[go: up one dir, main page]

CN115767527A - Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency - Google Patents

Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency Download PDF

Info

Publication number
CN115767527A
CN115767527A CN202211277108.6A CN202211277108A CN115767527A CN 115767527 A CN115767527 A CN 115767527A CN 202211277108 A CN202211277108 A CN 202211277108A CN 115767527 A CN115767527 A CN 115767527A
Authority
CN
China
Prior art keywords
cscf
authentication
key
hss
msg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211277108.6A
Other languages
Chinese (zh)
Inventor
吴作顺
刘梓淇
吴芷静
吴抒恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Digital Intelligence Technology Co Ltd
Original Assignee
China Telecom Digital Intelligence Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Digital Intelligence Technology Co Ltd filed Critical China Telecom Digital Intelligence Technology Co Ltd
Priority to CN202211277108.6A priority Critical patent/CN115767527A/en
Publication of CN115767527A publication Critical patent/CN115767527A/en
Priority to PCT/CN2023/123172 priority patent/WO2024082963A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency, wherein in the mechanism, UE and HSS share a secret key generation function f 3 、f 4 And f 5 And a message authentication function H 1 (ii) a UE and S-CSCF shared key generation function f 3 ’、f 4 ' and message authentication function H 2 (ii) a HSS and S-CSCF shared secret key K HS (ii) a UE and HSS generate random numbers respectively; synchronizing a system clock; the UE trusts the HSS to which the UE belongs; and realizing UE registration authentication and key agreement and service authentication and key agreement based on the content. The method can avoid the attack of false base stations, the network access of false users, the replay attack, the man-in-the-middle attack, the leakage of shared keys and the enjoying of encrypted communication of the false users, and save the cost of a network end.

