没有合适的资源?快使用搜索试试~ 我知道了~
首页LTE-Security(加密保护算法).doc
LTE-Security(加密保护算法).doc
需积分: 36 18 下载量 55 浏览量
更新于2023-03-16
评论
收藏 3.98MB DOC 举报
本文档对LTE安全技术进行的总结,描述了与安全相关的协议,重点包括:安全流程梳理. 包括4G/ 5G加密
资源详情
资源评论
资源推荐
LTE 安全功能
1
目 录
LTE 安全功能...........................................................................................................................................................................1
3 概述........................................................................................................................................................................................4
1.1 参考文献.........................................................................................................................................................................4
1.2 术语.................................................................................................................................................................................4
4 加密和完整性保护算法........................................................................................................................................................6
1.3 完整性保护.....................................................................................................................................................................6
1.4 加密.................................................................................................................................................................................7
1.5 加密和完整性保护的关系.............................................................................................................................................9
5 算法......................................................................................................................................................................................10
1.6 算法介绍.......................................................................................................................................................................10
5..1 EEA0、EIA0 (NULL Algorithm)...........................................................................................................................10
5..2 128-EEA1................................................................................................................................................................10
5..3 128-EEA2................................................................................................................................................................15
5..4 128-EIA1.................................................................................................................................................................17
5..5 128-EIA2.................................................................................................................................................................22
5..6 EIA3、EEA3(ZUC)...........................................................................................................................................28
1.7 算法选择.......................................................................................................................................................................36
5..7 初始安全上下文建立过程.....................................................................................................................................36
5..8 X2 切换过程中算法选择.......................................................................................................................................36
5..9 S1 切换过程中的算法选择....................................................................................................................................37
6 密钥的生成和更新..............................................................................................................................................................37
1.8 HMAC-SHA256()算法.................................................................................................................................................37
6..1 输入输出.................................................................................................................................................................37
6..2 HMAC 过程............................................................................................................................................................38
6..3 SHA-256 算法.........................................................................................................................................................40
1.9 密钥层次.......................................................................................................................................................................43
1.10 接入层的密钥生成.....................................................................................................................................................45
1.11 接入层的密钥处理机制:.........................................................................................................................................48
7 ENB 影响分析.....................................................................................................................................................................50
1.12 流程分析.....................................................................................................................................................................50
7..1 初始业务接入.........................................................................................................................................................50
7..2 X2 切换...................................................................................................................................................................52
7..3 eNB 内切换.............................................................................................................................................................53
7..4 S1 切换....................................................................................................................................................................54
7..5 RRC 重建................................................................................................................................................................54
7..6 UE 能力改变...........................................................................................................................................................63
7..7 安全密钥更新.........................................................................................................................................................64
2
7..8 E-UTRANUTRAN/GERAN 的切换...................................................................................................................65
7..9 UTRAN/GERANE-UTRAN 的切换...................................................................................................................66
7..10 PDCP 计数器回卷................................................................................................................................................67
5.1 性能分析.......................................................................................................................................................................67
7..11 UP..........................................................................................................................................................................67
8 相关协议参数......................................................................................................................................................................69
5.2 TS36.331........................................................................................................................................................................69
8..1 RRCConnectionReconfiguration.............................................................................................................................69
8..2 RRCConnectionReestablishmentRequest...............................................................................................................71
8..3 RRCConnectionReestablishment............................................................................................................................73
8..4 SecurityModeCommand..........................................................................................................................................73
8..5 HandoverPreparationInformation............................................................................................................................74
8..6 MobilityFromEUTRACommand message..............................................................................................................76
6.1 TS36.413........................................................................................................................................................................78
8..7 INITIAL CONTEXT SETUP REQUEST...............................................................................................................78
10..1 UE CONTEXT MODIFICATION REQUEST.....................................................................................................79
10..2 PATH SWITCH REQUEST ACKNOWLEDGE..................................................................................................80
11..1 HANDOVER REQUEST......................................................................................................................................81
12..1 HANDOVER COMMAND..................................................................................................................................82
6.2 TS36.423........................................................................................................................................................................83
13..1 HANDOVER REQUEST......................................................................................................................................83
6.3 TS36.323........................................................................................................................................................................85
15..1 PDCP SN...............................................................................................................................................................85
15..2 Data........................................................................................................................................................................85
15..3 MAC-I...................................................................................................................................................................85
15..4 COUNT.................................................................................................................................................................85
16 汇总....................................................................................................................................................................................85
6.4 流程...............................................................................................................................................................................87
6.5 ENB 间切换(S1/X2).................................................................................................................................................87
6.6 RRC 重建流程...............................................................................................................................................................87
6.7 小区内切换...................................................................................................................................................................92
6.8 PDCP 回卷流程.............................................................................................................................................................93
6.9 UE 上下文修改.............................................................................................................................................................93
17 问题....................................................................................................................................................................................93
18 附录 ZUC 相关资料..........................................................................................................................................................94
6.10 ZUC 算法研制中心提供的性能数据.........................................................................................................................94
6.11 ZUC IP 核的设计与实现............................................................................................................................................95
6.12 CLP-411: ZUC 后备(LOOK ASIDE) 密码核..........................................................................................................97
6.13 性能优化.....................................................................................................................................................................98
18..1 DSP 支持 ZUC......................................................................................................................................................98
3
3 概述
本文档对 LTE 安全技术进行的总结,描述了与安全相关的协议,重点包括:安全流程梳理。
1.1 参考文献
[1] 3GPPTS33.401:"3GPP System Architecture Evolution (SAE); Security architecture".
[2] 3GPP 36.331 Radio Resource Control (RRC); Protocol speci+cation
[3] 3GPP 36.413 S1 application protocol (S1AP)
[4] 3GPP 36.423 X2 application protocol (X2AP)
[5] 3GPP TS36.323: "Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data
Convergence Protocol (PDCP) Speci+cation".
1.2 术语
AES Advanced Encryption Standard
CK Cipher Key
IK Integrity Key
EARFCN-DL E-UTRA Absolute Radio Frequency Channel Number-Down Link
EEA EPS Encryption Algorithm
EIA EPS Integrity Algorithm
eKSI Key Set Identifier in E-UTRAN (E-UTRAN 的密钥组标识)
KDF Key Derivation Function(密钥获取功能)
KSI Key Set Identifier
MAC-I Message Authentication Code for Integrity ( TS36.323 )
NCC Next hop Chaining Counter
NH Next Hop
SMC Security Mode Command
SQN Sequence Number
HFN Hyper Frame Number
LSM Limited Service Mode(受限服务模式)
COUNT:包括上行下行两个变量。
4
Chaining of K
eNB
:
从一个 K
eNB
生成另一个 K
eNB
(如切换过程中,根据生成源小区 K
eNB
生成目标小区 K
eNB
)
eKSI:
eKSI 是 K
ASME
的一个指示,由 MME 进行分配,作用是在 UE 和 MME 中指示一个通过 EPS AKA 过程产
生的 Native K
ASME
,可以进行 K
ASME
的重新启用。eKSI 为 4bit,最高位指示 eKSI 值是 K
ASME
还是 K
SGSN
,剩余
的三位填写 KSI 值。在从 UE 发送给 MME 的消息中,如果 eKSI 值为全 1,表示没有可用的 eKSI。
Mapped security context:
跨系统移动,由源系统的安全上下文,映射获得的安全上下文。比如在 UTRAN 到 E-UTRAN 的切换过
程中,通过 UTRAN 的安全上下文获取 E-UTRAN 的安全上下文。
Refresh of KeNB:
K
ASME
不变情况下的 K
eNB
更新。
通 过 小 区 内 切 换 过 程 , 实 现 的 K
eNB
参 数 变 化 。 如 在 PATH SWITCH 后 目 标 eNB 根 据 MME 提 供
的 NH/NCC 对,发起小区内切换,通知 UE 采用最新的 NCC 进行 K
eNB
计算,实现 K
eNB
参数的变化。
PDCP COUNTs 越界时,需要对 K
eNB
, K
RRC-enc
, K
RRC-int
, and K
UP-en
进行 Key refresh。
Re-keying of KeNB:
通过新的 K
ASME
获取新 K
eNB
。K
eNB
, K
RRC-enc
, K
RRC-int
, and K
UP-enc
可以进行 Re-keying,由 MME 发起,通常在
NAS 安全交互后发生。
UE security capabilities:
UE 支持的 EPS AS 和 NAS 的完整性保护和加密算法,以及 UE 支持的 UTRAN 和 GERAN 的加密算法和完整
性保护算法。
UE EPS security capabilities:
UE 支持的 EPS 系统的加密算法和完整性保护算法。
NAS COUNT:
包括上下行两个变量。UE 和 MME 分别保存。在 UE 侧 NAS COUNT 都保存在 USIM 中或者 UE 的非易失性
存储设备中。
NAS COUNT = NAS overflow Counter(16 位) || NAS SN(8 位)。 NAS SN 是在 NAS 信令交互过程中,
NAS 头中包含的 Sequence Number IE。
5
剩余63页未读,继续阅读
Funny_Dragon
- 粉丝: 2
- 资源: 23
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- stc12c5a60s2 例程
- Android通过全局变量传递数据
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0