School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore 639798, Singapore.
College of Engineering, Qatar University, Doha P.O. Box 2713, Qatar.
Sensors (Basel). 2022 Jun 15;22(12):4525. doi: 10.3390/s22124525.
The futuristic fifth-generation cellular network (5G) not only supports high-speed internet, but must also connect a multitude of devices simultaneously without compromising network security. To ensure the security of the network, the Third Generation Partnership Project (3GPP) has standardized the 5G Authentication and Key Agreement (AKA) protocol for mutually authenticating user equipment (UE), base stations, and the core network. However, it has been found that 5G-AKA is vulnerable to many attacks, including linkability attacks, denial-of-service (DoS) attacks, and distributed denial-of-service (DDoS) attacks. To address these security issues and improve the robustness of the 5G network, in this paper, we introduce the Secure Blockchain-based Authentication and Key Agreement for 5G Networks (5GSBA). Using blockchain as a distributed database, our 5GSBA decentralizes authentication functions from a centralized server to all base stations. It can prevent single-point-of-failure and increase the difficulty of DDoS attacks. Moreover, to ensure the data in the blockchain cannot be used for device impersonation, our scheme employs the one-time secret hash function as the device secret key. Furthermore, our 5GSBA can protect device anonymity by mandating the encryption of device identities with Subscription Concealed Identifiers (SUCI). Linkability attacks are also prevented by deprecating the sequence number with Elliptic Curve Diffie-Hellman (ECDH). We use Burrows-Abadi-Needham (BAN) logic and the Scyther tool to formally verify our protocol. The security analysis shows that 5GSBA is superior to 5G-AKA in terms of perfect forward secrecy, device anonymity, and mutual Authentication and Key Agreement (AKA). Additionally, it effectively deters linkability attacks, replay attacks, and most importantly, DoS and DDoS attacks. Finally, the performance evaluation shows that 5GSBA is efficient for both UEs and base stations with reasonably low computational costs and energy consumption.
未来的第五代蜂窝网络(5G)不仅支持高速互联网,还必须能够同时连接大量设备,同时不影响网络安全性。为了确保网络的安全性,第三代合作伙伴计划(3GPP)已经为用户设备(UE)、基站和核心网络之间的相互认证标准化了 5G 认证和密钥协商(AKA)协议。然而,已经发现 5G-AKA 容易受到许多攻击,包括可链接性攻击、拒绝服务(DoS)攻击和分布式拒绝服务(DDoS)攻击。为了解决这些安全问题并提高 5G 网络的健壮性,在本文中,我们引入了基于安全区块链的 5G 网络认证和密钥协商(5GSBA)。我们使用区块链作为分布式数据库,将认证功能从集中式服务器分散到所有基站。它可以防止单点故障并增加 DDoS 攻击的难度。此外,为了确保区块链中的数据不能用于设备冒充,我们的方案采用一次性秘密散列函数作为设备秘密密钥。此外,我们的 5GSBA 通过使用订阅隐藏标识符(SUCI)对设备身份进行加密来保护设备匿名性。通过废弃椭圆曲线 Diffie-Hellman(ECDH)中的序列号来防止可链接性攻击。我们使用 Burrows-Abadi-Needham(BAN)逻辑和 Scyther 工具对我们的协议进行正式验证。安全分析表明,5GSBA 在完美前向保密、设备匿名性和相互认证和密钥协商(AKA)方面优于 5G-AKA。此外,它有效地阻止了可链接性攻击、重播攻击,最重要的是,阻止了 DoS 和 DDoS 攻击。最后,性能评估表明,5GSBA 对 UE 和基站都非常高效,具有合理的低计算成本和能耗。
