is, extracting each authentication quaternary information;
  • the fourth step the content of the AuthVector array of the UE is deleted, and the AuthVector array is re-assigned with the extracted E-UTRAN authentication vector, and the process ends.
  • the process extracts the security context information (Security Context) about the UE from the GTPv2-C protocol message.
  • the GTPv2_C protocol messages related to UE security on the S10 interface are the Identification Request and the Identification Response message, the Context Request and the Context Response message, the Forward Relocation Request, and the Forward Relocation Response message.
  • the process In the first step, enter the GTPv2-C protocol Identification Request and the Context Request and Context Response, or the Forward Relocation Request and the Forward Relocation Response message. Determining whether the message contains the UE's mobility management context information ( ⁇ Context). If not, the process ends. If yes, it determines whether the context contains the security context information (Security Context) of the UE, and if not, the process ends. Continue processing;
  • the security parameters KSIASME, Number of Quadruplet, Used NAS Cipher, NAS Downl ink Count, NAS Upl ink Count, KASME parameters, and the applicable Authentication Quadruplet [0. . 4] are extracted from the current security context information.
  • the third step it is determined whether the parameter of the UE contains a NAS-Decryption-Para data structure instance with a status of Current. If not, a new NAS-Decryption-Para data structure instance is generated, and the State member in the instance is set to the Current state. Then all the member parameters in the instance are reset, and the State member is still set to the Current state;
  • the current state NAS_Decryption-Para data structure instance is assigned a member by using parameters extracted from the current security context information, and the obtained encryption and decryption key Knasenc is calculated by using the obtained Kasme, EncryptionID and formula 2;
  • the MM Context information includes a security context whose state of the UE is Not Current, if not, the entire process is ended, and if yes, the execution continues;
  • the old KSIASME, old KASME parameter is extracted from the MM Context information; and the eighth step is to determine whether the UE parameter contains a NAS-Decryption-Para data structure instance with a status of Not Current, and no new data structure instance is generated. , the member State is set to the Not Current state, and then all the parameters in the instance are reset, and the State is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance with the status Not Current is assigned with the security context information of Not Current extracted from the MM Context, the KSI is equal to the old KSIASME, the Kasme is equal to the old KASME, and the other parameters are still Invalid value;
  • the tenth step ends the process
  • the process extracts the UE security parameters from the NAS messages.
  • the NAS messages related to the UE security information on the S1-MME interface include an Authentication request and an Authentication response message, a Security mode command, and a Security mode complete message.
  • the two pairs of messages contain different security information and roles, and the following describes their processing.
  • the first step enter the Authentication request and Authentication response message pairs for a certain UE.
  • the RAND, AUTN, and KSIasme parameter information is extracted from the Authentication request message, and the RES parameter (Response) is extracted from the Authentication response message.
  • the corresponding authentication vector AV is searched in the AuthVector array structure of the UE, and RAND, AUTN, XRES and extracted RAND in the authentication vector. , AUTN, RES three parameters are equal.
  • the third step it is judged whether the corresponding authentication vector AV is found, and if it is not found, the process ends, and when found, the Kasme is extracted from the authentication vector.
  • the fourth step is to determine whether there is a NAS-Decryption-Para data structure instance with a current status of Not Current in the current UE parameter, and no new NAS-Decryption-Para data structure instance is generated, and the State member is set to the Not Current state; Then, all members in the NAS-Decryption-Para data structure instance are recharged, and the State member is still set to the Not Current state;
  • the NAS-Decryption-Para data structure instance of Not Current state is assigned by using the parameters extracted above, KSI is equal to the extracted KSIasme, Kasme is equal to the extracted Kasme, Upl inkNasOverf low, Upl inkNasSQN, Downl inkNasOverflow, Downl inkNasSQN Equal to 0, other members are invalid.
  • the first step is to input the Security mode command and the Security modecomplete message for a certain UE, and the NAS KSI and Type of chipering algorithm parameters are extracted from the Security mode command message, and the downlink NAS message counts Downl ink NAS SN, from Security.
