WO2024082963A1 - Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency - Google Patents

Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency Download PDF

Info

Publication number
WO2024082963A1
WO2024082963A1 PCT/CN2023/123172 CN2023123172W WO2024082963A1 WO 2024082963 A1 WO2024082963 A1 WO 2024082963A1 CN 2023123172 W CN2023123172 W CN 2023123172W WO 2024082963 A1 WO2024082963 A1 WO 2024082963A1
Authority
WO
WIPO (PCT)
Prior art keywords
cscf
key
authentication
hss
message
Prior art date
Application number
PCT/CN2023/123172
Other languages
French (fr)
Chinese (zh)
Inventor
吴作顺
刘梓淇
吴芷静
吴抒恒
Original Assignee
中电信数智科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中电信数智科技有限公司 filed Critical 中电信数智科技有限公司
Publication of WO2024082963A1 publication Critical patent/WO2024082963A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the present invention belongs to the field of emerging information technology, and specifically relates to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency.
  • the access security mechanism of IMS in 5G messaging services has two major tasks: one is to authenticate the access user; the other is to establish an IPSec security association (IPSecSA) between the UE and P-CSCF after the authentication is completed to provide security protection for subsequent SIP signaling interactions.
  • IPSecSA IPSec security association
  • the IMS-AKA mechanism is mainly used for user authentication and session key distribution.
  • SIP signaling carrying AKA parameters interacts between the UE and the IMS network authentication entity.
  • the AKA parameters are transmitted and negotiated according to the AKA mechanism, thereby realizing the access authentication and key negotiation process.
  • the security vulnerabilities exposed by the IMS-AKA mechanism include:
  • the security key negotiated between the UE and the P-CSCF through the AKA mechanism can be used to encrypt and protect the integrity of SIP signaling
  • the initial registration request message is sent before the security key is negotiated. An attacker can easily obtain the user's registration information, thereby leaking the user's privacy.
  • the UE does not authenticate the P-CSCF, the access point of the IMS core network, which provides attackers with an opportunity to impersonate a man-in-the-middle to launch an attack.
  • the technical problem to be solved by the present invention is to provide an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency based on the system architecture of international standard 5G message terminal access authentication in response to the above-mentioned deficiencies in the prior art.
  • the technical solution adopted by the present invention is:
  • An improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency, in which:
  • UE and HSS share key generation functions f3 , f4 and f5 and message authentication function H1 ;
  • UE and S-CSCF share key generation functions f3 ', f4 ' and message authentication function H2 ;
  • HSS and S-CSCF share key KHS ;
  • the UE trusts its own HSS
  • f3 is the key generation function for calculating the encryption key CK;
  • f4 is the key generation function for calculating the integrity protection key IK;
  • f5 is the key generation function for calculating the anonymous key AK;
  • H1 is the authentication function of the UE for the registration message
  • H2 is the authentication function of the S-CSCF for the response message
  • MSG U E(K i-1 , RU )
  • A1 ⁇ A1,A2,...,Ar ⁇ MAC U H 1 (K i-1 , IMPI
  • E is a single-key encryption function
  • R U is a random number encrypted with the old shared key K i-1 ;
  • TMPI i-1 is the old temporary user identity
  • f n (R U ) is an n-order Hash function, where n is the maximum number of times a service can be applied for after a successful registration;
  • ⁇ A1, A2, ..., Ar ⁇ and A1 are the set of r alternative encryption algorithms and the algorithm selected by the user respectively;
  • the S-CSCF receives the UE's registration information, leaves f n (R U ), adds a timestamp V1 to the end of MSG U according to TMPI i-1, and forwards it together with MAC U to the UE's home network HSS;
  • HSS receives MSG U and MAC U , obtains the stored IMPI according to TMPI i-1 , and decrypts it to obtain R U ;
  • MSG H RH
  • S-CSCF receives the response information returned by HSS, decrypts it to obtain E( Ki , RU ), E( Ki , RH ), keeps AK, E( Ki , RH ), TMPIi , generates a random number RS , calculates fn ( RS ); and sends MSGs and MACs to UE;
  • MSG S RH
  • MAC S H 2 (AK, MSG S )
  • the S-CSCF sends the MSG S and MAC S in the SIP response to the I-CSCF, which forwards it to the P-CSCF.
  • the P-CSCF After receiving the SIP response, the P-CSCF saves the CK and IK and forwards the rest to the UE;
  • MSG P RH
  • E( Ki , RU )timestampV2 MAC P H 2 (AK, MSG P )
  • UE receives MSG P and MAC P , generates CK, IK, AK using RH and Ki, and calculates XMAC S and E( Ki , RH );
  • the S-CSCF After successful registration and authentication, when the UE needs to perform the i-th service communication, the S-CSCF sends f ni ( RS ) to the ME.
  • the ME checks whether f(f ni ( RS )) is the same as the previously stored f n-(i-1) ( RS ). If they are the same, the identity of the S-CSCF is confirmed. The S-CSCF is legitimate and sends f ni (R U ) to the S-CSCF.
  • S-CSCF also verifies the legitimacy of the UE. If it is legitimate, two-way authentication is achieved, and a success flag is sent to the UE to start generating the encryption and integrity keys CK i and IK i required for this service communication.
  • the UE After receiving the success flag, the UE also starts to generate CK i and IK i and prepares for service communication.
  • CK i f 3 ′(CK, f ni (R U ));
  • IK i f 4 ′(IK,f ni (R U )).
  • the user When the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register and authenticate with the S-CSCF and HSS when applying for services, and update the key shared with the HSS.
  • Hash function chain and timestamp are applied in the authentication process to avoid replay attacks; IMPI and random number RU used to generate encryption key are not transmitted in plain text to avoid man-in-the-middle attacks.
  • the shared key between UE and HSS is updated each time the user registers, which avoids the leakage of the shared key.
  • the encryption algorithm is determined by free negotiation, which covers the encryption algorithm selection function.
  • FIG1 is a flow chart of registration and authentication of the present invention
  • FIG. 2 is a flow chart of service authentication and key negotiation according to the present invention.
  • the present invention provides an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency, and its prerequisites include:
  • UE and HSS share key generation functions f 3 , f 4 and f 5 , and message authentication function H 1 ;
  • UE and S-CSCF share key generation functions f 3 ', f 4 ' and message authentication function H 2 ;
  • the HSS shares a key K HS with the S-CSCF.
  • the UE trusts its own HSS.
  • f3 is the key generation function for calculating the encryption key CK;
  • f4 is the key generation function for calculating the integrity protection key IK;
  • f5 is the key generation function for calculating the anonymous key AK;
  • H1 is the authentication function of the UE for the registration message
  • H2 is the authentication function of the S-CSCF for the response message
  • the introduced f is an iterable Hash function with a maximum number of iterations of n; E is a single-key encryption function.
  • MSG U includes:
  • ME sends MSG U and message authentication code MAC U.
  • MSG U E(K i-1 , RU )
  • A1 ⁇ A1,A2,...,Ar ⁇ MAC U H 1 (K i-1 , IMPI
  • the S-CSCF receives the UE's registration information, leaves f n (R U ), adds a timestamp V1 to the end of MSG U according to TMPI i-1 , and forwards it together with MAC U to its home network HSS;
  • HSS receives MSG U and MAC U , obtains the stored IMPI according to TMPI i-1 , and decrypts it to obtain R U ;
  • S-CSCF receives the response information returned by HSS, decrypts it to obtain E( Ki , RU ), E( Ki , RH ), keeps AK, E( Ki , RH ), TMPIi , generates a random number RS , calculates fn ( RS ); and sends MSGs and MACs to UE;
  • MSG S RH
  • MAC S H 2 (AK, MSG S )
  • the S-CSCF sends the MSG S and MAC S in the SIP response to the I-CSCF, which forwards it to the P-CSCF.
  • the P-CSCF After receiving the SIP response, the P-CSCF saves the CK and IK and forwards the rest to the UE;
  • MSG P RH
  • E( Ki , RU )timestampV2 MAC P H 2 (AK, MSG P )
  • UE receives MSG P and MAC P , generates CK, IK, AK using RH and Ki, and calculates XMAC S and E( Ki , RH );
  • RES E(K i , RH )
  • the S-CSCF After successful registration and authentication, when the UE needs to conduct the i-th service communication, the S-CSCF will send f ni (R S ) to the ME; the ME needs to check whether f(f ni (R S )) is the same as the previously stored f n-(i-1) (R S ). If they are the same, the identity of the S-CSCF is confirmed and f ni (R U ) is sent to the S-CSCF.
  • S-CSCF also verifies the legitimacy of the UE. If it is legitimate, two-way authentication is achieved, and a success flag is sent to the UE to start generating the encryption and integrity keys CK i and IK i required for this service communication.
  • the UE After receiving the success flag, the UE also starts to generate CK i and IK i and prepares for service communication, as shown in Figure 2.
  • CK i f 3 ′(CK, f ni (R U ));
  • IK i f 4 ′(IK,f ni (R U )).
  • the user When the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register and authenticate with the S-CSCF and HSS when applying for services, and update the key shared with the HSS.
  • UE user
  • P-CSCF unified entry point for IMS visited networks
  • I-CSCF entry point to the IMS home network
  • S-CSCF IMS signaling plane core node location
  • HSS Home Subscriber Server, belonging to the contracted user server

