[go: up one dir, main page]

CN100499899C - Playback attack prevention method - Google Patents

Playback attack prevention method Download PDF

Info

Publication number
CN100499899C
CN100499899C CNB2005101232524A CN200510123252A CN100499899C CN 100499899 C CN100499899 C CN 100499899C CN B2005101232524 A CNB2005101232524 A CN B2005101232524A CN 200510123252 A CN200510123252 A CN 200510123252A CN 100499899 C CN100499899 C CN 100499899C
Authority
CN
China
Prior art keywords
sequence number
base station
authentication
mobile station
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB2005101232524A
Other languages
Chinese (zh)
Other versions
CN1968494A (en
Inventor
李永茂
肖正飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XFusion Digital Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005101232524A priority Critical patent/CN100499899C/en
Publication of CN1968494A publication Critical patent/CN1968494A/en
Application granted granted Critical
Publication of CN100499899C publication Critical patent/CN100499899C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种防止重放攻击的方法,该方法包括:A、移动台切换到目标基站后,移动台和认证装置都重新生成AK,并更新AK序列号;B、认证装置将生成的AK和更新后的AK序列号发送给所述目标基站;C、移动台与目标基站交互的消息中携带所述更新后的AK序列号。本发明中通过在一次认证周期内的切换过程中移动台和认证装置更新AK序列号,并在移动台与目标基站的通信过程中,在消息中携带更新后的AK序列号,因此,在一次认证周期内,即使移动台多次与相同的基站建立连接,也不会出现序列号都相同的消息,从而在保证正常通信的情况下防止了重放攻击。

Figure 200510123252

The invention discloses a method for preventing replay attacks, the method comprising: A, after the mobile station switches to the target base station, both the mobile station and the authentication device regenerate the AK, and update the AK serial number; B, the authentication device generates the The AK and the updated AK serial number are sent to the target base station; C. The message exchanged between the mobile station and the target base station carries the updated AK serial number. In the present invention, the mobile station and the authentication device update the AK serial number during the handover process within an authentication period, and carry the updated AK serial number in the message during the communication process between the mobile station and the target base station. Therefore, in an authentication Within a period, even if the mobile station establishes connections with the same base station multiple times, messages with the same sequence number will not appear, thereby preventing replay attacks while ensuring normal communication.

Figure 200510123252

Description

一种防止重放攻击的方法 A Method to Prevent Replay Attack

技术领域 technical field

本发明涉及通信领域认证技术领域,特别是指一种防止重放攻击的方法。The invention relates to the technical field of authentication in the communication field, in particular to a method for preventing replay attacks.

背景技术 Background technique

IEEE802.16是IEEE组织定义的一种点对多点的无线接入技术标准。IEEE802.16定义的系统由基站(BS)和多个移动台(MS)组成。基站和移动台之间以无线帧为单位进行通信。由于无线移动通信系统的开放性和移动性,移动台的通信很容易被监听,系统也容易收到攻击。如攻击者仿冒移动台身份,盗用网络。因此,几乎所有的无线通信系统都具有一套完备的安全措施,包括认证和加密,用来确保通信安全,防止攻击。认证是指对移动台的身份进行确认,保证为合法移动台;加密是指对空中接口的数据进行加密,保证通信的私密性。一般为了提高密钥的动态性,进一步提高系统的安全性,加密所用的密钥都和认证过程进行联系,通过认证过程动态地生成和分发密钥。IEEE802.16 is a point-to-multipoint wireless access technology standard defined by IEEE. The system defined by IEEE802.16 consists of a base station (BS) and multiple mobile stations (MS). The communication between the base station and the mobile station is carried out in units of radio frames. Due to the openness and mobility of the wireless mobile communication system, the communication of the mobile station is easy to be intercepted, and the system is also vulnerable to attack. For example, the attacker forges the identity of the mobile station and embezzles the network. Therefore, almost all wireless communication systems have a complete set of security measures, including authentication and encryption, to ensure communication security and prevent attacks. Authentication refers to confirming the identity of the mobile station to ensure that it is a legal mobile station; encryption refers to encrypting data on the air interface to ensure the privacy of communication. Generally, in order to improve the dynamics of the key and further improve the security of the system, the key used for encryption is connected with the authentication process, and the key is dynamically generated and distributed through the authentication process.

在IEEE802.16系统中,可以采用多种认证方式,如RSA(一种由Rivest、Shamir、Adleman开发的公开密钥加密算法)、可扩展认证协议(EAP)、RSA+EAP、EAP+EAP等,系统通过这些认证方式产生授权密钥(AuthorizedKey,AK),然后通过AK再生成其他在通信过程中所利用的密钥。In the IEEE802.16 system, a variety of authentication methods can be used, such as RSA (a public key encryption algorithm developed by Rivest, Shamir, and Adleman), Extensible Authentication Protocol (EAP), RSA+EAP, EAP+EAP, etc. , the system generates an authorized key (AuthorizedKey, AK) through these authentication methods, and then regenerates other keys used in the communication process through AK.

