Can someone beside me hear my communications and,especially, can he understand them?That is the question we will answer in this video.我旁边的人可以听到我的通讯,尤其是他能理解他们吗?这是我们将在本视频中回答的问题。
Of course, the answer is NO.当然,答案是否定的。
We’re going to see the security mechanismput in place to guarantee the confidentiality of exchanges.我们将看到实施安全机制以保证交易所的机密性。
Especially ciphering, which isalso called encryption.特别是加密,也称为加密。
In networks, ciphering is based on a very simplemathematical operation which is XOR,in other words the exclusive OR between the clear textand a sequence generated by the sender.在网络中,加密基于非常简单的数学运算,即XOR,换句话说,明文与发送者生成的序列之间的异或。
This operation works bit by bit so it takes one bit fromevery sequence and produces a bit as output.此操作逐位工作,因此每个序列需要一位,并产生一个位作为输出。
If the two bits are the same, the result is zero.如果两个位相同,则结果为零。
For example as shown in the slide, 1 XOR 1 equals 0.例如,如幻灯片所示,1 XOR 1等于0。
The operation is very simple to implement in hardware.该操作在硬件中实现非常简单。
In this example, the clear text is in blueand the ciphering sequence is in red.在此示例中,明文为蓝色,加密序列为红色。
It should be noted thatthe sequence must have the same length in bits as the input data.应注意,序列必须具有与输入数据相同的位长度。
To get the clear text from the ciphered data in green,you just need to repeat the operation with the ciphering sequence.要从加密数据中获取绿色的明文,您只需要使用加密序列重复操作。
There is one big constraint: the ciphering sequence mustbe different every time.有一个很大的限制:加密序列每次都必须不同。
If we use the same sequence several times,we completely lose all security properties.如果我们多次使用相同的序列,我们将完全失去所有安全属性。
When we have a very large volumeof data to transmit, we’ll cut it into variouspackets and we’ll try to cipher the packetswith different sequences.当我们要传输大量数据时,我们会将其切割成各种数据包,我们将尝试使用不同的序列加密数据包。
The receiver must possess the same ciphering sequence inorder to be able to get the clear text.接收器必须具有相同的加密序列才能获得明文。
But how can we obtain a ciphering sequence of analmost unlimited size?We use an algorithm that, based on a few input parameters,generates sequences adapted to the data ciphering.但是我们怎样才能获得几乎无限大小的加密序列?我们使用一种算法,该算法基于一些输入参数,生成适合于数据加密的序列。
We start with a basic ciphering key that is relatively stable.我们从一个相对稳定的基本加密密钥开始。
It is conserved, for example, throughout a Web session orduring an entire communication.例如,它在整个Web会话期间或整个通信期间都是保守的。
This shared key Kencis the basis for creating an almost unlimited numberof ciphering sequences.这个共享密钥Kenc是创建几乎无限数量的加密序列的基础。
The ciphering key is calculated from the numberRAND used for authentication and from the secret K.