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed in the present invention is an improved 5G message RCS access authentication IMS-AKA method capable of balancing security and efficiency. The method comprises: a UE and an HSS sharing key generation functions f3, f4 and f5 and a message authentication function H1; the UE and an S-CSCF sharing key generation functions f3' and f4' and a message authentication function H2; the HSS and the S-CSCF sharing a key KHS; the UE and the HSS respectively generating random numbers; synchronizing a system clock; the UE trusting its own HSS; and on the basis of the above content, implementing UE registration authentication and key negotiation, and service authentication and key negotiation. Accordingly, an attack from a false base station, access by a fake user, a replay attack, a man-in-the-middle attack, and leakage of a shared key can be avoided, and a fake user can be prevented from being entitled to encrypted communication, thereby saving on the network-end overheads.

Description

一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法An improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency 技术领域Technical Field
本发明属于新兴信息技术领域,具体涉及一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法。The present invention belongs to the field of emerging information technology, and specifically relates to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency.
背景技术Background technique
5G消息业务中IMS的接入安全机制承担着两大任务:一是对接入用户的鉴权;二是在鉴权结束之后,在UE和P-CSCF之间建立IPSec安全关联(IPSecSA),为后续SIP信令的交互提供安全保护。The access security mechanism of IMS in 5G messaging services has two major tasks: one is to authenticate the access user; the other is to establish an IPSec security association (IPSecSA) between the UE and P-CSCF after the authentication is completed to provide security protection for subsequent SIP signaling interactions.
IMS-AKA机制主要用于用户的鉴权和会话密钥的分发,在IMS的注册过程中,携带AKA参数的SIP信令在UE和IMS网络鉴权实体之间进行交互,按照AKA机制来传输和协商AKA参数,从而实现接入鉴权和密钥协商的过程。The IMS-AKA mechanism is mainly used for user authentication and session key distribution. During the IMS registration process, SIP signaling carrying AKA parameters interacts between the UE and the IMS network authentication entity. The AKA parameters are transmitted and negotiated according to the AKA mechanism, thereby realizing the access authentication and key negotiation process.
在实际应用中,IMS-AKA机制所暴露出的安全漏洞有:In actual applications, the security vulnerabilities exposed by the IMS-AKA mechanism include:
(1)虽然UE和P-CSCF之间可以通过AKA机制协商的安全性密钥对SIP信令进行加密性和完整性保护,但初始注册请求消息却是在安全密钥尚未协商的时候发送的,攻击者可以轻而易举地获取用户的注册信息,从而造成用户隐私泄密。(1) Although the security key negotiated between the UE and the P-CSCF through the AKA mechanism can be used to encrypt and protect the integrity of SIP signaling, the initial registration request message is sent before the security key is negotiated. An attacker can easily obtain the user's registration information, thereby leaking the user's privacy.
(2)向IMS网络注册时,至少需要发送两次注册请求,用户与网络之间的SIP交互过于繁琐,并且SIP消息携带的鉴权头域带有众多AKA参数,导致SIP消息长度大幅增加。由于网络带宽的限制,传输延迟将会十分明显,用户通过注册接入网络的耗时将会比较长,影响用户的使用体验。(2) When registering with the IMS network, at least two registration requests need to be sent. The SIP interaction between the user and the network is too cumbersome, and the authentication header field carried by the SIP message contains many AKA parameters, which greatly increases the length of the SIP message. Due to the limitation of network bandwidth, the transmission delay will be very obvious, and it will take a long time for users to access the network through registration, which affects the user experience.
(3)在基于AKA的接入鉴权过程中,UE并没有对IMS核心网络的接入点P-CSCF进行身份鉴权,会给攻击者提供冒充中间人实施攻击的机会。(3) During the AKA-based access authentication process, the UE does not authenticate the P-CSCF, the access point of the IMS core network, which provides attackers with an opportunity to impersonate a man-in-the-middle to launch an attack.
针对上述问题,需要研究均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法。To address the above issues, it is necessary to study an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency.
发明内容Summary of the invention
本发明所要解决的技术问题是针对上述现有技术的不足,在国际标准5G消息终端接入鉴权的体系架构基础上,提供一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法。The technical problem to be solved by the present invention is to provide an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency based on the system architecture of international standard 5G message terminal access authentication in response to the above-mentioned deficiencies in the prior art.
为实现上述技术目的,本发明采取的技术方案为: In order to achieve the above technical objectives, the technical solution adopted by the present invention is:
一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,该方法中,An improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency, in which:
(1)UE与HSS共享密钥生成函数f3、f4和f5及消息鉴权函数H1;UE与S-CSCF共享密钥生成函数f3’、f4’及消息鉴权函数H2;HSS与S-CSCF共享密钥KHS(1) UE and HSS share key generation functions f3 , f4 and f5 and message authentication function H1 ; UE and S-CSCF share key generation functions f3 ', f4 ' and message authentication function H2 ; HSS and S-CSCF share key KHS ;
(2)UE和HSS各自产生随机数;(2) The UE and HSS each generate a random number;
(3)系统时钟同步;(3) System clock synchronization;
(4)UE信任自己归属HSS;(4) The UE trusts its own HSS;
其中,f3为计算加密密钥CK的密钥生成函数;f4为计算完整性保护密钥IK的密钥生成函数;f5为计算匿名密钥AK的密钥生成函数;Wherein, f3 is the key generation function for calculating the encryption key CK; f4 is the key generation function for calculating the integrity protection key IK; f5 is the key generation function for calculating the anonymous key AK;
H1为UE对注册消息的鉴权函数;H2为S-CSCF对响应消息的鉴权函数; H1 is the authentication function of the UE for the registration message; H2 is the authentication function of the S-CSCF for the response message;
