In terms of identity authentication of the access, when the mobile subscriber attaches to the network for the first time, the long-term identity (IMSI) of the 3G/4G terminal is directly transmitted in the form of clear text, and the identity of the user is disclosed. However, the 5G adds a public key set by the operator to the USIM card, and directly encrypts the user's SUPI (ie, IMSI) into the SUCI, and the network decrypts with the private key, thereby protecting the user's identity from eavesdropping attacks.
It is reported that 3GPP gives the recommended SUCI encryption scheme in TR33.899. After obtaining the IMSI, the mobility management entity allocates temporary identity information GUTI/TMSI to the USIM for subsequent communication.
In terms of authentication protocols, the types of devices that 5G faces are no longer single, and it is difficult to issue consistent credentials for different devices. Vertical industries have some special authentication mechanisms. Therefore, 5G also needs to realize the transition from a single identity management mode that is not issued by the USIM card to a flexible and diverse identity management mode, and management of the generation, distribution, and revocation of the identity credentials involved.
Then, 5G will use EAP-AKA to achieve two-way authentication under the unified framework, support non-3GPP access, and use 5G-AKA to enhance home network control. In addition to the original certification, it is also possible to provide certification services by means of a third-party secondary certification.
At the same time, group authentication is required for massive IOT connections, and V2V fast authentication is required for the Internet of Vehicles. The key distribution process is sent to each authentication node at the edge of the network, which effectively prevents the signaling impact of the centralized authentication center deployed in the middle of the network.
In addition, since the 5G access network includes the LTE access network, the attacker may induce the user to the LTE access mode, resulting in a dimensionality reduction attack for privacy leakage, and the 5G privacy protection also needs to consider such a security threat.