Title of Invention	METHOD, SYSTEM, AND APPARATUS FOR PREVENTING BIDDING DOWN ATTACKS DURING MOTION OF USER EQUIPMENT
Abstract	A method for preventing bidding down attacks during motion of a UE is disclosed herein. The method includes: The UE sends a TAU Request message to a new MME; the TAU Request carries UE"s stored security capabilities; the UE receives UE"s security capabilities sent by the MME; and the UE checks whether the received UE"s security capabilities are consistent with the stored UE"s security capabilities. A system, an MME, and a UE for preventing bidding down attacks during motion of the UE are disclosed herein. When the UE performs security capability negotiation with the MME, the UE can check whether the received security capabilities are consistent with the stored security capabilities, and determine whether a bidding down attack exists, thus preventing bidding down attacks.

Title of Invention

METHOD, SYSTEM, AND APPARATUS FOR PREVENTING BIDDING DOWN ATTACKS DURING MOTION OF USER EQUIPMENT

Abstract

A method for preventing bidding down attacks during motion of a UE is disclosed herein. The method includes: The UE sends a TAU Request message to a new MME; the TAU Request carries UE"s stored security capabilities; the UE receives UE"s security capabilities sent by the MME; and the UE checks whether the received UE"s security capabilities are consistent with the stored UE"s security capabilities. A system, an MME, and a UE for preventing bidding down attacks during motion of the UE are disclosed herein. When the UE performs security capability negotiation with the MME, the UE can check whether the received security capabilities are consistent with the stored security capabilities, and determine whether a bidding down attack exists, thus preventing bidding down attacks.

