[go: up one dir, main page]

WO2016074694A1 - Enforcing the use of specific encryption algorithms - Google Patents

Enforcing the use of specific encryption algorithms Download PDF

Info

Publication number
WO2016074694A1
WO2016074694A1 PCT/EP2014/074150 EP2014074150W WO2016074694A1 WO 2016074694 A1 WO2016074694 A1 WO 2016074694A1 EP 2014074150 W EP2014074150 W EP 2014074150W WO 2016074694 A1 WO2016074694 A1 WO 2016074694A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption algorithms
information
specific encryption
subscriber identity
identity module
Prior art date
Application number
PCT/EP2014/074150
Other languages
French (fr)
Inventor
Guenther Horn
Original Assignee
Nokia Solutions And Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions And Networks Oy filed Critical Nokia Solutions And Networks Oy
Priority to PCT/EP2014/074150 priority Critical patent/WO2016074694A1/en
Publication of WO2016074694A1 publication Critical patent/WO2016074694A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Definitions

  • the present invention relates to apparatuses, methods, systems, computer programs, computer program products and computer-readable media regarding enforcing the use of specific encryption algorithms.
  • the present invention relates to security in 3GPP (3 rd Generation Partnership Project) networks, and is motivated, in particular, by the current work on enhancements for GSM (Global System for Mobile Communication) EDGE (Enhanced Data Rates for GSM Evolution) Radio Access Network (GERAN) that aims at better supporting the Internet of Things (loT).
  • GSM Global System for Mobile Communication
  • EDGE Enhanced Data Rates for GSM Evolution
  • GERAN Radio Access Network
  • LoT Internet of Things
  • PS packet-switching
  • GPRS General Packet Radio Service
  • the present invention is also applicable to other types of 3GPP-defined networks used for other purposes.
  • the GERAN loT work aims at enhancing GERAN in various respects to better support low-cost, long-lived terminals for machine-type communication.
  • a part of the envisaged enhancements relates to security. It has been well known for a long time that GSM security suffers from significant weaknesses. Nevertheless, no significant progress has been made over the past years regarding GSM security. This is mainly due to the requirement cited in 3GPP TR 33.801 (document [1 ]), clause 1 1 .12: "It is required that a new mobile should still work in an old network.” This requirement offers the possibility for an attacker who presents a fake network to the terminal to pretend that the network is an old one not supporting the security enhancements. In this way, the attacker can "bid down" to a weaker security level, effectively nullifying the usefulness of the security enhancements through an active false network attack.
  • UMTS Universal Mobile Telecommunication System
  • AKA Authentication and Key Agreement
  • Document [1 ] discloses a discussion of a method for enforcing the use of certain encryption algorithms, called 'Special RAND' (cf. clause 10.1 .1 of document [1 ]).
  • 'Special RAND' is tailored to the use of GSM authentication and modifies the random number RAND, instead of using UMTS AKA.
  • document [2] describes use of the so-called AMF (Authentication Management Field) of UMTS AKA. However, it is not described there how to use the AMF to enforce the use of encryption algorithms in the terminal.
  • AMF Authentication Management Field
  • a method comprising: composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
  • a mobile equipment receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus for use in a register comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a server comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a mobile equipment comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • the mobile equipment receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus for use in a mobile equipment comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus for use in a subscriber identity module comprising:
  • At least one processor and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
  • an apparatus comprising: means for composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
  • an apparatus comprising: means for determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and means for transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the- air mechanisms.
  • an apparatus comprising: means for receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
  • an apparatus comprising: means for obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and
  • an apparatus comprising: means for storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
  • a computer program product comprising code means adapted to produce steps of any of the methods as described above when loaded into the memory of a computer.
  • a computer program product as defined above, wherein the computer program product comprises a computer- readable medium on which the software code portions are stored.
  • Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention
  • Fig. 2 is a flowchart illustrating an example of another method according to example versions of the present invention.
  • FIG. 3 is a flowchart illustrating an example of another method according to example versions of the present invention
  • Fig. 4 is a flowchart illustrating an example of another method according to example versions of the present invention
  • Fig. 5 is a flowchart illustrating an example of another method according to example versions of the present invention.
  • Fig. 6 is block diagram illustrating an example of an apparatus according to example versions of the present invention. Detailed Description
  • the basic system architecture of a communication network where examples of embodiments of the invention are applicable may comprise a commonly known architecture of one or more communication systems comprising a wired or wireless access network subsystem and a core network.
  • Such an architecture may comprise one or more communication network control elements, access network elements, radio access network elements, access service network gateways or base transceiver stations, such as a base station (BS), an access point or an eNB, which control a respective coverage area or cell and with which one or more communication elements or terminal devices such as a
  • UE or another device having a similar function such as a modem chipset, a chip, a module etc., which can also be part of a UE or attached as a separate element to a UE, or the like, are capable to communicate via one or more channels for transmitting several types of data.
  • core network elements such as gateway network elements, policy and charging control network elements, mobility management entities, operation and maintenance elements, and the like may be comprised.
  • the communication network is also able to communicate with other networks, such as a public switched telephone network or the Internet.
  • the communication network may also be able to support the usage of cloud services.
  • BSs and/or eNBs or their functionalities may be implemented by using any node, host, server or access node etc. entity suitable for such a usage.
  • network elements and communication devices such as terminal devices or user devices like UEs, communication network control elements of a cell, like a BS or an eNB, access network elements like APs and the like, as well as corresponding functions as described herein may be implemented by software, e.g. by a computer program product for a computer, and/or by hardware.
  • nodes or network elements may comprise several means, modules, units, components, etc. (not shown) which are required for control, processing and/or communication/signaling functionality.
  • Such means, modules, units and components may comprise, for example, one or more processors or processor units including one or more processing portions for executing instructions and/or programs and/or for processing data, storage or memory units or means for storing instructions, programs and/or data, for serving as a work area of the processor or processing portion and the like (e.g. ROM, RAM, EEPROM, and the like), input or interface means for inputting data and instructions by software (e.g. floppy disc, CD-ROM, EEPROM, and the like), a user interface for providing monitor and manipulation possibilities to a user (e.g. a screen, a keyboard and the like), other interface or means for establishing links and/or connections under the control of the processor unit or portion (e.g.
  • radio interface means comprising e.g. an antenna unit or the like, means for forming a radio communication part etc.) and the like, wherein respective means forming an interface, such as a radio communication part, can be also located on a remote site (e.g. a radio head or a radio station etc.).
  • a remote site e.g. a radio head or a radio station etc.
  • the invention specifically addresses the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
  • the problem addressed by the present invention is that these minimum security requirements should be allowed to be updated securely and automatically over time as GERAN loT terminals are expected to have a long life and run without human intervention.
  • the idea of the invention can be extended in an easy way to environments other than the GERAN loT, e.g. the Circuit-Switched (CS) domain of GSM (by instructing a terminal to no longer use A5/3), or to UMTS or LTE networks and the like.
  • CS Circuit-Switched
  • Some example versions of the present invention specifically address the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
  • the AMF Authentication Management Field
  • the AMF is a field sent from the HLR (Home Location Register) or HSS (Home Subscriber Server) to the user equipment together with the authentication challenge.
  • the AMF is seen, and hence can be evaluated, by both the ME (Mobile Equipment) and the USIM (Universal Subscriber Identity Module).
  • the AMF is integrity-protected, and the USIM can verify the integrity of this field, hence the AMF provides a secure means of conveying information from the HLR or HSS to the UE.
  • the AMF comprises 16 bits numbered from “0” to “15”, where bit “0” is the most significant bit and bit “15” is the least significant bit. Bit “0” is called the “AMF separation bit” and is used for the purposes of EPS (Evolved Packet System). Bits “1 “ to “7” are reserved for future standardization use and bits “8" to “15” can be used for proprietary purposes.
  • EPS Evolved Packet System
  • the fourth variant uses the OTA (Over The Air) management of the USIM.
  • an AMF bit x (x being one bit of the bits "1 " to “7”) is used, which indicates the following: if the bit x is set to 1 , the ME shall use only algorithms of a certain minimum strength, e.g. GEA4 or stronger. According to the first variant, the AMF bit must be in the standardized part of the AMF (bits "1 " to “7", as set out above, with bit "0" being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary. If the bit x is set to "0", there are no specific requirements regarding the encryption algorithms. In such a case, the HSS or HLR including the Authentication Centre (AuC) must be capable of setting the AMF bit x dependent on
  • serving network node e.g. SGSN
  • ⁇ type of subscription e.g. loT.
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of evaluating the AMF bit x and interpret it as an instruction to use only certain encryption algorithms.
  • an AMF bit y (y being one bit of the bits "1 " to "7") is used, which indicates the following: if the bit y is set to 1 , the ME shall contact the USIM to fetch further information on encryption algorithms from the USIM, if the bit y is set to 0, the ME shall not contact the USIM to fetch further information on encryption algorithms from the USIM.
  • the AMF bit must be in the standardized part of the AMF (bits "1 " to “7”, as set out above, with bit “0” being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary.
  • serving network node e.g. SGSN
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of evaluating the AMF bit y and interpret it as an instruction to fetch further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms and sending it to the ME upon request.
  • an AMF bit z (z being one bit of the bits "1 " to “15”) is used, which indicates the following: if the bit is set to 1 , the USIM shall modify the information on encryption algorithms so that now only algorithms of a certain minimum strength are allowed, e.g. only GEA4 or stronger. If the bit z is set to "0", the USIM does not modify the information.
  • the information on encryption algorithms in the USIM is now assumed to be dynamically changing, depending on the value of the AMF bit z, and the ME is assumed to always fetch information on encryption algorithms from the USIM.
  • the AMF bit could also be in the proprietary part of the AMF as, in principle, though not always in practice, the operator owning the HLR or HSS could instruct his provider of USIMs to implement a proprietary meaning of the AMF bit. But the ME behavior would have to be standardized anyhow.
  • the HSS or HLR including the Authentication Centre (AuC) must be capable of setting AMF bit z dependent on
  • serving network node e.g. SGSN
  • type of subscription e.g. loT.
  • the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
  • the ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the value of the AMF bit z and send the information to the ME upon request.
  • a fourth variant according to example versions of the present invention relates to modifying information on encryption algorithms in the USIM via OTA mechanisms (e.g. via the SIM application toolkit).
  • the OTA mechanisms are protected in a proprietary way.
  • OTA server that must be capable of sending updated information on encryption algorithms to selected sets of UEs, e.g. depending on the type of subscription.
  • the ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
  • the USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the updating information received OTA and send the information to the ME upon request.
  • the above described four variants are of course not limited to signaling the use of GEA4 in the context of GERAN loT, but could also be used to signal the use of e.g. encryption or integrity algorithms in UMTS or LTE.
  • Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like.
  • the method comprises composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment in a step S1 1 , and transmitting, by the register, the message to the user equipment in a step S12.
  • the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to use specific encryption algorithms. According to some example versions of the present invention, the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to obtain information on specific encryption algorithms to be used from a subscriber identity module of the user equipment.
  • the management field includes a bit for dynamically changing information on specific encryption algorithms in the subscriber identity module of the user equipment.
  • the bit is set depending on capabilities of a serving gateway node serving the user equipment and a type of subscription of the user equipment.
  • the register is a Home Subscriber Server or a Home Location Register including an Authentication Centre.
  • Fig. 2 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a server, like an OTA server, or the like.
  • the method comprises determining, by a server, updated information on specific encryption algorithms to be used by a user equipment in a step S21 , and transmitting, by the server, in a step S22, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
  • Fig. 3 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a mobile equipment or the like.
  • the method comprises receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment in a step S31 , evaluating, by the mobile equipment, in a step S32 the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information in a step S33.
  • evaluating the information comprises interpreting the information as an instruction to use the specific encryption algorithms.
  • evaluating the information comprises interpreting the information as an instruction to obtain information on the use of the specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and the method further comprises using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
  • Fig. 4 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a mobile equipment or the like.
  • the method comprises obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment in a step S41 , and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module in a step S42.
  • Fig. 5 is a flowchart illustrating another example of a method according to example versions of the present invention.
  • the method may be implemented in or may be part of a subscriber identity module, like a USIM, or the like.
  • the method comprises storing, in a subscriber identity module, in a step S51 , information on the use of specific encryption algorithms, and, in a step S52, transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
  • the method further comprises receiving, at the subscriber identity module, a message including updated information on the use of specific encryption algorithms, modifying, by the subscriber identity module, the stored information on the use of specific encryption algorithms based on the updated information, and transmitting, by the subscriber identity module, upon request, the modified information to the mobile equipment.
  • the specific encryption algorithms are encryption algorithms having a specific minimum strength.
  • Fig. 6 is a block diagram showing an example of an apparatus according to some example versions of the present invention.
  • a block circuit diagram illustrating a configuration of an apparatus 60 is shown, which is configured to implement the above described aspects of the invention.
  • the apparatus 60 shown in Fig. 6 may comprise several further elements or functions besides those described herein below, which are omitted herein for the sake of simplicity as they are not essential for understanding the invention.
  • the apparatus may be also another device having a similar function, such as a chipset, a chip, a module etc., which can also be part of an apparatus or attached as a separate element to the apparatus, or the like.
  • the apparatus 60 may comprise a processing function or processor 61 , such as a CPU or the like, which executes instructions given by programs or the like.
  • the processor 61 may comprise one or more processing portions dedicated to specific processing as described below, or the processing may be run in a single processor. Portions for executing such specific processing may be also provided as discrete elements or within one or further processors or processing portions, such as in one physical processor like a CPU or in several physical entities, for example.
  • Reference sign 62 denotes transceiver or input/output (I/O) units (interfaces) connected to the processor 61 .
  • the I/O units 62 may be used for communicating with one or more other network elements, entities, terminals or the like.
  • the I/O units 62 may be a combined unit comprising communication equipment towards several network elements, or may comprise a distributed structure with a plurality of different interfaces for different network elements.
  • the apparatus 60 further comprises at least one memory 63 usable, for example, for storing data and programs to be executed by the processor 61 and/or as a working storage of the processor 61 .
  • the processor 61 is configured to execute processing related to the above described aspects.
  • the apparatus 60 may be implemented in or may be part of a network element like a serving gateway, a packet data network gateway or the like, and may be configured to perform a method as described in connection with Fig. 2.
  • the processor 61 is configured to perform receiving, by a first network element, a message including an indication of a quality of service modification initiated by a charging entity, composing, by the first network element, a message including an information element indicating that the quality of service modification is initiated by the charging entity, and forwarding, by the first network element, the message including the information element to a second network element.
  • the apparatus 60 may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like, and may be configured to perform a method as described in connection with Fig. 1 .
  • the processor 61 is configured to perform composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment, and transmitting, by the register, the message to the user equipment.
  • the apparatus 60 may be implemented in or may be part of a server, like an OTA server, or the like, and may be configured to perform a method as described in connection with Fig. 2.
  • the processor 61 is configured to perform determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
  • the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 3.
  • the processor 61 is configured to perform receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment, evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information.
  • the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 4.
  • the processor 61 is configured to perform obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
  • the apparatus 60 may be implemented in or may be part of a subscriber identity module, like a USIM, or the like, and may be configured to perform a method as described in connection with Fig. 5.
  • the processor 61 is configured to perform storing, in a subscriber identity module, information on the use of specific encryption algorithms, and transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
  • the apparatus for use in a register generally have the same structural components, wherein these components are configured to execute the respective functions of the register, server, mobile equipment, and subscriber identity module, respectively, as set out above.
  • the apparatus may comprise further units/means that are necessary for its respective operation, respectively. However, a description of these units/means is omitted in this specification.
  • the arrangement of the functional blocks of the apparatus is not construed to limit the invention, and the functions may be performed by one block or further split into sub-blocks.
  • the apparatus or some other means
  • the apparatus is configured to perform some function
  • this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • a (i.e. at least one) processor or corresponding circuitry potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function.
  • such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to” is construed to be equivalent to an expression such as "means for").
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the aspects/embodiments and its modification in terms of the functionality implemented;
  • CMOS Complementary MOS
  • BiMOS Bipolar MOS
  • BiCMOS Bipolar CMOS
  • ECL emitter Coupled Logic
  • TTL Transistor-Transistor Logic
  • ASIC Application Specific IC
  • FPGA Field- programmable Gate Arrays
  • CPLD Complex Programmable Logic Device
  • DSP Digital Signal Processor
  • - devices, units or means can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;
  • an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor;
  • a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example.
  • respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts.
  • the mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the present invention.
  • Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.
  • Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.
  • a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding enforcing the use of specific encryption algorithms. The present invention comprises composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment, transmitting, by the register, the message to the user equipment

