移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議課件_第1頁
移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議課件_第2頁
移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議課件_第3頁
移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議課件_第4頁
移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議課件_第5頁
已閱讀5頁,還剩157頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議1移動(dòng)網(wǎng)絡(luò)安全標(biāo)準(zhǔn)與協(xié)議1主要內(nèi)容EPS安全綜述EPSAKA與S.M.C過程EPSMM程與HO過程中的安全EPSKDFEPSEEA1/2/3與EIA/1/2/3算法2主要內(nèi)容EPS安全綜述2安全系統(tǒng)的兩大基本問題密鑰的管理與安全算法的管理獨(dú)立進(jìn)行安全密鑰的管理安全算法的管理產(chǎn)生傳遞更新存貯新鮮性AKAHO加密算法的選擇完整性算法選擇算法的更新算法的存貯新鮮性SMC及HO3安全系統(tǒng)的兩大基本問題密鑰的管理與安全算法的管理獨(dú)立進(jìn)行安全EPS安全目標(biāo)雙向認(rèn)證防止中間人攻擊網(wǎng)絡(luò)將UE的安全能力通過I.P.方式傳遞給UE,UE檢驗(yàn)是否受到修改。多安全算法安全隔離足夠強(qiáng)度的密鑰長(zhǎng)度目前定義為128位,但可容易更新到256位。向下兼容,但要有更高的安全強(qiáng)度支持USIM卡,但不支持SIM卡保持Key的新鮮性COUNT不允許反轉(zhuǎn)兩套安全上下文以支持ISRUSIM與ME同時(shí)支持兩套安全上下文4EPS安全目標(biāo)雙向認(rèn)證4EPS的最新特性:安全隔離保證非安全的影響最小化,當(dāng)一個(gè)局部出現(xiàn)不安全時(shí),不影響其它部分的安全性不同算法之間的安全隔離多安全算法,當(dāng)一個(gè)算法不安全時(shí),啟用另一個(gè)安全算法。不同的PLMN之間安全隔離Kasme的計(jì)算需要PLMN-Id當(dāng)PLMN發(fā)生改變,所有的Key及AV全部更新不同的MME之間的安全隔離當(dāng)MME發(fā)生改變時(shí),NASS.C.可更新不同的ENB之間的安全隔離當(dāng)ENB發(fā)生改變時(shí),ASS.C.全部更新不同的S.C.的安全隔離在LTE內(nèi),當(dāng)一個(gè)S.C.成為Current,原來的CurrentS.C.就刪除,不再使用。在LTE內(nèi),當(dāng)創(chuàng)建一個(gè)新的S.C.則覆蓋Non-CurrentS.C.當(dāng)UE從GERAN/UTRAN切換到LTE后,一進(jìn)入Idle或Detach,則舊RAT的S.C.刪除。所有Key的計(jì)算都是單向函數(shù)當(dāng)一個(gè)Key被破解了,其父Key不位被破解。5EPS的最新特性:安全隔離保證非安全的影響最小化,當(dāng)一個(gè)局部LTE/EPS加密與完整性保護(hù)NASRRCUEENBS-GWMME加密與完整性保護(hù)加密與完整性保護(hù)加密或不加密,沒有完整性保護(hù)NDS/IP(TS33.210)用戶平面6LTE/EPS加密與完整性保護(hù)LTE/EPS加密與完整性保護(hù)NAS的加密(可選)KNASCenc:NASCipheringAlgorithmNAS的完整性保護(hù)KNASint:NASIntegrateProtectionAlgorithmRRC的加密(可選)KRRCenc:RRCCipheringAlgorithmRRRC的完整性保護(hù)KRRCint:RRCIntegrateProtectionAlgorithmUP的加密(可選)KUPenc:UP(=RRC)CipheringAlgorithm7LTE/EPS加密與完整性保護(hù)NAS的加密(可選)7

