在 LTE/5G 移动网络中保护未经验证的信息:基于身份的两级分层签名(HIBS)解决方案

IF 4.4 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
{"title":"在 LTE/5G 移动网络中保护未经验证的信息:基于身份的两级分层签名(HIBS)解决方案","authors":"","doi":"10.1016/j.comnet.2024.110814","DOIUrl":null,"url":null,"abstract":"<div><div>As an essential public infrastructure, the security and reliability of mobile networks have a profound impact on people’s production and life. Although the security of LTE/5G networks has been improved a lot with the evolution of standards, there are still some unprotected messages being transmitted between the cellular network and device due to the symmetric key-based security architecture and the trade-off between security and other criteria like network availability. By exploiting these messages, various security attacks have been proposed and demonstrated against commercial mobile networks and devices in existing literature, such as user location tracking, bidding-down, and DoS attacks. To address this security issue, in this paper, we aim to protect these unauthenticated messages in mobile networks using digital signatures. Based on the idea of Hierarchical Identity-Based Signature (HIBS) in existing work, we analyse and design a two-level HIBS solution in detail in terms of different aspects such as keys generation and provisioning procedures, replay mitigation, and cell selection. Unlike previous work, our proposed solution also supports the protection of individual vulnerable RRC and NAS layer signalling in addition to authenticating the base station. We evaluated the efficiency and feasibility of several existing HIBS schemes and implemented the most efficient one in the 5G standalone network setup using open-source software. The implementation results further proved the feasibility of the solution in practice.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Protecting unauthenticated messages in LTE/5G mobile networks: A two-level Hierarchical Identity-Based Signature (HIBS) solution\",\"authors\":\"\",\"doi\":\"10.1016/j.comnet.2024.110814\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As an essential public infrastructure, the security and reliability of mobile networks have a profound impact on people’s production and life. Although the security of LTE/5G networks has been improved a lot with the evolution of standards, there are still some unprotected messages being transmitted between the cellular network and device due to the symmetric key-based security architecture and the trade-off between security and other criteria like network availability. By exploiting these messages, various security attacks have been proposed and demonstrated against commercial mobile networks and devices in existing literature, such as user location tracking, bidding-down, and DoS attacks. To address this security issue, in this paper, we aim to protect these unauthenticated messages in mobile networks using digital signatures. Based on the idea of Hierarchical Identity-Based Signature (HIBS) in existing work, we analyse and design a two-level HIBS solution in detail in terms of different aspects such as keys generation and provisioning procedures, replay mitigation, and cell selection. Unlike previous work, our proposed solution also supports the protection of individual vulnerable RRC and NAS layer signalling in addition to authenticating the base station. We evaluated the efficiency and feasibility of several existing HIBS schemes and implemented the most efficient one in the 5G standalone network setup using open-source software. The implementation results further proved the feasibility of the solution in practice.</div></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128624006467\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624006467","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

作为重要的公共基础设施,移动网络的安全性和可靠性对人们的生产和生活有着深远的影响。虽然随着标准的发展,LTE/5G 网络的安全性已经有了很大的提高,但由于基于对称密钥的安全架构,以及安全性与网络可用性等其他标准之间的权衡,蜂窝网络和设备之间仍在传输一些未受保护的信息。通过利用这些信息,现有文献中提出并演示了针对商业移动网络和设备的各种安全攻击,如用户位置跟踪、降价和 DoS 攻击。为解决这一安全问题,本文旨在利用数字签名保护移动网络中的这些未经验证的信息。基于现有工作中基于身份的分层签名(HIBS)理念,我们从密钥生成和供应程序、重放缓解和小区选择等不同方面详细分析和设计了一个两层 HIBS 解决方案。与之前的工作不同,我们提出的解决方案除了验证基站外,还支持保护个别易受攻击的 RRC 和 NAS 层信令。我们评估了现有几种 HIBS 方案的效率和可行性,并使用开源软件在 5G 独立网络设置中实施了最有效的方案。实施结果进一步证明了该方案在实践中的可行性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Protecting unauthenticated messages in LTE/5G mobile networks: A two-level Hierarchical Identity-Based Signature (HIBS) solution
As an essential public infrastructure, the security and reliability of mobile networks have a profound impact on people’s production and life. Although the security of LTE/5G networks has been improved a lot with the evolution of standards, there are still some unprotected messages being transmitted between the cellular network and device due to the symmetric key-based security architecture and the trade-off between security and other criteria like network availability. By exploiting these messages, various security attacks have been proposed and demonstrated against commercial mobile networks and devices in existing literature, such as user location tracking, bidding-down, and DoS attacks. To address this security issue, in this paper, we aim to protect these unauthenticated messages in mobile networks using digital signatures. Based on the idea of Hierarchical Identity-Based Signature (HIBS) in existing work, we analyse and design a two-level HIBS solution in detail in terms of different aspects such as keys generation and provisioning procedures, replay mitigation, and cell selection. Unlike previous work, our proposed solution also supports the protection of individual vulnerable RRC and NAS layer signalling in addition to authenticating the base station. We evaluated the efficiency and feasibility of several existing HIBS schemes and implemented the most efficient one in the 5G standalone network setup using open-source software. The implementation results further proved the feasibility of the solution in practice.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computer Networks
Computer Networks 工程技术-电信学
CiteScore
10.80
自引率
3.60%
发文量
434
审稿时长
8.6 months
期刊介绍: Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信