Description

TITLE
DESCRIPTION
Enforcing the use of specific encryption algorithms
Field of the invention
The present invention relates to apparatuses, methods, systems, computer programs, computer program products and computer-readable media regarding enforcing the use of specific encryption algorithms.
The present invention relates to security in 3GPP (3rd Generation Partnership Project) networks, and is motivated, in particular, by the current work on enhancements for GSM (Global System for Mobile Communication) EDGE (Enhanced Data Rates for GSM Evolution) Radio Access Network (GERAN) that aims at better supporting the Internet of Things (loT). These enhancements apply to the packet-switching (PS) domain of GSM, also called GPRS (General Packet Radio Service). However, it is noted that the present invention is also applicable to other types of 3GPP-defined networks used for other purposes.
Background of the invention
The GERAN loT work aims at enhancing GERAN in various respects to better support low-cost, long-lived terminals for machine-type communication. A part of the envisaged enhancements relates to security. It has been well known for a long time that GSM security suffers from significant weaknesses. Nevertheless, no significant progress has been made over the past years regarding GSM security. This is mainly due to the requirement cited in 3GPP TR 33.801 (document [1 ]), clause 1 1 .12: "It is required that a new mobile should still work in an old network." This requirement offers the possibility for an attacker who presents a fake network to the terminal to pretend that the network is an old one not supporting the security enhancements. In this way, the attacker can "bid down" to a weaker security level, effectively nullifying the usefulness of the security enhancements through an active false network attack.
Interestingly, for GERAN loT terminals it is no longer required to work in an old network. This now offers the opportunity to enhance security without having to fear bidding down attacks, by imposing minimum security requirements on the use of GERAN loT. If a GERAN loT sees that the network does not support these minimum security requirements the terminal will simply not connect to this network.
One of these minimum security requirements that can be safely assumed to be made for GERAN loT is that the UMTS (Universal Mobile Telecommunication System) AKA (Authentication and Key Agreement) protocol is used for authentication, as opposed to the GSM authentication protocol. The latter is known to suffer from weaknesses like lack of network authentication and lack of replay protection.
Another such minimum security requirement is that only strong encryption algorithms shall be used. For the 2G packet domain, of which GERAN loT will be part, such strong encryption algorithms are, as of today, the encryption algorithms GEA3 and GEA4 (GEA, GPRS encryption algorithm). Currently, there is no network support for GEA4 at all, so GEA4 cannot be mandated from the start of GERAN loT. However, over time, it is expected that GEA3 will no longer be considered strong enough. Therefore, a means is required to instruct GERAN loT terminals in the field to use no longer GEA3, but only GEA4 (or stronger algorithms that are not yet standardized today) from a certain time onwards.
Document [1 ] discloses a discussion of a method for enforcing the use of certain encryption algorithms, called 'Special RAND' (cf. clause 10.1 .1 of document [1 ]). However, 'Special RAND' is tailored to the use of GSM authentication and modifies the random number RAND, instead of using UMTS AKA.
Further, document [2] describes use of the so-called AMF (Authentication Management Field) of UMTS AKA. However, it is not described there how to use the AMF to enforce the use of encryption algorithms in the terminal.
References: [1 ]: 3GPP TR 33.801 [2]: 3GPP TS 33.102
Summary of the Invention
It is therefore an object of the present invention to overcome the above mentioned problems and to provide apparatuses, methods, systems, computer programs, computer program products and computer-readable media regarding enforcing the use of specific encryption algorithms.
According to an aspect of the present invention there is provided a method comprising: composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
transmitting, by the register, the message to the user equipment.
According to another aspect of the present invention there is provided a method comprising:
determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and
transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
According to another aspect of the present invention there is provided a method comprising:
receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
using, by the mobile equipment, the specific encryption algorithms based on the information. According to another aspect of the present invention there is provided a method comprising:
obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
According to another aspect of the present invention there is provided a method comprising:
storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
According to another aspect of the present invention there is provided an apparatus for use in a register, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
transmitting, by the register, the message to the user equipment.
According to another aspect of the present invention there is provided an apparatus for use in a server, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
determining, by the server, updated information on specific encryption algorithms to be used by a user equipment, and
transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
According to another aspect of the present invention there is provided an apparatus for use in a mobile equipment, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
using, by the mobile equipment, the specific encryption algorithms based on the information.
According to another aspect of the present invention there is provided an apparatus for use in a mobile equipment, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
obtaining, by the mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
According to another aspect of the present invention there is provided an apparatus for use in a subscriber identity module, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
storing, in the subscriber identity module, information on the use of specific encryption algorithms, and
transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
According to another aspect of the present invention there is provided an apparatus, comprising: means for composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
means for transmitting, by the register, the message to the user equipment.
According to another aspect of the present invention there is provided an apparatus, comprising: means for determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and means for transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the- air mechanisms.
According to another aspect of the present invention there is provided an apparatus, comprising: means for receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
means for evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
means for using, by the mobile equipment, the specific encryption algorithms based on the information.
According to another aspect of the present invention there is provided an apparatus, comprising: means for obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and
means for using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
According to another aspect of the present invention there is provided an apparatus, comprising: means for storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
means for transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module. According to another aspect of the present invention there is provided a computer program product comprising code means adapted to produce steps of any of the methods as described above when loaded into the memory of a computer. According to a still further aspect of the invention there is provided a computer program product as defined above, wherein the computer program product comprises a computer- readable medium on which the software code portions are stored.
According to a still further aspect of the invention there is provided a computer program product as defined above, wherein the program is directly loadable into an internal memory of the processing device.
Brief Description of the Drawings
These and other objects, features, details and advantages will become more fully apparent from the following detailed description of aspects/embodiments of the present invention which is to be taken in conjunction with the appended drawings, in which:
Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention;
Fig. 2 is a flowchart illustrating an example of another method according to example versions of the present invention;
Fig. 3 is a flowchart illustrating an example of another method according to example versions of the present invention; Fig. 4 is a flowchart illustrating an example of another method according to example versions of the present invention;
Fig. 5 is a flowchart illustrating an example of another method according to example versions of the present invention;
Fig. 6 is block diagram illustrating an example of an apparatus according to example versions of the present invention. Detailed Description
In the following, some example versions of the disclosure and embodiments of the present invention are described with reference to the drawings. For illustrating the present invention, the examples and embodiments will be described in connection with a cellular communication network based on a 3GPP based communication system, for example a 2G based system. However, it is to be noted that the present invention is not limited to an application using such types of communication systems or communication networks, but is also applicable in other types of communication systems or communication networks, like for example LTE/LTE-A and 3G communication networks and the like.