Description

Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency
Technical Field
The invention belongs to the technical field of emerging information, and particularly relates to an improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency.
Background
The access security mechanism of the IMS in the 5G message service undertakes two major tasks: firstly, authentication of access users; and secondly, after the authentication is finished, establishing IPSec security association (IPSecSA) between the UE and the P-CSCF, and providing security protection for the interaction of subsequent SIP signaling.
The IMS-AKA mechanism is mainly used for the authentication of users and the distribution of session keys, in the registration process of the IMS, SIP signaling carrying AKA parameters is interacted between UE and an IMS network authentication entity, and the AKA parameters are transmitted and negotiated according to the AKA mechanism, thereby realizing the processes of access authentication and key negotiation.
In practical application, the security vulnerabilities exposed by the IMS-AKA mechanism are as follows:
(1) Although the SIP signaling can be encrypted and integrity protected by the security key negotiated by the AKA mechanism between the UE and the P-CSCF, the initial registration request message is sent when the security key has not been negotiated, and an attacker can easily obtain the registration information of the user, thereby causing the privacy disclosure of the user.
(2) When registering to the IMS network, at least two registration requests need to be sent, SIP interaction between a user and the network is too complicated, and an authentication header field carried by an SIP message has a plurality of AKA parameters, so that the length of the SIP message is greatly increased. Due to the limitation of network bandwidth, transmission delay will be obvious, and time consumption for a user to access a network through registration will be long, which affects the user experience.
(3) In the AKA-based access authentication process, the UE does not perform identity authentication on an access point P-CSCF of an IMS core network, and the opportunity of impersonating a man-in-the-middle to attack is provided for an attacker.
In order to solve the problems, an improved 5G message RCS access authentication IMS-AKA mechanism which balances security and efficiency needs to be researched.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide an improved 5G message RCS access authentication IMS-AKA mechanism with balanced security and efficiency based on the architecture of the international standard 5G message terminal access authentication system, aiming at the defects of the prior art.
In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:
an improved 5G message RCS access authentication IMS-AKA mechanism balancing security and efficiency is provided, in which,
(1) UE and HSS share key generation function f 3 、f 4 And f 5 And a message authentication function H 1 (ii) a UE and S-CSCF shared key generation function f 3 ’、f 4 ' and message authentication function H 2 (ii) a HSS and S-CSCF shared secret key K HS
(2) UE and HSS generate random numbers respectively;
(3) Synchronizing a system clock;
(4) The UE trusts the HSS to which the UE belongs;
wherein, f 3 A key generation function for calculating an encryption key CK; f. of 4 A key generation function for calculating an integrity protection key IK; f. of 5 A key generation function for calculating an anonymous key AK;
H 1 an authentication function for the registration message for the UE; h 2 An authentication function for the S-CSCF to the response message;
f 3 ' is a generating function of the iterative encryption key CK; f. of 4 ' is a generating function of an iterative integrity protection key IK;
and (4) realizing UE registration authentication and key agreement and service authentication and key agreement based on the steps (1) to (4).
In order to optimize the technical scheme, the specific measures adopted further comprise:
the UE registration authentication and key agreement realizes the registration authentication and key agreement by applying a Hash function chain and a timestamp.
The UE registration authentication and key agreement process includes:
(1) UE initiates registration, ME sends registration message MSG U And message authentication code MAC U
MSG U =E(K i-l ,R U )||TMPI i-1 ||f n (R U )||A1{A1,A2,...,Ar}
MAC U =H l (K i-l ,IMPI||MSG U )
Wherein E is a single-key encryption function;
R U for old shared secret key K i-l An encrypted random number;
TMPI i-1 an old temporary user identity;
f n (R U ) The Hash function is performed for n times, wherein n is the maximum number of times of service application after one registration is successful;
{ A1, A2,. And Ar } and A1 are r alternative sets of encryption algorithms and user-selected algorithms, respectively.
(2) S-CSCF receives registration information of UE and leaves f n (R U ) According to TMPI i-l Mixing MSG U End time-stamped timesampv 1 and MAC U Forwarded to the home network HSS of the UE together;
(3) HSS receives MSG U And MAC U According to TMPI i-l Obtaining stored IMPI, decrypting to obtain R U
Calculating XMAC U Checking XMAC U And MAC U If the two are consistent, verifying whether the timestamp V1 is legal or not, authenticating the UE successfully by the HSS in a legal way, re-synchronizing the system clock if the UE is illegal, and re-initiating registration;
