Design of handover authentication protocols for 5G networks
The emerge of fifth-generation (5G) wireless networks has started a new era of the development of wireless mobile networks. High requirements such as lower delay and higher speed have been expected for the 5G wireless network. Security of the 5G wireless networks is the major concern when they are d...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Master by Research |
Language: | English |
Published: |
Nanyang Technological University
2022
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/155052 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | The emerge of fifth-generation (5G) wireless networks has started a new era of the development of wireless mobile networks. High requirements such as lower delay and higher speed have been expected for the 5G wireless network. Security of the 5G wireless networks is the major concern when they are deployed for commercial applications. The third-generation partnership project (3GPP) has specified the security functionality of 5G wireless in its standard release 16. It specifies a detailed scheme of 5G Authentication and Key Agreement (AKA) and handover authentication. However, user equipment (UE) is prone to different attacks such as Denial of Service (DoS) attacks and false base-station attacks when it hands over from source gNB (Next Generation Node B, gNodeB) to target gNB within the same Access and Mobility Management Function (AMF). Also, in some scenarios, a large group of Machine Type Communication devices (MTCDs) may enter the communication coverage of a new target base station simultaneously. However, the current handover mechanism specified by the 3GPP incurs high signalling overhead over the access network and the core network for such scenario. Particularly, secure handover becomes a critical issue in the operation of the 5G mobile networks. Even though many solutions have been proposed in the recent research to overcome the security issues mentioned above, these solutions have efficiency or security problems to some extent. Our work focuses on designing 5G handover authentication protocols, which should be secure, efficient, and follow the system architecture specified by the 3GPP standard.
In the thesis, we first introduce the background, 5G network architecture, 5G security architecture, and security requirements of a handover authentication scheme. We review the current handover authentication schemes in the literature as well. Then we propose our first Lightweight and Secure Handover Authentication protocol, named as LSHA, using the Chinese remainder theory at neighbor base stations, gNBs for secure handovers. The Next Hop parameter (NH) used in the handover authentication is encrypted by our repurposed encryption algorithm to enhance security, which perfectly solves the failure of the key forward secrecy (KFS) problem in the 3GPP standard. The security of the proposal is formally evaluated by BAN-logic and Scyther to demonstrate its ability against various malicious attacks. An analysis of the ability against some specific malicious attacks is also presented. Finally, the performance of the proposed scheme in terms of the delay incurred is evaluated by using JAVA simulation. And energy consumption is calculated by adding up the energy consumption of basic cryptography operations on StrongARM microprocessor and LA-4121 WLAN card. The results obtained show that our first scheme is secure and efficient with relatively low energy consumption, which is suitable for devices in high-speed movements.
Then, we propose our second Privacy-Preserving Handover Authentication Protocol, named as PPHAP, for a group of MTCDs in all handover scenarios. By the proposal, the messages from two MTCDs are concatenated with an aggregated message authentication code (MAC) and sent by an authenticated group member to reduce the signalling cost. The proposed protocol has been formally evaluated by both BAN-logic and Scyther tool to prove its security. And it has been analysed on its security functionality to show its ability to preserve user privacy and resist major typical malicious attacks. It can be expected that the second proposed scheme is applicable to most group mobility scenarios such as a platoon of vehicles or a high-speed train. The performance evaluation demonstrates that the proposed protocol is efficient in terms of computational, communication, signalling, and energy cost. |
---|