How can the network verify that a terminal that
attaches gives its valid identity, in other words that
the IMSI has not been modified ?
网络如何验证附加的终端是否提供其有效身份,换句话说,IMSI尚未被修改?
That is the question we are going to answer in this video.
这是我们将在本视频中回答的问题。
Each subscription is identified by an IMSI, which is
unique in the world.
每个订阅都由IMSI标识,IMSI在世界上是唯一的。
For each subscription, there is also a secret key K.
对于每个订阅,还有一个秘密密钥K.
This key is stored both
in the SIM and the HSS.
该密钥存储在SIM和HSS中。
The key is 128 bits long, which gives 3 10^38
possible values, more than the number of grains of
sand on the earth !
Practically, there is no chance to have two SIMs
with the same key.
关键是128位长,它提供3 10 ^ 38个可能的值,超过地球上的沙粒数量!实际上,没有机会有两个具有相同键的SIM。
When the UE attaches to the network, it sends its IMSI.
当UE连接到网络时,它发送其IMSI。
To authenticate the subscriber, the network checks
the presence of the secret key in
the SIM card without ever transmitting this key on the radio channel.
为了验证用户,网络检查SIM卡中是否存在密钥,而无需在无线电信道上发送该密钥。
The method is
based on a cryptographic function and a challenge.
该方法基于加密功能和挑战。
This challenge is simply a random number RAND coded
on a large number of bits.
这个挑战只是在大量比特上编码的随机数RAND。
Both the HSS and the SIM card make a
calculation using the same cryptographic function
called f on the figure.
HSS和SIM卡都使用与图中f相同的加密函数进行计算。
The f function takes as input
the random number RAND and K, the secret key,
and gives a result.
f函数将随机数RAND和K(密钥)作为输入,并给出结果。
The terminal calculates the result
and sends it to the HSS.
终端计算结果并将其发送给HSS。
The HSS compares RES to the expected result.
HSS将RES与预期结果进行比较。
That is, the XRES calculated.
也就是说,XRES计算出来了。
If RES equals XRES, then it’s
interpreted as proof that the mobile terminal is in
possession of the shared secret.
如果RES等于XRES,则将其解释为移动终端拥有共享秘密的证据。
So, if it really is the subscriber the UE claims it is,
the UE is authorized to communicate with the mobile network.
因此,如果它确实是UE声称的订户,则UE被授权与移动网络通信。
If there is a difference between RES and XRES,
the UE is refused network access.
如果RES和XRES之间存在差异,则UE被拒绝网络访问。
The cryptographic function
was specifically chosen because it’s
simple to calculate, using the RAND and the key.
加密函数是专门选择的,因为使用RAND和密钥计算起来很简单。
In 4G, the random number RAND and the key
are 128 bits.
在4G中,随机数RAND和密钥是128位。
The result of the function is a number from
32 to 128 bits.
该函数的结果是32到128位的数字。
Knowing the random number and the result will not enable
you to determine the value of the key.
知道随机数和结果将无法确定密钥的值。
This is a one-way algorithm.
这是一种单向算法。
If someone is listening to the values RAND and RES, he
cannot deduce the value of the key.
如果有人正在听RAND和RES值,他就无法推断出密钥的值。
When a subscriber is abroad, it’s still
the HSS that generates the random number and
determines the XRES.
当订户在国外时,仍然是HSS生成随机数并确定XRES。
Both ends of the chain, the HSS
and the SIM are completely under
the control of the operator.
链条的两端,HSS和SIM完全在操作员的控制之下。
Each operator can define his own cryptographic function
completely autonomously, as long as the sizes of the
challenge and of the result conform to specifications.
每个操作员都可以完全自主地定义自己的加密功能,只要挑战和结果的大小符合规范即可。
Note that a trusted third-party
can play the role of authenticator.
请注意,受信任的第三方可以扮演身份验证者的角色。
The HSS just needs to provide the random number RAND and
the expected result XRES.
HSS只需要提供随机数RAND和预期结果XRES。
It’s the third party’s responsibility
to verify the correspondence.
验证通信是第三方的责任。
In truth; the terminal never interacts
directly with the HSS.
事实上; 终端永远不会直接与HSS交互。
It’s the MME that plays the role of authenticator.
它是MME扮演认证者的角色。
The terminal initiates the procedure by sending
the IMSI to the MME via the eNodeB.
终端通过eNodeB将IMSI发送到MME来启动该过程。
The MME contacts the HSS.
MME联系HSS。
The HSS generates the random number RAND to
pass to the terminal and the expected result XRES.
HSS生成随机数RAND以传递到终端和预期结果XRES。
The HSS sends these elements to the MME.
HSS将这些元素发送到MME。
The MME sends the random number RAND to the terminal via
the eNodeB and waits for the response.
MME经由eNodeB将随机数RAND发送到终端并等待响应。
If the terminal’s result corresponds to the expected
response XRES, the MME authorizes the terminal
to enter the network.
如果终端的结果对应于预期的响应XRES,则MME授权终端进入网络。
The RAND-XRES pair constitutes the base of what we call
an authentication vector.
RAND-XRES对构成了我们称之为认证向量的基础。
The vector contains several other elements that we’ll see later.
该向量包含我们稍后将看到的其他几个元素。
Of course, once the vector has been used, we
can’t use it a second time.