HSS selects random number R after successful registration H Deciding whether to agree with the ciphering algorithm A1 selected by the UE, if not, selecting one of the given alternative ciphering algorithms as the ciphering algorithm A used for the current registration i (ii) a Generation of a novel TMPI i Generating a new key K i =E(K i-1 ,R U R H ) And use of R in combination H And K i Generating CK, IK and AK; shared secret key K with HSS and S-CSCF HS Encryption of E (Ki, R) U ) (ii) a Then register the response information MSG H The message is sent back to the S-CSCF;
MSG H =R H ||AK||TMPI i ||A i ||E(K HS ,E(K i ,R U ))||CK||IK||E(K i ,R H ))
(4) The S-CSCF receives the response information returned by the HSS, decrypts to obtain E (K) i ,R U )、E(K i ,R H ) Leave AK, E (K) i ,R H )、TMPI i Generating a random number R S Calculating f n (R S ) (ii) a MSG (minimum shift group) S 、MAC S Sending the information to the UE;
MSG S =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )||CK||IK||timestampV2
MAC S =H 2 (AK,MSG S )
(5) S-CSCF will MSG S 、MAC S The SIP response is sent to the I-CSCF, and the I-CSCF forwards the SIP response to the P-CSCF;
after receiving the SIP response, the P-CSCF stores the CK and the IK and forwards the rest parts to the UE;
MSG P =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )timestampV2
MAC P =H 2 (AK,MSG P )
(6) UE receives MSG P 、MAC P With R H And K i CK, IK, and AK are generated, and XMAC is calculated S And E (K) i ,R H );
Inspection and MAC S Whether the two are consistent; by K i Decryption E (K) i ,R H ) Checking R U Whether the random number is the initially selected random number or not; and checking the validity of the timestamp, if the time stamp passes all the time, the UE successfully authenticates the S-CSCF, and the UE leaves the TMPI i Algorithm a, accepting HSS selection, as the temporary subscriber identity for this registration i The encryption algorithm is used for transmitting service data;
simultaneously sending RES to S-CSCF;
RES=E(K i ,R H )
(7) Test XRES = E (K) i ,R H ) And if the identity is consistent with the RES, the S-CSCF successfully authenticates the UE.
The above-mentioned service authentication and key negotiation process is:
after the registration authentication is successful, when the UE needs to perform service communication for the ith time,S-CSCF sends f to ME n-i (R S ) ME check f (f) n-i (R S ) Whether or not to f last time stored before n-(i-1) (R S ) If the identity is the same, the identity of the S-CSCF is confirmed, the S-CSCF is legal, and f is sent to the S-CSCF n-i (R U );
S-CSCF checks UE validity, if legal, it achieves two-way authentication, sends success mark to UE, starts to generate cipher and integrity key CK needed by this service communication i 、IK i
The UE also starts to generate CK after receiving the success mark i 、IK i And preparing for service communication.
CK i =f 3 ’(CK,f n-i (R U ));
IK i =f 4 ’(IK,f n-i (R U ))。
When the service frequency reaches the upper limit n of the Hash function chain, the user needs to register authentication with the S-CSCF and the HSS again when applying for the service, and updates the key shared with the HSS.
The invention has the following beneficial effects:
(1) The authentication of the HSS to the UE and the bidirectional authentication of the UE and the S-CSCF are realized, and the attack of a false base station and the network access of a fake user are avoided. A Hash function chain and a timestamp are applied in the authentication process, so that replay attack is avoided; plain text-free delivery of IMPI and random number R used to generate encryption keys U And man-in-the-middle attack is avoided.
(2) The shared key of the UE and the HSS is updated every time the user registers, so that the leakage of the shared key is avoided; the free negotiation determines the encryption algorithm, and covers the encryption algorithm selection function.
(3) And no clear text is transmitted for CK and IK, so that a fake user is prevented from enjoying encrypted communication.
(4) After the user successfully accesses the network, the HSS does not need to be involved in the service authentication, and the network end expense is saved.
Drawings
FIG. 1 is a flow chart of the registration and authentication of the present invention;
fig. 2 is a flow chart of service authentication and key agreement according to the present invention.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
The invention relates to an improved 5G message RCS access authentication IMS-AKA mechanism with balanced safety and efficiency, and the precondition comprises the following steps:
(1) UE and HSS share key generation function f 3 、f 4 And f 5 And a message authentication function H 1
UE and S-CSCF shared key generation function f 3 ’、f 4 ' and message authentication function H 2
HSS and S-CSCF shared secret key K HS
(2) The UE and the HSS each generate a random number.
(3) Synchronizing a system clock;
(4) The UE trusts its home HSS.
Wherein, f 3 A key generation function for calculating an encryption key CK; f. of 4 A key generation function for calculating an integrity protection key IK; f. of 5 A key generation function for calculating an anonymous key AK;
H 1 an authentication function for the registration message for the UE; h 2 An authentication function for the S-CSCF to the response message;
f 3 ' is a generating function of the iterative encryption key CK; f. of 4 ' is a generating function of an iterative integrity protection key IK;
based on the above (1) - (4), UE registration authentication and key agreement and service authentication and key agreement can be realized.
UE registration authentication and key agreement:
f is introduced as a Hash function which can be iterated, and the maximum iteration number is n; e is a one-key encryption function.
The specific flow is shown in figure 1:
(1) UE initiates registration to generate registration message MSG U
MSG U The method comprises the following steps:
old shared secret key K i-l Encrypted random numberR U Old temporary subscriber identity TMPI i-1
Hash function f of degree n n (R U ) Wherein n is the maximum number of times that the service can be applied after one registration is successful, and can be determined according to the specific condition of the system;
r alternative sets of encryption algorithms { A1, A2., ar } and a user selected algorithm A1.
Specifically, the method comprises the following steps:
ME sending MSG U And message authentication code MAC U
Wherein, MSG U =E(K i-l ,R U )||TMPI i-1 ||f n (R U )||A1{A1,A2,...,Ar}
MAC U =H l (K i-l ,IMPI||MSG U )
(2) S-CSCF receives registration information of UE and leaves f n (R U ) According to TMPI i-l Mixing MSG U End time-stamped timesampv 1 and MAC U Forwarded together to its home network HSS;
(3) HSS receives MSG U And MAC U According to TMPI i-l Obtaining the stored IMPI, decrypting to obtain R U
Calculating XMAC U Checking XMAC U And MAC U And if the two are consistent, checking whether the timestamp V1 is legal, authenticating the UE successfully by the legal HSS, and if not, re-synchronizing the system clock and re-initiating registration.
HSS selects random number R after successful registration H Deciding whether to agree with the ciphering algorithm A1 selected by the UE, if not, selecting one of the given alternative ciphering algorithms as the ciphering algorithm A used for the registration i (ii) a Generation of novel TMPI i Generating a new key K i =E(K i-1 ,R U R H ) And use of R in combination H And K i Generating CK, IK and AK; shared secret key K with HSS and S-CSCF HS Encryption of E (Ki, R) U ) (ii) a Then register the response information MSG H The message is sent back to the S-CSCF;
MSG H =R H ||AK||TMPI i ||A i ||E(K HS ,E(K i ,R U ))||CK||IK||E(K i ,R H ))
(4) S-CSCF receives the response information returned from HSS, and decrypts to obtain E (K) i ,R U )、E(K i ,R H ) Leave AK, E (K) i ,R H )、TMPI i Generating a random number R S Calculating f n (R S ) (ii) a MSG (minimum shift group) S 、MAC S Sending the information to the UE;
MSG S =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )||CK||IK||timestampV2
MAC S =H 2 (AK,MSG S )
(5) S-CSCF will MSG S 、MAC S The SIP response is sent to the I-CSCF, and the I-CSCF forwards the SIP response to the P-CSCF;
after receiving the SIP response, the P-CSCF stores CK and IK and forwards the rest parts to the UE;
MSG P =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )timestampV2
MAC P =H 2 (AK,MSG P )
(6) UE receives MSG P 、MAC P With R H And K i CK, IK, and AK are generated, and XMAC is calculated S And E (K) i ,R H );
Inspection and MAC S Whether the two are consistent; by K i Decryption E (K) i ,R H ) Checking for R U Whether the random number is the initially selected random number or not; and checking the validity of the timestamp, if the time stamp passes all the time, the UE successfully authenticates the S-CSCF, and the UE leaves the TMPI i Algorithm A for accepting HSS selection as a temporary subscriber identity for this registration i And the service data is transmitted as an encryption algorithm.
And simultaneously sends RES to S-CSCF.
RES=E(K i ,R H )
(7) Test XRES = E (K) i ,R H ) If the identity is consistent with RES, the authentication of S-CSCF is carried out if the identity is consistent with RESThe UE was successful.
Service authentication and key negotiation:
after successful registration and authentication, when UE needs to perform ith service communication, S-CSCF shall send f to ME n-i (R S ) (ii) a ME needs to check f (f) n-i (R S ) Whether or not to compare with the last f previously stored n-(i-1) (R S ) If the same, confirming the identity of the S-CSCF and sending f to the S-CSCF n-i (R U )。
S-CSCF checks UE validity, if legal, it achieves two-way authentication, sends success mark to UE, starts to generate cipher and integrity key CK needed by this service communication i 、IK i
The UE also starts to generate CK after receiving the success mark i 、IK i And preparing for service communication. As shown in fig. 2.
CK i =f 3 ’(CK,f n-i (R U ));
IK i =f 4 ’(IK,f n-i (R U ))。
When the service frequency reaches the upper limit n of the Hash function chain, the user needs to register authentication with the S-CSCF and the HSS again when applying for the service, and updates the key shared with the HSS.
Some of the abbreviations in the present invention are as follows:
UE: a user;
and the P-CSCF: a unified entry point to the IMS visited network;
I-CSCF: an entry point to the IMS home network;
and S-CSCF: IMS signaling plane core node location;
HSS: home Subscriber Server, belonging to Subscriber Server;
ME: a mobile device.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.

