A Secure Blockchain-Based Authentication and Key Agreement Scheme for 3GPP 5G Networks
Abstract
:1. Introduction
- We design a novel Authentication and Key Agreement protocol for the 3GPP 5G network. 5GSBA works based on the improvement of the existing system architecture of the 5G core network. It can be easily adopted to the 3GPP access scenario, in which all UEs are connected to the home network via nearby gNBs;
- Our proposed 5GSBA protocol is secure and efficient. Using blockchains and other state-of-the-art cryptographic functions, 5GSBA can guarantee device unlinkability, mutual authentication, and data confidentiality with low computational and energy costs. Most importantly, not only can all typical network attacks be prevented, but DoS and DDoS attacks can be deterred;
- The security of the protocol is verified with BAN logic and the formal verification tool Scyther. The performance evaluation and simulations also demonstrate its resistivity to DoS and DDoS attacks.
2. Related Work
2.1. Security Vulnerabilities in 5G-AKA
2.2. Blockchain in 5G Authentication
2.3. AKA Schemes against DoS and DDoS Attacks
3. System and Security Model
3.1. System Model
3.2. Security Model
4. The Proposed 5GSBA Scheme
4.1. Motivation
4.2. Details of the 5GSBA
- AUSF generates a new ECIES private key representing the 5GC by choosing a random input . Then, the ECIES public key is stored at UDM.
- When there is a new gNB joining the 5GC, they should mutually authenticate with any existing approach such as IPSec tunnels. After that, AUSF installs the ECIES private key from UDM into the secure enclave of the newly joined gNB.
- Finally, the authenticated gNB downloads the latest private blockchain from the 5GC. gNB may also index the transactions in the blockchain locally for faster access.
- Whenever the blockchain has any updates, the gNB will download and index the new blocks accordingly.
- Block Header: It contains the block version for future maintenance and upgrades.
- Previous Block Hash: It is the hash of the previous block. It guarantees the immutability of the blockchain.
- Timestamp: It is the block creation time for tracking purposes. All transaction timestamps within the block should never be larger than this timestamp.
- Transactions: Each transaction is a subscription record for one device. To reduce the storage overhead of the blockchain, each block contains multiple transaction records. This size should be adjustable according to the preference of network operators. By default, we follow the block size of bitcoin as 1 MB.
- The operator generates a one-time hash secret and the digest of the one-time hash secret ;
- USIM stores its permanent identity (i.e., SUPI), elliptic curve parameters, one-time hash secret , and the ECIES public key of 5GC into its non-volatile storage;
- AUSF creates a new blockchain transaction including the SUPI, , timestamp, and a status code. The status code is the activation status of the SUPI. For example, “activated” can be 1, “suspended” can be 2, “revoked” can be 3, and so on. The format of one transaction in the blockchain is also shown in Figure 3.
- If we need to revoke the access of a specific USIM, AUSF can post a new transaction with a “revoked” activation status code and a timestamp to the blockchain. Therefore, when gNBs retrieve the latest transactions from the blockchain, they will follow the last record to deny access from that USIM.
- UE→ gNB: UE sends an authentication request to the gNB with these steps:
- Generate a new random HMAC key , random ECDH public key , and timestamp TS;
- Generate SUCI by encrypting {SUPI, Y, } with ;
- Generate the next one-time hash secret , and calculate its hash ;
- Update the in the local storage as , as it will become the for the next authentication;
- Calculate σ1 = HMAC ({} );
- Send the authentication request = to gNB.
- gNB checks the incoming authentication request with these steps:
- Check the validity of the timestamp TS, and then decrypt the SUCI into {SUPI, Y, } using the private key ;
- Verify the HMAC of the message σ1 = HMAC ({} );
- Fetch the latest transaction of the SUPI from the private blockchain locally;
- Compare the hash of the received with the value stored in the blockchain. If there is a collision (i.e., two values are equal), send an authentication response. Otherwise, gNB should stop the protocol;
- Create a new blockchain transaction containing the value of , and upload the block containing this transaction when the gNB is idle.