下面通过EAP认证为例,简要说明移动台在接入基站后,产生AK及其他在通信过程中所利用的密钥的过程。如图1所示,通过EAP认证生成密钥的过程如下:The following uses EAP authentication as an example to briefly describe the process of generating AK and other keys used in the communication process after the mobile station accesses the base station. As shown in Figure 1, the process of generating a key through EAP authentication is as follows:

在步骤101,移动台在接入基站前,和认证服务器进行EAP认证交互,完成EAP认证后,生成主会话密钥(Master Session Key,MSK)。然后在步骤102至步骤105,认证服务器将MSK传递给认证装置(Authenticator),认证装置根据协议规定,先由MSK计算出成对主密钥(Pairwise Master Key,PMK),再根据PMK以及移动台所要接入的基站标识(BSID)和移动台标识(MSID)计算出AK,然后将计算出的AK传递给移动台所要接入的基站;基站在接收到AK后,根据AK产生用于计算上行消息的校验码的密钥(CMAC_KEY_U,或HMAC_KEY_U),用于计算下行消息的校验码的密钥(CMAC_KEY_D,或HMAC_KEY_D)和用于加密实际用于加密密钥(TEK)的密钥(KEK)。In step 101, the mobile station interacts with the authentication server for EAP authentication before accessing the base station, and generates a master session key (Master Session Key, MSK) after completing the EAP authentication. Then from step 102 to step 105, the authentication server transmits the MSK to the authentication device (Authenticator), and the authentication device first calculates the pairwise master key (Pairwise Master Key, PMK) from the MSK according to the agreement, and then according to the PMK and the mobile station's The base station identifier (BSID) to be accessed and the mobile station identifier (MSID) calculate the AK, and then pass the calculated AK to the base station to be accessed by the mobile station; after the base station receives the AK, it generates an uplink link based on the AK The key of the check code of the message (CMAC_KEY_U, or HMAC_KEY_U), the key used to calculate the check code of the downlink message (CMAC_KEY_D, or HMAC_KEY_D) and the key used to encrypt the actual encryption key (TEK) ( KEK).

在上述步骤102至步骤105执行的过程中,对应地在移动台侧,执行步骤102`和步骤103`:移动台MSK计算PMK,再根据PMK计算AK,然后根据AK产生用于计算上下行消息的校验码的密钥和KEK。During the execution of the above steps 102 to 105, correspondingly on the mobile station side, step 102' and step 103' are executed: the mobile station MSK calculates the PMK, then calculates the AK according to the PMK, and then generates an uplink and downlink message according to the AK The verification code of the key and KEK.

然后在步骤106至步骤109,移动台向基站发送消息请求TEK,基站接收到该消息后,产生一个随机数作为TEK,然后用KEK对TEK进行加密后,发送给移动台,此后移动台与基站之间的通信使用KEK加密后的TEK进行加密。Then in step 106 to step 109, the mobile station sends a message request TEK to the base station, and after the base station receives the message, it generates a random number as the TEK, then encrypts the TEK with KEK, and sends it to the mobile station, after which the mobile station and the base station The communication between them is encrypted using TEK encrypted by KEK.

在步骤110至步骤112,当移动台需要更新TEK时,向基站再次发送消息请求TEK,基站产生新的TEK,并在用KEK对TEK加密后,发送给移动台。From step 110 to step 112, when the mobile station needs to update the TEK, it sends a message requesting TEK to the base station again, and the base station generates a new TEK, encrypts the TEK with KEK, and sends it to the mobile station.

以上是以EAP为例对密钥生成的过程进行的描述,在使用其他认证方式时,与上述流程的不同之处只是在于产生AK之前的流程不同,即产生AK的方法不同,而在产生AK后,根据AK生成其他密钥的方法都与上述流程相同。各种具体认证方式中,生成AK及生成其他密钥的方法可以参照协议中的方法实现,这里不再详细说明。The above is a description of the key generation process using EAP as an example. When other authentication methods are used, the difference from the above process is only that the process before generating AK is different, that is, the method of generating AK is different, and when generating AK After that, the method of generating other keys based on AK is the same as the above process. Among the various specific authentication methods, the methods for generating AK and other keys can be realized by referring to the methods in the protocol, and will not be described in detail here.

