57 | 0 | 35 |
下载次数 | 被引频次 | 阅读次数 |
针对5G异构网络中移动用户频繁切换认证问题,提出一种基于软件定义网络(Software Defined Network, SDN)的5G异构网络多场景切换认证方案。该方案先利用SDN技术实现对网络接入用户的集中管理和行动轨迹的预测,以降低切换时延。然后通过设计面向移动用户切换认证的免配对无证书签密算法改善密钥托管问题,减少接入点的计算负担。移动用户在域内和域间切换过程中实现相互认证、密钥协商、批量认证、隐私保护、不可链接性、完美前向和后向安全性等功能。最后,基于随机预言机模型和形式化分析工具AVISPA(Automated Validation of Internet Security Protocols and Applications)证明所提方案能够抵抗各种攻击。性能分析结果表明,所提方案切换认证时间仅为9.68 ms,有效提升了系统切换效率。
Abstract:In order to address the problem of frequent authentication handover of mobile users in 5G hetnet, an multi-scenario handover authentication scheme based on software defined network(SDN) for 5G hetnet is proposed.The scheme utilizes SDN technology to realize the centralized management of access users and the prediction of movement trajectory, so as to reduce the handover delay.A certificateless signcryption algorithm of handover authentication between mobile users is adopted to solve the key escrow problem and reduce the computing burden of the access points.Mobile users can realize complete mutual authentication, session key agreement, batch authentication, privacy protection, unlinkability, and perfect forward and backward secrecy functions in intra-domain and inter-domain handover scenarios.Finally, based on the random oracle model and the formal analysis tool automated validation of internet security protocols and applications(AVISPA),it is proved that the scheme can withstand against various attacks.Performance results show that the handover authentication time of this scheme is only 9.68 ms, which effectively enhances handover efficiency of the system.
[1] XU Y,GUI G,GACANIN H,et al.A survey on resource allocation for 5G heterogeneous networks:Current research,future trends,and challenges[J].IEEE Communications Surveys & Tutorials,2021,23(2):668-695.
[2] 黄文华,臧浩,冯景瑜,等.一种基于多授权中心协同的数据保护方案[J].西安邮电大学学报,2023,28(5):67-74.HUANG W H,ZANG H,FENG J Y,et al.Multi-authorization collaborative data protection scheme[J].Journal of Xi’an University of Posts and Telecommunications,2023,28(5):67-74.(in Chinese)
[3] DEHNEL-WILD M,CREMERS C.Security vulnerability in 5G-AKA draft[EB/OL].[2023-02-28].https://www.cs.ox.ac.uk/5G-analysis/5G-AKA-draft-vulnerability.pdf.
[4] HE D J,CHEN C,CHAN S,et al.Secure and efficient handover authentication based on bilinear pairing functions[J].IEEE Transactions on Wireless Communications,2011,11(1):48-53.
[5] YEO S L,YAP W S,LIU J K,et al.Comments on "analysis and improvement of a secure and efficient handover authentication based on bilinear pairing functions"[J].IEEE Communications Letters,2013,17(8):1521-1523.
[6] XUE K P,MENG W,LI S H,et al.A secure and efficient access and handover authentication protocol for Internet of Things in space in formation networks[J].IEEE Internet of Things Journal,2019,6(3):5485-5499.
[7] IDRISSI Y E H E,ZAHID N,JEDRA M.An efficient authentication protocol for 5G heterogeneous networks[C]//International Symposium on Ubiquitous Networking.Heidelbeg:Springer,2017:496-508.
[8] FAN C I,HUANG J J,ZHONG M Z,et al.ReHand:Secure region-based fast handover with user anonymity for small cell networks in mobile communications[J].IEEE Transactions on Information Forensics and Security,2019,15:927-942.
[9] YOUSAF F Z,BREDEL M,SCHALLER S,et al.NFV and SDN-key technology enablers for 5G networks[J].IEEE Journal on Selected Areas in Communications,2017,35(11):2468-2478.
[10] MONIRA S,KABIR U,JAHAN M,et al.An efficient handover mechanism for SDN-based 5G HetNets[J].Dhaka University Journal of Applied Science and Engineering,2021,6(2):49-58.
[11] DUAN X,WANG X.Authentication handover and privacy protection in 5G hetnets using software defined networking[J].IEEE Communications Magazine,2015,53(4):28-35.
[12] CAO J,MA M D,FU Y L,et al.CPPHA:Capability-based privacy-protection handover authentication mechanism for SDN-based 5G HetNets[J].IEEE Transactions on Dependable and Secure Computing,2019,18(3):1182-1195.
[13] BI Y G,HAN G J,LIN C,et al.Mobility management for intro/inter domain handover in software-defined networks[J].IEEE Journal on Selected Areas in Communications,2019,37(8):1739-1754.
[14] MONIRA S,KABIR U,JAHAN M,et al.An efficient and secure handover mechanism for SDN-enabled 5G HetNet[C]//2021 IEEE in ternational Black Sea Conference on Communications and Networking (BlackSeaCom).New Jersey:IEEE,2021:1-6.
[15] DOLEV D,YAO A.On the security of public key protocols[J].IEEE Transactions on Information Theory,1983,29(2):198-208.
[16] CANETTI R,GOLDREICH O,HALEVI S.The random oracle methodology,revisited[J].Journal of the ACM (JACM),2004,51(4):557-594.
[17] ARMANDO A,BASIN D,BOICHUT Y,et al.The AVISPA tool for the automated validation of internet security protocols and applications[C]//International Conference on Computer Aided Verification.Heidelberg:Springer,2005:281-285.
[18] MA R H,CAO J,FENG D G,et al.PPSHA:Privacy preserving secure handover authentication scheme for all application scenarios in LTE-A networks[J].Ad Hoc Networks,2019,87:49-60.
[19] LIU L,QUAN H Y,LIU X F,et al.Light-weight handover authentication with location privacy-preserving in mobile wireless networks[J].International Journal of Embedded Systems,2015,7(3-4):280-288.
[20] QIU Y,MA M D,WANG X L.A proxy signature-based handover authentication scheme for LTE wireless networks[J].Journal of Network and Computer Applications,2017,83:63-71.
基本信息:
DOI:10.13682/j.issn.2095-6533.2024.06.007
中图分类号:TN929.5;TP393.02
引用信息:
[1]张应辉,曹倩,李琦等.基于SDN的5G异构网络多场景切换认证方案[J].西安邮电大学学报,2024,29(06):48-56.DOI:10.13682/j.issn.2095-6533.2024.06.007.
基金信息:
国家自然科学基金项目(62072369,62072371); 陕西省特支计划青年拔尖人才支持计划项目; 陕西高校青年创新团队支持计划项目; 江苏省高等学校基础科学(自然科学)研究项目(22KJB520029); 陕西省技术创新引导计划项目(2023-YD-CGZH-31)