Unified and fast handover authentication based on link signatures in 5G SDN‐based HetNet
2018; Institution of Engineering and Technology; Volume: 13; Issue: 2 Linguagem: Inglês
10.1049/iet-com.2018.5405
ISSN1751-8636
AutoresJing Yang, Xinsheng Ji, Kaizhi Huang, Yajun Chen, Xiaoming Xu, Ming Yi,
Tópico(s)IPv6, Mobility, Handover, Networks, Security
ResumoIET CommunicationsVolume 13, Issue 2 p. 144-152 Research ArticleFree Access Unified and fast handover authentication based on link signatures in 5G SDN-based HetNet Jing Yang, Corresponding Author yangjingFi@163.com China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorXinsheng Ji, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of China National Mobile Communications Research Laboratory, Southeast University, Nan Jing, 211189 People's Republic of ChinaSearch for more papers by this authorKaizhi Huang, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorYajun Chen, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorXiaoming Xu, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorMing Yi, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this author Jing Yang, Corresponding Author yangjingFi@163.com China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorXinsheng Ji, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of China National Mobile Communications Research Laboratory, Southeast University, Nan Jing, 211189 People's Republic of ChinaSearch for more papers by this authorKaizhi Huang, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorYajun Chen, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorXiaoming Xu, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this authorMing Yi, China National Digital Switching System Engineering and Technological R&D Center, Zheng Zhou, 450002 People's Republic of ChinaSearch for more papers by this author First published: 01 January 2019 https://doi.org/10.1049/iet-com.2018.5405Citations: 2AboutSectionsPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onEmailFacebookTwitterLinked InRedditWechat Abstract Existing handover authentication schemes are implemented in the upper layer through cryptographic techniques with different protocols and parameters involved under different handover scenarios, introducing high latency and complexity especially in the next generation (5G) highly heterogeneous network (HetNet). The authors propose to introduce wireless link signatures decided by users' locations as handover authentication data to achieve unified and fast handover authentication at the physical layer in 5G software defined networking-based HetNet. Specifically, the unique wireless channel characteristics between a user and the serving access point (AP) are extracted as the secure context information (SCI) and transferred to the target AP. The latter determines whether the user is the legitimate one who has already been authenticated according to the received SCI. They then analyse the authentication performance relating to multiple attributes and results demonstrate that the authentication strength can be adaptively adjusted. Furthermore, they find that optimum performance can be achieved by setting a proper decision threshold and derive the sub-optimal performance by iterative search. Lastly, analysis and simulations on latency and overhead compared with existing ones are conducted and results prove the effectiveness of the proposed scheme. 1 Introduction The next generation network (5G) tends to be a highly heterogeneous network (HetNet), with diversified and dense small access points (APs) deployed overlay to cellular networks to provide ubiquitous network connectivity as well as high data rates [1]. However, this multi-tier architecture also results in quite frequent handovers, which will pose great challenges for handover authentication between different APs especially for services with stringent latency requirements [2, 3]. Existing standardised handover authentication schemes are achieved in the upper layer with different authentication protocols and message flows involved for different handover scenarios [4], introducing high complexity and excessive latency which may be intolerable for some time-sensitive services when applied to 5G HetNet [5]. Therefore, unified and fast handover authentication schemes applicable to different handover scenarios are urgently required. There have been some researches trying to achieve that which can be categorised into three types [6]: authentication, authorisation and accounting (AAA)-based [7], security context transfer (SCT)-based [8] and direct handover authentication [9]. In the former two types, the user (UE) and the target AP establish a trust relationship, respectively, through the trust materials transferred from the AAA server and the previous AP, while in the direct handover authentication, the UE and the target AP authenticate each other directly. All of these schemes are achieved in the upper layer through cryptographic techniques whose security are built upon the assumption that attackers have limited storage and computing capability, which may be vulnerable to some future high-capacity computers such as quantum computers. In addition, complex public cryptographic techniques are involved in most of these schemes, which cannot be well applied in resource-constrained devices [3]. Some argue that the handover authentication could be implemented at lower layers, such as the data link layer or physical layer [5], without involving in different authentication protocols and layer-to-layer transfers. In recent years, physical layer authentication (PLA) utilising inherent wireless link signatures