在上述步骤109,通信过程中,利用发送方和接收方共知的算法,发送方根据消息正文和用于计算消息校验码的密钥计算出校验码,并将计算出的校验码和消息正文一起发送给接收方;接收方接收到上述校验码和消息正文后,根据上述双方共知的算法和用于计算校验码的密钥计算出校验码,然后将计算出的校验码与接收到的校验码进行比较,如果两者相等,则消息校验通过;否则校验失败。由于上述校验密钥是发送方和接收方分别根据AK计算出的私有的共享信息,因此可以保证攻击者无法计算出正确的校验密钥,也无法篡改消息。In the above step 109, during the communication process, the sender calculates the check code according to the message text and the key used to calculate the message check code by using the algorithm known by the sender and the receiver, and uses the calculated check code Send it to the recipient together with the message text; after receiving the above verification code and the message text, the recipient calculates the verification code based on the algorithm known to both parties and the key used to calculate the verification code, and then sends the calculated The check code is compared with the received check code, and if the two are equal, the message check passes; otherwise, the check fails. Since the above-mentioned verification key is private shared information calculated by the sender and the receiver respectively according to the AK, it can be guaranteed that the attacker cannot calculate the correct verification key and cannot tamper with the message.

上述步骤109的通信过程中,虽然通过校验密钥能够保证消息不被篡改,但是无法防范重放攻击。重放攻击是指攻击者在通信双方A和B交互过程中截获其中一方A(或B)发送的数据,并在此后的某个时机,向B(或A)重新发送上述截获的数据,这样攻击者就能够冒充通信双方中的一方去欺骗另一方,达到攻击网络的目的。In the communication process of step 109 above, although the verification key can ensure that the message is not tampered with, replay attacks cannot be prevented. A replay attack means that the attacker intercepts the data sent by one of the parties A (or B) during the interaction between the two parties A and B, and resends the above-mentioned intercepted data to B (or A) at a later time, so that The attacker can pretend to be one of the two communication parties to deceive the other party and achieve the purpose of attacking the network.

为防止重放攻击,通常的做法是在每个消息中加上序列号,保证在正常的通信过程中不会出现完全相同的消息。这样,当攻击者进行重放攻击时,接收方就能够判别出该消息是非法的,从而防止了重放攻击。在IEEE802.16协议中规定,下行管理消息携带序列号为加密下行消息认证码序号CMAC_PN_D,每发送一个下行管理消息,该序列号加一;上行管理消息携带序列号为加密上行消息认证码序号CMAC_PN_U,每发送一个上行管理消息,该序列号加一。此外,也可以用哈希下行消息认证码序号HMAC_PN_D和哈希上行消息认证码序号HMAC_PN_U替换上面的CMAC_PN_D和CMAC_PN_U。To prevent replay attacks, it is common practice to add a sequence number to each message to ensure that identical messages will not appear during normal communication. In this way, when the attacker performs a replay attack, the receiver can determine that the message is illegal, thereby preventing the replay attack. According to the IEEE802.16 protocol, the sequence number carried by the downlink management message is the encrypted downlink message authentication code number CMAC_PN_D, and the sequence number is incremented by one each time a downlink management message is sent; the sequence number carried by the uplink management message is the encrypted uplink message authentication code number CMAC_PN_U , each time an uplink management message is sent, the sequence number is incremented by one. In addition, the above CMAC_PN_D and CMAC_PN_U can also be replaced by the hashed downlink message authentication code sequence number HMAC_PN_D and the hashed uplink message authentication code sequence number HMAC_PN_U.

在无线通信网络中,由于移动台是可移动的,而基站是固定不动的,所以随着移动台的移动,穿过不同基站的覆盖区域时,移动台通过更换进行通信的基站来保证通信的连续性,这一过程称为切换。在切换前后,如果不重新进行认证,则移动台的PMK或者PAK就不会发生改变,PMK序列号(Sequence Number)和PAK Sequence Number也不会改变,从而AKSequence Number也不会改变,但由于连接的基站已经发生了变化,根据前面的计算AK的方法可知,基站变化后,由于BSID的变化,导致AK发生了变化,在AK进行了更新后,对于CMAC_PN_D和CMAC_PN_U也进行更新。In a wireless communication network, since the mobile station is mobile and the base station is fixed, as the mobile station moves and passes through the coverage areas of different base stations, the mobile station ensures communication by changing the base station for communication. continuity, this process is called switching. Before and after the handover, if no re-authentication is performed, the PMK or PAK of the mobile station will not change, and the PMK sequence number (Sequence Number) and PAK Sequence Number will not change, so the AKSequence Number will not change, but due to the connection The base station has changed. According to the previous method of calculating AK, after the base station changes, the AK has changed due to the change of the BSID. After the AK is updated, CMAC_PN_D and CMAC_PN_U are also updated.