Claims (6)

1. An improved 5G message RCS access authentication IMS-AKA mechanism with balanced security and efficiency is characterized in that in the mechanism,
(1) UE and HSS share key generation function f 3 、f 4 And f 5 And a message authentication function H 1 (ii) a UE and S-CSCF shared key generation function f 3 ’、f 4 ' and message authentication function H 2 (ii) a HSS and S-CSCF shared secret key K HS
(2) UE and HSS respectively generate random numbers;
(3) Synchronizing a system clock;
(4) The UE trusts the HSS to which the UE belongs;
wherein f is 3 A key generation function for calculating an encryption key CK; f. of 4 A key generation function for calculating an integrity protection key IK; f. of 5 A key generation function for calculating an anonymous key AK;
H 1 an authentication function for the UE for the registration message; h 2 An authentication function for the S-CSCF to the response message;
f 3 ' is a generating function of the iterative encryption key CK; f. of 4 ' is a generating function of the iterative integrity protection key IK;
and (4) realizing UE registration authentication and key agreement and service authentication and key agreement based on the steps (1) to (4).
2. The improved 5G message RCS access authentication IMS-AKA mechanism for balancing security and efficiency as claimed in claim 1, wherein said UE registration authentication and key agreement uses a Hash function chain and a timestamp to implement the registration authentication and key agreement.
3. The mechanism of claim 2, wherein the UE registration authentication and key agreement procedure comprises:
(1) UE initiates registration, ME sendsRegistration message MSG U And message authentication code MAC U
MSG U =E(K i-l ,R U )||TMPI i-1 ||f n (R U )||A1{A1,A2,...,Ar}
MAC U =H l (K i-l ,IMPI||MSG U )
Wherein E is a single-key encryption function;
R U for old shared secret key K i-l An encrypted random number;
TMPI i-1 identifying the old temporary user;
f n (R U ) The Hash function is performed for n times, wherein n is the maximum number of times of applying for service after one registration is successful;
{ A1, A2,. And Ar } and A1 are r alternative sets of encryption algorithms and user-selected algorithms, respectively.
(2) S-CSCF receives registration information of UE and leaves f n (R U ) According to TMPI i-l Mixing MSG U End-time stamped timestampV1 and MAC U Forwarded to the home network HSS of the UE together;
(3) HSS receives MSG U And MAC U According to TMPI i-l Obtaining the stored IMPI, decrypting to obtain R U
Calculating XMAC U Checking XMAC U And MAC U If the two are consistent, verifying whether the timesampV 1 is legal or not, authenticating the UE successfully by the HSS in a legal manner, and re-synchronizing the system clock in an illegal manner to re-initiate registration;
HSS selects random number R after successful registration H Deciding whether to agree with the ciphering algorithm A1 selected by the UE, if not, selecting one of the given alternative ciphering algorithms as the ciphering algorithm A used for the registration i (ii) a Generation of a novel TMPI i Generating a new key K i =E(K i-1 ,R U R H ) In combination with R H And K i CK, IK and AK are generated; shared secret key K with HSS and S-CSCF HS Encryption of E (Ki, R) U ) (ii) a Then registration response information MSG H The message is sent back to the S-CSCF;
MSG H =R H ||AK||TMPI i ||A i ||E(K HS ,E(K i ,R U ))||CK||IK||E(K i ,R H ))
(4) The S-CSCF receives the response information returned by the HSS, decrypts to obtain E (K) i ,R U )、E(K i ,R H ) Leave AK, E (K) i ,R H )、TMPI i Generating a random number R S Calculating f n (R S ) (ii) a MSG (minimum shift group) S 、MAC S Sending the information to the UE;
MSG S =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )||CK||IK||timestampV2
MAC S =H 2 (AK,MSG S )
(5) S-CSCF will MSG S 、MAC S The SIP response is sent to the I-CSCF, and the I-CSCF forwards the SIP response to the P-CSCF;
after receiving the SIP response, the P-CSCF stores the CK and the IK and forwards the rest parts to the UE;
MSG P =R H ||TMPI i ||A i ||f n (R S )||E(K i ,R U )timestampV2
MAC P =H 2 (AK,MSG P )
(6) UE receives MSG P 、MAC P With R H And K i CK, IK, and AK are generated, and XMAC is calculated S And E (K) i ,R H );
Inspection and MAC S Whether the two are consistent; by K i Decryption E (K) i ,R H ) Checking for R U Whether the random number is the initially selected random number or not; and checking the validity of the timestamp, if the timestamp passes all the authentication, the UE successfully authenticates the S-CSCF, and the UE leaves the TMPI i Algorithm A for accepting HSS selection as a temporary subscriber identity for this registration i The encryption algorithm is used for transmitting service data;
simultaneously sending RES to S-CSCF;
RES=E(K i ,R H )
(7) Test XRES = E (K) i ,R H ) And if the identity is consistent with the RES, the S-CSCF successfully authenticates the UE.
4. The mechanism of claim 1 for improved 5G message RCS access authentication IMS-AKA according to which the security and efficiency are balanced, wherein the service authentication and key agreement procedure is:
after the registration authentication is successful, when the UE needs to carry out the ith service communication, the S-CSCF sends f to the ME n-i (R S ) ME check f (f) n-i (R S ) Whether or not to compare with the last f previously stored n-(i-1) (R S ) If the identity is the same, the identity of the S-CSCF is confirmed, the S-CSCF is legal, and f is sent to the S-CSCF n-i (R U );
S-CSCF checks UE legality, if legal, it achieves two-way authentication, sends success mark to UE, starts to generate cipher and integrity key CK needed by this service communication i 、IK i
The UE also starts to generate CK after receiving the success mark i 、IK i And preparing for service communication.
5. The RCS access authentication IMS-AKA mechanism for 5G messages to balance security and efficiency as recited in claim 4, wherein CK is configured to perform i =f 3 ’(CK,f n-i (R U ));
IK i =f 4 ’(IK,f n-i (R U ))。
6. The improved mechanism of 5G message RCS access authentication IMS-AKA for balancing security and efficiency as claimed in claim 1, wherein when the number of services reaches the upper limit n of the Hash function chain, the user needs to re-register authentication with S-CSCF and HSS and update the key shared with HSS when applying for services.
CN202211277108.6A 2022-10-19 2022-10-19 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency Pending CN115767527A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202211277108.6A CN115767527A (en) 2022-10-19 2022-10-19 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency
PCT/CN2023/123172 WO2024082963A1 (en) 2022-10-19 2023-10-07 Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211277108.6A CN115767527A (en) 2022-10-19 2022-10-19 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Publications (1)

