WO2022183427A1

WO2022183427A1 - Method, device, and system for protecting sequence number in wireless network

Info

Publication number: WO2022183427A1
Application number: PCT/CN2021/079045
Authority: WO
Inventors: Zhen XING; Shilin You; Yuze LIU; Jin Peng; Feng Gao; Zhaoji Lin; Boshan Zhang
Original assignee: Zte Corporation
Priority date: 2021-03-04
Filing date: 2021-03-04
Publication date: 2022-09-09
Also published as: CN116530119A

Abstract

This disclosure generally relates to UE authentication and authorization with a home network of the UE, and in particular, to the protection of sequence number of the UE (SQN MS) during the authentication and authorization process. The SQN MS is suppressed in the case UE indicates a sync failure to the core network via an Authentication Failure message, to prevent the SQN MS being compromised from hacking. The SEAF/AMF of the SN keeps a copy of SQN MS and RAND MS. Therefore, when the UE initiates the Service Request, there is no need for the UE to include SQN MS and RAND MS parameters in the Service Requests message.

Description

METHOD, DEVICE, AND SYSTEM FOR PROTECTING SEQUENCE NUMBER IN WIRELESS NETWORK

TECHNICAL FIELD

This disclosure is directed to terminal device authentication and authorization with a home network of the terminal device in communication networks.

BACKGROUND

In a communication network, a user equipment (UE) gains access to a communication network via its USIM card. The UE access to the communication network, which includes authentication and authorization, is protected by various security mechanisms. Among various security measurements and requirements, it is critical to protect a UE’s sensitive data including authentication and authorization parameters.

SUMMARY

This disclosure relates to UE authentication and authorization with a home network of the UE, and in particular, to the protection of sequence number of the UE during the authentication and authorization process.

In some implementations, a method for authenticating a terminal device in a communication network comprising a home network corresponding to the terminal device and a serving network serving the terminal device is disclosed. The method may be performed by a serving network element belonging to the serving network and may include receiving a registration request message initiated from the terminal device for starting a registration procedure to register the terminal device with the communication network, wherein the registration request message comprises a parameter and a random number, both generated by the terminal device for authenticating the terminal device with the home network, and wherein the parameter corresponds to a sequence number configured by the terminal device; storing the parameter and the random number; and transmitting a first authentication request message to a first home network element belonging to the home network, wherein the first Authentication Request message comprises the parameter and the random number.

In some other implementations, a method for authenticating service request initiated from a terminal device in a communication network comprising a home network corresponding to the terminal device and a serving network serving the terminal device is disclosed. The method may be performed by a serving network element belonging to the serving network and may include receiving a first service request message triggered by the terminal device requesting service in the communication network; and transmitting an authentication request message to a home network element belonging to the home network, wherein: the authentication request message comprises a parameter and a random number, the random number and the parameter are generated by the terminal device and stored in the home network element, and the parameter corresponds to a sequence number configured by the terminal device, the random number and the sequence number are used for authenticating the terminal device with the communication network of the terminal device.

In some other implementations, a device is disclosed. The device main include one or more processors, wherein the one or more processors are configured to implement any one of the methods above.

In yet some other implementations, a computer program product is disclosed. The computer program product may include a non-transitory computer-readable program medium with computer code stored thereupon, the computer code, when executed by one or more processors, causing the one or more processors to implement any one of the methods above.

The above embodiments and other aspects and alternatives of their implementations are explained in greater detail in the drawings, the descriptions, and the claims below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an exemplary communication network including terminal devices, a carrier network, data network, and service applications.

FIG. 2 shows exemplary network functions or network nodes in a communication network.

FIG. 3 shows exemplary network functions or network nodes in a wireless communication network.

FIG. 4 shows an exemplary logic flow for UE registration authentication with the core network.

FIG. 5 shows an exemplary logic flow for UE service request with the core network.

FIG. 6 shows another exemplary logic flow for UE registration authentication with the core network.

FIG. 7 shows another exemplary logic flow for UE service request with the core network.

DETAILED DESCRIPTION

An exemplary communication network, shown as 100 in FIG. 1, may include

terminal devices

110 and 112, a carrier network 102, various service applications 140, and other data networks 150. The carrier network 102, for example, may include access networks 120 and a core network 130. The carrier network 102 may be configured to transmit voice, data, and other information (collectively referred to as data traffic) among

terminal devices

110 and 112, between the

terminal devices

110 and 112 and the service applications 140, or between the

terminal devices

110 and 112 and the other data networks 150. Communication sessions and corresponding data paths may be established and configured for such data transmission. The Access networks 120 may be configured to provide

terminal devices

110 and 112 network access to the core network 130. The core network 130 may include various network nodes or network functions configured to control the communication sessions and perform network access management and data traffic routing. The service applications 140 may be hosted by various application servers that are accessible by the

terminal devices

110 and 112 through the core network 130 of the carrier network 102. A service application 140 may be deployed as a data network outside of the core network 130. Likewise, the other data networks 150 may be accessible by the

terminal devices

110 and 112 through the core network 130 and may appear as either data destination or data source of a particular communication session instantiated in the carrier network 102.