切换过程中对密钥进行更新的过程为:移动台在切换后,目标基站向认证装置请求该移动台的AK,认证装置生成对应该基站的新的AK后发送给基站;基站根据接收的AK重新初始化CMAC_PN_D和CMAC_PN_U,即将两者从0开始计算;而移动台同样对AK进行更新,也重新初始化CMAC_PN_D和CMAC_PN_U,在后续通信过程中根据新的AK在消息中设置密钥,并在消息中设置更新后的序列号。The process of updating the key during the handover process is: after the mobile station is handed over, the target base station requests the AK of the mobile station from the authentication device, and the authentication device generates a new AK corresponding to the base station and sends it to the base station; Re-initialize CMAC_PN_D and CMAC_PN_U, that is, calculate the two from 0; and the mobile station also updates the AK, and also re-initializes CMAC_PN_D and CMAC_PN_U, and sets the key in the message according to the new AK in the subsequent communication process, and in the message Set the updated serial number.

由于移动台经常会在两个基站之间来回切换,那么对于上述过程中,当移动台从基站a切换到基站b再切换到基站a后,由于再切换回a时,在没有重新认证的情况下,生成的AK与没有切换前基站a获取的AK相同,且由于CMAC_PN_D和CMAC_PN_U均从0开始,则会出现包括相同校验码和相同序列号的消息,如果基站将这样的消息作为重放攻击消息加以拒绝就妨碍了合法移动移动台的正常通信;如果基站将这样的消息作为合法消息加以接收,就会给攻击者实施重放攻击造成了机会。Since the mobile station often switches back and forth between the two base stations, in the above process, when the mobile station switches from base station a to base station b and then to base station a, since it is switched back to a, there is no re-authentication In this case, the generated AK is the same as the AK obtained by base station a before handover, and since both CMAC_PN_D and CMAC_PN_U start from 0, there will be a message including the same check code and the same sequence number, if the base station uses such a message as a replay Rejecting the attack message will hinder the normal communication of the legitimate mobile station; if the base station receives such a message as a legitimate message, it will give the attacker an opportunity to implement a replay attack.

发明内容 Contents of the invention

有鉴于此,本发明的目的在于提供一种防止重放攻击的方法,该方法能够实现在保证移动台正常切换的前提下防止重放攻击。In view of this, the purpose of the present invention is to provide a method for preventing replay attacks, which can prevent replay attacks under the premise of ensuring normal handover of mobile stations.

为了达到上述目的,本发明提供了一种防止重放攻击的方法,该方法包含以下步骤:In order to achieve the above object, the present invention provides a method for preventing replay attacks, the method includes the following steps:

A、移动台切换到目标基站后,移动台和认证装置都重新生成AK,并更新AK序列号;A. After the mobile station switches to the target base station, both the mobile station and the authentication device regenerate the AK and update the AK serial number;

B、认证装置将生成的AK和更新后的AK序列号发送给所述目标基站;B. The authentication device sends the generated AK and the updated AK serial number to the target base station;

C、移动台与目标基站交互的消息中携带所述更新后的AK序列号,利用更新后的AK序列号进行消息校验。C. The updated AK serial number is carried in the message exchanged between the mobile station and the target base station, and the message verification is performed by using the updated AK serial number.

较佳地,所述更新AK序列号的方法为:Preferably, the method for updating the AK serial number is:

将AK序列号在存储的原AK序列号的基础上递增或递减。The AK serial number is incremented or decremented based on the stored original AK serial number.

较佳地,所述步骤A之前进一步包括:移动台和认证装置在进行认证后,初始化AK序列号时,设置AK序列号的初始值为预先设定的值。Preferably, before the step A, it further includes: after the mobile station and the authentication device initialize the AK serial number after authentication, set the initial value of the AK serial number to a preset value.

较佳地,所述预先设定的值为0或1。Preferably, the preset value is 0 or 1.

较佳地,所述步骤A中认证装置重新生成AK,并更新AK的序列号为:Preferably, in the step A, the authentication device regenerates the AK, and updates the serial number of the AK to:

所述目标基站在所述移动台切换接入后,向认证装置发送消息请求获取AK和AK序列号;After the mobile station switches access, the target base station sends a message to the authentication device to request to obtain the AK and the AK serial number;

认证装置根据接收的所述消息以及自身中存储的所述移动台最近一次认证的信息更新AK和AK序列号。The authentication device updates the AK and the AK sequence number according to the received message and the latest authentication information of the mobile station stored in itself.

较佳地,所述目标基站确定所述移动台切换接入的方法为:Preferably, the method for the target base station to determine the handover access of the mobile station is:

所述目标基站接收到移动台侧或网络侧发送的所述移动台切换到目标基站的指示消息后,确定所述移动台通过切换接入。The target base station determines that the mobile station accesses through handover after receiving an indication message sent by the mobile station side or the network side to indicate that the mobile station is handed over to the target base station.

