CN101277533A - Method, apparatus and system for reinforcing communication security - Google Patents
Method, apparatus and system for reinforcing communication security Download PDFInfo
- Publication number
- CN101277533A CN101277533A CNA2008100882868A CN200810088286A CN101277533A CN 101277533 A CN101277533 A CN 101277533A CN A2008100882868 A CNA2008100882868 A CN A2008100882868A CN 200810088286 A CN200810088286 A CN 200810088286A CN 101277533 A CN101277533 A CN 101277533A
- Authority
- CN
- China
- Prior art keywords
- encrypted command
- encryption
- communication security
- equipment identification
- mobile equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention relates to a method of communication safety enhancement, device and system, wherein the method of communication safety enhancement includes: analyzing a received encryption command, and recording the encryption command after analyzed; setting the predetermined field in the encryption command after analyzed being a predetermined value; receiving returned encryption completion information. By setting the predetermined field of the encryption mode command being the predetermined value, the method of communication safety enhancement, device and system ensure unpredictable bits in the hollow information greatly increase, greatly enhancing the difficulty of the attack, better improving safety of GSM.
Description
Technical field
The embodiment of the invention relates to communication technical field, relates in particular to a kind of communication security Enhancement Method, Apparatus and system.
Background technology
Along with development of Communication Technique, (Global System for Mobilecommunication GSM) becomes global most widely used cellular mobile system to global system for mobile communications, and its fail safe has also been proposed more and more higher requirement; Before, GSM safety is identical with the fixed line safe class, has only the part of eating dishes without rice or wine of gsm system protected, and other part of system is transparent; Two kinds of protection mechanisms of access network realize with stoping without permission by the individual privacy of protection user in the protection of the part of eating dishes without rice or wine; wherein; the individual privacy of the user of the part of eating dishes without rice or wine grants asylum by encryption; but; only encrypt when mobile phone and after the network terminal authentication, just begin; GSM is by (Temporary MobileSubscriber Identity TMSI) protects user's identity, and this temporary identity was used for differentiating mobile phone before encrypting beginning to the handset allocation temporary identity in advance.In case call out encryptedly, being used for the temporary identity called out next time just can safe replacing; In addition; stoping without permission, access network can utilize Subscriber Identity Module (Subscriber Identity Module; SIM) safety verification is protected; network terminal authentication SIM carries out when radio communication begins between mobile phone and network terminal; after mobile phone self is carried out authentication (by sending temporary identity); authentication process of network terminal initialization; this process is a request-response scheme based on wildcard between mobile phone and the network terminal basically; in this scheme, the cryptographic algorithm of levying use of testing mutually between mobile phone and the network terminal is A5/1.But the outlet of A5/1 is strict control, along with the growth of the GSM network beyond the Europe, needs a kind of cryptographic algorithm of No way out restriction, so a new cryptographic algorithm A5/2 issues out, the design of two kinds of algorithms is all unexposed; Meanwhile, the version A5/3 that another one is new joins in the middle of the A5 algorithm family, and different with A5/1 and A5/2 is, its indoor design is disclosed, and A5/3 is based on the design of KASUMI block cipher algorithm, and this algorithm uses in the 3G (Third Generation) Moblie network.
Existing in the audio call of GSM, base station and mobile phone are finished the foundation of audio call by a series of Signalling exchange, the signaling that wherein sends before encrypted command sends with the unencrypted form, and signaling after encrypted command and business datum are to send with the form of encrypting, after authentication process finishes, mobile device (MS) will send an encrypted command to base station controller (BSC), BSC then sends " encryption mode order (Ciphering Mode Command; CMC) " to MS on main signaling link indicates whether to adopt and encrypts, " CMC " message is the message of the article one from MS to BSC through encrypting in the calling procedure, wherein, International Mobile Station Equipment Identification sign indicating number (International Mobile EquipmentIdentity, IMEI) be optional cell, when only the encrypted response field of encrypted response cell is set to 1 (IMEISV shall be included) in CMC, MS just can comprise IMEI information in CIPHERING MODE COMPLETE, otherwise, encryption mode is finished and is only comprised three essential cells in the message body, amount to 2 bytes, other 18 untapped bytes fixedly are filled to 0x2B in the message blocks.