USIM/AuC

UE/

MME

KASME

K

KUPenc

KeNB

/NH

KNASint

UE/

HSS

UE/eNB

KNASenc

CK,IK

KRRCint

KRRCenc

8USIM/AuCUE/MMEKASMEKME及USIM卡的能力E-UTRAN不能使用,因此不能接入到LTE系統(tǒng)中,也就是2G的SIM卡不能用于LTE的UE中。只可實(shí)現(xiàn)GERAN與UTRAN之間的移動(dòng)性E-UTRAN可以使用,因此可實(shí)現(xiàn)GERAN、UTRAN與E-UTRAN之間的移動(dòng)性E-UTRAN可以使用,因此可實(shí)現(xiàn)GERAN、UTRAN與E-UTRAN之間的移動(dòng)性SIMMEGERANUTRANE-UTRANUSIMMEGERANUTRANE-UTRANE-USIMMEGERANUTRANE-UTRANEMMS.C.能夠存放EMMS.C.的USIM為E-USIM9ME及USIM卡的能力E-UTRAN不能使用,因此不能接入到USIM,ME及EPSS.C.USIM產(chǎn)生的CK,IK傳遞給ME,ME產(chǎn)生EPSS.C.(如Kasme等)ME產(chǎn)生的EPSS.C.是在VotileMemeory中,進(jìn)入Detach時(shí),將Kasme,Knasenc,Knasint,NASCount,eKSI寫入到ME中的Non-VotileMemeory中。USIM產(chǎn)生的CK,IK傳遞給ME,ME產(chǎn)生EPSS.C.(如Kasme等)ME產(chǎn)生的EPSS.C.是在VotileMemeory中,進(jìn)入Detach時(shí),將Kasme,Knasenc,Knasint,NASCount,eKSI寫入到E-USIM中的Non-VotileMemeory中。USIMMECK,IKE-USIMMEEMMS.C.EPSS.C.CK,IKEPSS.C.10USIM,ME及EPSS.C.USIM產(chǎn)生的CK,IK傳遞刪除ME中存儲(chǔ)的EPSS.C.(E-)USIMMEEPSS.C.當(dāng)ME中有EPSS.C.,當(dāng)下面的情形出現(xiàn)時(shí),則ME中的EPSS.C.與卡中的數(shù)據(jù)均出現(xiàn)沖突。開機(jī)狀態(tài)下:卡被撥出,關(guān)機(jī)狀態(tài)下:換上另一張(E-)USIM卡時(shí),關(guān)機(jī)狀態(tài)下:卡被撥出為了解決上面的三個(gè)問題,就直接(在開機(jī)后)刪除ME中存儲(chǔ)的EPSS.C.開機(jī)狀態(tài)下卡被撥出關(guān)機(jī)狀態(tài)下USIM卡被換成另一個(gè)卡關(guān)機(jī)狀態(tài)下卡被撥出11刪除ME中存儲(chǔ)的EPSS.C.(E-)USIMMEEPSUSIM,ME及S.C.及IRAT移動(dòng)性GERAN/UTRAN的3GS.C.與EPSS.C.是相互獨(dú)立的。即使將一個(gè)映射到另一個(gè)時(shí),就成為另外一個(gè)類型,而原來的類型不變,即兩者還是獨(dú)立的。當(dāng)UE從LTE進(jìn)入(HO或Idle的RAU)到GERAN/UTRAN后,SGSN執(zhí)行UMTSAKA后,會(huì)出現(xiàn)兩個(gè)S.C.,一個(gè)用于GERAN/UTRAN,而另一個(gè)用于EPS,這兩個(gè)S.C.是獨(dú)立的。若SGSN不執(zhí)行UMTSAKA,則SGSN一直使用從EPSS.C.映射過來的3GS.C.,并且將此映射的3GS.C.替代所有的原來SGSN及UE上的3GS.C.然后,當(dāng)UE從GERAN/UTRAN通過HO到LTE后,UE使用的是從3GS.C.映射過來的MappedEPSS.C.;若前面SGSN沒有執(zhí)行UMTSAKA,則UE將原來的EPSS.C.映射為Mapped3GS.C.,此時(shí)使用的MappedEPSS.C.是在此Mapped3GS.C.的再次映射,而此時(shí)最初的EPSS.C.還是有效的但是進(jìn)入了Non-Current狀態(tài)。若此后,UE進(jìn)入Idle狀態(tài)后,再次進(jìn)入連接狀態(tài),則使用原來的EPSS.C.2次Mapped的EPSS.C.被刪除(但Mapped3GS.C.還是不作任何的變化)若UE從GERAN/UTRAN通過Idle的TAU進(jìn)入到LTE,則UE使用EPSS.C.,而3GS.C.(包括(E-)USIM中的CK,IK)不作任何的變化。USIMMEE-USIMMEEMMS.C.EPSS.C.3GS.C.CK,IK,KSI3GS.C.CK,IK,KSIEPSS.C.12USIM,ME及S.C.及IRAT移動(dòng)性GERAN/UTRATypeofEPSSecurityContextSecurityContextFullnativeSCPartialNativeSC沒有確定NAS完整保護(hù)算法及加密算法MappedSCCNCNCC13TypeofEPSSecurityContextSeSecurityContextSecurityContextEPSNASSecurityContextEPSASSecurityContextASkeys&IDNHNCCtheidentifiersoftheselectedAScryptographicalgorithms&countersusedforreplayprotectionKASME,KSIasmeUEsecuritycapabilitiesUL&DLNASCOUNTKnas-int&Knas-enc&identifiersoftheselectedNASintegrity&encryptionalgorithms.FullEPS14SecurityContextSecurityConteEPSS.C.狀態(tài)的轉(zhuǎn)移在EPS中,最多只能有一個(gè)Current及一個(gè)Non-CurrentEPSS.C.當(dāng)AKA產(chǎn)生一個(gè)Non-CurrentEPSS.C.時(shí),若存在其它Non-Current,則覆蓋之前的。通過NASS.M.C.將一個(gè)Non-Current的EPSS.C.激活為Current時(shí),新激活的EPSS.C.覆蓋之前的CurrentEPSS.C.(可能是Native,也可能是Mapped)。但是當(dāng)UE從GERAN/UTRAN切換到E-UTRAN時(shí),UMTSS.C.是映射到EPSS.C.并自動(dòng)成為CurrentEPS(mapped)S.C.,同時(shí)原來LTE中的CurrentEPSnativeS.C.就自動(dòng)地變?yōu)镹on-Current,并覆蓋原來的Non-Current。這是一個(gè)很大的不同的。NativeEPSS.C.CurrentNon-CurrentFull(Knas)Partial(noKnas)MappedEPSS.C.Full(Knas)Partial(noKnas)AKANASSMC從GERAN/UTRAN切換到LTE從GERAN/UTRAN切換到LTE15EPSS.C.狀態(tài)的轉(zhuǎn)移在EPS中,最多只能有一個(gè)CurrEPSUE與EMMS.C.當(dāng)UE關(guān)機(jī)或進(jìn)入DEREGISTER狀態(tài)時(shí),EMMS.C.只能放入到ME中的Non-VotileMemeory中。當(dāng)UE開機(jī)時(shí),使用ME中的EMMS.C.當(dāng)UE關(guān)機(jī)或進(jìn)入DEREGISTER狀態(tài)時(shí),ME中的EMMS.C.必須存放到USIM中的Non-VotileMemeory中并標(biāo)識(shí)有效,還標(biāo)識(shí)ME中的S.C.無效(相當(dāng)于刪除)。當(dāng)UE開機(jī)時(shí),使用USIM中的EMMS.C.(如果標(biāo)識(shí)為有效).UMTSUSIME-UTRANMEE-UTRANUSIME-UTRANMEEMMS.C.EMMS.C.EMMS.C.16EPSUE與EMMS.C.當(dāng)UE關(guān)機(jī)或進(jìn)入DEREGISCurrentEPSS.C.的選擇與激活I(lǐng)ftheMMEreceivesaTAURequestorAttachRequestprotectedwithanon-currentfullEPS

