网络与信息安全学报 (Oct 2023)
5G-based smart airport network security scheme design and security analysis
Abstract
To meet the security requirements of smart airports, a 5G-based smart airport network security solution was proposed.The security characteristics and security requirements of the 5G scenario in smart airport were analyzed, and the pain points of security requirements in the current scenario were summarized in five aspects:unified security management and control, network slicing security, security monitoring and early warning, edge computing security, and IoT-aware node security.And then a 5G network security system was designed for smart airports.The functional components of this system included 5G network unified security management and control functions for ubiquitous networks, lightweight 5G network identity authentication and authentication functions, 5G network slice security protection for multi-service requirements, 5G network security monitoring and early warning based on big data analysis, integrated security protection function based on edge computing, and sensory node security protection function based on device behavior analysis.This comprehensive approach built an all-in-one security platform covering business encryption, network security, terminal trustworthiness, identity trustworthiness, and security management and control.Additionally, the potential counterfeit base station attacks in the existing 5G authentication and key agreement (AKA) were analyzed.Due to the lack of authenticity verification of the messages forwarded by the SN, the attacker can pretend to be the real SN to communicate with the UE and the HN, thus carrying out the base station masquerading attack.This kind of attack may lead to the leakage of smart airport network data, and encounter problems such as tampering and deception by opponents.Aiming at the network security requirements of smart airports and the security issues of 5G authentication and key agreement protocol, an improved 5G authentication and key agreement protocol was designed.Formal security models, security goal definitions, and analysis were performed to ensure the robustness and effectiveness of the protocol against attacks.
Keywords