as authentication parameters to achieve light-weight and fast authentication has been proposed and received wide research attention [10, 11]. Wireless channels are location-specific due to path loss and channel fading, making any wireless link between two communication nodes unique and uncloneable [12]. Due to this, wireless channel characteristics (e.g. received signal strength, channel impulse response, and channel frequency response) can be extracted as link signatures to provide robust location distinction and location-based authentication. Specifically, the receiver verifies the transmitter by comparing the similarity of channel characteristics of consecutively received data packets which should be highly correlated within the channel coherence time (usually within tens of milliseconds) [13, 14]. The authentication will succeed only when the estimated channel characteristics are similar to previous extracted ones. Compared to cryptography-based authentication, authentication data in PLA are non-cryptographic and decided by the time-varying communication environment which is extremely difficult to impersonate or predict no matter how powerful the attackers are. Besides, the authentication data are extracted from the radio medium and the verification is executed at the physical layer, which can achieve light-weight and fast authentication across different networks. Therefore, PLA has been considered as an effective complementary enhancement to existing upper-layer authentication mechanisms [15] and some references propose to employ PLA in handover authentication to reduce handover latency and complexity and achieve unified authentication [16-20]. The authors of [16, 17] pointed out that PLA could be implemented in handover to achieve lightweight and fast authentication. In [18, 19], the authors proposed to utilise multiple physical layer attributes, such as clock skew, signal strength, channel state information, as security context information (SCI) and transfer between different APs across software defined networking (SDN)-based HetNets to accelerate authentication handover. SDN is a new network architecture which removes the control logic from underlying infrastructures to simplify the control and management of networks. It has been assumed to be essential for future communication networks, including cellular networks, i.e. 5G networks [21, 22]. On the basis of [18, 19], reference [20] proposes to use the Kolmogorov–Smirnov (K–S) hypothesis test in the judgment process to accelerate the judgement. References above have provided an idea about introducing physical layer attributes or PLA into handover, however, how the idea can be realised and what the performance will be have not been designed and analysed yet now. In this study, we propose a unified and fast handover authentication scheme based on wireless link signatures in 5G SDN-based HetNet. Different from [18, 19] using multiple attributes as the context information, some of which remain unchanged for a long time or can be easily predicted, we only employ the unique wireless channel characteristics as the SCI since they are time-varying and unpredicted, ensuring authentication information for every handover is distinct and uncloneable. To ensure the secure transmission of the SCI over the air, we employ 'physical encryption' by extracting the wireless channel characteristics of the target link to hide them from eavesdropping. The target AP only needs to compare the received SCI from the UE and the previous AP employing binary hypothesis testing to verify the legitimacy of the UE. The main contributions of this study are listed as follows: We have designed a unified and fast handover authentication scheme based on wireless link signatures in 5G SDN-based HetNet. We have provided a concrete realisation and detailed procedure of the proposed scheme which has never been done before. We investigate the authentication performance of the proposed scheme corresponding to various factors in detail, including the security characterised by the false alarm rate and attacking rate, latency, and overhead. To evaluate the security more comprehensively and reasonably, we put forward an evaluation parameter called 'authentication function (AF)' to give consideration to both the false alarm rate and attacking rate. We further derive a sub-optimal decision threshold by iterative search aiming to obtain the optimal AF under a given signal-to-noise ratio (SNR) and authentication length and further compare with existing handover authentication schemes. We perform a comprehensive comparison with existing handover authentications in terms of the time latency and computation overhead to further prove the effectiveness of the proposed scheme. The reminder of the paper is organised as follows. In Section 2, the system model of the handover authentication in 5G SDN-based HetNet is given and in Section 3, the detailed process of the proposed scheme is illustrated and described. Our theoretical analysis and simulation results are presented in Section 4, which is followed by our conclusions and future work in Section 5. 2 System model Fig. 1 illustrates the handover authentication system model for the proposed scheme in 5G SDN-based HetNet. All the 3GPP (e.g. macrocells, small cells, and femtocells), non-3GPP (e.g. WiFi and WiMax) as well as other future potential radio access technologies (RATs) (e.g. millimetre wave communication and visible light communication) in the HetNet are supported through a single core network by SDN architecture. Fig. 1Open in figure viewerPowerPoint System model of the handover authentication in 5G SDN-based HetNet The control and management of heterogeneous RATs are decoupled from underlying infrastructures, such as base stations (BSs) and gateways, to the centralised SDN controller. Then the SDN controller has global control over the whole HetNet, such as path discovery, topology management, strategy making etc., while physical devices simply forward data between different RATs according to the instructions from the controller. The controller is integrated with various application control and policy functions, among which an authentication module is responsible for the management and configuration of the handover authentication, such as configuring the path for the authentication data flows. To simplify the description of different cells in HetNet, we collectively label the BSs and access points as APs. The UE is under the service of the current serving AP, AP1, and aims to switch to the target AP, AP2. APs are indirectly connected by wires under the management of the SDN controller and trusted by each other while the UE is wirelessly linked to APs. As illustrated, the wireless channels between the UE and AP1, AP2 can be characterised by complex vectors which are denoted as and , respectively. According to the propagation characteristic of electromagnetic wave [12], we can know that and are completely uncorrelated as long as the distances between different APs are larger than half of a wavelength, which can be obviously satisfied in practice. Then and can be regarded as the inherent wireless link signatures between the UE and AP1, AP2, respectively. In addition, wireless channels are time-varying but short-term reciprocal, which means the link signatures extracted by the UE and AP1/AP2 are highly consistent within the channel coherence time [23]. In our proposed scheme, the link signature will be used as the SCI and transferred to AP2 from AP1 and the UE, respectively. 3 Unified and fast handover authentication based on link signatures in 5G SDN-based HetNet Fig. 2 illustrates the detailed process of the proposed handover authentication scheme. As illustrated, when the UE aims to switch to AP2, the wireless link signatures between the UE and AP1 will be extracted as SCI and transferred to AP2 by AP1 and the UE, respectively. AP2 verifies the UE by comparing the received SCI employing binary hypothesis testing. The whole handover authentication process can be divided into three steps which are respectively described in Sections 3.1–3.3. Fig. 2Open in figure viewerPowerPoint Process of the proposed handover authentication 3.1 Handover preparation When the UE has scanned for a new better AP, AP2, and aims to switch to it, he will send a handover notification to the current serving AP, AP1, and the latter extracts and stores the wireless channel characteristics between them according to the pilot signals after receiving the notification. We employ pilot-based channel estimation in this study. The communication is supposed to employ a multi-carrier transmission system with M carriers (e.g. OFDM) well separated for ensuring independent channel fading. Suppose the pilot signal of the ith carrier is denoted as , the corresponding received signal at the receiver can be expressed as (1)where is the additive white Gaussian noise. Then the ith channel gain can be estimated by (2)where is the estimation error introduced by the noise. In a rich-scattering environment, can be modelled as a complex Gaussian distribution with zero mean and variance , i.e. [24, 25], where CN denotes the complex Gaussian distribution. The estimation error can also be modelled as complex Gaussian distribution for simplicity [26]. Then the complex channel gains of different carriers estimated by AP2 forming a complex vector with the dimension of M can be regarded as the link signatures and extracted by AP1 denoted as . After that, AP1 sends an acknowledgement of the handover notification to the UE and similarly, the UE extracts the link signatures denoted as . Theoretically, and should be highly consistent within the channel coherence time [9] since wireless channels are short-term reciprocal, enabling AP1 and the UE to observe the same channel. However, due to the impact of noises and mobility, the link signatures extracted by the UE and AP1 will not be exactly the same, but can be regarded as noisy versions of the true link signatures between them [25, 26] (3)where every element of is complex Gaussian distributed with zero mean and variance , i.e. [25]. and are the noises with distribution. Specifically, all the noises in this study are modelled with the same Gaussian distribution. Then elements in and are all distributed. 3.2 Security context transfer The extracted link signatures will be transferred to AP2 as SCI by the UE and AP1, respectively. AP1 transmits them to AP2 through wired connection under the instruction of the SDN controller while the UE transmits them over the air. The SDN controller configures a path based on a certain rule according to the overall network condition. To protect the transmission over the air from eavesdropping, we employ 'physical encryption' by extracting the target link signature between the UE and AP2 to 'encrypt' described below. The UE sends a handover request to AP2 and the latter returns a request for authentication data. The UE extracts the target link signature denoted as according to the pilot and utilises it as a 'physical key' to 'encrypt' at the physical layer to generate authentication response , which is also a complex vector in (4) (4) Then authentication response is transmitted to AP2 along with access request and other authentication