Publication Number Publication Date
CN115767527A true CN115767527A (en) 2023-03-07

Family

ID=85353789

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211277108.6A Pending CN115767527A (en) 2022-10-19 2022-10-19 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Country Status (2)

Country Link
CN (1) CN115767527A (en)
WO (1) WO2024082963A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024082963A1 (en) * 2022-10-19 2024-04-25 中电信数智科技有限公司 Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100544249C (en) * 2004-10-29 2009-09-23 大唐移动通信设备有限公司 Mobile communication user certification and cryptographic key negotiation method
CN1327681C (en) * 2005-08-08 2007-07-18 华为技术有限公司 Method for realizing initial Internet protocol multimedia subsystem registration
CN101064607A (en) * 2006-04-29 2007-10-31 华为技术有限公司 System, apparatus and method for authentication
US10462291B1 (en) * 2018-12-04 2019-10-29 T-Mobile Usa, Inc. Shared group number
CN115767527A (en) * 2022-10-19 2023-03-07 中电信数智科技有限公司 Improved 5G message RCS access authentication IMS-AKA mechanism for balancing safety and efficiency

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024082963A1 (en) * 2022-10-19 2024-04-25 中电信数智科技有限公司 Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency

Also Published As

Publication number Publication date
WO2024082963A1 (en) 2024-04-25

Similar Documents

Publication Publication Date Title
US11228442B2 (en) Authentication method, authentication apparatus, and authentication system
KR101158956B1 (en) Method for distributing certificates in a communication system
US8705743B2 (en) Communication security
RU2335866C2 (en) Method of cryptographic key forming and distribution in mobile communication system and corresponding mobile communication system
US8122240B2 (en) Method and apparatus for establishing a security association
KR101148543B1 (en) Secure wireless communication
US20060059344A1 (en) Service authentication
US20030200433A1 (en) Method and apparatus for providing peer authentication for an internet key exchange
US20080137859A1 (en) Public key passing
US20070086590A1 (en) Method and apparatus for establishing a security association
US10595203B2 (en) Enhanced establishment of IMS session with secure media
CN100544247C (en) The negotiating safety capability method
CN103139774B (en) Short message service processing method and short message service treatment system
WO2024082963A1 (en) Improved 5g message rcs access authentication ims-aka method capable of balancing security and efficiency
CN112399407B (en) 5G network authentication method and system based on DH ratchet algorithm
CN109067705B (en) Improved Kerberos identity authentication system and method based on group communication
WO2009124587A1 (en) Service reporting
CN110933673B (en) Access authentication method of IMS network
Southern et al. Solutions to security issues with legacy integration of GSM into UMTS
Lin et al. A fast iterative localized re-authentication protocol for heterogeneous mobile networks
KR101033931B1 (en) Communication method (authentication and key setting method) in mobile communication system and method of driving subscriber and visitor location register in the mobile communication system
WO2020037958A1 (en) Gba-based client registration and key sharing method, device, and system
CN103095649A (en) Combination authentication method and system of internet protocol multimedia subsystem (IMS) single sign on
Rodriguez et al. Security mechanism for IMS authentication, using public key techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination