CN105764052A - TD-LTE authentication and protective encryption method - Google Patents

TD-LTE authentication and protective encryption method Download PDF

Info

Publication number
CN105764052A
CN105764052A CN201610247409.2A CN201610247409A CN105764052A CN 105764052 A CN105764052 A CN 105764052A CN 201610247409 A CN201610247409 A CN 201610247409A CN 105764052 A CN105764052 A CN 105764052A
Authority
CN
China
Prior art keywords
key
terminal
lte
network
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610247409.2A
Other languages
Chinese (zh)
Inventor
汤亿则
黄红兵
徐志强
吕思达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical Information and Telecommunication Branch of State Grid Zhejiang Electric Power Co Ltd
Priority to CN201610247409.2A priority Critical patent/CN105764052A/en
Publication of CN105764052A publication Critical patent/CN105764052A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a TD-LTE authentication and protective encryption method. The method comprises the following steps: utilizing an AES algorithm in the TD-LTE, starting up to issue registration by a user, issuing an authentication and key agreement process after establishing a connection with a network end; and issuing an authentication process according to a mobile user identifier and parameters transmitted from a terminal by means of an MME at the network end, then performing the key agreement with the terminal, and issuing a security activation command to achieve consistence between the terminal and the secret key at the network end so as to realize secure communication, wherein the MME is a key control node for LTE access network in a 3GPP protocol, and is responsible for the positioning and calling process of a terminal in the idle mode, including relaying. By means of the TD-LTE authentication and protective encryption method, the safety performance of the TD-LTE can be further improved.