The inventor states on the implementation in the process of scheme and finds: because essential cell all has clear and definite explanation in agreement, therefore, finish when not carrying optional cell Mobile Equipment Identity in the message in encryption, message content all can be guessed the assailant.Do not carry that in the encryption mode of optional cell 2 bytes to be arranged are essential cells, other 18 bytes are fixing fills with " 2B ", it is to encrypt the back to send that message is finished in encryption, if the assailant has guessed these message, so he just can to form bright ciphertext according to the plaintext of guessing and the ciphertext of having collected right, utilize then bright ciphertext between relation finish known plain text attack; In addition, when even if the not every bit assailant of the message of eating dishes without rice or wine to send can both guess out, if the undetermined bit number in the inside is fewer, the assailant also can adopt exhaustive method to carry out known plain text attack so, for example have only N bit assailant unclear in the message, the assailant only need carry out attacking the known plain text attack just can finish this message for 2^N time so, and when N was smaller, its operand was that present field programmable gate array (FPGA) can bear; And along with the continual renovation of new unit, the calculation process ability of FPGA is more and more stronger, adopts known plain text attack to crack GSM A5/1 algorithm and becomes possible day by day, and this has seriously influenced the fail safe of eating dishes without rice or wine of GSM; And adopt the A5/3 cryptographic algorithm of upgrading among the GSM can promote the fail safe of GSM, but a large amount of mobile phone and equipment on the existing network is not because the A5/3 algorithm is all also supported in the restriction of hardware, software, therefore, need under the prerequisite that does not change the A5/1 algorithm, promote the fail safe of GSM.
Summary of the invention
The embodiment of the invention provides a kind of communication security Enhancement Method, Apparatus and system, to realize promoting the fail safe of GSM.
The embodiment of the invention provides a kind of communication security Enhancement Method, and this method comprises:
Encrypted command after the parsing is resolved and write down to the encrypted command that receives;
Predetermined field in the encrypted command after resolving is set to predetermined value;
Message is finished in the encryption that reception is returned.
The embodiment of the invention provides a kind of communication security intensifier, and this device comprises:
Resolution unit is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives;
The unit is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value;
Receiving element is used to receive the encryption of returning and finishes message.
The embodiment of the invention provides a kind of communication security enhanced system, and this system comprises base station controller and mobile device, and wherein said base station controller comprises:
Resolution unit is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives;
The unit is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value;
Receiving element is used to receive the encryption of returning and finishes message;
Described mobile device comprises:
Transmitting element is used for sending encryption according to the encrypted command after resolving and finishes message.
Above-mentioned communication security Enhancement Method, Apparatus and system, be set to predetermined value by the predetermined field in the encryption mode order, make that uncertain figure place increases greatly in the idle message, thereby increased difficulty of attacking greatly, promoted the fail safe of GSM preferably.
Below by drawings and Examples, the technical scheme of the embodiment of the invention is described in further detail.
Description of drawings
Fig. 1 is the flow chart of communication security Enhancement Method embodiment of the present invention;
Fig. 2 is the signaling process figure of communication security Enhancement Method embodiment of the present invention;
Fig. 3 is the structural representation of communication security intensifier embodiment of the present invention;
Fig. 4 is the structural representation of communication security enhanced system embodiment of the present invention.
