面向B5G网络的高效切换认证与安全密钥更新机制

doi:10.11959/j.issn.1000-436x.2021240

通信学报 ›› 2021, Vol. 42 ›› Issue (12): 96-108.doi: 10.11959/j.issn.1000-436x.2021240

面向B5G网络的高效切换认证与安全密钥更新机制

崔琪楣¹^,², 赵文静¹, 顾晓阳¹, 朱增宝¹, 朱晓暄³, 陶小峰¹^,², 倪巍⁴

¹ 北京邮电大学信息与通信工程学院，北京 100876
² 鹏城实验室，广东深圳 518055
³ 中国科学技术交流中心，北京 100045
⁴ 澳大利亚联邦科学与工业研究组织，悉尼 2122

修回日期:2021-12-06 出版日期:2021-12-01 发布日期:2021-12-01
作者简介:崔琪楣（1979- ），女，河南驻马店人，博士，北京邮电大学教授、博士生导师，主要研究方向为宽带移动通信网络的新理论及技术、无线大数据基础理论研究等
赵文静（1998- ），女，贵州安顺人，北京邮电大学硕士生，主要研究方向为无线通信网络安全、形式化分析与研究等
顾晓阳（1996- ），男，宁夏吴忠人，北京邮电大学硕士生，主要研究方向为5G网络安全、云虚拟化网络技术等
朱增宝（1998- ），男，安徽六安人，北京邮电大学博士生，主要研究方向为无线通信网络安全等
朱晓暄（1983- ），女，湖北荆州人，博士，中国科学技术交流中心副研究员，主要研究方向为无线网络传输、科技创新合作政策等
陶小峰（1970- ），男，湖北黄冈人，博士，北京邮电大学教授、博士生导师，主要研究方向为 5G 网络技术与移动网络技术等
倪巍（1977- ），男，上海人，博士，澳大利亚联邦科学与工业研究组织研究员、悉尼科技大学教授，主要研究方向为随机优化、博弈论和图论等
基金资助:
国家自然科学基金资助项目(61941114);国家自然科学基金资助项目(61941105);中国移动研究院联合创新中心基金资助项目

Efficient handover authentication and secure key-updating mechanism for B5G networks

Qimei CUI¹^,², Wenjing ZHAO¹, Xiaoyang GU¹, Zengbao ZHU¹, Xiaoxuan ZHU³, Xiaofeng TAO¹^,², Wei NI⁴

¹ School of Information and Communication Engineering， Beijing University of Posts and Telecommunications， Beijing 100876， China
² Peng Cheng Laboratory， Shenzhen 518055， China
³ China Science and Technology Exchange Center， Beijing 100045， China
⁴ Commonwealth Scientific and Industrial Research Organization， Sydney 2122， Australia

Revised:2021-12-06 Online:2021-12-01 Published:2021-12-01
Supported by:
The National Natural Science Foundation of China(61941114);The National Natural Science Foundation of China(61941105);Telecommunications-China Mo-bile Research Institute Joint Innovation Center

摘要/Abstract

摘要：

为了解决5G网络切换认证与密钥更新机制不具备前向安全性、易遭受旁路攻击、存在信令拥塞等问题，针对 5G 增强（B5G）网络，提出一种基于无证书的高效切换认证与安全密钥更新机制。在网络边缘侧引入基于无证书的密钥协商机制，使移动终端主动发起密钥更新请求，在空口侧完成无证书密钥更新全过程；在eCK安全模型下基于 Diffie-Hellman 困难问题，从理论上证明了该密钥更新机制的安全性。仿真评估表明，所提机制不仅满足了移动终端密钥管理的前向安全，与其他同类切换认证相比有更低的通信开销和计算开销。

关键词: 切换认证, 密钥更新, 无证书密钥协商, eCK安全模型

Abstract:

In order to solve the problems of 5G network handover authentication and key update mechanism， such as lacking of forward security， being vulnerable to bypass attack and having signaling congestion， for 5G enhanced （B5G） network， an efficient handover authentication and security key-updating mechanism based on no certificate was proposed.The certificateless key agreement mechanism was introduced in the network edge side， which made the mobile terminals in-itiate the key-updating request actively and complete the whole certificateless key-updating process on the fly.The security of the key-updating mechanism was proved theoretically based on the Diffie-Hellman problem under the eCK security model.Simulation results demonstrate that the proposed mechanism not only meets the forward security of mobile terminal key management， but also has lower communication and computing overheads compared with other similar handoff authentication.

Key words: handover authentication, key-updating, certificateless key agreement, eCK security model

中图分类号:

TN929.5

崔琪楣, 赵文静, 顾晓阳, 朱增宝, 朱晓暄, 陶小峰, 倪巍. 面向B5G网络的高效切换认证与安全密钥更新机制[J]. 通信学报, 2021, 42(12): 96-108.

Qimei CUI, Wenjing ZHAO, Xiaoyang GU, Zengbao ZHU, Xiaoxuan ZHU, Xiaofeng TAO, Wei NI. Efficient handover authentication and secure key-updating mechanism for B5G networks[J]. Journal on Communications, 2021, 42(12): 96-108.

