At present, a new round of global technological revolution and the industrial revolution is pregnant the rise, cross industry, cross domain integration and innovation unceasingly, will produce a large number of new applications, new formats, new model, also put forward higher requirements on mobile communication technology. The fifth generation mobile communication (5G) as the development of a new generation of mobile communication technology, mobile Internet will be based on enhancing the user experience of the business, to further meet the massive demand for future networking applications, integration and industrial, medical, transportation and other industries to achieve true depth, all things internet.
In the face of the new development trend of 5G network, especially 5G new business, new architecture, new technology, security and user privacy protection will pose new challenges. The security mechanism of 5G in addition to meet the basic communication security, but also need to provide different security services for different business scenarios, able to adapt to a variety of network access methods and new network architecture, protect user privacy, and support the ability to provide security open. This article from the 5G demand and vision of the research progress of 5G network architecture and technology based on the analysis of 5G network security problems and security requirements, so as to put forward some suggestions for the follow-up research and standards 5G security network architecture work.
First, 5G network scenarios and technical challenges
Compared with the previous mobile communication systems, 5G needs to meet more diverse scenarios and the ultimate performance challenges. Summed up as the mobile Internet and Internet of things two categories of business, including mobile broadband enhancement (eMBB), mass Networking (mMTC) and low latency high reliability (URLLC) three 5G major technical scenarios:
EMBB scene in the continuous wide coverage, in the premise of ensuring the user mobility and business continuity, both in static or high-speed mobile, covering the center or edge coverage, users are able to receive more than 100Mbps experience rate whenever and wherever possible. In hot coverage, to provide users with extremely high data rates, to meet the high network traffic density requirements. The main technical challenges include 1Gbps user experience rate, dozens of Gbps peak rate and traffic density of dozens of Tbps\/km2.
MMTC scene mainly for environmental monitoring, intelligent agriculture application scenarios with sensing and data acquisition targets, with small packets, low power consumption, large connection characteristics required to support million \/ square kilometer connection number density, and achieve low power consumption and low cost of the terminal.
• URLLC scenarios for car networking, industrial control and other special needs of the Internet of things and the vertical industry, providing users with a millisecond end-to-end delay and \/ or close to 100% of the business reliability assurance.
In short, 5G technical challenges include: user experience rate 0.1~1Gbps Gbps peak rate, dozens of dozens of Tbps\/ square kilometers traffic density, connection number density of 1 million \/ km2, millisecond end-to-end delay, and more than one hundred times to improve energy efficiency and reduce the cost of special units.
Two, 5G new scene brings new security threats
Compared to the 5G eMBB scene with the traditional mobile Internet scene, the main difference is to provide high-speed network speed and high density capacity for users, so there will be a large number of small (small cell, femtocell). Station deployment, deployment conditions and functions are flexible. The security mechanism of the traditional 4G does not consider such intensive security threats, network scenarios so, in addition to security threats existing in traditional mobile Internet, security threats in the dense network scenarios under there may be access to the station.
For large-scale networking scenario, is expected to 2020, networking equipment up to 50 billion units. The terminal comprises an Internet of things terminal, a RFID tag, a short distance wireless communication terminal, a mobile communication terminal, a camera and a sensor network gateway, etc.. Because most of the Internet of things with limited resources, dynamic topology, network environment, data centric and application is closely related to other characteristics, compared with the traditional wireless network is more vulnerable to threats and attacks.
In order to ensure the accuracy and validity of the information, it is necessary to introduce the security mechanism in the machine communication. However, if each message of each device needs to be authenticated separately, the verification of network side security signaling needs to consume a large amount of resources. This massive problem authentication signaling is not considered in the traditional 4G network authentication mechanism, once the network terminal is received over the network signaling request signal resource processing ability will trigger a signaling storm, resulting in network service problems. Further, the entire mobile communication system may therefore fail, thus crashing.
However, in the case of low latency and high reliability, especially for delay sensitive applications such as vehicle networking, remote real-time medical, etc.. In these scenarios, in order to avoid accidents such as vehicle collision, operation and other accidents, the 5G network can guarantee the high reliability of the 1ms network and provide the delay QoS protection.
However, the traditional security protocols, such as authentication, encryption and decryption, do not consider the high reliability and low latency communication scenarios. This may result in the delay caused by the traditional complex security protocols \/ algorithms can not meet the needs of ultra low latency. At the same time, the application of 5G in intensive deployment technology enables a single access node coverage is very small, when the fast moving vehicle terminal, network mobility management process will be very frequent, for low delay, the security context of mobility management functions related to the single element and process needs to be optimized.