Embodiment
As shown in Figure 1, be the flow chart of communication security Enhancement Method embodiment of the present invention, this method comprises:
Step 101, encrypted command after the parsing is resolved and write down to the encrypted command that receives;
The encrypted command that BSC issues MSC (Encryption Command) is resolved, and notes the encrypted command after the above-mentioned parsing;
Predetermined field in step 102, the encrypted command after resolving is set to predetermined value;
Predetermined field herein is the encrypted response field, and the encrypted response field in the encrypted command after the above-mentioned parsing is set to " IMEI must be included ";
Message is finished in the encryption that step 103, reception are returned.
BSC also comprises after finishing message receiving above-mentioned encryption: judge whether to report international mobile equipment identification number (IMSI) according to the encrypted command after resolving in encryption is finished, if do not require, then delete this IMSI territory, wherein, above-mentioned international mobile equipment identification number (IMEI) is checked and approved sign indicating number (TypeApproval Code by unit type, TAC), assemble sign indicating number (Final Assembly Code at last, FAC), sequence number (Serial Number, SNR), standby number (Spare Number, SP) form, each several part all is a binary-coded decimal.TAC, 6 binary-coded decimals, the marking terminal type, for the terminal of particular vendor, this value is fixed; FAC, 2 binary-coded decimals, marking terminal grown place; SNR, 6 binary-coded decimals, marking terminal is produced sequence number; SP, 1 binary-coded decimal is fixed as 0.For the terminal of known type, IMEI has the unpredictable SNR of 24bits, because be the BCD coding, so the SNR value has 999999 kinds of selections, therefore between 2^19-2^20, when encryption was finished message and carried optional cell MEI, having 19bits at least was unpredictable to the assailant.
In addition, in the audio call of GSM, finish the foundation of audio call between base station and the mobile phone by a series of Signalling exchange, the signaling that wherein sends before encrypted command sends with the unencrypted form, and signaling after encrypted command and business datum are to send with the form of encrypting, as shown in Figure 2, be the signaling process figure of communication security Enhancement Method embodiment of the present invention, this method comprises:
Carry out authentication operations between step 201, MS and the BSC;
The operation of this step is identical with prior art, does not describe in detail at this;
After step 202, authentication were finished, BSC sent encrypted command to MS;
BSC sends encrypted command through BTS to MS, and encrypted command becomes the encryption mode order behind BTS, indicates whether to adopt by " encryption mode order " and encrypts; " Ciphering Mode Complete " message is the message of the article one from MS to BSC through encrypting in the calling procedure, message content sees Table 1, wherein, Mobile Equipment Identity is optional cell, when only the encrypted response field of encrypted response cell was set to 1 (IMEISV shall beincluded) in CIPHERING MODECOMMAND, MS just can comprise IMEI information in CIPHERING MODE COMPLETE;
Table 1
| IEI | Information element | Type/Reference | Presence | Format | length | |
| RR management Protocol Discriminator | Protocol | M | V | 1/2 | ||
| Skip Indicator | Skip | M | V | 1/2 | ||
| Cipher Mode Complete Message Type | Message Type | M | V | 1 | ||
| 17 | Mobile Equipment Identity | Mobile Identity | O | TLV | 3-11 |
Step 203, MS return to encrypt to BSC and finish message.
MS sends to encrypt to BSC through BTS and finishes message.
Above-mentioned communication security Enhancement Method is set to predetermined value by the predetermined field in the encryption mode order, makes that uncertain figure place increases greatly in the idle message, thereby has increased difficulty of attacking greatly, has promoted the fail safe of GSM preferably.
As shown in Figure 3, be the structural representation of communication security intensifier embodiment of the present invention, this device comprises: resolution unit 11 is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives; Unit 12 is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value; Receiving element 13 is used to receive the encryption of returning and finishes message.
Wherein, in order to realize better compatibility, above-mentioned communication security intensifier can also comprise: judging unit is used for judging whether to finish in encryption according to the encrypted command after resolving reporting international mobile equipment identification number, if do not require, then delete this international mobile equipment identification number territory.Above-mentioned international mobile equipment identification number comprises that unit type checks and approves sign indicating number, assembling sign indicating number, sequence number and standby code etc. at last.