f3’为迭代加密密钥CK的生成函数;f4’为迭代完整性保护密钥IK的生成函数;f 3 ' is a generation function of the iterative encryption key CK; f 4 ' is a generation function of the iterative integrity protection key IK;
基于上述(1)-(4)实现UE注册鉴权与密钥协商以及业务鉴权与密钥协商。Based on the above (1)-(4), UE registration authentication and key negotiation as well as service authentication and key negotiation are implemented.
为优化上述技术方案,采取的具体措施还包括:To optimize the above technical solutions, the specific measures taken also include:
上述的UE注册鉴权与密钥协商应用Hash函数链和时戳实现注册鉴权与密钥协商。The above-mentioned UE registration authentication and key agreement apply Hash function chain and timestamp to implement registration authentication and key agreement.
上述的UE注册鉴权与密钥协商过程为:The above UE registration authentication and key negotiation process is:
(1)UE发起注册,ME发送注册消息MSGU和消息鉴权码MACU
MSGU=E(Ki-1,RU)||TMPIi-1||fn(RU)||A1{A1,A2,...,Ar}
MACU=H1(Ki-1,IMPI||MSGU)(1) UE initiates registration, and ME sends a registration message MSG U and a message authentication code MAC U ;
MSG U =E(K i-1 , RU )||TMPI i-1 ||f n ( RU )||A1{A1,A2,...,Ar}
MAC U =H 1 (K i-1 , IMPI || MSG U )
其中,E为单钥加密函数;Where E is a single-key encryption function;
RU为用旧的共享密钥Ki-1加密的随机数;R U is a random number encrypted with the old shared key K i-1 ;
TMPIi-1为旧的临时用户标识;TMPI i-1 is the old temporary user identity;
fn(RU)为n次Hash函数,其中,n为一次注册成功后可申请服务的最大次数;f n (R U ) is an n-order Hash function, where n is the maximum number of times a service can be applied for after a successful registration;
{A1,A2,...,Ar}和A1分别为r个备选的加密算法集和用户选择的算法;{A1, A2, ..., Ar} and A1 are the set of r alternative encryption algorithms and the algorithm selected by the user respectively;
(2)S-CSCF收到UE的注册信息,留下fn(RU),根据TMPIi-1将MSGU末尾加上时戳timestampV1和MACU一起转发给UE的归属网络HSS;(2) The S-CSCF receives the UE's registration information, leaves f n (R U ), adds a timestamp V1 to the end of MSG U according to TMPI i-1, and forwards it together with MAC U to the UE's home network HSS;
(3)HSS收到MSGU和MACU,根据TMPIi-1得到存储的IMPI,解密得到RU(3) HSS receives MSG U and MAC U , obtains the stored IMPI according to TMPI i-1 , and decrypts it to obtain R U ;
计算出XMACU,检验XMACU和MACU是否一致,再检验timestampV1是否合法,合法则HSS鉴权UE成功,不合法则重新同步系统时钟,重新发起注册;Calculate XMAC U , check whether XMAC U and MAC U are consistent, and then check whether timestampV1 is legal. If it is legal, HSS authenticates UE successfully. If it is not legal, resynchronize the system clock and re-initiate registration;
注册成功后HSS要选取随机数RH,决定是否同意UE选择的加密算法A1,若不同意则在给定的备选加密算法中选取一个作为本次注册使用的加密算法Ai;产生新的TMPIi,产生新的密钥Ki=E(Ki-1,RURH),并用RH和Ki生成CK、IK和AK;用HSS和S-CSCF的共享密钥KHS加密 E(Ki,RU);随后把注册响应信息MSGH回发给S-CSCF;
MSGH=RH||AK||TMPIi||Ai||E(KHS,E(Ki,RU))||CK||IK||E(Ki,RH))After successful registration, HSS selects a random number RH to decide whether to agree with the encryption algorithm A1 selected by UE. If not, it selects an encryption algorithm Ai from the given alternative encryption algorithms as the encryption algorithm Ai for this registration; generates a new TMPIi , generates a new key Ki = E( Ki-1 , RURH ), and uses RH and Ki to generate CK, IK and AK; encrypts the ciphertext with the shared key KHS of HSS and S-CSCF . E(Ki, R U ); then send the registration response message MSG H back to S-CSCF;
MSG H = RH ||AK||TMPI i ||A i ||E(K HS , E(K i , RU ))||CK||IK||E(K i , RH ))
(4)S-CSCF收到HSS返回的响应信息,解密得到E(Ki,RU)、E(Ki,RH),留下AK、E(Ki,RH)、TMPIi,产生随机数RS,计算fn(RS);把MSGS、MACS发送给UE;
MSGS=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)||CK||IK||timestampV2
MACS=H2(AK,MSGS)(4) S-CSCF receives the response information returned by HSS, decrypts it to obtain E( Ki , RU ), E( Ki , RH ), keeps AK, E( Ki , RH ), TMPIi , generates a random number RS , calculates fn ( RS ); and sends MSGs and MACs to UE;
MSG S = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )||CK||IK||timestampV2
MAC S =H 2 (AK, MSG S )
(5)S-CSCF将MSGS、MACS在SIP应答中发给I-CSCF,由其转发给P-CSCF;(5) The S-CSCF sends the MSG S and MAC S in the SIP response to the I-CSCF, which forwards it to the P-CSCF.
P-CSCF收到SIP应答之后,保存CK和IK,将其余部分转发给UE;
MSGP=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)timestampV2
MACP=H2(AK,MSGP)After receiving the SIP response, the P-CSCF saves the CK and IK and forwards the rest to the UE;
MSG P = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )timestampV2
MAC P =H 2 (AK, MSG P )
(6)UE收到MSGP、MACP,用RH和Ki生成CK、IK、AK,计算XMACS和E(Ki,RH);(6) UE receives MSG P and MAC P , generates CK, IK, AK using RH and Ki, and calculates XMAC S and E( Ki , RH );
检验与MACS是否一致;用Ki解密E(Ki,RH),检验RU是否为当初选择的随机数;检验时戳的合法性,全部通过则UE鉴权S-CSCF成功,UE留下TMPIi作为这次注册的临时用户标识,接受HSS选择的算法Ai作为加密算法进行业务数据传输;Check whether it is consistent with MAC S ; use Ki to decrypt E( Ki , RH ) and check whether RU is the random number selected at the beginning; check the legitimacy of the timestamp. If all pass, the UE successfully authenticates the S-CSCF. The UE leaves TMPI i as the temporary user identity for this registration and accepts the algorithm Ai selected by HSS as the encryption algorithm for service data transmission;
同时向S-CSCF发送RES;
RES=E(Ki,RH)At the same time, RES is sent to S-CSCF;
RES=E(K iRH )
(7)检验XRES=E(Ki,RH)与RES是否一致,一致则S-CSCF鉴权UE成功。(7) Check whether XRES=E(K i , RH ) is consistent with RES. If they are consistent, the S-CSCF successfully authenticates the UE.
上述的业务鉴权与密钥协商过程为:The above service authentication and key negotiation process is as follows:
注册鉴权成功之后,UE需要进行第i次业务通信时,S-CSCF向ME发送fn-i(RS),ME检查f(fn-i(RS))是否与之前存储的上一次的fn-(i-1)(RS)相同,相同则确认S-CSCF的身份,S-CSCF合法,向S-CSCF发送fn-i(RU);After successful registration and authentication, when the UE needs to perform the i-th service communication, the S-CSCF sends f ni ( RS ) to the ME. The ME checks whether f(f ni ( RS )) is the same as the previously stored f n-(i-1) ( RS ). If they are the same, the identity of the S-CSCF is confirmed. The S-CSCF is legitimate and sends f ni (R U ) to the S-CSCF.
