Documentos de Académico
Documentos de Profesional
Documentos de Cultura
GII THIU
Vi bt k mng IP no vic m bo an
ninh l ti quan trng, iu ny ng vi
mng LTE, l mt mng di ng all-IP vi
kin trc phng (eNodeB c kt ni vi
nhau thng qua giao din X2, v kt ni trc
tip vi EPC thng qua giao din S1, khng
c thnh phn iu khin tp trung cho cc
trm v tuyn).Bn cnh cc nguy c an ninh
r rng trngiao dinv tuyn truyn n v
i khi thit b ngi dng (User Equipment UE) cn l cc nguy c an ninh truyn thng
lin quan n cc lin kt IP ca cc nh
cung cp mng LTE. Vic xy dng kin trc
an ninh i ph vi cc nguy c l khi
u quan trng cho cc nh cung cp di ng.
2.
YU CU AN NINH CA MNG
LTE
User Application
Provider Application
(I)
(I)
(III)
USIM
HE
(II)
(I)
ME
(I)
(I)
Home
stratum/
Serving
Stratum
SN
(II)
AN
Application
stratum
Transport
stratum
(I)
Di y chng ta s xem xt mt s
tnh nng an ninh p dng cho mng LTE
thuc v cc nhm tnh nng an ninh (I) v
(II), l nhng nhm tnh nng an ninh c
trng v lin quan trc tip n cc thc th
trong mng LTE.
4.
MT S CHC NNG V C CH
AN NINH P DNG CHO MNG
LTE
USIM / AuC
K
CK, IK
UE / HSS
KASME
UE / MME
KNASenc
KNASint
KeNB / NH
UE / eNB
KUPint
KUPenc
KRRCint
KRRCenc
im ti thiu ha tn hi do mt trong
cc kha m ha v bo v ton vn b tn
thng. gii quyt vn ny trn LTE,
h thng phn cp kha c s dng.Vic
s dng h thng phn cp kha thuc v
nhm tnh nng an ninh(I) v (II).
MME
Start integrity
protection
NAS Security Mode Command (eKSI, UE sec capabilities,
Ciphering algorithm, Integrity algorithm,
[IMEISV request,] [NONCEUE, NONCEMME,] NAS-MAC)
sau:
1) Ging nh mng 3G, USIM v AuC
chia s trc cc thng tin b mt (kha
K).
Start uplink
deciphering
H
nh 3. Th tc thc hin ch NAS Security
Start downlink ciphering
ME
eNB
St art RRC
integrity protection
S tart RRC/UP
uplink ciphering
S tart RRC/UP
uplink deciphering
KT LUN
Nguyn l hot ng c th ca c ch
Forward Security nh sau:
287
6.
Bi Trung Thnh
Nm sinh: 1988
L lch khoa hc: Tt nghip Trng HBK H Ni, 2006, Chuyn
ngnh: in t - Vin thng)
Hng nghin cu: SDN, 4G-LTE, Networking
Email: thanhbt@ptit.edu.vn; thanhbt@cdit.com.vn
288