当然,一旦使用了矢量,我们就不能再次使用它了。
We’ve seen how the network authenticates the terminal.
我们已经看到网络如何验证终端。
Nothing prevents an attacker from making up
a fake base station and passing itself off as a real network.
没有什么可以阻止攻击者组建一个虚假的基站并将自己作为真正的网络传递出去。
With the procedure we’ve seen, the terminal has no proof
that the challenge it received and that the response it
sent weren’t processed by a pirate network.
通过我们已经看到的程序,终端没有证据表明它收到的挑战以及它发送的响应没有被盗版网络处理。
That’s why, in 4G networks, there’s
mutual authentication.
这就是为什么在4G网络中存在相互认证的原因。
That is, the network authenticates the terminal and the
terminal authenticates the network.
也就是说,网络对终端进行认证,终端对网络进行认证。
Let's look at how it works.
我们来看看它是如何工作的。
We're still using the random number,
a cryptographic algorithm g, and calculating a
result that is called, in this case, an authentication
token, or AUTN.
我们仍在使用随机数,加密算法g,并计算被调用的结果,在本例中为身份验证令牌或AUTN。
The authentication algorithm of the network g
is different from the authentication algorithm of terminal f.
网络g的认证算法不同于终端f的认证算法。
The token AUTN is therefore different from the result RES.
因此,令牌AUTN与结果RES不同。
The HSS transmits the token as well as the random number.
HSS传输令牌以及随机数。
The MME sends in the same
message the random number RAND and the
authentication token AUTN to the terminal.
MME在同一消息中将随机数RAND和认证令牌AUTN发送到终端。
The terminal does its own calculations and
verifies that it got the same value as the received token.
终端进行自己的计算,并验证它是否与接收的令牌具有相同的值。
If this is the case, the network
is authenticated by the terminal and exchanges continue
as we saw previously.
如果是这种情况,则终端验证网络,并且如前所述继续交换。
If we applied this procedure exactly, there would be a major weakness.
如果我们准确地应用这个程序,那将是一个主要的弱点。
An attacker can just listen to
the network and note the RAND and the
corresponding AUTN token.
攻击者只能收听网络并记下RAND和相应的AUTN令牌。
He then takes over the role of the network and sends the
RAND-AUTN pair he has noted.
然后,他接管了网络的角色并发送了他注意到的RAND-AUTN对。
Therefore, two successive authentications must lead to different results.
因此,两次连续的认证必须导致不同的结果。
So, we introduce a
new input parameter called SQN for
Sequence Number.
因此,我们为序列号引入了一个名为SQN的新输入参数。
The basic principle is to increment the
value of SQN with each new authentication.
基本原则是使用每个新身份验证增加SQN的值。
A part of the authentication token, AUTN contains
information about the SQN number.
作为身份验证令牌的一部分,AUTN包含有关SQN号的信息。
So, when receiving the
authentication token, the terminal verifies that
the SQN does not have the same value as the
last time, in other words that the SQN is valid.
因此,当接收到认证令牌时,终端验证SQN不具有与上次相同的值,换言之,SQN是有效的。
If the SQN Is not valid or if the authentication token is
not the expected one, the terminal does not
access the network.
如果SQN无效或者认证令牌不是预期的,则终端不访问网络。
If everything is OK, the terminal computes the RES value
and sends it to the MME.
如果一切正常,终端计算RES值并将其发送到MME。
The MME checks that
RES is the same as XRES.
MME检查RES是否与XRES相同。
After these exchanges, the terminal and the
network are mutually authenticated.
在这些交换之后,终端和网络相互认证。
The terminal can use the network.
终端可以使用网络。
Of course, SQN should be incremented.
当然,SQN应该增加。
A new authentication vector will have the new SQN value.
新的身份验证向量将具有新的SQN值。
The use of authentication vectors is important because
it enables a large flexibility in the authentication
mechanism and in the network.
认证向量的使用很重要,因为它使认证机制和网络具有很大的灵活性。
So, the HSS never communicates with the mobile terminal.
因此,HSS从不与移动终端通信。
It just receives an authentication request and responds
with authentication vectors.
它只接收身份验证请求并使用身份验证向量进行响应。
All the protocol exchanges between
the MME and the mobile terminal
are hidden from the HSS and do not concern it.
MME和移动终端之间的所有协议交换都是从HSS隐藏的,并不涉及它。
Another important point is the management of roaming situations.
另一个重点是漫游情况的管理。
A foreign MME can ask the HSS
for authentication vectors.
外国MME可以向HSS询问认证向量。
Without having access to the secret K,
the MME will then be able to authenticate the mobile terminal.
在没有访问秘密K的情况下,MME将能够验证移动终端。
In summary, in 4G networks, authentication is based on a
secret key, cryptographic functions and random numbers.
总之,在4G网络中,认证基于密钥,加密功能和随机数。
The secret key is stored in the SIM and the HSS.
密钥存储在SIM和HSS中。
The secret key is never
transmitted in the network.
密钥永远不会在网络中传输。
The SIM and the HSS make the same calculation.
SIM和HSS进行相同的计算。
The authentication is valid only when both find the same results.
仅当两者都找到相同的结果时,验证才有效。
The authentication is mutual:
the UE authenticates the network and
the network authenticates the terminal.
认证是相互的:UE认证网络,网络认证终端。