CN116325656A - Protection of sensitive user data in a communication network - Google Patents

Protection of sensitive user data in a communication network Download PDF

Info

Publication number
CN116325656A
CN116325656A CN202080105415.9A CN202080105415A CN116325656A CN 116325656 A CN116325656 A CN 116325656A CN 202080105415 A CN202080105415 A CN 202080105415A CN 116325656 A CN116325656 A CN 116325656A
Authority
CN
China
Prior art keywords
node
amf
authentication
key
untrusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080105415.9A
Other languages
Chinese (zh)
Inventor
李�泳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN116325656A publication Critical patent/CN116325656A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides a method for operating a network node in a communication network to protect sensitive information or metadata (SUPI) of a user of the communication network from an untrusted processing module node. The trusted processing module node is configured to generate a Home Environment Authentication Vector (HEAV). The HEAV includes anonymous metadata (SUPI) derived from the metadata (SUPI), and a second key (K 1 ). The first untrusted device node (AUSF) is configured to send an authentication response derived from the HEAV to the second untrusted network device node (AMF). An authentication request derived from the authentication response is sent to a user equipment node (UE). The user equipment node (UE) is configured to calculate an authentication Key (KAMF) from the authentication request, based on which authentication key a bidirectional authentication is performed between the second untrusted network equipment node (AMF) and the user equipment node (UE).

