面向5G mMTC的网络切片安全研究

doi:10.11959/j.issn.2096-109x.2022006

摘要/Abstract

摘要：

随着5G新业务、新架构、新技术的不断出现，其中的安全问题和潜在安全风险正受到越来越多研究人员的重视。海量机器类通信是5G三大应用场景之一，在提供“大连接、低功耗”等高性能的同时，由于 MTC 设备资源受限等，可能弱化 5G 网络的安全性。与此同时，不同场景和应用领域对网络性能、服务质量、安全等级均有较为明显的差异化需求。网络切片技术的引入，适应了 5G 组网的灵活性，满足了 5G网络为用户提供服务的多样性、定制化，也带来了新的安全威胁。5G 商用发展迅猛，物联网设备数量成指数倍增加。为确保5G网络提供更加高效安全的按需服务，针对5G mMTC应用场景，对网络切片安全机制和安全策略的研究尤为重要。因此，详细分析了5G mMTC具有的特点及安全需求，并列举分析了网络切片主要的安全威胁。结合上述安全需求和安全威胁，围绕特定网络切片认证、切片安全隔离、安全管理和编排等方面，总结并阐述了相关现有安全策略方案的贡献和不足，并对未来该领域的研究进行了展望。提出了一个基于SM2国密算法的5G mMTC网络切片二次认证与安全隔离模型。该模型框架通过引入批量认证和预认证机制，满足了 5G 机器类用户大规模认证的高效性；通过对不同通信数据分级加密，实现了 5G mMTC网络切片间的安全隔离；并对该模型进行了性能分析和安全性分析。

关键词: 网络切片, 5GmMTC, 安全隔离, 接入认证

Abstract:

With the emergence of new 5G business, architecture and technology, more and more researchers pay attention to security issues and potential security risks.Massive machine type communication is one of the three major application scenarios of 5G.It provides high performance such as large connection and low power consumption.Due to factors such as limited resources of MTC equipment, it may also weaken the security of 5G networks.At the same time, different scenarios and applications have obvious demands for network performance, service quality and security level.The flexibility of 5G networking is realized by network slicing technology.It meets the diversity and customization of 5G network services, but also brings new security threats.5G commercial rapid development.The number of IoT devices has increased exponentially.In order to ensure that 5G networks provide more efficient and safe on-demand services, it is particularly important to study the security mechanism and strategy of network slicing for 5G mMTC application scenarios.Therefore, the characteristics and security requirements of 5G mMTC were analyzed.The main security threats of network slicing were listed.In view of the above security requirements and threats, the contribution and deficiency of existing security schemes around the aspects of specific network slice authentication, slice security isolation, security management and arrangement were summarized and expounded.And the future research in this field was prospected.A SM2-based secondary authentication and security isolation model for 5G mMTC network slicing was proposed.This model framework meeted the efficiency of large-scale authentication for 5G devices and users by introducing batch authentication and pre-authentication mechanisms.By hierarchical encryption of different communication data, the security isolation between 5G mMTC network slices was realized.The performance and security of the model were also analyzed.

Key words: network slicing, 5G mMTC, safe isolation, access authentication

中图分类号:

TP393

徐子钧, 刘建伟, 李耕. 面向5G mMTC的网络切片安全研究[J]. 网络与信息安全学报, 2022, 8(1): 95-105.

Zijun XU, Jianwei LIU, Geng LI. Research on network slicing security for 5G mMTC[J]. Chinese Journal of Network and Information Security, 2022, 8(1): 95-105.