The following examples versions and embodiments are to be understood only as illustrative examples. Although the specification may refer to "an", "one", or "some" example version(s) or embodiment(s) in several locations, this does not necessarily mean that each such reference is to the same example version(s) or embodiment(s), or that the feature only applies to a single example version or embodiment. Single features of different embodiments may also be combined to provide other embodiments. Furthermore, words "comprising" and "including" should be understood as not limiting the described embodiments to consist of only those features that have been mentioned and such example versions and embodiments may also contain also features, structures, units, modules etc. that have not been specifically mentioned.
The basic system architecture of a communication network where examples of embodiments of the invention are applicable may comprise a commonly known architecture of one or more communication systems comprising a wired or wireless access network subsystem and a core network. Such an architecture may comprise one or more communication network control elements, access network elements, radio access network elements, access service network gateways or base transceiver stations, such as a base station (BS), an access point or an eNB, which control a respective coverage area or cell and with which one or more communication elements or terminal devices such as a
UE or another device having a similar function, such as a modem chipset, a chip, a module etc., which can also be part of a UE or attached as a separate element to a UE, or the like, are capable to communicate via one or more channels for transmitting several types of data. Furthermore, core network elements such as gateway network elements, policy and charging control network elements, mobility management entities, operation and maintenance elements, and the like may be comprised.
The general functions and interconnections of the described elements, which also depend on the actual network type, are known to those skilled in the art and described in corresponding specifications, so that a detailed description thereof is omitted herein. However, it is to be noted that several additional network elements and signaling links may be employed for a communication to or from a communication element or terminal device like a UE and a communication network control element like a radio network controller, besides those described in detail herein below.
The communication network is also able to communicate with other networks, such as a public switched telephone network or the Internet. The communication network may also be able to support the usage of cloud services. It should be appreciated that BSs and/or eNBs or their functionalities may be implemented by using any node, host, server or access node etc. entity suitable for such a usage.
Furthermore, the described network elements and communication devices, such as terminal devices or user devices like UEs, communication network control elements of a cell, like a BS or an eNB, access network elements like APs and the like, as well as corresponding functions as described herein may be implemented by software, e.g. by a computer program product for a computer, and/or by hardware. In any case, for executing their respective functions, correspondingly used devices, nodes or network elements may comprise several means, modules, units, components, etc. (not shown) which are required for control, processing and/or communication/signaling functionality. Such means, modules, units and components may comprise, for example, one or more processors or processor units including one or more processing portions for executing instructions and/or programs and/or for processing data, storage or memory units or means for storing instructions, programs and/or data, for serving as a work area of the processor or processing portion and the like (e.g. ROM, RAM, EEPROM, and the like), input or interface means for inputting data and instructions by software (e.g. floppy disc, CD-ROM, EEPROM, and the like), a user interface for providing monitor and manipulation possibilities to a user (e.g. a screen, a keyboard and the like), other interface or means for establishing links and/or connections under the control of the processor unit or portion (e.g. wired and wireless interface means, radio interface means comprising e.g. an antenna unit or the like, means for forming a radio communication part etc.) and the like, wherein respective means forming an interface, such as a radio communication part, can be also located on a remote site (e.g. a radio head or a radio station etc.). It is to be noted that in the present specification processing portions should not be only considered to represent physical portions of one or more processors, but may also be considered as a logical division of the referred processing tasks performed by one or more processors.
The invention specifically addresses the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
As set out above, there is an opportunity to enhance security without having to fear bidding down attacks, by imposing minimum security requirements on the use of GERAN loT. It is noted that these minimum security requirements as such are a pre-requisite of the invention.
The problem addressed by the present invention is that these minimum security requirements should be allowed to be updated securely and automatically over time as GERAN loT terminals are expected to have a long life and run without human intervention.
Providing such a secure means is the problem solved by some example versions of the present invention.
It is noted that the idea of the invention can be extended in an easy way to environments other than the GERAN loT, e.g. the Circuit-Switched (CS) domain of GSM (by instructing a terminal to no longer use A5/3), or to UMTS or LTE networks and the like.
Some example versions of the present invention specifically address the question how the network can securely instruct the terminal to use a particular set of encryption algorithms to protect the communication over the radio interface, while preventing an attacker from downgrading the security of the communication through enforcing the use of a weaker algorithm.
According to example versions of the present invention, there are four variants. Three of them use the AMF (Authentication Management Field) of the UMTS AKA (Authentication and Key Agreement) protocol to instruct the terminal to use an encryption algorithm that is at least as strong as GEA4 with the ciphering key Kci2s derived from the UMTS AKA run, as specified in document [1 ]. The AMF is a field sent from the HLR (Home Location Register) or HSS (Home Subscriber Server) to the user equipment together with the authentication challenge. The AMF is seen, and hence can be evaluated, by both the ME (Mobile Equipment) and the USIM (Universal Subscriber Identity Module). The AMF is integrity-protected, and the USIM can verify the integrity of this field, hence the AMF provides a secure means of conveying information from the HLR or HSS to the UE.
As defined in document [2], the AMF comprises 16 bits numbered from "0" to "15", where bit "0" is the most significant bit and bit "15" is the least significant bit. Bit "0" is called the "AMF separation bit" and is used for the purposes of EPS (Evolved Packet System). Bits "1 " to "7" are reserved for future standardization use and bits "8" to "15" can be used for proprietary purposes.
The fourth variant uses the OTA (Over The Air) management of the USIM.
In the following, each of the variants according to example versions of the present invention as well as the impact of these variants on the entities involved in the communication will be described in detail.
Variant 1 :
According to a first variant of some example version of the present invention, an AMF bit x (x being one bit of the bits "1 " to "7") is used, which indicates the following: if the bit x is set to 1 , the ME shall use only algorithms of a certain minimum strength, e.g. GEA4 or stronger. According to the first variant, the AMF bit must be in the standardized part of the AMF (bits "1 " to "7", as set out above, with bit "0" being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary. If the bit x is set to "0", there are no specific requirements regarding the encryption algorithms. In such a case, the HSS or HLR including the Authentication Centre (AuC) must be capable of setting the AMF bit x dependent on
• serving network node (e.g. SGSN) capability
· type of subscription, e.g. loT.
Thus, the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
The ME must be capable of evaluating the AMF bit x and interpret it as an instruction to use only certain encryption algorithms.
There is no impact on the USIM.
Variant 2:
According to a second variant of some example version of the present invention, an AMF bit y (y being one bit of the bits "1 " to "7") is used, which indicates the following: if the bit y is set to 1 , the ME shall contact the USIM to fetch further information on encryption algorithms from the USIM, if the bit y is set to 0, the ME shall not contact the USIM to fetch further information on encryption algorithms from the USIM.
Again, the AMF bit must be in the standardized part of the AMF (bits "1 " to "7", as set out above, with bit "0" being already in use) because it needs to be evaluated in the ME and, hence, cannot be proprietary.