S-CSCF同样检验UE的合法性,合法则达成双向鉴权,向UE发送成功标志,开始产生本次业务通信所需的加密和完整性密钥CKi、IKiS-CSCF also verifies the legitimacy of the UE. If it is legitimate, two-way authentication is achieved, and a success flag is sent to the UE to start generating the encryption and integrity keys CK i and IK i required for this service communication.
UE收到成功标志后也开始产生CKi、IKi,准备进行业务通信。
CKi=f3’(CK,fn-i(RU));
IKi=f4’(IK,fn-i(RU))。After receiving the success flag, the UE also starts to generate CK i and IK i and prepares for service communication.
CK i = f 3 ′(CK, f ni (R U ));
IK i =f 4 ′(IK,f ni (R U )).
在当业务次数达到Hash函数链上限n时,用户申请业务时需要重新向S-CSCF和HSS注册鉴权,并更新与HSS共享的密钥。When the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register and authenticate with the S-CSCF and HSS when applying for services, and update the key shared with the HSS.
本发明具有以下有益效果:The present invention has the following beneficial effects:
(1)实现HSS对UE的鉴权、UE和S-CSCF的双向鉴权,避免了假基站攻击和假冒用 户入网。鉴权过程中应用Hash函数链和时戳,避免了重放攻击;无明文传送IMPI和用来产生加密密钥的随机数RU,避免了中间人攻击。(1) Implement HSS authentication of UE and bidirectional authentication of UE and S-CSCF, avoiding attacks by fake base stations and fake users. Hash function chain and timestamp are applied in the authentication process to avoid replay attacks; IMPI and random number RU used to generate encryption key are not transmitted in plain text to avoid man-in-the-middle attacks.
(2)UE与HSS的共享密钥在每次用户注册时更新,避免了共享密钥泄漏;自由协商确定加密算法,涵盖了加密算法选择功能。(2) The shared key between UE and HSS is updated each time the user registers, which avoids the leakage of the shared key. The encryption algorithm is determined by free negotiation, which covers the encryption algorithm selection function.
(3)无明文传输CK、IK,避免假冒用户享受加密通信。(3) CK and IK are not transmitted in plain text to prevent fake users from enjoying encrypted communications.
(4)用户每次入网注册鉴权成功后,执行业务鉴权无需参HSS与,节约网络端开销。(4) After each user successfully registers and authenticates, service authentication does not require the participation of the HSS, saving network overhead.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本发明注册鉴权流程图;FIG1 is a flow chart of registration and authentication of the present invention;
图2为本发明业务鉴权与密钥协商流程图。FIG. 2 is a flow chart of service authentication and key negotiation according to the present invention.
具体实施方式Detailed ways
以下结合附图对本发明的实施例作进一步详细描述。The embodiments of the present invention are further described in detail below with reference to the accompanying drawings.
本发明的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其前提条件包括:The present invention provides an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency, and its prerequisites include:
(1)UE与HSS共享密钥生成函数f3、f4和f5,及消息鉴权函数H1(1) UE and HSS share key generation functions f 3 , f 4 and f 5 , and message authentication function H 1 ;
UE与S-CSCF共享密钥生成函数f3’、f4’及消息鉴权函数H2UE and S-CSCF share key generation functions f 3 ', f 4 ' and message authentication function H 2 ;
HSS与S-CSCF共享密钥KHSThe HSS shares a key K HS with the S-CSCF.
(2)UE和HSS各自产生随机数。(2) The UE and HSS each generate a random number.
(3)系统时钟同步;(3) System clock synchronization;
(4)UE信任自己归属HSS。(4) The UE trusts its own HSS.
其中,f3为计算加密密钥CK的密钥生成函数;f4为计算完整性保护密钥IK的密钥生成函数;f5为计算匿名密钥AK的密钥生成函数;Wherein, f3 is the key generation function for calculating the encryption key CK; f4 is the key generation function for calculating the integrity protection key IK; f5 is the key generation function for calculating the anonymous key AK;
H1为UE对注册消息的鉴权函数;H2为S-CSCF对响应消息的鉴权函数; H1 is the authentication function of the UE for the registration message; H2 is the authentication function of the S-CSCF for the response message;
f3’为迭代加密密钥CK的生成函数;f4’为迭代完整性保护密钥IK的生成函数;f 3 ' is a generation function of the iterative encryption key CK; f 4 ' is a generation function of the iterative integrity protection key IK;
基于上述(1)-(4)可实现UE注册鉴权与密钥协商以及业务鉴权与密钥协商。Based on the above (1)-(4), UE registration authentication and key negotiation as well as service authentication and key negotiation can be realized.
UE注册鉴权与密钥协商:UE registration authentication and key negotiation:
引入的f为可以迭代的Hash函数,最大迭代次数为n;E为单钥加密函数。The introduced f is an iterable Hash function with a maximum number of iterations of n; E is a single-key encryption function.
具体流程如图1所示:The specific process is shown in Figure 1:
(1)UE发起注册,产生注册消息MSGU(1) UE initiates registration and generates a registration message MSG U ,
MSGU包括: MSG U includes:
用旧的共享密钥Ki-1加密的随机数RU,旧的临时用户标识TMPIi-1The random number R U encrypted with the old shared key K i-1 , the old temporary user identity TMPI i-1 ;
n次Hash函数fn(RU),其中n为一次注册成功后可申请服务的最大次数,可视系统具体情况而定;n-times Hash function f n (R U ), where n is the maximum number of times a service can be applied for after a successful registration, which can be determined according to the specific situation of the system;
r个备选的加密算法集{A1,A2,...,Ar}和用户选择的算法A1。A set of r alternative encryption algorithms {A1, A2, ..., Ar} and the algorithm A1 selected by the user.
具体的:specific:
ME发送MSGU和消息鉴权码MACUME sends MSG U and message authentication code MAC U.
其中,MSGU=E(Ki-1,RU)||TMPIi-1||fn(RU)||A1{A1,A2,...,Ar}
MACU=H1(Ki-1,IMPI||MSGU)Wherein, MSG U =E(K i-1 , RU )||TMPI i-1 ||f n ( RU )||A1{A1,A2,...,Ar}
MAC U =H 1 (K i-1 , IMPI || MSG U )
(2)S-CSCF收到UE的注册信息,留下fn(RU),根据TMPIi-1将MSGU末尾加上时戳timestampV1和MACU一起转发给其归属网络HSS;(2) The S-CSCF receives the UE's registration information, leaves f n (R U ), adds a timestamp V1 to the end of MSG U according to TMPI i-1 , and forwards it together with MAC U to its home network HSS;