较佳地,所述步骤A中进一步包括:Preferably, step A further includes:

移动台和认证装置分别判断更新后的AK序列号在本次认证过程中是否使用过,如果是则发起重认证,然后结束该流程;否则执行所述步骤B和步骤C。The mobile station and the authentication device respectively judge whether the updated AK serial number has been used in this authentication process, and if so, initiate re-authentication, and then end the process; otherwise, execute the steps B and C.

如果所述移动台与基站交互的消息中携带的AK序列号具有最大值;If the AK sequence number carried in the message exchanged between the mobile station and the base station has a maximum value;

则所述判断更新后的AK序列号是否使用过的方法可以为:Then the method for judging whether the updated AK serial number has been used can be:

判断更新后的AK序列号是否超过了所述最大值,如果是则判断出AK序列号已经使用过;否则,判断出AK序列号没有使用过。Judging whether the updated AK serial number exceeds the maximum value, if so, judging that the AK serial number has been used; otherwise, judging that the AK serial number has not been used.

较佳地,所述认证装置发起重认证的方法为:Preferably, the method for the authentication device to initiate re-authentication is:

认证装置向基站发送消息通知基站发起重认证。The authentication device sends a message to the base station to notify the base station to initiate re-authentication.

较佳地,所述基站发起重认证的方法为:Preferably, the method for the base station to initiate re-authentication is:

基站向移动台发送EAP认证请求消息或RSA认证无效消息触发移动台发起重认证。The base station sends an EAP authentication request message or an RSA authentication invalid message to the mobile station to trigger the mobile station to initiate re-authentication.

从以上方案可以看出,本发明中通过在一次认证周期内的切换过程中移动台和认证装置更新AK Sequence Number,并在移动台与目标基站的通信过程中,在消息中携带更新后的AK Sequence Number,因此,在一次认证周期内,即使移动台多次与相同的基站建立连接,也不会出现序列号都相同的消息,从而在保证正常通信的情况下防止了重放攻击;It can be seen from the above scheme that in the present invention, the mobile station and the authentication device update the AK Sequence Number during the handover process within an authentication period, and carry the updated AK Sequence Number in the message during the communication process between the mobile station and the target base station. Number, therefore, within an authentication period, even if the mobile station establishes connections with the same base station multiple times, there will be no message with the same sequence number, thus preventing replay attacks while ensuring normal communication;

进而,由于设置在消息中的AK Sequence Number具有最大值,在本发明中通过对AK Sequence Number是否超过最大值进行判断,并在超过上述最大值后,重新发起认证,提高了本发明的应用效果,进一步保证了正常通信,防止了重放攻击。Furthermore, since the AK Sequence Number set in the message has a maximum value, in the present invention, by judging whether the AK Sequence Number exceeds the maximum value, and reinitiating authentication after exceeding the above maximum value, the application effect of the present invention is improved , which further ensures normal communication and prevents replay attacks.

附图说明 Description of drawings

图1为认证及加密通信流程图;Figure 1 is a flow chart of authentication and encryption communication;

图2为本发明具体实施例中移动台侧的流程图;Fig. 2 is the flowchart of the mobile station side in the specific embodiment of the present invention;

图3为本发明具体实施例中基站侧的流程图。Fig. 3 is a flow chart of the base station side in a specific embodiment of the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面结合附图对本发明作进一步的详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

本发明的主要思想是,在一次认证周期内,当移动台切换到目标基站后,移动台和认证装置都对AK Sequence Number进行更新,并在移动台与目标基站的通信过程中,在消息中携带更新后的AK Sequence Number。The main idea of the present invention is that, in an authentication cycle, after the mobile station switches to the target base station, both the mobile station and the authentication device update the AK Sequence Number, and during the communication process between the mobile station and the target base station, the AK Sequence Number is updated in the message Carry the updated AK Sequence Number.

下面通过一个具体实施例对本发明进行详细阐述。The present invention will be described in detail below through a specific embodiment.

如图2所示为本发明切换过程中防止重放攻击方法的具体实施例中移动台侧的流程图,具体包括以下步骤:As shown in Figure 2, it is a flow chart of the mobile station side in a specific embodiment of the method for preventing replay attacks in the handover process of the present invention, which specifically includes the following steps:

步骤201、移动台切换到目标基站,获得目标基站标识后,根据存储的最近一次认证信息,以及移动台标识和当前连接的目标基站标识,计算新的AK,以及其他用于消息校验的密钥和其他密钥,更新AK的上下文,并更新AK Sequence Number。Step 201, the mobile station switches to the target base station, and after obtaining the target base station ID, calculates a new AK and other encryption keys for message verification according to the last stored authentication information, the mobile station ID and the currently connected target base station ID key and other keys, update the context of AK, and update the AK Sequence Number.

