Emily's Essence Lila Fox
https://ebookmass.com/product/emilys-essence-lila-fox/
ebookmass.com
HIghland Thief Alyson Mclayne
https://ebookmass.com/product/highland-thief-alyson-mclayne/
ebookmass.com
Information Visualization: Perception for Design (Interactive Technologies) – Ebook PDF Version
https://ebookmass.com/product/information-visualization-perceptionfor-design-interactive-technologies-ebook-pdf-version/
ebookmass.com
Trigonometry for JEE (Advanced), 3rd edition SOULTIONS G. Tewani
https://ebookmass.com/product/trigonometry-for-jee-advanced-3rdedition-soultions-g-tewani/
ebookmass.com
(eTextbook PDF) for Organizational Communication by Michael W. Kramer
https://ebookmass.com/product/etextbook-pdf-for-organizationalcommunication-by-michael-w-kramer/
ebookmass.com
Structured Clinical Management (SCM) for Personality Disorder: An Implementation Guide Stuart Mitchell (Editor)
https://ebookmass.com/product/structured-clinical-management-scm-forpersonality-disorder-an-implementation-guide-stuart-mitchell-editor/
ebookmass.com
5GWirelessNetworkSecurityandPrivacy
Dongfeng(Phoenix)Fang
CaliforniaPolytechnicStateUniversity,SanLuisObispo SanLuisObispo
YiQian UniversityofNebraska–Lincoln Lincoln
RoseQingyangHu UtahStateUniversity Logan
Thiseditionfirstpublished2024 ©2024JohnWiley&SonsLtd
Allrightsreserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,or transmitted,inanyformorbyanymeans,electronic,mechanical,photocopying,recordingorotherwise, exceptaspermittedbylaw.Adviceonhowtoobtainpermissiontoreusematerialfromthistitleisavailable athttp://www.wiley.com/go/permissions.
TherightofDongfeng(Phoenix)Fang,YiQian,andRoseQingyangHutobeidentifiedastheauthorsof thisworkhasbeenassertedinaccordancewithlaw.
RegisteredOffices
JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,USA
JohnWiley&SonsLtd,TheAtrium,SouthernGate,Chichester,WestSussex,PO198SQ,UK
Fordetailsofourglobaleditorialoffices,customerservices,andmoreinformationaboutWileyproducts visitusatwww.wiley.com.
Wileyalsopublishesitsbooksinavarietyofelectronicformatsandbyprint-on-demand.Somecontentthat appearsinstandardprintversionsofthisbookmaynotbeavailableinotherformats.
Trademarks:WileyandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc. and/oritsaffiliatesintheUnitedStatesandothercountriesandmaynotbeusedwithoutwritten permission.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnot associatedwithanyproductorvendormentionedinthisbook.
LimitofLiability/DisclaimerofWarranty
Whilethepublisherandauthorshaveusedtheirbesteffortsinpreparingthiswork,theymakeno representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkand specificallydisclaimallwarranties,includingwithoutlimitationanyimpliedwarrantiesofmerchantability orfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentatives,written salesmaterialsorpromotionalstatementsforthiswork.Thisworkissoldwiththeunderstandingthatthe publisherisnotengagedinrenderingprofessionalservices.Theadviceandstrategiescontainedhereinmay notbesuitableforyoursituation.Youshouldconsultwithaspecialistwhereappropriate.Thefactthatan organization,website,orproductisreferredtointhisworkasacitationand/orpotentialsourceoffurther informationdoesnotmeanthatthepublisherandauthorsendorsetheinformationorservicesthe organization,website,orproductmayprovideorrecommendationsitmaymake.Further,readersshould beawarethatwebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwas writtenandwhenitisread.Neitherthepublishernorauthorsshallbeliableforanylossofprofitorany othercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orother damages.