Description

Protection of sensitive user data in a communication network
Technical Field
The present disclosure relates generally to security in communication networks; more particularly, the present disclosure relates to a method for operating a node in a communication network to protect sensitive user data or metadata of a user. Furthermore, the disclosure relates to a node configured to operate according to the method.
Background
The use of security functions in data processing, information systems, and communication networks helps achieve privacy, fairness, accuracy, confidentiality, and other desired criteria. Such security functions use encryption or cryptography techniques; further, such security functions are used for electronic commerce, wireless communications, and broadcasting. Encryption is also used to prevent hacking, protect web pages, and prevent access to sensitive data of a given user.
In the case of a communication network, which may comprise both trusted and untrusted network elements, disadvantages may occur when seeking to maintain communication compatibility between the trusted and untrusted network elements, wherein security may be compromised. A network element is a device that operates as part of a communication network and may also be referred to as a processing module node. Sensitive user data or metadata associated with users of the communication network may be exposed due to compatibility requirements. For example, sensitive user data or metadata associated with a user, such as a unique identification or user identification, may be used in an unencrypted manner and as plaintext during communication between trusted and untrusted network elements in a communication network. This poses a privacy problem for users of the communication network, as sensitive user data in the clear may be exposed to non-trusted network elements.
Similarly, the fifth generation (5G) core network includes trusted and untrusted network elements, and user equipment nodes that are uniquely identified in the 5G core network using a user permanent identification (subscriber permanent identifier, SUPI). Sensitive user data or metadata (including, but not limited to, SUPI) of a user is used in plaintext without encryption due to compatibility requirements between trusted and non-trusted network elements. This creates security problems in the 5G core network because sensitive user data or metadata is exposed to non-trusted network elements. Furthermore, this creates confidentiality and anonymity issues for the users associated with the user equipment node, as this occurs without user consent. Currently, there is no practical solution to this problem.
Accordingly, in view of the above-described drawbacks associated with known security features, there is a need to address the above-described drawbacks of the prior art to ensure confidentiality and anonymity of sensitive user data or metadata to prevent leakage of sensitive user data to untrusted network elements.
Disclosure of Invention
It is an object of the present disclosure to provide an improved method to ensure confidentiality and anonymity of sensitive user data or metadata of a user to prevent leakage of sensitive user data to non-trusted network elements in a communication network.
This object is achieved by the features of the independent claims. Other implementations are apparent from the dependent claims, the description and the drawings.
According to a first aspect, a method for operating a trusted processing module node of a communication network is provided. The trusted processing module node is configured to be communicatively coupled with a first untrusted device node (AUSF), a second untrusted device node (AMF), and a user equipment node (UE). The method comprises, at the trusted processing module node, applying a first key derivation function to the metadata (SUPI) and the first key (K seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The method comprises sending an authentication response from a trusted processing module node to a second untrusted network device node (AMF) of the communication network via a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including the first untrusted device node (AUSF) and the second untrusted network device node (AMF). Confidentiality of metadata (SUPI) is protected because potential attackers may only be able to communicate from the communication The network obtains ciphertext of the metadata (SUPI).
In a first possible implementation form of the method for operating a trusted processing module node of the first aspect, the method further comprises sending an authentication request derived from the authentication response from the second untrusted network device node (AMF) to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method further comprises based on the authentication key (K AMF ) A two-way authentication is performed between a second untrusted network device node (AMF) and a user equipment node (UE). Authentication key (K) AMF ) Ensuring that the above-described two-way authentication procedure uses anonymous metadata (SUPI x) and a first key (K) seaf )。
In one implementation, the method includes arranging the trusted processing module node to wirelessly communicate with at least a portion of a communication network. Optionally, the method comprises arranging the trusted processing module node (10) to comply with a 5G network specification for wireless communication.
According to a second aspect, there is provided a computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method of the first aspect.
According to a third aspect, a method for operating a user equipment node (UE) of a communication network is provided. A user equipment node (UE) is configured to be communicatively coupled with a first untrusted device node (AUSF), a second untrusted device node (AMF), and a trusted processing module node. The method includes receiving, at a user equipment node (UE), an authentication request derived from an authentication response from a second untrusted network equipment node (AMF). The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method further comprises based on the authentication key (K AMF ) A two-way authentication is performed between a second untrusted network device node (AMF) and a user equipment node (UE).
Authentication vector due to home environmentThe quantity not including the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network. Authentication key (K) AMF ) Ensuring that the above-described two-way authentication procedure uses anonymous metadata (SUPI x) and a first key (K) seaf )。
In a first possible implementation form of the method for operating a user equipment node (UE) of the second aspect, the method further comprises, at a trusted processing module node of the communication network, applying the first key derivation function to the metadata (SUPI) and the first key (K seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The method further comprises sending an authentication response from the trusted processing module node to a second untrusted network device node (AMF) of the communication network via a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
According to a fourth aspect, a method for operating a first untrusted device node (AUSF) of a communication network is provided. The first untrusted device node (AUSF) is configured to communicatively couple with the second untrusted device node (AMF), a user equipment node (UE), and a trusted processing module node. The method includes receiving an authentication response from the trusted processing module node. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The method includes sending an authentication response to a second untrusted network device node (AMF) of the communication network.
Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
In a first possible implementation form of the method for operating a first non-trusted device node (AUSF) of the third aspect, the method further comprises sending an authentication request derived from the authentication response from the second non-trusted network device node (AMF) to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method further comprises based on the authentication key (K AMF ) A two-way authentication is performed between a second untrusted network device node (AMF) and a user equipment node (UE).
Authentication key (K) AMF ) Ensuring that the above-described two-way authentication procedure uses anonymous metadata (SUPI x) and a first key (K) seaf ). Authentication key (K) AMF ) Ensuring that the above-described two-way authentication procedure uses anonymous metadata (SUPI x) and a first key (K) seaf )。
In a second possible implementation form of the method for operating a first untrusted device node (AUSF) according to the third aspect as such or according to the first implementation form of the third aspect, the method further comprises at a trusted processing module node of the communication network, applying a first key derivation function to the metadata (SUPI) and the first key (K) seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 )。
Optionally, the method comprises arranging the first untrusted device node (AUSF) to authenticate the server function.
Optionally, the method comprises protecting the anonymous metadata (SUPI x) and the second key (K) at the first untrusted device node (AUSF) 1 ) Is not eavesdropped. More optionally, the method includes protecting the anonymous metadata (SUPI x) and the second key (K) by a cryptographic hash function for a probabilistic polynomial time-of-day (PPT) 1 ) Is not eavesdropped.
Optionally, the method comprises arranging the first untrusted device node (AUSF) to communicate wirelessly with at least a part of the communication network. More optionally, the method comprises arranging for the first untrusted device node (AUSF) to comply with the 5G network specification for wireless communication.
According to a fifth aspect, there is provided a computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method of the fourth aspect.
According to a sixth aspect, a method for operating a second untrusted device node (AMF) of a communication network is provided. The second untrusted device node (AMF) is configured to be communicatively coupled with the first untrusted device node (AUSF), the user equipment node (UE), and the trusted processing module node. The method comprises the second untrusted network device node (AMF) receiving an authentication response from the first untrusted network device node (AUSF). The method comprises sending an authentication request derived from an authentication response from a second untrusted network device node (AMF) to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method comprises based on an authentication key (K AMF ) A two-way authentication is performed between a second untrusted network device node (AMF) and a user equipment node (UE).
Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
In a first possible implementation form of the method for operating a second non-trusted device node (AMF) of the fourth aspect, the method further comprises, at a trusted processing module node of the communication network, applying a first key derivation function to the metadata (SUPI) and the first key (K seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The method further includes receiving, from the trusted locationThe processing module node sends an authentication response to a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
