3GPP5Gsecurity资源-CSDN文库

需积分: 9 11 浏览量 2018-09-18 17:20:15 上传评论收藏 7.65MB PDF 举报

5G is the next generation of mobile communication systems. As it is being finalized, the specification is stable enough to allow giving an overview. This paper presents the security aspects of the 5G system specified by the 3rd Generation Partnership Project (3GPP), especially highlighting the differences to the 4G (LTE) system. The most important 5G security enhancements are access agnostic primary authentication with home control, security key establishment and management, security for mobility, service based architecture security,inter-network security, privacy and security for services provided over 5G with secondary authentication. ### 3GPP 5G安全机制概览 #### 摘要与介绍随着第五代移动通信系统（5G）的逐步推出和完善，其安全架构成为业界关注的重点。相较于第四代（4G/LTE）系统，5G不仅在技术上实现了突破，在安全性方面也进行了大量的增强与改进。本文主要探讨了由3rd Generation Partnership Project（3GPP）制定的5G系统安全方面的关键特性及其与4G系统的不同之处。 #### 5G安全概述 5G安全体系结构是在4G安全体系的基础上进行设计和扩展的，旨在继承并优化4G的安全机制，并针对新出现的安全威胁和挑战引入了一系列新的安全机制。这些安全机制包括但不限于： 1. **接入无关的主认证**：这是一种重要的安全增强措施，它支持各种类型的接入网络，并且认证过程由用户归属网络控制，增强了整体的安全性和可靠性。 2. **密钥建立与管理**：为确保数据传输的安全性，5G系统采用了更加先进的密钥管理和分发机制，这有助于保护用户数据免受未经授权的访问。 3. **移动性安全管理**：为了适应5G系统中的高速移动场景，对移动性管理的安全性进行了加强，确保用户在不同基站间切换时的安全性。 4. **基于服务的架构安全**：5G系统采用了基于服务的架构，这意味着安全机制也需要适应这一变化，确保服务提供过程中的安全性。 5. **网络间安全**：5G环境下，不同运营商之间以及不同网络之间的互联互通更为频繁，因此加强了网络间的安全防护措施。 6. **隐私保护**：在提供更高质量的服务的同时，5G系统还特别注重用户的隐私保护，防止用户数据被非法获取或滥用。 7. **二次认证**：对于一些敏感或高价值的服务，5G系统提供了额外的二次认证机制，以进一步提高安全性。 #### 5G安全机制的细节分析 1. **接入无关的主认证**： - 这一特性允许5G系统能够无缝地与不同的接入技术（如WiFi、蓝牙等）进行交互，而不会牺牲安全性。通过将认证过程集中到用户归属网络进行控制，可以有效避免中间人攻击等问题。 2. **密钥建立与管理**： - 5G系统采用了一套全新的密钥管理体系，能够动态地生成和更新密钥，以适应不断变化的网络环境。此外，还采用了更加复杂和强大的加密算法来保障数据传输的安全性。 3. **移动性安全管理**： - 针对高速移动场景下的安全需求，5G系统提供了一系列的安全机制，如快速重认证机制，可以在用户设备快速切换基站时确保连接的安全性。 4. **基于服务的架构安全**： - 在5G系统中，服务是通过API接口提供的，这要求服务提供商必须具备高度的安全意识。为此，5G系统设计了专门的服务安全机制，确保服务提供过程中数据的完整性和保密性。 5. **网络间安全**： - 为了应对不同网络间的互操作性问题，5G系统加强了网络边界的安全防护，例如通过实施更严格的访问控制策略和加密技术，确保不同网络间的通信安全。 6. **隐私保护**： - 5G系统采取了多种措施来保护用户的隐私，比如通过匿名化处理用户数据、限制位置信息的暴露范围等方法，最大限度地减少个人信息泄露的风险。 7. **二次认证**： - 对于一些需要更高安全级别的应用场景（如金融交易、医疗保健等），5G系统引入了二次认证机制，这通常是通过生物识别技术或其他身份验证方式实现的，以确保只有授权用户才能访问敏感资源。 #### 结论 5G系统的安全机制是经过精心设计的，旨在为用户提供一个既高效又安全的通信环境。通过采用一系列创新的安全技术，5G不仅能够满足当前的安全需求，也为未来可能出现的新威胁提供了充足的防御能力。随着5G技术的不断发展和完善，预计未来的安全机制将会更加成熟和强大。

