安全--终端错报其支持祖冲之算法导致无法驻留LTE网络.doc

终端错报其支持祖冲之算法导致无法驻留LTE网络 现象描述 1、A型号4G网络。 2、 3、Mifi4G。 告警信息 不涉及 原因分析 附着过程中的信令发现“Security mode reject”，原因为“security mode rejected unspecified”。 eNodeB下发给终端的NASSecurityModeCommand消息中下发的加密和完整性保护算法分别为EEA3和EIA3。 但Mifi网络下发的RRC SecuritymodeCommand消息中下发的SecurityAlgorithmConfig下发的加密和完整性保护算法分别为EEA2和EIA2。 经核查，X运营商要求打开祖冲之算法，核心网侧改成了“优选祖冲之算法”，当终端支持祖冲之算法时，优先使用祖冲之算法。当终端不支持祖冲之算法时，选用其他算法。 基站侧的加密算法配置： 终端probe信令，收到核心网下发的NAS安全祖冲之算法后，返回安全模式失败。 协议33.401对NAS安全过程的一个描述： 7.2.4.4??????????? NAS security mode command procedure The NAS SMC procedure consists of a roundtrip of messages between MME and UE. The MME sends the NAS security mode command to the UE and the UE replies with the NAS security mode complete message. The NAS security mode command message from MME to UE shall contain the replayed UE security capabilities, the selected NAS algorithms, the eKSI for identifying KASME, and both NONEUE and NONCEMME in the case of creating a mapped context in idle mobility (see clause 9.1.2). This message shall be integrity protected (but not ciphered) with NAS integrity key based on KASME indicated by the eKSI in the message (see figure 7.2.4.4-1). The UE shall verify the integrity of the NAS security mode command message. This includes ensuring that the UE security capabilities sent by the MME match the ones stored in the UE to ensure that these were not modified by an attacker and checking the integrity protection using the indicated NAS integrity algorithm and the NAS integrity key based on KASME indicated by the eKSI. In addition, when creating a mapped context for the case described in clause 9.1.2, the UE shall ensure the received NONCEUE is the same as the NONCEUE sent in the TAU Request and also calculate KASME from CK, IK and the two nonces (see Annex A.11). If the MME receives no response to a NAS Security Mode Command that included nonces to create a mapped context and it wishes to try again to create the mapped context, the MME shall use the same values of NONCEUE and NONCE