securitycontext,thenthiscontextbecomesthecurrentEPSsecuritycontextandtheMMEshalldeleteanyexistingcurrentEPSsecuritycontext.AfterasuccessfulrunofaNASSMCrelatingtotheeKSIassociatedwithanEPSsecuritycontext,thiscontextbecomesthecurrentEPSsecuritycontextandshalloverwriteanyexistingcurrentEPSsecuritycontext.17CurrentEPSS.C.的選擇與激活I(lǐng)ftheMS.C.的類型與狀態(tài)的關(guān)系Non-CurrentCurrentFullMappedEPSS.C.Notallowed當(dāng)UE從GERAN/UTRAN通過HO進(jìn)入到E-UTRAN中。當(dāng)UE從G/U通過IdleTAU(或先是HO進(jìn)入E然后進(jìn)入Idle)進(jìn)入E時(shí),若UE有FullNativeS.C.時(shí),UE應(yīng)當(dāng)使用這個(gè)FullNativeS.C.,否則,UE使用MappedEPSS.C.Partial(Native)EPSS.C.執(zhí)行了EPSAKA過程,但沒有通過NASS.M.C過程激活使用此KSIasme。NotallowedFullnativeEPSS.C.執(zhí)行了EPSAKA過程,并且通過NASS.M.C過程激活Kasme0,此時(shí)Kasme0是FullNativeCurrent。但UE進(jìn)入GERAN/UTRAN后通過UMTSAKA及S.M.C過程激活了UMTSS.C.,當(dāng)UE切換到回LTE時(shí),MappedEPSS.C.成為Current時(shí),則Kasme0就成為了Non-Current。執(zhí)行了EPSAKA過程,并且通過NASS.M.C過程激活使用此KSIasme。18S.C.的類型與狀態(tài)的關(guān)系Non-CurrentCurrenStorageS.C.intheUEduringpower-offS.C.intheMEvolatileMemoryUSIMMENV-MEMEMMcapableinUSIMNoEMMcapableinUSIMFullnativeEPSS.C.FullnativeS.CisStoredandmarkedvalidN/AAnynativeS.C.ismarkedinvalidorremoved.N/AYesFullnativeS.CisStoredandmarkedvalidFullmappedEPSS.C.orpartialnativeEPSS.C.AnynativeS.C.ismarkedinvalidorremoved.19StorageS.C.intheUEduring主要內(nèi)容EPS安全綜述EPSAKA與S.M.C過程EPSMM程與HO過程中的安全EPSKDFEPSEEA1/2/3與EIA/1/2/3算法20主要內(nèi)容EPS安全綜述20EPSAuthenticationandKeyAgreemenUEMMEHSSGenerateauthenticationvectorsAV(1..n)StoreauthenticationvectorsSelectauthenticationvectorAV(i)AuthenticationdatarequestAuthenticationdataresponseAV(1..n)UserauthenticationrequestKSIasme,RAND(i)||AUTN(i)UserauthenticationresponseRES(i)CompareRES(i)andXRES(i)VerifyAUTN(i)ComputeRES(i)SelectKasme(i)AuthenticationandkeyestablishmentDistributionofauthenticationvectorsfromHEtoSNComputeCK(i)andIK(i),thenKasme(i)21EPSAuthenticationandKeyAgrEPSAKAIfthekeysCK,IKresultingfromanEPSAKArunwerestoredinthefieldsalreadyavailableontheUSIMforstoringkeysCKandIKthiscouldleadtooverwritingkeysresultingfromanearlierrunofUMTSAKA.ThiswouldleadtoproblemswhenEPSsecuritycontextandUMTSsecuritycontextwereheldsimultaneously(asisthecasewhensecuritycontextisstorede.g.forthepurposesofIdleModeSignalingReduction).Therefore,"plasticroaming"whereaUICCisinsertedintoanotherMEwillnecessitateanEPSAKAauthenticationruniftheUSIMdoesnotsupportEMMparametersstorage.也就是說,在EPSAKA過程中產(chǎn)生的CK,IK不能存貯于USIM中存貯UMTSAKA產(chǎn)生的CK,IK的地方。USIM應(yīng)當(dāng)為EPSAKA的CK,IK使用獨(dú)立的Files。若USIM不支持EMMFile,則EPSCK,IK必須存貯在ME中。這就說明,當(dāng)USIM不支持EMMFiles,當(dāng)USIM卡換ME時(shí),則必須要執(zhí)行EPSAKA過程。22EPSAKAIfthekeysCK,IKresuEPS-AuthenticationVector說明Kasme不是由MME產(chǎn)生的,而是由HE直接產(chǎn)生的EPSAV(4)RANDUMTSAV(5)GERANAV(3)XRESAUTNKasmeCKIKKc23EPS-AuthenticationVector說明KasEPSuserauthentication(EPSAKA)24EPSuserauthentication(EPSAUMTSHSSAMFRANDSQNKf1f2f3f4f5MACXRESCKIKAKAMFSQNSQN(+)AKAMFMACMAC認(rèn)證向量五元組認(rèn)證令牌認(rèn)證算法認(rèn)證配置RANDAUTNHSS25UMTSHSSAMFRANDSQNKf1f2f3f4f5MUMTSUERANDKf1f2f3f4f5XMACRESCKIKSQN(+)AK雙向認(rèn)證認(rèn)證令牌及隨機(jī)數(shù)AMFMACSQNAK認(rèn)證算法MACUSIMMEME26UMTSUERANDKf1f2f3f4f5XMACRESCEPSHSSAMFRANDSQNKf1f2f3f4f5MACXRESCKIKAKAMFSQNSQN(+)AKAMFMACMAC認(rèn)證向量四元組認(rèn)證令牌認(rèn)證算法認(rèn)證配置RANDAUTNSN-IdKasmeHSS27EPSHSSAMFRANDSQNKf1f2f3f4f5MAEPSUERANDKf1f2f3f4f5XMACRESCKIKSQN(+)AK雙向認(rèn)證認(rèn)證令牌及隨機(jī)數(shù)AMFMACSQNAK認(rèn)證算法MACUSIMSN-IdKasmeMEME28EPSUERANDKf1f2f3f4f5XMACRESCKDifferentservingnetworkdomainsMMEMMESGSNAnSGSNmayforwardunusedUMTSauthenticationvectorstoanMMEUMTSAVswhichwerepreviouslystoredintheMMEmaybeforwardedbacktowardsthesameSGSN.UMTSAVswhichwerepreviouslystoredintheMMEshallnotbeforwardedtowardsotherSGSNs.EPSauthenticationvectorsshallnotbeforwardedfromanMMEtowardsanSGSN.UnusedEPSauthenticationvectorsshallnotbedistributedbetweenMME'sbelongingtodifferentservingdomains(PLMNs)UMTSauthenticationvectorsthatwerepreviouslyreceivedfromanSGSNshallnotbeforwardedbetweenMME'sOnlyEPSAVsinthesamePLMNOnlyUMTSAVsinthesameSGSNOnlyUMTSAVsinthesamePLMN29Differentservingnetworkdoma3030MMEHSSCK,IKKDF256256SNid,SQN,