data such as identity information. However, it should be noted here that the transmission of and other data are different. Authentication data apart from are transmitted without any errors by reliable transmission techniques such as symbols mapping and channel coding, while is transmitted without mapping or coding. As a consequence, after the impact of the wireless channel between the UE and AP2, the received signal of at AP2 can be expressed as (5)where are the true channel characteristics between the UE and AP2, while are the noises. Then similarly, the estimated signatures at AP2 and at the UE are noisy versions of , i.e. , , where and are noises. AP2 recovers the authentication response as from the received signal in (3), whose ith element can be calculated by (6) (6)where is the recover error of . After that, AP2 generates an authentication response employing the same method in (4) using the extracted and received . Since AP1 and AP2 are indirectly connected by wires, which is reliable, the transmission of is supposed to be errorless. Then the authentication response generated at AP2 can be expressed as (7) 3.3 Verification After recovering , AP2 further compares it with the generated authentication response and gets the matching result between them, which is characterised by distance in (8) (8) Then, AP2 compares the matching result S with a threshold , which is set according to the authentication requirement and channel condition, and further judges employing binary hypothesis testing in (9) to decide between hypothesis that the UE is legitimate and hypothesis that it might be an attacker, (9) The above process describes a one-way authentication of AP authenticating the UE. In order to achieve mutual authentication, more wireless channel characteristics can be extracted and used by AP2 transmitting to the UE for the latter to verify the legitimacy of AP2. 4 Performance analysis 4.1 Security performance In this subsection, we will analyse the authentication performance of the proposed scheme corresponding to various factors. The security performance is characterised by false alarm rate , which is the probability that AP2 falsely rejects the UE, and attacking rate (or missing rate) , which is the probability of falsely accepting an attacker, i.e. the successful attacking rate for attackers (10)where is the test statistic AP2 obtained when there exists an attacker during the handover. and are a pair of contradictions changing with opposite trends according to different decision thresholds. The goal of an excellent authentication scheme is to make both error probabilities as small as possible since large results in repetitive authentication failures and excessive resources to re-authentication while large results in a high attacking rate which should be absolutely avoided. Due to the noises, the responses generated by the UE and AP2 can be expanded as (11) Then elements in and are Gaussian distributed with zero means and variances . Let , then the ith element of is expressed as according to (6), (11-6), (11) and is Gaussian distributed with zero mean and variance . However, the distribution of , which represents the recover error of the authentication response at AP2, is difficult to analyse and we simplify it as Gaussian distributed as well. Fig. 3 shows the probability densities of a standard Gaussian distribution and the recover error which we can see have similar distribution and we then equal the latter as a Gaussian distribution for the sake of analysis. Fig. 3Open in figure viewerPowerPoint Probability densities of a standard Gaussian distribution and the recovered error Then elements in follow distribution of and , i.e. is chi-distributed with the degrees of freedom of 3M. For a given threshold , the false alarm rate can be expressed as (12) If the false alarm rate is required to satisfy a certain requirement of , then and we get (13) For attackers, they can launch attacks by replay attacks and impersonation attacks. When an attacker aims to launch a replay attack, the SCI it replayed will be completely uncorrelated with updated ones as long as the time interval is larger than the channel coherence time. Similarly, when the attacker aims to launch an impersonation attack, he can only randomly forge the signatures which would be completely uncorrelated to the legal ones. The elements of the illegal authentication response forged by attackers are with distribution of and the test statistic obtained at AP2 is expressed as (14)where elements of are complex Gaussian distributed with zero mean and variances . Then , i.e. is chi-distributed with the degrees of freedom of 2M and the attacking rate can be expressed as (15) If is required to satisfy the requirement of , the corresponding decision threshold is (16) Fig. 4 illustrates the authentication performance under different SNRs and authentication lengths given a fixed decision threshold. It can be seen that the false alarm rate and attacking rate are a pair of contradictions, which means the attacking rate goes downwards as the false alarm rate rises. However, there exist some areas where the false alarm rate and attacking rate can be both low under a given decision threshold and we learn from this that decision thresholds should be properly set according to different SNRs and authentication lengths. Fig. 4Open in figure viewerPowerPoint Authentication performance under different SNRs and authentication lengths Figs. 5 and 6 illustrate the impact of decision thresholds on authentication performance under different SNRs and authentication lengths, respectively. We can see that under given authentication