面向5G mMTC的网络切片安全研究

doi:10.11959/j.issn.2096-109x.2022006

Abstract

Abstract:

With the emergence of new 5G business, architecture and technology, more and more researchers pay attention to security issues and potential security risks.Massive machine type communication is one of the three major application scenarios of 5G.It provides high performance such as large connection and low power consumption.Due to factors such as limited resources of MTC equipment, it may also weaken the security of 5G networks.At the same time, different scenarios and applications have obvious demands for network performance, service quality and security level.The flexibility of 5G networking is realized by network slicing technology.It meets the diversity and customization of 5G network services, but also brings new security threats.5G commercial rapid development.The number of IoT devices has increased exponentially.In order to ensure that 5G networks provide more efficient and safe on-demand services, it is particularly important to study the security mechanism and strategy of network slicing for 5G mMTC application scenarios.Therefore, the characteristics and security requirements of 5G mMTC were analyzed.The main security threats of network slicing were listed.In view of the above security requirements and threats, the contribution and deficiency of existing security schemes around the aspects of specific network slice authentication, slice security isolation, security management and arrangement were summarized and expounded.And the future research in this field was prospected.A SM2-based secondary authentication and security isolation model for 5G mMTC network slicing was proposed.This model framework meeted the efficiency of large-scale authentication for 5G devices and users by introducing batch authentication and pre-authentication mechanisms.By hierarchical encryption of different communication data, the security isolation between 5G mMTC network slices was realized.The performance and security of the model were also analyzed.

Key words: network slicing, 5G mMTC, safe isolation, access authentication

CLC Number:

TP393

Zijun XU, Jianwei LIU, Geng LI. Research on network slicing security for 5G mMTC[J]. Chinese Journal of Network and Information Security, 2022, 8(1): 95-105.

