Professional Documents
Culture Documents
Secure Authentication Protocol For 5G Enabled Iot Network
Secure Authentication Protocol For 5G Enabled Iot Network
Secure Authentication Protocol For 5G Enabled Iot Network
Email: deepak.puthal@gmail.com
Abstract—The rapid growth of Internet of Things(IoT) along • 3G Cellular networks: When Internet became the most
with wide range of applications made IoT popular. Moreover,the useful technology around the globe then the concept of
network connectivity and communication support is provided Universal Mobile Telecommunication System (UMTS)
by 5G technology. The mobile technology is also becoming the
essential component of Social life, which is also becoming the emerged as a promising technology to provide a data rate
essential interface for IoT. Various services of IoT may be availed of around 2 Mbps [8].
from IoT server, which are enabled with 5G network technology. • 4G Cellular networks: It provides all Internet protocol
The IoT service access would require a intermediate access and packet switching based communication services
network to connect to 5G, and access network may be publicly such as IP telephony. The peak data rate provided by
accessible. Hence, there exists security threat to user’s data.
Here, In this paper, We provided an application layer security 4G-LTE for downloading is around 100 Mbps and for
protocol to mitigate all those attacks originating from public LTE-Advanced is 1000 Mbps [9].
access network. We have also tested the security protocol by an
automated security testing tool, Scyther. The security protocol
exhibits Secrecy, Aliveness, Non-Injective Agreement, and Non-
Inective Synchronization.The protocol is resistant to various
attacks, which could originate from Confidentiality, Integrity and A. Features of 3GPP architecture
Availability. The user-credentials and services-request are secretly
According to 3GPP Service based Architecture in 3GPP TS
communicated, thereby preserving the privacy.
23.501 [10], the architecture contains mainly two planes i.e.
Index Terms—Authentication, IoT, Security, 5G Service Slice Control plane and User plane.The user plane function (UPF)
consists of packet routing, packet forwarding, policy enforce-
I. INTRODUCTION ment,branching point to support multi-homed public display
With the evolution of communication industry from LTE unit (PDU) sessions and handling quality of service(QOS).
to 5G, it will provide a platform for emanating technologies The control plane consists mainly of the following func-
such as IoT and IoV to be an integral part of our economy and tions:
society as a whole [1][2][3][4]. There is an increased demand • Access and Mobility Management (AMF): It is respon-
of bandwidth, ultra- low latency, and potential to manage huge sible for maintaining mobility, registration and reacha-
number of connected devices. Further, the features of 5G over bility management.It provides access authentication, ac-
4G-LTE are low latency upto 1 millisecond, bandwidth per cess authorization, Security Anchor Function support
unit area estimated to be 1000x, 1-10 Gbps speed, energy (SEAF) support and Security Context Management Func-
efficient, 99 percent availability and many more [5]. The entire tion (SCMF) support.
5G network services can be classified into three different cate- • Session Management Function (SMF): It is responsible
gories: enhanced mobile broadband (eMBB), massive machine for managing sessions, allocating IP address for user
type communications (mMTC), and ultra-reliable and low- equipment, user plane selection and controlling policy
latency communications (uRLLC) as per The International enforcement and QOS.
Telecommunication Union (ITU) [6]. The evolution in the shift • Unified Data Management (UDM): It is responsible
of paradigm of the mobile communication industry from 2G for Authentication Credential Repository and Processing
to 5G are as follows: Function (ARPF) support and subscription of data stor-
• 2G cellular networks: The technology used is Global age.
System for Mobile communication(GSM) and enabling • Policy Control Function (PCF): It is responsible for
services offered are normal voice system, fax, text mes- making policies for Control plane.
sage services, etc. with data rate of around 9.6-10.0 Kbps • Authentication Server Function (AUSF): It provides au-
[7]. thentication for various services and user equipment(UE).