LibraryofCongressCataloging-in-PublicationDataappliedfor: HardbackISBN:9781119784296
CoverDesign:Wiley
CoverImage:©ImmersionImagery/Shutterstock Setin9.5/12.5ptSTIXTwoTextbyStraive,Chennai,India
Contents
AbouttheAuthors ix
Preface xi
Acknowledgments xiii
Introduction xv
1Introductionto5GWirelessSystems 1
1.1MotivationsandObjectivesof5GWirelessNetworks 1
1.2SecurityDrivesandRequirements 2
1.35GWirelessNetworkArchitecture 4
1.3.1Overviewofthe5GWirelessNetworkArchitecture 4
1.3.2ComparisonBetweentheLegacyCellularNetworkandthe5GWireless Network 5
1.4Conclusion 6
2SecurityfromLegacyWirelessSystemsto5GNetworks 7
2.1NetworkSecurityforLegacySystems 7
2.2SecurityAttacksandSecurityServicesin5GWirelessNetworks 9
2.2.1SecurityAttacks 9
2.2.2SecurityServices 11
2.2.2.1Authentication 12
2.2.2.2Confidentiality 12
2.2.2.3Availability 13
2.2.2.4Integrity 14
2.3TheEvolutionofWirelessSecurityArchitecturesfrom3Gto5G 14
2.3.13GSecurityArchitecture 14
2.3.24GSecurityArchitecture 15
2.3.35GWirelessSecurityArchitecture 16
2.3.3.1OverviewoftheProposed5GWirelessSecurityArchitecture 16
2.3.3.2SecurityDomains 17
2.4Summary 18
3SecurityServicesandMechanismsin5GWirelessSystems 19
3.1CryptographicApproachesandPhysicalLayerSecurity 19
3.2Authentication 22
3.3Availability 27
3.4DataConfidentiality 29
3.5KeyManagement 33
3.6Privacy 35
3.7Conclusion 36
4AnEfficientSecuritySolutionBasedonPhysicalLayerSecurityin5G WirelessNetworks 37
4.1Enhancing5GSecurityThroughArtificialNoiseandInterference Utilization 37
4.2AHetNetSystemModelandSecurityAnalysis 38
4.2.1SystemModelandThreatModel 38
4.2.2SecurityAnalysis 40
4.3ProblemFormulationandAnalysis 42
4.3.1MaximumSecrecyRate 43
4.3.2TheProposedAlgorithm 43
4.4NumericalandSimulationResults 46
4.5Conclusion 49
5FlexibleandEfficientSecuritySchemesforIoTApplicationsin5G WirelessSystems 51
5.1IoTApplicationModelsandCurrentSecurityChallenges 51
5.2AGeneralSystemModelforIoTApplicationsOver5G 52
5.2.1SystemArchitecture 52
5.2.2TrustModels 54
5.2.3ThreatModelsandDesignObjectives 55
5.3The5GAuthenticationandSecureDataTransmissionScheme 56
5.3.1Overviewofthe5GAuthenticationandSecureDataTransmissionScheme 56
5.3.2TheDetailedScheme 57
5.3.2.1Phase1–SystemInitialization 57
5.3.2.2Phase2–AuthenticationandInitialSessionKeyAgreement 58
5.3.2.3Phase3–DataTransmission 58
5.3.2.4Phase4–DataReceiving 59
5.3.2.5Phase5–T2IoTDevicesAuthenticationandInitialSessionKeyAgreement 59
5.4SecurityAnalysis 60
5.4.1ProtocolVerification 61
5.4.2SecurityObjectives 61
5.4.2.1MutualAuthentication 61
5.4.2.2InitialSessionKeyAgreement 62
5.4.2.3DataConfidentialityandIntegrity 62
5.4.2.4ContextualPrivacy 62
5.4.2.5ForwardSecurity 62
5.4.2.6End-to-EndSecurity 63
5.4.2.7KeyEscrowResilience 63
5.5PerformanceEvaluation 63
5.5.1SecurityServices 63
5.5.2ComputationalOverhead 63
5.5.3CommunicationOverhead 66
5.6Conclusion 67
6SecureandEfficientMobilityManagementin5GWireless Networks 71
6.1HandoverIssuesandRequirementsOver5GWirelessNetworks 71
6.2A5GCNModelandHetNetSystemModel 72
6.35GHandoverScenariosandProcedures 75
6.3.1HandoverScenarios 75
6.3.2HandoverProcedures 76
6.4ANewAuthenticationProtocolfor5GNetworks 79
6.4.1Assumptions 80
6.4.2Pre-Authentication 80
6.4.3FullAuthentication 81
6.4.4FastAuthentication 83
6.4.4.1HandoverBetweenAPs 83
6.4.4.2HandoverBetweenBSs 84
6.5SecurityAnalysisoftheNew5GAuthenticationProtocols 84
6.6PerformanceEvaluations 85
6.6.1CommunicationOverhead 86
6.6.2ComputationOverhead 86
6.7Conclusion 87
7OpenIssuesandFutureResearchDirectionsforSecurityandPrivacy in5GNetworks 89
7.1NewTrustModels 89
7.2NewSecurityAttackModels 90
7.3PrivacyProtection 90
7.4UnifiedSecurityManagement 91 References 93 Index 103
AbouttheAuthors
Dongfeng(Phoenix)Fang isanassistantprofessorintheDepartmentofComputer ScienceandSoftwareEngineering,andDepartmentofComputerEngineeringatCalifornia PolytechnicStateUniversity,SanLuisObispo(CalPoly).Herresearchinterestsinclude networksecurity,wirelesssecurity,securityandprivacyofInternet-of-Things,andsecurity andprivacyinmachinelearning.