Figures/Tables 9

References 42

[1]	LIN X Q . An overview of 5G advanced evolution in 3GPP release 18[J]. arXiv preprint arXiv:2201.01358, 2022.
[2]	网络安全管理局. 工业和信息化部部署推进5G安全工作[EB].
	China Network Security Administration.. Ministry of Industry and Information Technology deployed to promote 5G security work.[EB].
[3]	IMT-2020（5G）推进组. 5G愿景与需求白皮书[Z]. 2014.
	IMT-2020（5G） Promotion Group. White paper on 5G vision and requirements[Z]. 2014.
[4]	3GPP TS 22. 261 V18.1.1.3rd generation partnership project; technical specification group services and system aspects; service requirements for the 5G system; stage 1(release 18)[S]. Valbonne:3GPP, 2021.
[5]	3GPP TS 22. 186 V16.2.0.3rd generation partnership project; technical specification group services and system aspects; enhancement of 3GPP support for V2X scenarios; stage 1(release 16)[S]. Valbonne:3GPP, 2019.
[6]	张东 . 探秘5G新空口技术[J]. 华为技术, 2016,75: 56-60.
	ZHANG D . Exploring 5G new air interface technology[J]. Huawei Technology, 2016,75: 56-60.
[7]	O’CONNELL E , MOORE D , NEWE T . Challenges associated with implementing 5G in manufacturing[J]. Telecom, 2020,1(1): 48-67.
[8]	HARWAHYU R , CHENG R G , WEI C H ,et al. Optimization of random access channel in NB-IoT[J]. IEEE Internet of Things Journal, 2018,5(1): 391-402.
[9]	KUHLINS , BELA RATHONYI , ALI ZAIDI ,et al. Ericsson white paper:cellular networks for massive IoT[Z]. Sweden:Ericsson, 2020.
[10]	JAVED M A , KHAN NIAZI S . 5G security artifacts (DoS/DDoS and authentication)[C]// Proceedings of 2019 International Conference on Communication Technologies (ComTech). 2019: 127-133.
[11]	RIM K , LIM D . DoS attack control design of IoT system for 5G era[J]. Journal of Information and Communication Convergence Engineering, 2018,16(2): 93-98.
[12]	JANG S , LIM D , KANG J ,et al. An efficient device authentication protocol without certification authority for Internet of Things[J]. Wireless Personal Communications, 2016,91(4): 1681-1695.
[13]	3GPP TS 33. 501 V17.0.0.3rd generation partnership project; technical specification group services and system aspects; security architecture and procedures for 5G system (release 17)[S]. Valbonne:3GPP, 2020.
[14]	CAO J , MA M D , LI H ,et al. A survey on security aspects for 3GPP 5G networks[J]. IEEE Communications Surveys ＆ Tutorials, 2020,22(1): 170-195.
[15]	HUSSAIN S R , ECHEVERRIA M , CHOWDHURY O ,et al. Privacy attacks to the 4G and 5G cellular paging protocols using side channel information[C]// Proceedings of 2019 Network and Distributed System Security Symposium. 2019.
[16]	CAO J , MA M D , LI H ,et al. A survey on security aspects for LTE and LTE-A networks[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(1): 283-302.
[17]	KHAN M A , SALAH K . IoT security:Review,blockchain solutions,and open challenges[J]. Future Generation Computer Systems, 2018,82: 395-411.
[18]	NGMN 5G Security-Network Slicing Version 1. 0,5G security Recommendations Package# 2:Network Slicing[S]. UK:ngmn Ltd., 2016.
[19]	网络切片分级白皮书[Z]. 深圳:中国移动, 2021.
	White Paper:Network Slice Grading[Z]. Shenzhen:China Mobile, 2021.
[20]	3GPP TR 33. 813 V16.0.0.3rd generation partnership project; tech nical specification group services and system aspects; security aspects; study on security aspects of network slicing enhancement (release 16)[S]. Valbonne:3GPP, 2020.
[21]	FAN C N , SHIH Y T , HUANG J J ,et al. Cross-network-slice authentication scheme for the 5th generation mobile communication system[J]. IEEE Transactions on Network and Service Management, 2021,18(1): 701-712.
[22]	REN Z , LI X H , JIANG Q ,et al. Fast and universal inter-slice handover authentication with privacy protection in 5G network[J]. Security and Communication Networks,2021, 2021:6694058.
[23]	BEHRAD S , BERTIN E , TUFFIN S ,et al. 5G-SSAAC:slice-specific authentication and access control in 5G[C]// Proceedings of 2019 IEEE Conference on Network Softwarization (NetSoft). 2019: 281-285.
[24]	王睿, 张克落 . 5G 网络切片综述[J]. 南京邮电大学学报(自然科学版), 2018,38(5): 19-27.
	WANG R , ZHANG K L . Survey of 5G network slicing[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2018,38(5): 19-27.
[25]	SATTAR D , MATRAWY A . Towards secure slicing:using slice isolation to mitigate DDoS attacks on 5G core network slices[C]// Proceedings of 2019 IEEE Conference on Communications and Network Security. 2019: 82-90.
[26]	SATHI V N , SRINIVASAN M , THIRUVASAGAM P K ,et al. A novel protocol for securing network slice component association and slice isolation in 5G networks[C]// Proceedings of MSWIM '18:Proceedings of the 21st ACM International Conference on Modeling,Analysis and Simulation of Wireless and Mobile Systems. 2018: 249-253.
[27]	潘启润, 黄开枝, 游伟 . 基于隔离等级的网络切片部署方法[J]. 网络与信息安全学报, 2020,6(2): 96-105.
	PAN Q R , HUANG K Z , YOU W . Network slicing deployment method based on isolation level[J]. Chinese Journal of Network and Information Security, 2020,6(2): 96-105.
[28]	LIU J W , ZHANG L H , SUN R ,et al. Mutual heterogeneous signcryption schemes for 5G network slicings[J]. IEEE Access, 2018,6: 7854-7863.
[29]	杨志强, 粟栗, 齐旻鹏 ,等. 5G 安全技术与标准[J]. 电信科学, 2020,36(12): 1-19.
	YANG Z Q , SU L , QI M P ,et al. Overview and prospect of 5G security[J]. Telecommunications Science, 2020,36(12): 1-19.
[30]	GARDIKIS G , TZOULAS K , TRIPOLITIS K ,et al. SHIELD:a novel NFV-based cybersecurity framework[C]// Proceedings of 2017 IEEE Conference on Network Softwarization (NetSoft). 2017: 1-6.
[31]	LI H D , DENG J , HU H X ,et al. Poster:on the safety and efficiency of virtual firewall elasticity control[C]// Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. 2017: 129-131.
[32]	LI H D , HU H X , GU G F ,et al. vNIDS:towards elastic security with safe and efficient virtualization of network intrusion detection systems[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 17-34.
[33]	冯琦, 何德彪, 罗敏 ,等. 移动互联网环境下轻量级SM2两方协同签名[J]. 计算机研究与发展, 2020,57(10): 2136-2146.
	FENG Q , HE D B , LUO M ,et al. Efficient two-party SM2 signing protocol for mobile Internet[J]. Journal of Computer Research and Development, 2020,57(10): 2136-2146.
[34]	CAO J , YU P , MA M D ,et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network[J]. IEEE Internet of Things Journal, 2019,6(2): 1561-1575.
[35]	POTHUMARTI R , JAIN K , KRISHNAN P . A lightweight authentication scheme for 5G mobile communications:a dynamic key approach[J]. Journal of Ambient Intelligence and Humanized Computing, 2021: 1-19.
[36]	DE REE M , MANTAS G , RADWAN A ,et al. Key management for beyond 5G mobile small cells:a survey[J]. IEEE Access, 2019,7: 59200-59236.
[37]	FAN CHUN-I , SHIH Y T , HUANG J J ,et al. Cross-network-slice authentication scheme for the 5 th generation mobile communication system[J]. IEEE Transactions on Network and Service Management, 2021,18(1): 701-712.
[38]	NI J B , LIN X D , SHEN X S . Efficient and secure service-oriented authentication supporting network slicing for 5G-enabled IoT[J]. IEEE Journal on Selected Areas in Communications, 2018,36(3): 644-657.
[39]	SICARI S , RIZZARDI A , COEN-PORISINI A , . 5G in the internet of things era:an overview on security and privacy challenges[J]. Computer Networks, 2020,179: 107345.
[40]	ZHOU L , SU C H , HU Z ,et al. Lightweight implementations of NIST P-256 and SM2 ECC on 8-bit resource-constraint embedded device[J]. ACM Transactions on Embedded Computing Systems, 2019,18(3): 1-13.
[41]	AL-RIYAMI S S , PATERSON K G . Certificateless public key cryptography[M]. Advances in Cryptology -ASIACRYPT 2003. Berlin,Heidelberg: Springer Berlin Heidelberg, 2003: 452-473.
[42]	谷国进 . 基于 SM2 算法的认证授权系统研究与实现[D]. 济南:山东大学, 2013.
	GU G J . Study and implementation of authentication and authorzation system based on SM2Algorithm[D]. Jinan:Shandong University, 2013.

