As information rapidly develops and network resources are increasingly rich, a service capability of a master evolved Node B (master eNodeB, Master eNB, or MeNB) cannot meet a user requirement due to limited air interface bandwidth. In addition, expensive base station construction costs and high radio frequency also increase difficulty in base-station indoor coverage. Therefore, to improve a throughput of user plane data, a low-cost secondary eNodeB (Secondary eNB, or SeNB) is combined with the MeNB in networking, and the SeNB offloads partial traffic of the MeNB, which can resolve the foregoing problem. The master eNodeB is a macro eNodeB (Marco eNB/cell), the secondary eNodeB is a small cell, and the small cell includes a pico cell/eNB and a femto cell/eNB, and may be referred to as a pico base station or a femto base station.
A user terminal (e.g., User Equipment (UE)) simultaneously maintains dual connectivity with the MeNB and the SeNB, the UE and the MeNB perform air-interface control plane signaling interworking with each other, and the UE simultaneously transmits user plane data to the MeNB and the SeNB. Because the user plane data between the UE and the SeNB is protected only by means of encryption processing, a man-in-the-middle attack may exist between the UE and the SeNB, and consequently there is a risk that the user plane data of interworking between the UE and the SeNB is inserted, tampered with, or forwarded, causing a user service to be fraudulently used and lawful interception to be unreliable, and the like.
In an existing communications network, after identifying a count value (e.g., Packet Data Convergence Protocol (PDCP) count) of sent and received packets of a bearer between the UE and the eNB, the UE reports the count value to the eNB such that the eNB detects whether a man-in-the-middle attack exists. A specific process is as follows. The eNB sends a counter check message to the UE, and adds multiple first PDCP count values corresponding to all bearers between the UE and the eNB to a counter check request message. The UE separately determines by comparison whether each first PDCP count value is the same as a stored second PDCP count value of each bearer. The UE sends a check response message to the eNB if the first PDCP count value of each of the bearers is the same as the second PDCP count value. The check response message does not carry any PDCP count value, or the UE sends a check response message to the eNB if the first PDCP count values of all the bearers are different from the second PDCP count value. The check response message carries different second PDCP count values, and the eNB performs check processing on the check response message, and the detection procedure ends if the check response message does not carry any PDCP count value, and the eNB determines that no man-in-the-middle attack exists between the eNB and the UE, or the eNB determines that a man-in-the-middle attack exists between the eNB and the UE if the check response message carries the different second PDCP count values such that the eNB sends a notification message to a mobility management entity (MME) or an operation and maintenance (O&M) server, and the MME or the O&M server performs subsequent processing and may release the bearer between the UE and the eNB.
It can be learned from the foregoing description that whether a man-in-the-middle attack exists between the UE and the eNB is detected by means of air-interface control plane signaling interworking, but in a scenario in which the UE maintains dual connectivity with the MeNB and the SeNB, no air-interface control plane signaling interworking occurs between the SeNB and the UE, and consequently in this scenario, the SeNB cannot detect whether a man-in-the-middle attack exists between the SeNB and the UE.