面向5G mMTC的网络切片安全研究

随着5G新业务、新架构、新技术的不断出现，其中的安全问题和潜在安全风险正受到越来越多研究人员的重视。海量机器类通信是5G三大应用场景之一，在提供“大连接、低功耗”等高性能的同时，由于 MTC 设备资源受限等，可能弱化 5G 网络的安全性。与此同时，不同场景和应用领域对网络性能、服务质量、安全等级均有较为明显的差异化需求。网络切片技术的引入，适应了 5G 组网的灵活性，满足了 5G网络为用户提供服务的多样性、定制化，也带来了新的安全威胁。5G 商用发展迅猛，物联网设备数量成指数倍增加。为确保5G网络提供更加高效安全的按需服务，针对5G mMTC应用场景，对网络切片安全机制和安全策略的研究尤为重要。因此，详细分析了5G mMTC具有的特点及安全需求，并列举分析了网络切片主要的安全威胁。结合上述安全需求和安全威胁，围绕特定网络切片认证、切片安全隔离、安全管理和编排等方面，总结并阐述了相关现有安全策略方案的贡献和不足，并对未来该领域的研究进行了展望。提出了一个基于SM2国密算法的5G mMTC网络切片二次认证与安全隔离模型。该模型框架通过引入批量认证和预认证机制，满足了 5G 机器类用户大规模认证的高效性；通过对不同通信数据分级加密，实现了 5G mMTC网络切片间的安全隔离；并对该模型进行了性能分析和安全性分析。

Research on network slicing security for 5G mMTC

With the emergence of new 5G business, architecture and technology, more and more researchers pay attention to security issues and potential security risks.Massive machine type communication is one of the three major application scenarios of 5G.It provides high performance such as large connection and low power consumption.Due to factors such as limited resources of MTC equipment, it may also weaken the security of 5G networks.At the same time, different scenarios and applications have obvious demands for network performance, service quality and security level.The flexibility of 5G networking is realized by network slicing technology.It meets the diversity and customization of 5G network services, but also brings new security threats.5G commercial rapid development.The number of IoT devices has increased exponentially.In order to ensure that 5G networks provide more efficient and safe on-demand services, it is particularly important to study the security mechanism and strategy of network slicing for 5G mMTC application scenarios.Therefore, the characteristics and security requirements of 5G mMTC were analyzed.The main security threats of network slicing were listed.In view of the above security requirements and threats, the contribution and deficiency of existing security schemes around the aspects of specific network slice authentication, slice security isolation, security management and arrangement were summarized and expounded.And the future research in this field was prospected.A SM2-based secondary authentication and security isolation model for 5G mMTC network slicing was proposed.This model framework meeted the efficiency of large-scale authentication for 5G devices and users by introducing batch authentication and pre-authentication mechanisms.By hierarchical encryption of different communication data, the security isolation between 5G mMTC network slices was realized.The performance and security of the model were also analyzed.