YiQian,PhD,isanIEEEFellowandisaProfessorintheDepartmentofElectricaland ComputerEngineeringattheUniversityofNebraska-Lincoln,USA.
RoseQingyangHu isaprofessorintheDepartmentofElectricalandComputerEngineeringandAssociateDeanforResearchofCollegeofEngineeringatUtahStateUniversity inLogan,USA.Herresearchinterestsincludenext-generationwirelesscommunications, wirelessnetworkdesignandoptimization.
Preface
5Gwirelesssystemisnotonlyanevolutionofthelegacy4Gnetworks,butalsoasystem withmanynewservicecapabilities,relatedtoourdailylife.Tosupportthesenewservice capabilities,5Gwirelesssystemsintegratemanynewtechnologies,whichcanpotentially bringnewsecurityvulnerabilities.Moreover,strictperformancerequirementsforcertain applicationscannotbesatisfiedwiththecurrentsecuritysolutions.Forinstance,vehicular communicationsover5GrequireextremelylowlatencyandIoTapplicationsdemandlow overhead.
Thenewdevelopmentsinnetworkarchitectureandalgorithmsbringthechallengesto theresearcherstofacenewsecurityvulnerabilitiesandhighperformancerequirementsof securitysolutions.Thisbookintendstosurveythecurrentchallengesinthefieldofsecurityandprivacyover5Gwirelesssystems,andtopresentflexibleandefficientsolutions forsecurityandprivacyover5Gwirelesssystems.Specifically,thebookfocusesonsecurity andprivacyimprovementsover5Gwirelesssystemsbasedonsecuritynetworkarchitecture,cryptographicsolutions,andphysicallayersecuritysolutionsforbetterflexibilityand efficiency.Therearesevenchaptersinthisbook.
Chapter1providesanintroductionto5Gwirelesssystems.Thechapterfirstintroduces themotivationsandobjectivesof5Gwirelessnetworks.Basedonthefeaturesof5Gwirelessnetworks,5Gsecuritydrivesandrequirementsarediscussed.Anoverviewofthe5G wirelessnetworkarchitectureispresented,andacomparisonbetweenthelegacycellular networkandthe5Gwirelessnetworkisdiscussedtobetterunderstandthesystems.
Chapter2discussescellularnetworksecurityfrom1Gto5G.Aoverviewofsecuritydevelopmentfrom1Gto4Gispresented.Securityattacksandsecurityservicesin5Gwireless networksarediscussed.Securityarchitecturesfrom3Gto5Gareillustrated.
Chapter3presentsthesecurityservicesandcurrentsolutionsforsecurityandprivacy over5Gsystems.Thefundamentalapproachesforprovidingsecurityin5Gwirelesssystems arefirstreviewed.Securitysolutionsareintroducedbasedonauthentication,availability, dataconfidentiality,keymanagement,andprivacy.
Chapter4discussesinterferencemanagementandsecurityinheterogeneousnetworks (HetNet)over5Gwirelesssystems.Currentstudiesandbackgroundofinterference managementandsecurityissuesonconfidentialityarefirstintroduced.AgeneralHetNet systemmodelandcorrespondingthreatmodelareproposed.Asecuritysolutionis proposedtoutilizetheexistinginterferencetoimproveconfidentialityinthe5Gnetwork.
xii Preface
Thischapterpresentsthedetailsoftheproposedmethod.Anexperimentalstudyand evaluationarethendemonstrated.