In a first possible implementation of any of the above aspects or implementations thereof, the method includes arranging the first untrusted device node (AUSF) as an authentication server function and the second untrusted device node (AMF) as an access and mobility management function.
In a second possible implementation of any of the above aspects or implementations thereof, the method includes protecting the anonymous metadata (SUPI x) and the second key (K) at the first untrusted device node (AUSF) and the second untrusted device node (AMF) 1 ) Is not eavesdropped.
In a third possible implementation of the second possible implementation, the method includes protecting the anonymous metadata (SUPI x) and the second key (K) by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped. Potential attackers may have AUSF and AMF. The cryptographic hash function prevents a potential attacker from breaking confidentiality and extracting the original SUPI data.
In a fourth possible implementation of any of the above aspects or implementations thereof, the method includes arranging at least a portion of the communication network as a wireless communication network.
In a fifth possible implementation of the fourth possible implementation, the method includes arranging the wireless communication network to conform to a 5G network specification.
Optionally, the method further comprises arranging a second untrusted device node (AMF) into an access and mobility management function.
Optionally, the method comprises protecting the anonymous metadata (SUPI x) and the second key (K) at the second untrusted device node (AMF) 1 ) Is not eavesdropped. More optionally, the method comprises protecting the anonymous metadata (SUPI x) and the second key (K) by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
Optionally, the method comprises arranging the second untrusted device node (AMF) to communicate wirelessly with at least a part of the communication network. More optionally, the method includes arranging for the second untrusted device node (AMF) to conform to a 5G network specification for wireless communication.
According to a seventh aspect, there is provided a computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method of the sixth aspect.
According to an eighth aspect, there is provided a trusted processing module node configured to communicate with a communication network configured to transmit sensitive user data. The communication network comprises a first untrusted device node (AUSF) and a second untrusted device node (AMF). The communication network is coupled to a trusted processing module node and a user equipment node (UE). The trusted processing module node is configured to generate a first key (K) by applying a first key derivation function to the metadata (SUPI) seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node is configured to send an authentication response to a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node (AUSF) is configured to send an authentication response therefrom to a second untrusted network device node (AMF) of the communication network. The second untrusted network device node (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device (AMF) and the User Equipment (UE) are based on an authentication key (K) AMF ) A two-way authentication is performed between the two.
Since the home environment authentication vector does not include the first key(K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
According to a ninth aspect, there is provided a user equipment node (UE) configured to communicate with a communication network configured to transmit sensitive user data. The communication network comprises a first untrusted device node (AUSF) and a second untrusted device node (AMF). The communication network is coupled to the trusted processing module node. The trusted processing module node is configured to generate a first key (K) by applying a first key derivation function to the metadata (SUPI) seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node is configured to send an authentication response to a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node (AUSF) is configured to send an authentication response therefrom to a second untrusted network device node (AMF) of the communication network. The second untrusted network device node (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device (AMF) and the User Equipment (UE) are based on an authentication key (K) AMF ) A two-way authentication is performed between the two. Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
According to a tenth aspect, there is provided a first untrusted device node (AUSF), the first untrusted device node being configured toIs placed in communication with a communication network configured to transmit sensitive user data. The communication network includes a second untrusted device node (AMF) and a user equipment node (UE). The communication network is coupled to the trusted processing module node. The trusted processing module node is configured to generate a first key (K) by applying a first key derivation function to the metadata (SUPI) seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node is configured to send an authentication response to a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node (AUSF) is configured to send an authentication response therefrom to a second untrusted network device node (AMF) of the communication network. The second untrusted network device node (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device (AMF) and the User Equipment (UE) are based on an authentication key (K) AMF ) A two-way authentication is performed between the two.
Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
According to an eleventh aspect, there is provided a second untrusted device node (AMF) configured to communicate with a communication network, the communication network being configured to transmit sensitive user data. The communication network comprises a first untrusted device node (AUSF) and a user equipment node (UE). The communication network is coupled to the trusted processing module node. The trusted processing module node is configured to generate a first key (K) by applying a first key derivation function to the metadata (SUPI) seaf ) And generating a home environment authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node is configured to send an authentication response to a first untrusted device node (AUSF) of the communication network. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node (AUSF) is configured to send an authentication response therefrom to a second untrusted network device node (AMF) of the communication network. The second untrusted network device node (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node (UE) connected to the communication network. The user equipment node (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device (AMF) and the User Equipment (UE) are based on an authentication key (K) AMF ) A two-way authentication is performed between the two.
Since the home environment authentication vector does not include the first key (K seaf ) The metadata (SUPI) is thus protected from brute force attacks from potential attackers including AUSF and AMF. Confidentiality of the metadata (SUPI) is protected because a potential attacker may only be able to obtain ciphertext of the metadata (SUPI) from the communication network.
In a first possible implementation form of the node according to any of the fifth, sixth, seventh and eighth aspects or the implementation forms thereof as described above, the first non-trusted device node (AUSF) is arranged to authenticate the server function and the second non-trusted device node (AMF) is arranged to access and mobility management functions.
In a second possible implementation form of the node according to any of the fifth, sixth, seventh and eighth aspects or any of the preceding implementation forms of the fifth, sixth, seventh and eighth aspects, the anonymous metadata (SUPI) and the second key (K) are protected at the first untrusted device node (AUSF) and the second untrusted device node (AMF) 1 ) Is not eavesdropped.
Any one of the fifth, sixth, seventh and eighth aspects or an implementation of the above aspectsIn a third possible implementation of the node, the anonymous metadata (SUPI x) and the second key (K) are protected by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped. Potential attackers, including AUSF and AMF, cannot break the confidentiality attributes and extract the original SUPI data.
In a fourth possible implementation form of the node according to any of the fifth, sixth, seventh and eighth aspects or the implementation forms thereof, at least a part of the communication network is arranged as a wireless communication network.
In a fifth possible implementation form of the node according to any of the fifth, sixth, seventh and eighth aspects or the fourth possible implementation form of the node as such, the wireless communication network is arranged to conform to the 5G network specification.
According to a twelfth aspect, there is provided a computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform any of the methods of the first, second, third or fourth aspects or any of their implementation forms.
The technical problem in the prior art is solved, wherein the technical problem relates to protecting confidentiality and anonymity of sensitive user data or metadata of a user from non-trusted network elements in a communication network under the condition that the trusted network elements and the non-trusted network elements of the communication network do not use plaintext for communication.
Thus, unlike the prior art, the trusted and untrusted processing module nodes and user equipment nodes of the communication network and the method for operating the trusted and untrusted processing module nodes and user equipment nodes according to the present disclosure enable a data owner to control the confidentiality and anonymity of sensitive user data (e.g., personal information). Even though the untrusted processing module nodes may process encrypted sensitive user data or metadata, they may not be able to obtain the metadata in the clear. Thus, a potential attacker can be prevented from revealing sensitive information or metadata. Furthermore, the present disclosure improves data security, i.e., confidentiality of sensitive user data (e.g., user permanent identification (SUPI)) achieved through encryption.
These and other aspects of the disclosure will be apparent from one or more embodiments described below.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the following brief description of the drawings is provided. Moreover, the drawings in the following description illustrate only some embodiments of the disclosure and other drawings may be obtained from these drawings by those of ordinary skill in the art without undue effort.
Fig. 1 is a schematic diagram depicting a communication network in accordance with an example of the present disclosure;
FIG. 2 is an interaction diagram depicting a method of operating a trusted processing module node of a communication network to provide confidentiality and anonymity of sensitive user data or metadata of a communication network user, in accordance with an example of the present disclosure;