This solution allows more flexibility regarding the algorithms as the AMF bit does not point only to one particular algorithm (like in the first variant). But the information on encryption algorithms in the USIM is still assumed to be static and pre-configured by the operator (assuming that loT terminals cannot be managed remotely), so the network needs to tell the ME by setting the AMF bit when the information in the USIM becomes applicable and needs to be fetched from there. In the second variant, the HSS or HLR including the Authentication Centre (AuC) must be capable of setting the AMF bit y dependent on
• serving network node (e.g. SGSN) capability
• type of subscription, e.g. loT.
Thus, the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
The ME must be capable of evaluating the AMF bit y and interpret it as an instruction to fetch further information on the use of encryption algorithms from the USIM.
The USIM must be capable of storing information on the use of encryption algorithms and sending it to the ME upon request.
Variant 3:
According to a third variant of some example version of the present invention, an AMF bit z (z being one bit of the bits "1 " to "15") is used, which indicates the following: if the bit is set to 1 , the USIM shall modify the information on encryption algorithms so that now only algorithms of a certain minimum strength are allowed, e.g. only GEA4 or stronger. If the bit z is set to "0", the USIM does not modify the information.
The information on encryption algorithms in the USIM is now assumed to be dynamically changing, depending on the value of the AMF bit z, and the ME is assumed to always fetch information on encryption algorithms from the USIM. The AMF bit could also be in the proprietary part of the AMF as, in principle, though not always in practice, the operator owning the HLR or HSS could instruct his provider of USIMs to implement a proprietary meaning of the AMF bit. But the ME behavior would have to be standardized anyhow.
In the third variant, the HSS or HLR including the Authentication Centre (AuC) must be capable of setting AMF bit z dependent on
• serving network node (e.g. SGSN) capability • type of subscription, e.g. loT.
Thus, the HLR or HSS must maintain a database storing the capabilities associated with the serving network node or subscription.
The ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
The USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the value of the AMF bit z and send the information to the ME upon request.
Variant 4:
A fourth variant according to example versions of the present invention relates to modifying information on encryption algorithms in the USIM via OTA mechanisms (e.g. via the SIM application toolkit). The OTA mechanisms are protected in a proprietary way.
This is the most flexible way of conveying updated information on encryption algorithms to the USIM. However, it is cumbersome for the operator, especially for a very large number of terminals like in loT, and some operators and/or some low-cost terminals (especially for loT) may not support OTA updates. Again, the ME behaviour to fetch information on encryption algorithms from the USIM would have to be standardized.
In the fourth variant according to example versions of the present invention, there is no impact on the HSS or HLR including the Authentication Centre (AuC).
However, there must be an OTA server that must be capable of sending updated information on encryption algorithms to selected sets of UEs, e.g. depending on the type of subscription. The ME must be capable of always fetching further information on the use of encryption algorithms from the USIM.
The USIM must be capable of storing information on the use of encryption algorithms, modify it depending on the updating information received OTA and send the information to the ME upon request.
According to example versions of the present invention, there is provided a solution for the problem, as described above that is currently not available, using the AMF that is currently underused. Such a method is secure and simple to implement.
As already set out above, the above described four variants are of course not limited to signaling the use of GEA4 in the context of GERAN loT, but could also be used to signal the use of e.g. encryption or integrity algorithms in UMTS or LTE.
In the following, a more general description of some example version of embodiments of the present invention is made with respect to Figs. 1 to 6.
Fig. 1 is a flowchart illustrating an example of a method according to example versions of the present invention.
According to example versions of the present invention, the method may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like. The method comprises composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment in a step S1 1 , and transmitting, by the register, the message to the user equipment in a step S12.
According to some example versions of the present invention, the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to use specific encryption algorithms. According to some example versions of the present invention, the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to obtain information on specific encryption algorithms to be used from a subscriber identity module of the user equipment.
According to some example versions of the present invention, the management field includes a bit for dynamically changing information on specific encryption algorithms in the subscriber identity module of the user equipment. According to some example versions of the present invention, the bit is set depending on capabilities of a serving gateway node serving the user equipment and a type of subscription of the user equipment.
According to some example versions of the present invention, the register is a Home Subscriber Server or a Home Location Register including an Authentication Centre.
Fig. 2 is a flowchart illustrating another example of a method according to example versions of the present invention. According to example versions of the present invention, the method may be implemented in or may be part of a server, like an OTA server, or the like. The method comprises determining, by a server, updated information on specific encryption algorithms to be used by a user equipment in a step S21 , and transmitting, by the server, in a step S22, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
Fig. 3 is a flowchart illustrating another example of a method according to example versions of the present invention. According to example versions of the present invention, the method may be implemented in or may be part of a mobile equipment or the like. The method comprises receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment in a step S31 , evaluating, by the mobile equipment, in a step S32 the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information in a step S33.
According to example versions of the present invention, evaluating the information comprises interpreting the information as an instruction to use the specific encryption algorithms.
According to example versions of the present invention, evaluating the information comprises interpreting the information as an instruction to obtain information on the use of the specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and the method further comprises using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
Fig. 4 is a flowchart illustrating another example of a method according to example versions of the present invention.
According to example versions of the present invention, the method may be implemented in or may be part of a mobile equipment or the like. The method comprises obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment in a step S41 , and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module in a step S42.
Fig. 5 is a flowchart illustrating another example of a method according to example versions of the present invention.
According to example versions of the present invention, the method may be implemented in or may be part of a subscriber identity module, like a USIM, or the like. The method comprises storing, in a subscriber identity module, in a step S51 , information on the use of specific encryption algorithms, and, in a step S52, transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
According to example versions of the present invention, the method further comprises receiving, at the subscriber identity module, a message including updated information on the use of specific encryption algorithms, modifying, by the subscriber identity module, the stored information on the use of specific encryption algorithms based on the updated information, and transmitting, by the subscriber identity module, upon request, the modified information to the mobile equipment.
According to example versions of the present invention, the specific encryption algorithms are encryption algorithms having a specific minimum strength.
Fig. 6 is a block diagram showing an example of an apparatus according to some example versions of the present invention.
In Fig. 6, a block circuit diagram illustrating a configuration of an apparatus 60 is shown, which is configured to implement the above described aspects of the invention. It is to be noted that the apparatus 60 shown in Fig. 6 may comprise several further elements or functions besides those described herein below, which are omitted herein for the sake of simplicity as they are not essential for understanding the invention. Furthermore, the apparatus may be also another device having a similar function, such as a chipset, a chip, a module etc., which can also be part of an apparatus or attached as a separate element to the apparatus, or the like.