- gNB→ UE: gNB issues an authentication response to the UE with these steps:
- Generate a new random ECDH public key ;
- Calculate σ2 = HMAC ({SUPI, TS, }, ), where TS is the received timestamp;
- Send the authentication response = {TS, , σ}.
- UE checks the incoming authentication response with these steps:
- Calculate σ’ = HMAC ({SUPI, TS, }, ). If σ equals to σ’, the UE continues to calculate the common ECDH session key using formula ;
- Similarly, gNB calculates the common ECDH session key using formula . Since , a common session key is derived. Both parties are now mutually authenticated.
5. Security Evaluation
5.1. Burrows–Abadi–Needham (BAN) Logic
5.1.1. Formalized 5GSBA Protocol
5.1.2. Logical Assumptions
5.1.3. Protocol Goal
5.1.4. Protocol Verification
5.2. Scyther Tool
5.3. Security Analysis
- DoS Semantic AttackPrevention: With the 5GSBA, semantic attacks exploiting the weaknesses of the protocol are impracticable, because the authentication request contains a timestamp and a one-time hash secret Y. Specifically, when the gNB receives an authentication request, it first checks if the timestamp is fresh. Then, it decrypts the SUCI and compares the Y with the records stored in the private blockchain. If the calculated hash value does not match, it will reject the session immediately. In this way, adversaries cannot hoard multiple sessions in the gNB by replaying the same authentication messages (i.e., the original SUCI in 5G-AKA). Additionally, since the authentication request involves only the computationally inexpensive ECIES and hash functions, adversaries cannot exhaust the computational resources of gNBs easily;
- DDoS Flooding AttackPrevention: By decentralizing the authentication tasks from the AUSF/UDM to all gNBs, the 5GSBA lessens the effects of flooding attacks that paralyze the network with authentic requests. In the 5G era, the inter-site distance (ISD) of gNBs is getting smaller, and the number of gNBs deployed keeps growing. Hence, the total computational power of gNBs is growing steadily, making it increasingly difficult to flood or even paralyze the entire 5G network. Furthermore, since the 5GSBA shifts the authentication tasks from AUSF/UDM to gNBs, it can also prevent the single-point-of-failure. One gNB failure or one AUSF failure will not affect the entire 5G network. Thus, DDoS attacks in the 5G authentication can be prevented, and the quality of service (QoS) across the 5G network can be maintained. The performance analysis will show that the 5GSBA can serve much more incoming authentication requests than the existing centralized schemes;
- Linkability Attack Prevention: Unlike conventional symmetric key-based protocols such as 5G-AKA, the 5GSBA generates session keys using ECDH instead of the sequence number. Hence, the 5GSBA does not have the MAC failure or synchronization failure commonly found in symmetric key-based AKA protocols. Adversaries can no longer use these error messages as a loophole to trace a specific device;
- UE Impersonation Attack Prevention: By the conventional 5G-AKA protocol, users have to trust the network operator implicitly. Since the network operator owns a copy of users’ symmetric keys and sequence numbers, insider attackers in the network can impersonate the UE by abusing these keys. By the 5GSBA, since the one-time hash secret is only stored at the USIM, there is no way for network operators to impersonate the UE using the data stored in the private blockchain. Hence, if the network operators cannot provide the one-time hash secret used in the authentication, users can simply deny all malicious behavior for that session;
- Rogue Base Station Attack Prevention: By the 5GSBA, since only the legitimate gNBs can decrypt the SUCI, rogue base stations cannot produce genuine authentication responses by generating the correct HMAC code σ. Thus, it can prevent UE from establishing connections with rogue base stations;
- Replay Attack Prevention: The authentication requests and responses by the 5GSBA are all tagged with a timestamp TS, and the HMAC key should also work once only. Therefore, by checking the timestamp in both UEs and gNBs, replayed messages can be easily identified and discarded;
- Battery Depletion Attack Prevention: With the 5G-AKA, UE must respond to identity requests from the serving network by generating a fresh SUCI. If some rogue base stations frequently send the identity requests, the batteries of UE devices could deplete faster. In the 5GSBA, only UE can take the initiative to generate a fresh SUCI for authentication. Hence, the serving network cannot force the UE to create a fresh SUCI, and it prevents the battery depletion attacks effectively.
6. Performance Evaluation
6.1. Computational Overheads
6.1.1. Theoretical and Experimental Delays
6.1.2. Average Delays under Unknown Attacks
6.2. Communication Overhead
6.3. Energy Consumption for UE
6.4. Resistivity to DoS and DDoS Attacks
6.4.1. Average Delays under DDoS Flooding Attacks
6.4.2. Average Successful Authentications under DoS Attacks
6.5. Discussion of the Results
7. Conclusions
Author Contributions
Funding
Informed Consent Statement
Conflicts of Interest
References
- Agiwal, M.; Roy, A.; Saxena, N. Next generation 5G wireless networks: A comprehensive survey. IEEE Commun. Surv. Tutor. 2016, 18, 1617–1655. [Google Scholar] [CrossRef]
- 3GPP. Security Architecture and Procedures for 5G System (Release 16.3.0); TS 33.501. 2018. Available online: https://www.3gpp.org/ftp/Specs/archive/33_series/33.501/33501-g30.zip (accessed on 11 June 2022).
- Cao, J.; Ma, M.; Li, H.; Ma, R.; Sun, Y.; Yu, P.; Xiong, L. A survey on security aspects for 3GPP 5G networks. IEEE Commun. Surv. Tutor. 2020, 22, 170–195. [Google Scholar] [CrossRef]
- Basin, D.; Radomirovic, S.; Dreier, J.; Sasse, R.; Hirschi, L.; Stettler, V. A formal analysis of 5g authentication. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, 15 October 2018; pp. 1383–1396. [Google Scholar] [CrossRef] [Green Version]
- Liu, F.; Peng, J.; Zuo, M. Toward a Secure Access to 5G Network. In Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018, New York, NY, USA, 1–3 August 2018; pp. 1121–1128. [Google Scholar] [CrossRef]
- Tahir, M.; Habaebi, M.H.; Dabbagh, M.; Mughees, A.; Ahad, A.; Ahmed, K.I. A Review on Application of Blockchain in 5G and beyond Networks: Taxonomy, Field-Trials, Challenges and Opportunities. IEEE Access 2020, 8, 115876–115904. [Google Scholar] [CrossRef]
- 3GPP. 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on authentication enhancements in 5G System; (Release 17); 3GPP TR 33.846 V0.7.0. 2020. Available online: https://www.3gpp.org/ftp/Specs/archive/33_series/33.846/33846-070.zip (accessed on 11 June 2022).
- Chaer, A.; Salah, K.; Lima, C.; Ray, P.P.; Sheltami, T. Blockchain for 5G: Opportunities and challenges. In Proceedings of the 2019 IEEE Globecom Workshops, GC Wkshps, Waikoloa, HI, USA, 9–13 December 2019. [Google Scholar] [CrossRef]
- Yang, H.; Zheng, H.; Zhang, J.; Wu, Y.; Lee, Y.; Ji, Y. Blockchain-based trusted authentication in cloud radio over fiber network for 5G. In Proceedings of the 16th International Conference on Optical Communications and Networks (ICOCN), Wuzhen, China, 7–10 August 2017; pp. 1–3. [Google Scholar]
- Haddad, Z.; Fouda, M.M.; Mahmoud, M.; Abdallah, M. Blockchain-based Authentication for 5G Networks. In Proceedings of the 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies, ICIoT 2020, Doha, Qatar, 2–5 February 2020; pp. 189–194. [Google Scholar] [CrossRef]