(3)HSS收到MSGU和MACU,根据TMPIi-1得到存储的IMPI,解密得到RU(3) HSS receives MSG U and MAC U , obtains the stored IMPI according to TMPI i-1 , and decrypts it to obtain R U ;
计算出XMACU,检验XMACU和MACU是否一致,再检验timestampV1是否合法,合法则HSS鉴权UE成功,不合法则重新同步系统时钟,重新发起注册。Calculate XMAC U , check whether XMAC U and MAC U are consistent, and then check whether timestampV1 is legal. If it is legal, HSS authenticates UE successfully. If it is illegal, resynchronize the system clock and re-initiate registration.
注册成功后HSS要选取随机数RH,决定是否同意UE选择的加密算法A1,若不同意则在给定的备选加密算法中选取一个作为本次注册使用的加密算法Ai;产生新的TMPIi,产生新的密钥Ki=E(Ki-1,RURH),并用RH和Ki生成CK、IK和AK;用HSS和S-CSCF的共享密钥KHS加密E(Ki,RU);随后把注册响应信息MSGH回发给S-CSCF;
MSGH=RH||AK||TMPIi||Ai||E(KHS,E(Ki,RU))||CK||IK||E(Ki,RH))After successful registration, HSS selects a random number RH to decide whether to agree with the encryption algorithm A1 selected by UE. If not, it selects an encryption algorithm Ai from the given alternative encryption algorithms as the encryption algorithm Ai for this registration; generates a new TMPIi , generates a new key Ki = E( Ki-1 , RURH ), and generates CK, IK and AK with RH and Ki ; encrypts E(Ki, RU ) with the shared key KHS of HSS and S-CSCF; then sends the registration response message MSGH back to S-CSCF;
MSG H = RH ||AK||TMPI i ||A i ||E(K HS , E(K i , RU ))||CK||IK||E(K i , RH ))
(4)S-CSCF收到HSS返回的响应信息,解密得到E(Ki,RU)、E(Ki,RH),留下AK、E(Ki,RH)、TMPIi,产生随机数RS,计算fn(RS);把MSGS、MACS发送给UE;
MSGS=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)||CK||IK||timestampV2
MACS=H2(AK,MSGS)(4) S-CSCF receives the response information returned by HSS, decrypts it to obtain E( Ki , RU ), E( Ki , RH ), keeps AK, E( Ki , RH ), TMPIi , generates a random number RS , calculates fn ( RS ); and sends MSGs and MACs to UE;
MSG S = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )||CK||IK||timestampV2
MAC S =H 2 (AK, MSG S )
(5)S-CSCF将MSGS、MACS在SIP应答中发给I-CSCF,由其转发给P-CSCF;(5) The S-CSCF sends the MSG S and MAC S in the SIP response to the I-CSCF, which forwards it to the P-CSCF.
P-CSCF收到该SIP应答之后,保存CK和IK,将其余部分转发给UE;
MSGP=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)timestampV2
MACP=H2(AK,MSGP)After receiving the SIP response, the P-CSCF saves the CK and IK and forwards the rest to the UE;
MSG P = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )timestampV2
MAC P =H 2 (AK, MSG P )
(6)UE收到MSGP、MACP,用RH和Ki生成CK、IK、AK,计算XMACS和E(Ki,RH);(6) UE receives MSG P and MAC P , generates CK, IK, AK using RH and Ki, and calculates XMAC S and E( Ki , RH );
检验与MACS是否一致;用Ki解密E(Ki,RH),检验RU是否为当初选择的随机数;检验时戳的合法性,全部通过则UE鉴权S-CSCF成功,UE留下TMPIi作为这次注册的临时用户标识,接受HSS选择的算法Ai作为加密算法进行业务数据传输。 Check whether it is consistent with MAC S ; use Ki to decrypt E( Ki , RH ) and check whether RU is the random number selected at the beginning; check the legitimacy of the timestamp. If all pass, the UE successfully authenticates the S-CSCF. The UE leaves TMPIi as the temporary user identity for this registration and accepts the algorithm Ai selected by the HSS as the encryption algorithm for business data transmission.
同时向S-CSCF发送RES。
RES=E(Ki,RH)At the same time, RES is sent to S-CSCF.
RES=E(K iRH )
(7)检验XRES=E(Ki,RH)与RES是否一致,一致则S-CSCF鉴权UE成功。(7) Check whether XRES=E(K i , RH ) is consistent with RES. If they are consistent, the S-CSCF successfully authenticates the UE.
业务鉴权与密钥协商:Service authentication and key negotiation:
注册鉴权成功之后,UE需要进行第i次业务通信时,S-CSCF要向ME发送fn-i(RS);ME需要检查f(fn-i(RS))是否与之前存储的上一次的fn-(i-1)(RS)相同,相同则确认了S-CSCF的身份,并向S-CSCF发送fn-i(RU)。After successful registration and authentication, when the UE needs to conduct the i-th service communication, the S-CSCF will send f ni (R S ) to the ME; the ME needs to check whether f(f ni (R S )) is the same as the previously stored f n-(i-1) (R S ). If they are the same, the identity of the S-CSCF is confirmed and f ni (R U ) is sent to the S-CSCF.
S-CSCF同样检验UE的合法性,合法则达成双向鉴权,向UE发送成功标志,开始产生本次业务通信所需的加密和完整性密钥CKi、IKiS-CSCF also verifies the legitimacy of the UE. If it is legitimate, two-way authentication is achieved, and a success flag is sent to the UE to start generating the encryption and integrity keys CK i and IK i required for this service communication.
UE收到成功标志后也开始产生CKi、IKi,准备进行业务通信。如图2所示。
CKi=f3’(CK,fn-i(RU));
IKi=f4’(IK,fn-i(RU))。After receiving the success flag, the UE also starts to generate CK i and IK i and prepares for service communication, as shown in Figure 2.
CK i = f 3 ′(CK, f ni (R U ));
IK i =f 4 ′(IK,f ni (R U )).
在当业务次数达到Hash函数链上限n时,用户申请业务时需要重新向S-CSCF和HSS注册鉴权,并更新与HSS共享的密钥。When the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register and authenticate with the S-CSCF and HSS when applying for services, and update the key shared with the HSS.
本发明中部分缩略词说明如下:Some abbreviations in the present invention are explained as follows:
UE:用户;UE: user;
P-CSCF:IMS拜访网络的统一入口点;P-CSCF: unified entry point for IMS visited networks;
I-CSCF:IMS归属网络的入口点;I-CSCF: entry point to the IMS home network;
S-CSCF:IMS信令平面核心节点位置;S-CSCF: IMS signaling plane core node location;
HSS:Home Subscriber Server,归属签约用户服务器;HSS: Home Subscriber Server, belonging to the contracted user server;
ME:移动设备。ME: Mobile device.
以上仅是本发明的优选实施方式,本发明的保护范围并不仅局限于上述实施例,凡属于本发明思路下的技术方案均属于本发明的保护范围。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理前提下的若干改进和润饰,应视为本发明的保护范围。 The above are only preferred embodiments of the present invention. The protection scope of the present invention is not limited to the above embodiments. All technical solutions under the concept of the present invention belong to the protection scope of the present invention. It should be pointed out that for ordinary technicians in this technical field, some improvements and modifications without departing from the principle of the present invention should be regarded as the protection scope of the present invention.

