Research On Network Security Of Machine Type Communication

Machine-Type-Communication(MTC), enabling all machines being equipped with networking and communications capabilities, is fundamental to the structure of the Internet of things(IOT). With a broad market and application prospect, it has become a new business growth point of mobile communication network, while its network security is of extremely importance to the applications of communications techniques. First, MTC needs to consider the end-to-end security between the equipment to the server, which ensures the data confidentiality and integrity of the short message service, multimedia broadcast/multicast service(MBMS), as well as the signaling data integrity; Second, service requests from massive data may result in core network congestion, and even overload problem; In addition, as an important application of MTC, Vehicular Ad Hoc Network(VANET) involves the authentication of vehicles and on-board units, and the resulting issues of identity and privacy could not be neglected.Regarding the network congestion and related problems caused by massive equipment access, this thesis deals with the network security issues of MTC. Specifically, the work is carried out around the service access, application layer security, MBMS security, as well as the security and privacy of VANET application, which are summarized as follows:The first part is devoted to the security mechanism of MTC service access. Regarding diversified application environments, the required end-to-end security, if provided for each application individually, will lead to a large number of repeated construction of authentication infrastructures. Since most large-scale MTC applications are dominated or participated by mobile operators, this thesis presents a novel end-to-end security scheme, which conforms to the general authentication framework of MTC. The user authentication and session key generation are assisted by network operators, while the MTC server focuses on the service provision, leading to a low-complexity implementation of MTC application security. The analysis of security and performance show that this scheme can derive the function relation between the survival of master session key and the expectation of bootrequest number, thus being helpful to find the optimal key survival.The second part studies the optimization technology for the application-layer security of MTC. For a generic authentication architecture of 3GPP, service requests from a large number of mobile terminals at the same time might result in signaling congestion. Therefore based on aggregate signature technology, a new protocol is proposed for batch application-layer authentication and key negotiation in LTE network, in order to achieve end-to-end security. Authentication signaling is aggregated within this framewrok, while authentication is assisted by operators. Compared with generic authentication architecture of 3GPP, this protocol can greatly alleviate the network congestion and reduce the authentication delay.The third part discusses the MBMS security in MTC. Considering that 3GPP is not flexible enough in the group key agreement and update, and the introduction of MTC may lead to core network overload, the thesis puts forward a novel group key agreement protocol, which is applicable to the multimedia service of MTC. Broadcast messages is utilized to transmit related information required for generating the group key. As the number of interactive rounds being reduced, it can effectively overcome above deficiency. Analysis shows that the proposed protocol is of the backward and forward security, and can resist collusion attacks. Compared to conventional MBMS scheme for 3GPP, this protocol can reduce the communication overhead to a constant.The fourth part considers the issues of service security and privacy protection for VANET, a specific application of MTC. In light of limited communication range and highly dynamic network involved in typical VANET applications, a highly effective and privacy-aware scheme is suggested for collaborative data downloading. Through using CP-ABE-CL, the anonymity of data receiver is guaranteed, and the length of ciphertext is fixed. Consequently, fine-granularity access control in high speed mobile environment is achieved, according to the user charging level. The analysis of security and performance proves that the proposed scheme meets the demands for security and privacy of VANETservices, and is potential for value-added VANET applications.