文章目录
所谓安全,其实就是保护用户标识和内容隐私,不会被非法分子截获。而安全相关的参数和卡文件密不可分,本文将分析主要的安全相关卡文件,不做细致分析。需要了解的,可以根据目录查找协议详细读一下。卡文件在卡中存储为树形结构,具体可以参考3gpp协议,ts31102协议(f60- 4.7节)。
EFUST (USIM Service Table)
This EF indicates which services are available. If a service is not indicated as available in the USIM, the ME shall not select this service.(该EF文件指示哪些服务可用。 如果在USIM中没有指出服务可用,则ME不应选择该服务。)
• Service n°124:Subscription identifier privacy support
• Service n°125:SUCI calculation by the USIM
• Service n°127:Control plane-based steering of UE in VPLMN
• Service n°122:5GS Mobility Management Information
• Service n°123:5G Security Parameters
Service n°125 shall only be taken into account if Service n°124 is declared “available”.
If Service n°124 and Service n°125 are declared “available”, the “SUCI calculation is to be performed by the USIM”.
If Service n°124 is declared “available” and Service n°125 is not declared “available”, the “SUCI calculation is to be performed by the ME”.
EFSUCI_Calc_Info
(Subscription Concealed Identifier Calculation Information EF)
如果SUCI是由USIM计算,这个文件不适用于ME;
如果SUCI由ME计算,则必须包含该文件。
里面包含了计算SUCI用的
• Protection Scheme Identifier List data object(psi + key_index)
• Home Network Public Key List data object.(key_index对应的key)
EFNSI (Network Specific Identifier)
Network Specific Identifier TLV data object:
- This data object contains the Network Specific Identifier in NAI format as Subscription Permanent Identifier(SUPI);
EFRouting_Indicator (Routing Indicator EF)
计算SUCI的Routing Indicator
EF5GS3GPPNSC (5GS 3GPP Access NAS Security Context)
NAS安全上下文,可以看出,文件包含的都是NAS层安全相关的K和count值等。
EF5GAUTHKEYS (5G authentication keys)
从CK\IK推导出来的KAusf\Kseaf.
下期预告
下篇文章讲一下NAS安全上下文