本实施例中在每次重新认证后,移动台侧在初始化AK SequenceNumber时,初始值可以为0,或1,或与现有技术相同,根据PMK/PAKSequence Number的值来确定,此后移动台记录当前AK Sequence Number的值。在更新AK Sequence Number时,在原有AK Sequence Number值的基础上递增或递减。当然也可以采用其他复杂的算法对AK Sequence Number进行更新,由于可采用的方法非常多,这里不再一一列举。在下述对本流程的说明中以采用递增的方式更新AK Sequence Number为例进行说明。In this embodiment, after each re-authentication, when the mobile station side initializes the AK SequenceNumber, the initial value can be 0, or 1, or the same as the prior art, determined according to the value of the PMK/PAKSequence Number, after which the mobile station records The value of the current AK Sequence Number. When updating the AK Sequence Number, it is incremented or decremented on the basis of the original AK Sequence Number value. Of course, other complex algorithms can also be used to update the AK Sequence Number. Since there are many methods that can be used, they will not be listed here. In the following description of this process, the incremental update of the AK Sequence Number is taken as an example.

此外,本步骤中更新AK的上下文时,对于CMAC_KEY_D和CMAC_KEY_U可以重新初始化,也可以不重新初始化。In addition, when updating the context of the AK in this step, CMAC_KEY_D and CMAC_KEY_U may or may not be reinitialized.

步骤202、移动台判断更新后的AK Sequence Number在本次认证过程中是否使用过,如果是,则执行步骤203,发起重认证,然后结束该流程;否则,执行步骤204,将该更新后的AK Sequence Number设置在与当前连接的基站交互的消息中进行通信。Step 202, whether the mobile station judges whether the updated AK Sequence Number has been used in this authentication process, if yes, then execute step 203, initiate re-authentication, and then end the process; otherwise, execute step 204, the updated AK Sequence Number The AK Sequence Number setting is communicated in messages interacting with the currently connected base station.

在本实施例中增加这个步骤是因为,在消息中携带AK SequenceNumber时,给AK Sequence Number分配的比特数是固定的,例如为4位,则该AK Sequence Number有最大值15,当更新AK Sequence Number后,其值超过上述最大值后,由于溢出原因,再将该值设置在消息中,该值就有可能被使用过,所以本步骤中,判断更新后的AK Sequence Number是否使用过,即判断更新后的AK Sequence Number值是否大于上述最大值,如果是,即判断出更新后的AK Sequence Number使用过;否则,判断出没有使用过。This step is added in this embodiment because when the AK SequenceNumber is carried in the message, the number of bits allocated to the AK Sequence Number is fixed, for example, 4 bits, and the AK Sequence Number has a maximum value of 15. When updating the AK Sequence After Number, after its value exceeds the above maximum value, due to overflow, if the value is set in the message, the value may have been used, so in this step, it is judged whether the updated AK Sequence Number has been used, that is Judging whether the updated AK Sequence Number is greater than the above maximum value, if so, it is judged that the updated AK Sequence Number has been used; otherwise, it is judged that it has not been used.

以上是对本发明具体实施例中移动台侧的实现流程,对应地,本实施例中基站侧的实现流程如图3所示,具体包括以下步骤:The above is the implementation process of the mobile station side in the specific embodiment of the present invention. Correspondingly, the implementation process of the base station side in this embodiment is shown in Figure 3, specifically including the following steps:

步骤301、基站在有移动台通过切换接入后,向认证装置发送请求消息,请求获取该移动台的AK及AK Sequence Number。Step 301, after a mobile station accesses through handover, the base station sends a request message to the authentication device, requesting to obtain the AK and AK Sequence Number of the mobile station.

本步骤中,基站可以通过收到移动台侧或网络侧发送的移动台切换到新的基站的指示消息,确定有移动台通过切换接入。In this step, the base station can determine that there is a mobile station accessing through handover by receiving an instruction message from the mobile station side or the network side to handover the mobile station to a new base station.

步骤302、认证装置根据存储的移动台本次认证的信息,以及发起请求的基站标识和移动台标识,计算出新的AK,并采用与移动台相同的方法更新AK Sequence Number。Step 302, the authentication device calculates a new AK according to the stored information of the current authentication of the mobile station, and the identity of the base station and the identity of the mobile station that initiated the request, and updates the AK Sequence Number in the same way as that of the mobile station.

与移动台侧对应,本发明中在认证装置侧,每次重新认证后,初始化AK Sequence Number时,初始值可以为0,或1,或预先设定的最大值。或与现有技术相同,根据PMK/PAK Sequence Number的值来确定,此后认证装置记录当前AK Sequence Number的值。在更新AK Sequence Number时,在原有AK Sequence Number值的基础上递增或递减。当然可以也采用其他复杂的算法对AK Sequence Number进行更新,由于可采用的方法非常多,这里不再一一列举。Corresponding to the mobile station side, in the present invention, on the authentication device side, after each re-authentication, when initializing the AK Sequence Number, the initial value can be 0, or 1, or a preset maximum value. Or the same as the prior art, it is determined according to the value of the PMK/PAK Sequence Number, after which the authentication device records the value of the current AK Sequence Number. When updating the AK Sequence Number, it is incremented or decremented on the basis of the original AK Sequence Number value. Of course, other complex algorithms can also be used to update the AK Sequence Number. Since there are many methods that can be used, they will not be listed here.