资源推荐

资源详情

资源评论

3GPP 5G Security

Anand R. Prasad

, Sivabalan Arumugam

Sheeba B

and Alf Zugenmaier

Chairman of 3GPP SA3, NEC Corporation, Japan

2,3

NEC Technologies India Pvt. Ltd., India

Vice Chairman of 3GPP SA3 & Rapporteur, Munich University of

Applied Sciences, Germany

E-mail: anand@bq.jp.nec.com; sivabalan.arumugam@india.nec.com;

sheeba.mary@india.nec.com; alf.zugenmaier@hm.edu

Received 30 March 2018;

Accepted 3 May 2018

Abstract

5G is the next generation of mobile communication systems. As it is being

ﬁnalized, the speciﬁcation is stable enough to allow giving an overview. This

paper presents the security aspects of the 5G system speciﬁed by the 3

Gener-

ation Partnership Project (3GPP), especially highlighting the differences to the

4G (LTE) system. The most important 5G security enhancements are access

agnostic primary authentication with home control, security key establishment

and management, security for mobility, service based architecture security,

inter-network security, privacy and security for services provided over 5G

with secondary authentication.

Keywords: LTE, 5G, 5G Core, NR, Authentication, Services, Security,

Privacy.

1 Introduction

The 5G system is an evolution of the 4G mobile communication sys-

tem, i.e. System Architecture Evolution/Long Term Evolution (SAE/LTE).

Accordingly, the 5G security architecture has been designed to integrate

Journal of ICT, Vol. 6

1&2, 137–158. River Publishers

doi: 10.13052/jicts2245-800X.619

This is an Open Access publication.

138 S. Arumugam et al.

4G equivalent security into the 5G system. In addition, reassessment of

other security threats such as attacks on radio interfaces, signalling plane,

user plane, masquerading, privacy, replay, bidding down, man-in-the-middle,

service based interfaces (SBI), and inter-operator network security have led

to integration of further security mechanisms. This paper gives an overview

of the security in phase 1, also called release 15 in 3GPP, and highlights the

security features and security mechanisms offered by the 5G system, and the

security procedures performed within the 5G System including the 5G Core

(5GC) and the 5G new radio (NR), i.e. the 5G radio interface.

The paper starts by laying out the underlying trust models in 5G system

considering roaming and non-roaming cases in Section 2 along with a brief

summary on 5G key hierarchy. The enhancements in authentication and

privacy are dealt with in Section 3. Section 4 discusses the multiple regis-

tration scenarios of User Equipment (UE) considering different cases such as

same Public Land Mobile Network (PLMN) and different PLMN scenarios.

The mobility procedures and intra-/inter-network security are discussed in

Sections 5 and 6 respectively. The role of secondary authentication in services

security is briefed in Section 7. Section 8 discusses the security aspects of

network interconnects and Section 9 elaborates the migration and interworking

security. Finally the paper is concluded in Section 10.

2 Evolution of the Trust Model

In the new 5G system, trust within the network is considered as decreasing

the further one moves from the core. This has impact on decisions taken in 5G

security design thus we present the trust model in this section, at the beginning

fo the paper, together with the 5G key hierarchy.

2.1 Trust Model

The trust model in the user equipment (UE) is reasonably simple: there are two

trust domains, the tamper proof universal integrated circuit card (UICC) on

which the the Universal Subscriber Identity Module (USIM) resides as trust

anchor. Mobile Equipment (ME) and the USIM together form the UE.

The network side trust model for roaming and non-roaming cases are

shown in Figures 1 and 2 respectively, which shows the trust in mulitple

layers, like in an onion.

The Radio Access Network (RAN) is separated into distributed units (DU)

and central units (CU) – DU and CU together form gNB the 5G base-station.

140 S. Arumugam et al.

(known as anchor key) for the visited network. The security architecture is

deﬁned in a future proof fashion, as it allows separation of the security anchor

from the mobility function in a future evolution of the system architecture.

In the roaming architecture, the home and the visited network are con-

nected through SEcurity Protection Proxy (SEPP) for the control plane of

the internetwork interconnect. This enhancement is done in 5G because of

the number of attacks coming to light recently such as key theft and re-

routing attacks in SS7 [16] and network node impersonation and source

address spooﬁng in signalling messages in DIAMETER [17] that exploited

the trusted nature of the internetwork interconnect [18]. Authentication Server

Function (AUSF) keeps a key for reuse, derived after authentication, in case of

simultaneous registration of a UE in different access network technologies, i.e.

3GPP access networks and non-3GPP access networks such as IEEE 802.11

Wireless Local Area Network (WLAN). Authentication credential Repository

and Processing Function (ARPF) keeps the authentication credentials. This is

mirrored by the USIM on the side of the client, i.e. the UE side. The subscriber

information is stored in the Uniﬁed Data Repository (UDR). The Uniﬁed

Data Management (UDM) uses the subscription data stored in UDR and

implements the application logic to perform various functionalities such as

authentication credential generation, user identiﬁcation, service and session

continuity etc. Over the air interface, both active and passive attacks are

considered on both control plane and user plane. Privacy has become increas-

ingly important leading to permanent identiﬁers being kept secret over the

air interface.

2.2 Key Hierarchy

The long term secret key (K) provisioned in the USIM and the 5G core network

acts as the primary source of security context in the same way as in of an 4G

system. Different to LTE, in 5G there are 2 types of authentication, primary

authentication that all devices have to perform for accesing the mobile network

services, and secondary authentication to an external data network (DN), if so

desired by the external data network.

After a successful primary authentication between the UE and the network,

the serving network speciﬁc anchor key (K

SEAF

) is derived from K. From the

anchor key, conﬁdentiality and integrity protection keys are derived for NAS

signalling and the AS consisting of control plane (CP), ie. radio resource

control (RRC) messages, and user plane (UP). The key hierarchy of 5G is

shown in Figure 3. The key hierarchy includes K, Cipher Key (CK) and

剩余21页未读，继续阅读

评论收藏

内容反馈

bukyguo

粉丝: 0
资源: 4

3GPP 5G security

最新资源

3GPP 5G security

3GPP 5G标准规范

5G 3GPP 标准

5G 3GPP 协议规范

3GPP 5G标准中文版

3GPP之5G规范汇总 PDF

5G安全白皮书，比较全

3GPP 5G合法JT（lawful interception）标准 33127-h00.docx

3GPP第16版5G标准33501-g00（EAP-AKA'和5G-AKA）认证框架部分.docx

5G-security-Helsinki.pdf

5G Security Report-2020.rar

3GPP最新的5G技术规范标准

3GPP 5G协议定位功能

3GPP 5G 标准 V15.3.0 原版

5G 3GPP release15

5G通信3GPP协议-38章

3GPP Nas协议可视化浏览编辑工具

5G-Security-White-Paper_8.15.pdf

Security in 5G Networks - 5G网络安全

5G系统基于服务的体系结构的技术实现 29500-g40.docx 中英文对照版

3GPP R15/16/17中Feature汇总

3GPP-5G-NR 38331-f60协议

3GPP 5G NR标准和测试

移动通信3GPP-5G技术演进之路

3GPP_5G_r16_物理层标准

5G Standards Developments in 3GPP Release16 and Beyond

3GPP协议列表 说明各协议的中文意义

信息安全_数据安全_4G_to_5G_Evolution：In-Depth_Security_Perspective.pdf

蓝桥杯-5G全网规划与建设理论题题库（附答案）四

technical criterion of IMS, by 3GPP

最新资源

3GPP协议列表说明各协议的中文意义