Description

TD-LTE authentication and protectiveness encryption method
Technical field
The present invention relates to wireless communication field, a kind of TD-LTE authentication based on network service and protectiveness encryption method.
Background technology
LTE access network is referred to as evolved UTRAN (Evovled UTRAN, E-UTRAN), compares traditional UTRAN framework, and E-UTRAN uses the network structure of more flattening.
E-UTRAN removes RNC network node, it is therefore an objective to simplifying the network architecture and reduce time delay, RNC function has been dispersed in evolved Node B (Evovled Node B, eNode B) and gateway (Serving GateWay, S-GW).E-UTRAN structure contains several eNode B, between eNode B, bottom uses IP transmission, logically interconnected by X2 interface, i.e. grid (Mesh) type network structure, such being designed primarily for supports UE mobility in whole network, it is ensured that the seamless switching of user.Each eNode B is connected to evolution block core (Evolved Packet Core by S1 interface, EPC) mobile management entity (the Mobility Management Entity of network, MME), i.e. it is connected with MME by S1-MME interface, being connected by S1-U and S-GW, S1-MME and S1-U can be regarded as the control plane of S1 interface and user plane respectively.
In EPC side, S-GW is the anchor point in 3GPP mobile network.MME function separates with gateway function, and main process mobility etc. of being responsible for controls signaling, and such being designed with helps network design, the evolution of single technology and dilatation flexibly comprehensively.Meanwhile, LTE/SAE architecture by among SGSN and MME Function Integration Mechanism to same node, thus can also realize a general packet core net simultaneously supporting GSM, WCDMA/HSPA and LTE technology.
LTE system is compared with the wireless technologys such as WIFI, ZigBee, and LTE system is better than other wireless technology in security performance.For TD-LTE system.Safety includes Access Layer AS (Access Stratum) and two levels of Non-Access Stratum NAS (Non-Access Stratum), and Access Layer safety is the most important.In view of LTE system relates to privacy and the concerning security matters of special dimension communication of telex network, LTE system safety is particularly important, so, under this network architecture system, it is provided that a kind of safe and reliable certification and encryption method can further enhance the security performance of system.
Summary of the invention
In view of this, the present invention is directed to the problem that the need of above-mentioned prior art existence further enhance security of system performance, it is provided that one is encrypted with protective value more preferably, the TD-LTE authentication of safety and reliability and protectiveness encryption method.
The technical solution of the present invention is; TD-LTE authentication and the protectiveness encryption method of a kind of following structure are provided; comprise the following steps: TD-LTE uses aes algorithm, user start shooting and initiate registration, set up with network-side and initiate authentication and cipher key agreement process after being connected;Mobile user identification that the MME of network-side is sent by terminal and parameter, to initiate authentication process, carry out key agreement afterwards, initiate safe activation order, reach terminal consistent with network-side key, to realize secure communication with terminal;Described is, and MME is the key control node of LTE access network in 3GPP agreement, and it is responsible for the location of the terminal of idle pulley, notifies from a phone call process, including relaying.
Use above structure, the present invention is compared with prior art, have the advantage that and the invention provides encryption method based on aes algorithm, AKA process finally achieves terminal (UE) and the bi-directional authentification of network-side, the key making two ends is reached an agreement, so as to proper communication, by network-side and the interaction of terminal, in authentication and cipher key agreement process, to realize encryption and protection, each NE is made up of LTE core network EPC and an eNodeB, such NE can as honeycomb one region of seamless coverage, can also by each away from physical network area be connected to become a discrete network, terminal use in network has good mobility.This distributed network architecture is especially suitable for the business demand of private network, i.e. network and is ensureing on the premise of reliability, safety, can be with flexible deployment, on-demand construction.Under the method for the present invention, improve the security performance of TD-LTE further.
As preferably, described authentication with cipher key agreement process is, encryption key and Integrity Key is calculated by key common in AUC and terminal, and calculated new father's key by encryption key and Integrity Key as basic key, the most thus key produces the sub-key required for each layer, thus sets up Evolved Packet System between terminal and network-side with safe context.The encryption key and the Integrity Key that generate should not leave ownership place client server, CK, IK of 3G is to may reside in AV (authentication vector, authentication vector) in, TD-LTE do so is that main key does not transmits, and improves safety.
As preferably, in TD-LTE, Non-Access Stratum and Access Layer are encrypted and integrity protection respectively, and the two is separate, and the activation of they safeties occurs after AKA process;Network-side is the safety first activating Non-Access Stratum to the Non-Access Stratum of terminal and the activation sequence of Access Layer, the safety of reactivation Access Layer.According to such step, ciphering process is the most reasonable, activates using Non-Access Stratum as priority.
As preferably, the safety mode process of Non-Access Stratum is to be initiated by network-side, the safe activation order that MME sends by Non-Access Stratum integrity protection but the most encrypted;Terminal is after receiving safe activation order, it is identical with the terminal security sexuality triggering safe activation command procedure whether terminal security sexuality in first comparison message is sent to network-side with terminal, to determine that security capabilities is not modified, if identical, expression can accept;Secondly, the generation of Non-Access Stratum key is carried out, including encryption key and tegrity protection key;Then, terminal will carry out completeness check according to newly generated tegrity protection key and algorithm to the safe activation order received, and verification is passed through, and represents that this safe activation order can be accepted, and this escape way can be used;Finally, terminal sends safe mode completion message to MME, and all of Access Layer signaling message all will be encrypted and integrity protection;If the verification of safe mode command not by if, will send safe mode refusal order to MME, terminal exits connection.
