移动通信网的内生安全共性问题及破解之道

doi:10.11959/j.issn.1000-436x.2022176

Abstract

Abstract:

Based on the understanding of the mobile communication essential characteristics and the mobile communication network inherent characteristics, from a new perspective, the genetic defects existing in the mobile communication network inherent mechanism, especially in the mobility management mechanism were analyzed.These genetic defects would not disappear with the intergenerational development of mobile communication network, therefore, they were also known as endogenous security defects or endogenous security common problems of mobile communication networks.The endogenous security threats that may be introduced by security defects such as “acquiescence in information authenticity” and “ubiquitous data visibility” were pointed out.Under the guidance of the cyberspace endogenous security theory, the ideas and methods to solve the endogenous security common problems in mobile communication networks were proposed, such as breaking the “default trust” with “zero trust” and realizing the “user data limited visibility” with“variable implicit mapping”.

Key words: mobile communication network, 5G, endogenous security problem, endogenous security structure, variable implicit mapping

CLC Number:

TN929.5

Caixia LIU, Xinsheng JI, Jiangxing WU. Endogenous security common problems and solutions of the mobile communication networks[J]. Journal on Communications, 2022, 43(9): 70-79.

Figures/Tables 11

网络功能	静态存储或者动态获取的用户数据类型	备注
AMF	1) 用户标识数据：私有身份标识，公开身份标识，终端标识，临时身份标识；	随用户在境内、境外网络漫
	2) 用户位置信息：基站小区标识，跟踪区标识等；	游，相关用户数据会遍布用
	3) 用户UE上下文信息：为用户服务的UDM、AUSF、PCF、SMF等标识，会	户所到的所有AMF
	话状态相关数据；
	4) 用户鉴权数据：AKA鉴权向量，EAP 鉴权向量；
	5) 用户签约数据：签约业务清单，业务权限，漫游权限等；
	6) 切片相关信息
UDM	1) 用户标识数据：SUPI，GPSI，PEI等；
	2) 用户鉴权数据：根密钥，鉴权算法标识，SUPI 隐私保护计算密钥，SUPI 加
	密算法标识等；
	3) 用户签约数据：用户切片信息，用户 5G 业务签约信息，签约切片列表，默
	认网络切片等；
	4) 用户签约的短消息业务参数；
	5) 会话管理签约数据：签约的DNN列表，PDU会话类型，SSC模式，QoS参
	数、计费特性，静态IP地址等；
	6) 用户服务网络网元地址：用户在3G网络、4G网络和5G网络的服务网元标
	识；
	7) 用户当前服务AMF相关数据；
	8) 用户当前服务SMF相关数据；
	9) 用户当前服务SMSF相关数据
统一数据存储（UDR, unified	用户鉴权数据，用户会话数据，用户策略数据，用户营账操作记录数据等
data repository）功能
网络注册功能（NRF, network	1) 用户不同服务网络功能NF的注册信息：SUPI, GPSI, DNN, sNSSAI, AMF区
register function）	域, AMFSetID等；
	2) NF订阅的其他NF的状态信息。
会话管理功能（SMF, session	用户会话管理签约数据，用户身份标识，会话管理动态数据	随用户在境内、境外网络漫
management function）		游，相关用户数据会遍布用
		户所到的所有SMF
短消息服务功能（SMSF, short	用户短消息签约数据，用户身份标识，用户位置标识
message service function）
GMLC	用户定位业务签约数据，用户身份标识，用户位置信息