图/表 13

图1

图2

图3

图4

图5

图6

图7

表1

表2

表3

图8

图9

图10

参考文献 4

[5]	HUSSAIN S R , ECHEVERRIA M , CHOWDHURY O ,et al. Privacy attacks to the 4G and 5G cellular paging protocols using side channel information[C]// Proceedings 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 24-27.
[6]	HAN K H , MA M D , LI X H ,et al. An efficient handover authentication mechanism for 5G wireless network[C]// Proceedings of 2019 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway:IEEE Press, 2019: 1-8.
[7]	GUPTA S , PARNE B L , CHAUDHARI N S . Security vulnerabilities in handover authentication mechanism of 5G network[C]// Proceedings of 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC). Piscataway:IEEE Press, 2018: 369-374.
[8]	张文波, 黄文华, 冯景瑜 . 基于无证书签密的车联社会网络安全通信机制[J]. 通信学报, 2021,42(7): 128-136.
	ZHANG W B , HUANG W H , FENG J Y . Secure communication mechanism for VSN based on certificateless signcryptiont[J]. Journal on Communications, 2021,42(7): 128-136.
[9]	ERISSI Y E H , ZAHID N , JEDRA M . An efficient authentication protocol for 5G heterogeneous networks[C]// International Symposium on Ubiquitous Networking. Berlin:Springer, 2017: 496-508.
[10]	HARN L . Group authentication[J]. IEEE Transactions on Computers, 2013,62(9): 1893-1898.
[11]	AYDIN Y , KURT G K , OZDEMIR E ,et al. A flexible and lightweight group authentication scheme[J]. IEEE Internet of Things Journal, 2020,7(10): 10277-10287.
[12]	BASUDAN S . LEGA:a lightweight and efficient group authentication protocol for massive machine type communication in 5G networks[J]. Journal of Communications and Information Networks, 2020,5(4): 457-466.
[13]	LI J G , WEN M , ZHANG T . Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks[J]. IEEE Internet of Things Journal, 2016,3(3): 408-417.
[14]	CAO J , YAN Z , MA R H ,et al. LSAA:a lightweight and secure access authentication scheme for both UE and mMTC devices in 5G networks[J]. IEEE Internet of Things Journal, 2020,7(6): 5329-5344.
[15]	SUN Y Q , CAO J , MA M D ,et al. EAP-DDBA:efficient anonymity proximity device discovery and batch authentication mechanism for massive D2D communication devices in 3GPP 5G HetNet[J]. IEEE Transactions on Dependable and Secure Computing, 2020,PP(99): 1.
[16]	LAI C Z , LI H , LI X Q ,et al. A novel group access authentication and key agreement protocol for machine-type communication[J]. Transactions on Emerging Telecommunications Technologies, 2015,26(3): 414-431.
[17]	FAN C N , HUANG J J , ZHONG M Z ,et al. ReHand:secure region-based fast handover with user anonymity for small cell networks in mobile communications[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 927-942.
[18]	裴旭明, 贾建鑫, 钱骅 ,等. 5G双连接场景下的低传输时延切换机制[J]. 通信学报, 2019,40(4): 212-222.
	PEI X M , JIA J X , QIAN H ,et al. Low latency handover scheme for 5G dual-connectivity scenario[J]. Journal on Communications, 2019,40(4): 212-222.
[19]	GUPTA S , PARNE B L , CHAUDHARI N S . An efficient handover AKA protocol for wireless network using Chameleon Hash function[C]// Proceedings of 2018 4th International Conference on Recent Advances in Information Technology (RAIT). Piscataway:IEEE Press, 2018: 1-7.
[20]	ZHANG Y H , CHEN X F , LI H ,et al. Identity-based construction for secure and efficient handoff authentication schemes in wireless networks[J]. Security and Communication Networks, 2012,5(10): 1121-1130.
[21]	ZHANG Y H , CHEN X F , LI J ,et al. Generic construction for secure and efficient handoff authentication schemes in EAP-based wireless networks[J]. Computer Networks, 2014,75: 192-211.
[22]	KUMAR P , KUMARI S , SHARMA V ,et al. A certificateless aggregate signature scheme for healthcare wireless sensor network[J]. Sustainable Computing:Informatics and Systems, 2018,18: 80-89.
[23]	SABELLA D , VAILLANT A , KUURE P ,et al. Mobile-edge computing architecture:the role of MEC in the Internet of things[J]. IEEE Consumer Electronics Magazine, 2016,5(4): 84-91.
[24]	张伟, 田丽萍, 梁玉 ,等. 面向车联网多点协作联合传输的安全认证与密钥更新方法[J]. 中国公路学报, 2019,32(6): 308-318.
	ZHANG W , TIAN L P , LIANG Y ,et al. Key management scheme to secure coordinated multi-point joint transmission for vehicular networks[J]. China Journal of Highway and Transport, 2019,32(6): 308-318.
[25]	LIPPOLD G , BOYD C , NIETO J G . Strongly secure certificateless key agreement[C]// International Conference on Pairing-Based Cryptography. Berlin:Springer, 2009: 206-230.
[26]	CHENG Z H , NISTAZAKIS M , COMLEY R ,et al. On the indistinguishability-based security model of key agreement protocols-simple cases[J]. IACR Cryptology ePrint Archive, 2005,129: 1-39.
[27]	LAMACCHIA B , LAUTER K , MITYAGIN A . Stronger security of authenticated key exchange[C]// International Conference on Provable Security. Berlin:Springer, 2007: 1-16.
[1]	3GPP. System architecture for the 5G system:TS23.501 V17.0.0[S]. 2021.
[2]	3GPP. Security architecture and procedures for 5G system:TS33.501 V17.0.0[S]. 2020.
[3]	KONG Q L , LU R X , MA M D ,et al. A privacy-preserving and verifiable querying scheme in vehicular fog data dissemination[J]. IEEE Transactions on Vehicular Technology, 2019,68(2): 1877-1887.
[4]	HUANG S Y , WANG X Y , XU G W ,et al. Conditional cube attack on reduced-round keccak sponge function[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2017: 259-288.