As preferably, after the security activation of Non-Access Stratum, starting the security activation of Access Layer, network-side carries out integrity protection by tegrity protection key to its safe activation order sent, and generates a validation of information code;Afterwards, by this biography safe activation order to terminal;Terminal generates tegrity protection key, and this safe activation order carries out completeness check, generates another validation of information code for verification; if two validation of information code-phase couplings; by verification, generate encryption key the most further, and make verification further.
As preferably, plaintext frame is utilized PKI and private key encryption by sending side terminal, and the ciphertext frame obtained after encryption is sent to receiving side terminal, and ciphertext frame is first deciphered by receiving side terminal by PKI, then is deciphered further by the private key with receiving side terminal user profile.Encipherment protection can not be only limitted between network-side and terminal, is also required to encipherment protection between terminal and terminal, improves the confidentiality of user profile.
Detailed description of the invention
Below in conjunction with regard to specific embodiment, the invention will be further described.
The present invention contains any replacement, amendment, equivalent method and scheme made in the spirit and scope of the present invention.Understand thoroughly to make the public that the present invention to be had, in present invention below preferred embodiment, concrete details is described in detail, and does not has the description of these details can also understand the present invention completely for a person skilled in the art.
A kind of TD-LTE authentication of the present invention and protectiveness encryption method, comprise the following steps: uses aes algorithm, user to start shooting in TD-LTE and initiates registration, sets up with network-side and initiates authentication and cipher key agreement process after being connected;Mobile user identification that the MME of network-side is sent by terminal and parameter, to initiate authentication process, carry out key agreement afterwards, initiate safe activation order, reach terminal consistent with network-side key, to realize secure communication with terminal;Described is, and MME is the key control node of LTE access network in 3GPP agreement, and it is responsible for the location of the terminal of idle pulley, notifies from a phone call process, including relaying.
Described authentication with cipher key agreement process is, encryption key and Integrity Key is calculated by key common in AUC and terminal, and calculated new father's key by encryption key and Integrity Key as basic key, the most thus key produces the sub-key required for each layer, thus sets up Evolved Packet System between terminal and network-side with safe context.The encryption key and the Integrity Key that generate should not leave ownership place client server, CK, IK of 3G is to may reside in AV (authentication vector, authentication vector) in, TD-LTE do so is that main key does not transmits, and improves safety.
In TD-LTE, Non-Access Stratum and Access Layer are encrypted and integrity protection respectively, and the two is separate, and the activation of they safeties occurs after AKA process;Network-side is the safety first activating Non-Access Stratum to the Non-Access Stratum of terminal and the activation sequence of Access Layer, the safety of reactivation Access Layer.
The safety mode process of Non-Access Stratum is to be initiated by network-side, the safe activation order that MME sends by Non-Access Stratum integrity protection but the most encrypted;Terminal is after receiving safe activation order, it is identical with the terminal security sexuality triggering safe activation command procedure whether terminal security sexuality in first comparison message is sent to network-side with terminal, to determine that security capabilities is not modified, if identical, expression can accept;Secondly, the generation of Non-Access Stratum key is carried out, including encryption key and tegrity protection key;Then, terminal will carry out completeness check according to newly generated tegrity protection key and algorithm to the safe activation order received, and verification is passed through, and represents that this safe activation order can be accepted, and this escape way can be used;Finally, terminal sends safe mode completion message to MME, and all of Access Layer signaling message all will be encrypted and integrity protection;If the verification of safe mode command not by if, will send safe mode refusal order to MME, terminal exits connection.
After the security activation of Non-Access Stratum, starting the security activation of Access Layer, network-side carries out integrity protection by tegrity protection key to its safe activation order sent, and generates a validation of information code;Afterwards, by this biography safe activation order to terminal;Terminal generates tegrity protection key, and this safe activation order carries out completeness check, generates another validation of information code for verification; if two validation of information code-phase couplings; by verification, generate encryption key the most further, and make verification further.
Plaintext frame is utilized PKI and private key encryption by sending side terminal, and the ciphertext frame obtained after encryption is sent to receiving side terminal, and ciphertext frame is first deciphered by receiving side terminal by PKI, then is deciphered further by the private key with receiving side terminal user profile.
The impaired minimum of Distributed T D-LTE network Single Point of Faliure;Distributed T D-LTE network can provide security isolation;Distributed T D-LTE network can support that business tine is encrypted;Distributed T D-LTE supports identical networking, and capacity of resisting disturbance is stronger.The identical networking that Distributed T D-LTE realizes from the principle of technology, substantially increases the utilization rate of wireless frequency;The TD-LTE capacity of resisting disturbance than WLAN and ZigBee is strong, and meanwhile, 1.8GHz frequency range (1785-1805MHz), for licensing, is protected by country, and interference signal source is well below WLAN and ZigBee.
When in the face of strong electromagnetic, as radio communication, high-power co-channel interference or adjacent frequency interference, the capacity of network and availability can be caused serious harm.
It is to be noted that the module related in the present embodiment and architectural components, part have employed the generic noun of letter or English, the needs described due to technical term, it is not unified into Chinese character, but those of ordinary skill in the art are according to the associated description of description, relevant enforcement means can be known, will not produce ambiguity.
Below only preferred embodiment of the present invention is described, but is not to be construed as limitations on claims.The present invention is not only limited to above example, and its concrete structure allows to change.In a word, all various changes made in the protection domain of independent claims of the present invention are the most within the scope of the present invention.