AKKeNBKASME256KDFKDFKDFKDF256-bitkeysKNASencKNASint128-bitkeysKNASencKNASintTruncTrunc256256128128256256256NAS-enc-alg,Alg-IDNAS-int-alg,Alg-IDNASUPLINKCOUNTKDFKDF256-bitkeysKRRCencKRRCint128-bitkeysKRRCencKRRCintTruncTrunc256256128128256256RRC-enc-alg,Alg-IDRRC-int-alg,Alg-IDUP-enc-alg,Alg-ID256256PhysicalcellID,EARFCN-DL256KeNBeNBeNBKeNB*KDFKUPencKUPenc256256128TruncKDFNHNHKeNB25631MMEHSSCK,IKKDF256256SNid,SQNMECK,IKKDF256256SNid,SQN,

AKKeNBKASME256KDFKDFKDFKDF256-bitkeysKNASencKNASint128-bitkeysKNASencKNASintTruncTrunc256256128128256256256NAS-enc-alg,Alg-IDNAS-int-alg,Alg-IDNASUPLINKCOUNTKDFKDF256-bitkeysKRRCencKRRCint128-bitkeysKRRCencKRRCintTruncTrunc256256128128256256RRC-enc-alg,Alg-IDRRC-int-alg,Alg-IDUP-enc-alg,Alg-ID256PhysicalcellID,EARFCN-DL256256KeNB*KDFKUPencKUPencTrunc256128256KDFNHNHKeNB25632MECK,IKKDF256256SNid,SQN,Kasme與SNIDSNID=MCC+MNCKasme=f(CK,IK,SNid,SQN(+)AK)Kasme的產(chǎn)生與SNid有關(guān),因此,當(dāng)SNid發(fā)生改變時(shí),則原來的Kasme不能使用。因此,在Inter-PLMN的TAU時(shí),則必須要運(yùn)行EPSAKA。33Kasme與SNIDSNID=MCC+MNC33NASCOUNTReset0NASCount(復(fù)位)AKAS.C.Mapping

inUTRAN/GERANE-UTRAN

HOS.C.Mapping

inUTRAN/GERANE-UTRAN

idleMobilityTheNASCOUNTsshallnotberesetduringidlemodemobilityorhandoverforanalreadyexistingnativeEPSNASsecuritycontext.也就是說NASCount快還返轉(zhuǎn)時(shí),就要更換Kasme了34NASCOUNTReset0NASCoNASS.M.CTheNASsecuritymodecommandmessagefromMMEtoUEshallcontainthereplayedUEsecuritycapabilities,theselectedNASalgorithms,theeKSIforidentifyingKASME,andbothNONCEueandNONCEmmeinthecaseofcreatingamappedcontextinidlemobility.Thismessageshallbeintegrityprotected(butnotciphered)withNASintegritykeybasedonKASMEindicatedbytheeKSIinthemessage.TheUEshallverifytheintegrityoftheNASsecuritymodecommandmessage.ThisincludesensuringthattheUEsecuritycapabilitiessentbytheMMEmatchtheonesstoredintheUEtoensurethatthesewerenotmodifiedbyanattackerandcheckingtheintegrityprotectionusingtheindicatedNASintegrityalgorithmandtheNASintegritykeybasedonKASMEindicatedbytheeKSI.Inaddition,whencreatingamappedcontextforthecasedescribedinclause9.1.2,theUEshallensurethereceivedNONCEUEisthesameastheNONCEUEsentintheTAURequestandalsocalculateK'ASMEfromCK,IKandthetwononces(seeAnnexA.11).Ifsuccessfullyverified,theUEshallstartNASintegrityprotectionandciphering/decipheringwiththissecuritycontextandsendstheNASsecuritymodecompletemessagetoMMEcipheredandintegrityprotectedTheNASsecuritymodecompletemessageshallincludeIMEIincaseMMErequesteditintheNASSMCCommandmessage.TheMMEshallde-cipherandchecktheintegrityprotectionontheNASSecurityModeCompleteusingthekeysandalgorithmsindicatedintheNASSecurityModeCommand.NASdownlinkcipheringattheMMEwiththissecuritycontextshallstartafterreceivingtheNASsecuritymodecompletemessage.NASuplinkdecipheringattheMMEwiththiscontextstartsaftersendingtheNASsecuritymodecommandmessage.