The apparatus 60 may comprise a processing function or processor 61 , such as a CPU or the like, which executes instructions given by programs or the like. The processor 61 may comprise one or more processing portions dedicated to specific processing as described below, or the processing may be run in a single processor. Portions for executing such specific processing may be also provided as discrete elements or within one or further processors or processing portions, such as in one physical processor like a CPU or in several physical entities, for example. Reference sign 62 denotes transceiver or input/output (I/O) units (interfaces) connected to the processor 61 . The I/O units 62 may be used for communicating with one or more other network elements, entities, terminals or the like. The I/O units 62 may be a combined unit comprising communication equipment towards several network elements, or may comprise a distributed structure with a plurality of different interfaces for different network elements. The apparatus 60 further comprises at least one memory 63 usable, for example, for storing data and programs to be executed by the processor 61 and/or as a working storage of the processor 61 . The processor 61 is configured to execute processing related to the above described aspects. In particular, the apparatus 60 may be implemented in or may be part of a network element like a serving gateway, a packet data network gateway or the like, and may be configured to perform a method as described in connection with Fig. 2. Thus, the processor 61 is configured to perform receiving, by a first network element, a message including an indication of a quality of service modification initiated by a charging entity, composing, by the first network element, a message including an information element indicating that the quality of service modification is initiated by the charging entity, and forwarding, by the first network element, the message including the information element to a second network element.
According to some example versions of the present invention, the apparatus 60 may be implemented in or may be part of a register, like a HSS or a HLR including the AuC, or the like, and may be configured to perform a method as described in connection with Fig. 1 . Thus, the processor 61 is configured to perform composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment, and transmitting, by the register, the message to the user equipment.
According to example versions of the present invention, the apparatus 60 may be implemented in or may be part of a server, like an OTA server, or the like, and may be configured to perform a method as described in connection with Fig. 2. Thus, the processor 61 is configured to perform determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
According to example versions of the present invention, the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 3. Thus, the processor 61 is configured to perform receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment, evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and using, by the mobile equipment, the specific encryption algorithms based on the information.
According to example versions of the present invention, the apparatus 60 may be implemented in or may be part of a mobile equipment or the like, and may be configured to perform a method as described in connection with Fig. 4. Thus, the processor 61 is configured to perform obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
According to example versions of the present invention, the apparatus 60 may be implemented in or may be part of a subscriber identity module, like a USIM, or the like, and may be configured to perform a method as described in connection with Fig. 5. Thus, the processor 61 is configured to perform storing, in a subscriber identity module, information on the use of specific encryption algorithms, and transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module. For further details regarding the functions of the apparatus 60, reference is made to the description of the methods according to some example versions of the present invention as described in connection with Figs. 1 to 5.
Thus, it is noted that the apparatus for use in a register, the apparatus for use in a server, the apparatus for use in a mobile equipment, and the apparatus for use in a subscriber identity module, generally have the same structural components, wherein these components are configured to execute the respective functions of the register, server, mobile equipment, and subscriber identity module, respectively, as set out above. In the foregoing exemplary description of the apparatus, only the units/means that are relevant for understanding the principles of the invention have been described using functional blocks. The apparatus may comprise further units/means that are necessary for its respective operation, respectively. However, a description of these units/means is omitted in this specification. The arrangement of the functional blocks of the apparatus is not construed to limit the invention, and the functions may be performed by one block or further split into sub-blocks. When in the foregoing description it is stated that the apparatus (or some other means) is configured to perform some function, this is to be construed to be equivalent to a description stating that a (i.e. at least one) processor or corresponding circuitry, potentially in cooperation with computer program code stored in the memory of the respective apparatus, is configured to cause the apparatus to perform at least the thus mentioned function. Also, such function is to be construed to be equivalently implementable by specifically configured circuitry or means for performing the respective function (i.e. the expression "unit configured to" is construed to be equivalent to an expression such as "means for").
For the purpose of the present invention as described herein above, it should be noted that
- method steps likely to be implemented as software code portions and being run using a processor at an apparatus (as examples of devices, apparatuses and/or modules thereof, or as examples of entities including apparatuses and/or modules therefore), are software code independent and can be specified using any known or future developed programming language as long as the functionality defined by the method steps is preserved;
- generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the aspects/embodiments and its modification in terms of the functionality implemented;
- method steps and/or devices, units or means likely to be implemented as hardware components at the above-defined apparatuses, or any module(s) thereof, (e.g., devices carrying out the functions of the apparatuses according to the aspects/embodiments as described above) are hardware independent and can be implemented using any known or future developed hardware technology or any hybrids of these, such as MOS (Metal Oxide Semiconductor), CMOS (Complementary MOS), BiMOS (Bipolar MOS), BiCMOS (Bipolar CMOS), ECL (Emitter Coupled Logic), TTL (Transistor-Transistor Logic), etc., using for example ASIC (Application Specific IC (Integrated Circuit)) components, FPGA (Field- programmable Gate Arrays) components, CPLD (Complex Programmable Logic Device) components or DSP (Digital Signal Processor) components;
- devices, units or means (e.g. the above-defined apparatuses, or any one of their respective units/means) can be implemented as individual devices, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, unit or means is preserved;
- an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for execution/being run on a processor;
- a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing, for example.
In general, it is to be noted that respective functional blocks or elements according to above-described aspects can be implemented by any known means, either in hardware and/or software, respectively, if it is only adapted to perform the described functions of the respective parts. The mentioned method steps can be realized in individual functional blocks or by individual devices, or one or more of the method steps can be realized in a single functional block or by a single device.
Generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the present invention. Devices and means can be implemented as individual devices, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device is preserved. Such and similar principles are to be considered as known to a skilled person.
Software in the sense of the present description comprises software code as such comprising code means or portions or a computer program or a computer program product for performing the respective functions, as well as software (or a computer program or a computer program product) embodied on a tangible medium such as a computer-readable (storage) medium having stored thereon a respective data structure or code means/portions or embodied in a signal or in a chip, potentially during processing thereof. It is noted that the aspects/embodiments and general and specific examples described above are provided for illustrative purposes only and are in no way intended that the present invention is restricted thereto. Rather, it is the intention that all variations and modifications which fall within the scope of the appended claims are covered.
Abbreviations:
3GPP 3rd Generation Partnership Project
AKA Authentication and Key Agreement
AMF Authentication Management Field AuC Authentication Centre
CS Circuit-Switched
EDGE Enhanced Data Rates for GSM Evolution
GEA GPRS encryption algorithm
GERAN GSM EDGE Radio Access Network GPRS General Packet Radio Service
GSM Global System for Mobile Communications
HLR Home Location Register
HSS Home Subscriber System loT Internet of Things LTE Long Term Evolution
ME Mobile Equipment (does not include the USIM)
OTA Over The Air
PS Packet-Switched
RAND Random number / Random challenge SGSN Serving GPRS Support Node UE User Equipment (does include the USIM)
UMTS Universal Mobile Telecommunication System
USIM Universal Subscriber Identity Module

