System Broadcast Information Authentication Protocol Based on Certificateless Signature for 5G Network

doi:10.3969/j.issn.1671-1122.2024.08.008

Abstract

Abstract:

The popularization of 5G technology has promoted the development of productivity in various industries, but the security of 5G networks has gradually become prominent, and the security of base stations, as a hub connecting user equipment and the core network, has attracted much attention. Due to the lack of authenticity and integrity protection of the system information messages sent by the base station through broadcasting, attackers can modify the system information messages to attract user devices to connect to the fake base station during initial access or cell reselection, so as to launch a variety of subsequent attacks. In order to solve this problem, this paper proposed a base station identity authentication protocol based on certificateless signature, which provided a method for user equipment to verify the legitimacy of base station broadcasting system messages, and optimized the selection of signed messages, the overhead of signing and verification, and the defense against replay attacks. Simulation results show that the computational overhead introduced by this scheme is acceptable to the base station and user equipment, and compared with the existing base station identity authentication protocols, the proposed scheme improves the security and achieves the minimum signature length.

Key words: 5G air interface, pseudo base stations, identity authentication, certificateless public key cryptography

CLC Number:

TP309

SUN Zhongxiu, PENG Cheng, FAN Wei. System Broadcast Information Authentication Protocol Based on Certificateless Signature for 5G Network[J]. Netinfo Security, 2024, 24(8): 1220-1230.

Figures/Tables 7

References 29

[1]	SHAIK A, BORGAONKAR R, ASOKAN N, et al. Practical Attacks against Privacy and Availability in 4G/LTE Mobile Communication Systems[EB/OL]. (2015-10-20)[2024-04-16]. https://ui.adsabs.harvard.edu/abs/2015arXiv151007563S/abstract.
[2]	3GPP. Specification Number TR 33.809 Version 0.8.0, Study on 5G Security Enhancements against False Base Stations[EB/OL]. (2023-06-20)[2024-04-16]. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3952.
[3]	SHAIK A, BORGAONKAR R, PARK S, et al. New Vulnerabilities in 4G and 5G Cellular Access Network Protocols: Exposing Device Capabilities[C]// ACM. Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. New York: ACM, 2019: 221-231.
[4]	BITSIKAS E, POPPER C. You Have Been Warned: Abusing 5G’s Warning and Emergency Systems[C]// ACM. Proceedings of the 38th Annual Computer Security Applications Conference. New York: ACM, 2022: 561-575.
[5]	3GPP. 3GPP Specification Number TR 21.915 Version 15.0.0, Release Description; Release 15.[EB/OL]. (2018-03-20)[2024-04-06]. https://www.3gpp.org/ftp/Specs/archive/21_series/21.915/.
[6]	HA Man, CHEN Jing, LIU J K et al. Malicious KGC Attacks in Certificateless Cryptography[C]// ACM. Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2007: 302-311.
[7]	HUSSAIN S R, ECHEVERRIA M, CHOWDHURY O, et al. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information[J]. Network and Distributed Systems Security (NDSS) Symposium, 2019(8): 1-12.
[8]	SHAIK A, BORGAONKAR R, PARK S, et al. On the Impact of Rogue Base Stations in 4G/LTE Self Organizing Networks[C]// ACM. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. New York: ACM, 2018: 75-86.
[9]	LEE G, LEE J. This is Your President Speaking: Spoofing Alerts in 4G LTE Networks[C]// ACM. Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services. New York: ACM, 2019: 404-416.
[10]	KIM M, PARK J G, MOON D S, et al. Long-Term Evolution Vulnerability Focusing on System Information Block Messages[C]// IEEE. 2020 International Conference on Information and Communication Technology Convergence (ICTC). New York: IEEE, 2020: 837-842.
[11]	JIN Jian, LIAN Changliang, XU Ming. Rogue Base Station Detection Using A Machine Learning Approach[C]// IEEE. 2019 28th Wireless and Optical Communications Conference (WOCC). New York: IEEE, 2019: 1-5.
[12]	SINGLA A, HUSSAIN S R, CHOWDHURY O, et al. Protecting the 4G and 5G Cellular Paging Protocols against Security and Privacy Attacks[J]. Proceedings on Privacy Enhancing Technologies, 2020(6): 1-9.
[13]	LOTTO A, SINGH V, RAMASUBRAMANIAN B, et al. Baron: Base-Station Authentication through Core Network for Mobility Management in 5G Networks[C]// ACM. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York: ACM, 2023: 133-144.
[14]	HUSSAIN S R, ECHEVERRIA M, SINGLA A, et al. Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil[C]// ACM. Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks. New York: ACM, 2019: 1-11.
[15]	SINGLA A, BEHNIA R, HUSSAIN S R, et al. Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend against Fake Base-Stations[C]// ACM. Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. New York: ACM, 2021: 501-515.
[16]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]//Springer. Advances in Cryptology:Proceedings of CRYPTO. Heidelberg: Springer, 1985: 47-53.
[17]	AL-RIYAMI S S, PATERSON K G. Certificateless Public Key Cryptography[C]// Springer. International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg: Springer, 2003: 452-473.
[18]	WANG Liangliang, CHEN Kefei, LONG Yu, et al. An Efficient Pairing-Free Certificateless Signature Scheme for Resource-Limited Systems[J]. Science China (Information Sciences), 2017, 60(11): 11-23.
[19]	THUMBUR G, RAO G S, REDDY P V, et al. Efficient Pairing-Free Certificateless Signature Scheme for Secure Communication in Resource-Constrained Devices[J]. IEEE Communications Letters, 2020, 24(8): 1641-1645.
[20]	XU Zhiyan, LUO Min, KHAN M K, et al. Analysis and Improvement of a Certificateless Signature Scheme for Resource-Constrained Scenarios[J]. IEEE Communications Letters, 2020, 25(4): 1074-1078.
[21]	KHAN M, ALHAKAMI H, ULLAH I, et al. A Resource-Friendly Certificateless Proxy Signcryption Scheme for Drones in Networks Beyond 5G[J]. Drones, 2023, 7(5): 321-332.
[22]	ALMAZROI A, ALDHAHRI E, AL-SHAREEDA M, et al. ECA-VFog: An Efficient Certificateless Authentication Scheme for 5G-Assisted Vehicular Fog Computing[J]. Plos One, 2023, 18(6): 87-91.
[23]	DOLEV D, YAO A. On the Security of Public Key Protocols[J]. IEEE Transactions on Information Theory, 1983, 29(2): 198-208.
[24]	3GPP. Specification Number TS 38.104 Version 15.9.0, Base Station (BS) Radio Transmission and Reception[EB/OL]. (2020-04-09)[2024-04-16]. https://www.3gpp.org/ftp/Specs/archive/38_series/38.104/.
[25]	BONEH D, GENTRY C, LYNN B, et al. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps[C]// Springer. Advances in Cryptology—EUROCRYPT 2003:International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2003: 416-432.
[26]	ZHAO Yunlei. Aggregation of Gamma-Signatures and Applications to Bitcoin[EB/OL]. (2018-04-21)[2024-04-16]. https://eprint.iacr.org/2018/414.pdf.
[27]	SRS. SRSRAN_Project[EB/OL]. (2023-02-22)[2024-04-24]. https://github.com/srsran/srsRAN_Project.
[28]	NIST. NIST Report on Cryptographic Key Length and Cryptoperiod[EB/OL]. (2020-05-24)[2024-04-06]. https://www.keylength.com/en/4/.
[29]	YAVUZ A A, MUDGERIKAR A, SINGLA A, et al. Real-Time Digital Signatures for Time-Critical Networks[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(11): 2627-2639.

攻击类型	基于PKI的认证协议	基于IBS的认证协议	本文方案
伪基站攻击	√	√	√
重放攻击	√	√	√
恶意KGC/PKG攻击	—	×	√
警报消息注入和抑制攻击	×	×	√

方案	保护的消息	平均每条消息附加的字节数/B
PKI（ECDSA）	SIB1, SIB2	138.5
PKI（SCRA-BGLS）	SIB1, SIB2	110
Schnorr-HIBS-P	SIB1	150
未优化的CLS	SIBi(i=1,…,24)	113
本文方案	MIB, SIB1, SIB2, SIB3,SIB4, SIB6, SIB7, SIB8	87.8

方案	单个签名 /ms	验证单个签名/ms	聚合签名 /ms	验证聚合签名/ms
Schnorr-HIBS-P	0.007	3.2	—	—
未优化的CLS	1.100	4.3	—	—
本文方案	0.008	4.3	0.004	6.3