5G鉴权/加密中各种参数的计算公式
5G-AKA鉴权中各种参数的计算公式:在TS35.206中定义。符号在规范中的解释是:圆圈里边有个+号是异或:The bitwise exclusive-OR operation。也就是按位异或运算。||:concatenation也就是连接运算符。将两个字段的字符串连接在一起。举例:连接运算符是双竖线“||” 通过连接运算将两个字段的字符串连接在一起。比如名字和年龄SELECT uname||age AS "名字和年龄" FROM uinfo;结果为:名字和年龄黑色头发25紫色头发19
还有一些参数的基本概念和构成如下:
AK a 48-bit anonymity key that is the output of either of the functions f5 and f5*.
AMF a 16-bit authentication management field that is an input to the functions f1 and f1*.
c1,c2,c3,c4,c5 128-bit constants, which are XORed onto intermediate variables.
CK a 128-bit confidentiality key that is the output of the function f3.
IK a 128-bit integrity key that is the output of the function f4.
IN1 a 128-bit value constructed from SQN and AMF and used in the computation of the functions f1 and f1*.
K a 128-bit subscriber key that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*.
MAC-A a 64-bit network authentication code that is the output of the function f1.
MAC-S a 64-bit resynchronisation authentication code that is the output of the function f1*.
OP a 128-bit Operator Variant Algorithm Configuration Field that is a component of the functions f1, f1*, f2, f3, f4, f5 and f5*.
OPC a 128-bit value derived from OP and K and used within the computation of the functions.
OUT1,OUT2,OUT3,OUT4,OUT5
128-bit computed values from which the outputs of the functions f1, f1*, f2, f3, f4, f5 and f5* are obtained.
r1,r2,r3,r4,r5 integers in the range 0–127 inclusive, which define amounts by which intermediate variables are cyclically rotated.
RAND a 128-bit random challenge that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*.
RES a 64-bit signed response that is the output of the function f2.
SQN a 48-bit sequence number that is an input to either of the functions f1 and f1*.(For f1* this input is more precisely called SQNMS.)
TEMP a 128-bit value used within the computation of the functions.
5g鉴权相关的参数长度(UDM侧):
f0 random challenge generating function
f1 network authentication function :USIM对网络的鉴权
f1* the re-synchronisation message authentication function;
f2 user authentication function:网络对用户的鉴权
f3 cipher key derivation function:CK派生功能
f4 integrity key derivation function:IK派生功能
f5 anonymity key derivation function for normal operation:AK派生功能
f5* anonymity key derivation function for re-synchronisation
f8 UMTS encryption algorithm
f9 UMTS integrity algorithm MILENAGE算法(35.206):底层是基于AES加密算法。
变量列表
AK
一个48位的匿名密钥,函数f5和f5*的输出。
AMF
鉴权管理域,一个16位身份验证管理字段,它是函数f1和f1*的输入
c1,c2,c3,c4,c5
128位常量,将其与中间变量进行XOR运算
CK
一个128位的加密密钥,函数f3的输出
IK
一个128位的完整性密钥,函数f4的输出
IN1
由SQN和AMF构成的128位值,用于计算函数f1和f1 *
K
128位用户密钥,函数f1,f1 *,f2,f3,f4,f5和f5 *的输入
MAC-A
函数f1输出的64位网络鉴权码
MAC-S
函数f1输出的64位重同步鉴权码
OP
一个128位变量可配置字段,函数f1,f1 *,f2,f3,f4,f5和f5 *的组成部分
OPC
由OP和K导出,并在函数计算中使用的128位值
OUT1,OUT2,OUT3,OUT4,OUT5
f1, f1*, f2, f3, f4, f5 和f5* 的输出值
r1,r2,r3,r4,r5
0-127的整数,目标参数的周期性旋转量
RAND
128位随机数,用作f1, f1*, f2, f3, f4, f5 和f5*的输入
RES
64位的鉴权响应值,由f2输出。
SQN
48位序列号,作为函数 f1 and f1*的输入 (For f1* this input is more precisely called SQNMS.)
TEMP
128位临时变量 参考链接:https://zhuanlan.zhihu.com/p/30170487一文看懂LTE的鉴权
https://mp.weixin.qq.com/mp/appmsgalbum?__biz=MzI1OTM3Njk3MQ==&action=getalbum&album_id=1339307465195962369猫呆呆的工作间专辑:5GS的网络安全
页:
[1]