MMEUENASS.M.Command(UES.Cap,SelectedNASAlgoritm,eKSI,

IMEISVRequest,NONCEue,NONCEmme,NAS-MAC)NASS.M.Complete(IMEISV,NAS-MAC)StartI.P.&(de-)CipheringStartULde-CipheringStartDL-CipheringStartI.P.35NASS.M.CTheNASsecuritymodeNonceIftheMMEdoesnothavethecontextindicatedbytheUEintheTAUrequest,ortheTAUrequestwasreceivedunprotected,theMMEshallcreateanewmappedsecuritycontext(thatshallbecomethecurrentsecuritycontext).Inthiscase,theMMEshallgeneratea32bitNONCEmmeandusethereceivedNONCEuewiththeNONCEmmetogenerateafreshmappedK'ASMEfromCKandIK,whereCK,IKwereidentifiedbytheKSIandP-TMSIintheTAURequest.SeeAnnexA.11formoreinformationonhowtoderivethefreshK'ASME.TheMMEinitiatesaNASSecuritymodecommandprocedurewiththeUEincludingtheKSISGSN,NONCEUE,andNONCEMMEintheNASSecuritymodecommand.

TheuplinkanddownlinkNASCOUNTformappedsecuritycontextshallbesettostartvalue(i.e.,0)whennewmappedsecuritycontextiscreatedinUEandMME.Nonce-UEWhencreatingamappedcontextforthecasedescribedinclause9.1.2,theUEshallensurethereceivedNONCEUEisthesameastheNONCEUEsentintheTAURequestandalsocalculateK'ASMEfromCK,IKandthetwononces(seeAnnexA.11).36NonceIftheMMEdoesnothaveASS.M.CTheASsecuritymodecommandmessagefromeNBtoUEshallcontaintheselectedASalgorithms.ThismessageshallbeintegrityprotectedwithRRCintegritykeybasedonthecurrentKASME.TheASsecuritymodecompletemessagefromUEtoeNBshallbeintegrityprotectedwiththeselectedRRCalgorithmindicatedintheASsecuritymodecommandmessageandRRCintegritykeybasedonthecurrentKASME.RRCandUPdownlinkciphering(encryption)attheeNBshallstartaftersendingtheASsecuritymodecommandmessage.RRCandUPuplinkdeciphering(decryption)attheeNBshallstartafterreceivingandsuccessfulverificationoftheASsecuritymodecompletemessage.RRCandUPuplinkciphering(encryption)attheUEshallstartaftersendingtheASsecuritymodecompletemessage.RRCandUPdownlinkdeciphering(decryption)attheUEshallstartafterreceivingandsuccessfulverificationoftheASsecuritymodecommandmessage37ASS.M.CTheASsecuritymodecASSMC過程38ASSMC過程38ASSMC與NASSMC的同步NASSMC正在進(jìn)行1:MME不應(yīng)當(dāng)發(fā)起觸發(fā)ASSMC的S1-AP過程6:MME只有完成了NASSMC后才繼續(xù)Inter-MMEHO。Inter-ENBHO正在進(jìn)行5:源ENBreject觸發(fā)ASSMC的S1-AP過程5:源ENB當(dāng)ASRefresh/Re-key結(jié)束后,才可以進(jìn)行HOHO過程中3:MME發(fā)起NASSMC,但在HORequest/PathSwitchRequestAcknowledge中使用OldASS.C.4:UE收到NASSMC,但在HO過程中繼續(xù)使用OldASS.C.觸發(fā)ASSMC的SA-AP正在進(jìn)行中2:MME不應(yīng)當(dāng)發(fā)起NASSMC.7:MME當(dāng)S1-AP結(jié)束后,才可以進(jìn)行Inter-MMEHONASSMC完成,但S1-AP未進(jìn)行8,9:有Inter-MMEHO,新舊MME則繼續(xù)使用OldASS.C.傳輸,同時(shí)在S10接口上傳輸兩套S.C.39ASSMC與NASSMC的同步NASSMC正在進(jìn)行39主要內(nèi)容EPS安全綜述EPSAKA與S.M.C過程EPSMM程與HO過程中的安全EPSKDFEPSEEA1/2/3與EIA/1/2/3算法40主要內(nèi)容EPS安全綜述40EPSMM程與HO過程中的安全LTE內(nèi)的狀態(tài)遷移時(shí)的安全上下文的處理LTE內(nèi)TAU過程。UTMS與LTE之間的RAU,TAU過程LTE內(nèi)的X2,S1Handover過程LTE與UMTS之間的切換過程41EPSMM程與HO過程中的安全LTE內(nèi)的狀態(tài)遷移時(shí)的安全上TransitionToEMM-DEREGISTEREDIfUEandMMEhaveafullnon-currentnativeEPSsecuritycontextandacurrentmappedEPSsecuritycontext,thentheyshallmakethenon-currentnativeEPSsecuritycontextthecurrentone.UEandMMEshalldeleteanymappedorpartialEPSsecuritycontextstheyhold.NC-FNC-PC-MC-FEMM-DEREGISTEREDEMM-REGISTEREDC-FE-USIMMEUSIMMEC-F42TransitionToEMM-DEREGISTEREDToEMM-DEREGISTERED的其它場(chǎng)景AVNC-PC-FAVC-FAVNC-PC-FUE-initiatedDetachwithPoweroffUE-intDetachwithoutPoweroffMME-intDetachExplicitlywithre-attachMME-intDetachImplicitlyHSS-initiatedDetachwithSubscriptionwithdrawn43ToEMM-DEREGISTERED的其它場(chǎng)景AVNC-PToEMM-DEREG.withTAURejectNC-PC-FNC-PC-FMEE-USIMNC-PME(E-)USIMMEMENC-PC-FMEUSIMMENC-PC-F44ToEMM-DEREG.withTAURejectNAwayFromEMM-DEREGISTEREDNC-PC-FE-USIMMEUSIMMENC-PC-F(E-)USIMMEC-FAttachRequestwithI.P.andMMEsetsnewC-FS.C.IfthereisnoF-S.C.inMME,AKAisrunned.C-FAttachRequestwithI.P.andMMEsetsnewC-FS.C.IfthereisnoF-S.C.inMME,AKAisrunned.AttachRequestwithoutI.P.MMERunsEPSAKA45AwayFromEMM-DEREGISTEREDNC-P

