基于5G的智慧机场网络安全方案设计与安全性分析  被引量：4

作　　者：邢馨心 左青雅 刘建伟 XING Xinxin;ZUO Qingya;LIU Jianwei(School of Cyber Science and Technology,Beihang University,Beijing 100083,China;International School,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区：[1]北京航空航天大学网络空间安全学院,北京100083 [2]北京邮电大学国际学院,北京100876

出　　处：《网络与信息安全学报》2023年第5期116-126,共11页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(U21B2021,61972018,61932014);国家重点研发计划(2021YFB2700200)。

摘　　要：面向智慧机场网络安全方案的实际应用需求,提出了一种基于5G的智慧机场网络安全方案。该方案分析了智慧机场5G场景的安全特点及安全需求,从统一安全管控、网络切片安全、安全监测预警、边缘计算安全、物联网感知节点安全5方面总结了当前场景下存在的安全需求痛点,并设计了基于5G的智慧机场网络安全方案,其功能组成包括面向泛在网络的5G网络统一安全管控功能、轻量化的5G网络身份认证鉴权功能、面向多业务需求的5G网络切片安全防护、基于大数据分析的5G网络安全监测预警、基于边缘计算的一体化安全防护功能、基于设备行为分析的感知节点安全防护功能,构建了集业务加密、网络安全、终端可信、身份可信、安全管控于一体的安全平台。此外,分析了现有5G认证与密钥协商(AKA,authentication and key agreement)协议中潜在的伪造基站攻击。由于缺少对SN转发的消息的真实性验证,攻击者可以冒充真实的服务网络与用户设备和归属网络进行通信,从而进行基站伪装攻击。这种攻击可能会导致智慧机场网络数据泄露,并遭遇敌手的篡改、欺骗等问题。针对智慧机场网络安全需求和5G认证与密钥协商协议的安全问题,设计了抗攻击的改进5G认证与密钥协商协议,并通过形式化安全模型、安全目标定义与形式化的安全性分析证明了所提方案的抗攻击能力。To meet the security requirements of smart airports,a 5G-based smart airport network security solution was proposed.The security characteristics and security requirements of the 5G scenario in smart airport were analyzed,and the pain points of security requirements in the current scenario were summarized in five aspects:unified security management and control,network slicing security,security monitoring and early warning,edge computing security,and IoT-aware node security.And then a 5G network security system was designed for smart airports.The functional components of this system included 5G network unified security management and control functions for ubiquitous networks,lightweight 5G network identity authentication and authentication functions,5G network slice security protection for multi-service requirements,5G network security monitoring and early warning based on big data analysis,integrated security protection function based on edge computing,and sensory node security protection function based on device behavior analysis.This comprehensive approach built an all-in-one security platform covering business encryption,network security,terminal trustworthiness,identity trustworthiness,and security management and control.Additionally,the potential counterfeit base station attacks in the existing 5G authentication and key agreement(AKA)were analyzed.Due to the lack of authenticity verification of the messages forwarded by the SN,the attacker can pretend to be the real SN to communicate with the UE and the HN,thus carrying out the base station masquerading attack.This kind of attack may lead to the leakage of smart airport network data,and encounter problems such as tampering and deception by opponents.Aiming at the network security requirements of smart airports and the security issues of 5G authentication and key agreement protocol,an improved 5G authentication and key agreement protocol was designed.Formal security models,security goal definitions,and analysis were performed to ensure the robustness and effec

关 键 词：5G 系统设计 安全协议 安全性分析 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]