文章目錄
1 加密算法
加密算法輸入:
a 128-bit cipher key named KEY (KNASenc),
a 32-bit COUNT,COUNT := 0x00 || NAS COUNT
a 5-bit bearer identity BEARER,
the 1-bit direction of the transmission i.e. DIRECTION,The DIRECTION bit shall be 0 for uplink and 1 for downlink.
the length of the keystream required i.e. LENGTH.
2 完保算法
完保算法輸入:
a 128-bit integrity key named KEY (KNASint)
a 32-bit COUNT, COUNT := 0x00 || NAS COUNT
a 5-bit bearer identity called BEARER
the 1-bit direction of the transmission i.e. DIRECTION,The DIRECTION bit shall be 0 for uplink and 1 for downlink.
the message itself i.e. MESSAGE.
The bit length of the MESSAGE is LENGTH.
3 密鑰衍生
CK’, IK’
鑑權成功後,ME和AUSF網元會生成該密鑰。長度爲128bits。
KDF(Key,S), 其中,Key爲CK || IK,S值如下:
-
FC = 0x20,
-
P0 = SNN,
-
L0 = length of SNN
-
P1 = SQN Å AK
-
L1 = length of SQN Å AK
輸出的前128bits爲CK’,後128bits爲IK’。
KAUSF
primary authentication過程成功後,ME和AUSF網元會生成該密鑰。長度爲256bits。
對於5G AKA:KDF(Key,S), 其中,Key爲CK || IK,S值如下:
-
FC = 0x10,
-
P0 = SNN,
-
L0 = length of SNN
-
P1 = SQN Å AK
-
L1 = length of SQN Å AK
對於EAP AKA’: KAUSF爲EMSK的前256bits。
KSEAF
ME和AUSF網元會根據KAUSF計算生成KSEAF。AUSF網元會將該密鑰傳遞給SEAF網元。長度爲256bits。
KDF(Key,S),其中Key爲KAUSF, S值爲:
-
FC = 0x6C,
-
P0 = SNN,
-
L0 = length of SNN.
KAMF
ME和SEAF網元會根據KSEAF計算生成KAMF。長度爲256bits。
KDF(Key,S),其中Key爲KSEAF, S值爲:
-
FC = 0x6D
-
P0 = SUPI
-
L0 = P0 length - number of octets in P0
-
P1 = ABBA parameter
-
L1 = P1 length - number of octets in P1
KNASint
3GPP接入的NAS信令完保密鑰。長度爲256bits或者128bits。
KDF(Key,S), 其中,Key爲KAMF,S值如下:
-
FC = 0x69,
-
P0 = algorithm type distinguisher,
-
L0 = length of algorithm type distinguisher
-
P1 = algorithm identity
-
L1 = length of algorithm identity
KNASenc
3GPP接入的NAS信令加密密鑰。長度爲256bits或者128bits。
同KNASint
KgNB
ME和AMF可根據KAMF計算生成KgNB,或者由目標gNB計算生成。長度爲256bits。
KDF(Key,S),其中Key爲256-bit KAMF, S值如下:
-
FC = 0x6E
-
P0 = Uplink NAS COUNT
-
L0 = length of uplink NAS COUNT (i.e. 0x00 0x04)
-
P1 = Access type distinguisher
-
L1 = length of Access type distiguisher (i.e. 0x00 0x01)
NH
ME和AMF可根據KAMF計算生成NH。長度爲256bits。
KDF(Key,S),其中Key爲256-bit KAMF, S值如下:
-
FC = 0x6F
-
P0 = SYNC-input
-
L0 = length of SYNC-input (i.e. 0x00 0x20)
KN3IWF
ME和AMF可根據KAMF計算生成KN3IWF。長度爲256bits。
KDF(Key,S),其中Key爲256-bit KAMF, S值如下:
-
FC = 0x6E
-
P0 = Uplink NAS COUNT
-
L0 = length of uplink NAS COUNT (i.e. 0x00 0x04)
-
P1 = Access type distinguisher
-
L1 = length of Access type distiguisher (i.e. 0x00 0x01)
KRRCint
RRC信令完保密鑰。長度爲256bits或者128bits。
KDF(Key,S), 其中,Key爲KgNB or KSN,S值如下:
-
FC = 0x69,
-
P0 = algorithm type distinguisher,
-
L0 = length of algorithm type distinguisher
-
P1 = algorithm identity
-
L1 = length of algorithm identity
KRRCenc
RRC信令加密密鑰。長度爲256bits或者128bits。
同KRRCint
KUPenc
數據面傳輸的加密密鑰。長度爲256bits或者128bits。
同KRRCint
KUPint
數據面傳輸的完保密鑰。長度爲256bits或者128bits。
同KRRCint