FromECM-IDLEtoECM-CONNECTED初始化的NAS消息不能加密NC-PC-FE-USIMMEMENC-PC-FC-FC-FKnasint對(duì)初始化的NAS消息進(jìn)行I.P.KnasencKnasint對(duì)初始化的NAS消息進(jìn)行I.P.Knasenc進(jìn)入ECM-Connected時(shí),MME將E-USIM中的C-F標(biāo)識(shí)為無效!以保證ME中的C-F是有效的。USIM46FromECM-IDLEtoECM-CONNECTE

FromECM-IDLEtoECM-CONNECTEDKnasenc=f(Kasme,0x15|0x01|0x0001|EEA1/2|0x0001)Knasint=f(Kasme,0x15|0x02|0x0001|EIA1/2|0x0001)Kenb=f(Kasme,0x11|ULNASCount|0x0004)NH0=f(Kasme,0x12|Kenb|len(Kenb)=0x0020=32)NH*=f(Kasme,0x12|NH|len(NH))NC-P/FC-F/ME-USIMMEC-FKnasint對(duì)初始化的NAS消息進(jìn)行I.P.KnasencInitialUEContextSetup(UES.Capability,Kenb)Kenbf(Kasme)NCC0NHf(Kasme,Kenb)NCC1EPSAKAUL/DLNASCount0當(dāng)MME改變且PLMN-ID發(fā)生改變時(shí),必須要執(zhí)行,否則根據(jù)MME的Policy來決定NASS.M.C.ASS.M.C(EncAlg,IpAlg),僅僅用于(extended)ServiceRequest消息或TAUWithActiveFlag消息47FromECM-IDLEtoECM-CONNECTEFromECM?CONNECTEDtoECM-IDLENC-P/FC-F/xE-USIMMEMEC-F/MNC-P/FNC-P/FC-F/MUES.Capability對(duì)于FullNativeS.C中Knasint,Knasenc不存貯USIMUES.Capability對(duì)于FullNativeS.C中Knasint,Knasenc不存貯48FromECM?CONNECTEDtoECM-IDLEMME傳遞Kenb給ENBMMETargeteNBInitialContextSetup(UES.Cap,Kenb)UEContextModification(UES.Cap,Kenb)eNB:0NCC,afterreceivingS1-APInitialContextSetupRequestmessage.49MME傳遞Kenb給ENBMMETargeteNBInitIntra-LTETAUK’asme=f(CK||IK,0x19|NONCEue|0x0004|NONCEmme|0x0004)UEMMEoMMEnUE注冊(cè)到MMEo中TAURequestwithI.P.(nativeGUTI,eKSI,LVTAI)ContextRequest(GUTI,CompleteTAUmessage)ContextResponse(IMSI,MMContext(CK,IK,KSI),UES.Capability,EPSBearers,EPSAVs)TAUResponse(GUTI,TAIList)NASS.M.Command(eKSI,SelectedNASS.Alg,UES.Cap)NASS.M.Complete()50Intra-LTETAUK’asme=f(CK||IKFromE-UTRANtoUTRANRAUNAS-Token=f(Kasme,0x17|ULNASCOUNT|0x0004)CK’|IK’=f(Kasme,0x1B|ULNASCOUNT|0x0004)Kc=f(CK|IK,0x32)UEMMESGSNUE注冊(cè)到MME中RAURequest(P-TMSI,oldRAI,P-TMSISignature,KSI)RAURequest(P-TMSI,oldRAI,P-TMSISignatureKNAS-Token,KSI)ContextRequest(P-TMSI,oldRAI,P-TMSISignatureNAS-Token)ContextResponse(IMSI,MMContext(CK’,IK’,KSI,

UEU/GS.Cap),PDPContext)比較NAS-Token,為了可靠,使用一個(gè)區(qū)間的ULNASCount值,驗(yàn)證通過后,計(jì)算出CK’,IK’通過Kasme及ULNASCount+1計(jì)算出Nas-Token,放到P-TMSISignature中,并計(jì)算出CK’,IK’,并將CK’|IK’,KSI將代替USIM中所有的CK,IK,KSI,計(jì)算更新USIM中的Kc,CKSN。RAUResponse(P-TMSI,P-TMSISignature)將CK’|IK’,KSI將代替SGSN中所有的可能CK,IK,KSI。RNCS.M.C.(AllowedS.AlgList,CK,IK)S.M.C.(SelectedS.Alg)S.M.Complete()S.M.Complete(SelectedS.Alg)ISR激活的情形ISR沒有激活,或一般的情形51FromE-UTRANtoUTRANRAUNAS-TFromUTRANtoE-UTRANTAUK’asme=f(CK||IK,0x19|NONCEue|0x0004|NONCEmme|0x0004)UESGSNMMEUE注冊(cè)到SGSN中TAURequest(nativeGUTI,eKSI)TAURequest(mappedGUTI,P-TMSISignature,CKSN,LVTAI,NONCEue,nativeGUTI,eKSI)ContextRequest(IMSI,OldGUTI(P-TMSI,oldRAI),P-TMSISignature)ContextResponse(IMSI,MMContext(CK,IK,KSI),PDPContext)若UE還有CurrentEPSNASS.C.,則TAURequest消息必須包含nGUTI,eKSI,并用此S.C.進(jìn)行I.P.,否則此消息無I.P.,且沒有nGUTI,eKSITAUResponse(GUTI,TAIList)若前面通過了I.P.,則使用原來的EPSNASS.C.,否則,則根據(jù)CKSN及CK,IK,NONCEue/mme產(chǎn)生MappedKasme。eNBNASS.M.Com/CmpISR激活的情形ISR沒有激活,即一般的情形若MME上有此UE的Context,則通過I.P.的比較,則可得到UE的IMSI。不是使用原來的CurrentEPSNASS.C.或改變算法時(shí),執(zhí)行此過程CurrentEPSNASS.C.也可以是MappedEPSNASS.C.52FromUTRANtoE-UTRANTAUK’asmKey-change-on-theflyinitiatedbythe