The core network 130 of FIG. 1 may include various network nodes or functions geographically distributed and interconnected to provide network coverage of a service region of the carrier network 102. These network nodes or functions may be implemented as dedicated hardware network elements. Alternatively, these network nodes or functions may be virtualized and implemented as virtual machines or as software entities. A network node may each be configured with one or more types of network functions. These network nodes or network functions may collectively provide the provisioning and routing functionalities of the core network 130. The term “network nodes” and “network functions” are used interchangeably in this disclosure.

FIG. 2 further shows an exemplary division of network functions in the core network 130 of a communication network 200. While only single instances of network nodes or functions are illustrated in FIG. 2, those having ordinary skill in the art understand that each of these network nodes may be instantiated as multiple instances of network nodes that are distributed throughout the core network 130. As shown in FIG. 2, the core network 130 may include but is not limited to network nodes such as access management network node (AMNN) 230, authentication network node (AUNN) 260, network data management network node (NDMNN) 270, session management network node (SMNN) 240, data routing network node (DRNN) 250, policy control network node (PCNN) 220, and application data management network node (ADMNN) 210. Exemplary signaling and data exchange between the various types of network nodes through various communication interfaces are indicated by the various solid connection lines in FIG. 2. Such signaling and data exchange may be carried by signaling or data messages following predetermined formats or protocols.

The implementations described above in FIGs. 1 and 2 may be applied to both wireless and wireline communication systems. FIG. 3 illustrates an exemplary cellular wireless communication network 300 based on the general implementation of the communication network 200 of FIG. 2. FIG. 3 shows that the wireless communication network 300 may include user equipment (UE) 310 (functioning as the terminal device 110 of FIG. 2) , radio access network (RAN) 320 (functioning as the access network 120 of FIG. 2) , data network (DN) 150, and core network 130 including access management function (AMF) 330 (functioning as the AMNN 230 of FIG. 2) , session management function (SMF) 340 (functioning as the SMNN 240 of FIG. 2) , application function (AF) 390 (functioning as the ADMNN 210 of FIG. 2) , user plane function (UPF) 350 (functioning as the DRNN 250 of FIG. 2) , policy control function 322 (functioning as the PCNN 220 of FIG. 2) , authentication server function (AUSF) 360 (functioning as the AUNN 260 of FIG. 2) , and universal data management (UDM) function 370 (functioning as the UDMNN 270 of FIG. 2) . Again, while only single instances for some network functions or nodes of the wireless communication network 300 (the core network 130 in particular) are illustrated in FIG. 3, those of ordinary skill in the art understand that each of these network nodes or functions may have multiple instances that are distributed throughout the wireless communication network 300.

In FIG. 3, the UE 310 may be implemented as various types of mobile devices that are configured to access the core network 130 via the RAN 320. The UE 310 may include but is not limited to mobile phones, laptop computers, tablets, Internet-Of-Things (IoT) devices, distributed sensor network nodes, wearable devices, and the like. The UE may also be Multi-access Edge Computing (MEC) capable UE that supports edge computing. The RAN 320 for example, may include a plurality of radio base stations distributed throughout the service areas of the carrier network. The communication between the UE 310 and the RAN 320 may be carried in over-the-air (OTA) radio interfaces as indicated by 311 in FIG. 3.

Continuing with FIG. 3, the UDM 370 may form a permanent storage or database for user contract and subscription data. The UDM may further include an authentication credential repository and processing function (ARPF, as indicated in 370 of FIG. 3) for storage of long-term security credentials for user authentication, and for using such long-term security credentials as input to perform computation of encryption keys as described in more detail below. To prevent unauthorized exposure of UDM/ARPF data, the UDM/ARPF 370 may be located in a secure network environment of a network operator or a third-party.

The AMF/SEAF 330 may communicate with the RAN 320, the SMF 340, the AUSF 360, the UDM/ARPF 370, and the PCF 322 via communication interfaces indicated by the various solid lines connecting these network nodes or functions. The AMF/SEAF 330 may be responsible for UE to non-access stratum (NAS) signaling management, and for provisioning registration and access of the UE 310 to the core network 130 as well as allocation of SMF 340 to support communication need of a particular UE. The AMF/SEAF 330 may be further responsible for UE mobility management. The AMF may also include a security anchor function (SEAF, as indicated in 330 of FIG. 3) that, as described in more detail below, and interacts with AUSF 360 and UE 310 for user authentication and management of various levels of encryption/decryption keys. The AUSF 360 may terminate user registration/authentication/key generation requests from the AMF/SEAF 330 and interact with the UDM/ARPF 370 for completing such user registration/authentication/key generation.

