The Research And Improvement Of The Key Management Schemes In LTE/SAE System

With the rapid development of the communication technology,LTE/SAE have become a widely used new-generation commercial technology and have replaced the UMTS of 3G technology.At the same time,communication technology is not limited to providing users with voice communications services,but began to be widely used in various areas of user life.A variety of APP provide users with great convenience,which makes the security demands of communication process become particularly important.Due to the disclosure of the wireless channel,the attackers or the illegal users can much more easily intercept the user’s data and resources.If there is no effective security mechanism,the users of mobile communication technique is easily to suffer different aspects of losses.Compared with previous communication technologies,LTE/SAE introduces some new key technologies such as the OFDM and MIMO technologies,which considerably increases the spectrum efficiency and data rate.LTE/SAE mainly adopt the security architecture of UMTS,and moreover,it add a hierarchical key structure to separate the E-UTRAN and EPC,which significantly enhance the security during the communication process.The concept of handover technique is as follows: the UE needs to move between different cells when the UE is under the connected state,at this time,the UE needs to switch and update its context through a series of signaling processes.LTE/SAE network system can be divided into three main types of switching: station switching,inter-station S1 switch,inter-station X2 switch.The main concern of this paper is the X2 switch of LTE/SAE system.The inter-station X2 handover also refers to the process which occurs when a connected UE switches from a cell in a base station to another cell in another base station,the two base stations must exist and the X2 interface is configured.In a word,X2 handover is a switching process between different e Node Bs that occur in the same MME.Because e Node B may be placed in an insecure environment,there is often a large security problem.However,the forward security in LTE/SAE X2 handover which is occur between different e Node Bs in one same MME can be threatened as the e Node B in public space can be compromised.The protocol and key agreement protocol in the standard LTE/SAE system adopts the AKA protocol.The protocol is mainly used to complete the bidirectional authentication between the UE and the network.The encryption key and the integrity verification key are generated directly or indirectly to achieve a secure communication process.The AKA protocol in LTE/SAE system generally follows the mechanism of UMTS.And furthermore it made some improvement on this basis.For example,the AKA protocol in LTE/SAE system adopts the hierarchical key generation system and the verification process in service network,which further improves the AKA Protocol communication security.However,the AKA protocol of the LTE/SAE system still fails to achieve absolute security and is subject to a certain degree of security threat.In this paper,we mainly focus on the research and improvement of the key management schemes in the process of LTE/SAE from two aspects: the key updating process in X2 handover and the key management in AKA protocol.The research contents can be summarized as follows:1.Summarize and study the evolution,the system architecture and the key technologies of LTE/SAE,emphatically study the security architecture and hierarchical key structure of LTE/SAE.2.Study the work flow and signaling interaction process in handover especially in X2 handover of LTE/SAE system in detail.Summarize the existed key updating protocols and related key management schemes in X2 handover.And then,analysis the security threats in different cases caused by the exposure of e Node B in public environment,which mainly includes the key compromise attacks and de-synchronization attacks.3.Propose a secure and effective scheme providing comprehensive one hop forward security to LTE/SAE X2 handover key management by changing the parameter in the renewing step and adding a verification step,which improve the previous tow hop security schemes.And then,analysis the security and performance of the proposed scheme,and compare it with the standard and previous schemes.The analysis show that the proposed scheme improve the security significantly accompanied by favorable signal and computation load performance.4.Because LTE/SAE AKA follows the authentication and key negotiation mechanism of UMTS AKA,this paper analyzes and summarizes the existing UMTS AKA scheme and finds out the characteristics and defects of this scheme.It also summarizes the improvement that made by LTE/SAE AKA protocol compared to UMTS AKA,and the work flow and current development of the key negotiation process by adopting LTE/SAE AKA protocol.And then it analyzes the shortcomings and security threats of the existing AKA protocol in the key negotiation process of the LTE/SAE system.By summarizing the problems in existing schemes and combining with the current demands of mobile communication scenarios,the demands and characteristics of authentication and key negotiation in LTE/SAE and data communications are proposed.5.A new authentication and key negotiation protocol based on TLS 1.3 protocol is proposed.According to the latest TLS 1.3 standard and combining with the characteristics and existing problems in current authentication and key negotiation protocol,the 0-RTT ECDH-ECDHE is chosen in the proposed protocol.This protocol is applied to the authentication and key negotiation process in LTE/SAE system to improve the existing LTE/SAE system key agreement protocol to some extent.