计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (18): 137-146.DOI: 10.3778/j.issn.1002-8331.2106-0495

• 网络、通信与安全 • 上一篇    下一篇

5G异构网络中基于群组的切换认证方案

张应辉,李一鸣,李怡飞,郑东   

  1. 1.西安邮电大学 网络空间安全学院,西安 710121
    2.无线网络安全技术国家工程实验室,西安 710121
    3.卫士通摩石实验室,北京 100070
  • 出版日期:2022-09-15 发布日期:2022-09-15

Group-Based Handover Authentication Scheme for 5G Heterogeneous Networks

ZHANG Yinghui, LI Yiming, LI Yifei, ZHENG Dong   

  1. 1.School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China 
    2.National Engineering Laboratory for Wireless Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
    3.WeiShi Stone Laboratory, Beijing 100070, China
  • Online:2022-09-15 Published:2022-09-15

摘要: 随着5G网络的发展,各类网络服务质量极大提升的同时网络环境也愈加复杂,从而带来了一系列安全挑战。切换认证可以解决用户在不同类型网络间的接入认证问题,但现存方案仍存在一些不足,还需要解决如全局切换认证、密钥协商、隐私保护、抵抗伪装攻击、抵抗中间人攻击、抵抗重放攻击以及群组用户切换效率等问题。针对这些问题,提出了一个5G异构网络中基于群组的切换认证方案。在所提出的方案中,注册域服务器在区块链上为每个用户存入一个通行证,任何实体都可以利用该通行证对用户进行认证,从而实现全局切换认证。对于群组用户,各用户分别设置可聚合的认证参数,验证者通过验证聚合签名实现对群组用户的批量验证。新方案不仅提升了群组用户切换时的效率,同时还满足上述安全性要求。基于形式化分析软件AVISPA的分析结果表明,所提出的方案是安全的。性能分析表明,所提出的方案执行批量验证时的效率比现存方案至少提升了89.8%。

关键词: 5G, 切换认证, 区块链, 批量验证, AVISPA工具

Abstract: With the development of the fifth-generation mobile communication technology(5G), the quality of network services has been rapidly improving. However, the network environment is becoming more and more complex. Furthermore, it also brings more security challenges. The handover authentication can solve the problem of user access authentication between two different networks. But there are still some weaknesses in the existing schemes, such as universal handover authentication, key agreement, identity privacy, resistance to impersonation attacks, resistance to man-in-the-middle attacks, resistance to replay attacks and the group-based handover efficiency need to be improved. For these, a group-based handover authentication scheme for 5G heterogeneous networks is proposed. In the proposed scheme, the registered domain server stores a pass for each user on the blockchain. Using this data to authenticates the users can achieve the universal handover authentication. For group user access, each user sets aggregatable parameters separately. Then, the verifier performs batch verification by verifying the aggregate signature. By using the AVISPA tool to analyze the proposed protocol, it shows that the protocol is sufficiently secure. According to the performance analysis, the proposed scheme improves the efficiency by 89.8% compared with some existing schemes when performing batch verification.

Key words: 5G, handover authentication, blockchain, batch verification, AVISPA tool