Claims

1 . A method, comprising :
composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
transmitting, by the register, the message to the user equipment.
2. The method according to claim 1 , wherein
the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to use specific encryption algorithms.
3. The method according to claim 1 , wherein
the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to obtain information on specific encryption algorithms to be used from a subscriber identity module of the user equipment.
4. The method according to claim 1 , wherein
the management field includes a bit for dynamically changing information on specific encryption algorithms in the subscriber identity module of the user equipment.
5. The method according to any one of the preceding claims, wherein
the bit is set depending on capabilities of a serving gateway node serving the user equipment and a type of subscription of the user equipment.
6. The method according to anyone of the preceding claims, wherein
the register is a Home Subscriber Server or a Home Location Register including an Authentication Centre.
7. A method, comprising:
determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and
transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
8. A method, comprising:
receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
using, by the mobile equipment, the specific encryption algorithms based on the information.
9. The method according to claim 8, wherein
evaluating the information comprises interpreting the information as an instruction to use the specific encryption algorithms.
10. The method according to claim 8, wherein
evaluating the information comprises interpreting the information as an instruction to obtain information on the use of the specific encryption algorithms from a subscriber identity module associated with the mobile equipment, further comprising
using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
1 1 . A method, comprising :
obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
12. A method, comprising :
storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
13. The method according to claim 1 2, further comprising :
receiving, at the subscriber identity module, a message including updated information on the use of specific encryption algorithms, modifying, by the subscriber identity module, the stored information on the use of specific encryption algorithms based on the updated information, and
transmitting, by the subscriber identity module, upon request, the modified information to the mobile equipment.
14. The method according to any one of the preceding claims, wherein
the specific encryption algorithms are encryption algorithms having a specific minimum strength.
15. An apparatus for use in a register, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
transmitting, by the register, the message to the user equipment.
16. The apparatus according to claim 15, wherein
the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to use specific encryption algorithms.
17. The apparatus according to claim 15, wherein
the management field includes a bit indicating an instruction for a mobile equipment of the user equipment to obtain information on specific encryption algorithms to be used from a subscriber identity module of the user equipment.
18. The apparatus according to claim 15, wherein
the management field includes a bit for dynamically changing information on specific encryption algorithms in the subscriber identity module of the user equipment.
19. The apparatus according to any one of claims 15 to 18, wherein
the bit is set depending on capabilities of a serving gateway node serving the user equipment and a type of subscription of the user equipment.
20. The apparatus according to anyone of claims 15 to 19, wherein
the register is a Home Subscriber Server or a Home Location Register including an Authentication Centre.
21 . An apparatus for use in a server, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
determining, by the server, updated information on specific encryption algorithms to be used by a user equipment, and
transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the-air mechanisms.
22. An apparatus for use in a mobile equipment, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
receiving, by the mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment, evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
using, by the mobile equipment, the specific encryption algorithms based on the information.
23. The apparatus according to claim 22, wherein
evaluating the information comprises interpreting the information as an instruction to use the specific encryption algorithms.
24. The apparatus according to claim 22, wherein
evaluating the information comprises interpreting the information as an instruction to obtain information on the use of the specific encryption algorithms from a subscriber identity module associated with the mobile equipment, further comprising
using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
25. An apparatus for use in a mobile equipment, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
obtaining, by the mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
26. An apparatus for use in a subscriber identity module, comprising:
at least one processor, and at least one memory for storing instructions to be executed by the processor, wherein the at least one memory and the instructions are configured to, with the at least one processor, cause the apparatus at least to perform
storing, in the subscriber identity module, information on the use of specific encryption algorithms, and
transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
27. The apparatus according to claim 26, further comprising:
receiving, at the subscriber identity module, a message including updated information on the use of specific encryption algorithms,
modifying, by the subscriber identity module, the stored information on the use of specific encryption algorithms based on the updated information, and
transmitting, by the subscriber identity module, upon request, the modified information to the mobile equipment.
28. The apparatus according to any one of claims 1 5 to 27, wherein
the specific encryption algorithms are encryption algorithms having a specific minimum strength.
29. An apparatus, comprising: means for composing, by a register, a message including a management field, the management field including information regarding use of specific encryption algorithms by a user equipment,
means for transmitting, by the register, the message to the user equipment.
30. An apparatus, comprising: means for determining, by a server, updated information on specific encryption algorithms to be used by a user equipment, and
means for transmitting, by the server, the updated information on specific encryption algorithms to a subscriber identity module of the user equipment via over-the- air mechanisms.
31 . An apparatus, comprising: means for receiving, by a mobile equipment, a message including a management field, the management field including information regarding use of specific encryption algorithms by the mobile equipment,
means for evaluating, by the mobile equipment, the information regarding use of specific encryption algorithms, and
means for using, by the mobile equipment, the specific encryption algorithms based on the information.
32. An apparatus, comprising: means for obtaining, by a mobile equipment, information on use of specific encryption algorithms from a subscriber identity module associated with the mobile equipment, and
means for using the specific encryption algorithms indicated in the information obtained from the subscriber identity module.
33. An apparatus, comprising: means for storing, in a subscriber identity module, information on the use of specific encryption algorithms, and
means for transmitting, by the subscriber identity module, upon request, the information to a mobile equipment associated with the subscriber identity module.
34. A computer program product including a program for a processing device, comprising software code portions for performing the method of any one of claims 1 to 14 when the program is run on the processing device.
35. The computer program product according to claim 34, wherein the computer program product comprises a computer-readable medium on which the software code portions are stored.
36. The computer program product according to claim 34, wherein the program is directly loadable into an internal memory of the processing device.
PCT/EP2014/074150 2014-11-10 2014-11-10 Enforcing the use of specific encryption algorithms WO2016074694A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/074150 WO2016074694A1 (en) 2014-11-10 2014-11-10 Enforcing the use of specific encryption algorithms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/074150 WO2016074694A1 (en) 2014-11-10 2014-11-10 Enforcing the use of specific encryption algorithms

