一种面向关键行业应用的广域5G安全专网设计  被引量：16

作　　者：王俊[1] 田永春[1] WANG Jun;TIAN Yong-chun(The 30^(th)Institute of CETC,Chengdu 610041,China)

机构地区：[1]中国电子科技集团公司第三十研究所,四川成都610041

出　　处：《中国电子科学研究院学报》2021年第10期964-972,共9页Journal of China Academy of Electronics and Information Technology

基　　金：国家科技重大专项资助项目(2017ZX0300108);四川省科技厅重大科技专项资助项目(2017GZDZX001);。

摘　　要：为满足企业/行业用户远程移动业务应用的需求,依托移动运营商网络构建专网已成为业界的主流方式。但对于很多垂直行业和关键行业,对安全有较高要求,而移动通信网络的构建依赖第三代合作伙伴计划(3rd Generation Partnership Project,3GPP)标准规范,其安全体系主要面向的是普通公众用户,与垂直行业和关键行业的安全需求存在较大差距。为了弥补该差距,目前业界的主流思路是在移动运营商所提供专线基础上叠加端到端业务加密防护,但这种传统方式仍然存在较多安全隐患,无法满足关键行业的安全需求,为此提出一种全新的面向关键行业应用的广域5G安全专网架构。首先,对3GPP安全体系以及基于移动运营商专线构建安全专网的传统构建方式进行说明,并对传统安全专网构建方式的安全防护原理和存在的不足进行分析;然后,提出了一种全新的广域安全专网设计方案,从技术可行性、安全性、运营商接受度、可实施性等方面进行深入论证,接着,给出了在这种广域安全专网架构下各种安全增强机制以及对核心网拜访域影响性等各种试验验证的结果,证明了方案的优势,能够为5G面向垂直行业和关键行业应用提供理论支撑;最后,对5G安全专网未来的发展以及6G安全发展的衔接提出了展望。In order to meet the needs of enterprise/industry users for remote mobile service applications,relying on the mobile operator network to build a private network has become the mainstream way in the industry.However,for many vertical industries and key industries,there are high requirements for security,while the construction of mobile communication network relies on 3GPP standards,and its security system is mainly for the general public users,which has a big gap with the security requirements of vertical industries and key industries.In order to make up for this gap,the mainstream idea of the industry is to overlay end-to-end business encryption protection on the basis of the dedicated lines provided by mobile operators,but this traditional way still has more security risks,can not meet the security needs of key industries,for which a new wide area 5G security network architecture for key industry applications is proposed.Firstly,the 3GPP security system and the traditional construction method of building a security network based on mobile operator’s private line are explained,and the principle of security protection and shortcomings of the traditional security network construction method are analyzed.Then a new wide area safety network design scheme is put forward,which is further demonstrated in terms of technical feasibility,security,operator acceptance and implementability.Then the results of various security enhancement mechanisms under this wide area safety network architecture and various experimental verifications such as the impact of the core network visit domain are given,which proves the advantages of the scheme and can provide theoretical support for 5G applications for vertical and key industries.Finally,the future development of 5G security network architecture and the convergence of 6G security are put forward.

关 键 词：5G安全 关键行业应用 广域安全专网 安全增强 

分 类 号：TN918[电子电信—通信与信息系统]