Metrics

Recommended 0

No Suggested Reading articles found!

算法类别	算法名称
5G 标准密码相关算法对称密码算法	128-NEA1（SNOW 3G算法）
对称密码算法	128-NEA2（AES算法）
对称密码算法	128-NEA3（祖冲之算法）
SM国密算法杂凑算法	SM3
公钥密码算法	SM2、SM9
对称密码算法	SM1、SM4、SM7

切片等级	网络类型	等级划分	安全
L0	公众网	普通	基本安全
L1		VIP	eMBB增强安全
L2	行业网	普通	业务特性安全
L3		VIP	业务特性高阶安全
L4		特需	全面高阶安全

Research on network slicing security for 5G mMTC

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 42

Related Articles 4

Metrics

Recommended 0

[1]	Qirun PAN,Kaizhi HUANG,Wei YOU. Network slicing deployment method based on isolation level [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 96-105.
[2]	Qiang CHEN,Caixia LIU,Lingshu LI. 5G network slicing function migration mechanism based on particle swarm optimization algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(8): 47-55.
[3]	Qiang CHEN,Caixia LIU,Lingshu LI. Dynamic resource scheduling strategy for 5G network slicing based on improved greedy algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 60-68.
[4]	Tian-han GAO,Yan-qiang LI. Survey on anonymous authentication mechanisms of VANET [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 10-16.