978-1-5386-6026-3/18/$31©2018 IEEE 621
5th IEEE International Conference on Parallel, Distributed and Grid Computing(PDGC-2018), 20-22 Dec, 2018, Solan, India
• Network Slice Selection Function (NSSF): It chooses the III, we describe the proposed security protocol. Section IV
group of network slice instances serving the UE, de- contains of the results of the security simulations. The paper
termining allowed Network S lice Selection Association concludes with Section V where we also suggest some future
Information (NSSAI) and determining the AMF Set to be works.
used to serve the UE.
Security protocols applied to different functions are ARPF, II. R ELATED W ORKS
SEAF, SCMF and SPCF. Authentication Credential Repository
and Processing Function (ARPF) are emplaced with UDM so The objective of the research & development of 5G
as to store the security credentials for authentication and exe- is to increase the mobile broadband users, more capacity
cute cryptography algorithms [11]. Security Anchor Function than today’s 4G network, supporting the communication
support (SEAF) presented in the AMF is used to store visited between device to device (D2D) and huge comminucations
network’s root key and separation of mobility function from of machine-type [19]. To do so, different techniques are
anchor function. The Security Context Management Function applied to 5G, like massive multiple-input multiple-output
(SCMF) generates the additional security key for the network, (MIMO), full duplex communication, heterogeneous networks
which can be generated by SEAF key. The Secure policy (HetNet), millimeter wave (mmWave) [20] and networking
control function(SPCF) is collaborated with PCF to provide slicing [21]. In this paper, our main focus would be on the
the security policy to the network,integrity and confidentiality network slicing concept involved in 5G. In [22] an end-to-end
protection. vertical and horizontal slicing technique for 5G system is
proposed. In this work vertical slicing is used for the vertical
industry and services where as horizontal slicing is used
B. IoT Reference Model
to improve the capacity of the system & experience of the
The rapid rise in the connected physical objects, and their user. Zhou et al. [23] presented hierarchical network slicing
accompanying applications surrounding us, often collectively architecture, helping operators to offer customized end-
referred to as the Internet of Things (IoT) has lead to a to-end cellular networks as a service. Ksentini et al. [24]
growing interest and attention from the everyone including proposed a framework to enforce network slices, featuring
governments, the industry, the scientific community amongst radio resources abstraction based on the 3GPP DCN and a
other communities. Ericsson projects that by 2021, 28 billion flexible RAN. Previous works present several network slicing
of smart device wearable devices will be connected where strategies for wireless network but unfortunately the security
15 billion M2M connected devices will be available across of slice selection is ignored, which leads to user privacy
the globe [12]. While Machina Research forecasts that “IoT leakage.
will account for one-quarter of the global 41 million 5G
connections in 2024.”[13] 3GPP TS 23.501 [10] specifies the system architecture
The numerous opportunities presented by the IoT industry, for the 5G System, the major changes being introduction
however, often come at the cost of privacy and security threats, of network slicing concept, user plane separation, a new
in exchange for fine-grained sensing and data analytic. The service based architecture and a flexible Non-3GPP access
IoT Architectural framework can be subdivided into perception inter-working. This paper also presents the new security
layer, network layer, application layer[14] and [15]. Security features of the 5G core network with respect to the key
challenges in each of these layers are described below briefly: areas like User Plane security termination, authentication and
• Perception Layer: Due to limitation of computational authorization, RAN security, and security within UE and
ability and low power consumption, it is more prone to network slicing security.
security threats. Interception of nodes by a third party and
confidentiality exploitation, timing attack are the major Jianbing et al. proposed an secure and efficient service-
issues [16]. oriented authentication framework which supports the network
• Network Layer: It is susceptible to eavesdropping, passive slicing technique for 5G-enabled IoT (ES 3 A) [25]. 5G com-
monitoring and Man In The Middle Attack. Therefore, bines a variety of new and complex wireless technologies such
secure key exchange mechanism is needed to prevent as D2D, etc. HEnce, it needs lightweight security techniques.
identity thefts [17]. In [26] Fei Pan et al. proposed a lightweight multi-tier au-
• Application Layer: Integrity between different application thentication architecture. However, no simulation was done to
and their respective authentication mechanism to avert prove the correctness of the proposed framework.
privacy and authentication threats [18]. Since 5G is a heterogeneous network, key generation for
encryption, distribution,etc. are going to be extremely chal-
To address some of these issues, we propose an Authenti- lenging because of its dynamic nature. To resolve this issue,
cation framework supporting privacy-preserving slice selec- Hamamreh et al. [27] proposed a physical layer security tech-
tion and authenticated key agreement for 5G-enabled IoT. nique for safeguarding the transmission of OFDM waveforms
It enables the IoT service provider to generate anonymous against eavesdropping in 5G.
delegation for subscribed users to access IoT services. The NGMN (Next Generation Mobile Networks) has
The rest of the paper is organized as follows: Section II pointed new attacks and security issues which may arise with
discusses different existing methods for security. In Section 5G system [21]. The NGMN allinace proposed 5G security
978-1-5386-6026-3/18/$31©2018 IEEE 622
5th IEEE International Conference on Parallel, Distributed and Grid Computing(PDGC-2018), 20-22 Dec, 2018, Solan, India
IoT
Servers
M-2-M
Communication
SLICE 1 5G CONTROL
PLANE
NETWORK
M-2-M
communication Attacker
AUSF NRF AUSF UDM PCF AF
Vehicular
Services
ACCESS
SLICE 2 NETWORK
Vehicular
Communication
AMF SMF
SLICE 3
Mobile
Services
Mobile
Communication
after that, AMF generates a random number for communicat- (rn, Skey) =L Dki (e1)
ing with the corresponding User Equipment U Eid. AMF also rn2 = Skey Ki
calculates the key Skey by bit-wise X-ORing the temporary e2 = Eki (rn, Skey)
key rn2 and secret key Ki . The AMF encrypts the generated h2 = H(Skey k e2 k rn)
key Skey with the UEid’s random number rn. Then, AMF if( e1 == e2 and h1 == h2 )
calculates a message digest for integrity using one way hash { Authenticated AMF }
function H() and generates the end message h1. AMF sends else { Terminate the protocol
the secret message e1 with message digest h1. The steps are and communication }
0
0
Step 4: AMF receives the h2 from User Equipment U Eid,
then checks equality of it with H(h1 k Skey k e1 k rn). If it
is true, then User Equipment U Eid is authenticated by AMF
and it sends the h3; Otherwise, then exits. The sequence of
Ki ← retrievekey(U Eid) steps are as follows:
RandomN o L : rn2 h3 = H(h1 k Skey k e1 k
Skey = rn2 Ki rn)
0
e1 = Eki (rn, Skey) if(h3 == h2 ) authenticated
h1 = H(Skey k e1 k rn) User Equipment U Eid
2) U Eid ← AM F : {e1, h1} 4) U E ← AM F : {h3}
AMF and decrypts the encrypted message e1 with D(). The wise X-ORing h4 and h2 and transmits it along with e3. The
User Equipment then finds rn2 by X-ORing Skey and ki . sequence of steps are as follows:
It then generates its own version of secret message and its e3 = Eki (ServiceRequest)
corresponding hash values as e2 and h2, respectively. The User h4 = H(e3)
L 0
Equipment, U Eid then compares its created versions e2 with A = h4 h2
0 0
e1 and h2 with h1. If it finds that both e2 = e1 and h2 = h1 5) U Eid → AM F : {e3, A}
true, then it authenticates the AMF, otherwise it terminates the
protocol. The steps are given as follows:
978-1-5386-6026-3/18/$31©2018 IEEE 624
5th IEEE International Conference on Parallel, Distributed and Grid Computing(PDGC-2018), 20-22 Dec, 2018, Solan, India
RandomNo: rn
EquipmentID: UEid UE AMF: { AUid, rn }
Step 1