图/表 9

图1

表1

图2

表2

图3

图4

图5

图6

图7

参考文献 42

[1]	LIN X Q . An overview of 5G advanced evolution in 3GPP release 18[J]. arXiv preprint arXiv:2201.01358, 2022.
[2]	网络安全管理局. 工业和信息化部部署推进5G安全工作[EB].
	China Network Security Administration.. Ministry of Industry and Information Technology deployed to promote 5G security work.[EB].
[3]	IMT-2020（5G）推进组. 5G愿景与需求白皮书[Z]. 2014.
	IMT-2020（5G） Promotion Group. White paper on 5G vision and requirements[Z]. 2014.
[4]	3GPP TS 22. 261 V18.1.1.3rd generation partnership project; technical specification group services and system aspects; service requirements for the 5G system; stage 1(release 18)[S]. Valbonne:3GPP, 2021.
[5]	3GPP TS 22. 186 V16.2.0.3rd generation partnership project; technical specification group services and system aspects; enhancement of 3GPP support for V2X scenarios; stage 1(release 16)[S]. Valbonne:3GPP, 2019.
[6]	张东 . 探秘5G新空口技术[J]. 华为技术, 2016,75: 56-60.
	ZHANG D . Exploring 5G new air interface technology[J]. Huawei Technology, 2016,75: 56-60.
[7]	O’CONNELL E , MOORE D , NEWE T . Challenges associated with implementing 5G in manufacturing[J]. Telecom, 2020,1(1): 48-67.
[8]	HARWAHYU R , CHENG R G , WEI C H ,et al. Optimization of random access channel in NB-IoT[J]. IEEE Internet of Things Journal, 2018,5(1): 391-402.
[9]	KUHLINS , BELA RATHONYI , ALI ZAIDI ,et al. Ericsson white paper:cellular networks for massive IoT[Z]. Sweden:Ericsson, 2020.
[10]	JAVED M A , KHAN NIAZI S . 5G security artifacts (DoS/DDoS and authentication)[C]// Proceedings of 2019 International Conference on Communication Technologies (ComTech). 2019: 127-133.
[11]	RIM K , LIM D . DoS attack control design of IoT system for 5G era[J]. Journal of Information and Communication Convergence Engineering, 2018,16(2): 93-98.
[12]	JANG S , LIM D , KANG J ,et al. An efficient device authentication protocol without certification authority for Internet of Things[J]. Wireless Personal Communications, 2016,91(4): 1681-1695.
[13]	3GPP TS 33. 501 V17.0.0.3rd generation partnership project; technical specification group services and system aspects; security architecture and procedures for 5G system (release 17)[S]. Valbonne:3GPP, 2020.
[14]	CAO J , MA M D , LI H ,et al. A survey on security aspects for 3GPP 5G networks[J]. IEEE Communications Surveys ＆ Tutorials, 2020,22(1): 170-195.
[15]	HUSSAIN S R , ECHEVERRIA M , CHOWDHURY O ,et al. Privacy attacks to the 4G and 5G cellular paging protocols using side channel information[C]// Proceedings of 2019 Network and Distributed System Security Symposium. 2019.
[16]	CAO J , MA M D , LI H ,et al. A survey on security aspects for LTE and LTE-A networks[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(1): 283-302.
[17]	KHAN M A , SALAH K . IoT security:Review,blockchain solutions,and open challenges[J]. Future Generation Computer Systems, 2018,82: 395-411.
[18]	NGMN 5G Security-Network Slicing Version 1. 0,5G security Recommendations Package# 2:Network Slicing[S]. UK:ngmn Ltd., 2016.
[19]	网络切片分级白皮书[Z]. 深圳:中国移动, 2021.
	White Paper:Network Slice Grading[Z]. Shenzhen:China Mobile, 2021.
[20]	3GPP TR 33. 813 V16.0.0.3rd generation partnership project; tech nical specification group services and system aspects; security aspects; study on security aspects of network slicing enhancement (release 16)[S]. Valbonne:3GPP, 2020.
[21]	FAN C N , SHIH Y T , HUANG J J ,et al. Cross-network-slice authentication scheme for the 5th generation mobile communication system[J]. IEEE Transactions on Network and Service Management, 2021,18(1): 701-712.
[22]	REN Z , LI X H , JIANG Q ,et al. Fast and universal inter-slice handover authentication with privacy protection in 5G network[J]. Security and Communication Networks,2021, 2021:6694058.
[23]	BEHRAD S , BERTIN E , TUFFIN S ,et al. 5G-SSAAC:slice-specific authentication and access control in 5G[C]// Proceedings of 2019 IEEE Conference on Network Softwarization (NetSoft). 2019: 281-285.
[24]	王睿, 张克落 . 5G 网络切片综述[J]. 南京邮电大学学报(自然科学版), 2018,38(5): 19-27.
	WANG R , ZHANG K L . Survey of 5G network slicing[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2018,38(5): 19-27.
[25]	SATTAR D , MATRAWY A . Towards secure slicing:using slice isolation to mitigate DDoS attacks on 5G core network slices[C]// Proceedings of 2019 IEEE Conference on Communications and Network Security. 2019: 82-90.
[26]	SATHI V N , SRINIVASAN M , THIRUVASAGAM P K ,et al. A novel protocol for securing network slice component association and slice isolation in 5G networks[C]// Proceedings of MSWIM '18:Proceedings of the 21st ACM International Conference on Modeling,Analysis and Simulation of Wireless and Mobile Systems. 2018: 249-253.
[27]	潘启润, 黄开枝, 游伟 . 基于隔离等级的网络切片部署方法[J]. 网络与信息安全学报, 2020,6(2): 96-105.
	PAN Q R , HUANG K Z , YOU W . Network slicing deployment method based on isolation level[J]. Chinese Journal of Network and Information Security, 2020,6(2): 96-105.
[28]	LIU J W , ZHANG L H , SUN R ,et al. Mutual heterogeneous signcryption schemes for 5G network slicings[J]. IEEE Access, 2018,6: 7854-7863.
[29]	杨志强, 粟栗, 齐旻鹏 ,等. 5G 安全技术与标准[J]. 电信科学, 2020,36(12): 1-19.
	YANG Z Q , SU L , QI M P ,et al. Overview and prospect of 5G security[J]. Telecommunications Science, 2020,36(12): 1-19.
[30]	GARDIKIS G , TZOULAS K , TRIPOLITIS K ,et al. SHIELD:a novel NFV-based cybersecurity framework[C]// Proceedings of 2017 IEEE Conference on Network Softwarization (NetSoft). 2017: 1-6.
[31]	LI H D , DENG J , HU H X ,et al. Poster:on the safety and efficiency of virtual firewall elasticity control[C]// Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. 2017: 129-131.
[32]	LI H D , HU H X , GU G F ,et al. vNIDS:towards elastic security with safe and efficient virtualization of network intrusion detection systems[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 17-34.
[33]	冯琦, 何德彪, 罗敏 ,等. 移动互联网环境下轻量级SM2两方协同签名[J]. 计算机研究与发展, 2020,57(10): 2136-2146.
	FENG Q , HE D B , LUO M ,et al. Efficient two-party SM2 signing protocol for mobile Internet[J]. Journal of Computer Research and Development, 2020,57(10): 2136-2146.
[34]	CAO J , YU P , MA M D ,et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network[J]. IEEE Internet of Things Journal, 2019,6(2): 1561-1575.
[35]	POTHUMARTI R , JAIN K , KRISHNAN P . A lightweight authentication scheme for 5G mobile communications:a dynamic key approach[J]. Journal of Ambient Intelligence and Humanized Computing, 2021: 1-19.
[36]	DE REE M , MANTAS G , RADWAN A ,et al. Key management for beyond 5G mobile small cells:a survey[J]. IEEE Access, 2019,7: 59200-59236.
[37]	FAN CHUN-I , SHIH Y T , HUANG J J ,et al. Cross-network-slice authentication scheme for the 5 th generation mobile communication system[J]. IEEE Transactions on Network and Service Management, 2021,18(1): 701-712.
[38]	NI J B , LIN X D , SHEN X S . Efficient and secure service-oriented authentication supporting network slicing for 5G-enabled IoT[J]. IEEE Journal on Selected Areas in Communications, 2018,36(3): 644-657.
[39]	SICARI S , RIZZARDI A , COEN-PORISINI A , . 5G in the internet of things era:an overview on security and privacy challenges[J]. Computer Networks, 2020,179: 107345.
[40]	ZHOU L , SU C H , HU Z ,et al. Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device[J]. ACM Transactions on Embedded Computing Systems, 2019,18(3): 1-13.
[41]	AL-RIYAMI S S , PATERSON K G . Certificateless public key cryptography[M]. Advances in Cryptology -ASIACRYPT 2003. Berlin,Heidelberg: Springer Berlin Heidelberg, 2003: 452-473.
[42]	谷国进 . 基于 SM2 算法的认证授权系统研究与实现[D]. 济南:山东大学, 2013.
	GU G J . Study and implementation of authentication and authorzation system based on SM2Algorithm[D]. Jinan:Shandong University, 2013.

算法类别	算法名称
5G 标准密码相关算法对称密码算法	128-NEA1（SNOW 3G算法）
对称密码算法	128-NEA2（AES算法）
对称密码算法	128-NEA3（祖冲之算法）
SM国密算法杂凑算法	SM3
公钥密码算法	SM2、SM9
对称密码算法	SM1、SM4、SM7

切片等级	网络类型	等级划分	安全
L0	公众网	普通	基本安全
L1		VIP	eMBB增强安全
L2	行业网	普通	业务特性安全
L3		VIP	业务特性高阶安全
L4		特需	全面高阶安全