3G accessed IMSI (international mobile subscriber identity) privacy protection method

Abstract

The invention discloses a 3G accessed IMSI (international mobile subscriber identity) privacy protection method. The method comprises the following steps that a VLR (visitor location register) sends a subscriber identity request, an MS (mobile subscriber) replies the subscriber identity response; the VLR / SGSN (serving GPRS supported node) sends an authentication data request to an HLR (home location register), and the HLR replies the authentication data response; and when the MS is authorized, the VLR / SGSN sends a subscriber authorization request to the MS, and the MS replies the subscriber authorization response. Through the method, the confidentiality of the IMSI is protected by means of key identifiers and key groups; and after the user transmitted IMSI information is encrypted, the information is transmitted by means of cipher texts, so that the IMSI is avoided from being leaked. At the same time, when the HLR generates an authentication vector for the user, an encryption key which is updated in real time is distributed, so that the representation forms are different after the user encrypts the IMSI information for each time, and the user can be avoided from being tracked.

Description

technical field [0001] The invention relates to the technical field of 3G network communication security, in particular to an IMSI privacy protection method for 3G access. Background technique [0002] In a 3G network, the identity of a mobile subscriber (Mobile Subscriber, MS) is uniquely determined globally by the International Mobile Subscriber Identification Number (IMSI). The identity authentication phase of MS accessing the 3G network is completed by using the authentication and key distribution protocol (AKA). Through the exchange of authentication information between the core network and the MS, the mutual authentication and negotiation of communication keys between the MS and the network are realized. During the entire verification process, the IMSI It is transmitted in the form of plain text. Therefore, although the AKA protocol has effectively improved the security loopholes of the GSM system, it also has the problem of MS identity leakage. For this reason, in th...

AI Technical Summary

Problems solved by technology

However, in some cases, the system cannot determine the identity of the user through the TMSI, such as: when the user initially registers in the service network, or when the service network cannot retrieve the IMSI from the MS's TMSI, the service network still requires the MS to Provide IMSI, at this time, MS will respond to the IMSI information in plain text

[0003] The IMSI protection methods of some MSs are realized by encrypting IMSI information or assigning aliases, but the practicability is not strong, such as: using the public key of the Home Location Register (Home Location Register, HLR) to encrypt the IMSI information, and regularly updating the IMSI information of the HLR Public-private key pair, which will bring a large calculation burden to network equipment and increase the delay of authentication; HLR shares a key with all MSs belonging to it, and uses this shared key to generate a The encryption key is used to symmetrically encrypt the IMSI information, but this method has the risk of key exposure, and it is easy to attack all MSs belonging to the same HLR due to the key leakage of a certain MS; each MS uses own key K i Encrypt all stored (IMSI, K i ) records to traverse until the correct IMSI information is found

This method uses its own key for encryption. Although it can avoid the disadvantages of shared keys and ensure the confidentiality of MS identity, it requires a large amount of calculation on the network side and is inefficient.

Images