Research On Security Of 5G Network Authentication Protocol And Non-Access Stratum Protocol

As a key infrastructure of the digital society,the 5th generation mobile networks?5G?has been accelerating its standardization and commercialization process globally.At the same time,5G network security issues have also attracted unprecedented attention.The 5G network adopts a more open network architecture and a more flexible protocol system.The openness and flexibility make the 5G network face new security challenges.Throughout the various security issues of mobile communication systems in the past,protocol defects have always been one of the most easily exploited by attackers,especially the Authentication and Key Agreement?AKA?protocol and Non-Access Stratum?NAS?protocol that need to be transmitted on the air interface,which is a fertile soil for attackers to launch attacks.Although 3GPP has taken many improvements to the authentication protocol and non-access stratum protocol of 5G network,whether the improved protocols can solve the security problems that have occurred in previous mobile communication networks is a question worth discussing.In addition,in the case of increasing attacker's capabilities,whether the improved protocols can deal with new possible security threats is also a question worth discussing.This article relies on the sub-project"5G XXX technical research and verification"of National Science and Technology Major Special Project"New Generation Broadband Wireless Mobile Communication Network",focusing on two types of authentication protocols?5G AKA,EAP-AKA'?,NAS signaling protocol.The defects of the above protocols are studied,and security solutions are proposed.The main work of this article is as follows:1.For 5G AKA,a 5G identity authentication protocol,two defects in the protocol that may damage subscriber privacy are found.With these defects,an attacker can sniff the target subscriber's location.To solve the problems found,two solutions were proposed.The formal analysis tool TAMARIN was used to verify the security of solution one,and the string space model was used to verify the security of solution two.The analysis results show that both solutions can fix the two discovered protocol defects.2.Aiming at another 5G network identity authentication protocol EAP-AKA',we use an EAP-AKA'protocol security analysis model based on the Lowe taxonomy in this paper.Firstly,the 5G network,protocol,communication channel and attacker are formally modeled.We use TAMARIN prover to analyze the Lowe authentication property,perfect forward secrecy,and confidentiality of the security anchor key K_SEAFEAF in the protocol,and discover 4 attack paths under the 3GPP implicit authentication method.Then we propose two improved solutions and verify their effectiveness.Lastly,the security of two authentication protocols EAP-AKA'and 5G AKA is compared in the paper.3.For NAS protocol,a systematic protocol security analysis method based on a formal method is used.Based on this method,eight 5G NAS layer signaling protocol vulnerabilities are identified.At the same time,we find that the unconditional trust between UE and gNodeB is the root cause of these defects.On this basis,we propose a security improvement scheme which is based on the existing asymmetric encryption mechanism of the 5G system.A new pair of asymmetric keys is introduced into gNodeB to encrypt and sign the initial signaling messages sent to UE.The results show that this mechanism can effectively make up for the defects found in the NAS protocol.