Above-mentioned communication security intensifier is set to predetermined value by the predetermined field that is provided with in the order of module encryption mode, makes that uncertain figure place increases greatly in the idle message, thereby has increased difficulty of attacking greatly, has promoted the fail safe of GSM preferably.
As shown in Figure 4, structural representation for communication security enhanced system embodiment of the present invention, this system comprises base station controller 1 and mobile device 2, and wherein above-mentioned base station controller 1 comprises: resolution unit 11 is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives; Unit 12 is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value; Receiving element 13 is used to receive the encryption of returning and finishes message; Above-mentioned mobile device 2 comprises: transmitting element 21 is used for sending encryption according to the encrypted command after resolving and finishes message.
Wherein, in order to realize better compatibility, above-mentioned base station controller can also comprise: judging unit is used for judging whether to finish in encryption according to the encrypted command after resolving reporting international mobile equipment identification number, if do not require, then delete this international mobile equipment identification number territory.Above-mentioned international mobile equipment identification number comprises that unit type checks and approves sign indicating number, assembling sign indicating number, sequence number and standby code etc. at last.
Above-mentioned communication security intensifier is set to predetermined value by the predetermined field that is provided with in the order of module encryption mode, makes that uncertain figure place increases greatly in the idle message, thereby has increased difficulty of attacking greatly, has promoted the fail safe of GSM preferably.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (9)
1, a kind of communication security Enhancement Method is characterized in that comprising:
Encrypted command after the parsing is resolved and write down to the encrypted command that receives;
Predetermined field in the encrypted command after resolving is set to predetermined value;
Message is finished in the encryption that reception is returned.
2, communication security Enhancement Method according to claim 1 is characterized in that encryption that described reception is returned also comprises after finishing message:
Judge whether in encryption is finished, to report international mobile equipment identification number according to the encrypted command after resolving,, then delete this international mobile equipment identification number territory if do not require.
3, communication security Enhancement Method according to claim 1 and 2 is characterized in that described international mobile equipment identification number comprises that unit type checks and approves sign indicating number, assembling sign indicating number, sequence number and standby code at last.
4, a kind of communication security intensifier is characterized in that comprising:
Resolution unit is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives;
The unit is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value;
Receiving element is used to receive the encryption of returning and finishes message.
5, communication security intensifier according to claim 4 is characterized in that also comprising:
Judging unit is used for judging whether to finish in encryption according to the encrypted command after resolving reporting international mobile equipment identification number, if do not require, then deletes this international mobile equipment identification number territory.
6,, it is characterized in that described international mobile equipment identification number comprises that unit type checks and approves sign indicating number, assembling sign indicating number, sequence number and standby code at last according to claim 4 or 5 described communication security intensifiers.
7, a kind of communication security enhanced system comprises base station controller and mobile device, it is characterized in that described base station controller comprises:
Resolution unit is used for encrypted command after the parsing is resolved and write down to the encrypted command that receives;
The unit is set, and the predetermined field of the encrypted command after being used for resolving is set to predetermined value;
Receiving element is used to receive the encryption of returning and finishes message;
Described mobile device comprises:
Transmitting element is used for sending encryption according to the encrypted command after resolving and finishes message.
8, communication security enhanced system according to claim 7 is characterized in that described base station controller also comprises:
Judging unit is used for judging whether to finish in encryption according to the encrypted command after resolving reporting international mobile equipment identification number, if do not require, then deletes this international mobile equipment identification number territory.
