یک احراز هویت مقیاس پذیر جدید و دسترسی به مکانیسم کنترل
ترجمه نشده

یک احراز هویت مقیاس پذیر جدید و دسترسی به مکانیسم کنترل

عنوان فارسی مقاله: یک احراز هویت مقیاس پذیر جدید و دسترسی به مکانیسم کنترل برای ۵G مبتنی بر اینترنت اشیا
عنوان انگلیسی مقاله: A new scalable authentication and access control mechanism for 5G-based IoT
مجله/کنفرانس: سیستم های کامپیوتری نسل آینده – Future Generation Computer Systems
رشته های تحصیلی مرتبط: مهندسی فناوری اطلاعات و ارتباطات، مهندسی فناوری اطلاعات، مهندسی کامپیوتر
گرایش های تحصیلی مرتبط: دیتا و امنیت شبکه، اینترنت و شبکه های گسترده، هوش مصنوعی
کلمات کلیدی فارسی: ACC، اینترنت اشیا، بار سیگنال دهی، OAI
کلمات کلیدی انگلیسی: AAC, IoT, 5G, Signaling load, OAI
نوع نگارش مقاله: مقاله پژوهشی (Research Article)
شناسه دیجیتال (DOI): https://doi.org/10.1016/j.future.2020.02.014
دانشگاه: Orange Labs, Caen, France
صفحات مقاله انگلیسی: 37
ناشر: الزویر - Elsevier
نوع ارائه مقاله: ژورنال
نوع مقاله: ISI
سال انتشار مقاله: 2020
ایمپکت فاکتور: 7.007 در سال 2019
شاخص H_index: 93 در سال 2020
شاخص SJR: 0.835 در سال 2019
شناسه ISSN: 0167-739X
شاخص Quartile (چارک): Q1 در سال 2019
فرمت مقاله انگلیسی: PDF
وضعیت ترجمه: ترجمه نشده است
قیمت مقاله انگلیسی: رایگان
آیا این مقاله بیس است: خیر
آیا این مقاله مدل مفهومی دارد: ندارد
آیا این مقاله پرسشنامه دارد: ندارد
آیا این مقاله متغیر دارد: دارد
کد محصول: E14582
رفرنس: دارای رفرنس در داخل متن و انتهای مقاله
فهرست مطالب (انگلیسی)

Abstract

1- Introduction

2- Authentication and access control delegation

3- Security analysis

4- Performance analysis

5- Related works

6- Conclusion and future work

References

بخشی از مقاله (انگلیسی)

Abstract

The fifth generation of mobile networks, 5G, is expected to support a set of many requirements and use cases such as handling connectivity for a massive number of IoT (Internet of Things) devices. Authenticating IoT devices and controlling their access to the network plays a vital role in the security of these devices and of the whole cellular system. In current cellular networks, as well as in 3GPP specifications release 16 on 5G, the AAC (Authentication and Access Control) of IoT devices is done in the same manner as the AAC of MBB (Mobile Broadband) UE (User Equipment). Considering the expected growth of IoT devices, this will likely induce a very high load on the connectivity provider’s CN (Core Network) and cause network failures.

To manage the AAC of this massive number of devices, we propose an SSAAC (Slice Specific Authentication and Access Control) mechanism that makes use of the flexibility provided by virtualization technologies. This mechanism allows the authentication and access control of IoT devices to be delegated to the 3rd parties providing these devices, thereby decreasing the load of the connectivity provider’s CN, while increasing the flexibility and modularity of the whole 5G network. We evaluate the feasibility of our proposal with the OAI (Open Air Interface) open-source platform. Next, we provide a security analysis of the proposal and highlight the security requirements to use with this proposal. We also evaluate the impact of this delegation approach on the network load considering the anticipated number of AAC signaling messages compared to the existing AAC mechanisms in cellular networks. According to these evaluations, our approach is feasible and it would provide cellular networks the opportunity to overcome the security shortcomings in their AAC mechanisms. It also considerably reduces the AAC signaling load on the connectivity provider’s CN.

Introduction

Along with mobility, security is one of the most important aspects of cellular systems. AAC (Authentication and access control) plays a vital role in ensuring the expected security level. In 3G and 4G, authentication and access control of subscribers are done through AKA (authentication and key agreement) protocols. These protocols (UMTSAKA protocol in 3G and EPS-AKA in 4G) are based on the unique identities of subscribers and symmetric cryptographic algorithms [1, 2]

The system subscribers’ identities and the secret keys (that are used in symmetric cryptographic algorithms) are provisioned in secured elements (e.g., SIM cards or embedded SIM) and stored in cellular system’s database as well. Executing these AKA protocols to establish a secure connection with the cellular system is mandatory for each UE (composed of a mobile device and a secured element) to obtain its cellular connectivity [1, 2]. However, these well-established principles may prevent cellular systems from supporting the connectivity of amassive number of devices [3], in particular when considering the context of the IoT– where a high growth rate of connected devices is anticipated [4-6]. On one hand, most devices are constrained in terms of energy supply and computational capacities preventing them from running complex security protocols like EPS-AKA [7, 8, 9]. On the other hand, the tremendous number of attachment requests from these devices may induce signaling congestion by increasing the connectivity provider’s CN load [10, 11]. According to [12], the “Attach” procedure, that includes AAC, is indeed one of the most expensive procedures in terms of load on the CN. Considering this pattern, adversaries could be able to cause the denial of service attacks by generating traffic or emphasizing the natural traffic of these devices. This couldresultinauthenticationfailure andconnectivity loss of devices [13].