eNB

whenaPDCPCOUNTsisabouttobere-usedwiththesameRadioBeareridentityandwiththesameKenbIntra-CellHandoverAKAandlaterNASS.M.C.orActivationofanativecontextafterhandoverfromUTRANorGERANinitiatedbytheMMEwhenaNASEPSsecuritycontextdifferentfromthecurrentlyactiveoneshallbeactivated.initiatedbytheMMEwhenanEPSASsecuritycontextdifferentfromthecurrentlyactiveoneshallbeactivated.Re-freshKenbKrrcencKrrcintKupencRe-KeyingKasmeKnasencKnasintKenbKrrcencKrrcintKupenc53Key-change-on-theflyinitiate=f(Kasme,0x12|Kenb|0x0020)f(NH,0x13|PCI|0x0002|EARFCN-DL|0x0002)f(Kasme,0x12|NH|len(NH))f(Kasme,0x11|ULNASCount|0x0004)Modelforthehandoverkeychainingf(Kenb,0x13|PCI|0x0002|EARFCN-DL|0x0002)NCC:NextHopChainingCountPCI:PhysicalCellIdentifier.EARFCN:E-UTRAAbsoluteRadioFrequencyChannelNumber.當(dāng)Kasme變化時(shí),NCC,Kenb及NH需要全部重新開始計(jì)算!54=f(Kasme,0x12|Kenb|0x0020)f(NKeNBderivation

IfKeNB*isderivedfromthecurrentlyactiveKeNBthisisreferredtoasahorizontalkeyderivationiftheKeNB*isderivedfromtheNHparameterthederivationisreferredtoasaverticalkeyderivation

OnhandoverswithverticalkeyderivationtheNHisfurtherboundtothetargetPCIanditsfrequencyEARFCN-DLbeforeitistakenintouseastheKeNBinthetargeteNBKenb*=f(NH,0x13|PCI|0x0002|EARFCN-DL|0x0002)OnhandoverswithhorizontalkeyderivationthecurrentlyactiveKeNBisfurtherboundtothetargetPCIanditsfrequencyEARFCN-DLbeforeitistakenintouseastheKeNBinthetargeteNBKenb*=f(Kenb,0x13|PCI|0x0002|EARFCN-DL|0x0002)

55KeNBderivationIfKeNB*isdeInter-ENB切換的所要解決的問題前向切換后,源ENB不能知道目標(biāo)ENB所使用的Kenb切換后,目標(biāo)ENB通過使用Intra-eNBHO來實(shí)現(xiàn)。目標(biāo)ENB,使用目標(biāo)MME所采用的NH,產(chǎn)生新的Kenb*反向切換后,目標(biāo)ENB不能知道源ENB所使用的Kenb源ENB以空閑的{NH,NCC}產(chǎn)生Kenb*(若沒有空閑的,則以當(dāng)前的Kenb來產(chǎn)生)并傳輸給目標(biāo)ENB,目標(biāo)ENB無法知道源ENB所使用的Kenb。56Inter-ENB切換的所要解決的問題前向56從SourceeNB傳遞Kenb*到TargeteNBTargeteNBSourceRAN(eNB)S-2-TTC(HandoverPreparationInformation)S1-HandoverorIRAT_HOtoLTEHandoverRequest(UES.Capability,Kenb*,NCC)X2-HandoverUERRCConnectionReconfigurationintheHOCommandIntraLTE:(SelectedS.Alg,NCC)InterRAT:(SelectedS.Alg,NasSecurityParamToEUTRA)在S1HO及IRATHOtoLTE中,Kenb*及S-eNB所選擇的AS算法的功能與X2中的不一樣,T-eNBcandecipherandintegrityverifytheRRCReestablishmentCompletemessageonSRB1inthepotentialRRCConnectionRe-establishmentprocedure.57從SourceeNB傳遞Kenb*到TargeteNBTHO中MME傳遞NCC與NH給ENBMMETargeteNBHandoverRequest(NCC,NH,NASSecurityParamerstoEUTRAN)PathSwitchAck(NCC,NH)X2-HandoverS1-HandoverorIRAT_HOtoLTE通過Kenb=f(NH,PCI,EARFCN-DL)T-eNB實(shí)現(xiàn)前向的安全保護(hù)。T-eNB通過Intra-Cell的HO實(shí)現(xiàn)Kenb的更新。UERRCConnectionReconfigurationintheHOCommandIntraLTE:(SelectedS.Alg,NCC)InterRAT:(SelectedS.Alg,NasSecurityParamToEUTRA)NasSecurityParamToEUTRA用于IRATHOtoLTE58HO中MME傳遞NCC與NH給ENBMMETargeteNHO中UE中Kenb的計(jì)算UE(Kenb,sNCC,NH)(Kenb*,NCC*,NH*)RRCConnectionReconfiguration(rNCC)IfrNCC=sNCC,thenKenb*=f(Kenb,0x13|PCI|0x0002|EARFCN-DL|0x0002)IfrNCC>sNCC,thenNCC+1,NH*=f(Kasme,0x12|NH|len(NH))untilrNCC=sNCC,thenKenb*=f(NH)Kenb=f(Kasme,0x11|ULNASCount|0x0004)NH0=f(Kasme,0x12|Kenb|len(Kenb)=0x0020=32)NH*=f(Kasme,0x12|NH|len(NH))Kenb*=f(KenborNH,0x13|PCI|0x0002|EARFCN-DL|0x0002)59HO中UE中Kenb的計(jì)算UERRCConnectionLTEIntra-cellHOKenb*成為新的Kenb,并根據(jù)選擇的的算法對(duì)后面的RRC消息進(jìn)行C.及I.P.eNBMMEUERRCConnectionReconfigurationIntraLTE(SelectedS.Alg,NCC)產(chǎn)生新的Kenb*=f(NH/Kenb)RRCConnectionReconfigurationComplete仍然使用原來的Kenb來CP及I.P.此消息使用新的Kenb*來檢查CP及I.P.此消息,然后Kenb*成為新的Kenb60LTEIntra-cellHOKenb*成為新的KenbKenb*成為新的Kenb,并根據(jù)選擇的的算法對(duì)后面的RRC消息進(jìn)行C.及I.P.UE根據(jù)NCC從Kenb計(jì)算出Kenb*,然后成為新Kenb,并以此Kenb及選擇的算法對(duì)HOCMP消息進(jìn)行C.及I.P.X2Handover過程中的安全處理S-eNBT-eNBMMEHandoverRequest(UES.Capability,Kenb*,NCC)HandoverRequestAck(T-2-STC(HOCommand(RRCConnectionReconfig(NCC))))UERRCConnectionReconfig(NCC)HandoverCompletePathSwitchRequest(UES.Capability)PathSwitchRequestAck(NCC,NH)RRCConnectionReconfigurationIntraLTE(SelectedS.Alg,NCC)產(chǎn)生新的Kenb*=f(NH)產(chǎn)生新的Kenb*=f(NH)RRCConnectionReconfigurationComplete仍然使用原來的Kenb來CP及I.P.此消息使用新的Kenb*來檢查CP及I.P.此消息,然后Kenb*成為新的KenbKenb*成為Kenb。但是TC中的RRC消息還是明文的處理的。NCC+1,NH=f(NH,Kasme)Kenb*應(yīng)用未用的NH來計(jì)算,否則,使用當(dāng)前的Kenb來計(jì)算。61Kenb*成為新的Kenb,并根據(jù)選擇的的算法對(duì)后面的RRCKenb*成為新的Kenb,并根據(jù)選擇的的算法對(duì)后面的RRC消息進(jìn)行C.及I.P.UE根據(jù)NCC從Kenb計(jì)算出Kenb*,然后成為新Kenb,并以此Kenb及選擇的算法對(duì)HOCMP消息進(jìn)行C.及I.P.X2Handover過程中的特殊情形S-eNBT-eNBMMEHandoverRequest(UES.Capability,Kenb*,NCC)HandoverRequestAck(T-2-STC(HOCommand(RRCConnectionReconfig(NCC))))UERRCConnectionReconfig(NCC)HandoverCompletePathSwitchRequest(UES.Capability)PathSwitchRequestAck(NCC,NH)RRCConnectionReconfigurationIntraLTE(SelectedS.Alg,NCC)產(chǎn)生新的Kenb*=f(NH)產(chǎn)生新的Kenb*=f(NH)RRCConnectionReconfigurationComplete仍然使用原來的Kenb來CP及I.P.此消息使用新的Kenb*來檢查CP及I.P.此消息,然后Kenb*成為新的KenbKenb*成為Kenb。但是TC中的RRC消息還是明文的處理的。NCC+1,NH=f(NH,Kasme0)Kenb*應(yīng)用未用的NH來計(jì)算,否則,使用當(dāng)前的Kenb來計(jì)算。EPSAKAandNASS.M.CMME發(fā)起的Kenb,Krrc*,Kupenc的更新62Kenb*成為新的Kenb,并根據(jù)選擇的的算法對(duì)后面的RRC已計(jì)算出Kenb*,但是TC中的RRC消息還是明文的處理的。UE根據(jù)NCC從Kenb計(jì)算出Kenb*,然后成為新Kenb,并以此Kenb及選擇的算法對(duì)HOCMP消息進(jìn)行C.及I.P.S1Handover過程中的安全處理S-eNBT-eNBMMEHandoverRequired(S-2-TTC(HandoverPreparationInformation)))HandoverRequest(NCC,NH,NASS.P.tE,S-2-TTC(HOPreparationInforamtion))UERRCConnectionReconfig(NCC)HandoverCompleteHandoverRequestAck(T-2-STC(HOCMD(RRCConnectionReconfig(NASS.P.tE))))HandoverNotify產(chǎn)生新的Kenb*=f(NH)使用新的Kenb*來檢查CP及I.P.此消息,然后Kenb*成為新的KenbNCC+1,NH=f(NH,Kasme)HandoverCommand(NASS.P.fE,T-2-CTC(HOCMD(RRCConnectionReconfiguration)))若MME發(fā)生了改變,舊的MME也會(huì)將當(dāng)前正在使用的Kasme及eKSI傳遞給新的MME。舊的MME,NCC+,并計(jì)算出一個(gè)新NH,并將{NCC,NH}傳遞給新的MME。NASS.M.C.(eKSI,SelectedNASS.Alg,UES.Cap)NASS.M.Complete63已計(jì)算出Kenb*,但是TC中的RRC消息還是明文的處理的。已計(jì)算出Kenb*,但是TC中的RRC消息還是明文的處理的。UE根據(jù)NCC從Kenb計(jì)算出Kenb*,然后成為新Kenb,并以此Kenb及選擇的算法對(duì)HOCMP消息進(jìn)行C.及I.P.S1Handover過程中的特殊的情形S-eNBT-eNBMMEHandoverRequired(S-2-TTC(HandoverPreparationInformation)))HandoverRequest(NCC,NH,NASS.P.tE,S-2-TTC(HOPreparationInforamtion))UERRCConnectionReconfig(NCC)HandoverCompleteHandoverRequestAck(T-2-STC(HOCMD(RRCConnectionReconfig(NASS.P.tE))))HandoverNotify產(chǎn)生新的Kenb*=f(NH)使用新的Kenb*來檢查CP及I.P.此消息,然后Kenb*成為新的KenbNCC+1,NH=f(NH,Kasme)HandoverCommand(NASS.P.fE,T-2-CTC(HOCMD(RRCConnecti

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論