网络与信息安全学报 (Jun 2022)
Fast handover authentication scheme in 5G mobile edge computing scenarios
Abstract
The 5G internet of things brings the ultimate experience to users, but it also puts forward new challenges.Users’ requirements of ultra-low latency experience, access to business without sense during movement and security guarantee have attracted much attention.Mobile edge computing can meet the strict requirements of 5G with low latency, large connection and high bandwidth.As a computing paradigm with the coexistence of multi-trust domains, multi-entities and cross-trust domains are interconnected frequently.Identity authentication is particularly important for security protection.Through the research on the identity authentication mechanism under the existing edge computing paradigm, a lightweight fast handover authentication scheme based on pre-authentication was proposed.The proposed solution moved services and calculations from the cloud to the edge.Biometric fingerprint technology was used on the client side to defend against terminal theft attacks.Edge servers in different regions used pre-authentication scheme to meet fast switching requirements.The user and the edge server established a secure channel by negotiating a shared session key in real time, and the authentication scheme ensured lightweight operation with XOR and hash operation.The proposed scheme was evaluated from two aspects of security and performance.Theoretical design analysis and formal tool verification were carried out for security evaluation.The formal analysis tool, AVISPA, was used to verify the improved security of the proposed scheme in the presence of intruders.The performance was mainly evaluated from the computing cost and communication cost of the authentication scheme.The simulation results showed that the proposed scheme reduces communication cost, and the computational overhead can meet the needs of mobile terminals with limited resources.As the future work, the scheme will be improved from two aspects: one is to strengthen the scalability to ensure that users and edge servers can join and exit at any time, and the other one is to strengthen the universality of the scheme to meet the access deployment of third-party service providers.
Keywords
