3G的AKA协议中F1至F5的服务网络端实现
摘 要
随着移动通信技术的飞速发展,3G的商用越来越普遍,其中的安全问题就显得十分重要。因此如何保证业务信息的安全性以及网络资源使用的安全性已成为3G系统中重要而迫切的问题。针对这种情况,ETSI与3GPP两个基于GSM/GPRS网络和WCDMA与TD/SCDMA系统标准化的组织,特别是ETSI的SAGE与3GPP的S3工作组专门对网络安全方面的规范进行了研究。这里面就包括本文所涉及的密钥分配协议(AKA协议)。
AKA协议用于USIM、访问位置寄存器(VLR)、归属位置寄存器(HLR)间的双向认证及密钥分配。3GPP为3G通信系统定义了12种鉴权算法:f0-f9,f1*和f5*。AKA利用了其中的f0-f5*算法。它的实现分为两个方面,一个是在UE(手机)端的实现,另一个是在服务网络端的实现。在UE端的实现是在基于8位的单片机上,而在服务网络端的实现是在基于32位的处理器即PC机上,但都是采用的基于AES的内核算法,即Rijndael算法,由于硬件的不同,Rijndael算法实现时采用了不同的优化算法,本次设计是在服务网络端的实现,因此,Rijndael算法采用了用查表的方式替代轮变换的优化算法,此次设计是从AES着手,通过对AES的分析和代码实现,然后利用对AES的调用,实现f1-f5的功能。另外,由于此次设计采用AES为核心算法,因此还对AES相关数学基础知识,实现原理做了详细的分析。
关键词:3GPP;AKA;Rijndael;服务网络端;密钥生成算法
The Service Network End Implement of F1 to F5 for 3G AKA Protocol
Abstract
Along with the mobile communication technology rapid development, so security problem appears importantly extremely. Therefore, how guaranteed the security of service information as well as the security of network resources has become in the 3G system important and the urgent question. In view of this kind of situation, both ETSI and 3GPP based on GSM/GPRS network and WCDMA and TD/SCDMA system standardization organization, specially ETSI's SAGE and The 3GPP S3 work team has specially conducted the research to the network security. It includes the key deed of distribution which this article involves (the AKA agreement).http://www.16sheji8.cn/
The AKA protocol uses in USIM, bidirectional authentication and the key assignment between visits location register (VLR) and belongs to the location register (HLR). 3GPP communications system defines 2 kind of warning power algorithm: f0 to f9, f1* and f5*. F0-f5* is used in AKA. Its implement divides into two aspects, one is in implement of UE (handset) terminal, and other is in the service network terminal. The implement of UE terminal is based on 8 monolithic integrated circuits, but the implement of service network terminal is in based on 32 processors which is on PC machine. But all are based on the AES essence algorithm, namely Rijndael algorithm. As a result of hardware difference, Rijndael algorithm has used the different optimized algorithm. This design is in the service network end implement, therefore, the Rijndael algorithm used has substituted a turn transformation with the table look-up way the optimized algorithm. This design is begins with AES, through to the AES analysis and the code implement, then the use to the AES, realizes the f1-f5 function. Moreover, because this design uses AES which is the core algorithm, it analyzes the AES correlation mathematics elementary knowledge and the implement principle.
Key words: 3GPP; AKA; Rijndael; Service network end ;Key production algorithm
目 录
论文总页数:26页
1 引言 1
1.1 课题背景 1
1.2 国内外研究现状 1
1.3 本课题研究的意义 1http://www.16sheji8.cn/
1.4 本课题的研究方法 1
2 相关数学基础 2
2.1 有限域GF (28) 2
2.2 数在GF (28)中的多项式 3
3 AES算法的设计准则及设计原理 4
3.1 分组密码通用准则 4
3.2 RIJNDAEL算法的设计原则和结构 5
3.3 RIJNDAEL算法加密轮变换原理 6
3.3.1 SubBytes变换 7
3.3.2 ShiftRows变换 8
3.3.3 MixColumns变换 8
3.3.4 AddRoundKey变换 9
3.4 子密钥生成算法 9
4 算法优化及实现研究 11
4.1 算法优化 11
4.2 RIJDAEL算法C语言的实现: 13
5 F1,F2,F3,F4,F5算法的研究 16
5.1 F1-F5的介绍 16
5.2 F1,F2,F3,F4,F5的实现 18
6 测试结果 22
结 论 24
参考文献 24
致 谢 25
声 明 26
1 引言
1.1 课题背景
第二代(2G)及2.5代(2.5G)移动通信系统,如GSM/GPRS,是当前正在广泛运行的移动通信系统,而第三代移动通信系统(3G)是当前通信领域研究开发的热点。在3G系统中,除了要开放语音业务外,还要开放电子商务、电子贸易、网络服务等新型的业务。为此,需要在网络系统中增加安全保护措施。若信息在网络中传输没有任何保护措施,就容易受到攻击或被窃听、被修改等,而直接影响用户的利益;若未经授权的业务直接接入到网络中来,也会影响运营商的利益。因此,如何保证系统的高安全性就显得十分重要。