本步骤中认证装置还可以计算出其他的认证相关信息,如AKID、AKLifetime,和其他如CMAK_KEY_D和CMAC_KEY_U等密钥。In this step, the authentication device can also calculate other authentication-related information, such as AKID, AKLifetime, and other keys such as CMAK_KEY_D and CMAC_KEY_U.

步骤303、认证装置判断更新的AK Sequence Number在本次认证过程中是否使用过,如果是,则执行步骤304,通过响应消息通知基站发起重认证,然后结束该流程;否则执行步骤305,认证装置将更新后的AK和AKSequence Number或进一步将生成的其他密钥通过响应消息发送给上述发送请求消息的基站,然后执行步骤306。Step 303, the authentication device judges whether the updated AK Sequence Number has been used in this authentication process, if yes, executes step 304, notifies the base station to initiate re-authentication through a response message, and then ends the process; otherwise executes step 305, the authentication device Send the updated AK and AKSequence Number or other keys that will be further generated to the above-mentioned base station that sent the request message through a response message, and then perform step 306.

本步骤中判断AK Sequence Number是否被使用过的方法与上述步骤202中的判断方法相同,因此不再详述。另外本步骤中,基站发起重认证,可以通过发送消息触发移动台发起重认证。例如,在EAP认证中,基站可向移动台发送EAP认证请求(EAP-Request)消息触发移动台发起重认证;在RSA认证中,基站可以向移动台发送认证无效(Authen-Invalid)消息触发移动台发起重认证。In this step, the method for judging whether the AK Sequence Number has been used is the same as the method for judging in the above-mentioned step 202, so it will not be described in detail. In addition, in this step, the base station initiates re-authentication, and may trigger the mobile station to initiate re-authentication by sending a message. For example, in EAP authentication, the base station can send an EAP authentication request (EAP-Request) message to the mobile station to trigger the mobile station to initiate re-authentication; in RSA authentication, the base station can send an authentication invalid (Authen-Invalid) message to the mobile station to trigger the mobile station Taiwan initiates re-authentication.

步骤306、基站接收到认证装置发送的AK和AK Sequence Number后,根据接收的AK计算其他的密钥,并在与移动台交互的消息中设置所接收的AK Sequence Number。Step 306: After receiving the AK and AK Sequence Number sent by the authentication device, the base station calculates other keys according to the received AK, and sets the received AK Sequence Number in the message interacted with the mobile station.

本步骤中,基站对与移动台交互的消息中所使用的AK以外的其他密钥,如CMAK_KEY_D和CMAC_KEY_U等,如果认证装置已经发送给基站,则基站直接使用接收的相关密钥,若认证装置没有发送给基站,则基站自行计算。与移动台侧相对应,CMAC_PN_D和CMAC_PN_U可以重新初始化,也可以不重新初始化。In this step, the base station uses other keys other than AK, such as CMAK_KEY_D and CMAC_KEY_U, etc. in the messages interacted with the mobile station. If the authentication device has been sent to the base station, the base station directly uses the received related key. If the authentication device If it is not sent to the base station, the base station will calculate it by itself. Corresponding to the mobile station side, CMAC_PN_D and CMAC_PN_U may or may not be reinitialized.

可以理解,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。It can be understood that the above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the within the protection scope of the present invention.

Claims (10)