The SMF 340 may be allocated by the AMF/SEAF 330 for a particular communication session instantiated in the wireless communication network 300. The SMF 340 may be responsible for allocating UPF 350 to support the communication session and data flows therein in a user data plane and for provisioning/regulating the allocated UPF 350 (e.g., for formulating packet detection and forwarding rules for the allocated UPF 350) . Alternative to being allocated by the SMF 340, the UPF 350 may be allocated by the AMF/SEAF 330 for the particular communication session and data flows. The UPF 350 allocated and provisioned by the SMF 340 and AMF/SEAF 330 may be responsible for data routing and forwarding and for reporting network usage by the particular communication session. For example, the UPF 350 may be responsible for routing end-end data flows between UE 310 and the DN 150, between UE 310 and the service applications 140. The DN 150 and the service applications 140 may include but are not limited to data network and services provided by the operator of the wireless communication network 300 or by third-party data network and service providers.

The PCF 322 may be responsible for managing and providing various levels of policies and rules applicable to a communication session associated with the UE 310 to the AMF/SEAF 330 and SMF 340. As such, the AMF/SEAF 330, for example, may assign SMF 340 for the communication session according to policies and rules associated with the UE 310 and obtained from the PCF 322. Likewise, the SMF 340 may allocate UPF 350 to handle data routing and forwarding of the communication session according to policies and rules obtained from the PCF 322.

While FIGs. 1-3 and the various exemplary implementations described below are based on cellular wireless communication networks, the scope of this disclosure is not so limited and the underlying principles are applicable to other types of wireless and wireline communication networks.

Network identity and data security in the wireless communication network 300 of FIG. 3 may be managed via user authentication processes provided by the AMF/SEAF 330, the AUSF 360, and the UDM/ARPF 370. In particularly, the UE 310 may first communicate with AMF/SEAF 330 for network registration and may then be authenticated by the AUSF 360 according to user contract and subscription data in the UDM/ARPF 370. Communication sessions established for the UE 310 after user authentication to the wireless communication network 300 may then be protected by the various levels of encryption/decryption keys. The generation and management of the various keys may be orchestrated by the AUSF 360 and other network functions in the communication network.

In a communication network, a UE and the communication network need to authenticate each other mutually in order to establish a secure link for protecting subsequent communications based on various security mechanisms. Such security mechanisms involve the UE, a home network of the UE (i.e., the carrier with which the UE signs contract with) , and may further involves a serving network of the UE. The serving network provides service access point (e.g., a base station in UE’s vicinity) to a UE. The serving network interacts with the home network to authenticate the UE before service grant.

From a UE’s perspective, it is critical that a UE’s privacy needs to be protected. When a UE attempts to access the communication network, the UE may need to follow certain security procedure, such as initiating a registration request or a service request with the communication network, to authenticate with the home network/serving network mutually. As part of the security procedure, the UE may be challenged by the home network, for example, via an Authentication Request from the home network. In this challenge, the UE needs to verify a Message Authentication Code (MAC) sent to the UE. Through MAC verification, the UE checks the validity of the challenge, to ensure the challenge is legit and is sent from the real home network, rather than from a suspicious party. If the MAC verification fails, the UE considers the security procedure fails.

If the MAC verification described above passes on the UE, the UE may further check the freshness of the challenge. To achieve this, a Sequence Number (SQN) is used. In particular, from the UE end, the UE maintains a SQN, denoted as SQN _MS. The home network also maintains a counterpart SQN, denoted as SQN _HE. During normal operation, these two SQNs are synchronized. The UE checks the SQN sent from the home network associated with the challenge: if the SQN is in the correct range, then the freshness of the challenge is verified; otherwise, the UE declares a synchronization failure. To recover from the synchronization failure, in some implementations, the UE sends an Authentication Failure message to the home network. The Authentication Failure message carries the SQN _MS, which is maintained by the UE, so the home network may update SQN _HE with the SQN _MS. Therefore, the home network and the UE may come back in synchronization with regard to the SQN. The home network may then re-try the challenge based on the updated SQN _HE.

The MAC as described above may be derived or computed based on a random number (RAND) and the SQN _HE, and the MAC may be embedded in an Authentication key (AUTN) . In some scenarios, the RAND and the AUTN may be compromised as an attacker may capture or sniff these values from the communication network, or the attacker may obtain these values from hacked databases. The attacker may use these compromised RAND and AUTN value against a victim UE. For example, the attacker may fake the challenge based on the compromised values and send the fake challenge repetitively. Consequently, the UE may be deceived by the faked challenge and considers the MAC verification to be passed, although the UE may still detect that the SQN associated with the challenge is out-of-sync. As described above, the UE tries to recover from the synchronization failure and sends an Authentication Failure message carrying the SQN _MS. The attacker may then be able to catch and derive the SQN _MS. Therefore, the privacy and confidentiality of the UE is comprised.