9,, it is characterized in that described international mobile equipment identification number comprises that unit type checks and approves sign indicating number, assembling sign indicating number, sequence number and standby code at last according to claim 7 or 8 described communication security enhanced system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100882868A CN101277533B (en) | 2008-04-30 | 2008-04-30 | Method, apparatus and system for reinforcing communication security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100882868A CN101277533B (en) | 2008-04-30 | 2008-04-30 | Method, apparatus and system for reinforcing communication security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101277533A true CN101277533A (en) | 2008-10-01 |
| CN101277533B CN101277533B (en) | 2011-07-20 |
Family
ID=39996460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100882868A Expired - Fee Related CN101277533B (en) | 2008-04-30 | 2008-04-30 | Method, apparatus and system for reinforcing communication security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101277533B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067168A (en) * | 2011-10-21 | 2013-04-24 | 华为技术有限公司 | Method and system of global system for mobile communication (GSM) safety and related equipment |
| WO2014201707A1 (en) * | 2013-06-17 | 2014-12-24 | 华为技术有限公司 | Encryption communication method and system, and related device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI111433B (en) * | 1998-01-29 | 2003-07-15 | Nokia Corp | Procedure for the confidentiality of data communications and cellular radio systems |
| AU2003284256A1 (en) * | 2002-10-18 | 2004-05-04 | Kineto Wireless, Inc. | Apparatus and method for extending the coverage area of a licensed wireless communication system using an unlicensed wireless communication system |
-
2008
- 2008-04-30 CN CN2008100882868A patent/CN101277533B/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067168A (en) * | 2011-10-21 | 2013-04-24 | 华为技术有限公司 | Method and system of global system for mobile communication (GSM) safety and related equipment |
| WO2013056681A1 (en) * | 2011-10-21 | 2013-04-25 | 华为技术有限公司 | Method, system, and related device for gsm security |
| CN103067168B (en) * | 2011-10-21 | 2016-01-27 | 华为技术有限公司 | A kind of GSM safety method and system, relevant device |
| WO2014201707A1 (en) * | 2013-06-17 | 2014-12-24 | 华为技术有限公司 | Encryption communication method and system, and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101277533B (en) | 2011-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101662765B (en) | Encryption system and method of short message of mobile telephone | |
| EP2215747B1 (en) | Method and devices for enhanced manageability in wireless data communication systems | |
| EP1782650B1 (en) | Method and system for improving robustness of secure messaging in a mobile communications network | |
| CN101494854B (en) | Method, system and equipment for preventing SIM LOCK from being unlocked illegally | |
| CN105142136B (en) | A kind of method of anti-pseudo-base station attack | |
| CN102223231B (en) | M2M terminal authentication system and authentication method | |
| US20150087269A1 (en) | Method for providing mobile communication provider information and device for performing same | |
| CN102149083A (en) | Personalized card writing method, system and device | |
| JP2009296576A (en) | Method and apparatus for authenticating broadcast message | |
| CN101521873A (en) | Method for enabling local security context | |
| CN104318286A (en) | NFC label data management method and system and terminal | |
| CN1937487A (en) | LTE authentication and encryption method | |
| CN103139769B (en) | A kind of wireless communications method and network subsystem | |
| DE602004011554D1 (en) | METHOD AND DEVICE FOR AUTHENTICATING IN WIRELESS COMMUNICATION | |
| CN101355507B (en) | Method and system for generating cipher key for updating tracking zonetime | |
| CN101860850B (en) | Method for realizing mobile terminal to lock network or card by utilizing driver | |
| CN104955029A (en) | Address book protection method, address book protection device and communication system | |
| CN101277533B (en) | Method, apparatus and system for reinforcing communication security | |
| CN101383702B (en) | Method and system protecting cipher generating parameter in tracing region updating | |
| CN102111268A (en) | Two-way authentication method of global system for mobile communications (GSM) network | |
| CN101431754B (en) | Method for preventing clone terminal access | |
| CN101282518B (en) | Method and smart card apparatus for protecting user privacy when opening handset | |
| CN108616861A (en) | A kind of air card-writing method and device | |
| CN1968096B (en) | Synchronous flow optimization method and system | |
| CN101277184B (en) | Message structure compatible with 3GPP protocol and communication method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110720 Termination date: 20180430 |