Chapter5dealswithimprovingflexibilityandefficiencyofsecurityschemesforheterogeneousIoTnetworksover5Gsystems.AfewsecurityandprivacyschemesforIoTapplicationsarefirstdiscussed.AgeneralIoTsystemarchitecture,trustmodels,threatmodels,and designobjectivesarepresented.Anauthenticationandsecuredatatransmissionschemeis proposed.Securityanalysisispresentedtoverifytheproposedscheme.Thischapteralso presentsanexperimentalstudyandevaluation.
Chapter6explorestheefficiencyofsecuremobilitymanagementover5Gnetworks basedonsoftware-definednetworking(SDN).AHetNetsystemmodelisproposedover aSDN-based5Gnetwork.Thehandoverscenariosandproceduresarediscussed.The proposedauthenticationprotocolsarepresentedwithsecurityanalysisandperformance analysisandevaluations.
Chapter7discussestheopenissuesandpossiblefutureresearchdirectionsover5G wirelessnetworks.
Wehopethatourreaderswillenjoythisbook.
California August2022
Dongfeng(Phoenix)Fang
CaliforniaPolytechnicStateUniversity,SanLuisObispo
YiQian
UniversityofNebraska-Lincoln
RoseQingyangHu
UtahStateUniversity
Acknowledgments
First,wewouldliketothankourfamiliesfortheirloveandsupport.
WewouldliketothankourcolleaguesandstudentsatCaliforniaPolytechnicState University,SanLuisObispo,UniversityofNebraska-Lincoln,andUtahStateUniversity fortheirsupportandenthusiasminthisbookprojectandtopic.
WeexpressourthankstothestaffatWileyfortheirsupportandtothebookreviewers fortheirgreatfeedback.WewouldliketothankSandraGrayson,JulietBooker,andBecky Cowanfortheirpatienceinhandlingpublicationissues.
ThisbookprojectwaspartiallysupportedbytheU.S.NationalScienceFoundationunder grantsCNS-2007995,CNS-2008145,CCCS-2139508,andCCCS-2139520.
Introduction
Theadvancedfeaturesoffifth-generation(5G)wirelessnetworksystemsyieldnew securityandprivacyrequirementsandchallenges.Thisbookaddressesthemotivationfor securityandprivacyof5Gwirelessnetworksystems,anoverviewof5Gwirelessnetwork systemssecurityandprivacyintermsofsecurityattacksandsolutions,andanewsecurity architecturefor5Gsystems.Theaimof5Gwirelessnetworksecurityistoensurethe provisionofrobustsecurityservicesto5Gwirelesssystems,withoutcompromisingthe high-performancecapabilitiesthatcharacterize5Gtechnology.Duetotheinadequacy of4Gsecurityarchitecturesfor5Gsystems,novelsecurityarchitecturesarerequiredto ensuretheeffectivenessandadaptabilityofsecurityin5Gwirelessnetworks.Thetopicsto beaddressedinthisbookinclude:
● Introductionandbackgroundof5Gwirelessnetworks,
● Attacksandsecurityservicesin5Gwirelessnetworks,
● Current5Gwirelesssecuritysolutions,
● Anew5Gwirelesssecurityarchitecture,
● Flexibleandefficientsecuritysolutions,e.g.,physicallayersecurity,authentication,and mobilitymanagement.
Introductionto5GWirelessSystems
Fifth-generationwirelessnetworks,or5G,arethefifth-generationmobilewireless telecommunicationsbeyondthecurrent4G/InternationalMobileTelecommunications (IMT)-AdvancedSystems[Panwaretal.,2016].5Gwirelessnetworkisnotonlyan evolutionofthelegacy4Gcellularnetworksbutalsoanewcommunicationsystemthat cansupportmanynewservicecapabilities[Fangetal.,2017a].Inthischapter,wewill introduceageneralbackgroundof5Gwirelessnetworksand5Gsecurity,including motivationsandobjectives,securitydrivesandrequirements,andageneral5Gwireless networkarchitecture.