To minimize the aforementioned security risk, one solution is for the UE to keep silent on SQN _MS when sending the Authentication Failure message. For example, the UE may choose to send a concealed SQN _MS to the home network when the UE initiates a registration request or a service request, rather than sending the SQN _MS within the Authentication Failure message. Furthermore, a home network element such as an AMF may store the SQN _MS and provide the SQN _MS to the home network in the event of UE requesting service. Alternatively, the home network element may store another parameter, such as an authentication synchronization failure (AUTS) parameter, as long as the parameter may be used to derive the SQN _MS. In addition, as a random number may be used for concealing the SQN _MS, the home network element may also store the random number so the SQN _MS may be de-concealed from, for example, the AUTN.

In this disclosure, various embodiments are disclosed aiming at solving the SQN _MS leaking problem under the aforementioned attack, or other possible attacks.

UE Registration with Core Network (Embodiment 1)

FIG. 4 shows exemplary logic flows for UE registration and authentication procedure with the core network. The specific exemplary steps for the UE registration/authentication are illustrated by steps 1 to 10 in FIG. 4.

As shown in FIG. 4, a UE initiates a Registration Request with a serving network (SN) element, such as a SEAF or an AMF. The descriptions below use SEAF as an example, but the same principle also applies to an AMF or another core network element in the SN. The SN element interacts with home network (HN) elements of the UE, such as an AUSF and/or a UDM, to accomplish the registration/authentication process. The details are described below.

Step 1

The UE generates a new random number RAND _MS, and retrieves a sequence number SQN _MS. In some implementations, this task may be performed by the Universal Subscriber Identity Module (USIM) of the UE. The sequence number may be selected as the highest number in a sequence number array consisting of previously accepted sequence numbers. The UE then computes an AUTS parameter according to SQN _MS and RAND _MS. For example, the AUTS parameter (hereinafter also referred to as AUTS) may be based on a concealed SQN _MS which may an output of the “exclusive OR” operation on SQN _MS and RAND _MS. The AUTS may be further based on a Message Authentication Code (MAC) , where the MAC may be encrypted using a cryptographic function with SQN _MS and RAND _MS as input. In general, the MAC may be used to allow the recipient of the message to authenticate this message as coming from the intended sender. There is no limitation in this disclosure on how the AUTS parameter may be calculated or encrypted.

The UE sends a Registration Request message to the SEAF with the AUTS and the RAND _MS. The Registration Request message may further include a SUCI (Subscription Concealed Identifier) or a 5G-GUTI (Global Unique Temporary Identifier) of the UE. It is to be understood that given the AUTS and the RAND _MS, the SQN _MS may be derived or retrieved by using a reverse procedure, which is corresponding to how the AUTS is generated.

Step 2

The SEAF sends an Authentication Request message to the AUSF belonging to a Home Network (HN) of the UE. The Authentication Request message includes the AUTS and the RAND _MS, and may further include the SUCI or a SUPI (Subscription Permanent Identifier) of the UE, and a SN-name (Serving Network name) of the serving network.

Step 3

The AUSF forwards the content received from the Authentication Request message in step 2 in an Authentication Get Request message to the UDM belonging to the HN of the UE.

Step 4

The UDM retrieves SQN _MS from AUTS, for example, by using a reverse procedure of generating the AUTS from SQN _MS. The UDM then deletes RAND _MS and stores SQN _MS. The UDM also de-conceals the SUCI by invoking its Subscription Identifier De-concealing function (SIDF) and selects an authentication method. A new 5G HE (Home Environment) Authentication Vector (AV) is generated using the existing sequence number of the Home Environment (SQN _HE) , which is a counterpart of SQN _MS.

By deleting RAND _MS, the UDM reduces the risk of RAND _MS leakage and thus reduce the risk of security attacks based on RAND _MS.

Step 5

The UDM sends an Authentication Get Response message with the newly generated 5G HE AV to the AUSF.

Step 6

The AUSF creates a 5G SE (Serving Environment) AV based on the 5G HE AV and sends the 5G SE AV in a Nausf_UEAuthentication_Authenticate Response message to the SEAF.

Step 7

The SEAF derives a random number (RAND) and an Authentication key (AUTN) from the 5G SE AV. Specifically, the RAND may be in the form of a random byte array. The AUTN includes a Message Authentication Code (MAC) , which may be derived based on the RAND and SQN _HE, where SQN _HE may be derived from the 5G HE AV. In some implementations, the MAC may be a concatenation of the RAND and the SQN _HE. The SEAF then forwards the RAND and the AUTN in an Authentication Request message to the UE. The Authentication Request message includes a challenge to the UE and the AUTN may be used for proving the challenge’s freshness and authenticity.

Step 8

Upon receiving the Authentication Request message, the UE checks the MAC carried in the AUTN to verify the authenticity of the Authentication Request message. Assuming the authenticity is verified, the UE then further checks whether the SQN _HE is in the correct range, to verify the freshness of the Authentication Request message. The correct range may be based on SQM _MS.