length and SNR, different thresholds will result in different authentication performance and a proper threshold should be set to ensure that both the false alarm rate and attacking rate are small. Then in the next subsection, we aim to search the optimal decision threshold to achieve the optimal authentication performance when given a certain authentication length and SNR. Fig. 5Open in figure viewerPowerPoint Authentication performance under different SNRs and decision thresholds Fig. 6Open in figure viewerPowerPoint Authentication performance under different authentication lengths and thresholds 4.2 Authentication performance optimisation From the analysis and simulation above, we can find that the decision threshold can be set adaptively and dynamically according to different authentication requirements. However, an excellent handover authentication should balance well between the false alarm rate and attacking rate to guarantee both strong security and low overhead. We then put forward an evaluation parameter called 'authentication function (AF)' defined in (17) to take both the false alarm rate and attacking rate into consideration to evaluate the authentication more comprehensively and reasonably (17)where is the weight assigned to , which is determined according to the authentication requirements, and is assigned to . Larger will be chosen if the authentication focuses more on the security characterised by the attacking rate, while smaller will be if the authentication does not pursue a high-security level. Obviously, the lower is, the better the authentication will be. Fig. 7 illustrates the relationship between AF and differentdecision thresholds, weights , authentication lengths and SNRs. It can be seen that different SNRs and authentication lengths influencethe AF heavily while different weights have less influence. When given a fixedweight, SNR and authentication length, a minimum as well as the optimum valuecan be achieved at a certain decision threshold. Therefore, the decisionthreshold should be properly set to achieve the optimal performance under agiven authentication requirement and channel condition. The selection of thedecision threshold can be transformed into the following mathematicaloptimisation problem: (18) Fig. 7Open in figure viewerPowerPoint Authentication function under differentconditions The constraint conditions mean that the false alarm rate and attacking rate are required to be lower than some specific requirements. The target function in (18) is then expanded as a linear constrained optimisation problem with as the argument according to (12), (13), (15-12), (13), (15) and (16), expressed as (19) Sadly, the target function in (19) is not concave and convex optimisation algorithms cannot be utilised to obtain the optimal solution. Instead, we employ one-dimensional golden section searching method described in Table 1 to approach the optimum value. Table 1. Searching method for the proposed scheme Step 0: Choose the initial searching region and convergence precision , , , , set Step 1: Calculate , if , jump to step 2; otherwise, to step3. Step 2: Set , , , , calculate , ; return to step1. Step 3: Set , , , , calculate , ; return to step1. Fig. 8 shows the values of the target function for different searching rounds under 4, 8, and 12 dB, respectively. We can see that after five rounds of searching, the target function has nearly converged well to a stable state. We label the performance after five rounds of searching, and then compare the performance with four more rounds of searching, see Fig. 8. The differences of the target function are respectively , , and the relative differences are respectively 0.238, 0.138, and 0.361, which are all below 0.5. Next, we compare the sub-optimal authentication performance with five rounds of searching with existing handover authentication schemes assigned with same weights to the false alarm rate and attacking rate. Fig. 8Open in figure viewerPowerPoint Target function under different iteration times The searching is efficient since it only involves a simple calculation. For every round of searching, the required calculation operations are two calculations of values of the target function, two additions/subtractions, and one multiplication. For five rounds of searching, the searching method consumes a small amount of calculation. For existing handover authentication employing cryptographic techniques in the upper layer, though the authentication data and message flows for different protocols are different, the most basic and indispensable process over the air of them can be generalised to be the generation and transmission of a random number and the corresponding hash response, which is illustrated in Fig. 9. As illustrated, AP2 generates a challenge C which is usually a public random number to the UE and the latter generates the response R using C and K by a hash function and returns it to AP2. AP2 also generates a response with the same method and compares with the received one to verify the legitimacy of the UE. Fig. 9Open in figure viewerPowerPoint Handover authentication in the upper layer Upper-layer handover authentication schemes are not fault-tolerant since all the authentication data are binary bit streams and a single-bit of mismatching will result in an authentication failure, i.e. the authentication performance depends heavily on the reliable transmission of authentication data. Only when the challenge and response are transmitted and recovered correctly can the authentication be successful. To increase the reliability of transmission, modulation and symbol
Referência(s)