Emily's Essence Lila Fox
https://ebookmass.com/product/emilys-essence-lila-fox/
ebookmass.com
HIghland Thief Alyson Mclayne
https://ebookmass.com/product/highland-thief-alyson-mclayne/
ebookmass.com
Information Visualization: Perception for Design (Interactive Technologies) – Ebook PDF Version
https://ebookmass.com/product/information-visualization-perceptionfor-design-interactive-technologies-ebook-pdf-version/
ebookmass.com
Trigonometry for JEE (Advanced), 3rd edition SOULTIONS G. Tewani
https://ebookmass.com/product/trigonometry-for-jee-advanced-3rdedition-soultions-g-tewani/
ebookmass.com
(eTextbook PDF) for Organizational Communication by Michael W. Kramer
https://ebookmass.com/product/etextbook-pdf-for-organizationalcommunication-by-michael-w-kramer/
ebookmass.com
5GWirelessNetworkSecurityandPrivacy
Dongfeng(Phoenix)Fang
CaliforniaPolytechnicStateUniversity,SanLuisObispo SanLuisObispo
YiQian UniversityofNebraska–Lincoln Lincoln
RoseQingyangHu UtahStateUniversity Logan
Contents
AbouttheAuthors ix
Preface xi
Acknowledgments xiii
Introduction xv
1Introductionto5GWirelessSystems 1
1.1MotivationsandObjectivesof5GWirelessNetworks 1
1.2SecurityDrivesandRequirements 2
1.35GWirelessNetworkArchitecture 4
1.3.1Overviewofthe5GWirelessNetworkArchitecture 4
1.3.2ComparisonBetweentheLegacyCellularNetworkandthe5GWireless Network 5
1.4Conclusion 6
2SecurityfromLegacyWirelessSystemsto5GNetworks 7
2.1NetworkSecurityforLegacySystems 7
2.2SecurityAttacksandSecurityServicesin5GWirelessNetworks 9
2.2.1SecurityAttacks 9
2.2.2SecurityServices 11
2.2.2.1Authentication 12
2.2.2.2Confidentiality 12
2.2.2.3Availability 13
2.2.2.4Integrity 14
2.3TheEvolutionofWirelessSecurityArchitecturesfrom3Gto5G 14
2.3.13GSecurityArchitecture 14
2.3.24GSecurityArchitecture 15
2.3.35GWirelessSecurityArchitecture 16
2.3.3.1OverviewoftheProposed5GWirelessSecurityArchitecture 16
2.3.3.2SecurityDomains 17
2.4Summary 18
5.4.2.3DataConfidentialityandIntegrity 62
5.4.2.4ContextualPrivacy 62
5.4.2.5ForwardSecurity 62
5.4.2.6End-to-EndSecurity 63
5.4.2.7KeyEscrowResilience 63
5.5PerformanceEvaluation 63
5.5.1SecurityServices 63
5.5.2ComputationalOverhead 63
5.5.3CommunicationOverhead 66
5.6Conclusion 67
6SecureandEfficientMobilityManagementin5GWireless Networks 71
6.1HandoverIssuesandRequirementsOver5GWirelessNetworks 71
6.2A5GCNModelandHetNetSystemModel 72
6.35GHandoverScenariosandProcedures 75
6.3.1HandoverScenarios 75
6.3.2HandoverProcedures 76
6.4ANewAuthenticationProtocolfor5GNetworks 79
6.4.1Assumptions 80
6.4.2Pre-Authentication 80
6.4.3FullAuthentication 81
6.4.4FastAuthentication 83
6.4.4.1HandoverBetweenAPs 83
6.4.4.2HandoverBetweenBSs 84
6.5SecurityAnalysisoftheNew5GAuthenticationProtocols 84
6.6PerformanceEvaluations 85
6.6.1CommunicationOverhead 86
6.6.2ComputationOverhead 86
6.7Conclusion 87
7OpenIssuesandFutureResearchDirectionsforSecurityandPrivacy in5GNetworks 89
7.1NewTrustModels 89
7.2NewSecurityAttackModels 90
7.3PrivacyProtection 90
7.4UnifiedSecurityManagement 91 References 93 Index 103
xii Preface
Thischapterpresentsthedetailsoftheproposedmethod.Anexperimentalstudyand evaluationarethendemonstrated.