Publications (1)

Publication Number Publication Date
WO2016074694A1 true WO2016074694A1 (en) 2016-05-19

Family

ID=51905029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/074150 WO2016074694A1 (en) 2014-11-10 2014-11-10 Enforcing the use of specific encryption algorithms

Country Status (1)

Country Link
WO (1) WO2016074694A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11283607B2 (en) 2018-07-19 2022-03-22 British Telecommunications Public Limited Company Dynamic data encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998053629A1 (en) * 1997-05-20 1998-11-26 Motorola, Inc. Secure multinumber sim card and method
WO1999001848A1 (en) * 1997-07-02 1999-01-14 Sonera Oyj Procedure for the control of applications stored in a subscriber identity module
EP1213680A2 (en) * 2000-11-30 2002-06-12 Avx Corporation Electronic device with a card reader and connector assembly
US20040185829A1 (en) * 2000-05-22 2004-09-23 Bart Vinck Method for establishing a connection between a terminal and an operating mobile radio network, mobile radio network and terminal used in such a method
WO2006007879A1 (en) * 2004-07-22 2006-01-26 Telecom Italia S.P.A. Method and system for improving robustness of secure messaging in a mobile communications network
WO2006029384A2 (en) * 2004-09-08 2006-03-16 Qualcomm Incorporated Method, apparatus and system for mutual authentication with modified message authentication code
WO2007110094A1 (en) * 2006-03-27 2007-10-04 Telecom Italia S.P.A. System for enforcing security policies on mobile communications devices

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998053629A1 (en) * 1997-05-20 1998-11-26 Motorola, Inc. Secure multinumber sim card and method
WO1999001848A1 (en) * 1997-07-02 1999-01-14 Sonera Oyj Procedure for the control of applications stored in a subscriber identity module
US20040185829A1 (en) * 2000-05-22 2004-09-23 Bart Vinck Method for establishing a connection between a terminal and an operating mobile radio network, mobile radio network and terminal used in such a method
EP1213680A2 (en) * 2000-11-30 2002-06-12 Avx Corporation Electronic device with a card reader and connector assembly
WO2006007879A1 (en) * 2004-07-22 2006-01-26 Telecom Italia S.P.A. Method and system for improving robustness of secure messaging in a mobile communications network
WO2006029384A2 (en) * 2004-09-08 2006-03-16 Qualcomm Incorporated Method, apparatus and system for mutual authentication with modified message authentication code
WO2007110094A1 (en) * 2006-03-27 2007-10-04 Telecom Italia S.P.A. System for enforcing security policies on mobile communications devices

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (3G TS 33.102 version 3.4.0 Release 1999)", 3GPP STANDARD; 3G TS 33.102, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V3.4.0, 1 March 2000 (2000-03-01), pages 1 - 69, XP050376388 *
YU-LUN HUANG ET AL: "Provable Secure AKA Scheme with Reliable Key Delegation in UMTS", SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, 2009. SSIRI 2009. THIRD IEEE INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 8 July 2009 (2009-07-08), pages 243 - 252, XP031563010, ISBN: 978-0-7695-3758-0 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11283607B2 (en) 2018-07-19 2022-03-22 British Telecommunications Public Limited Company Dynamic data encryption

Similar Documents

Publication Publication Date Title
AU2016243284B2 (en) Authentication and key agreement with perfect forward secrecy
CN113271595B (en) Mobile communication method, device and equipment
US11234128B2 (en) Managing undesired service requests in a network
US11622268B2 (en) Secure communication method and secure communications apparatus
CN102318386B (en) To the certification based on service of network
CN112154624A (en) User identity privacy protection for pseudo base stations
CN111788839A (en) User identity privacy protection and network key management
MX2012014243A (en) Methods and apparatuses facilitating synchronization of security configurations.
CN104066070A (en) Terminal registration method, terminal finding method, terminal and devices
JP2020509648A (en) Management of security context in idle mode mobility between different wireless communication systems
JP2022530955A (en) Methods and processes for validating multi-SIM devices and subscription information
US20220279471A1 (en) Wireless communication method for registration procedure
US11032699B2 (en) Privacy protection capabilities
US20190274039A1 (en) Communication system, network apparatus, authentication method, communication terminal, and security apparatus
US11937084B2 (en) Secure attestation packages for devices on a wireless network
WO2016184140A1 (en) Equipment identifier checking method, system, equipment and storage medium
US10492056B2 (en) Enhanced mobile subscriber privacy in telecommunications networks
US8583116B2 (en) Method and apparatus for communicating network features during a routing area update procedure
AU2019224247B2 (en) Radio communication system, security proxy device, and relay device
WO2016074694A1 (en) Enforcing the use of specific encryption algorithms
EP3414928B1 (en) Security in isolated lte networks
WO2024065502A1 (en) Authentication and key management for applications (akma) for roaming scenarios
JP2021509781A (en) Methods for data transmission, terminal devices and network devices
WO2016082872A1 (en) Blocking of nested connections

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14799710

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14799710

Country of ref document: EP

Kind code of ref document: A1