fig. 3 is a schematic diagram depicting a fifth generation communication network including a fifth generation core network in communication with user equipment, in accordance with an example of the present disclosure;
FIG. 4 is a flow chart depicting steps of a method including a trusted processing module node for operating the communication network of FIG. 1, in accordance with an example of the present disclosure;
fig. 5 is a flowchart including method steps for operating a user equipment node of the communication network of fig. 1, according to an example of the present disclosure;
Fig. 6 is a flowchart including method steps for operating a first untrusted device node of the communication network of fig. 1, according to an example of the present disclosure;
fig. 7 is a flowchart including method steps for operating a second untrusted device node of the communication network of fig. 1, according to an example of the present disclosure.
Detailed Description
Embodiments of the present disclosure provide a method of operating a trusted processing module node in a communication network that provides confidentiality and anonymity of sensitive user data or metadata of communication network users.
In order that those skilled in the art will more readily understand the aspects of the present disclosure, the following embodiments of the present disclosure are described with reference to the accompanying drawings.
The terms "first," "second," "third," and "fourth" (if any) in the foregoing drawings and in the claims are used for distinguishing between similar objects and not necessarily for describing a particular sequence or order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to encompass non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to the particular steps or elements recited, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram of a communication network 15 according to an embodiment of the present disclosure. The communication network 15 comprises a trusted processing module node 10. The trusted processing module node 10 is configured to be communicatively coupled with a first untrusted device node 20 (AUSF), a second untrusted device node 30 (AMF), and a user equipment node 40 (UE). The trusted processing module node 10 is configured to derive a function by applying a first key to the metadata (SUPI) and the first key (K) seaf ) To generate a home context authentication vector (home environment authentication vector). The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node 10 is configured to send an authentication response to a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node 20 (AUSF) is configured as a second untrusted network from which it goes to the communication network 15The network device node 30 (AMF) sends an authentication response. The second untrusted network device node 30 (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device 30 (AMF) and the user equipment 40 (UE) are configured to be based on an authentication key (K AMF ) A two-way authentication is performed between the two.
An authentication server function (AUSF) may be used to facilitate security processing in the communication network 15. Core access and mobility management functions (AMFs) may be used for registration management, connection management, reachability management, mobility management, and various functions related to security and access management and authorization of user equipment node 40 (UE). User equipment node 40 (UE) may be any device that a user directly uses for communication. User equipment nodes 40 (UEs) may include, but are not limited to, hand-held telephones, notebook computers equipped with mobile broadband adapters. In the communication network 15, each user is assigned a globally unique user permanent identification (SUPI).
Examples of SUPI formats may include international mobile subscriber identity (international mobile subscriber identity, IMSI) and network access identity (network access identifier, NAI). During an authentication procedure between the user equipment node 40 (UE) and the home network of the user equipment node 40 (UE), the security anchor function (security anchor function, SEAF) acts as an intermediary in the communication network 15. Based on SEAF, authentication from the user equipment node 40 (UE) may be denied or accepted. "K seaf "refers to a key that may be generated using a secure anchor function.
The hash-based message authentication code (hash-based message authentication code, HMAC) may be a code for message authentication. HMAC may involve cryptographic hash functions and secret cryptographic keys (secret cryptographic ke).
User equipment node 40 (UE) is configured to communicate with communication network 15, communication network 15 being configured to transmit sensitive user data. The communication network 15 comprises a first non-trusted device node (AUSF, 20) and a second non-trusted device nodeDots (AMF, 30). The communication network 15 is coupled to the trusted processing module node 10. The trusted processing module node 10 is configured to derive a function by applying a first key to the metadata (SUPI) and the first key (K) seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node 10 is configured to send an authentication response to a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node 20 (AUSF) is configured to send an authentication response from it to the second untrusted network device node 30 (AMF) of the communication network 15. The second untrusted network device node 30 (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device node 30 (AMF) and the user equipment node 40 (UE) are configured to be based on an authentication key (K AMF ) A two-way authentication is performed between the two.
The first untrusted device node 20 (AUSF) is configured to communicate with the communication network 15, the communication network 15 being configured to transmit sensitive user data. The communication network 15 comprises a second untrusted device node 30 (AMF) and a user equipment node 40 (UE). The communication network 15 is coupled to the trusted processing module node 10. The trusted processing module node 10 is configured to derive a function by applying a first key to the metadata (SUPI) and the first key (K) seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node 10 is configured to send an authentication response to a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node 20 (AUSF) is configured to pass through from itThe second untrusted network device node 30 (AMF) of the communication network 15 sends an authentication response. The second untrusted network device node 30 (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device node 30 (AMF) and the user equipment node 40 (UE) are configured to be based on an authentication key (K AMF ) A two-way authentication is performed between the two.
The second untrusted device node 30 (AMF) is configured to communicate with the communication network 15, the communication network 15 being configured to transmit sensitive user data. The communication network 15 comprises a first untrusted device node 20 (AUSF) and a user equipment node 40 (UE). The communication network 15 is coupled to the trusted processing module node 10. The trusted processing module node 10 is configured to derive a function by applying a first key to the metadata (SUPI) and the first key (K) seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The trusted processing module node 10 is configured to send an authentication response to a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. The first untrusted network device node 20 (AUSF) is configured to send an authentication response from it to the second untrusted network device node 30 (AMF) of the communication network 15. The second untrusted network device node 30 (AMF) is configured to send an authentication request derived from the authentication response to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The second untrusted network device node 30 (AMF) and the user equipment 40 (UE) are configured to be based on an authentication key (K AMF ) A two-way authentication is performed between the two.
In one embodiment, the first non-trusted device node 20 (AUSF) is arranged to authenticate the server function and the second non-trusted device node 30 (AMF) is arranged to access and mobility management functions.
In one embodiment, the anonymous metadata (SUPI x) and the second key (K) are protected at the first untrusted device node 20 (AUSF) and the second untrusted device node 30 (AMF) 1 ) Is not eavesdropped. Anonymous metadata (SUPI) and a second key (K) may be protected by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
In one embodiment, at least a portion of the communication network 15 is arranged as a wireless communication network 15. The wireless communication network 15 may be arranged to conform to 5G network specifications.
Fig. 2 is an interactive diagram of method steps of operating a trusted processing module node 10 of a communication network 15 to provide confidentiality and anonymity of sensitive user data or metadata of a user of the communication network 15, according to embodiments of the present disclosure. At step 202, at the trusted processing module node 10, a first key derivation function is applied to the metadata (SUPI) and the first key (K seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). In step 204, an authentication response is sent by the trusted processing module node 10 to the first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. In step 206, an authentication response is sent from the first untrusted network device node 20 (AUSF) to the second untrusted network device node 30 (AMF) of the communication network 15. In step 208, an authentication request derived from the authentication response is sent from the second untrusted network device node 30 (AMF) to a user equipment node 40 (UE) connected to the communication network 15. At step 210, an authentication key (K) is calculated at the user equipment node 40 (UE) from the authentication request using a key derivation function (HMAC) AMF ). In step 212, based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node 30 (AMF) and the user equipment 40 (UE).
Fig. 3 is a schematic diagram of a fifth generation communication network 300 including a fifth generation core network 302 in communication with a user equipment node 310, according to an embodiment of the present disclosure. The fifth generation core network 302 includes a trusted network device node 304 communicatively coupled to an AUSF node 306 and an AMF node 308. The AMF module 308 is communicatively coupled with a user equipment node 310. The AUSF node 306 may also be a unified data management (unified data management, UDM) node or an authentication credential storage and processing function (authentication credential repository and processing function, ARPF) node according to the 5G standard.
The trusted network device node 304 includes an anonymous SUPI processing module 312, the anonymous SUPI processing module 312 generating a first key (K) by applying a first key derivation function to metadata (SUPI) and the first key (K) seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). The anonymous metadata and the second key may be derived as (K1, C) =f1 (K, m), where the first key is "K" and the metadata (SUPI) is "m". "K" and "m" are provided as inputs to a function "F1", which computes an anonymous value, metadata or anonymous metadata "C" and a second key "K1" as outputs.
The authentication response is generated at the trusted network device node 304 from the authentication response comprising the anonymous metadata (SUPI x) and the second key (K) 1 ) Is derived from the data of the home context authentication vector. An authentication response is sent from the trusted network device node 304 to the AUSF node 306 of the fifth generation core network 302. An authentication response is then sent from the AUSF node 306 to the AMF node 308. The authentication response is used to derive an authentication request sent from the AMF node 308 to the user equipment node 310. The user equipment node 310 uses a key derivation function (HMAC) to calculate an authentication key (K) from the authentication request AMF ). Authentication key derivation function F2[ K ] AMF =F2(K1,C)]Can be used to calculate an authentication key (K AMF ). F2 takes as input the K1 and C calculated by F1 and calculates an authentication key (K AMF )。(K AMF ) For performing a two-way authentication.
Based on an authentication key (K) AMF ) A two-way authentication is performed between the AMF node 308 and the user equipment node 310. Alternatively, the original key derivation function described in the 5G standard is usedAs a key derivation function.
Fig. 4 is a flowchart illustrating method steps for operating trusted processing module node 10 of communication network 15 in fig. 1, according to an embodiment of the present disclosure. The trusted processing module node 10 is configured to be communicatively coupled with a first untrusted device node 20 (AUSF), a second untrusted device node 30 (AMF), and a user equipment node 40 (UE). At step 402, at the trusted processing module node 10, a first key derivation function is applied to the metadata (SUPI) and the first key (K seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). At step 404, an authentication response is sent from the trusted processing module node 10 to a second untrusted network device node 30 (AMF) of the communication network 15 via a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
According to a first embodiment, the method for operating the trusted processing module node 10 of the communication network 15 further comprises sending an authentication request derived from the authentication response from the second untrusted network device node 30 (AMF) to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method for operating the trusted processing module node 10 of the communication network 15 comprises a step of generating a trusted processing module node (tmp) based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node 30 (AMF) and the user equipment node 40 (UE).
Fig. 5 is a flowchart illustrating method steps for operating a user equipment node 40 (UE) of the communication network 15 of fig. 1 in accordance with an embodiment of the present disclosure. The user equipment node 40 (UE) is configured to be communicatively coupled with a first untrusted device node 20 (AUSF), a second untrusted device node 30 (AMF), and a trusted processing module node 10. At step 502, an authentication request derived from an authentication response is received at a user equipment node 40 (UE) from a second untrusted network equipment node 30 (AMF). User equipment node 40 (UE) is configured to To calculate an authentication key (K) from an authentication request using a key derivation function (HMAC) AMF ). In step 504, based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node 30 (AMF) and the user equipment node 40 (UE).
According to a first embodiment, a method for operating a user equipment node 40 (UE) of a communication network 15 comprises at a trusted processing module node 10 of the communication network 15, by applying a first key derivation function to metadata (SUPI) and a first key (K seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). A method for operating a user equipment node 40 (UE) of a communication network 15 comprises sending an authentication response from a trusted processing module node 10 to a second untrusted network equipment node 30 (AMF) of the communication network 15 through a first untrusted equipment node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
Fig. 6 is a flowchart illustrating method steps for operating the first untrusted device node 20 (AUSF) of the communication network 15 of fig. 1, according to an embodiment of the present disclosure. The first untrusted network device node 20 (AUSF) is configured to communicatively couple with the second untrusted device node 30 (AMF), the user equipment node 40 (UE), and the trusted processing module node 10. At step 602, an authentication response is received from the trusted processing module node 10. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector. In step 604, an authentication response is sent to a second untrusted network device node 30 (AMF) of the communication network 15.
According to a first embodiment, the method for operating a first non-trusted device node 20 (AUSF) of a communication network 15 further comprises sending an authentication request derived from an authentication response from a second non-trusted network device node 30 (AMF) to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). The method for operating the first untrusted device node 20 (AUSF) of the communication network 15 comprises based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node 30 (AMF) and the user equipment node 40 (UE).
According to a second embodiment, the method for operating the first non-trusted device node 20 (AUSF) of the communication network 15 further comprises, at the trusted processing module node 10 of the communication network 15, by applying a first key derivation function to the metadata (SUPI) and the first key (K seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 )。
Fig. 7 is a flowchart illustrating method steps for operating a second untrusted device node 30 (AMF) of the communication network 15 of fig. 1, according to an embodiment of the present disclosure. The second non-trusted device node 30 (AMF) is configured to be communicatively coupled with the first non-trusted device node 20 (AUSF), the user equipment node 40 (UE), and the trusted processing module node 10. At step 702, an authentication response is received at the second untrusted network device node 30 (AMF) from the first untrusted network device node 20 (AUSF). In step 704, an authentication request derived from the authentication response is sent from the second untrusted network device node 30 (AMF) to a user equipment node 40 (UE) connected to the communication network 15. The user equipment node 40 (UE) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ). In step 706, a key (K) is authenticated based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node 30 (AMF) and the user equipment node 40 (UE).
According to a first embodiment, a method for operating a second non-trusted device node 30 (AMF) of a communication network 15 comprises, at a trusted processing module node 10 of the communication network 15, by applying a first key derivation function to metadata (SUPI) and a first key (K seaf ) To generate a home context authentication vector. The home environment authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ). Second non-trusted device node for operating communication network 15The method of the point 30 (AMF) comprises sending an authentication response from the trusted processing module node 10 to a first untrusted device node 20 (AUSF) of the communication network 15. The authentication response is derived from a key comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home context authentication vector.
In one embodiment, the first non-trusted device node 20 (AUSF) is arranged to authenticate the server function and the second non-trusted device node 30 (AMF) is arranged to access and mobility management functions.
In one embodiment, the anonymous metadata (SUPI x) and the second key (K) are protected at the first untrusted device node 20 (AUSF) and the second untrusted device node 30 (AMF) 1 ) Is not eavesdropped.
Anonymous metadata (SUPI) and a second key (K) may be protected by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
In one embodiment, at least a portion of the communication network 15 is arranged as a wireless communication network. The wireless communication network may be arranged to conform to a 5G network specification.
There is provided a computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform any one of the above methods or one or more steps of the above methods.
Authentication between a user equipment node 40 (UE) and a second untrusted network equipment node 30 (AMF) for accessing a 5G network comprises:
1. for each authentication_get request, the UDM/ARPF may create a 5G HE AV;
the udm/ARPF sends an authentication response [5g HE av, supi ] to the first untrusted network device node 20 (AUSF). And (3) injection: the method comprises SUPI plaintext and SUPI information leakage;
the udm/ARPF sends an authentication response [5g HE av, supi ] to the second untrusted network device node 30 (AMF). And (3) injection: the method comprises SUPI plaintext and SUPI information leakage;
4. the second untrusted network device node 30 (AMF) sending an authentication request to the user equipment node 40 (UE);
5. the second untrusted network equipment node 30 (AMF) and the user equipment node 40 (UE) use K seaf And (SUPI, metadata) derived key K AMF
K AMF =HMAC(K seaf ,SUPI||MateData);
6. The second untrusted network equipment node 30 (AMF) and the user equipment node 40 (UE) use the same K AMF A two-way authentication procedure is performed.
The anonymity of SUPI and Kseaf of the 5G core network includes:
1. for each authentication_get request, the trusted processing module node 10 for SUPI anonymity may create a 5G HE AV and calculate an anonymous SUPI: (K1, SUPI) =f1 (K) seaf ,SUPI||MateData);
2. The trusted processing module node 10 sends an authentication response [5g HE av, supi x ] to the first non-trusted device node 20 (AUSF) (UDM/ARPF/AUSF). And (3) injection: the method comprises SUPI and K1, and no information leakage exists;
udm/ARPF/AUSF sends an authentication response [5g HE av, supi ] to the second untrusted device node 30 (AMF). And (3) injection: the method comprises SUPI and K1, and no information leakage exists;
4. the second untrusted network device node 30 (AMF) sending an authentication request ();
5. user equipment node 40 (UE) uses K seaf And (SUPI, metadata) derive key KAMF:
K AMF =HMAC(K seaf SUPI MateData; AMF derives the same key K using K1 and SUPI AMF :K AMF =F2(K1,SUPI*);
6. The second untrusted device node 30 (AMF) and the user equipment node 40 (UE) use the same K AMF A two-way authentication procedure is performed.
In one embodiment, functions F1 and F2 are implemented as follows:
f: a hash-based HMAC;
F1:HASH((K' seaf XOR ipad IV M), where M: SUPI Metadata; if K seaf Greater than haThe length of the block is K' seaf =HASH(K seaf ) The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, K' seaf =K seaf
F2:HASH((K' seaf XOR opad IV) M, wherein M: the output of F1; if K seaf Greater than Ha Xikuai length, K' seaf =HASH(K seaf ) The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, K' seaf =K seaf
Although the present invention and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (40)

