Design And Analysis Of Security Authentication Protocol In New Air Interface

The third generation partnership project(3GPP)was founded in 1998,from the original universal mobile telecommunications system network to the long term evolution(LTE)network,LTE-Advanced(LTE-A)network,and then the current mainstream fifth generation(5G)network,3GPP has become the largest communication standard organization in the world.In order to meet the increasing communication requirements of users,3GPP network introduces a variety of new air interface entities and technologies.Firstly,in LTE-A network,in order to solve the problem of weak indoor coverage of ordinary evolved node B(e NB),the home evolved node B(He NB)is introduced to realize the family characteristic coverage and service requirements.Secondly,since 5G network supports high-speed transmission,the most typical scenario of high-speed transmission is high-speed rail network and data transmission in high-speed rail network suffers from serious path loss and other problems.In order to provide smooth communication experience for users in high-speed rail network,3GPP introduces mobile relay node(MRN)as on-board base station to provide stable network services.Finally,in order to achieve global network coverage,3GPP Rel-17 introduces satellite access technology as an effective supplement to ground air access technology.However,the introduction of these new air interface entities and technologies has brought some new security and performance challenges,which need to be further investigated and solved.This thesis systematically studies these different security and performance challenges brought by these new air interface entities and technologies,and puts forward the corresponding solutions.The manifold contributions of this thesis are summarized as follows:(1)This thesis analyzes the handover authentication scenario in LTE-A network when multiple types of He NB and e NB coexist,and points out that the coexistence of multiple types of base stations makes the handover scenario of LTE-A network extremely complex.In addition,these existing handover authentication schemes have a lot of security or performance defects,which cannot meet the needs of the current LTEA network.To solve the above problems,we design a unified handover authentication scheme based on the elliptic curve certificateless signcryption technology.This scheme can be applied to all mobile scenarios in LTE-A network,only needs three handshakes to achieve secure handover authentication,and ensures multiple security properties without sacrificing efficiency,including mutual authentication,key agree- ment,privacy preserving and so on.(2)This thesis analyzes the handover authentication scenario introduced by MRN in 5G high-speed rail network,and points out that the existing authentication mechanism of MRN in 3GPP standard still cannot provide smooth user communication experience for user equipment and even may lead to MRN handover failure in high-speed rail network,and new security issues such as eavesdropping attacks,counterfeiting attacks and so on,arise due to MRN accessing the network through unsafe air interface channel.In addition,the existing MRN handover authentication schemes have many security or performance problems,such as unable to achieve mutual authentication or costing a lot of handover overheads.To solve the above problems,combined with the heterogeneous characteristics of 5G network and on the basis of the aggregate signature technology and the predictable mechanism of high-speed trajectory,we propose two fixed-trajectory group pre-handover authentication schemes: FTGPHA1 and FTGPHA2.FTGPHA1 can achieve most of the security properties and consume less handover overheads,while FTGPHA2 can achieve robust security properties without sacrificing efficiency.In the two proposed schemes,MRN performs group handover authentication with the next base station in advance within the coverage of the source base station,thus providing a smooth communication experience for the user equipment in high-speed rail network,avoiding MRN handover failure and other problems.(3)This thesis analyzes the 5G network access authentication scenarios introduced by the satellite access technology and points out that the satellite network is vulnerable to various protocol attacks and the user equipment authentication delay is too long due to the highly open air interface and long transmission distance between satellite and ground.In addition,5G supports the concurrent access of large-scale Internet of Things devices(Io TDs).Massive Io TDs concurrent accessing to satellite network and each Io TD performing its own access authentication process respectively will generate a lot of signaling overheads,which may lead to signaling storm and other problems.To solve these problems,we propose a quantum resistant access authentication scheme based on lattice cryptography.The scheme consists of two authentication protocols:access authentication protocol for massive Io TDs and access authentication protocol for a common mobile equipment or a single Io TD.In the access authentication protocol for massive Io TDs,massive Io TDs construct a temporary group to perform the group authentication process to overcome signaling storm and other problems.In addition,the two protocols can achieve strong security properties including mutual authentication,conditional anonymity and resist against quantum attacks and multiple protocol attacks.