Three, put forward new requirements for security
5G new network architecture requires more flexible and more intelligent and better performance, service differentiation can be automatically adapted to massive business requirements, integrated scheduling based on cyber source view of the entire network, including access capability, computing power, storage capacity and network connectivity, including: control and achieve a more flat user face forward separation mode architecture based on 5G network; relying on the global model architecture of control function, cooperative control can achieve a variety of access technology; using IT virtualization technology for the network ideological form and network connection method for reconstruction, NFV virtualization technology into 5G network infrastructure, network and network on-demand deployment section and increase the overall network flexibility and scalability.
1, NFV security requirements
5G network infrastructure platform will be more choice based on the general hardware architecture of the data center to support the high forwarding performance of 5G networks and telecommunications management requirements. The mapping of physical resources to the virtual NFV technology resources, construct the virtual machine (VM), load the network logic function (VNF); dynamic reconfiguration of system virtualization virtualization infrastructure platform for unified management and resources. NFV has the potential to help strengthen network security, security policies can be arranged, and can play the advantages of virtualization, isolation of business load to strengthen security. NFV in strengthening security also brings new security risks. Compared with the traditional telecom equipment, the characteristics of the hardware and software separation and the openness of the virtualization network bring new potential security problems to NFV:
Introduction of a new high risk area – virtualization management. Virtual management is the core of NFV, once compromised, all virtual machines on which will be directly under attack, the consequences will be unbearable to contemplate.
– flexible, virtual network security fuzzy boundaries, with the network security strategy is difficult to adjust in real time, dynamic migration of virtual machine vulnerable to other virtual machines with a host of attack; the traditional physical security protection mechanism in cloud computing environment based on boundary is difficult to be effectively applied.
The loss of resources and the sharing of computing resources by multi tenant, the data leakage and the risk of attack, the higher requirements for the protection of data security. And users, applications and data aggregation, easy to become the target of hacker attacks, and once attacked, the impact of a wide range of hazards.
Therefore, 5G security for the introduction of virtualization technology such as NFV, the need for network equipment to provide a wide range of system level protection against all kinds of illegal attacks and intrusions. 5G network environment will include multi vendor hardware and software infrastructure, so the network identity must be effectively managed, so as to prevent illegal users access to network resources. 5G security will provide protection for transmission, such as confidentiality and integrity of data transmission and other security protection, response to malicious data transmission and forwarding.
2, network chip security requirements
Network slicing is the key feature of 5G network. A network slice will form an end-to-end logical network that provides one or more network services flexibly according to the requirements of the slicing requirements. The important security problem of network slicing is that the network slicing needs to provide the isolation mechanism between different slices, so as to prevent the resources in the slice from being illegally accessed by the network nodes in other types of network slices. For example, a patient in a medical slicing network only wants to be accessed by a doctor in the slice network without the need to be accessed by someone else in the network. There is also the same type of isolation between the needs of business network sections, such as different enterprises in the slice network using the same business type, does not want the service resources within the enterprise network node enterprise access other sections.
Services, resources and data protection in isolated sections of the network to achieve results similar to the traditional private network as the user experience, so that users can rest assured that the application of the original data stored in the private network storage in the cloud, users can enjoy the security problem in accessing private resources whenever and wherever possible and don’t need to worry about these the resources, so as to promote the rapid development of a variety of vertical business health.
3, multi RAT access security requirements
Heterogeneous access network will be one of the main technical characteristics of the next generation access network, 5G network will be a variety of wireless access technology integration and coexistence of the network. Not only in the heterogeneous access technologies, such as Wi-Fi and cellular network, also reflected differences in local network architecture in the access network because of different owners caused the result, constructs a universal authentication mechanism of 5G network, can be in different access technologies, unsafe access network based on a safe operation network.
In addition, the interoperability between heterogeneous networks, terminal may switch between heterogeneous networks, the need to ensure that switching between heterogeneous network security interoperability, such as security context transfer, key security context update, heterogeneous network isolation etc..
Future 5G security will provide a full range of security protection on the basis of more diverse scenarios, a variety of access methods and a new network architecture. In addition to meet the basic communication security, 5G security mechanism can provide different security services for different business scenarios, able to adapt to a variety of network access methods and new network architecture, protect user privacy, and support the ability to provide security open. At present, 5G standardization work has been started, 3GPPSA2 will complete the research work of 5G network architecture at the end of 2016, so it is necessary to clear as soon as the 5G network security requirements, and the overall architecture of the 5G network design and subsequent standardization in considering 5G safety requirements, so as to ultimately build a more secure and trusted network model 5G target.
Sweep the concern of the public, WeChat