基于无证书签名的5G系统广播消息身份认证协议
System Broadcast Information Authentication Protocol Based on Certificateless Signature for 5G Network
孙中岫 1彭诚 1范伟1
作者信息
- 1. 中国科学院信息工程研究所,北京 100093;中国科学院大学网络空间安全学院,北京 100049
- 折叠
摘要
5G技术的普及促进了各行业生产力的发展,但5G网络的安全性问题也逐渐凸显,基站作为连接用户设备和核心网的枢纽,其安全性备受关注.由于基站通过广播发送的系统消息缺乏真实性和完整性的保护,攻击者可以通过修改系统消息,吸引用户设备在初始接入或者在小区重选时连接到伪基站,从而发起多种后续攻击.针对这一问题,文章提出了一种基于无证书签名的基站身份认证协议,为用户设备提供了一种验证基站广播系统消息合法性的方法,并从签名消息的选择、签名和验证的开销、抵御重放攻击几个方面进行了优化.仿真实验表明,该协议引入的计算开销是基站和用户设备可以接受的,与现有的基站身份认证协议相比,该协议提高了安全性,实现了更小的签名长度.
Abstract
The popularization of 5G technology has promoted the development of productivity in various industries,but the security of 5G networks has gradually become prominent,and the security of base stations,as a hub connecting user equipment and the core network,has attracted much attention.Due to the lack of authenticity and integrity protection of the system information messages sent by the base station through broadcasting,attackers can modify the system information messages to attract user devices to connect to the fake base station during initial access or cell reselection,so as to launch a variety of subsequent attacks.In order to solve this problem,this paper proposed a base station identity authentication protocol based on certificateless signature,which provided a method for user equipment to verify the legitimacy of base station broadcasting system messages,and optimized the selection of signed messages,the overhead of signing and verification,and the defense against replay attacks.Simulation results show that the computational overhead introduced by this scheme is acceptable to the base station and user equipment,and compared with the existing base station identity authentication protocols,the proposed scheme improves the security and achieves the minimum signature length.
关键词
5G空口/伪基站/身份验证/无证书公钥密码Key words
5G air interface/pseudo base stations/identity authentication/certificateless public key cryptography引用本文复制引用
出版年
2024
NETL
NSTL
万方数据