Chapter5dealswithimprovingflexibilityandefficiencyofsecurityschemesforheterogeneousIoTnetworksover5Gsystems.AfewsecurityandprivacyschemesforIoTapplicationsarefirstdiscussed.AgeneralIoTsystemarchitecture,trustmodels,threatmodels,and designobjectivesarepresented.Anauthenticationandsecuredatatransmissionschemeis proposed.Securityanalysisispresentedtoverifytheproposedscheme.Thischapteralso presentsanexperimentalstudyandevaluation.
Chapter6explorestheefficiencyofsecuremobilitymanagementover5Gnetworks basedonsoftware-definednetworking(SDN).AHetNetsystemmodelisproposedover aSDN-based5Gnetwork.Thehandoverscenariosandproceduresarediscussed.The proposedauthenticationprotocolsarepresentedwithsecurityanalysisandperformance analysisandevaluations.
Chapter7discussestheopenissuesandpossiblefutureresearchdirectionsover5G wirelessnetworks.
Wehopethatourreaderswillenjoythisbook.
California August2022
Dongfeng(Phoenix)Fang
CaliforniaPolytechnicStateUniversity,SanLuisObispo
YiQian
UniversityofNebraska-Lincoln
RoseQingyangHu
UtahStateUniversity
Acknowledgments
First,wewouldliketothankourfamiliesfortheirloveandsupport.
WewouldliketothankourcolleaguesandstudentsatCaliforniaPolytechnicState University,SanLuisObispo,UniversityofNebraska-Lincoln,andUtahStateUniversity fortheirsupportandenthusiasminthisbookprojectandtopic.
WeexpressourthankstothestaffatWileyfortheirsupportandtothebookreviewers fortheirgreatfeedback.WewouldliketothankSandraGrayson,JulietBooker,andBecky Cowanfortheirpatienceinhandlingpublicationissues.
ThisbookprojectwaspartiallysupportedbytheU.S.NationalScienceFoundationunder grantsCNS-2007995,CNS-2008145,CCCS-2139508,andCCCS-2139520.
Figure1.1 Agenericarchitecturefor5Gwirelesssystems.
etal.,2015],networkfunctionsvirtualization(NFV)[Zhangetal.,2015],andnetworking slicing[NGMNAlliance,2016].Thestandardizationprocessfor5Gwirelesssystemshas beencarriedout.Figure1.1illustratesageneric5Gwirelesssystems.
5Gwirelesssystemscanprovidenotonlytraditionalvoiceanddatacommunicationsbut alsomanynewusecases[Xuetal.,2022,Wangetal.,2021b],newindustryapplications, andamultitudeofdevicesandapplicationstoconnectthesocietyatlarge[ABEricsson, 2018]asshowninFigure1.1.Different5Gusecasesarespecified,suchasvehicle-to-vehicle andvehicle-to-infrastructurecommunications[Fangetal.,2019b],industrialautomation, healthservices,smartcities,andsmarthomes[GlobalMobileSuppliersAssociation,2015]. Itisbelievedthat5Gwirelesssystemscanenhancemobilebroadbandwithcriticalservices andmassiveIoTapplications[Qualcomm,2016].Withthenewarchitecture,technologies, andusecasesin5Gwirelesssystems,itwillfacenewchallengestoprovidesecurityand privacyprotections[Huawei,2015].
1.2SecurityDrivesandRequirements
Toaccomplishtheobjectivesof5Gwirelessnetworks,severalfundamentalsecuritydrivers andrequirementsarenecessary.Figure1.2illustratesthemaindrivesfor5Gwirelesssecurityassupremebuilt-insecurity,flexiblesecuritymechanisms,andautomation.Supreme built-insecurityisneededsince,in5G,newusecases,newtechnologies,andnewnetworkingparadigmsareintroduced.Theotherusecasescanintroducespecificrequirements,suchasultra-lowlatencyinusercommunications,whichwillrequireimprovingthe
Figure1.2 Securitydrivesandrequirementsfor5Gwirelesssecurity.
performanceofthecurrentsecuritymechanisms.Newtechnologiesnotonlyyieldadvanced servicecapabilitiesbutalsoopenthedoortovulnerabilitiesandthusimposenewsecurity requirementsin5G[Liyanageetal.,2016].InHetNet,differentaccesstechnologiesmay havedifferentsecurityrequirements,andamulti-networkenvironmentmayneedhighly frequentauthenticationswithstringentdelayconstraints[Wangetal.,2016b].Massive MIMOhasbeendeemedacritical5Gtechniquetoachievehigherspectralefficiencyand energyefficiency.Itisalsoconsideredavaluabletechniqueagainstpassiveeavesdropping [Dengetal.,2015].Furthermore,SDNandNFVin5Gwillsupportnewservicedelivery modelsandthusrequirenewsecurityaspects[Chenetal.,2016b,Tianetal.,2017].With theadventof5Gnetworkingparadigms,anewsecurityarchitectureisneeded.Toaddress theseissues,securitymustbeconsideredanintegralpartoftheoverallarchitectureand shouldinitiallybeintegratedintothesystemdesign.