Claims (6)

1. a TD-LTE authentication and protectiveness encryption method, it is characterised in that: comprise the following steps: in TD-LTE Using aes algorithm, user starts shooting and initiates registration, sets up with network-side and initiates authentication and cipher key agreement process after being connected;Net Mobile user identification that the MME of network end is sent by terminal and parameter, to initiate authentication process, carried out with terminal afterwards Key agreement, initiates safe activation order, reaches terminal consistent with network-side key, to realize secure communication;Described Be MME be the key control node of LTE access network in 3GPP agreement, it is responsible for the location of the terminal of idle pulley, Call process, including relaying.
TD-LTE authentication the most according to claim 1 and protectiveness encryption method, it is characterised in that: described Authentication is to calculate encryption key by key common in AUC and terminal and integrity is close with cipher key agreement process Key, and calculated new father's key by encryption key and Integrity Key as basic key, the most thus key produces Sub-key required for each layer, thus between terminal and network-side, set up Evolved Packet System) with safe context.
TD-LTE authentication the most according to claim 1 and 2 and protectiveness encryption method, it is characterised in that: In TD-LTE, Non-Access Stratum and Access Layer are encrypted and integrity protection respectively, and the two is separate, they safety Property activation occur after AKA process;Network-side is first to activate to the Non-Access Stratum of terminal and the activation sequence of Access Layer The safety of Non-Access Stratum, the safety of reactivation Access Layer.
TD-LTE authentication the most according to claim 3 and protectiveness encryption method, it is characterised in that: non-access The safety mode process of layer is to be initiated by network-side, and the safe activation order that MME sends is by Non-Access Stratum integrity protection But it is the most encrypted;Terminal is after receiving safe activation order, and whether the terminal security sexuality in first comparison message is and terminal It is sent to network-side identical, to determine that security capabilities is not by more with the terminal security sexuality triggering safe activation command procedure Changing, if identical, expression can accept;Secondly, the generation of Non-Access Stratum key is carried out, including encryption key and integrity Protection key;Then, the safe activation order received will be carried out by terminal according to newly generated tegrity protection key and algorithm Completeness check, verification is passed through, and represents that this safe activation order can be accepted, and this escape way can be used;Finally, terminal Sending safe mode completion message to MME, all of Access Layer signaling message all will be encrypted and integrity protection;If The verification of safe mode command not by if, will send safe mode refusal order to MME, terminal exits connection.
TD-LTE authentication the most according to claim 4 and protectiveness encryption method, it is characterised in that: connect non- After entering the security activation of layer, starting the security activation of Access Layer, it is sent by network-side by tegrity protection key Safe activation order carries out integrity protection, and generates a validation of information code;Afterwards, this biography safe activation order is given eventually End;Terminal generates tegrity protection key, and this safe activation order carries out completeness check, generates another for verifying Individual validation of information code, if two validation of information code-phase couplings, by verification, generates encryption key the most further, And make verification further.
TD-LTE authentication the most according to claim 1 and protectiveness encryption method, it is characterised in that: sender Plaintext frame is utilized PKI and private key encryption by terminal, and the ciphertext frame obtained after encryption is sent to receiving side terminal, and recipient is eventually Ciphertext frame is first deciphered by end by PKI, then is deciphered further by the private key with receiving side terminal user profile.
CN201610247409.2A 2016-04-19 2016-04-19 TD-LTE authentication and protective encryption method Pending CN105764052A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610247409.2A CN105764052A (en) 2016-04-19 2016-04-19 TD-LTE authentication and protective encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610247409.2A CN105764052A (en) 2016-04-19 2016-04-19 TD-LTE authentication and protective encryption method

Publications (1)

Publication Number Publication Date
CN105764052A true CN105764052A (en) 2016-07-13

Family

ID=56325309

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610247409.2A Pending CN105764052A (en) 2016-04-19 2016-04-19 TD-LTE authentication and protective encryption method

Country Status (1)