1.1MotivationsandObjectivesof5GWirelessNetworks
Theresearchanddevelopmentof5Gtechnologyisfocusedonachievingadvancedfeatures suchasenhancedcapacitytosupportagreaternumberofusersatfasterspeedsthan4G, increaseddensityofmobilebroadbanduserstoimprovecoverage[Xuetal.,2021],andsupportingdevice-to-device(D2D)communicationsandmassivemachine-typecommunications[NGMNAlliance,2015].5Gplanningalsoaimstoprovidebetternetworkperformance atlowerlatencyandlowerenergyconsumptiontobettersupporttheimplementationofthe InternetofThings(IoT)[Andrewsetal.,2014].Morespecifically,thereareeightadvanced featuresof5Gwirelesssystemsasfollows[WarrenandDewar,2014]:
● Datarate:1–10Gbpsconnectionstoendpointsinthefield;
● Lowlatency:1-mslatency;
● Bandwidth:1000× bandwidthperunitarea;
● Connectivity:10–100× numberofconnecteddevices;
● Availability:99.999%availability;
● Coverage:100%coverage;
● Networkenergyefficiency:90%reductionofnetworkenergyusage;
● Deviceenergyefficiency:Upto10yearsofbatterylifeforlow-powerdevices.
Toachievetheseeightadvancednetworkperformancefeatures,varioustechnologies [Agiwaletal.,2016]areappliedto5Gsystems,suchasheterogeneousnetworks(HetNet), massivemultiple-inputmultiple-output(MIMO),millimeterwave(mmWave)[Qiaoetal., 2015],D2Dcommunications[Weietal.,2016],software-definednetwork(SDN)[Dabbagh 5GWirelessNetworkSecurityandPrivacy,FirstEdition.Dongfeng(Phoenix)Fang,YiQian,andRoseQingyangHu. ©2024JohnWiley&SonsLtd.Published2024byJohnWiley&SonsLtd.
Figure1.1 Agenericarchitecturefor5Gwirelesssystems.
etal.,2015],networkfunctionsvirtualization(NFV)[Zhangetal.,2015],andnetworking slicing[NGMNAlliance,2016].Thestandardizationprocessfor5Gwirelesssystemshas beencarriedout.Figure1.1illustratesageneric5Gwirelesssystems.
5Gwirelesssystemscanprovidenotonlytraditionalvoiceanddatacommunicationsbut alsomanynewusecases[Xuetal.,2022,Wangetal.,2021b],newindustryapplications, andamultitudeofdevicesandapplicationstoconnectthesocietyatlarge[ABEricsson, 2018]asshowninFigure1.1.Different5Gusecasesarespecified,suchasvehicle-to-vehicle andvehicle-to-infrastructurecommunications[Fangetal.,2019b],industrialautomation, healthservices,smartcities,andsmarthomes[GlobalMobileSuppliersAssociation,2015]. Itisbelievedthat5Gwirelesssystemscanenhancemobilebroadbandwithcriticalservices andmassiveIoTapplications[Qualcomm,2016].Withthenewarchitecture,technologies, andusecasesin5Gwirelesssystems,itwillfacenewchallengestoprovidesecurityand privacyprotections[Huawei,2015].
1.2SecurityDrivesandRequirements
Toaccomplishtheobjectivesof5Gwirelessnetworks,severalfundamentalsecuritydrivers andrequirementsarenecessary.Figure1.2illustratesthemaindrivesfor5Gwirelesssecurityassupremebuilt-insecurity,flexiblesecuritymechanisms,andautomation.Supreme built-insecurityisneededsince,in5G,newusecases,newtechnologies,andnewnetworkingparadigmsareintroduced.Theotherusecasescanintroducespecificrequirements,suchasultra-lowlatencyinusercommunications,whichwillrequireimprovingthe
Figure1.2 Securitydrivesandrequirementsfor5Gwirelesssecurity.
performanceofthecurrentsecuritymechanisms.Newtechnologiesnotonlyyieldadvanced servicecapabilitiesbutalsoopenthedoortovulnerabilitiesandthusimposenewsecurity requirementsin5G[Liyanageetal.,2016].InHetNet,differentaccesstechnologiesmay havedifferentsecurityrequirements,andamulti-networkenvironmentmayneedhighly frequentauthenticationswithstringentdelayconstraints[Wangetal.,2016b].Massive MIMOhasbeendeemedacritical5Gtechniquetoachievehigherspectralefficiencyand energyefficiency.Itisalsoconsideredavaluabletechniqueagainstpassiveeavesdropping [Dengetal.,2015].Furthermore,SDNandNFVin5Gwillsupportnewservicedelivery modelsandthusrequirenewsecurityaspects[Chenetal.,2016b,Tianetal.,2017].With theadventof5Gnetworkingparadigms,anewsecurityarchitectureisneeded.Toaddress theseissues,securitymustbeconsideredanintegralpartoftheoverallarchitectureand shouldinitiallybeintegratedintothesystemdesign.
