I just received a message.我刚刚收到一条消息。
How can I be sure that this message is coming from mynetwork and not from someone else trying to send mefalse information or that this message hasn’t beenmodified by someone in the network?我如何确定此消息来自我的网络,而不是来自试图向我发送虚假信息的其他人,或者此消息未被网络中的某人修改过?
In this video, we’ll see the mechanisms put in place toensure the integrity of data.在本视频中,我们将看到为确保数据完整性而实施的机制。
The principle is simple: with each dataframe, we add a code of several bytes of information.原理很简单:对于每个数据帧,我们添加几个字节信息的代码。
This code is calculated thanks to mathematicalfunctions called Cryptographic Hash Functions and whichhave a few special properties.此代码的计算归功于名为Cryptographic Hash Functions的数学函数,它具有一些特殊属性。
Knowing the output of the function, one cannotreconstruct the input data.知道函数的输出,就无法重建输入数据。
Moreover, the size of theoutput data is always the same anddoes not depend on the size of the input data.而且,输出数据的大小总是相同的,并且不依赖于输入数据的大小。
The code added to each frame is calleda message authentication code, MAC.添加到每个帧的代码称为消息认证码MAC。
Be careful! In networks, we also use the abbreviationMAC for Medium Access Control.小心! 在网络中,我们还使用缩写MAC进行媒体访问控制。
The authentication MAC has nothing to do with the MAClayer or the computer!On the radio link, the senderadds this little MAC to the useful data in each frame.认证MAC与MAC层或计算机无关!在无线电链路上,发送方将这个小MAC添加到每个帧中的有用数据。
The size of the MAC chosen for the LTE networkis 32 bits.为LTE网络选择的MAC的大小是32位。
The receiver, on its part, recalculates the MACfrom data and compares this code to the MACcontained in the frame.接收器本身从数据中重新计算MAC并将该代码与帧中包含的MAC进行比较。
If the two are the same, the receiver has theguarantee that no one has modified the dataand that they come from the true sender.如果两者相同,则接收方可以保证没有人修改数据,并且他们来自真正的发送者。
This is integrity control.这是完整性控制。
Integrity control is used for signalingmessages, because they are critical.完整性控制用于信令消息,因为它们是关键的。
Let’s take the example of a cell change order sent to theterminal, the handover command.让我们以发送给终端的小区改变命令为例,即切换命令。
If it is modified, the terminal could be sent to a wrongcell and no longer work correctly or even causedisturbance in the network.如果它被修改,终端可能被发送到错误的小区,不再正常工作,甚至导致网络干扰。
The designers of the 4G networks decidedto not activate integrity control for user data.
4G网络的设计者决定不激活用户数据的完整性控制。
These data are not created by the network.这些数据不是由网络创建的。
If it’s necessary, it’s preferable to activate integrityend-to-end, that is, in the terminal applicationand on the application server.如果有必要,最好是端到端激活完整性,即在终端应用程序和应用程序服务器上。
The receiver and the sender have the same hash function.接收方和发送方具有相同的散列函数。
They have the same key Kint theynegotiated during the authentication phase andwhich is generated in part on the random numberand the secret key.它们具有在认证阶段协商的相同密钥Kint,并且部分地根据随机数和密钥生成。
Like the ciphering algorithm, the MAC sequencemust be different each time, including when the samemessage is transmitted twice.与加密算法一样,MAC序列每次必须不同,包括同一消息被传输两次。
We have also a packet counterincremented with each new transmission, thedirection and the bearer identity.我们还有一个数据包计数器,随着每个新的传输,方向和承载标识而递增。
Certain signaling messages are exchanged between theterminal and the eNodeB.在终端和eNodeB之间交换某些信令消息。
Other messages pass through the eNodeB, but areexchanged between the terminal and the MME.
其他消息通过eNodeB,但在终端和MME之间交换。
The integrity mechanisms are implemented in the mobileterminal, the eNodeB and the MME.完整性机制在移动终端,eNodeB和MME中实现。
There are three standardized algorithms to ensureintegrity that follow the same logic as the ciphering algorithms:NULL for the test phase, SNOW 3G for compatibility with 3G, and AES.有三种标准化算法可确保完整性遵循与加密算法相同的逻辑:测试阶段为NULL,与3G兼容的SNOW 3G和AES。
Let’s see how ciphering and integrity control are combined.让我们看看如何组合加密和完整性控制。
For a given session, we have oneconstant encryption key and one constant integrity key.对于给定的会话,我们有一个常量加密密钥和一个常量完整性密钥。
Starting with the packet,the sender first ciphers it andthen adds the calculated MAC code.从数据包开始,发送方首先对其进行加密,然后添加计算出的MAC代码。
The receiver does the opposite:verify the correspondence of the MAC code, then decipher it.
接收器反之亦然:验证MAC代码的对应关系,然后对其进行解密。
To summarize, integrity control is provided for signalingmessages in 4G networks.总而言之,为4G网络中的信令消息提供完整性控制。
A short authentication code called MAC isadded to each message.每个消息都添加一个称为MAC的短认证码。
This code is computed by both the sender and thereceiver with an integrity key generated with thesecret key and the rand used for the authentication.该代码由发送方和接收方计算,其中使用密钥生成的完整性密钥和用于认证的rand。
Integrity is considered asguaranteed if both codes are the same.如果两个代码相同,则认为完整性是有保证的。
转载于:https://www.cnblogs.com/sec875/articles/9906087.html