Country Link
CN (1) CN105764052A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385676A (en) * 2016-08-31 2017-02-08 国网河南省电力公司开封供电公司 Safety encryption electric power wireless communication system
CN107196920A (en) * 2017-04-28 2017-09-22 中国人民解放军信息工程大学 A kind of key towards wireless communication system produces distribution method
CN112367686A (en) * 2020-10-29 2021-02-12 国网甘肃省电力公司信息通信公司 Wireless private network and public network hybrid networking method oriented to electric power multi-service bearing
CN113098688A (en) * 2020-01-09 2021-07-09 大唐移动通信设备有限公司 AKA method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102600A (en) * 2007-06-29 2008-01-09 中兴通讯股份有限公司 Secret key processing method for switching between different mobile access systems
CN101505479A (en) * 2009-03-16 2009-08-12 中兴通讯股份有限公司 Safe context negotiation method and system in authentication process
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access
US20120039464A1 (en) * 2009-05-04 2012-02-16 Zte Corporation Emergency call-based security algorithm negotiation method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102600A (en) * 2007-06-29 2008-01-09 中兴通讯股份有限公司 Secret key processing method for switching between different mobile access systems
CN101505479A (en) * 2009-03-16 2009-08-12 中兴通讯股份有限公司 Safe context negotiation method and system in authentication process
US20120039464A1 (en) * 2009-05-04 2012-02-16 Zte Corporation Emergency call-based security algorithm negotiation method and apparatus
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐志强,马平,邵炜平,厉立峰: "基于230MHz频段的新型电力无线专网安全性研究", 《电力信息与通信技术》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385676A (en) * 2016-08-31 2017-02-08 国网河南省电力公司开封供电公司 Safety encryption electric power wireless communication system
CN107196920A (en) * 2017-04-28 2017-09-22 中国人民解放军信息工程大学 A kind of key towards wireless communication system produces distribution method
CN107196920B (en) * 2017-04-28 2019-07-30 中国人民解放军信息工程大学 A kind of key generation distribution method towards wireless communication system
CN113098688A (en) * 2020-01-09 2021-07-09 大唐移动通信设备有限公司 AKA method and device
CN113098688B (en) * 2020-01-09 2022-05-06 大唐移动通信设备有限公司 AKA method and device
CN112367686A (en) * 2020-10-29 2021-02-12 国网甘肃省电力公司信息通信公司 Wireless private network and public network hybrid networking method oriented to electric power multi-service bearing
CN112367686B (en) * 2020-10-29 2023-03-31 国网甘肃省电力公司信息通信公司 Wireless private network and public network hybrid networking method oriented to electric power multi-service bearing

Similar Documents

Publication Publication Date Title
US11071022B2 (en) Communication system
US20210135878A1 (en) Authentication Mechanism for 5G Technologies
US20230353379A1 (en) Authentication Mechanism for 5G Technologies
CN101931953B (en) Generate the method and system with the safe key of apparatus bound
CN109362108A (en) A kind of methods, devices and systems of safeguard protection
WO2019096075A1 (en) Method and apparatus for message protection
CN101945387B (en) The binding method of a kind of access layer secret key and equipment and system
WO2013185735A2 (en) Encryption realization method and system
US20150334560A1 (en) Mtc key management for key derivation at both ue and network
EP2854329B1 (en) Method, system, and device for securely establishing wireless local area network
KR20180066899A (en) Method and system for generating session key using Diffie-Hellman procedure
WO2012031510A1 (en) Method and system for implementing synchronous binding of security key
US20150229620A1 (en) Key management in machine type communication system
CN102056157A (en) Method, system and device for determining keys and ciphertexts
CN101977378B (en) Information transferring method, network side and via node
CN105764052A (en) TD-LTE authentication and protective encryption method
WO2020056433A2 (en) SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo)
CN115769614A (en) Slice-specific security requirement information
JP2005341348A (en) Radio communications system and confidential control method
WO2014190828A1 (en) Method, apparatus and system for security key management
CN101867930A (en) Rapid authentication method for wireless Mesh network backbone node switching
CN101166177A (en) A method and system for initialization signaling transmission at non access layer
CN101938743B (en) Generation method and device of safe keys
CN107925874B (en) Ultra-dense network security architecture and method
CN102595403A (en) Authentication method and authentication device for relay node binding

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160713

RJ01 Rejection of invention patent application after publication