- Haddad, Z.; Baza, M.; Mahmoud, M.M.E.A.; Alasmary, W.; Alsolami, F. Secure and Efficient AKA Scheme and Uniform Handover Protocol for 5G Network Using Blockchain. IEEE Open J. Commun. Soc. 2021, 2, 2616–2627. [Google Scholar] [CrossRef]
- Xu, J.; Xue, K.; Tian, H.; Hong, J.; Wei, D.S.L.; Hong, P. An Identity Management and Authentication Scheme Based on Redactable Blockchain for Mobile Networks. IEEE Trans. Veh. Technol. 2020, 69, 6688–6698. [Google Scholar] [CrossRef]
- Jia, X.; Hu, N.; Yin, S.; Zhao, Y.; Zhang, C.; Cheng, X. A2Chain: A Blockchain-Based Decentralized Authentication Scheme for 5G-Enabled IoT. Mob. Inf. Syst. 2020, 2020, 8889192. [Google Scholar] [CrossRef]
- Liu, J.; Huang, C.T. Efficient and Trustworthy Authentication in 5G Networks Based on Blockchain. In Proceedings of the International Conference on Computer Communications and Networks, ICCCN, Las Vegas, NV, USA, 19–22 July 2021; pp. 1–6. [Google Scholar] [CrossRef]
- Zhang, Y.; Deng, R.; Bertino, E.; Zheng, D. Robust and Universal Seamless Handover Authentication in 5G HetNets. IEEE Trans. Dependable Secur. Comput. 2019, 18, 858–874. [Google Scholar] [CrossRef]
- Chen, Z.; Chen, S.; Xu, H.; Hu, B. A security authentication scheme of 5G ultra-dense network based on block chain. IEEE Access 2018, 6, 55372–55379. [Google Scholar] [CrossRef]
- Sharma, V.; You, I.; Palmieri, F.; Jayakody, D.N.K.; Li, J. Secure and Energy-Efficient Handover in Fog Networks Using Blockchain-Based DMM. IEEE Commun. Mag. 2018, 56, 22–31. [Google Scholar] [CrossRef]
- Yu, F.; Ma, M.; Li, X. A Blockchain-Assisted Seamless Handover Authentication for V2I Communication in 5G Wireless Networks. In Proceedings of the IEEE International Conference on Communications, Montreal, QC, Canada, 14–23 June 2021; pp. 1–5. [Google Scholar] [CrossRef]
- Chow, M.C.; Ma, M. A Blockchain-Enabled 5G Authentication Scheme Against DoS Attacks. In Proceedings of the 2020 International Conference on Electronics, Communications and Information Technology, Coimbatore, India, 5–7 November 2020; IOP Publishing: Bristol, UK, 2020; pp. 3–8. [Google Scholar]
- Lai, C.; Li, H.; Lu, R.; Shen, X. SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks. Comput. Netw. 2013, 57, 3492–3510. [Google Scholar] [CrossRef]
- Cao, J.; Ma, M.; Li, H. LPPA: Lightweight privacy-preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks. Int. J. Commun. Syst. 2019, 32, e3860. [Google Scholar] [CrossRef]
- Leu, F.Y.; Tsai, K.L.; Susanto, H.; Gu, C.Y.; You, I. A Fault Tolerant Mechanism for UE Authentication in 5G Networks. Mob. Netw. Appl. 2020, 26, 1650–1667. [Google Scholar] [CrossRef]
- Yan, X.; Ma, M. A lightweight and secure handover authentication scheme for 5G network using neighbour base stations. J. Netw. Comput. Appl. 2021, 193, 103204. [Google Scholar] [CrossRef]
- Braeken, A.; Liyanage, M.; Kumar, P.; Murphy, J. Novel 5G Authentication Protocol to Improve the Resistance against Active Attacks and Malicious Serving Networks. IEEE Access 2019, 7, 64040–64052. [Google Scholar] [CrossRef]
- Gharsallah, I.; Smaoui, S.; Zarai, F. A secure efficient and lightweight authentication protocol for 5G cellular networks: SEL-AKA. In Proceedings of the 15th International Wireless Communications and Mobile Computing Conference, IWCMC 2019, Tangier, Morocco, 24–28 June 2019; pp. 1311–1316. [Google Scholar] [CrossRef]
- Hu, X.; Liu, C.; Liu, S.; Cheng, X. A security enhanced 5g authentication scheme for insecure channel. IEICE Trans. Inf. Syst. 2020, 103, 711–713. [Google Scholar] [CrossRef] [Green Version]
- Xiao, Y.; Wu, Y. 5G-IPAKA: An Improved Primary Authentication and Key Agreement Protocol for 5G Networks. Information 2022, 13, 125. [Google Scholar] [CrossRef]
- Ramezan, G.; Abdelnasser, A.; Liu, B.; Jiang, W.; Yang, F. EAP-ZKP: A Zero-Knowledge Proof based Authentication Protocol to Prevent DDoS Attacks at the Edge in beyond 5G. In Proceedings of the 2021 IEEE 4th 5G World Forum, 5GWF 2021, Montreal, QC, Canada, 13–15 October 2021; pp. 259–264. [Google Scholar] [CrossRef]
- 3GPP. System Architecture for the 5G System (5GS) (Release 15.7.0); TS 23.501. p. 353. 2019. Available online: https://www.etsi.org/deliver/etsi_ts/123500_123599/123501/15.07.00_60/ts_123501v150700p.pdf (accessed on 11 June 2022).
- Dolev, D.; Yao, A.C. On the Security of Public Key Protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Castro, M. Practical Byzantine Fault Tolerance. In Proceedings of the Third Symposium on Operating Systems Design OSDI ’99, New Orleans, LA, USA, 22–25 February 2001; pp. 1–172. Available online: http://pmg.csail.mit.edu/papers/osdi99.pdf (accessed on 11 June 2022).
- Burrows, M.; Abadi, M.; Needham, R. A logic of Authentication. ACM Trans. Comput. Syst. 1990, 8, 18–36. [Google Scholar] [CrossRef]
- Cremers, C. The Scyther Tool. CISPA Helmholtz Center for Information Security. 2020. Available online: https://people.cispa.io/cas.cremers/scyther/ (accessed on 18 March 2020).
- Akinyele, J.A.; Garman, C.; Miers, I.; Pagano, M.W.; Rushanan, M.; Green, M.; Rubin, A.D. Charm: A framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 2013, 3, 111–128. [Google Scholar] [CrossRef] [Green Version]
- Barker, E. Recommendation for Key Management—Part 1: General; NIST Special Publication 800-57; National Institute of Standards and Technology, Technology Administration: Gaithersburg, MD, USA, 2016; pp. 1–142. [Google Scholar] [CrossRef]
- 3GPP. Technical Specification Group Services and System Aspects; Service requirements for the 5G system; Stage 1 (Release 17); TS 22.261. 2019. Available online: https://www.3gpp.org/ftp/Specs/archive/22_series/22.261/22261-ha0.zip (accessed on 11 June 2022).