References 27

[1]	刘彩霞．网络空间安全专题导读［J］．无线电通信技术, 2020,46(4): 377．
	LIU C X ． Introduction to special topics on cyberspace security［J］． Ra-dio Communication Technology, 2020,46(4): 377．
[2]	3GPP． 5G security assurance specification (SCAS):TS33．512-522［S］． 2019．
[3]	3GPP． Study on 5G security enhancements against false base stations:TR33．809［S］． 2018．
[4]	3GPP． Study of privacy of identifiers over radio access:TR33．870［S］． 2021．
[5]	3GPP． Study on enhanced security aspects of the 5G service based architecture (eSBA):TR33．875［S］． 2021．
[6]	3GPP． Study on security aspects of the 5G service based architecture (SBA):TR33．855［S］． 2020．
[7]	3GPP． Study on security impacts of virtualization:TR33．848［S］． 2018．
[8]	3GPP． Study on authentication enhancements in the 5G system:TR33．846［S］． 2021．
[9]	3GPP． Study on security aspects of 5G network slicing management:TR33．811［S］． 2018．
[10]	全国信息安全标准化技术委员会(通信安全标准工作组)． 5G 网络安全标准化白皮书［R］． 2021．
	National Information Security Standardization Technical Committee (Communication Security Standard Working Group)． White paper on 5G network security standardization［R］． 2021．
[11]	IMT-2020(5G)推进组． 5G行业专网安全技术研究报告［R］． 2022．
	IMT-2020 (5G) Advance Group． Research report on private network security technology in 5G industry［R］． 2022．
[12]	IMT-2020(5G)推进组． 5G零信任安全技术研究报告［R］． 2022．
	IMT-2020 (5G) Advance Group． Research report on 5G zero-trust se-curity technology［R］． 2022．
[13]	中国通信学会． 5G数据安全防护白皮书［R］． 2022．
	China Communications Society． White paper of 5G data security pro-tection［R］． 2022．
[14]	邬江兴．网络空间拟态防御原理-下册:广义鲁棒控制与内生安全［M］． 2版．北京: 科学出版社, 2018．
	WU J X ． Principles of cyberspace mimic defense:generalized robust control and endogenous safety ＆ security［M］． 2ed. Beijing: Science Press, 2018．
[15]	邬江兴．网络空间内生安全-上册:拟态防御与广义鲁棒控制［M］．北京: 科学出版社, 2020．
	WU J X ． Cyberspace endogenous safety and security:mimic defense and general robust control［M］． Beijing: Science Press, 2020．
[16]	肖前, 李秀林, 汪永祥．辩证唯物主义原理［M］．北京: 人民出版社, 1981．
	XIAO Q , LI X L , WANG Y X ． Principles of dialectical material-ism［M］． Beijing: People’s Publishing House, 1981．
[17]	JIN L , HU X Y , LOU Y M ,et al． Introduction to wireless endogenous security and safety:problems,attributes,structures and functions［J］． China Communication, 2021,18(9): 88-99．
[18]	Adaptive Mobile Security. Hidden art SS7 spoofing［R］． 2022．
[19]	3GPP． Security architecture and procedures for 5G system:TS33．501［S］． 2018．
[20]	WU J X ． Cyberspace endogenous safety and security［J］． Engineering,2021,doi．org/10．1016/j．eng．2021．05．015．
[21]	冀托．白话零信任［M］．北京: 电子工业出版社, 2022．
	JI T ． Zero trust in vernacular［M］． Beijing: Publishing House of Electronics Industry, 2022．
[22]	刘建华．基于零信任架构的5G 核心网安全改进研究［J］．邮电设计技术, 2020(9): 75-78．
	LIU J H ． Research on security improvement of 5G core network based on zero trust architecture［J］． Designing Techniques of Posts and Tele-communications, 2020(9): 75-78．
[23]	单英．基于零信任的 5G 安全切片架构设计［J］．通信管理与技术, 2022(1): 47-49,59．
	SHAN Y ． Design of 5G security slicing architecture based on zero trust［J］． Communications Management and Technology, 2022(1): 47-49,59．
[24]	张奕鸣． 5G 网络服务化接口安全增强技术研究［D］．郑州:信息工程大学, 2022．
	ZHANG Y M ． Research on security enhancement technology of 5G network service based interface［D］． Zhengzhou:Information Engi-neering University, 2022．
[25]	LYU X J , DI L , LIN Z L ,et al． Characteristic model based all-coefficient adaptive control of an AMB suspended energy storage flywheel test rig［J］． Science China (Information Sciences), 2018,61(11): 113-127．
[26]	刘彩霞, 季新生, 邬江兴．一种基于MSISDN虚拟化的移动通信用户数据拟态防御机制［J］．计算机学报, 2018,41(2): 275-287．
	LIU C X , JI X S , WU J X ． A mimic defense mechanism for mobile communication user data based on MSISDN virtualization［J］． Chinese Journal of Computers, 2018,41(2): 275-287．
[27]	邬江兴．网络空间内生安全发展范式［J］．中国科学:信息科学, 2022,52(2): 189-204．
	WU J X ． Development paradigms of cyberspace endogenous safety and security［J］． Scientia Sinica (Informationis), 2022,52(2): 189-204．

Metrics

Recommended 0

No Suggested Reading articles found!