  • the modecomplete message message extracts the uplink NAS message count Upl ink NAS SN, and the Security modecomplete message determines that the SMC process between the UE and the MME entity is successfully executed.
  • the extracted NAS KSI is used to search for the corresponding NAS-Decryption-Para data structure instance in the UE parameters; determine whether the corresponding instance is found, and if not found, the process ends, and the process continues to be found.
  • the third step is to check the status of the found NAS-Decryption-Para data structure instance, and determine whether it is Current. Then, the extracted Type of chipering algorithm information is used to update the EncryptionID member in the NAS-Decryption-Para data structure instance.
  • the extracted upl ink Nas SN updates the Upl inkNasOverf low, Upl inkNasSQN member, updates the Downl inkNasOverflow, Downl inkNasSQN member with the extracted downl ink Nas SN, and recalculates the NAS encryption/decryption key Knasenc with the formula 2, ending the process; Then proceed to the fourth step.
  • the state of the NAS-Decryption-Para data structure instance found in the third step is Not Current, it is determined whether the UE parameter has another NAS-Decryption-Para data structure instance whose status is Current, and the existence is deleted. Example, if it does not exist, continue to the fifth step.
  • Wo II uses the Type of chipering algorithm information of the ear to set the NAS-Decryption-Para data structure instance member EncryptionID whose status is Not Current, and calculates the member Knasenc by using Equation 2, and will State State is set to Current
  • the sixth step is to end the process.
  • the process of decrypting the encrypted NAS message is mainly to calculate the key code stream by using the information extracted from the NAS message and the member information in the NAS-Decryption-Para data structure instance of the current state to decrypt the encrypted NAS message.
  • the first step is to input an encrypted NAS message for a certain UE, that is, in the NAS header.
  • the Security header type field is equal to 0010 or 0100, and the direction of the upstream and downstream of the NAS message.
  • the process it is determined whether the current UE parameter contains a NAS-Decryption-Para data structure instance with a status of Current. If it does not exist, the process ends directly; if yes, the process continues.
  • the third step is to calculate the length of the encrypted portion of the input NAS message; extract the SN parameter in the NAS message header, and use the input NAS message uplink and downlink information to the Current state of the NAS-Decryption-Para data structure instance. Message count related member assignment; Calculate NAS Count using Equation 1;
  • the fourth step is to use the NAS_Decryption-Para data structure instance in the Current state, Knasenc, the length of the NAS message encryption part, the calculated NAS Count, the input NAS message uplink and downlink information, and the current state of the NAS-Decryption-Para data.
  • the algorithm specified by EncryptionID in the structure instance calculates the key stream KEY STREAM.
  • the fifth step is to use the calculated key stream KEY STREAM and the encrypted part of the NAS message.
  • the row is XORed to complete the decryption of the encrypted portion of the NAS message, and the plaintext of the decrypted NAS message is input.
  • the sixth step ends the decryption process.
  • the method and apparatus of the present invention may be implemented by hardware, software, or a combination of hardware and software, by a microprocessor, a digital signal processor, a field programmable logic unit, or a gate array. Ways to achieve.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention porte sur un dispositif de décryptage d'une signalisation NAS en surveillance et analyse de protocole LTE, constitué de trois parties : un module d'extraction de paramètre de décryptage pour un message NAS, un module de stockage et de maintenance de paramètre de décryptage pour le message NAS et un module d'exécution de décryptage pour le message NAS. Au moyen de la solution technique de la présente invention, des informations concernant la sécurité d'un UE sont extraites de certains messages au niveau de l'interface S1-MME, S10 ou S6a et sont utilisées pour établir, obtenir et maintenir les paramètres associés requis pour décrypter le message NAS. Les opérations de décryptage peuvent être effectuées par un système de surveillance et d'analyse de protocole sur les messages NAS cryptés capturés, sans modifier la configuration relative du réseau LTE ni les configurations des données relatives au décryptage par l'UE au préalable sur le système de surveillance et d'analyse de protocole de réseau LTE.
PCT/CN2012/082089 2011-12-30 2012-09-26 Dispositif et procédé de décryptage de signalisation nas en surveillance et analyse de protocole lte WO2013097504A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110456334.6 2011-12-30
CN201110456334.6A CN102438241B (zh) 2011-12-30 2011-12-30 一种lte协议监测分析中对nas信令解密装置及方法

Publications (1)

Publication Number Publication Date
WO2013097504A1 true WO2013097504A1 (fr) 2013-07-04

Family

ID=45986076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/082089 WO2013097504A1 (fr) 2011-12-30 2012-09-26 Dispositif et procédé de décryptage de signalisation nas en surveillance et analyse de protocole lte

Country Status (2)

Country Link
CN (1) CN102438241B (fr)
WO (1) WO2013097504A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208672A (zh) * 2014-05-26 2015-12-30 北京信威通信技术股份有限公司 一种用于eps网络架构的通道信息管理方法

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102438241B (zh) * 2011-12-30 2016-03-16 北京中创信测科技股份有限公司 一种lte协议监测分析中对nas信令解密装置及方法
CN102665231B (zh) * 2012-05-23 2015-02-18 北京中创信测科技股份有限公司 一种lte系统自动生成参数配置文件的方法
CN102892112A (zh) * 2012-09-10 2013-01-23 北京中创信测科技股份有限公司 一种rrc信令解密装置及方法
CN104038934B (zh) * 2014-06-30 2017-08-08 武汉虹信技术服务有限责任公司 Lte核心网实时信令监测的非接入层解密方法
CN105376792B (zh) * 2014-08-19 2019-10-08 中国移动通信集团山西有限公司 一种s1接口用户设备上下文管理监测方法和装置
CN104539587A (zh) * 2014-12-09 2015-04-22 中国电子科技集团公司第十五研究所 一种用于物联网的物体接入和群组交互方法
CN104640107B (zh) * 2014-12-09 2019-01-15 北京电旗通讯技术股份有限公司 一种多接口配合解密lte中s1-mme接口nas层密文识别方法
CN106961681A (zh) * 2017-02-10 2017-07-18 北京浩瀚深度信息技术股份有限公司 一种lte系统内部多接口密钥处理方法及装置
CN108738015B (zh) * 2017-04-25 2021-04-09 华为技术有限公司 网络安全保护方法、设备及系统
CN109120572A (zh) * 2017-06-22 2019-01-01 中兴通讯股份有限公司 Sip信令解密方法、装置、系统及计算机可读存储介质
CN109982260B (zh) * 2019-03-08 2021-01-26 杭州迪普科技股份有限公司 信令的解密方法、装置、电子设备及机器可读存储介质
CN112073176B (zh) * 2019-06-11 2022-03-11 大唐移动通信设备有限公司 密钥更新方法及装置
CN110719302A (zh) * 2019-12-12 2020-01-21 武汉绿色网络信息服务有限责任公司 一种物联网信令风暴攻击检测的方法及装置
CN111030876B (zh) * 2019-12-25 2022-05-06 武汉绿色网络信息服务有限责任公司 一种基于DPI的NB-IoT终端故障定位方法和装置
CN114040396A (zh) * 2021-12-10 2022-02-11 广州慧睿思通科技股份有限公司 基于下行信令的数据处理方法、装置及存储介质
CN116684864B (zh) * 2023-08-03 2023-11-03 武汉博易讯信息科技有限公司 4g到5g切换场景nas解密方法、系统、设备及可读介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100272263A1 (en) * 2009-04-27 2010-10-28 Motorola, Inc. Decrypting a nas message traced to an e-utran
CN102300210A (zh) * 2011-09-01 2011-12-28 重庆中天重邮通信技术有限公司 Lte非接入层密文解密方法及其信令监测装置
CN102438241A (zh) * 2011-12-30 2012-05-02 北京中创信测科技股份有限公司 一种lte协议监测分析中对nas信令解密装置及方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100272263A1 (en) * 2009-04-27 2010-10-28 Motorola, Inc. Decrypting a nas message traced to an e-utran
CN102300210A (zh) * 2011-09-01 2011-12-28 重庆中天重邮通信技术有限公司 Lte非接入层密文解密方法及其信令监测装置
CN102438241A (zh) * 2011-12-30 2012-05-02 北京中创信测科技股份有限公司 一种lte协议监测分析中对nas信令解密装置及方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208672A (zh) * 2014-05-26 2015-12-30 北京信威通信技术股份有限公司 一种用于eps网络架构的通道信息管理方法
CN105208672B (zh) * 2014-05-26 2019-02-22 北京信威通信技术股份有限公司 一种用于eps网络架构的通道信息管理方法

Also Published As

Publication number Publication date
CN102438241A (zh) 2012-05-02
CN102438241B (zh) 2016-03-16

Similar Documents

Publication Publication Date Title
WO2013097504A1 (fr) Dispositif et procédé de décryptage de signalisation nas en surveillance et analyse de protocole lte
EP3576446B1 (fr) Procédé de dérivation de clé
CN110493774B (zh) 密钥配置方法、装置以及系统
US9060270B2 (en) Method and device for establishing a security mechanism for an air interface link
WO2018137488A1 (fr) Procédé, dispositif et système de mise en oeuvre de sécurité
EP3340690B1 (fr) Procédé, dispositif et système d'accès pour équipement utilisateur (ue)
KR101583234B1 (ko) Lte 모바일 유닛에서의 비접속 계층(nas) 보안을 가능하게 하는 방법 및 장치
US9071962B2 (en) Evolved packet system non access stratum deciphering using real-time LTE monitoring
US20170359719A1 (en) Key generation method, device, and system
TWI332345B (en) Security considerations for the lte of umts
WO2019096075A1 (fr) Procédé et appareil de protection de messages
US20200228977A1 (en) Parameter Protection Method And Device, And System
US11627458B2 (en) Key derivation algorithm negotiation method and apparatus
WO2019017837A1 (fr) Procédé de gestion de sécurité de réseau et appareil
EP3284276B1 (fr) Améliorations de la sécurité dans un réseau cellulaire
US10004017B2 (en) Switching method and switching system between heterogeneous networks
CN102300210A (zh) Lte非接入层密文解密方法及其信令监测装置
CN108293183B (zh) E-utran与wlan之间的切换
EP2648437B1 (fr) Procédé, appareil et système de génération de clé
WO2021063304A1 (fr) Procédé d'authentification de communication et dispositif associé
KR20100021384A (ko) 이동 통신 시스템의 비계층 프로토콜 처리 방법 및 이동통신 시스템
CN102378174A (zh) 一种sim卡的用户终端的接入方法、装置及系统
WO2012022190A1 (fr) Procédé de notification de clé pour cœur de réseau multisystème et réseau multisystème
WO2011054147A1 (fr) Procédé, dispositif et système de communication pour le traitement de service
KR20130073728A (ko) 엘티이(lte) 시스템에서의 인증 장치 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12863831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12863831

Country of ref document: EP

Kind code of ref document: A1