5G Authentication And Key Agreement

EAP-TLS[8] is set to 5G for subscriber authentication in cases where use is limited, such as private networks and IoT environments. When the UDM/ARPF EAP-TLS is selected as an authentication method, it is run between the EU and AUSF via SEAF, which acts as a transparent EAP authenticator, by delivering EAP-TLS messages between the EU and AUSF. To obtain mutual authentication, the EU and AUSF can check the certificate of the other or a preinstalled key (PSK) if it has been configured in a previous TLS-Handshaking (Transport Layer Security) or August of band. At the end of the EAP-TLS, an EMSK is derived, and the first 256 bits of the EMSK are used as CAUSSF. As in 5G-AKA and EAP-AKA`, the CSA is used to determine the KSEAF which is used to obtain other key materials (see Figure 5) needed to protect communication between the EU and the network. 5G defines new authentication services. For example, AUSF provides an authentication service above Nausf_UEAuthentication and UDM provides its authentication service above Nudm_UEAuthentication. For simplicity`s sake, generic messages such as authentication requirement and authentication response are used in Figure 4, without reference to actual authentication service names. In addition, an authentication vector contains a data set, but only a subset is shown in Figure 4. The mac aggregate approach to group authentication is lightweight and significantly reduces the signal load at the access network compared to aggregated signature patterns. Most existing schemes use a group leader to aggregate the TCM received by each MTC into a single group.

However, this can lead to a bottleneck in the group leader and lead to additional complexity and delay in the selection and management of group leaders. Another drawback of the aggregation approach is that a single defective torque (message, MAC) or a single invalid signature in the aggregate can lead to the failure of all authentication, resulting in a repeat of the entire authentication process. An attacker only has to change a single bit in a message or MAC in the group to make sure of an error. As a result, the cost of this business is very low from the aggressor`s point of view, making the system vulnerable to denial-of-service attacks. iii) Schemes follow a batch processing approach in which multi-device authentication requirements are processed simultaneously as batches, such as Huang et al.`s ABAKA [27] These diagrams are also monitored by the problem of a single invalid signature that requires the re-execution of the entire authentication process. The HGMAKA protocol requires the lowest number of signal messages compared to existing protocols, as shown in Figure 7. In addition, the reduction of signal messages is much more significant, with the increase in the number of groups in the variation of each group compared to the multigroup version, as the probability of a new authentication with a larger group size increases, the proposed protocol does not require that the entire group be authenticated again in case of error. From an authentication point of view, a mobile phone network consists of three main elements: EU, a control network (SN) and a domestic network (HN) (Figure 1).

Comments are closed.