Design And Implementation Of Network Function Service Security Enhancement Mechanism Of 5G Core Network

As a critical infrastructure for the information society,the security of the 5th Generation Mobile Network(5G)is of paramount importance to the social and economic life.The 5G core network serves essential functions such as managing user network access,handling user session operations,and determining user communication strategies,thereby becoming an indispensable component of the 5G network in addressing user communication needs.The 5G core network comprises several service-based and independent Network Functions(NFs),which can be customized flexibly to accommodate diverse service requirements.However,the service-based architecture also introduces new attack surfaces to the core network,making it susceptible to numerous threats.The industry argues that the service-based architecture will lead a shift in trust relationships within the 5G network,transitioning from strong coupling to weak coupling,making it difficult to judge the trust degree of network entities in the domain and difficult to defend against internal attacks.Current methods for measuring the trustworthiness of NFs within the core network are insufficient,and security risks such as logical vulnerabilities in the NF service access authorization process can pose considerable threats to the core network’s security and availability.To address these concerns,this dissertation presents an in-depth investigation of the security of NFs in core networks.It examines the trust assessment mechanism of 5G core networks based on interaction behaviors and the security enhancement mechanism of NF service access processes.Furthermore,the dissertation describes the design and implementation of an NF service security enhancement mechanism based on the Free5 GC environment.1.To address the core network vulnerability that hinders prompt and effective responses to malicious NF attacks due to the lack of trust value evaluation for NF service consumers during communication,this paper proposes a trust evaluation mechanism grounded in NF interactive behavior.This mechanism quantifies NF reliability by incorporating topology structure and interaction behavior,along with interaction behavior trust,interaction frequency proportional trust,and a punishment mechanism specifically devised for malicious actions.Trust evaluation outcomes serve as the foundation for determining NF reliability.The experimental findings demonstrate that the proposed trust evaluation mechanism can efficiently and swiftly detect abnormal NF behavior and effectively evaluate NF reliability.2.To address the insufficient validation of NF service consumer request message rationality during the authorization procedure for NF service access,which could lead to over-authorized access vulnerabilities in the core network,a security enhancement mechanism based on business processes is proposed.This mechanism incorporates a function module dedicated to managing business processes within the Network Repository Function(NRF).It introduces a producer re-signing token mechanism for NFs and appends token identifiers that are strongly correlated with business processes to access tokens.This enables the management of NF business processes in the authorization procedure.The security of both the original and improved processes was scrutinized via a formal analysis tool,verifying the effectiveness of the proposed scheme.The simulation results indicate that the proposed security enhancement mechanism can augment access security with a modest increase in storage resources,while exerting minimal impact on the execution efficiency of the NF service access procedure.3.On the basis of the aforementioned research,a 5G core network NF service security enhancement mechanism has been developed and implemented utilizing the Free5 GC platform.The mechanism consists of two independent functional modules: the trust evaluation module and the security enhancement module.Corresponding service functions have been tailored for both modules,considering the network architecture of the core network and the service function of NF,with specific service operations and interfaces delineated according to their respective functional requirements.The efficacy of these two functional modules has been confirmed through experimental tests conducted under the core network environment.The experimental results reveal that the incorporation of trust evaluation and access enhancement modules enables the NF service security enhancement mechanism to effectively counteract illicit or irrational service access requests from NFs,consequently strengthening the core network’s security.