Claims (6)

  1. 一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,该方法中,An improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency, characterized in that, in this method,
    (1)UE与HSS共享密钥生成函数f3、f4和f5及消息鉴权函数H1;UE与S-CSCF共享密钥生成函数f3’、f4’及消息鉴权函数H2;HSS与S-CSCF共享密钥KHS(1) UE and HSS share key generation functions f3 , f4 and f5 and message authentication function H1 ; UE and S-CSCF share key generation functions f3 ', f4 ' and message authentication function H2 ; HSS and S-CSCF share key KHS ;
    (2)UE和HSS各自产生随机数;(2) The UE and HSS each generate a random number;
    (3)系统时钟同步;(3) System clock synchronization;
    (4)UE信任自己归属HSS;(4) The UE trusts its own HSS;
    其中,f3为计算加密密钥CK的密钥生成函数;f4为计算完整性保护密钥IK的密钥生成函数;f5为计算匿名密钥AK的密钥生成函数;Wherein, f3 is the key generation function for calculating the encryption key CK; f4 is the key generation function for calculating the integrity protection key IK; f5 is the key generation function for calculating the anonymous key AK;
    H1为UE对注册消息的鉴权函数;H2为S-CSCF对响应消息的鉴权函数; H1 is the authentication function of the UE for the registration message; H2 is the authentication function of the S-CSCF for the response message;
    f3’为迭代加密密钥CK的生成函数;f4’为迭代完整性保护密钥IK的生成函数;f 3 ' is a generation function of the iterative encryption key CK; f 4 ' is a generation function of the iterative integrity protection key IK;
    基于上述(1)-(4)实现UE注册鉴权与密钥协商以及业务鉴权与密钥协商。Based on the above (1)-(4), UE registration authentication and key negotiation as well as service authentication and key negotiation are implemented.
  2. 根据权利要求1所述的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,所述UE注册鉴权与密钥协商应用Hash函数链和时戳实现注册鉴权与密钥协商。According to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency according to claim 1, it is characterized in that the UE registration authentication and key negotiation apply hash function chain and timestamp to implement registration authentication and key negotiation.
  3. 根据权利要求2所述的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,所述UE注册鉴权与密钥协商过程为:According to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency according to claim 2, it is characterized in that the UE registration authentication and key negotiation process is:
    (1)UE发起注册,ME发送注册消息MSGU和消息鉴权码MACU
    MSGU=E(Ki-1,RU)||TMPIi-1||fn(RU)||A1{A1,A2,...,Ar}
    MACU=H1(Ki-1,IMPI||MSGU)    (1) UE initiates registration, and ME sends a registration message MSG U and a message authentication code MAC U ;
    MSG U =E(K i-1 , RU )||TMPI i-1 ||f n ( RU )||A1{A1,A2,...,Ar}
    MAC U =H 1 (K i-1 , IMPI || MSG U )
    其中,E为单钥加密函数;Where E is a single-key encryption function;
    RU为用旧的共享密钥Ki-1加密的随机数;R U is a random number encrypted with the old shared key K i-1 ;
    TMPIi-1为旧的临时用户标识;TMPI i-1 is the old temporary user identity;
    fn(RU)为n次Hash函数,其中,n为一次注册成功后可申请服务的最大次数;f n (R U ) is an n-order Hash function, where n is the maximum number of times a service can be applied for after a successful registration;
    {A1,A2,...,Ar}和A1分别为r个备选的加密算法集和用户选择的算法;{A1, A2, ..., Ar} and A1 are the set of r alternative encryption algorithms and the algorithm selected by the user respectively;
    (2)S-CSCF收到UE的注册信息,留下fn(RU),根据TMPIi-1将MSGU末尾加上时戳timestampV1和MACU一起转发给UE的归属网络HSS;(2) The S-CSCF receives the UE's registration information, leaves f n (R U ), adds a timestamp V1 to the end of MSG U according to TMPI i-1, and forwards it together with MAC U to the UE's home network HSS;
    (3)HSS收到MSGU和MACU,根据TMPIi-1得到存储的IMPI,解密得到RU(3) HSS receives MSG U and MAC U , obtains the stored IMPI according to TMPI i-1 , and decrypts it to obtain R U ;
    计算出XMACU,检验XMACU和MACU是否一致,再检验timestampV1是否合法,合法则HSS鉴权UE成功,不合法则重新同步系统时钟,重新发起注册; Calculate XMAC U , check whether XMAC U and MAC U are consistent, and then check whether timestampV1 is legal. If it is legal, HSS authenticates UE successfully. If it is not legal, resynchronize the system clock and re-initiate registration;
    注册成功后HSS选取随机数RH,决定是否同意UE选择的加密算法A1,若不同意则在给定的备选加密算法中选取一个作为本次注册使用的加密算法Ai;产生新的TMPIi,产生新的密钥Ki=E(Ki-1,RURH),并用RH和Ki生成CK、IK和AK;用HSS和S-CSCF的共享密钥KHS加密E(Ki,RU);随后把注册响应信息MSGH回发给S-CSCF;
    MSGH=RH||AK||TMPIi||Ai||E(KHS,E(Ki,RU))||CK||IK||E(Ki,RH))    After successful registration, HSS selects a random number RH to decide whether to agree with the encryption algorithm A1 selected by UE. If not, it selects an encryption algorithm Ai from the given alternative encryption algorithms as the encryption algorithm Ai for this registration; generates a new TMPIi , generates a new key Ki = E( Ki-1 , RURH ), and generates CK, IK and AK with RH and Ki ; encrypts E(Ki, RU ) with the shared key KHS of HSS and S-CSCF; then sends the registration response message MSGH back to S-CSCF;
    MSG H = RH ||AK||TMPI i ||A i ||E(K HS , E(K i , RU ))||CK||IK||E(K i , RH ))
    (4)S-CSCF收到HSS返回的响应信息,解密得到E(Ki,RU)、E(Ki,RH),留下AK、E(Ki,RH)、TMPIi,产生随机数RS,计算fn(RS);把MSGS、MACS发送给UE;
    MSGS=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)||CK||IK||timestampV2
    MACS=H2(AK,MSGS)    (4) S-CSCF receives the response information returned by HSS, decrypts it to obtain E( Ki , RU ), E( Ki , RH ), keeps AK, E( Ki , RH ), TMPIi , generates a random number RS , calculates fn ( RS ); and sends MSGs and MACs to UE;
    MSG S = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )||CK||IK||timestampV2
    MAC S =H 2 (AK, MSG S )
    (5)S-CSCF将MSGS、MACS在SIP应答中发给I-CSCF,由其转发给P-CSCF;(5) The S-CSCF sends the MSG S and MAC S in the SIP response to the I-CSCF, which forwards it to the P-CSCF.
    P-CSCF收到SIP应答之后,保存CK和IK,将其余部分转发给UE;
    MSGP=RH||TMPIi||Ai||fn(RS)||E(Ki,RU)timestampV2
    MACP=H2(AK,MSGP)    After receiving the SIP response, the P-CSCF saves the CK and IK and forwards the rest to the UE;
    MSG P = RH || TMPIi || Ai || fn ( RS )||E( Ki , RU )timestampV2
    MAC P =H 2 (AK, MSG P )
    (6)UE收到MSGP、MACP,用RH和Ki生成CK、IK、AK,计算XMACS和E(Ki,RH);(6) UE receives MSG P and MAC P , generates CK, IK, AK using RH and Ki, and calculates XMAC S and E( Ki , RH );
    检验与MACS是否一致;用Ki解密E(Ki,RH),检验RU是否为当初选择的随机数;检验时戳的合法性,全部通过则UE鉴权S-CSCF成功,UE留下TMPIi作为这次注册的临时用户标识,接受HSS选择的算法Ai作为加密算法进行业务数据传输;Check whether it is consistent with MAC S ; use Ki to decrypt E( Ki , RH ) and check whether RU is the random number selected at the beginning; check the legitimacy of the timestamp. If all pass, the UE successfully authenticates the S-CSCF. The UE leaves TMPI i as the temporary user identity for this registration and accepts the algorithm Ai selected by HSS as the encryption algorithm for service data transmission;
    同时向S-CSCF发送RES;
    RES=E(Ki,RH)    At the same time, RES is sent to S-CSCF;
    RES=E(K iRH )
    (7)检验XRES=E(Ki,RH)与RES是否一致,一致则S-CSCF鉴权UE成功。(7) Check whether XRES=E(K i , RH ) is consistent with RES. If they are consistent, the S-CSCF successfully authenticates the UE.
  4. 根据权利要求1所述的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,所述业务鉴权与密钥协商过程为:According to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency according to claim 1, it is characterized in that the service authentication and key negotiation process is:
    注册鉴权成功之后,UE需要进行第i次业务通信时,S-CSCF向ME发送fn-i(RS),ME检查f(fn-i(RS))是否与之前存储的上一次的fn-(i-1)(RS)相同,相同则确认S-CSCF的身份,S-CSCF合法,向S-CSCF发送fn-i(RU);After successful registration and authentication, when the UE needs to perform the i-th service communication, the S-CSCF sends f ni ( RS ) to the ME. The ME checks whether f(f ni ( RS )) is the same as the previously stored f n-(i-1) ( RS ). If they are the same, the identity of the S-CSCF is confirmed. The S-CSCF is legitimate and sends f ni (R U ) to the S-CSCF.
    S-CSCF同样检验UE的合法性,合法则达成双向鉴权,向UE发送成功标志,开始产生本次业务通信所需的加密和完整性密钥CKi、IKiS-CSCF also verifies the legitimacy of the UE. If it is legitimate, two-way authentication is achieved, and a success flag is sent to the UE to start generating the encryption and integrity keys CK i and IK i required for this service communication.
    UE收到成功标志后也开始产生CKi、IKi,准备进行业务通信。After receiving the success flag, the UE also starts to generate CK i and IK i and prepares for service communication.
  5. 根据权利要求4所述的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,CKi=f3’(CK,fn-i(RU));
    IKi=f4’(IK,fn-i(RU))。    According to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency according to claim 4, it is characterized in that CK i =f 3 '(CK, f ni (R U ));
    IK i =f 4 ′(IK,f ni (R U )).
  6. 根据权利要求1所述的一种均衡安全和效率的改进型5G消息RCS接入鉴权IMS-AKA方法,其特征在于,在当业务次数达到Hash函数链上限n时,用户申请业务时需要重新向S-CSCF和HSS注册鉴权,并更新与HSS共享的密钥。 According to an improved 5G message RCS access authentication IMS-AKA method that balances security and efficiency as described in claim 1, it is characterized in that when the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register and authenticate with the S-CSCF and HSS when applying for the service, and update the key shared with the HSS.
PCT/CN2023/123172 2022-10-19 2023-10-07 Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency WO2024082963A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211277108.6 2022-10-19
CN202211277108.6A CN115767527A (en) 2022-10-19 2022-10-19 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Publications (1)