1. A method for operating a trusted processing module node (10) of a communication network (15), wherein the trusted processing module node (10) is configured to be communicatively coupled with a first untrusted device node (AUSF, 20), a second untrusted device node (AMF, 30) and a user equipment node (UE, 40), wherein the method comprises:
(a) At the trusted processing module node (10), by applying a first key derivation function to metadata (SUPI) and a first key (K) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ) The method comprises the steps of carrying out a first treatment on the surface of the And
(b) -sending an authentication response from the trusted processing module node (10) to the second untrusted network device node (AMF, 30) of the communication network (15) through the first untrusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is from a group comprising the anonymity metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home context authentication vector.
2. The method of claim 1, wherein the method further comprises:
(c) From the second untrusted network device node (AMF, 30) to the communication network (15)A user equipment node (UE, 40) sending an authentication request derived from the authentication response, wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And
(d) Based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node (AMF, 30) and the user equipment node (UE, 40).
3. A method for operating a user equipment node (UE, 40) of a communication network (15), wherein the user equipment node (UE, 40) is configured to be communicatively coupled with a first non-trusted device node (AUSF, 20), a second non-trusted device node (AMF, 30) and a trusted processing module node (10), wherein the method comprises:
(a) Receiving, at the user equipment node (UE, 40), an authentication request derived from an authentication response from the second untrusted network equipment node (AMF, 30), wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And
(b) Based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node (AMF, 30) and the user equipment node (UE, 40).
4. A method according to claim 3, wherein the method further comprises:
(c) At the trusted processing module node (10) of the communication network (15), by applying a first key derivation function to metadata (SUPI) and a first key (K) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 );
(d) -from the trusted processing module node (10) to the second untrusted network device of the communication network (15) by means of the first untrusted device node (AUSF, 20) of the communication network (15)The node (AMF, 30) sends an authentication response, wherein the authentication response is derived from a set of data comprising the anonymous metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home context authentication vector.
5. A method according to any of claims 1 to 4, wherein the method comprises arranging the trusted processing module node (10) to communicate wirelessly with at least a part of the communication network.
6. A method according to claim 5, wherein the method comprises arranging the trusted processing module node (10) to comply with a 5G network specification for wireless communication.
7. A computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method according to any of claims 1 to 6.
8. A method for operating a first non-trusted device node (AUSF, 20) of a communication network (15), wherein the first non-trusted device node (AUSF, 20) is configured to be communicatively coupled with a second non-trusted device node (AMF, 30), a user equipment node (UE, 40) and a trusted processing module node (10), wherein the method comprises:
(a) Receiving an authentication response from the trusted processing module node (10), wherein the authentication response is derived from a data set comprising anonymous metadata (SUPI x) and a second key (K 1 ) Is derived from the data of the home environment authentication vector; and
(b) -sending the authentication response to the second untrusted network device node (AMF, 20) of the communication network (15).
9. The method of claim 8, wherein the method further comprises:
(c) From the slaveThe second untrusted network device node (AMF, 30) sending an authentication request derived from the authentication response to the user equipment node (UE, 40) connected to the communication network, wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And
(d) Based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node (AMF, 30) and the user equipment node (UE, 40).
10. The method of claim 8 or 9, wherein the method further comprises:
(e) At the trusted processing module node of the communication network, by applying a first key derivation function to metadata (SUPI) and a first key (K seaf ) Generating the home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 )。
11. The method of claim 8, 9 or 10, wherein the method comprises arranging the first untrusted device node (AUSF) as an authentication server function.
12. The method according to any of claims 8 to 11, wherein the method comprises protecting the anonymous metadata (SUPI x) and the second key (K 1 ) Is not eavesdropped at the first untrusted network device node (AUSF).
13. A method according to claim 12, wherein the method comprises protecting the anonymous metadata (SUPI x) and the second key (K) by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
14. The method of any of claims 8 to 13, wherein the method comprises arranging the first untrusted device node (AUSF, 20) to communicate wirelessly with at least a part of the communication network.
15. The method of claim 14, wherein the method comprises arranging the first untrusted device node (AUSF, 20) to comply with a 5G network specification for wireless communication.
16. A computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method according to any of claims 8 to 15.
17. A method for operating a second non-trusted device node (AMF, 30) of a communication network (15), wherein the second non-trusted device node (AMF, 30) is configured to be communicatively coupled with a first non-trusted device node (AUSF, 20), a user equipment node (UE, 40) and a trusted processing module node (10), wherein the method comprises:
(a) -the second untrusted network device node (AMF, 30) receiving an authentication response from the first untrusted network device node (AUSF, 20);
(b) Transmitting an authentication request derived from the authentication response from the second untrusted network device node (AMF, 30) to the user equipment node (UE, 40) connected to the communication network (15), wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And
(c) Based on the authentication key (K AMF ) A two-way authentication is performed between the second untrusted network device node (AMF, 30) and the user equipment node (UE, 40).
18. The method of claim 17, wherein the method further comprises:
(d) At the position ofAt the trusted processing module node (10) of the communication network (15), by applying a first key derivation function to metadata (SUPI) and a first key (K) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 ) The method comprises the steps of carrying out a first treatment on the surface of the And
(e) -sending an authentication response from the trusted processing module node (10) to the first non-trusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is from a group comprising the anonymous metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home context authentication vector.
19. The method according to claim 17 or 18, wherein the method further comprises arranging the second untrusted device node (AMF) into an access and mobility management function.
20. The method according to any of the claims 17 to 19, wherein the method comprises protecting the anonymous metadata (SUPI x) and the second key (K 1 ) Is not eavesdropped at the second untrusted device node (AMF).
21. A method according to claim 20, wherein the method comprises protecting the anonymous metadata (SUPI x) and the second key (K) by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
22. A method according to any of claims 17 to 21, wherein the method comprises arranging the second untrusted device node (AMF, 30) to communicate wirelessly with at least a part of the communication network.
23. A method according to claim 22, wherein the method comprises arranging the second untrusted device node (AMF, 30) to comply with a 5G network specification for wireless communication.
24. A computer program product comprising a non-transitory computer readable storage medium having stored thereon computer readable instructions executable by a computerized device comprising processing hardware to perform the method of any of claims 17 to 23.
25. A trusted processing module node (10) configured to communicate with a communication network (15), the communication network (15) being configured to transmit sensitive user data, wherein the communication network (15) comprises a first untrusted device node (AUSF, 20) and a second untrusted device node (AMF, 30), and wherein the communication network (15) is coupled to the trusted processing module node (10) and to a user equipment node (UE, 40), characterized in that:
(a) The trusted processing module node (10) is configured to determine a first key (K) by applying a first key derivation function to metadata (SUPI) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 );