Based on the result of the freshness check in this step, either step 9 or step 10 is performed.

Step 9

The freshness checks in step 8 is successful. The UE and the UDM proceed to complete the rest of the authentication procedure as shown in

step

9a, 9b, and 9c. In step 9c, When Authentication results are updated from AUSF to UDM, the UDM deletes SQN _MS, which is derived in step 4, as the home environment and UE are synchronized with regard to sequence numbers (i.e., SQN _MS on the UE end and SQN _HE on the UDM end) .

Step 10

The freshness check to make sure that the SQN _HE is in the correct range fails. An Authentication failure message is sent from the UE to the SEAF in step 10b. The Authentication failure message only indicates the failure cause as sync failure and there is no indication of the SQN _MS. The SEAF forwards the failure message to the AUSF and the AUSF forwards it to the UDM, as shown in

step

10c and 10d, respectively. In step 10e, the UDM starts a re-synchronization procedure based on SQN _MS retrieved in step 4 and the SQN _HE is updated with the SQN _MS. The re-synchronization procedure is similar to step 5 to step 9, and is not described in details herein.

In this embodiment, to recover from a sync failure, the UDM relies on the SQN _MS sent to it in an early stage of the authentication procedure before the sync failure is detected by the UE. Upon the sync failure, the UE merely indicates the sync failure to the core network and keeps silent on SQN _MS. Therefore, even if a faked challenge is sent to the UE, the SQN _MS may not be compromised.

UE Requests Service with Core Network (Embodiment 2)

The UE in an idle state, such as a CM_idle (Connection Management idle) state, or an RRC_idle (Radio Resource Control idle) state, may initiate the Service Request procedure in order to send uplink signaling messages or user data, to request emergency services fallback, or as a response to a network paging request. Authentication procedure needs to be performed by the core network to authenticate the UE upon receiving the Service Request. Similar to embodiment 1, in this embodiment, the SQN _MS is suppressed in the case UE indicates a sync failure to the core network via an Authentication Failure message, to prevent the SQN _MS being compromised from hacking. Exemplary steps of this embodiment are shown in FIG. 5.

Step 1

The UE initiates a Service Request by sending an AN (Access Network) message to the Access Network. The Access Network may include Radio Access Network or wireline Access Network. The AN message includes at least one of:

· AN parameters;

· a Service Request which includes at least one of: List Of PDU Sessions To Be Activated, List Of Allowed PDU Sessions, security parameters, PDU Session status, 5G-S-TMSI, [NAS message container] ( [] indicates parameter being optional) , Exempt Indication;

· AUTS; or

· RAND _MS.

The UE may derive or obtain the AUTS and RAND _MS in a similar manner as step 1 in embodiment 1.

Step 2

The AN sends a Service Request by sending an N2 message to the AMF of the serving network of the UE. The N2 message includes at least one of:

· N2 parameters;

· a Service Request according to the service request parameter received from the UE in step 1;

· AUTS; or

· RAND _MS.

Step 3

The AMF starts an authentication procedure with the home network of the UE by sending an Authentication Request message to the AUSF. The Authentication Request message includes the AUTS and the RAND _MS, and may further include the SUCI or a SUPI of the UE, and a SN-name of the serving network.

Step 4

Step 4 includes further authentication interactions between the home network, the serving network, and the UE. The details are similar to step 5 to step 10 of embodiment 1 and are not described herein.

Step 5

The UE is now authenticated with the core network and proceeds with subsequent service request procedure, for example, to establish a signal connection with the AMF to exchange signaling messages and set up the particular service requested by the UE.

UE Registration with Core Network (Embodiment 3)

FIG. 6 shows another exemplary logic flows for UE registration and authentication procedure with the core network. The specific exemplary steps for the UE registration/authentication are illustrated by steps 1 to 15 in FIG. 6.

In this embodiment, the AMF/SEAF of the serving network stored the SQN _MS once receiving a Registration Request from the UE. If there is a sync failure during the authentication procedure, the AMF/SEAF further update the SQN _MS after the re-sync is completed successfully. The descriptions below use SEAF as an example, but the same principle also applies to an AMF or another core network element in the SN.

Step 1

The UE generates a new random number RAND _MS, and retrieves a sequence number SQN _MS. In some implementations, this task may be performed by the Universal Subscriber Identity Module (USIM) of the UE. The sequence number may be selected as the highest number in a sequence number array consisting of previously accepted sequence numbers. The UE then computes an Authentication Synchronization failure (AUTS) parameter according to SQN _MS and RAND _MS. For example, the AUTS parameter (hereinafter also referred to as AUTS) may be based on a concealed SQN _MS which may an output of the “exclusive OR” operation on SQN _MS and RAND _MS. The AUTS may be further based on a Message Authentication Code (MAC) , where MAC may be encrypted using a cryptographic function with SQN _MS and RAND _MS as input. In general, the MAC may be used to allow the recipient of the message to authenticate this message as coming from the intended sender. There is no limitation in this disclosure on how the AUTS parameter may be calculated or encrypted.