加密密钥是根据用于认证的RAND和秘密K计算的。
It is essential to use specialized functions that ensurethat the string of sequences produced is the closestpossible to random values.必须使用专门的函数来确保生成的序列字符串最接近随机值。
Because these are deterministic algorithms, if all inputparameters are the same, the function will produce thesame ciphering sequence as output.因为这些是确定性算法,如果所有输入参数相同,则该函数将产生与输出相同的加密序列。
Therefore, we’ll try to add elements known only by thesender and the receiver which change with all new data sent.因此,我们将尝试添加仅由发送方和接收方知道的元素,这些元素随发送的所有新数据而变化。
For example, we’ll number eachtransmitted packet and integratethe packet number and the amount of data to cipher in theinput parameter of the algorithm used to calculate the ciphering sequence.例如,我们将对每个传输的数据包进行编号,并将数据包数量和数据量整合到用于计算加密序列的算法的输入参数中。
We’ll also place a direction indicator(uplink or downlink) and a bearer number.我们还将放置方向指示符(上行链路或下行链路)和承载号。
We’ll take a look at bearers in week 4.我们将在第4周看看承载者。
At this point of the course, we can see it as a stream.在课程的这一点上,我们可以将其视为一个流。
The ciphering algorithm is executed on the mobileterminal and on the eNodeB.加密算法在移动终端和eNodeB上执行。
The algorithm used must be standardized: an operator cannot definehis own ciphering algorithm.所使用的算法必须是标准化的:操作员不能定义他自己的加密算法。
All radio transmissionsare ciphered, whether they are user data or signaling…Moreover, data exchanged between the MME and the mobileterminal are ciphered by both sides.所有无线电传输都是加密的,无论它们是用户数据还是信令......此外,MME和移动终端之间交换的数据由双方加密。
As for ciphering algorithms, there are several.至于加密算法,有几种。
Here, you see the three that are currently standardizedin the LTE network.在这里,您可以看到当前在LTE网络中标准化的三个。
The first, NULL, which does not cipher data is to beprohibited and only used during network test periods.第一个NULL,不加密数据是禁止的,仅在网络测试期间使用。
The second, SNOW 3G, isan algorithm present in third generation networks andthe AES which gives the strongest securityguarantees at this moment.第二种是SNOW 3G,它是第三代网络中存在的算法和AES,它在此时提供了最强大的安全保障。
Each of the exchange channels illustrated herecan use a different ciphering algorithm.这里示出的每个交换信道可以使用不同的加密算法。
The ciphering algorithms and the ciphering keys arenegotiated during the terminal authentication phase.在终端认证阶段协商加密算法和加密密钥。
Now here is an example toillustrate the different ciphering stages for an IPpacket which contains user data coming from the Internet.现在这里是一个例子来说明包含来自因特网的用户数据的IP包的不同加密阶段。
Let’s consider a packet arriving at the P-Gateway whichis then routed across the core network where itsconfidentiality is guaranteed by the classic mechanismsof the Internet world before arriving at the eNodeB.让我们考虑一个到达P网关的数据包,然后通过核心网络进行路由,在到达eNodeB之前,互联网世界的经典机制保证其机密性。
The eNodeB cyphers this packet before sending iton the radio link.eNodeB在将该数据包发送到无线电链路之前对其进行加密。
We can imagine that the following values are used togenerate the key used to encrypt the frame: number of thepacket counter between the eNodeB and the terminal,reference of the bearer, downlink or uplink packet,and size of the data to encrypt.我们可以想象以下值用于生成用于加密帧的密钥:eNodeB与终端之间的分组计数器的数量,承载的参考,下行链路或上行链路分组,以及要加密的数据的大小。
The ciphering key negotiated earlier between the mobileterminal and the eNodeB during the authentication phasemust also be specified.
还必须指定在认证阶段期间在移动终端和eNodeB之间早先协商的加密密钥。
Upon reception, the mobile terminal usesthe same parameters to decrypt the frame.在接收时,移动终端使用相同的参数来解密帧。
The next IP packet will follow thesame path, but in this case theframe counter will increment by 1 and so,even if it uses the same shared secret,a completely new ciphering sequence will be used.下一个IP数据包将遵循相同的路径,但在这种情况下,帧计数器将递增1,因此,即使它使用相同的共享密钥,也将使用全新的加密序列。
In summary, Ciphering also called encryption is based ona stable encryption key Kenc generated withsecret key K and the random number used during authentication.总之,加密也称为加密是基于使用密钥K生成的稳定加密密钥Kenc和在认证期间使用的随机数。
The ciphering sequence is specific to each packet.加密序列特定于每个分组。
It is generated with Kenc and parametersincluding a packet counter.
它是用Kenc生成的,参数包括数据包计数器。
Ciphering is based on XOR (exclusive Or).Ciphering and De-ciphering are the same operation.加密基于XOR(独家或)。加密和解密是相同的操作。
转载于:https://www.cnblogs.com/sec875/articles/9899174.html
