A Formally Verified Security Scheme for Inter-gNB-DU Handover in 5G Vehicle-to-Everything

Jiyoon Kim; Daniel Gerbi Duguma; Philip Virgil Astillo; Hoon-Yong Park; Bonam Kim; Ilsun You; Vishal Sharma

doi:10.1109/ACCESS.2021.3107308

IEEE Access (Jan 2021)

A Formally Verified Security Scheme for Inter-gNB-DU Handover in 5G Vehicle-to-Everything

Jiyoon Kim,
Daniel Gerbi Duguma,
Philip Virgil Astillo,
Hoon-Yong Park,
Bonam Kim,
Ilsun You,
Vishal Sharma

Affiliations

Jiyoon Kim: ORCiD; Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Daniel Gerbi Duguma: Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Philip Virgil Astillo: ORCiD; Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Hoon-Yong Park: Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Bonam Kim: Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Ilsun You: ORCiD; Department of Information Security Engineering, Soonchunhyang University, Asan, South Korea
Vishal Sharma: ORCiD; School of Electronics, Electrical Engineering and Computer Science, Queen’s University Belfast (QUB), Northern Ireland, Belfast, U.K

DOI: https://doi.org/10.1109/ACCESS.2021.3107308
Journal volume & issue: Vol. 9
pp. 119100 – 119117

Abstract

Read online

Cellular technology has evolved over the decades for mobile network operators to accommodate the ever-growing demands of services for connecting Vehicle-to-Everything (V2X). The 5G infrastructure facilitates V2X communications, where a small-cell base station operating at ultra-high radio frequency with limited coverage becomes pervasive. These small-cell base stations in 5G-V2X must be strategically deployed near the consumers to realize several use cases. More recently, the architectural split solutions in Next Generation Radio Access Network (NG-RAN) are introduced, in which the gNB is divided into the distributed unit (gNB-DU) and control unit (gNB-CU). This functional split intends to improve scalability, performance, and network orchestration optimization. In this case, frequent user equipment (UE) handover between gNB-DUs is inevitable. However, the current 5G standard did not consider securing the path between these two entities. Hence, the NG-RAN could likely experience various security threats if the current handover procedure standard is employed without changes. Consequently, this paper introduces potential threats like resource depletion at NG-RAN caused by the useless execution of resource-demanding procedures to complete the transfer of attachment of UE to target gNB-DU. Another is UE being denied from accessing services caused by unsuccessful uplink and downlink synchronization during random access procedure execution, requiring establishing security and mutual authentication between the entities. Motivated by this, we proposed a security protocol composed of two phases, namely initial and handover. While the former phase assists in mutual authentication and key agreement between UE and serving gNB-DU, the latter secures UE’s mobility in inter-gNB-DU handover. This protocol aims to preserve the existing quality of service and support essential security requirements, including confidentiality, integrity, mutual authentication, secure key exchange, and perfect forward secrecy. The security requirements are formally verified using BAN logic and Scyther, and the proposed protocol demonstrated lower handover latency than EAP-AKA’, AKA, EAP-TLS, and EAP-IKEv2.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords