通信学报 ›› 2021, Vol. 42 ›› Issue (12): 96-108.doi: 10.11959/j.issn.1000-436x.2021240

• 学术论文 • 上一篇    下一篇

面向B5G网络的高效切换认证与安全密钥更新机制

崔琪楣1,2, 赵文静1, 顾晓阳1, 朱增宝1, 朱晓暄3, 陶小峰1,2, 倪巍4   

  1. 1 北京邮电大学信息与通信工程学院,北京 100876
    2 鹏城实验室,广东 深圳 518055
    3 中国科学技术交流中心,北京 100045
    4 澳大利亚联邦科学与工业研究组织,悉尼 2122
  • 修回日期:2021-12-06 出版日期:2021-12-01 发布日期:2021-12-01
  • 作者简介:崔琪楣(1979- ),女,河南驻马店人,博士,北京邮电大学教授、博士生导师,主要研究方向为宽带移动通信网络的新理论及技术、无线大数据基础理论研究等
    赵文静(1998- ),女,贵州安顺人,北京邮电大学硕士生,主要研究方向为无线通信网络安全、形式化分析与研究等
    顾晓阳(1996- ),男,宁夏吴忠人,北京邮电大学硕士生,主要研究方向为5G网络安全、云虚拟化网络技术等
    朱增宝(1998- ),男,安徽六安人,北京邮电大学博士生,主要研究方向为无线通信网络安全等
    朱晓暄(1983- ),女,湖北荆州人,博士,中国科学技术交流中心副研究员,主要研究方向为无线网络传输、科技创新合作政策等
    陶小峰(1970- ),男,湖北黄冈人,博士,北京邮电大学教授、博士生导师,主要研究方向为 5G 网络技术与移动网络技术等
    倪巍(1977- ),男,上海人,博士,澳大利亚联邦科学与工业研究组织研究员、悉尼科技大学教授,主要研究方向为随机优化、博弈论和图论等
  • 基金资助:
    国家自然科学基金资助项目(61941114);国家自然科学基金资助项目(61941105);中国移动研究院联合创新中心基金资助项目

Efficient handover authentication and secure key-updating mechanism for B5G networks

Qimei CUI1,2, Wenjing ZHAO1, Xiaoyang GU1, Zengbao ZHU1, Xiaoxuan ZHU3, Xiaofeng TAO1,2, Wei NI4   

  1. 1 School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China
    2 Peng Cheng Laboratory, Shenzhen 518055, China
    3 China Science and Technology Exchange Center, Beijing 100045, China
    4 Commonwealth Scientific and Industrial Research Organization, Sydney 2122, Australia
  • Revised:2021-12-06 Online:2021-12-01 Published:2021-12-01
  • Supported by:
    The National Natural Science Foundation of China(61941114);The National Natural Science Foundation of China(61941105);Telecommunications-China Mo-bile Research Institute Joint Innovation Center

摘要:

为了解决5G网络切换认证与密钥更新机制不具备前向安全性、易遭受旁路攻击、存在信令拥塞等问题,针对 5G 增强(B5G)网络,提出一种基于无证书的高效切换认证与安全密钥更新机制。在网络边缘侧引入基于无证书的密钥协商机制,使移动终端主动发起密钥更新请求,在空口侧完成无证书密钥更新全过程;在eCK安全模型下基于 Diffie-Hellman 困难问题,从理论上证明了该密钥更新机制的安全性。仿真评估表明,所提机制不仅满足了移动终端密钥管理的前向安全,与其他同类切换认证相比有更低的通信开销和计算开销。

关键词: 切换认证, 密钥更新, 无证书密钥协商, eCK安全模型

Abstract:

In order to solve the problems of 5G network handover authentication and key update mechanism, such as lacking of forward security, being vulnerable to bypass attack and having signaling congestion, for 5G enhanced (B5G) network, an efficient handover authentication and security key-updating mechanism based on no certificate was proposed.The certificateless key agreement mechanism was introduced in the network edge side, which made the mobile terminals in-itiate the key-updating request actively and complete the whole certificateless key-updating process on the fly.The security of the key-updating mechanism was proved theoretically based on the Diffie-Hellman problem under the eCK security model.Simulation results demonstrate that the proposed mechanism not only meets the forward security of mobile terminal key management, but also has lower communication and computing overheads compared with other similar handoff authentication.

Key words: handover authentication, key-updating, certificateless key agreement, eCK security model

中图分类号: 

No Suggested Reading articles found!