蔡瀚興-讀書會-21/07/21

# 蔡瀚興-讀書會-21/07/21 ## 推薦連結 - [What is the difference between "partial native" and "full native "](https://www.queryhome.com/tech/116405/difference-between-partial-native-native-security-context) ## Introduction ![](https://i.imgur.com/pM6vqKF.jpg) - **NAS security:** Ensure that the control plane NAS messages between the UE and the MME are safe by $K_{ASME}$. - **AS security:** The purpose of AS security is to ensure that control plane RRC messages and user plane IP data packets between the UE and eNB are safe. ## NAS security ### 一、Transmission of Security Mode Command message (Assuming that MME assigns KSI-ASME = 1 to identify $K_{ASME}$.) ![](https://i.imgur.com/rfFFWOn.jpg) 1. **[MME] Select the security algorithm:** MME透過UE傳來的 Attach Request Message 中 network capability info 來選擇encryption 及 integrity algorithm 2. **[MME]Calculates the NAS security key:** MME使用 Alg-ID 和 algorithm discriminator(用來選擇安全算法) 來從$K_{ASME}$中計算出$K_{NASinc}$和$K_{NASenc}$ ![](https://i.imgur.com/psQftWf.jpg) 3. **[MME] Generate NAS-MAC for integrity protection:** MME使用EIA algo及參數算出 NAS-MAC。 (參數如下：) **1.Count :** 32bit downlink NAS count **2.Message :** NAS message, here is Security Mode Command **3.Direction:** 1bit ,0up or 1down **4.Bearer :** 5bit bearer ID, fixed value, set to 0 **5.$K_{NASinc}$ :** 128-bit NAS integrity key 4. **[UE <-MME] Sends a Security mode command message:** MME將包含NAS-MAC的Security Mode Command Message給UE，有intergirty，無enryption (訊息包含：) **1.KSI-ASME:** 3bit and K-ASME associated value **2.Return to UE security capabilities:** UE network capabilities **3.NAS encryption algorithm:** NAS encryption algorithm selected by MME **4.NAS integrity algorithm:** NAS integrity algorithm selected by MME 5. **[UE] Set $K_{ASME}$ representation (KSI-ASME):** UE將KSI-ASME設為目前的K-ASME 6. **[UE] Generate NAS security key:** UE使用$K_{ASME}$及選擇的演算法算出$K_{NASinc}$和$K_{NASenc}$ 7. **[UE] Check the integrity of the Security mode command message:** UE用MME選的intergrity algo算出XNAS-MAC消息鑑權碼和K-NASinc。然後比較XNAS-MAC是否與NAS-MAC相同，來確認訊息完整性。 ![](https://i.imgur.com/mr5bHcp.jpg) ### 二、Transmission of Security mode complete message (Security mode complete message transmission is encrypted and integrity protected) ![](https://i.imgur.com/4p8b44x.gif) 8. **[UE] uses the selected encryption algorithm EEA1 to encrypt the message:** UE加密Security Mode Complete Message並傳給MME(由Encrypted algo及$K_{NASenc}$來加密) (參數如下：) **1.Count :** 32bit uplink NAS count **2.Length :** Length of the key stream through the encryption algorithm **3.Direction:** 1bit ,0up or 1down **4.Bearer :** 5bit bearer ID, fixed value, set to 0 **5.$K_{NASenc}$ :** 128-bit NAS integrity key 9. **[UE] Generate NAS-MAC for integrity protection:** 類似 3. 10. **[UE-> MME] Send Security Mode complete message:** UE將包含NAS-MAC的Security Mode Complete Message傳給MME，有intergirty，有enryption (此後UE及MME之間的NAS messages就安全了) 11. **[MME] Verify the integrity of the Security Mode complete message:** 類似 7. 12. **[MME] Decrypts the Security Mode complete message:** 完整性驗證成功後，MME開始解密訊息 ![](https://i.imgur.com/9LKVNX8.jpg) ### 三、After the NAS is securely established 一旦NAS security建立，所有UE及MME之間的NAS Message都是encrypted及integrity保護的 - NAS消息發送前，首先加密然後完整性保護。原NAS消息首先使用K-NASenc加密然後包含K-NASint計算出來的NAS-MAC做完整性保護。 - 當接收到NAS消息，首先做完整性驗證，然後解密。首先對比使用K-NASint計算出來的XNAS-MAC和接收到的NAS-MAC對比來檢查NAS消息的完整性，接著解密得到原始的NAS消息。 ## AS Security ### 一、Transmission of Security mode command message ![](https://i.imgur.com/CX5tMgG.jpg) 1. **[MME] Calculate $K_{eNB}$ :** MME用$K_{ASME}$產生$K_{eNB}$ 2. **[eNB <-MME] Send $K_{eNB}$ :** MME透過initial context setup request message傳Attach Accept Message給UE (訊息包含：) **1.UE security capability** **2.Security key:** 256bit $K_{eNB}$ 3. **[eNB] Select the security algorithm:** 類似NAS security中 1. 4. **[eNB] Generate AS security key:** ![](https://i.imgur.com/pEl9Agt.jpg) 5. **[eNB] Generate MAC-I for integrity protection:** eNB使用EIA algo及$K_{RRCint}$算出MAC-I (參數如下：) **1.Count :** 32bit downlink PDCP count **2.Message :** RRC message, here is Security Mode Command **3.Direction:** 1bit ,0up or 1down **4.Bearer :** 5bit bearer ID, fixed value, set to 0 **5.$K_{RRCint}$ :** 128-bit NAS integrity key 6. **[UE <-eNB] sends a Security mode command message:** 類似NAS security中 4. ![](https://i.imgur.com/BxZPKr0.jpg) 7. **[UE] Identification security algorithm: EEA1, EIA1** 8. **[UE] Generate AS security key:** UE使用算法ID和算法分辨器從$K_{eNB}$中計算出$K_{RRCinc}$和$K_{RRCenc}$和$K_{UPenc}$ 9. **[UE] Check the integrity of the Security mode command message:** 比較計算出來的XMAC-I及MAC-I ### 二、Transmission of Security mode complete message ![](https://i.imgur.com/koIHc37.jpg) 10. **[UE] Generate NAS-MAC for integrity protection** 11. **[UE->MME] Send Security Mode complete message** 12. **[MME] Verify the integrity of the Security Mode complete message** ### 三、After AS security is established 一旦AS安全建立完成，所有UE和eNB之間的RRC Message和IP-Packet都是encrypted及integrity保護 - **不同於NAS security先確認完整性再解密，AS security是先解密再確認完整性** - IP-Packet是加密的但不進行完整性保護。IP-Packet在發送端使用K-UPenc進行加密，在接收端使用K-UPenc進行解密獲得原始的IP-Packet。 ## Security Context - **EPS security contexts:** 在EPS entity中安全相關的資料，可產生NAS或AS security contexts - **Partial native:** 在第一個SMC前的NAS security context - **Full native:** 在第一個SMC後的NAS security context ![](https://i.imgur.com/UyemNuK.jpg) ![](https://i.imgur.com/R56vNNi.jpg)

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.