机制	前向安全性	会话密钥的安全性	抗密钥泄露伪装	抗未知密钥共享
5G机制	×	√	×	√
文献[19]	×	√	×	√
文献[20]	√	√	√	√
文献[21]	√	√	√	√
本文所提机制	√	√	√	√

参数	含义	大小
L_q/bit	椭圆曲线阶数	160
L_p /bit	基数	1 024
L_time/bit	当前和到期时间	32
L_id/bit	通信实体标识	32
L_hash/bit	Hash长度	160
L_NCC/bit	链路计数值长度	3
L_NH/bit	下一跳密钥长度	128
L_NSCI/bit	密钥数据路由长度	128
T_BP/ms	双线性配对运算	38.376
T_PM/ms	点乘运算	1.537
T_ME/ms	模幂运算	1.698
T_RV/ms	RSA验证	0.957
T_hash/ms	Hash散列函数	0.035 6
T_mul/ms	乘法运算	0.013 2
T_AO/ms	算术运算	0.009 4
T_SM/ms	同时点乘运算	1.799
T_EV/ms	椭圆曲线签名验证	1.875
T_UE-gNB/ms	终端到基站最小传输时延	1
T_gNB-Net/ms	基站到核心网最小传输时延	4
T_gNB-gNB/ms	基站间最小传输时延	0.024

机制	传输负载Lc/B	传输时延Tc/ms	计算耗时Ts/ms
5G机制	3 L_id+7 L_NCC+3 L_NH+2 L_NSCI+L_hash=115	3T_UE-gNB+4T_gNB-gNB+4T_gNB-Net=19.096	4T_hash+5T_AO=0.189
文献[19]	2 L_q+4 L _p +4 L_time+2 L_id+3 L_hash=636	3T_UE-gNB+T_gNB-gNB+3T_gNB-Net=16.024	4T_ME+T_RV+3T_hash+4T_mul+2T_AO=7.891
文献[20]	6 L_q+4 L _p +4 L_time+2 L_id+2 L_hash=692	3T_UE-gNB+T_gNB-gNB2T_gNB-Net=11.024	T_PM+2T_SM+T_EV+3T_hash+T_mul+2T_AO=8.092
文献[21]	6 L_q+4 L_time+2 L_id+4 L_hash=912	3T_UE-gNB+T_gNB-gNB+2T_gNB-Net=11.024	T_BP+2T_PM+4T_hash+2T_mul+2T_AO=41.638
本文所提机制	2 L_q+4 L _p +2 L_id=540	3T_UE-gNB+T_gNB-gNB= 3.024	5T_PM+3T_hash+4T_AO+T_mul=7.842

面向B5G网络的高效切换认证与安全密钥更新机制

Efficient handover authentication and secure key-updating mechanism for B5G networks

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 4

相关文章 7

Metrics

推荐阅读 0

[1]	张海波, 兰凯, 陈舟, 王汝言, 邹灿, 王明月. 车联网中基于环的匿名高效批量认证与组密钥协商协议[J]. 通信学报, 2023, 44(6): 103-116.
[2]	贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80.
[3]	苏彬庭,许力,王峰,林志兴. 基于群签名的无线Mesh网络匿名切换认证方案[J]. 通信学报, 2016, 37(Z1): 174-179.
[4]	陈燕俐,杨庚. 适合于无线传感器网络的混合式组密钥管理方案[J]. 通信学报, 2010, 31(11): 56-64.
[5]	王巍,赵文红,李凤华,马建峰. 无线传感器网络中基于EBS的高效安全的群组密钥管理方案[J]. 通信学报, 2009, 30(9): 76-82.
[6]	邹跃鹏,欧阳丹彤,何丽莉,白洪涛. 基于身份加密的个人安全密钥托管机制[J]. 通信学报, 2009, 30(11A): 75-80.
[7]	曹国梁,周杰. 一种适用于安全多播的加密算法及密钥管理方案[J]. 通信学报, 2005, 26(1A): 100-105.