The UE sends a Registration Request message to the SEAF with the AUTS and the RAND _MS. The Registration Request message may further include a SUCI (Subscription Concealed Identifier) or a 5G-GUTI (Global Unique Temporary Identifier of the UE. It is to be understood that with the AUTS and the RAND _MS, the SQN _MS may be derived or retrieved by using a reverse procedure, which is corresponding to how the AUTS is generated.

In some implementations, the UE may include SQN _MS in the Registration Request message directly. Alternatively, a transformed parameter, which may be any type of transformation of SQN _MS, may be chosen to be included in the Registration Request message. Step 2

The UE stores the AUTS and RAND _MS received from the UE.

Alternatively, the SEAF may derive the SQN _MS from the received Registration Request message, for example, according to the AUTS. The SEAF then stores the SQN _MS and RAND _MS. Alternatively, the SEAF may also store the transformed parameter if it presents in the received Registration Request message.

Step 3

Step 4

Step 5

The UDM retrieve SQN _MS from AUTS, for example, by using a reverse procedure of generating the AUTS from SQN _MS. The UDM then deletes RAND _MS and stores SQN _MS. The UDM also de-conceals the SUCI by invoking its Subscription Identifier De-concealing function (SIDF) and selects an authentication method. A new 5G HE AV is generated using the existing sequence number of the Home Environment (SQN _HE) , which is a counterpart of SQN _MS.

Step 6

Step 7

The AUSF creates a 5G SE AV based on the 5G HE AV and sends the 5G SE AV in a Nausf_UEAuthentication_Authenticate Response message to the SEAF.

Step 8

Step 9

Step 10

step

Step 11

step

10c and 10d, respectively. In step 10e, the UDM starts a re-synchronization procedure based on SQN _MS retrieved in step 4 and the SQN _HE is updated with the SQN _MS.

Step 12

The UDM interacts with the SEAF and the UE to finish the re-synchronization procedure, which is similar to step 6 to step 10 as described above, and is not described in details herein.

Step 13

The authentication of the UE is successful. The SEAF sends a NAS Security Mode Command message includes a “request initial NAS message” flag to the UE.

Step 14

The UE sends a NAS Security Mode Complete message to the SEAF in response to the NAS Security Mode Command message. The NAS Security Mode Complete message is ciphered and integrity protected. Furthermore, the NAS Security Mode Complete message includes the current SQN _MS and RAND _MS configured by the UE, which may be stored in the USIM of the UE. Alternatively, the NAS Security Mode Complete message may include the current RAND _MS configured by the UE, and the current AUTS based on the current SQN _MS configured by the UE. Alternatively, the NAS Security Mode Complete message may include a transformed parameter, which may be any type of transformation of the current SQN _MS.

Step 15

The SEAF updates SQN _MS and RAND _MS or the SEAF updates AUTS and RAND _MS according to the received parameters in the NAS Security Mode Complete message sent from UE in step 14. In some implementations, if the received parameters include the transformed parameter, the SEAF also update its local copy of the transformed parameter.

In this embodiment, to recover from a sync failure, the UDM may rely on the SQN _MS (or any type of transformation of SQN _MS, e.g., AUTS) sent to it in an early stage of the authentication procedure before the sync failure is detected by the UE. Upon the sync failure, the UE merely indicates the sync failure to the core network and keeps silent on SQN _MS. Therefore, even if a faked challenge is sent to the UE, the SQN _MS may not be compromised. Furthermore, the SEAF stores the SQN _MS and the RAND _MS upon receiving the Registration Request message from the UE. After the authentication procedure is completed successfully, the SEAF further requests the latest SQN _MS and RAND _MS to be sent from the UE, and update its local copy of SQN _MS and RAND _MS. In some implementations, SQN _MS may be represented in the form of AUTS, or any type of transformation of SQN _MS. In some implementations, the SQN _MS and RAND _MS stored in the SEAF may be used for subsequent procedures such as UE Service Request procedure. The advantage and benefit of this embodiment becomes more obvious when combined with embodiment 4, which is described below.

UE Requests Service with Core Network (Embodiment 4)

The UE in idle state, such as a CM_idle state, or an RRC_idle state, may initiate the Service Request procedure in order to send uplink signaling messages or user data, to request emergency services fallback, or as a response to a network paging request. Authentication procedure needs to be performed by the core network to authenticate the UE upon receiving the Service Request. During the authentication procedure, similar to embodiment 1, in this embodiment, the SQN _MS is suppressed in the case UE indicates a sync failure to the core network via an Authentication Failure message, to prevent the SQN _MS being compromised from hacking. In this embodiment, the SEAF/AMF of the SN keeps a copy of SQN _MS (and/or AUTS, AUTS may be derived based on SQN _MS) and RAND _MS. Therefore, when the UE initiates the Service Request, there is no need for the UE to include AUTS and RAND _MS parameters in the message. Exemplary steps of this embodiment are shown in FIG. 7.

