Research On The Security Structure And Mechanism Of 5G Network Based On SDN

As a new wireless communication technology,the 5th Generation Wireless Systems(5G)has experienced a rapid development in the recent years,bringing profound changes to the network ecological pattern such as cloud computing,fog computing and Internet of things.This technology has the advantages of high data rate,short time delay,and large amount of equipment connection.However,the existing 5G network structure still lacks reliable encryption logic,which makes it difficult to resist increasingly advanced cyber attack technologies.In particular,the usage of Software Defined Network(SDN)to protect 5G Network security has become the most significant problem in the field of wireless Network.In order to avoid the impact of network attack on 5G network,it is necessary to study from the two aspects of attack prevention and attack detection.This thesis proposes a comprehensive 5G network security protection scheme from two perspectives.Firstly,from the perspective of attack prevention,combining with SDN technology,5G network security structure is proposed,and cryptograph is used to replace plaintext information commonly used in the original system,so as to alleviate security risks of data dimension.Secondly,from the perspective of attack detection,based on the above security structure,signal recognition is carried out by taking advantage of the imperfections and differences of the equipment to prevent the attacker from further damaging the leaked sensitive data.The main contents of this thesis are as follows:(1)Targeting the problem of 5G network attack prevention,this thesis proposes a 5G network attack prevention scheme based on SDN.This method is combined with SDN technology to separate the 5G network data layer from the control layer,avoid the centralized exposure of sensitive data,and improve the security.Meanwhile,in order to further enhance the security of data transmission,the system in the control layer and data transmission between a data encryption authentication mechanism is established,and the communication data to perform data encryption and authentication,also designed a new kind of distributed security gateway and network security entity,as a relay station the encryption authentication mechanism.According to the irreversibility of the hash algorithm,the illegal device cannot obtain the key by eavesdropping,and the device camouflage is realized.This method can appropriately accept a low computation cost and simple encryption logic and it can greatly prevent the existing 5G network system from being attacked without affecting the bandwidth.(2)Targeting the problem of 5G network attack detection,this thesis proposes a 5G network attack detection mechanism based on radio frequency fingerprint.The mechanism incorporates radio frequency fingerprint technology to further improve the communication security of the above network structure.The idea of the scheme is to identify the malicious attacker in the network based on the difference of hardware in the physical layer of the device and the difference of signals sent by the attacker's device and the original device in the system based on the characteristics of 5G communication channel.The scheme has the following two advantages: One of the advantages is that the attacker cannot imitate the unique security credentials of the device by listening;Some nonlinear components in the modulation function of the second device signal are not affected by the environment.The other fact has been deployed and verified in the actual environment.The experimental results show that the mechanism is not limited by the low-dimensional feature space,has strong robustness and stability,and can effectively detect the network attacks being suffered by 5G network system.(3)Based on the security scheme principle given in chapter 3 and chapter 4,this thesis adopts the concept of modular program design and takes Matlab and Eclipse 4.0.7 as the main development environment to design and realize the system prototype based on MySql database.The system mainly consists of two functional modules: encryption authentication and signal recognition.The encryption authentication module combines with the file system to encrypt the data with the logic of the synchronization key,which can verify the data flow without disturbing.The signal recognition module combines the logic of hardware fingerprint on the server side to identify the signal of the physical layer equipment without being affected by the environment.The system prototype has been tested for several times,and the results proof that the system has realized the required functions and is practical and effective.