Tosupportvarioususecases,newtechnologies,newnetworkingparadigms,newthreats, newtrustmodelsinanoptimalway,andflexiblesecuritymechanismsareneededwith changingecosystemandgrowingneedfordependability.Basedonthecurrentresearchon 5Gwirelessnetworks,securityserviceson5Gwirelessnetworkshavemorespecificrequirementsduetotheadvancedfeaturesthat5Gwirelessnetworkshave,suchaslowlatency, andhighenergyefficiency.Withvariousapplicationson5Gwirelessnetworksandtheir networkperformances,flexiblesecuritymechanismsaredesiredwithbetterefficiencyperformance[Xuetal.,2019].
Thetrustmodelsofthelegacycellularnetworksand5Gwirelessnetworksarepresented inFigure1.3[Huawei,2015].Notonlyfulltrustbutalsosemi-trustornottrustareconsidered.Authenticationsarerequirednotonlybetweensubscribersandthetwooperators(the homeandservingnetworks)butalsoamongservicepartiesin5Gwirelessnetworks.Moreover,fortheusecaseofverticalindustries,thesecuritydemandsvarysignificantlyamong differentapplications.Forinstance,mobiledevicesrequirelightweightsecuritymechanismsastheirpowerresourceconstraint,whilehigh-speedservicesrequireefficientsecurityserviceswithlowlatency.Therefore,thegeneralflexibilityfor5Gsecuritymechanisms isanothercriticalrequirement[SchneiderandHorn,2015].Authenticationmanagementin 5Gismorecomplexduetovarioustypesofandamassivenumberofdevicesconnected.For differentapplications,differentauthenticationmodelscanbeimplemented.InFigure1.3, userauthenticationcanbedonebythenetworkprovider,serviceprovider,orboth.
Figure1.3 Trustmodelof4Gand5Gwirelessnetworks.
Besidesthesupremebuilt-insecurityandflexibilitysecuritymechanisms,security automationisalsoakeyelement.Itcombinesautomatedholisticsecuritymanagement withautomatedandintelligentsecuritycontrols[NOKIA,2017].Sincemorepersonal informationisusedinvariousapplications,suchassurveillanceappliedover5Gwireless networks,privacyconcernsescalate.Moreover,variousservicesin5Gcanbetiedcloser thanbefore.Forexample,thefixedtelephoneline,internetaccess,andTVservicecan beterminatedsimultaneouslyduetotheoutageofamajornetwork[Huawei,2015]. Therefore,securityautomationisneededtomakethe5Gsystemrobustagainstvarious securityattacks.
1.35GWirelessNetworkArchitecture
1.3.1Overviewofthe5GWirelessNetworkArchitecture
The5Gwirelessnetworkarchitectureisintroducedhere.AsshowninFigure1.4,theillustratedgeneral5Gwirelessnetworkarchitectureincludesauserinterface,acloud-based heterogeneousradioaccessnetwork,anext-generationcore,distributededgecloud,and acentralcloud.Thecloud-basedheterogeneousradioaccessnetworkcancombinevirtualization,centralization,andcoordinationtechniquesforefficientandflexibleresource allocation.Basedondifferentusecases,3GPPclassifiesmorethan70differentusecases intofourdifferentgroupssuchasmassiveIoT,criticalcommunications,networkoperation,andenhancedmobilebroadband.Inthecloud-basedheterogeneousaccessnetwork, besidesthe3GPPaccessandnon-3GPPaccess,othernewradiotechnologieswillbeadded formoreefficientspectrumutilization.Inthefirststageof5G,thelegacyevolvedpacket core(EPC)willstillbevalid.Networkslicingenablesdifferentparameterconfigurations forthenext-generationcoreaccordingtodifferentusecases.Newflexibleservice-oriented EPCbasedonnetworkslicing,SDN,andNFVwillbeusedinthenext-generationcoreas virtualevolvedpacketcore(VEPC)showninFigure1.4.TheVEPCiscomposedofmodularizednetworkfunctions.Basedondifferentusecases,thenetworkfunctionsappliedto eachVEPCcanbevarious.IntheVEPC,thecontrolplaneanduserplaneareseparated fortheflexibilityandscalabilityofthenext-generationcore.Edgecloudisdistributedto
1.4Conclusion
Ageneralbackgroundof5Gwirelessnetworksisintroducedinthischapter.Themotivationsandobjectivesof5Gwirelessnetworksarepresented.Withtheexpectedimprovementsin5Gperformance,securitydrives,andrequirementsarediscussed.Ageneral5G wirelessnetworkarchitectureisillustratedinthischapter.Moreover,acomparisonofa 5Gwirelessnetworkarchitectureandlegacycellularnetworkarchitectureisanalyzed.Itis clearthatthe5Gwirelessnetworkintroducessignificantflexibilitytosupportnewusecases andcorrespondingdifferentservicerequirements.Newsecurityarchitectureandmechanismsareneededin5Gnetworks.
While2Gtechnologyhasestablishedafoundationforsecurityincellularnetworks,it representsonlythebeginningofacontinuousefforttoenhanceandstrengthenthesecuritymeasuresinmobilecommunications.2Gnetworksarevulnerabletoattackstargeting securityalgorithms,signalingnetworks(throughexploitationofunencryptedmessages), securityprotocols(suchasroguebasestationattacks),anddenial-of-serviceattacks(includingjamming).Furthermore,2Gdoesnotprovidedataintegrity.
3Gsuchasuniversalmobiletelecommunicationsystem(UMTS)marksthebeginning ofamorecomprehensiveimplementationofsecuritymeasuresincellularnetworks.A securityarchitectureisdefinedby3GPPincludingfivegroupsofsecurityfeaturesinthe UMTS.Fromasecurityperspective,3Gnetworksintroducesignificantimprovementssuch asmutualauthentication,two-wayauthentication,andkeyagreementprotocols.Inadditiontothesemeasures,3Galsooffersenhanceddataintegritycomparedto2G.Theintroductionofstrongercryptographicalgorithmsfurtherbolstersthesecuritystrengthof3G networks.
● AKA:Theauthenticationandkeyagreement(AKA)mechanisminvolvesthreeentities asaUserServicesIdentityModule(USIM),theservingnetwork,andthehomenetwork.Alongtermkeyispre-sharedbetweentheUSIMandthenetwork.Basedona challenge–responsemechanism,thenetworkcanauthenticatetheUSIM,andtheUSIM canauthenticatethehomenetwork.Aftertheauthentication,twokeyswillbegenerated toachievedataconfidentialityanddataintegrityintheUSIMandthenetwork.
● Communicationencryption:Confidentialityisprovidedinthe3Gfordatatransmission overradiolinksbetweenusersandthebasestationsbyencryptingthedatawithacipher key,whichisgeneratedafterauthentication.Astreamcipherisusedwiththecipherkey, whichis128-bitlong.Therearealsootherinputswhichwillmakesurethatevenforthe samecipherkey,thestreamciphercangeneratedifferentkeystream.
● Dataintegrity:Besidesconfidentiality,dataintegrityisprovidedinthe3Gfordata transmissionoverradiolinksbetweenusersandthebasestationsbasedonamessage authenticationcode(MAC)withtheintegritykeyof128-bitlong,whichisgenerated afterauthentication.
● Useridentityconfidentiality:Asin2G,preservinguseridentityconfidentialityisacritical considerationin3Gnetworks.Toachievethis,3Gnetworksimplementtemporaryidentities,suchasTMSIinthecircuit-switcheddomainandP-TMSIinthepacket-switched domain.ThesetemporaryidentitiesareusedtolimitthefrequencyofIMSItransmission andenhanceuserprivacy.
● Detectionofstolen/compromisedequipment:Sameas2G.
● User-to-USIMauthentication:Apersonalidentificationnumber(PIN)isusedtoachieve user-to-USIMauthentication.ThisPINisonlyknownbytheuserandtheUSIM.
3Gnetworksbuilduponthesecuritymechanismsof2G,whileintroducingmodifications toenhanceoverallsecurity.Although3Gexpandsnetworkservicesandimprovesnetwork performance,italsointroducesnewvulnerabilities,suchasprivacyconcernsstemming fromtheintroductionoflocation-basedservices.Insummary,3Grepresentsasignificant improvementinsecuritycomparedto2G.
4Glong-termevolution(LTE)networksfeatureadifferentnetworkarchitecturecomparedto3G,designedtofurtherimprovenetworkperformance.Thisincludestheuseof