Tosupportvarioususecases,newtechnologies,newnetworkingparadigms,newthreats, newtrustmodelsinanoptimalway,andflexiblesecuritymechanismsareneededwith changingecosystemandgrowingneedfordependability.Basedonthecurrentresearchon 5Gwirelessnetworks,securityserviceson5Gwirelessnetworkshavemorespecificrequirementsduetotheadvancedfeaturesthat5Gwirelessnetworkshave,suchaslowlatency, andhighenergyefficiency.Withvariousapplicationson5Gwirelessnetworksandtheir networkperformances,flexiblesecuritymechanismsaredesiredwithbetterefficiencyperformance[Xuetal.,2019].
Thetrustmodelsofthelegacycellularnetworksand5Gwirelessnetworksarepresented inFigure1.3[Huawei,2015].Notonlyfulltrustbutalsosemi-trustornottrustareconsidered.Authenticationsarerequirednotonlybetweensubscribersandthetwooperators(the homeandservingnetworks)butalsoamongservicepartiesin5Gwirelessnetworks.Moreover,fortheusecaseofverticalindustries,thesecuritydemandsvarysignificantlyamong differentapplications.Forinstance,mobiledevicesrequirelightweightsecuritymechanismsastheirpowerresourceconstraint,whilehigh-speedservicesrequireefficientsecurityserviceswithlowlatency.Therefore,thegeneralflexibilityfor5Gsecuritymechanisms isanothercriticalrequirement[SchneiderandHorn,2015].Authenticationmanagementin 5Gismorecomplexduetovarioustypesofandamassivenumberofdevicesconnected.For differentapplications,differentauthenticationmodelscanbeimplemented.InFigure1.3, userauthenticationcanbedonebythenetworkprovider,serviceprovider,orboth.
Figure1.3 Trustmodelof4Gand5Gwirelessnetworks.
Besidesthesupremebuilt-insecurityandflexibilitysecuritymechanisms,security automationisalsoakeyelement.Itcombinesautomatedholisticsecuritymanagement withautomatedandintelligentsecuritycontrols[NOKIA,2017].Sincemorepersonal informationisusedinvariousapplications,suchassurveillanceappliedover5Gwireless networks,privacyconcernsescalate.Moreover,variousservicesin5Gcanbetiedcloser thanbefore.Forexample,thefixedtelephoneline,internetaccess,andTVservicecan beterminatedsimultaneouslyduetotheoutageofamajornetwork[Huawei,2015]. Therefore,securityautomationisneededtomakethe5Gsystemrobustagainstvarious securityattacks.
1.35GWirelessNetworkArchitecture
1.3.1Overviewofthe5GWirelessNetworkArchitecture
The5Gwirelessnetworkarchitectureisintroducedhere.AsshowninFigure1.4,theillustratedgeneral5Gwirelessnetworkarchitectureincludesauserinterface,acloud-based heterogeneousradioaccessnetwork,anext-generationcore,distributededgecloud,and acentralcloud.Thecloud-basedheterogeneousradioaccessnetworkcancombinevirtualization,centralization,andcoordinationtechniquesforefficientandflexibleresource allocation.Basedondifferentusecases,3GPPclassifiesmorethan70differentusecases intofourdifferentgroupssuchasmassiveIoT,criticalcommunications,networkoperation,andenhancedmobilebroadband.Inthecloud-basedheterogeneousaccessnetwork, besidesthe3GPPaccessandnon-3GPPaccess,othernewradiotechnologieswillbeadded formoreefficientspectrumutilization.Inthefirststageof5G,thelegacyevolvedpacket core(EPC)willstillbevalid.Networkslicingenablesdifferentparameterconfigurations forthenext-generationcoreaccordingtodifferentusecases.Newflexibleservice-oriented EPCbasedonnetworkslicing,SDN,andNFVwillbeusedinthenext-generationcoreas virtualevolvedpacketcore(VEPC)showninFigure1.4.TheVEPCiscomposedofmodularizednetworkfunctions.Basedondifferentusecases,thenetworkfunctionsappliedto eachVEPCcanbevarious.IntheVEPC,thecontrolplaneanduserplaneareseparated fortheflexibilityandscalabilityofthenext-generationcore.Edgecloudisdistributedto
improveservicequality.Thecentralcloudcanimplementglobaldatashareandcentralized control.
1.3.2ComparisonBetweentheLegacyCellularNetworkandthe5GWireless Network
Comparedwithlegacycellularnetworks,5Gwirelessnetworksintroducesomenew perspectivesandchanges.(i)Userequipmentandservicesarenotlimitedtoregular mobilephonesandregularvoiceanddataservices.Basedondifferentusecasesand requirements,userinterfacesareclassifiedintofourdifferentgroupssuchasmassiveIoT, criticalcommunications,networkoperation,andenhancedmobilebroadband.Everyuse casecanaffecttheradioaccessselectionandVEPCfunctions.(ii)Inadditionto3GPP accessandnon-3GPPaccessinthecloud-basedheterogeneousradioaccessnetwork,the 5Gaccessnetworkincludesothernewradios,whichbuildthefoundationofwireless standardsforthenext-generationmobilenetworksforhigherspectrumutilization.The newradioscansupporttheperformanceandconnectivityrequirementsofvarioususe casesin5Gwirelessnetworks.Moreover,therearemanytechnologiesappliedtotheaccess networktoimprovethenetworkperformance,suchasmassiveMIMO,HetNet,andD2D communications.(iii)Thenext-generationcorewillbebasedonthecloudusingnetwork slicing,SDN,andNFVtohandledifferentusecases.Theflexibleservice-orientedVEPC willbeapplied.Withnetworkslicing,SDN,andNFV,differentnetworkfunctionscanbe appliedtotheservice-orientedVEPCfordifferentusecases.Thenext-generationcoreis expectedtobeaccess-independent.Separationofcontrolanduserplaneisimportantto achieveanaccess-agnostic,flexible,andscalablearchitecture.(iv)Edgecloudisappliedto 5Gwirelessnetworkstoimprovetheperformanceofthenetwork,suchaslatency.
1.4Conclusion
Ageneralbackgroundof5Gwirelessnetworksisintroducedinthischapter.Themotivationsandobjectivesof5Gwirelessnetworksarepresented.Withtheexpectedimprovementsin5Gperformance,securitydrives,andrequirementsarediscussed.Ageneral5G wirelessnetworkarchitectureisillustratedinthischapter.Moreover,acomparisonofa 5Gwirelessnetworkarchitectureandlegacycellularnetworkarchitectureisanalyzed.Itis clearthatthe5Gwirelessnetworkintroducessignificantflexibilitytosupportnewusecases andcorrespondingdifferentservicerequirements.Newsecurityarchitectureandmechanismsareneededin5Gnetworks.
Thischapterprovidesanintroductiontotheevolutionofwirelessnetworksecurity,coveringthesecurityarchitectureandsecurityservicesofthesecondgeneration(2G)tothefifth generation(5G)ofwirelessnetworks.
2.1NetworkSecurityforLegacySystems
Basedonthetechnologiesandnetworkperformances,vulnerabilitiesandsecurityimplementationfrom2Gto4Garedifferent.
Securityservicesin2Gsystemsuchasglobalsystemformobilecommunications(GSM) includeuserauthentication,communicationencryption,useranonymity,anddetectionof stolen/compromisedequipment.
● Userauthentication:Theuserauthenticationisachallenge-responseschemebetweena userandthecellularnetwork(suchasvisitornetworkandhomenetwork).Toachieve userauthenticationrequiresarandomnumber(RAND)andakey,whichispre-storedin theSIMcardintheusermobiledevice.TheSIMcardalsostoresalgorithmsforachieving theuserauthentication.Theuserauthenticationisaone-wayauthentication,wherethe userisauthenticatedbythecellularnetworkbutthecellularnetworkcannotbeauthenticatedbytheuser.Whilethissecurityservicecaneffectivelypreventusersfrommisusing thenetworkservices,itcannotprovideprotectionagainstroguebasestations.
● Communicationencryption:Afteruserauthentication,asessionkeyisgeneratedto encrypttheuserdatabetweentheuserandthenetworkontheradiolink.Astream cipherisusedin2GGSMsystem.
● Anonymity:Anonymityisappliedtoprovideprivacyofinternationalmobilesubscriber identity(IMSI)ofeachuser,sinceIMSInotandisalsoassociatedwithuser’sidentity. Toachieveanonymity,insteadofusingIMSIallthetime,atemporarymobilesubscriber identity(TMSI)isusedandupdatedbetweentheuserandthenetworkbasedondifferent cases.
● Detectionofstolen/compromisedequipment:Eachmobiledevicehasaninternational mobileequipmentidentity,whichcanbeusedtoachievedetectionofstolenorcompromisedmobiledevice.
5GWirelessNetworkSecurityandPrivacy,FirstEdition.Dongfeng(Phoenix)Fang,YiQian,andRoseQingyangHu. ©2024JohnWiley&SonsLtd.Published2024byJohnWiley&SonsLtd.
While2Gtechnologyhasestablishedafoundationforsecurityincellularnetworks,it representsonlythebeginningofacontinuousefforttoenhanceandstrengthenthesecuritymeasuresinmobilecommunications.2Gnetworksarevulnerabletoattackstargeting securityalgorithms,signalingnetworks(throughexploitationofunencryptedmessages), securityprotocols(suchasroguebasestationattacks),anddenial-of-serviceattacks(includingjamming).Furthermore,2Gdoesnotprovidedataintegrity.
3Gsuchasuniversalmobiletelecommunicationsystem(UMTS)marksthebeginning ofamorecomprehensiveimplementationofsecuritymeasuresincellularnetworks.A securityarchitectureisdefinedby3GPPincludingfivegroupsofsecurityfeaturesinthe UMTS.Fromasecurityperspective,3Gnetworksintroducesignificantimprovementssuch asmutualauthentication,two-wayauthentication,andkeyagreementprotocols.Inadditiontothesemeasures,3Galsooffersenhanceddataintegritycomparedto2G.Theintroductionofstrongercryptographicalgorithmsfurtherbolstersthesecuritystrengthof3G networks.
● AKA:Theauthenticationandkeyagreement(AKA)mechanisminvolvesthreeentities asaUserServicesIdentityModule(USIM),theservingnetwork,andthehomenetwork.Alongtermkeyispre-sharedbetweentheUSIMandthenetwork.Basedona challenge–responsemechanism,thenetworkcanauthenticatetheUSIM,andtheUSIM canauthenticatethehomenetwork.Aftertheauthentication,twokeyswillbegenerated toachievedataconfidentialityanddataintegrityintheUSIMandthenetwork.
● Communicationencryption:Confidentialityisprovidedinthe3Gfordatatransmission overradiolinksbetweenusersandthebasestationsbyencryptingthedatawithacipher key,whichisgeneratedafterauthentication.Astreamcipherisusedwiththecipherkey, whichis128-bitlong.Therearealsootherinputswhichwillmakesurethatevenforthe samecipherkey,thestreamciphercangeneratedifferentkeystream.
● Dataintegrity:Besidesconfidentiality,dataintegrityisprovidedinthe3Gfordata transmissionoverradiolinksbetweenusersandthebasestationsbasedonamessage authenticationcode(MAC)withtheintegritykeyof128-bitlong,whichisgenerated afterauthentication.
● Useridentityconfidentiality:Asin2G,preservinguseridentityconfidentialityisacritical considerationin3Gnetworks.Toachievethis,3Gnetworksimplementtemporaryidentities,suchasTMSIinthecircuit-switcheddomainandP-TMSIinthepacket-switched domain.ThesetemporaryidentitiesareusedtolimitthefrequencyofIMSItransmission andenhanceuserprivacy.
● Detectionofstolen/compromisedequipment:Sameas2G.
● User-to-USIMauthentication:Apersonalidentificationnumber(PIN)isusedtoachieve user-to-USIMauthentication.ThisPINisonlyknownbytheuserandtheUSIM.
3Gnetworksbuilduponthesecuritymechanismsof2G,whileintroducingmodifications toenhanceoverallsecurity.Although3Gexpandsnetworkservicesandimprovesnetwork performance,italsointroducesnewvulnerabilities,suchasprivacyconcernsstemming fromtheintroductionoflocation-basedservices.Insummary,3Grepresentsasignificant improvementinsecuritycomparedto2G.
4Glong-termevolution(LTE)networksfeatureadifferentnetworkarchitecturecomparedto3G,designedtofurtherimprovenetworkperformance.Thisincludestheuseof