1, a kind of method that prevents Replay Attack is characterized in that, this method may further comprise the steps:
Behind A, the switching mobile station to target base station, travelling carriage and authenticate device all regenerate authorization key AK, and upgrade the AK sequence number;
B, authenticate device send to described target BS with the AK of generation and the AK sequence number after the renewal;
Carry the AK sequence number after the described renewal in C, travelling carriage and the target BS interactive messages, utilize the AK sequence number after upgrading to carry out the message verification.
2, method according to claim 1 is characterized in that, the method for described renewal AK sequence number is:
With AK sequence number increasing or decreasing on the basis of the former AK sequence number of storage.
3, method according to claim 1 is characterized in that, further comprise before the described steps A: travelling carriage and authenticate device are after authenticating, and during initialization AK sequence number, the initial value that the AK sequence number is set is predefined value.
4, method according to claim 3 is characterized in that, described predefined value is 0 or 1.
5, method according to claim 1 is characterized in that, authenticate device regenerates AK in the described steps A, and the sequence number of renewal AK is:
Described target BS sends message request to authenticate device and obtains AK and AK sequence number after described travelling carriage switches access;
Authenticate device is according to the described message of reception and the last information updating AK and the AK sequence number of storing in self that authenticates of described travelling carriage.
6, method according to claim 5 is characterized in that, described target BS determines that described travelling carriage switches the method that inserts and is:
Described target BS determines that described travelling carriage inserts by switching after receiving the Indication message of the described switching mobile station to target base station that mobile station side or network side send.
7, according to the described method of each claim in the claim 1 to 6, it is characterized in that, further comprise in the described steps A:
Travelling carriage and authenticate device judge that respectively whether the AK sequence number after the renewal used, if then initiate re-authentication, finished this flow process then in this verification process; Otherwise carry out described step B and step C.
8, method according to claim 7 is characterized in that, the AK sequence number that carries in described travelling carriage and the base station interactive messages has maximum;
Whether used method is AK sequence number after then described judgement is upgraded:
Judge that whether the AK sequence number after upgrading has surpassed described maximum, used if then judge the AK sequence number; Otherwise, judge the AK sequence number and do not use.
9, method according to claim 7 is characterized in that, the method that described authenticate device is initiated re-authentication is:
Authenticate device sends the message informing base station to the base station and initiates re-authentication.
10, method according to claim 9 is characterized in that, the method that re-authentication is initiated in described base station is:
The base station sends EAP authentication request message or Revest-Shamir-Adleman Algorithm (RSA) authentication invalid message triggering Mobile Origination re-authentication to travelling carriage.
CNB2005101232524A 2005-11-15 2005-11-15 Playback attack prevention method Expired - Lifetime CN100499899C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005101232524A CN100499899C (en) 2005-11-15 2005-11-15 Playback attack prevention method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005101232524A CN100499899C (en) 2005-11-15 2005-11-15 Playback attack prevention method

Publications (2)

Publication Number Publication Date
CN1968494A CN1968494A (en) 2007-05-23
CN100499899C true CN100499899C (en) 2009-06-10

Family

ID=38076971

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005101232524A Expired - Lifetime CN100499899C (en) 2005-11-15 2005-11-15 Playback attack prevention method

Country Status (1)

Country Link
CN (1) CN100499899C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101541001A (en) * 2009-04-28 2009-09-23 刘建 Method and system for updating base key
CN101583130B (en) * 2009-06-18 2015-09-16 中兴通讯股份有限公司 The generation method and apparatus of air interface key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
IEEE 802.16 安全漏洞及其解决方案. 李惠忠,陈惠芳,赵问道.现代电信科技,第1期. 2005 *

Also Published As

Publication number Publication date
CN1968494A (en) 2007-05-23

Similar Documents

Publication Publication Date Title
JP4024432B2 (en) Method for updating confidential shared data in a wireless communication system
US8503376B2 (en) Techniques for secure channelization between UICC and a terminal
CN101385273B (en) Methods of Password Synchronization
KR100704675B1 (en) Authentication Method and Related Key Generation Method for Wireless Mobile Internet System
US8397071B2 (en) Generation method and update method of authorization key for mobile communication
JP4002035B2 (en) A method for transmitting sensitive information using unsecured communications
CN100488280C (en) Authentifying method and relative information transfer method
EP3328108A1 (en) Authentication method, re-authentication method and communication apparatus
US20020120844A1 (en) Authentication and distribution of keys in mobile IP network
CN108880813B (en) A method and device for realizing an attachment process
JP2012110009A (en) Methods and arrangements for secure linking of entity authentication and ciphering key generation
JP5290323B2 (en) Integrated handover authentication method for next-generation network environment to which radio access technology and mobile IP-based mobility control technology are applied
EP0982958A2 (en) Method for protecting mobile anonymity
CN100488281C (en) Method for acquring authentication cryptographic key context from object base station
KR100879982B1 (en) Security System and Method in Mobile WiMAX Network System
CN101547091A (en) Method and device for transmitting information
CN101784048A (en) Method and system for dynamically updating identity authentication and secret key agreement of secret key
CN111526008A (en) Authentication method under mobile edge computing architecture and wireless communication system
CN101742492B (en) Key processing method and system
US9307406B2 (en) Apparatus and method for authenticating access of a mobile station in a wireless communication system
CN100499899C (en) Playback attack prevention method
CN1964259B (en) A method to manage secret key in the course of switch-over
WO2018126783A1 (en) Key transmission method, device, and computer storage medium
CN101160985B (en) Authentication method and corresponding information transmission method
Ameur et al. Secure Reactive Fast Proxy MIPv6-Based NEtwork MObility (SRFP-NEMO) for Vehicular Ad-hoc Networks (VANETs).

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211222

Address after: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province

Patentee after: xFusion Digital Technologies Co., Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
CX01 Expiry of patent term

Granted publication date: 20090610

CX01 Expiry of patent term