- Huang, J.; Qian, F.; Gerber, A.; Mao, Z.M.; Sen, S.; Spatscheck, O. A close examination of performance and power characteristics of 4G LTE networks. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, Low Wood Bay Lake District, UK, 25 June 2012; pp. 225–238. [Google Scholar] [CrossRef]
- Potlapally, N.R.; Ravi, S.; Raghunathan, A.; Jha, N.K. A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Trans. Mob. Comput. 2006, 5, 128–143. [Google Scholar] [CrossRef]
Type | Highlights | Security Features | ||||||
---|---|---|---|---|---|---|---|---|
FV | DA | PFS | LA | DoS | DDoS | |||
Our Work | 5G Initial Authentication | Decentralized authentications with low overhead | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
[9] | No single trust authority | ✓ | ✓ | |||||
[10,11] | Decentralized authentication to nearby gNBs | ✓ | ✓ | ✓ | ✓ | |||
[12] | Removal of obsolete data in blockchains | ✓ | ✓ | ✓ | ✓ | |||
[13] | Inter-domain authentication | ✓ | ✓ | |||||
[14] | Improving 5G EAP-AKA’ protocol security | ✓ | ✓ | ✓ | ||||
[19] | Formally verified protocol using chameleon signature | ✓ | ✓ | ✓ | ✓ | ✓ | ||
[15] | 5G Handover Authentication | Efficient handover authentication | ✓ | ✓ | ✓ | ✓ | ✓ | |
[16] | Optimized for frequent handover | ✓ | ||||||
[17] | Lightweight handover authentication | ✓ | ||||||
[18] | Traceability for base stations to record malicious devices | ✓ | ✓ | ✓ | ✓ |
Method | Advantages | Drawbacks | |
---|---|---|---|
[20] | Group Authentication | Prevention of DoS using timestamp | Weak DDoS prevention for individual authentication |
[21] | Efficient group-based authentication | ||
[22] | Computation Pool | Fault-tolerant 5G-AKA authentication | 5G-AKA is inherently vulnerable to DoS attacks |
[23] | One-to-One Authentication | Lightweight and formally verified handover authentication | Vulnerable to DDoS due to centralized design |
[24] | Formally verified protocol | ||
[25] | Lightweight symmetric key-based protocol | ||
[26] | Formally verified protocol | ||
[27] | Backward compatibility with 5G-AKA | ||
[28] | DDoS prevention using zero-knowledge proof | Centralized design, lack of formally verified protocol |
Notation | Description |
---|---|
SUPI | Subscription Permanent Identifier of the UE |
IDgNB | Permanent Identifier of gNB |
P | Generator of the Elliptic Curve |
Y/Y2 | One-Time Hash Secret |
H (msg) | Cryptographic Hash Function |
HMAC (msg, K) | Keyed-hash Message Authentication Code |
σ | Generated HMAC code |
PKcore | Public Key of 5G Core |
SKcore | Private Key of 5G Core |
TS | Timestamp |
Khmac | Symmetric Key for HMAC Generation |
EPKCore (msg) | Encrypt Message with the Public Key of 5GC |
Notation | Description | Time (ms) |
---|---|---|
ECDSA Sign | 0.7286 | |
ECDSA Verify | 1.3442 | |
ECIES Encryption | 2.0572 | |
ECIES Decryption | 0.7851 | |
KDF/HMAC Calculation | 0.0495 | |
HMAC Verification | 0.0281 | |
ECDH Key Generation (1 Exp) | 0.6945 | |
ECDH Common Key | 0.7099 | |
SHA256 Calculation Time (Hash Time) | 0.0206 | |
Symmetric Encryption | 0.0925 | |
XOR Operation | 0.0084 | |
Blockchain Transaction Read | 0.2914 | |
Blockchain Transaction Write | 0.0434 | |
Centralized Database Read | 0.4956 |
Protocol | Entity | Authentication Computational Overhead | Execution Time (ms) |
---|---|---|---|
5GSBA | UE | 2.8499 | |
CN | 1.9126 | ||
Both | 0.7099 | ||
5G-AKA | UE | 2.3496 | |
CN | 1.6143 | ||
SE-AKA | UE | 3.6877 | |
CN | 2.8898 | ||
BB-AKA 5G | UE | 4.1115 | |
CN | 5.9035 | ||
Both | 0.7305 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chow, M.C.; Ma, M. A Secure Blockchain-Based Authentication and Key Agreement Scheme for 3GPP 5G Networks. Sensors 2022, 22, 4525. https://doi.org/10.3390/s22124525
Chow MC, Ma M. A Secure Blockchain-Based Authentication and Key Agreement Scheme for 3GPP 5G Networks. Sensors. 2022; 22(12):4525. https://doi.org/10.3390/s22124525
Chicago/Turabian StyleChow, Man Chun, and Maode Ma. 2022. "A Secure Blockchain-Based Authentication and Key Agreement Scheme for 3GPP 5G Networks" Sensors 22, no. 12: 4525. https://doi.org/10.3390/s22124525