(b) The trusted processing module node (10) is configured to send an authentication response to the first untrusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is derived from a set of data comprising the anonymity metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home environment authentication vector;
(c) -the first untrusted network device node (AUSF, 20) is configured to send the authentication response from it to the second untrusted network device node (AMF, 30) of the communication network (15);
(d) The second untrusted network device node (AMF, 30) is configured to send an authentication request derived from the authentication response to the user equipment node (UE, 40) connected to the communication network (15), wherein the user equipment node (UE, 40) is configured to use a secretA key derivation function (HMAC) calculates an authentication key (K) from the authentication request AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And is also provided with
(e) The second untrusted network device (AMF, 30) and the user equipment (UE, 40) are configured to be based on the authentication key (K AMF ) A two-way authentication is performed between the two.
26. The trusted processing module node (10) according to claim 25, wherein said trusted processing module node (10) is configured to communicate wirelessly with at least a part of said communication network (15).
27. The trusted processing module node (10) of claim 26, wherein said trusted processing module node (10) is configured to conform to a 5G network specification.
28. A user equipment node (UE, 40) configured to communicate with a communication network (15), the communication network (15) being configured to transmit sensitive user data, wherein the communication network (15) comprises a first untrusted device node (AUSF, 20) and a second untrusted device node (AMF, 30), and wherein the communication network (15) is coupled to a trusted processing module node (10), characterized in that:
(a) The trusted processing module node (10) is configured to determine a first key (K) by applying a first key derivation function to metadata (SUPI) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 );
(b) The trusted processing module node (10) is configured to send an authentication response to the first untrusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is derived from a set of data comprising the anonymity metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home environment authentication vector;
(c) -the first untrusted network device node (AUSF, 20) is configured to send an authentication response therefrom to the second untrusted network device node (AMF, 30) of the communication network (15);
(d) The second untrusted network device node (AMF, 30) being configured to send an authentication request derived from the authentication response to the user equipment node (UE, 40) connected to the communication network (15), wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And is also provided with
(e) The second untrusted network device (AMF, 30) and the user equipment (UE, 40) are configured to be based on the authentication key (K AMF ) A two-way authentication is performed between the two.
29. A first non-trusted device node (AUSF, 20) configured to communicate with a communication network (15), the communication network (15) being configured to transmit sensitive user data, wherein the communication network (15) comprises a second non-trusted device node (AMF, 30) and a user equipment node (UE, 40), and wherein the communication network (15) is coupled to a trusted processing module node (10), characterized in that:
(a) The trusted processing module node (10) is configured to determine a first key (K) by applying a first key derivation function to metadata (SUPI) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 );
(b) The trusted processing module node (10) is configured to send an authentication response to the first untrusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is derived from a set of data comprising the anonymity metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home environment authentication vector;
(c) -the first untrusted network device node (AUSF, 20) is configured to send an authentication response therefrom to the second untrusted network device node (AMF, 30) of the communication network (15);
(d) The second untrusted network device node (AMF, 30) is configured to be connected to-the user equipment node (UE, 40) connected to the communication network (15) sending an authentication request derived from the authentication response, wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And is also provided with
(e) The second untrusted network equipment node (AMF, 30) and the user equipment node (UE, 40) are configured to be based on the authentication key (K AMF ) A two-way authentication is performed between the two.
30. The first non-trusted device node (AUSF, 20) as claimed in claim 29, wherein said first non-trusted device node (AUSF, 20) is arranged to authenticate a server function.
31. The first untrusted device node (AUSF, 20) according to claim 29 or 30, wherein the anonymous metadata (SUPI x) and the second key (K 1 ) Is not eavesdropped at the first untrusted device node (AUSF, 20).
32. The first untrusted device node (AUSF, 20) according to claim 31, wherein the anonymous metadata (SUPI x) and the second key (K) are protected by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
33. The first untrusted device node (AUSF, 20) according to any of claims 29 to 32, wherein the first untrusted device node (AUSF, 20) is configured to communicate wirelessly with at least a part of the communication network (15).
34. The first untrusted device node (AUSF, 20) according to claim 33, wherein the first untrusted device node (AUSF, 20) is arranged to comply with a 5G network specification.
35. A second non-trusted device node (AMF, 30) configured for communication with a communication network (15), the communication network (15) being configured for transmitting sensitive user data, wherein the communication network (15) comprises a first non-trusted device node (AUSF, 20) and a user equipment node (UE, 40), and wherein the communication network (15) is coupled to a trusted processing module node (10), characterized in that:
(a) The trusted processing module node (10) is configured to determine a first key (K) by applying a first key derivation function to metadata (SUPI) seaf ) Generating a home context authentication vector, wherein the home context authentication vector comprises anonymous metadata (SUPI x) derived from the metadata (SUPI), and further comprises a second key (K 1 );
(b) The trusted processing module node (10) is configured to send an authentication response to the first untrusted device node (AUSF, 20) of the communication network (15), wherein the authentication response is derived from a set of data comprising the anonymity metadata (SUPI x) and the second key (K 1 ) Is derived from the data of the home environment authentication vector;
(c) -the first untrusted network device node (AUSF, 20) is configured to send the authentication response from it to the second untrusted network device node (AMF, 30) of the communication network (15);
(d) The second untrusted network device node (AMF, 30) being configured to send an authentication request derived from the authentication response to the user equipment node (UE, 40) connected to the communication network (15), wherein the user equipment node (UE, 40) is configured to calculate an authentication key (K) from the authentication request using a key derivation function (HMAC) AMF ) The method comprises the steps of carrying out a first treatment on the surface of the And is also provided with
(e) The second untrusted network device (AMF, 30) and the user equipment (UE, 40) are configured to be based on the authentication key (K AMF ) A two-way authentication is performed between the two.
36. The second non-trusted device node (AMF, 30) according to claim 35, wherein said second non-trusted device node (AMF, 30) is arranged for access and mobility management functions.
37. The second untrusted device node (AMF, 30) according to claim 35 or 36, wherein the anonymous metadata (SUPI x) and the second key (K 1 ) Is not eavesdropped at the second untrusted device node (AMF, 30).
38. The second untrusted device node (AMF, 30) according to claim 37, wherein the anonymous metadata (SUPI x) and the second key (K) are protected by a cryptographic hash function for a probabilistic polynomial time graph (PPT) 1 ) Is not eavesdropped.
39. The second non-trusted device node (AMF, 30) according to claim 35 to 38, wherein said second non-trusted device node (AMF, 30) is configured to communicate wirelessly with at least a part of said communication network (15).
40. The second non-trusted device node (AMF, 30) as claimed in claim 39, wherein said second non-trusted device node (AMF, 30) is configured to comply with a 5G network specification.
CN202080105415.9A 2020-10-02 2020-10-02 Protection of sensitive user data in a communication network Pending CN116325656A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2020/077614 WO2022069056A1 (en) 2020-10-02 2020-10-02 Protection of sensitive user data in communication networks

Publications (1)

Publication Number Publication Date
CN116325656A true CN116325656A (en) 2023-06-23

Family

ID=72811803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080105415.9A Pending CN116325656A (en) 2020-10-02 2020-10-02 Protection of sensitive user data in a communication network

Country Status (2)

Country Link
CN (1) CN116325656A (en)
WO (1) WO2022069056A1 (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9998449B2 (en) * 2014-09-26 2018-06-12 Qualcomm Incorporated On-demand serving network authentication
EP3213488A1 (en) * 2014-10-31 2017-09-06 Convida Wireless, LLC End-to-end service layer authentication
JP2018507646A (en) * 2015-02-27 2018-03-15 テレフオンアクチーボラゲット エルエム エリクソン(パブル) Security configuration for communication between communication devices and network devices
US10666642B2 (en) * 2016-02-26 2020-05-26 Ca, Inc. System and method for service assisted mobile pairing of password-less computer login
CN116847342A (en) * 2017-09-27 2023-10-03 日本电气株式会社 Communication terminal and method of communication terminal
CN108234501B (en) * 2018-01-11 2020-12-11 北京中电普华信息技术有限公司 Quantum key fusion-based virtual power plant secure communication method
CN113228721B (en) * 2018-12-29 2022-08-26 华为技术有限公司 Communication method and related product
EP3684088A1 (en) * 2019-01-18 2020-07-22 Thales Dis France SA A method for authentication a secure element cooperating with a mobile equipment within a terminal in a telecommunication network

Also Published As

Publication number Publication date
WO2022069056A1 (en) 2022-04-07

Similar Documents

Publication Publication Date Title
CN110971415B (en) Space-ground integrated space information network anonymous access authentication method and system
US8059818B2 (en) Accessing protected data on network storage from multiple devices
KR100961087B1 (en) Context limited shared secret
KR100979576B1 (en) Methods for remotely changing a communications password
Xu et al. An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
AU2003202511A1 (en) Methods for authenticating potential members invited to join a group
Alshahrani et al. Anonymous mutual IoT interdevice authentication and key agreement scheme based on the ZigBee technique
CN109347626B (en) Safety identity authentication method with anti-tracking characteristic
Noh et al. Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks
WO2020087286A1 (en) Key generation method, device, and system
Hu et al. Gatekeeper: A gateway-based broadcast authentication protocol for the in-vehicle Ethernet
Keleman et al. Secure firmware update in embedded systems
CN109246124B (en) Active defense method for encrypted information
Baskaran et al. Blind key distribution mechanism to secure wireless metropolitan area network
JP7404540B2 (en) Privacy information transmission methods, devices, computer equipment and computer readable media
CN116325656A (en) Protection of sensitive user data in a communication network
Sadikin et al. Efficient key management system for large-scale smart RFID applications
CN114222296B (en) Security access method and system for wireless network
Sadikin et al. Light-weight Key Management Scheme for Active RFID Applications
KR100842014B1 (en) Accessing protected data on network storage from multiple devices
Juang et al. Robust and efficient authenticated key agreement in mobile communications
Patalbansi Secure Authentication and Security System for Mobile Devices in Mobile Cloud Computing
Ahmed et al. End-to-end security for connected vehicles
Rogobete et al. Improved authentication method in embedded networks systems. An autonomous vehicle approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination