LTE安全功能
1
目 录
1
概述 ................................................................................................................................................................................. 4 1.1 1.2 2
参考文献 ................................................................................................................................................................ 4 术语 ........................................................................................................................................................................ 4
加密和完整性保护算法 .................................................................................................................................................. 6 2.1 2.2 2.3
完整性保护 ............................................................................................................................................................ 6 加密 ........................................................................................................................................................................ 7 加密和完整性保护的关系 .................................................................................................................................... 9
3 算法 ................................................................................................................................................................................. 9 3.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.2 3.2.1 3.2.2 3.2.3
算法介绍 ................................................................................................................................................................ 9 EEA0、EIA0 (NULL Algorithm) ...................................................................................................................... 9 128-EEA1 ......................................................................................................................................................... 10 128-EEA2 ......................................................................................................................................................... 15 128-EIA1 .......................................................................................................................................................... 17 128-EIA2 .......................................................................................................................................................... 23 EIA3、EEA3(ZUC) .................................................................................................................................... 29 算法选择 .............................................................................................................................................................. 38 初始安全上下文建立过程: .......................................................................................................................... 38 X2切换过程中算法选择: ............................................................................................................................ 38 S1切换过程中的算法选择: ......................................................................................................................... 38
4 密钥的生成和更新 ........................................................................................................................................................ 38 4.1 4.1.1 4.1.2 4.1.3 4.2 4.3 4.4
HMAC-SHA256()算法 ..................................................................................................................................... 38 输入输出 .......................................................................................................................................................... 38 HMAC过程 ..................................................................................................................................................... 40 SHA-256算法 .................................................................................................................................................. 41 密钥层次 .............................................................................................................................................................. 44 接入层的密钥生成 .............................................................................................................................................. 46 接入层的密钥处理机制:................................................................................................................................... 49
5 ENB影响分析 .............................................................................................................................................................. 51 5.1 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.5 5.1.6 5.1.7 5.1.8
流程分析 .............................................................................................................................................................. 51 初始业务接入 .................................................................................................................................................. 51 X2切换 ............................................................................................................................................................ 52 eNB内切换 ...................................................................................................................................................... 53 S1切换 ............................................................................................................................................................. 54 RRC重建 ......................................................................................................................................................... 54 UE能力改变 .................................................................................................................................................... 62 安全密钥更新 .................................................................................................................................................. 63 E-UTRAN?UTRAN/GERAN的切换 ........................................................................................................... 64 UTRAN/GERAN?E-UTRAN的切换 ........................................................................................................... 65
2
5.1.9 5.2 5.2.5 6
PDCP计数器回卷 ........................................................................................................................................... 66 性能分析 .............................................................................................................................................................. 66 UP ..................................................................................................................................................................... 66
相关协议参数................................................................................................................................................................ 68 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.4 6.4.1 6.4.2 6.4.3 6.4.4
TS36.331............................................................................................................................................................ 68 RRCConnectionReconfiguration ...................................................................................................................... 68 RRCConnectionReestablishmentRequest ......................................................................................................... 70 RRCConnectionReestablishment ..................................................................................................................... 71 SecurityModeCommand ................................................................................................................................... 72 HandoverPreparationInformation ..................................................................................................................... 72 MobilityFromEUTRACommand message ....................................................................................................... 74 TS36.413............................................................................................................................................................ 77 INITIAL CONTEXT SETUP REQUEST ........................................................................................................ 77 UE CONTEXT MODIFICATION REQUEST ................................................................................................. 79 PATH SWITCH REQUEST ACKNOWLEDGE .............................................................................................. 79 HANDOVER REQUEST ................................................................................................................................. 80 HANDOVER COMMAND ............................................................................................................................. 82 TS36.423............................................................................................................................................................ 83 HANDOVER REQUEST ................................................................................................................................. 83 TS36.323............................................................................................................................................................ 85 PDCP SN .......................................................................................................................................................... 85 Data .................................................................................................................................................................. 85 MAC-I .............................................................................................................................................................. 85 COUNT ............................................................................................................................................................ 85
7 汇总 ............................................................................................................................................................................... 86 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6 7.2 7.2.1
流程 ...................................................................................................................................................................... 87 SMC流程......................................................................................................................... 错误!未定义书签。 eNB间切换(S1切换、X2切换) ............................................................................................................... 87 RRC重建流程 ................................................................................................................................................. 87 小区内切换 ...................................................................................................................................................... 92 PDCP回卷流程 ............................................................................................................................................... 93 UE上下文修改 ................................................................................................................................................ 93 性能优化 .............................................................................................................................................................. 97 DSP支持ZUC ................................................................................................................................................. 98
8 9
问题 ............................................................................................................................................................................... 93 附录 ZUC相关资料 .................................................................................................................................................... 94 9.1 9.2 9.3
ZUC算法研制中心提供的性能数据 ................................................................................................................. 94 ZUC IP核的设计与实现 ..................................................................................................................................... 94 CLP-411: ZUC 后备(LOOK ASIDE) 密码核 .................................................................................................. 96
3
1 概述
本文档对LTE安全技术进行的总结,描述了与安全相关的协议,重点包括:安全流程梳理。
1.1 参考文献
[1] 3GPP TS 33.401:\[2] 3GPP 36.331 Radio Resource Control (RRC); Protocol specification [3] 3GPP 36.413 S1 application protocol (S1AP) [4] 3GPP 36.423 X2 application protocol (X2AP)
[5] 3GPP TS 36.323: \
Convergence Protocol (PDCP) Specification\
1.2 术语
AES CK IK
EARFCN-DL EEA EIA eKSI KDF KSI MAC-I NCC NH SMC SQN HFN LSM
Advanced Encryption Standard Cipher Key Integrity Key
E-UTRA Absolute Radio Frequency Channel Number-Down Link EPS Encryption Algorithm EPS Integrity Algorithm
Key Set Identifier in E-UTRAN (E-UTRAN的密钥组标识) Key Derivation Function(密钥获取功能) Key Set Identifier
Message Authentication Code for Integrity ( TS36.323 ) Next hop Chaining Counter Next Hop
Security Mode Command Sequence Number Hyper Frame Number
Limited Service Mode(受限服务模式)
? COUNT:包括上行下行两个变量。
HFNPDCP SN
? Chaining of KeNB:
从一个KeNB生成另一个KeNB(如切换过程中,根据生成源小区KeNB生成目标小区KeNB)
4
? eKSI:
eKSI是KASME的一个指示,由MME进行分配,作用是在UE和MME中指示一个通过EPS AKA过程产生的Native KASME,可以进行KASME的重新启用。eKSI为4bit,最高位指示eKSI值是KASME还是KSGSN,剩余的三位填写KSI值。在从UE发送给MME的消息中,如果eKSI值为全1,表示没有可用的eKSI。
? Mapped security context:
跨系统移动,由源系统的安全上下文,映射获得的安全上下文。比如在UTRAN到E-UTRAN的切换过程中,通过UTRAN的安全上下文获取E-UTRAN的安全上下文。
? Refresh of KeNB:
KASME不变情况下的KeNB更新。
通过小区内切换过程,实现的KeNB参数变化。如在PATH SWITCH后目标eNB根据MME提供的NH/NCC对,发起小区内切换,通知UE采用最新的NCC进行KeNB计算,实现KeNB参数的变化。
PDCP COUNTs越界时,需要对KeNB, KRRC-enc, KRRC-int, and KUP-en进行Key refresh。 ? Re-keying of KeNB:
通过新的KASME获取新KeNB。KeNB, KRRC-enc, KRRC-int, and KUP-enc可以进行Re-keying,由MME发起,通常在NAS安全交互后发生。
? UE security capabilities:
UE支持的EPS AS和NAS的完整性保护和加密算法,以及UE支持的UTRAN和GERAN的加密算法和完整性保护算法。
? UE EPS security capabilities:
UE支持的EPS系统的加密算法和完整性保护算法。
? NAS COUNT:
包括上下行两个变量。UE和MME分别保存。在UE侧NAS COUNT都保存在USIM中或者UE的非易失性存储设备中。
NAS COUNT = NAS overflow Counter(16位) || NAS SN(8位)。NAS SN是在NAS信令交互过程中,NAS头中包含的Sequence Number IE。
5