Full Text	FIELD OF THE INVENTION The present invention relates to mobile communication, and in particular, to a method, a system, and an apparatus for preventing bidding down attacks during motion of a User Equipment (UE). BACKGROUND A radio network includes two parts: radio access network (RAN) and core network. A Long Term Evolution (LTE) radio core network includes a Mobile Management Entity (MME). The functions of the MME are similar to the functions of a Serving General Packet Radio Service (GPRS) Supporting Node (SGSN), and include mobility management and user authentication. When a UE is in the idle state, the UE needs to negotiate the Non-Access Signaling (NAS) security algorithms with the MME, including the NAS encryption algorithm and the NAS integrity protection algorithm in order to ensure the system security in the communication process of the UE. When the UE in the idle state moves in an LTE radio access network, or moves from a 2G\3G network to an LTE network, a Tracking Area Update (TAU) process occurs. In this process, the entity that performs mobility management and user authentication for the UE may change. For example, when the UE moves in an LTE network, the entity that performs mobility management and user authentication for the UE changes from the MME prior to moving (the old MME) to the MME subsequent to moving (the new MME). When the UE moves from a 2G/3G network to an LTE network, the entity that performs mobility management and user authentication for the UE changes from the SGSN to the MME. The security capabilities of different entities that perform mobility management and user authentication for the UE may differ. Therefore, the UE needs to renegotiate security capabilities with the new MME. For the LTE network, the negotiation of security capabilities between the UE and the MME is primarily negotiation of the NAS security algorithm and the corresponding key negotiation. FIG. 1 is a flowchart of security capability negotiation between the UE and the MME in the prior art. As shown in FIG. 1, the method of security capability negotiation includes the following steps: Step 100: The UE sends a TAU Request to the new MME. In this step, the UE sends a TAU Request to the new MME through an evolution Node B (eNB) of the LTE radio access network. For ease of description in the following text, the message transferred by an eNB between the UE and the MME is simplified as communication performed directly between the UE and the MME. Steps 101-102: The new MME sends a Mobility Management Context Request message to the old MME. After receiving the message, the old MME returns a Mobility Management Context Response message to the new MME, and this message carries the current root key "Kasme", the current integrity protection key (Knas-int), the current NAS encryption key (Knas-enc), the current NAS security algorithm, and the security capabilities supported by the UE (including the NAS/Radio Resource Control (RRC)/User Plane (UP) security algorithm supported by the UE). Step 103: According to the intersection of the NAS security algorithms in the UE's security capabilities, the NAS security algorithms supported by the new MME, and the NAS security algorithms enabled by the system, the new MME selects a new NAS security algorithm, including the NAS integrity protection algorithm and the NAS encryption algorithm. Step 104: The new MME sends TAU Accept message to the UE. The message carries the selected new NAS security algorithm. In practice, other steps, unrelated to security capability negotiation that occurs between step 103 and step 104, are omitted here. Step 105: The UE receives the TAU Accept message that carries the selected NAS security algorithm to share the NAS security algorithm with the MME. Afterward, the UE checks the NAS security algorithm carried in the TAU Accept message. If the carried NAS security algorithm is the same as the NAS security algorithm currently used by the UE, the Knas-int and the Knas-enc currently used by the UE serve as the subsequent NAS protection key. If the carried NAS security algorithm is different from the NAS security algorithm currently used by the UE, a new Knas-int and a new Knas-enc need to be deduced according to the root key (Kasme) currently used by the UE and other parameters, and serve as the subsequent NAS protection key shared with the MME. In this way, the security capabilities are negotiated between the UE and the MME. Evidently, no process of preventing bidding down attacks is performed in the prior art. A bidding down attack means: Supposing that the UE supports two security algorithms simultaneously (high-intensity algorithm Al and low-intensity algorithm A2) and the MME also supports such two algorithms, the result of negotiation between the UE and the MME ought to be the high-intensity algorithm Al. However, if the security capabilities supported by the UE are modified by an attacker before the new MME knows the security capabilities supported by the UE, for example, if the attacker reserves only the low-intensity algorithm A2, the new MME has to select the low-intensity algorithm A2 and sends it to the UE. That is, the result of negotiation between the UE and the MME is not the high-intensity algorithm A1, but the low-intensity algorithm A2, which is more vulnerable to attacks, namely, bidding down attacks. Therefore, the prior art does not prevent bidding down attacks. The result of negotiation between the MME and the UE may be a low-intensity algorithm. Consequently, in the subsequent communication process, the communication between the UE and the MME is vulnerable to attacks, and the subsequent interaction between the UE and the network is not secure. SUMMARY According to a first aspect of the invention a method for preventing bidding down attacks during motion of the UE is disclosed to ensure security of subsequent interaction between the UE and the network. According to a second aspect of the invention a system for preventing bidding down attacks during motion of the UE is disclosed to ensure security of subsequent interaction between the UE and the network. According to a third aspect of the invention an MME is disclosed to ensure security of subsequent interaction between the UE and the network. According to a fourth aspect of the invention a UE is disclosed to ensure security of subsequent interaction between the UE and the network. In order to fulfill the foregoing objectives, the technical solution under the present invention is implemented as follows: In a preferred implementation form the method for preventing bidding down attacks during motion of a UE includes: sending, by a UE, a TAU Request message to a MME; wherein the TAU Request carries UE's stored security capabilities; receiving UE's security capabilities sent by the MME; and determining that a bidding down attack occurs if the received UE's security capabilities are inconsistent with the stored UE's security capabilities. In a preferred implementation form the system for preventing bidding down attacks during motion of a UE includes: a UE, configured to: send a TAU Request message to the MME; receive the UE's security capabilities sent by the MME, wherein the TAU Request carries UE's stored security capabilities; and check whether the received UE's security capabilities are consistent with the stored UE's security capabilities; and an MME, configured to: receive the TAU Request message from the UE, obtain the UE's security capabilities from the TAU Request, and send the obtained UE's security capabilities to the UE. In a preferred implementation form the UE includes: an updating module, configured to: send a TAU Request message to the MME; wherein the TAU Request carries UE's stored security capabilities; and a judging module, configured to: receive the UE's security capabilities sent by the MME, and judge whether the received UE's security capabilities are consistent with the security capabilities stored by the storing module. In the technical solution under the present invention, after the UE sends a TAU Request message to the MME, the UE receives the UE's security capabilities obtained and sent by the MME, and determines that a bidding down attack occurs if the received UE's security capabilities are inconsistent with the stored security capabilities. Therefore, if the UE's security capabilities obtained by the MME are attacked, when the MME delivers the UE's security capabilities to the UE in the process of security capability negotiation between the UE and the MME, the UE determines that a bidding down attack occurs if finding that the received UE's security capabilities are inconsistent with the stored security capabilities according to the technical solution under the present invention. In this way, bidding down attacks are prevented, and the security of the subsequent interaction between the UE and the network is ensured. BRIEF DESCRIPTION OF THE DRAWINGS In order to make the technical solution under the present invention or in the prior art clear, the accompanying drawings for illustrating the embodiments of the present invention or illustrating the prior art are outlined below. Evidently, the accompanying drawings are for the exemplary purpose only, and those skilled in the art can derive other drawings from such accompanying drawings without making any creative effort. FIG. 1 is a flowchart of a method for security capability negotiation during motion of a UE in the prior art; FIG. 2 is a flowchart of a method for preventing bidding down attacks during motion of a UE according to an embodiment of the present invention; FIG. 3 is a flowchart of a method for security capability negotiation during motion of a UE according to an embodiment of the present invention; and FIG. 4 shows a structure of a system for preventing bidding down attacks during motion of a UE according to an embodiment of the present invention. DETAILED DESCRIPTION The technical solution under the present invention is expounded below by reference to accompanying drawings. Evidently, the embodiments given herein are for the exemplary purpose only, and are not all of the embodiments of the present invention. Those skilled in the art can derive other embodiments from the embodiments given herein FIG. 2 is a flowchart of a method for preventing bidding down attacks during motion of a UE according to an embodiment of the present invention. As shown in FIG. 2, the method includes the following steps: In step 200, the new MME receives a TAU Request message from the UE. In step 201, the new MME obtains the UE's security capabilities. In step 202, through a TAU Accept message, the UE's security capabilities are sent to the UE. In step 203, the UE checks whether the received UE's security capabilities are consistent with the stored security capabilities. FIG. 3 is a flowchart of a method for security capability negotiation during motion of a UE according to an embodiment of the present invention. The method includes the following steps: Step 300: The UE sends a TAU Request message to the new MME. In this step, the UE sends a TAU Request to the new MME through an evolution Node B (eNB) of the LTE radio access network. For ease of description in the following text, the communication transferred by an eNB between the UE and the MME is simplified as communication performed directly between the UE and the MME. The TAU Request sent by the UE to the MME in this step may carry not only the parameters well known to those skilled in the art such as Temporary Mobile Subscriber Identifier (TMSI), but also the UE's security capabilities, for example, NAS security algorithms (NAS integrity protection algorithm and encryption algorithm), the RRC security algorithms (RRC integrity protection algorithm and encryption algorithm), and/or UP security algorithm (UP encryption algorithm). Steps 301-302: The new MME sends a Mobility Management Context Request message to the old MME. The old MME sends a Mobility Management Context Response message to the new MME, and this message carries the current NAS security algorithm list and the current root key (Kasme). If the TAU Request sent by the UE to the MME in step 300 does not carry the UE's security capabilities, the old MME searches for the UE's security capabilities after receiving the Mobility Management Context Request message, and adds the found UE's security capabilities into a Mobility Management Context Response message sent to the MME. Step 303: According to the intersection of the NAS security algorithms in the UE's security capabilities, the NAS security algorithms supported by the new MME, and the NAS security algorithms enabled by the system, the new MME selects a new NAS security algorithm. Afterward, a new NAS protection key (including a Knas-int and a Knas-enc) is deduced according to the root key (Kasme) currently used by the UE and other parameters, and serves as the subsequent NAS security key. If the new NAS algorithm is different from the current NAS security algorithm returned by the old MME, it is necessary to reset the counter to prevent replay attacks. Step 304: The new MME sends TAU Accept message to the UE. The message carries the selected new NAS security algorithm and the UE's security capabilities. In this step, the MME may perform NAS integrity protection for the TAU Accept message. For example, by using the Knas-int deduced in step 303, the information in the TAU Accept, and the NAS integrity protection algorithm in the NAS security algorithms, the MME deduces a NAS integrity protection Message Authentication Code (NAS-MAC) value, and adds this value into the TAU Accept message and sends the message to the UE. In this step, the MME may deliver the selected new NAS security algorithm and the UE's security capabilities to the UE by using a Security Mode Command (SMC) request message, the details of which are not elaborated here any further. In practice, other steps unrelated to security capability negotiation may occur between step 303 and step 304, and are omitted here. Step 305: The UE checks whether the received UE's security capabilities are consistent with the stored security capabilities. In this step, if the UE finds that the received UE's security capabilities are consistent with the security capabilities stored by the UE, the UE determines that no bidding down attack occurs; otherwise, the UE determines that a bidding down attack occurs. If it is determined that the security capability negotiation fails, the security capability negotiation process may be initiated again, thus preventing bidding down attacks. In this step, the UE may further check the NAS security algorithm carried in the TAU Accept message. If the carried NAS security algorithm is the same as the NAS security algorithm currently used by the UE, the Knas-int currently used by the UE and the Knas-enc currently used by the UE are used as the subsequent NAS protection key. If the carried NAS security algorithm is different from the NAS security algorithm currently used by the UE (or the old MME), a new Knas-int and a new Knas-enc need to be deduced according to the root key (Kasme) currently used by the UE and other parameters, and serve as the subsequent NAS security key. The counter is reset to prevent replay attacks. In this step, the UE may check whether the NAS-MAC in the received TAU accept message is correct. If the NAS-MAC is not correct, the UE determines that the security capability negotiation fails, and may reinitiate the security capability negotiation process. For example, according the deduced Knas-enc, the information in the TAU Accept, and the NAS integrity protection algorithm carried in the TAU Accept message, the UE deduces a NAS-MAC, and checks whether the deduced NAS-MAC is the same as the NAS-MAC carried in the TAU Accept message. If they are the same, the message is not changed in the transmission process; otherwise, the message is changed in the transmission process and the security capability negotiation fails. In this way, the NAS security capability negotiation between the UE and the new MME is completed in the TAU process. In the foregoing process, the detailed deducing process for the UE and the MME to deduce the NAS protection key according to the Kasme is based on the prior art, and is not elaborated herein. FIG. 4 shows a structure of a system for preventing bidding down attacks during motion of a UE according to an embodiment of the present invention. As shown in FIG. 4, the system includes: a UE, configured to: send a TAU Request message to the MME; receive the UE's security capabilities sent by the new MME; and check whether the received UE's security capabilities are consistent with the stored security capabilities; and an MME, configured to: receive the TAU Request message from the UE, obtain the UE's security capabilities, and send the obtained UE's security capabilities to the UE. Further, the UE adds the UE's security capabilities into the TAU Request message. Specifically, the MME includes: an obtaining module 11, configured to receive the TAU Request message from the UE, where the message carries the UE's security capabilities; and a delivering module 12, configured to send the UE's security capabilities received by the obtaining module 11 to the UE through a TAU Response message. The obtaining module 11 further obtains the current root key. The MME further includes: a selecting module 13, configured to select a NAS security algorithm according to the UE's security capabilities; and a key deducing module 14, configured to deduce a NAS protection key according to the root key obtained by the obtaining module 11 and the NAS security algorithm selected by the selecting module 13. Accordingly, the UE includes: an updating module 21, configured to send a TAU Request message to the MME; and a judging module 22, configured to: receive the UE's security capabilities sent by the MME, and judge whether the received UE's security capabilities are consistent with the stored security capabilities. The UE further includes a storing module 23, configured to store the UE's security capabilities. The updating module 21 may add the UE's security capabilities into the TAU Request message. The technical solution under the present invention brings at least the following benefits. Firstly, the UE sends a TAU Request message to the MME, and then receives the UE's security capabilities obtained and sent by the MME; and determines that a bidding down attack occurs if finding that the received UE's security capabilities are inconsistent with the stored security capabilities. Therefore, if the UE's security capabilities obtained by the MME are attacked or modified, when the MME delivers the UE's security capabilities to the UE in the process of security capability negotiation between the UE and the MME, the UE can detect bidding down attacks according to the technical solution under the present invention. In this way, bidding down attacks are prevented. Secondly, the new MME selects a new NAS security algorithm according to the relevant security capabilities (NAS/RRC/UP security algorithm) of the UE and the LTE network. In the prior art, the old MME returns the UE's security capabilities to the new MME through a Context Response message. The UE reports all its security capabilities to the old MME through other processes before the TAU process. Therefore, the prior art is practicable for an idle UE that moves inside an LTE network. However, the idle UE may move from a 2G/3G network to an LTE network. Before moving to the LTE network, the UE reports only the security capabilities related to the 2G/3G network to the SGSN, and does not report the security capabilities related to the LTE network to the SGSN proactively. After the UE moves to the LTE network, the prior art is still applied, the SGSN still needs to query the UE about the UE's security capabilities related to the LTE network before the SGSN can report such security capabilities to the new MME, which may involve upgrade of the existing network increase unnecessary rounii trips. In the technical solution under the present invention, the UE sends the UE's security capabilities to the new MME through a TAU Request message. Therefore, the new MME does not need to query the old MME about the UE's security capabilities when the UE moves inside the LTE network. When the UE moves from a 2G/3G network to an LTE network, the SGSN does not need to query the UE's security capabilities. In this way, the processing of the network equipment is simplified, and the working efficiency of the system is improved. Thirdly, in the prior art, after the MME selects the new NAS security algorithm, the MME needs to judge whether the new NAS security algorithm is consistent with the NAS security algorithm currently used by the old MME. If the new NAS security algorithm is consistent with the NAS security algorithm currently used by the old MME, the Knas-int and the Knas-enc currently in use serve as the subsequent NAS security key. If the new NAS security algorithm is inconsistent with the NAS security algorithm currently used by the old MME, a new Knas-int and a new Knas-enc need to be deduced according to the root key (Kasme) currently in use and other parameters, and serve as the subsequent NAS security key. Therefore, the old MME needs to return the Knas-int and the Knas-enc currently in use to the new MME through an Context Response message. Such parameters are intended for the new MME to use the existing keys as far as possible and reduce the calculation load. In fact, however, such parameters are useful only when the new NAS security algorithm selected by the MME is consistent with the NAS security algorithm currently used by the old MME. If the new NAS security algorithm is different from the NAS security algorithm currently used by the old MME, the new MME still needs to deduce such keys, which does not reduce the calculation load, but makes the MME processing more complicated. The parameters carried in the message sent to the new MME are redundant. In the technical solution under the present invention, after the new MME selects a new NAS security algorithm, no matter whether the selected NAS algorithm is consistent with the NAS security algorithm currently in use, the new MME deduces the algorithm again, thus eliminating the redundancy of the parameters in the message exchanged between the old MME and the new MME. Meanwhile, the present invention makes use of the existing NAS protection key algorithm to obtain the NAS protection key, thus simplifying the MME processing. With the algorithm being the same as that in the prior art, the present invention does not increase any calculation load. It is understandable to those skilled in the art that all or part of the steps of the foregoing embodiments may be implemented by hardware instructed by a computer program. The program may be stored in a computer-readable storage medium. Once being executed, the program performs the processes covered in the foregoing embodiments. The storage medium may be a magnetic disk, compact disk, Read-Only Memory (ROM), or Random Access Memory (RAM). t Although the invention has been described through several preferred embodiments, the invention is not limited to such embodiments. It is apparent that those skilled in the art can make modifications and variations to the invention. WE CLAIM: 1. A method for preventing bidding down attacks during motion of a User Equipment, UE, comprising: sending, by the UE, a Tracking Area Update, TAU, Request to a Mobility Management Entity, MME; wherein the TAU Request carries UE's stored security capabilities; receiving UE's security capabilities sent by the MME; and determining that a bidding down attack occurs if the received UE's security capabilities are inconsistent with the stored UE's security capabilities. 2. The method of claim 1, wherein before the receiving UE's security capabilities sent by the MME, the method further comprises: obtaining, by the MME, the UE's security capabilities from the TAU Request. 3. The method of claim 1, wherein before the receiving UE's security capabilities sent by the MME, the method further comprises: selecting a Non Access Signaling, NAS, security algorithm according to the received UE's security capabilities. 4. The method of claim 1, wherein before the receiving UE's security capabilities sent by the MME, the method further comprises: obtaining, by the MME, a root key currently in use; and deducing a NAS protection key according to the root key currently in use. 5. The method of claim 3, wherein after the selecting the NAS security algorithm according to the received UE's security capabilities, the method further comprises: sending, by the MME, a TAU Accept message carrying the received UE's security capabilities to the UE, wherein: the TAU Accept message further carries the selected NAS security algorithm. 6. The method of claim 5, after the sending, by the MME, the TAU Accept message carrying the received UE's security capabilities to the UE, the method further comprises: judging, by the UE, whether the received NAS security algorithm is the same as the NAS security algorithm currently in use; and using a current NAS protection key directly if the received NAS security algorithm is the same as the NAS security algorithm currently in use; or deducing the NAS protection key according to the root key currently in use if the received NAS security algorithm is different from the NAS security algorithm currently in use. 7. A system for preventing bidding down attacks during motion of a User Equipment, UE, comprising: a UE, configured to send a Tracking Area Update, TAU, Request to a Mobility Management Entity, MME, wherein the TAU Request carries UE's stored security capabilities; receive UE's security capabilities sent by the MME; and check whether the received UE's security capabilities are consistent with the stored UE's security capabilities; and the MME, configured to receive the TAU Request from the UE, obtain the UE's security capabilities from the TAU Request, and send the obtained UE's security capabilities to the UE. 8. The system of claim 7, the MME comprises: an obtaining module (11), configured to receive the TAU Request message from the UE, obtain the UE's security capabilities from the TAU Request; and a delivering module (12), configured to send the UE's security capabilities obtained by the obtaining module (11) to the UE through a TAU Accept message. 9. The system of any of claims 7 to 8, the MME further comprises: a selecting module (13), configured to select a Non Access Signaling, NAS, security algorithm according to the obtained UE's security capabilities. 10. The MME of claim 9, wherein the obtaining module (11) is further configured to obtain a root key currently in use; and the MME further comprises: a key deducing module (14), configured to deduce a NAS protection key according to the root key obtained by the obtaining module (11) and the NAS security algorithm selected by the selecting module (13). 11. A Mobility Management Entity, MME, comprising: an obtaining module (11), configured to receive a Tracking Area Update, TAU, Request message from a User Equipment, UE, wherein the message carries UE's security capabilities; and a delivering module (12), configured to send the UE's security capabilities received by the obtaining module (11) to the UE through a TAU Accept message. 12. The MME of claim 11, the MME further comprises: a selecting module (13), configured to select a Non Access Signaling, NAS, security algorithm according to the received UE's security capabilities. 13. The MME of claim 11, wherein the obtaining module (11) is further configured to obtain a root key currently in use; and the MME further comprises: a key deducing module (14), configured to deduce a NAS protection key according to the root key obtained by the obtaining module (11) and the NAS security algorithm selected by the selecting module (13). 14. An User Equipment, UE, comprising: an updating module (21), configured to send a Tracking Area Update, TAU, Request message to a Mobility Management Entity, MME; wherein the TAU Request carries UE's stored security capabilities; and a judging module (22), configured to receive UE's security capabilities sent by the MME, and judge whether the received UE's security capabilities are consistent with the stored security capabilities. 15. The UE of claim 14, further comprising: a storing module (23), configured to store the UE's security capabilities, wherein: the updating module (21) is further configured to add the UE's security capabilities stored by the storing module (23) into the TAU Request message. A method for preventing bidding down attacks during motion of a UE is disclosed herein. The method includes: The UE sends a TAU Request message to a new MME; the TAU Request carries UE's stored security capabilities; the UE receives UE's security capabilities sent by the MME; and the UE checks whether the received UE's security capabilities are consistent with the stored UE's security capabilities. A system, an MME, and a UE for preventing bidding down attacks during motion of the UE are disclosed herein. When the UE performs security capability negotiation with the MME, the UE can check whether the received security capabilities are consistent with the stored security capabilities, and determine whether a bidding down attack exists, thus preventing bidding down attacks.

Full Text

FIELD OF THE INVENTION
The present invention relates to mobile communication, and in particular, to a method, a
system, and an apparatus for preventing bidding down attacks during motion of a User Equipment
(UE).
BACKGROUND
A radio network includes two parts: radio access network (RAN) and core network. A Long Term
Evolution (LTE) radio core network includes a Mobile Management Entity (MME). The functions
of the MME are similar to the functions of a Serving General Packet Radio Service (GPRS)
Supporting Node (SGSN), and include mobility management and user authentication. When a UE is
in the idle state, the UE needs to negotiate the Non-Access Signaling (NAS) security algorithms
with the MME, including the NAS encryption algorithm and the NAS integrity protection algorithm
in order to ensure the system security in the communication process of the UE.
When the UE in the idle state moves in an LTE radio access network, or moves from a 2G\3G
network to an LTE network, a Tracking Area Update (TAU) process occurs. In this process, the
entity that performs mobility management and user authentication for the UE may change. For
example, when the UE moves in an LTE network, the entity that performs mobility management
and user authentication for the UE changes from the MME prior to moving (the old MME) to the
MME subsequent to moving (the new MME). When the UE moves from a 2G/3G network to an
LTE network, the entity that performs mobility management and user authentication for the UE
changes from the SGSN to the MME. The security capabilities of different entities that perform
mobility management and user authentication for the UE may differ. Therefore, the UE needs to
renegotiate security capabilities with the new MME. For the LTE network, the negotiation of
security capabilities between the UE and the MME is primarily negotiation of the NAS security
algorithm and the corresponding key negotiation.
FIG. 1 is a flowchart of security capability negotiation between the UE and the MME in the prior art.
As shown in FIG. 1, the method of security capability negotiation includes the following steps:
Step 100: The UE sends a TAU Request to the new MME.
In this step, the UE sends a TAU Request to the new MME through an evolution Node B (eNB) of
the LTE radio access network. For ease of description in the following text, the message transferred
by an eNB between the UE and the MME is simplified as communication performed directly
between the UE and the MME.
Steps 101-102: The new MME sends a Mobility Management Context Request message to the old

MME. After receiving the message, the old MME returns a Mobility Management Context
Response message to the new MME, and this message carries the current root key "Kasme", the
current integrity protection key (Knas-int), the current NAS encryption key (Knas-enc), the current
NAS security algorithm, and the security capabilities supported by the UE (including the
NAS/Radio Resource Control (RRC)/User Plane (UP) security algorithm supported by the UE).
Step 103: According to the intersection of the NAS security algorithms in the UE's security
capabilities, the NAS security algorithms supported by the new MME, and the NAS security
algorithms enabled by the system, the new MME selects a new NAS security algorithm, including
the NAS integrity protection algorithm and the NAS encryption algorithm.
Step 104: The new MME sends TAU Accept message to the UE. The message carries the selected
new NAS security algorithm.
In practice, other steps, unrelated to security capability negotiation that occurs between step 103 and
step 104, are omitted here.
Step 105: The UE receives the TAU Accept message that carries the selected NAS security
algorithm to share the NAS security algorithm with the MME. Afterward, the UE checks the NAS
security algorithm carried in the TAU Accept message. If the carried NAS security algorithm is the
same as the NAS security algorithm currently used by the UE, the Knas-int and the Knas-enc
currently used by the UE serve as the subsequent NAS protection key. If the carried NAS security
algorithm is different from the NAS security algorithm currently used by the UE, a new Knas-int
and a new Knas-enc need to be deduced according to the root key (Kasme) currently used by the
UE and other parameters, and serve as the subsequent NAS protection key shared with the MME. In
this way, the security capabilities are negotiated between the UE and the MME.
Evidently, no process of preventing bidding down attacks is performed in the prior art. A bidding
down attack means: Supposing that the UE supports two security algorithms simultaneously
(high-intensity algorithm Al and low-intensity algorithm A2) and the MME also supports such two
algorithms, the result of negotiation between the UE and the MME ought to be the high-intensity
algorithm Al. However, if the security capabilities supported by the UE are modified by an attacker
before the new MME knows the security capabilities supported by the UE, for example, if the
attacker reserves only the low-intensity algorithm A2, the new MME has to select the low-intensity
algorithm A2 and sends it to the UE. That is, the result of negotiation between the UE and the MME
is not the high-intensity algorithm A1, but the low-intensity algorithm A2, which is more vulnerable
to attacks, namely, bidding down attacks. Therefore, the prior art does not prevent bidding down
attacks. The result of negotiation between the MME and the UE may be a low-intensity algorithm.
Consequently, in the subsequent communication process, the communication between the UE and

the MME is vulnerable to attacks, and the subsequent interaction between the UE and the network is
not secure.
SUMMARY
According to a first aspect of the invention a method for preventing bidding down attacks during
motion of the UE is disclosed to ensure security of subsequent interaction between the UE and the
network.
According to a second aspect of the invention a system for preventing bidding down attacks during
motion of the UE is disclosed to ensure security of subsequent interaction between the UE and the
network.
According to a third aspect of the invention an MME is disclosed to ensure security of subsequent
interaction between the UE and the network.
According to a fourth aspect of the invention a UE is disclosed to ensure security of subsequent
interaction between the UE and the network.
In order to fulfill the foregoing objectives, the technical solution under the present invention is
implemented as follows:
In a preferred implementation form the method for preventing bidding down attacks during motion
of a UE includes:
sending, by a UE, a TAU Request message to a MME; wherein the TAU Request carries
UE's stored security capabilities;
receiving UE's security capabilities sent by the MME; and
determining that a bidding down attack occurs if the received UE's security capabilities are
inconsistent with the stored UE's security capabilities.
In a preferred implementation form the system for preventing bidding down attacks during motion
of a UE includes:
a UE, configured to: send a TAU Request message to the MME; receive the UE's security
capabilities sent by the MME, wherein the TAU Request carries UE's stored security capabilities;
and check whether the received UE's security capabilities are consistent with the stored UE's
security capabilities; and
an MME, configured to: receive the TAU Request message from the UE, obtain the UE's
security capabilities from the TAU Request, and send the obtained UE's security capabilities to the
UE.
In a preferred implementation form the UE includes:
an updating module, configured to: send a TAU Request message to the MME; wherein the

TAU Request carries UE's stored security capabilities; and
a judging module, configured to: receive the UE's security capabilities sent by the MME,
and judge whether the received UE's security capabilities are consistent with the security
capabilities stored by the storing module.
In the technical solution under the present invention, after the UE sends a TAU Request message to
the MME, the UE receives the UE's security capabilities obtained and sent by the MME, and
determines that a bidding down attack occurs if the received UE's security capabilities are
inconsistent with the stored security capabilities. Therefore, if the UE's security capabilities
obtained by the MME are attacked, when the MME delivers the UE's security capabilities to the UE
in the process of security capability negotiation between the UE and the MME, the UE determines
that a bidding down attack occurs if finding that the received UE's security capabilities are
inconsistent with the stored security capabilities according to the technical solution under the
present invention. In this way, bidding down attacks are prevented, and the security of the
subsequent interaction between the UE and the network is ensured.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to make the technical solution under the present invention or in the prior art clear, the
accompanying drawings for illustrating the embodiments of the present invention or illustrating the
prior art are outlined below. Evidently, the accompanying drawings are for the exemplary purpose
only, and those skilled in the art can derive other drawings from such accompanying drawings
without making any creative effort.
FIG. 1 is a flowchart of a method for security capability negotiation during motion of a UE in the
prior art;
FIG. 2 is a flowchart of a method for preventing bidding down attacks during motion of a UE
according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for security capability negotiation during motion of a UE
according to an embodiment of the present invention; and
FIG. 4 shows a structure of a system for preventing bidding down attacks during motion of a UE
according to an embodiment of the present invention.
DETAILED DESCRIPTION
The technical solution under the present invention is expounded below by reference to
accompanying drawings. Evidently, the embodiments given herein are for the exemplary purpose
only, and are not all of the embodiments of the present invention. Those skilled in the art can derive
other embodiments from the embodiments given herein
FIG. 2 is a flowchart of a method for preventing bidding down attacks during motion of a UE

according to an embodiment of the present invention. As shown in FIG. 2, the method includes the
following steps:
In step 200, the new MME receives a TAU Request message from the UE. In step 201, the new
MME obtains the UE's security capabilities. In step 202, through a TAU Accept message, the UE's
security capabilities are sent to the UE. In step 203, the UE checks whether the received UE's
security capabilities are consistent with the stored security capabilities.
FIG. 3 is a flowchart of a method for security capability negotiation during motion of a UE
according to an embodiment of the present invention. The method includes the following steps:
Step 300: The UE sends a TAU Request message to the new MME.
In this step, the UE sends a TAU Request to the new MME through an evolution Node B (eNB) of
the LTE radio access network. For ease of description in the following text, the communication
transferred by an eNB between the UE and the MME is simplified as communication performed
directly between the UE and the MME.
The TAU Request sent by the UE to the MME in this step may carry not only the parameters well
known to those skilled in the art such as Temporary Mobile Subscriber Identifier (TMSI), but also
the UE's security capabilities, for example, NAS security algorithms (NAS integrity protection
algorithm and encryption algorithm), the RRC security algorithms (RRC integrity protection
algorithm and encryption algorithm), and/or UP security algorithm (UP encryption algorithm).
Steps 301-302: The new MME sends a Mobility Management Context Request message to the old
MME. The old MME sends a Mobility Management Context Response message to the new MME,
and this message carries the current NAS security algorithm list and the current root key (Kasme).
If the TAU Request sent by the UE to the MME in step 300 does not carry the UE's security
capabilities, the old MME searches for the UE's security capabilities after receiving the Mobility
Management Context Request message, and adds the found UE's security capabilities into a
Mobility Management Context Response message sent to the MME.
Step 303: According to the intersection of the NAS security algorithms in the UE's security
capabilities, the NAS security algorithms supported by the new MME, and the NAS security
algorithms enabled by the system, the new MME selects a new NAS security algorithm. Afterward,
a new NAS protection key (including a Knas-int and a Knas-enc) is deduced according to the root
key (Kasme) currently used by the UE and other parameters, and serves as the subsequent NAS
security key.
If the new NAS algorithm is different from the current NAS security algorithm returned by the old
MME, it is necessary to reset the counter to prevent replay attacks.
Step 304: The new MME sends TAU Accept message to the UE. The message carries the selected

new NAS security algorithm and the UE's security capabilities.
In this step, the MME may perform NAS integrity protection for the TAU Accept message. For
example, by using the Knas-int deduced in step 303, the information in the TAU Accept, and the
NAS integrity protection algorithm in the NAS security algorithms, the MME deduces a NAS
integrity protection Message Authentication Code (NAS-MAC) value, and adds this value into the
TAU Accept message and sends the message to the UE.
In this step, the MME may deliver the selected new NAS security algorithm and the UE's security
capabilities to the UE by using a Security Mode Command (SMC) request message, the details of
which are not elaborated here any further.
In practice, other steps unrelated to security capability negotiation may occur between step 303 and
step 304, and are omitted here.
Step 305: The UE checks whether the received UE's security capabilities are consistent with the
stored security capabilities.
In this step, if the UE finds that the received UE's security capabilities are consistent with the
security capabilities stored by the UE, the UE determines that no bidding down attack occurs;
otherwise, the UE determines that a bidding down attack occurs. If it is determined that the security
capability negotiation fails, the security capability negotiation process may be initiated again, thus
preventing bidding down attacks.
In this step, the UE may further check the NAS security algorithm carried in the TAU Accept
message. If the carried NAS security algorithm is the same as the NAS security algorithm currently
used by the UE, the Knas-int currently used by the UE and the Knas-enc currently used by the UE
are used as the subsequent NAS protection key. If the carried NAS security algorithm is different
from the NAS security algorithm currently used by the UE (or the old MME), a new Knas-int and a
new Knas-enc need to be deduced according to the root key (Kasme) currently used by the UE and
other parameters, and serve as the subsequent NAS security key. The counter is reset to prevent
replay attacks.
In this step, the UE may check whether the NAS-MAC in the received TAU accept message is
correct. If the NAS-MAC is not correct, the UE determines that the security capability negotiation
fails, and may reinitiate the security capability negotiation process. For example, according the
deduced Knas-enc, the information in the TAU Accept, and the NAS integrity protection algorithm
carried in the TAU Accept message, the UE deduces a NAS-MAC, and checks whether the deduced
NAS-MAC is the same as the NAS-MAC carried in the TAU Accept message. If they are the same,
the message is not changed in the transmission process; otherwise, the message is changed in the
transmission process and the security capability negotiation fails.

In this way, the NAS security capability negotiation between the UE and the new MME is
completed in the TAU process.
In the foregoing process, the detailed deducing process for the UE and the MME to deduce the NAS
protection key according to the Kasme is based on the prior art, and is not elaborated herein.
FIG. 4 shows a structure of a system for preventing bidding down attacks during motion of a UE
according to an embodiment of the present invention. As shown in FIG. 4, the system includes:
a UE, configured to: send a TAU Request message to the MME; receive the UE's security
capabilities sent by the new MME; and check whether the received UE's security capabilities are
consistent with the stored security capabilities; and
an MME, configured to: receive the TAU Request message from the UE, obtain the UE's
security capabilities, and send the obtained UE's security capabilities to the UE.
Further, the UE adds the UE's security capabilities into the TAU Request message.
Specifically, the MME includes:
an obtaining module 11, configured to receive the TAU Request message from the UE,
where the message carries the UE's security capabilities; and
a delivering module 12, configured to send the UE's security capabilities received by the
obtaining module 11 to the UE through a TAU Response message.
The obtaining module 11 further obtains the current root key. The MME further includes:
a selecting module 13, configured to select a NAS security algorithm according to the UE's
security capabilities; and
a key deducing module 14, configured to deduce a NAS protection key according to the
root key obtained by the obtaining module 11 and the NAS security algorithm selected by the
selecting module 13.
Accordingly, the UE includes:
an updating module 21, configured to send a TAU Request message to the MME; and
a judging module 22, configured to: receive the UE's security capabilities sent by the MME,
and judge whether the received UE's security capabilities are consistent with the stored security
capabilities.
The UE further includes a storing module 23, configured to store the UE's security capabilities. The
updating module 21 may add the UE's security capabilities into the TAU Request message.
The technical solution under the present invention brings at least the following benefits.
Firstly, the UE sends a TAU Request message to the MME, and then receives the UE's security
capabilities obtained and sent by the MME; and determines that a bidding down attack occurs if
finding that the received UE's security capabilities are inconsistent with the stored security

capabilities. Therefore, if the UE's security capabilities obtained by the MME are attacked or
modified, when the MME delivers the UE's security capabilities to the UE in the process of security
capability negotiation between the UE and the MME, the UE can detect bidding down attacks
according to the technical solution under the present invention. In this way, bidding down attacks
are prevented.
Secondly, the new MME selects a new NAS security algorithm according to the relevant security
capabilities (NAS/RRC/UP security algorithm) of the UE and the LTE network. In the prior art, the
old MME returns the UE's security capabilities to the new MME through a Context Response
message. The UE reports all its security capabilities to the old MME through other processes before
the TAU process. Therefore, the prior art is practicable for an idle UE that moves inside an LTE
network. However, the idle UE may move from a 2G/3G network to an LTE network. Before
moving to the LTE network, the UE reports only the security capabilities related to the 2G/3G
network to the SGSN, and does not report the security capabilities related to the LTE network to the
SGSN proactively. After the UE moves to the LTE network, the prior art is still applied, the SGSN
still needs to query the UE about the UE's security capabilities related to the LTE network before
the SGSN can report such security capabilities to the new MME, which may involve upgrade of the
existing network increase unnecessary rounii trips. In the technical solution under the present
invention, the UE sends the UE's security capabilities to the new MME through a TAU Request
message. Therefore, the new MME does not need to query the old MME about the UE's security
capabilities when the UE moves inside the LTE network. When the UE moves from a 2G/3G
network to an LTE network, the SGSN does not need to query the UE's security capabilities. In this
way, the processing of the network equipment is simplified, and the working efficiency of the
system is improved.
Thirdly, in the prior art, after the MME selects the new NAS security algorithm, the MME needs to
judge whether the new NAS security algorithm is consistent with the NAS security algorithm
currently used by the old MME. If the new NAS security algorithm is consistent with the NAS
security algorithm currently used by the old MME, the Knas-int and the Knas-enc currently in use
serve as the subsequent NAS security key. If the new NAS security algorithm is inconsistent with
the NAS security algorithm currently used by the old MME, a new Knas-int and a new Knas-enc
need to be deduced according to the root key (Kasme) currently in use and other parameters, and
serve as the subsequent NAS security key. Therefore, the old MME needs to return the Knas-int and
the Knas-enc currently in use to the new MME through an Context Response message. Such
parameters are intended for the new MME to use the existing keys as far as possible and reduce the
calculation load. In fact, however, such parameters are useful only when the new NAS security

algorithm selected by the MME is consistent with the NAS security algorithm currently used by the
old MME. If the new NAS security algorithm is different from the NAS security algorithm
currently used by the old MME, the new MME still needs to deduce such keys, which does not
reduce the calculation load, but makes the MME processing more complicated. The parameters
carried in the message sent to the new MME are redundant. In the technical solution under the
present invention, after the new MME selects a new NAS security algorithm, no matter whether the
selected NAS algorithm is consistent with the NAS security algorithm currently in use, the new
MME deduces the algorithm again, thus eliminating the redundancy of the parameters in the
message exchanged between the old MME and the new MME. Meanwhile, the present invention
makes use of the existing NAS protection key algorithm to obtain the NAS protection key, thus
simplifying the MME processing. With the algorithm being the same as that in the prior art, the
present invention does not increase any calculation load.
It is understandable to those skilled in the art that all or part of the steps of the foregoing
embodiments may be implemented by hardware instructed by a computer program. The program
may be stored in a computer-readable storage medium. Once being executed, the program performs
the processes covered in the foregoing embodiments. The storage medium may be a magnetic disk,
compact disk, Read-Only Memory (ROM), or Random Access Memory (RAM).
t
Although the invention has been described through several preferred embodiments, the invention is
not limited to such embodiments. It is apparent that those skilled in the art can make modifications
and variations to the invention.

WE CLAIM:
1. A method for preventing bidding down attacks during motion of a User Equipment, UE,
comprising:
sending, by the UE, a Tracking Area Update, TAU, Request to a Mobility Management Entity,
MME; wherein the TAU Request carries UE's stored security capabilities;
receiving UE's security capabilities sent by the MME; and
determining that a bidding down attack occurs if the received UE's security capabilities are
inconsistent with the stored UE's security capabilities.
2. The method of claim 1, wherein before the receiving UE's security capabilities sent by the
MME, the method further comprises:
obtaining, by the MME, the UE's security capabilities from the TAU Request.
3. The method of claim 1, wherein before the receiving UE's security capabilities sent by the
MME, the method further comprises:
selecting a Non Access Signaling, NAS, security algorithm according to the received UE's
security capabilities.
4. The method of claim 1, wherein before the receiving UE's security capabilities sent by the
MME, the method further comprises:
obtaining, by the MME, a root key currently in use; and
deducing a NAS protection key according to the root key currently in use.
5. The method of claim 3, wherein after the selecting the NAS security algorithm according
to the received UE's security capabilities, the method further comprises:
sending, by the MME, a TAU Accept message carrying the received UE's security capabilities
to the UE, wherein:
the TAU Accept message further carries the selected NAS security algorithm.
6. The method of claim 5, after the sending, by the MME, the TAU Accept message carrying
the received UE's security capabilities to the UE, the method further comprises:
judging, by the UE, whether the received NAS security algorithm is the same as the NAS
security algorithm currently in use; and
using a current NAS protection key directly if the received NAS security algorithm is the same
as the NAS security algorithm currently in use; or
deducing the NAS protection key according to the root key currently in use if the received
NAS security algorithm is different from the NAS security algorithm currently in use.

7. A system for preventing bidding down attacks during motion of a User Equipment, UE,
comprising:
a UE, configured to send a Tracking Area Update, TAU, Request to a Mobility Management
Entity, MME, wherein the TAU Request carries UE's stored security capabilities; receive UE's
security capabilities sent by the MME; and check whether the received UE's security capabilities
are consistent with the stored UE's security capabilities; and
the MME, configured to receive the TAU Request from the UE, obtain the UE's security
capabilities from the TAU Request, and send the obtained UE's security capabilities to the UE.
8. The system of claim 7, the MME comprises:
an obtaining module (11), configured to receive the TAU Request message from the UE, obtain
the UE's security capabilities from the TAU Request; and
a delivering module (12), configured to send the UE's security capabilities obtained by the
obtaining module (11) to the UE through a TAU Accept message.
9. The system of any of claims 7 to 8, the MME further comprises: a selecting module (13),
configured to select a Non Access Signaling, NAS, security algorithm according to the obtained
UE's security capabilities.
10. The MME of claim 9, wherein the obtaining module (11) is further configured to obtain a
root key currently in use; and the MME further comprises:
a key deducing module (14), configured to deduce a NAS protection key according to the root
key obtained by the obtaining module (11) and the NAS security algorithm selected by the selecting
module (13).
11. A Mobility Management Entity, MME, comprising:
an obtaining module (11), configured to receive a Tracking Area Update, TAU, Request
message from a User Equipment, UE, wherein the message carries UE's security capabilities; and
a delivering module (12), configured to send the UE's security capabilities received by the
obtaining module (11) to the UE through a TAU Accept message.
12. The MME of claim 11, the MME further comprises:
a selecting module (13), configured to select a Non Access Signaling, NAS, security algorithm
according to the received UE's security capabilities.
13. The MME of claim 11, wherein the obtaining module (11) is further configured to obtain a
root key currently in use; and the MME further comprises:
a key deducing module (14), configured to deduce a NAS protection key according to the root
key obtained by the obtaining module (11) and the NAS security algorithm selected by the selecting
module (13).

14. An User Equipment, UE, comprising:
an updating module (21), configured to send a Tracking Area Update, TAU, Request message
to a Mobility Management Entity, MME; wherein the TAU Request carries UE's stored security
capabilities; and
a judging module (22), configured to receive UE's security capabilities sent by the MME, and
judge whether the received UE's security capabilities are consistent with the stored security
capabilities.
15. The UE of claim 14, further comprising: a storing module (23), configured to store the
UE's security capabilities, wherein:
the updating module (21) is further configured to add the UE's security capabilities stored by
the storing module (23) into the TAU Request message.

A method for preventing bidding down attacks during motion of a UE is disclosed herein. The
method includes: The UE sends a TAU Request message to a new MME; the TAU Request carries
UE's stored security capabilities; the UE receives UE's security capabilities sent by the MME; and
the UE checks whether the received UE's security capabilities are consistent with the stored UE's
security capabilities. A system, an MME, and a UE for preventing bidding down attacks during
motion of the UE are disclosed herein. When the UE performs security capability negotiation with
the MME, the UE can check whether the received security capabilities are consistent with the stored
security capabilities, and determine whether a bidding down attack exists, thus preventing bidding
down attacks.

Documents:

http://ipindiaonline.gov.in/patentsearch/GrantedSearch/viewdoc.aspx?id=43o2Z54gOIQwq8QJm6YBEA==&loc=wDBSZCsAt7zoiVrqcFJsRw==

« Previous Patent

Next Patent »

Patent Number

279134

Indian Patent Application Number

4213/KOLNP/2009

PG Journal Number

02/2017

Publication Date

13-Jan-2017

Grant Date

12-Jan-2017

Date of Filing

04-Dec-2009

Name of Patentee

HUAWEI TECHNOLOGIES CO., LTD.

Applicant Address

HUAWEI ADMINISTRATION BUILDING, BANTIAN, LONGGANG DISTRICT, SHENZHEN, GUANGDONG 518129, P.R. CHINA

Inventors:

#	Inventor's Name	Inventor's Address
1	HE, CHENGDONG	HUAWEI ADMINISTRATION BUILDING, BANTIAN, LONGGANG DISTRICT, SHENZHEN, 518129, GUANGDONG P.R. CHINA

PCT International Classification Number

H04Q 7/32

PCT International Application Number

PCT/CN2008/072192

PCT International Filing date

2008-08-29

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	200710149327.5	2007-09-03	China