1. Field of the Disclosure
The disclosure relates to a security method in a wireless communication system having a relay node, and a wireless communication system using the same.
2. Description of Related Art
Techniques for a wireless communication system are quickly developed, and a plurality of new standards is under development and improvement. For example, a long term evolution (LTE) system of 3rd Generation Partnership Project (3GPP) is now widely used by mobile equipment users. Referring to FIG. 1, FIG. 1 is a system schematic diagram illustrating an LTE system. The LTE system 1 includes a user equipment (UE) 11, a plurality of evolved Node Bs (eNBs, i.e. the base station nodes in 3GPP) 12, 13 and 14, and a plurality of mobile management entities/serving gateways (MMEs/S-GWs) 15 and 16, wherein the eNBs 12, 13 and 14 form an evolved universal terrestrial radio access network (E-UTRAN) 17.
The mobile management entities and the serving gateways of the MMEs/S-GWs 15 and 16 may be integrated in the single one equipment, in other examples, the mobile management entities and the serving gateways of the MMEs/S-GWs 15 and 16 may also be separated equipments. The user equipment 11 can communicate with the eNB 12 through a Uu interface defined by 3GPP, and the Uu interface can be a wireless interface. The eNBs 12, 13 and 14 can communicate with each other through an X2 interface defined by 3GPP. The MME/S-GW 15 communicates with the eNBs 12 and 13 through an S1 interface, and the MME/S-GW 16 communicates with the eNBs 13 and 14 through an S1 interface.
A protocol stack of the LTE system 1 can be divided into two planes, wherein one is a user plane, and another one is a control plane. The user plane is used for data transmission, and the control plane is used for transmitting control information to control the data transmission. Security approaches of the LTE system 1 include ciphering and integrity protection. The integrity protection may protect data from altering, and the ciphering may protect the data from eavesdropping.
Referring to FIG. 2, FIG. 2 is a schematic diagram illustrating a key hierarchy in the LTE system. A key K is stored in a universal subscriber identity module (USIM) of a universal integrated chip card (UICC), and stored in an authentication centre (AuC). During an authentication and key agreement (AKA) procedure, the UE and a home subscriber server (HSS) generate a set of corresponding keys CK and CIK according to the key K. After the AKA procedure is completed, the UE and the MME obtain a result of the AKA procedure execution, i.e. a security management key KASME.
By executing a non-access layer (NAS) security mode command procedure, the UE and the MME may obtain a NAS ciphering key KNAS enc and a NAS integrity key KNAS int according to the security management key KASME, and obtain an eNB key KeNB, wherein the MME can transmit the eNB key KeNB to the eNB through the S1 interface.
Then, by executing an access layer (AS) security mode command procedure, the eNB and the UE can obtain a user plane ciphering key KUP enc, a radio resource control ciphering key KRRC enc and a radio resource control integrity key KRRC int according to the eNB key KeNB. In case of hazard, the security management key KASME and the eNB key KeNB are transmitted to a network handling procedure NH for processing, and the eNB key KeNB and a processing result of the network handling procedure NH are transmitted to a network control centre (NCC) for determination, so as to generate a complementary eNB key KeNB* to update the eNB key KeNB. By training the eNB key KeNB for multiple times, the correct eNB key KeNB can be obtained, so as to obviate the hazard.
Then, referring to FIG. 3, FIG. 3 is a flowchart illustrating a security method of an LTE system. The LTE system 3 includes a UE 31, an eNB 32, an MME/S-GW 33 and a HSS 34.
First, in step S31, the AKA procedure is executed, so that the UE 31, the MME/S-GW 33 and the HSS 34 obtain the security management key KASME.
Then, in step S32, the NAS security mode command procedure is executed, so that the UE 31 and the eNB 32 obtain the eNB key KeNB, and the UE 31 and the MME/S-GW 33 obtain the NAS ciphering key KNAS enc and the NAS integrity key KNAS int. Moreover, in the step S32, the UE 31 goes to ECM-CONNECTED state defined by 3 GPP.
Then, in step S33, the AS security mode command procedure is executed, so that the UE 31 and the eNB 32 obtain the user plane ciphering key KUP enc, the radio resource control ciphering key KRRC enc and the radio resource control integrity key KRRC int. A purpose of the step S33 is to activate a radio resource control security.
After execution of the security method of the LTE system 3 is completed, in step S34, the UE 31 and the eNB 32 can perform general operations, for example, bi-direction security data transmission and bi-direction security control signal transmission.
The AKA procedure of the step S31 includes steps S311, S312 and S313. In the step S311, the MME/S-GW 33 transmits an authentication data request to the HSS 34, and the HSS 34 receives the authentication data request and transmits an authentication data response to the MME/S-GW 33. In this way, the MME/S-GW 33 can obtain the security management key KASME.
Then, in the step S312, the MME/S-GW 33 sends “user authentication request (RAND, AUTN, KSIASME)” defined by 3GPP to the UE 31. After the UE 31 receives the user authentication request, if the UE 31 accepts the authentication request of the MME/S-GW 33, the UE 31 sends “user authentication response” to the MME/S-GW 33. In this way, the UE 31 can obtain the security management key KASME. The above “user authentication request (RAND, AUTN, KSIASME)” represents a user authentication request carrying information of RAND, AUTN, KSIASME, etc., wherein RAND represents a random number, AUTN represents an authentication number, and KSIASME represents a key group identification corresponding to the security management key KASME.
Then, in the step S313, the UE 31 executes a key derivation function (KDF) to obtain the security management key KASME.
The NAS security mode command procedure of the step S32 includes steps S321, S322 and S323. In the step S321, the MME/S-GW 33 executes the KDF, so as to obtain the NAS ciphering key KNAS enc and the NAS integrity key KNAS int according to the security management key KASME.
In the step S322, the UE 31 executes the KDF, so as to obtain the NAS ciphering key KNAS enc and the NAS integrity key KNAS int according to the security management key KASME, and obtain the eNB key KeNB.
In the step S323, the MME/S-GW 33 sets an S1 context through the S1 interface, and a result that the MME/S-GW 33 executes the KDF is sent to eNB 32, so that the eNB 32 obtains the eNB key KeNB. A value of the eNB key KeNB relates to the security management key KASME. An executing sequence of the steps S323 and S322 is not limited.
The AS security mode command procedure of the step S33 includes steps S331 and S334. In the step S331, the eNB 32 executes the KDF, so as to obtain the user plane ciphering key KUP enc, the radio resource control ciphering key KRRC enc and the radio resource control integrity key KRRC int according to the eNB key KeNB.
In the step S334, the UE 31 executes the KDF, so as to obtain the user plane ciphering key KUP enc, the radio resource control ciphering key KRRC enc and the radio resource control integrity key KRRC int according to the eNB key KeNB. An executing sequence of the steps S331 and S334 is not limited.
To effectively extend a coverage range of the eNB, a relay node can be added in the LTE system, so as to relay data and control signals transferred between the UE and the eNB. In present 3GPP, the relay node can be regarded as an eNB, though present 3GPP does not specify and resolve security problems between the relay node and the UE and between the relay node and the eNB.
Referring to FIG. 4, FIG. 4 is a schematic diagram illustrating a security problem between a relay node and an eNB. In the example of FIG. 4, an LTE system 4 regards a relay node (RN) 42 as an eNB of a UE 41. First, in step S41, the AKA procedure is executed. Therefore, the UE 41 and an MME/S-GW 44 can obtain a security management key KASME.
Then, in step S42, the NAS security mode command procedure is executed. Therefore, the MME/S-GW 44 and the UE 41 can obtain an NAS ciphering key KNAS enc and an NAS integrity key KNAS int, and the UE 41 and the RN 42 can obtain an eNB key KeNB.
In step S43, the AS security mode command procedure is executed, so that a radio resource control security is activated. Therefore, the UE 41 and the RN 42 can obtain a user plane ciphering key KUP enc, a radio resource control ciphering key KRRC enc and a radio resource control integrity key KRRC int.
However, present 3GPP does not define and specify a step S44 in FIG. 4. In other words, a key hierarchy, a key distribution procedure and a key distribution event between the RN 42 and the eNB 43 or between the RN 42 and the MME/S-GW 44 are not defined and specified.
In overall, in FIG. 4, present 3GPP can only be used to establish a security association (SA) SA41 specified by 3GPP released version 8 (Rel-8) between the UE 41 and the RN 42 through the Uu interface, and 3GPP Rel-8 cannot be used to establish an unknown security association SA 42 between the RN 42 and the eNB 43.
Then, referring to FIG. 5, FIG. 5 is a schematic diagram illustrating another security problem between a relay node and an eNB. In the example of FIG. 5, an LTE system 5 regards a RN 52 as a UE of an eNB 53. First, in step S51, the AKA procedure is executed. Therefore, a UE 51 and an MME/S-GW 54 can obtain a security management key KASME.
Then, in step S52, the NAS security mode command procedure is executed. Therefore, the MME/S-GW 54 and the UE 51 can obtain an NAS ciphering key KNAS enc and an NAS integrity key KNAS int, and the UE 51 and the eNB 53 can obtain an eNB key KeNB.
In step S53, the AS security mode command procedure is executed, so that the radio resource control security is activated. Therefore, the UE 51 and the eNB 53 can obtain a user plane ciphering key KUP enc, a radio resource control ciphering key KRRC enc and a radio resource control integrity key KRRC int.
However, present 3GPP (i.e. 3GPP Rel-8) does not define and specify a step S54 in FIG. 5. In other words, a key hierarchy, a key distribution procedure and a key distribution event between the RN 52 and the eNB 53 are not defined and specified.
In overall, in FIG. 5, present 3GPP can only be used to establish a security association SA51 specified by the third generation mobile communication technology standards released version 8 between the UE 51 and the eNB 53 through the Uu interface, and present 3GPP cannot be used to establish an unknown security association SA 42 between the RN 52 and the eNB 53.