移动通信标准中的安全机制

本文着重介绍了3GPP/3GPP2相关标准中规定的第三代移动通信鉴权和密钥协商机制,并与第二代移动通信系统中的鉴权和密钥协商机制进行比较,分析了各自的优缺点.     

IP multimedia subsystems in 3GPP and 3GPP2: overview and scalability issuesP

The Internet has experienced tremendous expansion in the past several years. Demands for IP multimedia services are emerging. The third-generation (3G) wireless networks aim to support mobile users with numerous Internet services. 3G standards organizations are developing IP multimedia subsystems (IMS) to achieve seamless integration between Internet and 3G networks. Moreover, the collaboration between IETF, 3GPP, and 3GPP2 is essential to the development of IMS for next-generation networks. This article first provides an overview of 3GPP and 3GPP2 IMS and illustrates the IMS requirements, architectures, and functional models. We then discuss potential scalability issues in IMS. This article provides guidance for constructing a robust and scalable IMS.     

Location-Based Services — An Overview of the Standards

This paper traces the history of location-based service (LBS) standards that arose from North American requirements in the work on GSM standards in the late 1990s. It also describes how interest in GSM/UMTS outside Europe led to the creation of the Third Generation Partnership Project (3GPP) for developing UMTS standards (which include standards for the 3G mobile Internet). In addition, the paper covers the role of other standards bodies and interest groups involved in the creation of LBS standards such as the new Open Mobile Alliance.Different location methods for detecting the position of mobiles are described and a summary of the current work in 3GPP on LBS-based services and architecture for UMTS is given. The paper also covers work on wireless access protocols in the old WAP Forum     

针对GTP协议的攻击及防御综述

3G通信安全正逐步受到人们的关注。GTP(GPRS Tunnelling Protocol)协议是3G通信中的重要协议。GTP协议本身并没有任何内在的安全机制,来自空中、Internet、PLMN的针对GTP协议的各种攻击会给3G核心网的基础设施、Internet和移动用户带来巨大的危害。文中介绍了针对GTP协议的各种可能攻击,并用GTP专用防火墙和其他应对措施来解决针对GTP协议的攻击。     

第三代移动通信系统的安全体系

透过第三代移动通信系统的UMTS的安全原则,介绍了第三代合作项目(3GPP)的安全体系结构,讨论了第二代(2G)与第三代(3G)安全体系的区别.     

2G与3G移动网络接入的安全性分析

依据3GPP提出的网络接入安全技术规范，分别讨论了2G与3G网络中用户的接入安全机制，重点分析在2G、3G网络共存情况下的漫游用户鉴权，最后对移动网络安全的进一步完善提出了建议。     

3GPP中URLLC标准研究进展

为了应对未来移动流量与设备连接数量的爆炸式增长,第五代通信系统(5G)将通信服务从人与人之间通信渗透到物联网及各种垂直行业领域,3 GPP从NR第一个版本开始就开展了针对低时延高可靠通信的标准研究工作。首先概述了URLLC在3GPP中研究的标准化进程;然后列举了URLLC用例与需求,基于多样化的需求指标,详细介绍了使能URLLC业务的物理层关键技术与其在3GPP各个阶段的研究进展;最后,总结全文并对未来URLLC技术的发展做出展望。     

IMS关键技术及业务应用研究

3GPP UMTS体系标准的R5版本中引入的IMS是为支持移动多媒体业务而设计,是第三代移动通信核心网络的重要组成部分。论文首先对IMS的关键技术做了归纳总结,然后重点介绍了IMS的安全功能。在此基础上讨论了IMS中的业务架构和基本业务。     

3GPP移动通信网络的分流技术研究

介绍了可应用于3GPP移动通信网络的分流技术方案,该方案使得数据流量能够就近疏导至Internet网络,避免核心网与接入网之间传输资源的浪费,降低了运营商网络扩容方面的压力.这为运营商网络的实际运营提供参考建议,具有重要的应用价值.     

The IMS service platform: a solution for next-generation network operators to be more than bit pipes

As third-generation (mobile) networks (3G networks) become a commercial reality, strong movements are emerging in the direction of a common infrastructure based on the Internet protocol (IP). The users' mobile devices are like another IP host connected to the Internet. In such a scenario, the network operator infrastructure is degraded to bit pipes. To avoid this, the 3G partnership project (3GPP) and ETSI TISPAN have designed IP multimedia subsystem (IMS), a service platform that aims to place the network operator again in the central role of service provisioning. In this article we examine IMS from a mobile operator's perspective and analyse its possible adaptation to the next-generation networks.     