网元名称	静态存储或者动态获取的用户数据类型	备注
VLR	1) 用户标识数据：私有身份标识，公开身份标识，终端标识，临时身份标	随用户在境内、境外网络漫
		游，相关用户数据会遍布用户
	识，路由标识；
		所到的所有VLR
	2) 用户位置信息：基站小区标识，基站位置区标识等；
	3) 用户鉴权数据：AKA鉴权向量；
	4) 用户签约数据：签约业务清单，业务或者漫游权限
HLR	1) 用户标识数据：IMSI，MSISDN，IMEI等；
	2) 用户位置信息：MSC号码，VLR号码，MSCID，BSID
	3) 用户鉴权数据：根密钥，鉴权算法；
	4) 用户签约数据：签约业务清单（电信业务、补充业务、智能网业务等），
	业务权限，漫游权限等
短消息中心（SMSC, short	用户标识数据，用户位置信息，短消息内容
message service center）
智能网业务控制点（SCP,	用户签约的智能网业务数据，用户标识数据，用户位置信息
service control point）
全球移动定位中心（GMLC,	用户定位业务签约数据，用户身份标识，用户位置信息
global mobile location center）

Endogenous security common problems and solutions of the mobile communication networks

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 27

Related Articles 15

Metrics

Recommended 0

[1]	Huiqiang WANG, Kaixuan GAO, Hongwu LYU. Survey of high-precision localization and the prospect of future evolution [J]. Journal on Communications, 2021, 42(7): 198-210.
[2]	Lei SUN, Jianquan WANG, Shangjing LIN, Zhangchao MA, Wei LI, Liang Qilian, Rong HUANG. Research on 5G-TSN joint scheduling mechanism based on radio channel information [J]. Journal on Communications, 2021, 42(12): 65-75.
[3]	Yueping CAI, Dong LI, Chi XU, Zhen WANG, Xiaowen ZHANG. Integrating 5G-U with time-sensitive networking for industrial Internet: architectures and technologies [J]. Journal on Communications, 2021, 42(10): 43-54.
[4]	Yusun FU,Genke YANG. Wireless ultra-reliable and low-latency communication:key design analysis and challenge [J]. Journal on Communications, 2020, 41(8): 187-203.
[5]	Xiaona LI,Zhongfang WANG,Qian CHENG,Jingwen FU,Shunliang ZHANG. Dynamic interference coordination scheme based on the iterative joint transmission in ultra dense network [J]. Journal on Communications, 2020, 41(2): 176-186.
[6]	. Challenges for beyond 5G:ultra-densification of radio access network [J]. Journal on Communications, 2020, 41(11): 1-11.
[7]	Wenxue LIU,Shijun CHEN,Jian GE,Hong YUAN,Cuiling GONG. Research on nanosecond time synchronization technology for 5G base station based on GNSS neighborhood similarity [J]. Journal on Communications, 2020, 41(1): 180-190.
[8]	Xutong ZUO,Mowei WANG,Yong CUI. Low-latency networking:architecture,key scenarios and research prospect [J]. Journal on Communications, 2019, 40(8): 22-35.
[9]	Yuan YANG,Mingwei XU,Hao CHEN. Analysis and modeling of Internet backbone traffic with 5G/B5G [J]. Journal on Communications, 2019, 40(8): 36-44.
[10]	HUANG Tao,WANG Shuo,HUANG Yudong,ZHENG Yao,LIU Jiang,LIU Yunjie. Survey of the deterministic network [J]. Journal on Communications, 2019, 40(6): 160-176.
[11]	Wenjuan SHAO,Qingguo SHEN. Survey of software defined D2D and V2X communication [J]. Journal on Communications, 2019, 40(4): 179-194.
[12]	Zheng HU,Hao YUAN,Xinning ZHU,Wanli NI. Research on crowd flows prediction model for 5G demand [J]. Journal on Communications, 2019, 40(2): 1-10.
[13]	Guangyi LIU,Qixing WANG,Jianjun LIU,Fei WANG,Yi ZHENG. Latest progress on 3.5 GHz 5G NR trial [J]. Journal on Communications, 2019, 40(2): 24-30.
[14]	Hongyuan GAO,Yanan DU,Shibo ZHANG,Dandan LIU. Optimal cooperative strategy based on quantum bat for cognitive radio of energy harvesting [J]. Journal on Communications, 2018, 39(9): 10-19.
[15]	Quan YUAN,Hong-bo TANG,Kai-zhi HUANG,Xiao-lei WANG,Yu ZHAO. Deployment method for vEPC virtualized network function via Q-learning [J]. Journal on Communications, 2017, 38(8): 172-182.