Publication Number Publication Date
WO2024082963A1 true WO2024082963A1 (en) 2024-04-25

Family

ID=85353789

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/123172 WO2024082963A1 (en) 2022-10-19 2023-10-07 Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency

Country Status (2)

Country Link
CN (1) CN115767527A (en)
WO (1) WO2024082963A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115767527A (en) * 2022-10-19 2023-03-07 中电信数智科技有限公司 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801815A (en) * 2005-08-08 2006-07-12 华为技术有限公司 Method for realizing initial Internet protocol multimedia subsystem registration
CN101064607A (en) * 2006-04-29 2007-10-31 华为技术有限公司 System, apparatus and method for authentication
CN100544249C (en) * 2004-10-29 2009-09-23 大唐移动通信设备有限公司 Mobile communication user certification and cryptographic key negotiation method
US10462291B1 (en) * 2018-12-04 2019-10-29 T-Mobile Usa, Inc. Shared group number
CN115767527A (en) * 2022-10-19 2023-03-07 中电信数智科技有限公司 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100544249C (en) * 2004-10-29 2009-09-23 大唐移动通信设备有限公司 Mobile communication user certification and cryptographic key negotiation method
CN1801815A (en) * 2005-08-08 2006-07-12 华为技术有限公司 Method for realizing initial Internet protocol multimedia subsystem registration
CN101064607A (en) * 2006-04-29 2007-10-31 华为技术有限公司 System, apparatus and method for authentication
US10462291B1 (en) * 2018-12-04 2019-10-29 T-Mobile Usa, Inc. Shared group number
CN115767527A (en) * 2022-10-19 2023-03-07 中电信数智科技有限公司 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Also Published As

Publication number Publication date
CN115767527A (en) 2023-03-07

Similar Documents

Publication Publication Date Title
US11228442B2 (en) Authentication method, authentication apparatus, and authentication system
US8122240B2 (en) Method and apparatus for establishing a security association
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
US20060059344A1 (en) Service authentication
US20070086590A1 (en) Method and apparatus for establishing a security association
US20090068988A1 (en) Sim based authentication
CN109075973B (en) Method for carrying out unified authentication on network and service by using ID-based cryptography
US20080137859A1 (en) Public key passing
AU2009234465B2 (en) Methods and apparatus for authentication and identity management using a Public Key Infrastructure (PKI) in an IP-based telephony environment
CN108599926B (en) HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
EP1982547A1 (en) Method and system for recursive authentication in a mobile network
CN111050322A (en) GBA-based client registration and key sharing method, device and system
WO2024082963A1 (en) Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency
US10595203B2 (en) Enhanced establishment of IMS session with secure media
CN112399407B (en) 5G network authentication method and system based on DH ratchet algorithm
CN100544247C (en) The negotiating safety capability method
WO2017197968A1 (en) Data transmission method and device
WO2010128348A1 (en) System and method of using a gaa/gba architecture as digital signature enabler
Lin et al. A fast iterative localized re-authentication protocol for heterogeneous mobile networks
Chowdhury et al. Security issues in integrated EPON and next-generation WLAN networks
CN213938340U (en) 5G application access authentication network architecture
CN113114644B (en) SIP architecture-based multi-stage cross-domain symmetric key management system
CN115589288A (en) Method for realizing end-to-end VoIP encrypted communication based on quantum key pre-charging
Southern et al. Solutions to security issues with legacy integration of GSM into UMTS
CN110933673B (en) Access authentication method of IMS network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23878955

Country of ref document: EP

Kind code of ref document: A1