The User-level Security of Mobile Communication Systems

1　ＩｎｔｒｏｄｕｃｔｉｏｎＢｏｔｈｔｈｅｆｉｘｅｄｔｅｌｅｐｈｏｎｅｎｅｔｗｏｒｋａｎｄｔｈｅｍｏ ｂｉｌｅｓｙｓｔｅｍｓ (ｅ .ｇ .,ＧＳＭ )ａｒｅｂｅｉｎｇｕｓｅｄｉｎｃｒｅａｓ ｉｎｇｌｙｆｏｒｎｏｔｏｎｌｙｓｐｅｅｃｈａｎｄｆａｘｃｏｍｍｕｎｉｃａｔｉｏｎｂｕｔａｌｓｏＩｎｔｅｒｎｅｔｓｅｒｖｉｃｅ .ＴｈｅｄｅｍａｎｄｆｏｒｔｈｅｆｉｘｅｄＩｎ ｔｅｒｎｅｔｓｅｒｖｉｃｅ ,ｎａｍｅｌｙｔｈｅＷｏｒｌｄＷｉｄｅＷｅｂ(ＷＷＷ ) ,ｈａｓｂｅｅｎｓｐｅｃｔａｃｕｌａｒ.Ｔｈｅｓｅｒｖｉｃｅｉｓｎｏｗ…     

5G meets satellite: Non-terrestrial network architecture and 3GPP

With 3GPP Release-17, global 5G standards now support non-terrestrial mobile networks comprising radio access network, terminals, and core network. This enables multi-vendor interoperability as well as interoperability with 3GPP-compliant 5G systems. This paper describes the key features enabling the NG-RAN architecture defined for 5G to support non-terrestrial networks. Starting from a general overview of NG-RAN and of the new paradigms of NTN, we introduce the NTN functionality in NG-RAN specifications with respect to feeder link switchover, cell handling, terminal registration, and OAM aspects. We also discuss different scenarios combining satellite access with 3GPP-defined core networks. We also describe some further enhancements expected to be seen in the next 3GPP release (Rel-18). We believe current and upcoming 3GPP work for NTN represents a solid basis on which 5G satellite networks can be built in the upcoming future.     

Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks

The SSL/TLS protocol is a de-facto standard that has proved its effectiveness in the wired Internet and it will probably be the most promising candidate for future heterogeneous wireless environments. In this paper, we propose potential solutions that this protocol can offer to future “all-IP” heterogeneous mobile networks with particular emphasis on the user's side. Our approach takes into consideration the necessary underlying public key infrastructure (PKI) to be incorporated in future 3G core network versions and is under investigation by 3GPP. We focus on the standard 3G+ authentication and key agreement (AKA), as well as the recently standardized extensible authentication protocol (EAP)-AKA procedures and claim that SSL-based AKA mechanisms can provide for an alternative, more robust, flexible and scalable security framework. In this 3G+ environment, we perceive authentication as a service, which has to be performed at the higher protocol layers irrespectively of the underlying network technology. We conducted a plethora of experiments concentrating on the SSL's handshake protocol performance, as this protocol contains demanding public key operations, which are considered heavy for mobile devices. We gathered measurements over the GPRS and IEEE802.11b networks, using prototype implementations, different test beds and considering battery consumption. The results showed that the expected high data rates on one hand, and protocol optimisations on the other hand, can make SSL-based authentication a realistic solution in terms of service time for future mobile systems.     

5G非公共网络技术分析

5G无线通信系统除了满足普通用户移动宽带互联网业务需求,还要向垂直行业、企业渗透,加快国家工业互联网发展和工业智能化进程。为了更好地实现这一目标,非公共网络技术(NPN)开始吸引人们的目光,3GPP已在5G Rel-16标准中加入NPN场景需求、功能的研究和标准化工作。介绍了NPN网络的基本概念,给出5G标准Rel-16版本中NPN的两种组网形态和典型组网方案,以及NPN网络与PLMN网络互操作方法。在此基础上,分析了NPN网络特性和不同的NPN部署方案对网络特性的影响,为运营商和垂直行业企业未来部署NPN网络提供参考。     

一种基于非对称密钥密码体制的IMSI保护方案

3G网络(3GPP)虽然采用了TMSI机制对IMSI进行保护,但仍然存在IMSI暴露的可能,对移动用户的信息安全造成了严重威胁.文中首先对IMSI泄露造成的威胁进行了分析,随后提出一种基于非对称密钥密码体制的IMSI保护方案,将IMSI加密保护与完整性保护、密钥管理等安全机制有机的结合,最后分析了该方案的安全性.     

