Could someone track my movements by listening tosignaling exchanges on the radio channel?有人可以通过收听无线电频道上的信令交换来跟踪我的动作吗?
That's the question we'll answer in this video.这是我们将在本视频中回答的问题。
The IMSI is a permanent identifier,unique in the world.
IMSI是一个永久的标识符,在世界上是独一无二的。
As we already saw, before each communication, themobile terminal authenticates itself to the network.
正如我们已经看到的,在每次通信之前,移动终端向网络验证自己。
You may recall, ciphering is not activatedduring the first exchanges and, if itused the IMSI for identification systematically,it would be very simple for someone to track our movements.
您可能还记得,在第一次交换期间,如果没有激活加密系统地使用IMSI进行识别,有人跟踪我们的动作非常简单。
The solution consists in putting in place amechanism that limits the use of the IMSI to a strict minimum.解决方案包括建立一种机制,将IMSI的使用限制在最低限度。
During the first authentication,the terminal has no other choice but to use the IMSI.在第一次认证期间,终端别无选择,只能使用IMSI。
On the other hand, once authentication has succeededand encryption of the radio link has been activated,the network allocates a temporary identifierwhich is used afterwards systematically.另一方面,一旦认证成功并且激活了无线电链路的加密,网络就分配临时标识符,该标识符随后系统地使用。
This temporary identifier is called TMSI orTemporary Mobile Subscriber Identity.该临时标识符称为TMSI或临时移动订户标识。
Because the TMSI is only allocated once encryption isactivated, it is impossible for an attackerto make the link between it and the subscriber’s IMSI.由于TMSI仅在激活加密后分配,因此攻击者无法在其与订户的IMSI之间建立链接。
The TMSI will be used asidentifier for all further communication,guaranteeing that an attacker will no longer be ableto identify the subscriber.TMSI将用作所有进一步通信的标识符,保证攻击者不再能够识别用户。
The TMSI is independently allocated by the mobileterminal’s current MME:it can be changed more frequently or less frequently,depending on the operator’s policies.TMSI由移动终端的当前MME独立分配:它可以更频繁或更不频繁地更改,具体取决于运营商的政策。
It can be kept as long as the UE stays in the samecell, or changed each time the UE starts a new session.只要UE停留在相同小区中,就可以保持它,或者每当UE开始新会话时改变它。
It changes with each MME change.它随着每次MME的变化而变化。
The TMSI is a very short identifier, 4 bytes with a localsignificance for an MME.TMSI是一个非常短的标识符,4个字节,对于MME具有本地意义。
The same value can be used by two MMEs, for two different UEs.对于两个不同的UE,两个MME可以使用相同的值。
Therefore, a larger identificationstructure is needed, with global significance.因此,需要更大的识别结构,具有全球意义。
This structure is called the GUTI, GloballyUnique Temporary Identity.这种结构称为GUTI,全球唯一的临时身份。
It enables the network to locate the MME thatallocated the TMSI.它使网络能够找到分配TMSI的MME。
This is the structure of the GUTI.这是GUTI的结构。
The GUTI contains the TMSI as well as the uniqueidentifier of the MME which allocated the TMSI.GUTI包含TMSI以及分配TMSI的MME的唯一标识符。
This identifier is made up of the identity of theoperator (the MCC MNC pair) andan MME code allocated by the operator.该标识符由运营商的身份(MCC MNC对)和运营商分配的MME代码组成。
More precisely, the MMEs work as a group.更确切地说,MME作为一个整体工作。
We have an MME groupidentity, Group ID, and an MME codebelonging to the group.我们有一个MME组身份,组ID和属于该组的MME代码。
At all times, a GUTI identifies asubscriber in a unique way to the world,while retaining the possibility of changinga subscriber’s GUTI.在任何时候,GUTI都以独特的方式向全世界标识订户,同时保留更改订户GUTI的可能性。
Just as authors or singers - like Agatha Christie or Lady Gagafor example, use pseudonyms- the GUTIis like a pseudonym for the UE.就像作家或歌手 - 例如Agatha Christie或Lady Gaga一样,使用假名 - GUTI就像是UE的假名。
However, unlike authors orsingers who tend to keep the same pseudonym throughouttheir lives, here, the pseudonym is often changed.然而,与在他们的一生中往往保持相同假名的作者或歌手不同,这里的假名经常被改变。
When the terminal makes a network request, for example,when it attaches to the network, it sends the firstmessage using the GUTI as identifier.当终端发出网络请求时,例如,当它连接到网络时,它使用GUTI作为标识符发送第一个消息。
The MME is the only one that can make the correspondenceand find the subscriber’s IMSI and find the security context.MME是唯一可以进行通信并找到订户的IMSI并找到安全上下文的MME。
That way, it can verify theintegrity of the message.这样,它可以验证消息的完整性。
That serves as proof that the mobile terminal is whatit claims to be and it is authenticated.这可以证明移动终端是它声称的并且它是经过验证的。
The MME can activate ciphering on the radio link,configure the necessary keys on the eNodeB, and therebyprotect all communication from the first transmitted message on.MME可以激活无线电链路上的加密,在eNodeB上配置必要的密钥,从而保护所有通信免受第一个发送的消息的影响。
It’s important to note here that the HSS is not contactedduring this procedure, which limitsthe load on this central network point significantly.这里需要注意的是,在此过程中不会联系HSS,这会显着限制此中央网络点的负载。
This procedure also functions if the mobile terminal moves.如果移动终端移动,该过程也起作用。
If the terminal is covered by anew MME, it’s the new MME that receives the authentication request.如果终端被新的MME覆盖,则它是接收认证请求的新MME。
By looking at the GUTI, it can find theidentity of the former MME, the one that assigned the TMSI.通过查看GUTI,它可以找到前MME的身份,即分配TMSI的身份。
It can relay the message and, after itsvalidation, recuperate the IMSI of the subscribertogether with a security context.它可以中继消息,并在其验证之后,恢复订户的IMSI以及安全上下文。
Therefore, the new MME can also activateciphering and integrity, without going through acomplete authentication cycle.因此,新的MME还可以激活加密和完整性,而无需经过完整的身份验证周期。
Again, this avoids contacting the HSS.同样,这避免了联系HSS。
To prevent a hacker from tracking the location of a UE,a temporary identity called TMSI is allocated to the UE.为了防止黑客跟踪UE的位置,将称为TMSI的临时标识分配给UE。
The TMSI is chosen by theMME that controls the UE and is transferred onlyafter activation of ciphering.TMSI由控制UE的MME选择,并且仅在激活加密之后才被传送。
The TMSI can be frequently renewed.TMSI可以经常更新。
The TMSI is used to build aglobally unique temporary identity called GUTI.TMSI用于构建名为GUTI的全局唯一临时标识。
Using the GUTI is necessary to recover the IMSI ofthe UE in case of change of MME.在MME改变的情况下,使用GUTI对于恢复UE的IMSI是必要的。
转载于:https://www.cnblogs.com/sec875/articles/9924740.html