Step 1

· AN parameters; or

· a Service Request which includes at least one of: List Of PDU Sessions To Be Activated, List Of Allowed PDU Sessions, security parameters, PDU Session status, 5G-S-TMSI, [NAS message container] , Exempt Indication;

In this step, there is no need for the UE to include AUTS and RAN _MS parameters in the AN request.

Step 2

· N2 parameters; or

· a Service Request according to the service request parameter received from the UE in step 1.

Step 3

The AMF starts an authentication procedure with the home network of the UE by sending an Authentication request message to the AUSF. The Authentication Request message includes the AUTS and the RAND _MS, which are stored in the AMF, and may further include the SUCI or a SUPI of the UE, and a SN-name of the serving network. In some implementations, if the AMF stores the SQN _MS (rather than the AUTS) and the RAND _MS, the AMF may compute the AUTS based on the SQN _MS and the RAND _MS.

Step 4

Step 4 includes further authentication interactions between the home network, the serving network, and the UE. The details are similar to step 4 to step 15 of embodiment 3 and are not described herein.

Step 5

Among other benefits, in embodiment 4, the UE may rely on the SEAF/AMF to provide SQM _MS (or any type of transformation of SQN _MS) to the home network when initiating the service request. In some implementations, the UE and the SEAF/AMF may negotiate whether the SEAF/AMF has the capability to provide SQN _MS so the UE does not need to send the SQN _MS in the service request message. Furthermore, if the UE is not configured to send the SQN _MS in the service request message, the SQN _MS is still protected from the aforementioned attack.

In the embodiments above, to mitigate the risk of the SQN of a UE being compromised under an attack, procedures for UE authentication/registration with the core network are disclosed. Additional procedures for UE Service Request with the core network are also disclosed. The serving network element such as AMF or SEAF stores and updates SQN _MS and RAND _MS information, which may be used for subsequent UE Service Request. The UE has the flexibility to choose whether to include AUTS and RAND _MS parameters when initiating the Service Request. Upon a sync failure being detected by the UE during an authentication procedure, the UE merely needs to indicate the sync failure condition to the core network for re-synchronization and keeps silent on the SQN _MS.

The accompanying drawings and description above provide specific example embodiments and implementations. The described subject matter may, however, be embodied in a variety of different forms and, therefore, covered or claimed subject matter is intended to be construed as not being limited to any example embodiments set forth herein. A reasonably broad scope for claimed or covered subject matter is intended. Among other things, for example, subject matter may be embodied as methods, devices, components, systems, or non-transitory computer-readable media for storing computer codes. Accordingly, embodiments may, for example, take the form of hardware, software, firmware, storage media or any combination thereof. For example, the method embodiments described above may be implemented by components, devices, or systems including memory and processors by executing computer codes stored in the memory.

Throughout the specification and claims, terms may have nuanced meanings suggested or implied in context beyond an explicitly stated meaning. Likewise, the phrase “in one embodiment/implementation” as used herein does not necessarily refer to the same embodiment and the phrase “in another embodiment/implementation” as used herein does not necessarily refer to a different embodiment. It is intended, for example, that claimed subject matter includes combinations of example embodiments in whole or in part.

In general, terminology may be understood at least in part from usage in context. For example, terms, such as “and” , “or” , or “and/or, ” as used herein may include a variety of meanings that may depend at least in part on the context in which such terms are used. Typically, “or” if used to associate a list, such as A, B or C, is intended to mean A, B, and C, here used in the inclusive sense, as well as A, B or C, here used in the exclusive sense. In addition, the term “one or more” as used herein, depending at least in part upon context, may be used to describe any feature, structure, or characteristic in a singular sense or may be used to describe combinations of features, structures or characteristics in a plural sense. Similarly, terms, such as “a, ” “an, ” or “the, ” may be understood to convey a singular usage or to convey a plural usage, depending at least in part upon context. In addition, the term “based on” may be understood as not necessarily intended to convey an exclusive set of factors and may, instead, allow for existence of additional factors not necessarily expressly described, again, depending at least in part on context.

Reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present solution should be or are included in any single implementation thereof. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment of the present solution. Thus, discussions of the features and advantages, and similar language, throughout the specification may, but do not necessarily, refer to the same embodiment.

Furthermore, the described features, advantages and characteristics of the present solution may be combined in any suitable manner in one or more embodiments. One of ordinary skill in the relevant art will recognize, in light of the description herein, that the present solution can be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the present solution.

Claims

A method for authenticating a terminal device in a communication network comprising a home network corresponding to the terminal device and a serving network serving the terminal device, performed by a serving network element belonging to the serving network, the method comprising:

receiving a registration request message initiated from the terminal device for starting a registration procedure to register the terminal device with the communication network, wherein the registration request message comprises a parameter and a random number, both generated by the terminal device for authenticating the terminal device with the home network, and wherein the parameter corresponds to a sequence number configured by the terminal device;

storing the parameter and the random number; and

transmitting a first authentication request message to a first home network element belonging to the home network, wherein the first Authentication Request message comprises the parameter and the random number.
The method of claim 1, further comprising:

transmitting a Non Access Stratum (NAS) security mode command message to the terminal device, the NAS security mode command message comprising a flag requesting the terminal device to send a complete initial NAS message;

receiving a NAS security mode complete message from the terminal device, wherein the NAS security mode complete message comprises a current random number and a current parameter based on a current sequence number configured by the terminal device;

updating the random number based on the current random number; and

updating the parameter based on the current parameter.
The method of claim 2, wherein before transmitting the NAS security mode command message to the terminal device, the method further comprises:

receiving an authentication failure message indicating a synchronization failure from the terminal device, wherein the authentication failure message is triggered by a synchronization failure which is associated with the registration procedure and is detected by the terminal device; and

transmitting a second authentication request message indicating the synchronization failure to the first home network element.
The method of claim 3, wherein:

after transmitting the first Authentication Request message to the first home network element, the method further comprises:

transmitting, by the first home network element, a first authentication get request message to a second home network element belonging to the home network, wherein the first authentication get request message comprises the parameter and the random number;

retrieving, by the second home network element, the sequence number from the parameter in the first authentication get request message; and

after transmitting the second authentication request message indicating the synchronization failure to the first home network element, the method further comprises:

transmitting, by the first home network element, a second authentication get request message to the second home network element; and

initiating, by the second home network element, a re-synchronization procedure with the terminal device according to the sequence number.
The method of claim 4, wherein:

the serving network element comprises an AMF (Access and Mobility Management Function) or a SEAF (Security Anchor Function) ;

the first home network element comprises an AUSF (Authentication Server Function) ; and

the second home network element comprises a UDM (Unified Data Management) .
The method of claim 1, wherein the parameter comprises an authentication synchronization failure (AUTS) parameter.
A method for authenticating service request initiated from a terminal device in a communication network comprising a home network corresponding to the terminal device and a serving network serving the terminal device, performed by a serving network element belonging to the serving network, the method comprising:

receiving a first service request message triggered by the terminal device requesting service in the communication network; and

transmitting an authentication request message to a home network element belonging to the home network, wherein:

the authentication request message comprises a parameter and a random number,

the random number and the parameter are generated by the terminal device and stored in the home network element, and

the parameter corresponds to a sequence number configured by the terminal device, the random number and the sequence number are used for authenticating the terminal device with the communication network of the terminal device.
The method of claim 7, wherein before receiving the first service request message, the method further comprises:

receiving a first message from the terminal device during a registration request procedure of the terminal device, the first message comprising the random number and the parameter; and

storing the random number and the parameter.
The method of claim 8, wherein the first message comprises one of:

a registration request message; or

a NAS Security mode complete message.
The method of claim 7, wherein the first service request message comprises an N2 message sent from an access network node of the serving network.
The method of claim 7, wherein receiving the first service request message triggered by the terminal device requesting service in the communication network comprises:

receiving, by an access network node of the serving network, a second service request message requesting service in the communication network from the terminal device; and

transmitting, by the access network node, the first service request message to the serving network element.
The method of claim 11, wherein the first service request message comprises the random number and the parameter, and wherein the second service request message comprises the random number and the parameter.
The method of claim 7, wherein the authentication request message triggers the home network element to perform an authentication procedure to authenticate the terminal device in the communication network.
The method of claim 13, further comprising:

transmitting a NAS security mode command message to the terminal device, the NAS security mode command message comprising a flag requesting the terminal device to send a complete initial NAS message;

receiving a NAS security mode complete message from the terminal device, wherein the NAS security mode complete message comprises a current random number and a current parameter based on a current sequence number configured by the terminal device;

updating the random number based on the current random number; and

updating the parameter based on the current parameter.
The method of claim 14, wherein before transmitting the NAS security mode command message to the terminal device, the method further comprises:

receiving an authentication failure message indicating a synchronization failure from the terminal device, wherein the authentication failure message is triggered by a synchronization failure which is associated with the authentication procedure and is detected by the terminal device; and

transmitting a second authentication request message indicating the synchronization failure to the home network element.
The method of claim 7, wherein the serving network element comprises an AMF or a SEAF, and wherein the home network element comprises an AUSF.
The method of claim 7, wherein the parameter comprises an AUTS parameter.
A device comprising one or more processors, wherein the one or more processors are configured to implement a method in any one of claims 1-17.
A computer program product comprising a non-transitory computer-readable program medium with computer code stored thereupon, the computer code, when executed by one or more processors, causing the one or more processors to implement a method of any one of claims 1-17.