3G时代移动互联网发展分析

描述了移动互联网及3G增值业务的特点,结合移动互联网当前飞速发展的现状,参考移动互联网年度数据,从产业链角度对移动互联网的发展趋势作出详细分析。得出互联网必然向移动互联网产业转变的结论,并从电信运营商角度给出对策建议。     

Secure Service and Network Framework for Mobile Ethernet

Secure cellular data services have become more popular in the Japanese market. These services are based on 2G/3G cellular networks and are expected to move into the next-generation wireless networks, called Beyond 3G. In the Beyond 3G, wireless communication available at a user's location is selected based on the type of the service. The user downloads an application from one wireless network and executes it on another. Beyond 3G expects core and wireless operators and allows to plug-in new wireless access. A security model that can accommodate these requirements needs to be sufficiently flexible for end users to utilize with ease. In this paper, we explain the Mobile Ethernet architecture for all IP networks in terms of the Beyond 3G. We discuss usage scenario/operator models and identify entities for the security model. We separate a mobile device into a personal identity card (PIC) containing cryptographic information and a wireless communications device that offers security and flexibility. We propose a self-delegation protocol for device authentication and use a delegated credential for unified network- and service-level authentication. We also propose proactive handover authentication using the security context between different types of wireless access, such as Third Generation Partnership Project (3GPP) and WLAN, so that the secure end-to-end communication channels established by service software on the TCP/IP are not terminated. Lastly, we raise security issues regarding the next-generation platform.     

Using PARLAY APIs Over a SIP System in a Distributed Service Platform for Carrier Grade Multimedia Services

The implementation of new mobile communication technologies developed in the third generation partnership project (3GPP) will allow to access the Internet not only from a PC but also via mobile phones, palmtops and other devices. New applications will emerge, combining several basic services like voice telephony, e-mail, voice over IP, mobility or web-browsing, and thus wiping out the borders between the fixed telephone network, mobile radio and the Internet. Offering those value-added services will be the key factor for success of network and service providers in an increasingly competitive market. In 3GPP's service framework the use of the Parlay APIs is proposed that allow application development by third parties in order to speed up service creation and deployment. 3GPP has also adopted SIP for session control of multimedia communications in an IP network. This article proposes a mapping of SIP functionality to Parlay services and describes a prototype implementation using the SIP Servlet API. Furthermore, an architecture of a Service Platform is presented that offers a framework for the creation, execution and management of carrier grade multimedia services in heterogeneous networks.     

SEAI: Secrecy and Efficiency Aware Inter-gNB Handover Authentication and Key Agreement Protocol in 5G Communication Network

Recently, the Third Generation Partnership Project (3GPP) has initiated the research in the Fifth Generation (5G) network to fulfill the security characteristics of IoT-based services. 3GPP has proposed the 5G handover key structure and framework in a recently published technical report. In this paper, we evaluate the handover authentication mechanisms reported in the literature and identify the security vulnerabilities such as violation of global base-station attack, failure of key forward/backward secrecy, de-synchronization attack, and huge network congestion. Also, these protocols suffer from high bandwidth consumption that doesn’t suitable for energy-efficient mobile devices in the 5G communication network. To overcome these issues, we introduce Secrecy and Efficiency Aware Inter-gNB (SEAI) handover Authentication and Key Agreement (AKA) protocol. The formal security proof of the protocol is carried out by Random Oracle Model (ROM) to achieve the session key secrecy, confidentiality, and integrity. For the protocol correctness and achieve the mutual authentication, simulation is performed using the AVISPA tool. Also, the informal security evaluation represents that the protocol defeats all the possible attacks and achieves the necessary security properties.Moreover, the performance evaluation of the earlier 5G handover schemes and proposed SEAI handover AKA protocol is carried out in terms of communication, transmission, computation overhead, handover delay, and energy consumption. From the evaluations, it is observed that the SEAI handover AKA protocol obtains significant results and strengthens the security of the 5G network during handover scenarios.

     

普适服务综述

随着技术和市场的发展,电信网和互联网正在走向融合,形成一体化网络,提供的服务也将逐步趋同。普适服务融合了各方面对未来服务的需求和期望,成为超3G、下一代网络（NGN）、下二代互联网（NGI）等研究领域的热点问题。普适服务的概念起源于普适计算和超3G领域,其特征包括普适性、移动性、透明性、质量可控性、个性化、自适应性、主动性、安全性、易用性、多样性、快捷性。3GPP、OMA等标准化组织以及欧盟的超3G研究项目都针对普适服务的不同特征进行了研究。当前普适服务的研究热点包括上下文感知、业务使能等技术。