| At present,5G mobile communication network has gradually entered the commercial stage.With the upgrading of mobile communication network,mobile terminals play an increasingly important role in our life.People's clothing,food and travel are inseparable with mobile terminals.Similar to the user identity privacy and the user location privacy,the identifiers of mobile terminal are the electronic identity cards of mobile users,which also need to be protected properly.Nowadays,with the more and more extensive application scenarios of mobile terminals,how to guarantee the user identity privacy effectively has become a research hotspot of the field of mobile communication authentication.Considering the openness and non-security of wireless communication channels,users' communication contents on wireless channels need to be encrypted,especially users identities.In subsequent communication authentication standards,3GPP improves the user identity protection mechanism gradually.According to analysis reports,there are still some aspects to be improved in the authentication scheme adopted by the existing 5G communication system:1)There is a security risk of using the serial number SQN in the authentication process.To ensure the freshness of authentication information and resist replay attacks,communication system standards formulated by 3GPP adopt the serial number SQN mechanism.But users and the authentication server need to ensure the serial number synchronization.When the serial number synchronization is disordered,the communication system needs to introduce additional serial number resynchronization process.In addition,according to the analysis report,attackers can use the synchronization feature of the serial number SQN to launch error message link attack,and the confidentiality of the serial number SQN can not be guaranteed effectively.2)The existing identity authentication scheme can not protect users identity privacy effectively at the authentication server.Considering the openness and non-secrecy of wireless channels,the existing identity authentication scheme focuses on protecting users identity privacy on wireless channels.But when the communication core network is invaded and controlled,users identities and location informations cannot be protected effectively.For a small number of important users with high-level security and high demand for identity privacy,the existing authentication scheme can not achieve the security demand of comprehensive protection of users identity privacy.By analyzing the existing 4G and 5G identity authentication processes and the corresponding user identity protection mechanisms,this paper finds that the existing identity authentication schemes can not solve the above problems completely.This paper proposes two ideas about improving the 5G identity authentication scheme.The main work is as follows:1)This paper proposes a 5G authentication method based on symmetric encryption and does not depend on the serial number SQN.To avoid the error message link attack and the cost of the sequence number resynchronization,the scheme adopts the random secret parameter instead of the sequence number SQN.Meanwhile,this scheme uses bilinear pair to reduce the number of times of key negotiation and key derivation function,which improves the efficiency of authentication.This scheme can improve the security of authentication process without increasing the computation and storage overhead of users.2)This paper proposes an enhanced 5G authentication method which can protect users identity privacy at the authentication server.In order to protect users identity privacy,this paper designs an identity authentication pair protection mechanism to ensure that the authentication server can verify the legitimacy of users identity without disclosing users real identities.In the context of hierarchical security requirements,this scheme can provide comprehensive users identity privacy protection services for users who have high-level security requirements. |
PDF Full Text Request