Research On 5G Network Slicing Security Authentication Mechanism

The fifth-generation mobile communication system(5G)creates a service-oriented customized network for end users and business applications,that is,the communication and network resources are softwareized and cut and recombined on demand to form network slices,which are suitable for applications in various industries.5G systems can provide optimized support for various communication services,different traffic loads and different types of users through network slicing technology.However,while 5G network slicing brings resource optimization and resource isolation experience to various industries,there are some new security threats for 5G networks and users,such as slice privacy leakage,leakage of business data between slices of the same type,and unauthorized threats such as illegal traffic caused by users accessing network slices and illegal utilization of internal resources in network slices.In addition,the researches on the current 5G network slicing security standards are still in the early stage,and there are more security issues to be addressed.In view of the characteristics of the current explosive growth in the type and number of devices and the increasing demand for collaborative task execution,when a large number of devices want to use the customized services provided by different network slices to complete different tasks,it is inevitable to implement the access and handover process between various types of network slices.However,there are a large number of security threats in this process,such as user privacy leakage and malicious billing caused by device access to illegal slices,service data leakage caused by illegal device access to slices,and service data theft by middlemen,etc.In order to avoid the consequences of the above security threats,this thesis designs a network slice access and handover authentication protocol when a large number of devices connect to network slices in 5G networks.By these proposed protocols,the security functions including mutual authentication,session key negotiation,privacy protection,and resistance to various attacks.The designed protocol mainly covers two different scenarios: unregistered and registered devices with network slice.The contributions of this paper are as follows:(1)When a large number of devices have completed the information configuration of this type of network slice in the home network and obtained the access authorization of the network slice,this type of devices is called a registered device.When a large number of registered devices need to switch from an existing network slice to this type of network slice in the visited network,the secure connection establishment process with this type of network slice needs to be performed.In view of the above scenarios,this thesis proposes a network slice handover authentication mechanism for large-scale registered devices by the use of lightweight cryptography.The proposed authentication mechanism can satisfy robust security properties such as message reachability,confidentiality,mutual authentication,anti-replay attack,key agreement and confirmation,device and network slice identity privacy protection,and forward/backward security.Two formal verification tools Scyther and ProVerif are employed to analyze the security of the scheme,the analysis results show that the proposed scheme can achieve the above security functions.At the same time,the performance analysis results show that the proposed scheme can provide ideal efficiency compared with the existing slice switching authentication schemes.(2)Since the same device can register up to 8 network slices,in practice,some devices,called unregistered devices,that have not completed the registration of a certain type of network slice in the home network,need to temporarily access or switch to this type of network slice in the visited network.The key problems in this scenario are the absence of pre-configured trust parameters for devices and network slices.This thesis proposes a network slice access and handover authentication protocol for large-scale unregistered devices in 5G networks.The designed protocol can realize security properties such as message reachability,confidentiality,two-way authentication,anti-replay attack,key agreement,device identity privacy protection,and forward-backward security.The verification results by formal verification tools Scyther and ProVerif and the performance comparison analysis results show that this scheme can achieve the above security functions while ensuring efficiency.