A lightweight traceable D2D authentication and key agreement scheme in 5G cellular networks☆
Graphical abstract
Introduction
With the rapidly growing number of mobile phones and connected smart devices, the development of the fifth-generation cellular network (5G) aims to provide a full-fledged network which allows larger capacity, higher speed, lower latency, and a more efficient network with better resource allocation. As one of the promising features in 5G, Device-to-Device (D2D) communication is the technology allowing adjacent mobile devices to communicate directly without relaying user data over the base stations. D2D communication provides several benefits over the conventional cellular network. First of all, it improves the overall network efficiency: when nearby users can communicate directly without relying on base stations, network traffic in base stations can be offloaded to allow more concurrent users to join the core network (CN) [1]. Second, D2D communication is an enabler to smart-city applications such as public safety networks, wireless sensor networks, and the vehicle-to-everything (V2X) network that connects numerous vehicles in the urban area to the Internet. Third, D2D can also facilitate new location-based applications and social applications such as distributed content sharing and file sharing with adjacent users. Most importantly, if all IoT devices in the future are equipped with the 5G D2D function, mobile users can communicate with IoT devices much easier without additional hardware such as Bluetooth or Zigbee modules in their phones. For example, smart meters with 5G D2D can send their readings to 5G mobile phones hassle-free. They can also use mobile phones to relay data uploads so that their power consumption can be reduced to maximize their battery life. Consequently, D2D technology could bring more mobile users to a faster, more efficient network with more exciting new applications.
In recent years, the Third Generation Partnership Project (3GPP) has published the feasibility study of D2D communication which covered some basic requirements such as optimized path, device discovery flow and public safety applications [2] under the umbrella of Proximity-based Services (ProSe). However, since D2D in 5G network has a unique structure of connecting both ad-hoc network and centralized network, it is facing more security challenges than the conventional cellular network. For example, there are eavesdropping, message fabrication, freeriding behavior and so on. In view of these security risks, 3GPP has also specified a general security framework for different ProSe use cases in [3]. This framework defined different levels of device discovery such as open and restricted discovery and specified some basic security requirements for establishing various kinds of D2D connections. Although it provided some directions about what kind of signaling messages should be sent during D2D connection setup, however, it has not provided any recommendations about how mutual authentication, device anonymity, and message non-repudiation are guaranteed during the key agreement process. Consequently, the security risks in 5G D2D networks are still yet to be resolved. To overcome all these security challenges in 5G D2D network, there is a need to design a secure way to protect D2D network traffic: it should mutually authenticate two parties and exchange information without revealing anything to adversaries. It should be able to resist various kinds of attacks, and it should also be computationally lightweight such that it can run on resource-constrained 5G smart devices and battery constrained mobile devices.
In this paper, we propose a novel lightweight traceable authentication and key agreement protocol (LT-AKA) for one-to-one D2D communication in the 3GPP 5G network. Unlike most existing schemes that only focus on authentication, our proposed scheme provides both authentication between D2D users and traceability support for network operators. This enables network operators to trace and punish any suspicious D2D users, therefore mitigating possible free-riding attacks in the 5G D2D network. Also, our proposed scheme is computationally lightweight, so it is preferable to all resource-constrained 5G devices such as connected sensors, 5G IoT devices, and low-end mobile phones. The contributions of our paper can be summarized as follows:
- 1)
We propose a novel LT-AKA protocol that provides device discovery, mutual authentication, and key agreement mechanisms for one-to-one D2D communication under the 3GPP 5G network.
- 2)
LT-AKA employs HMAC to protect the authenticity of broadcast messages and key exchange messages. Then, it also adopts the Elliptic Curve Diffie-Hellman (ECDH) to exchange the secret session key safely. Finally, it uses the authenticated encryption with associated data (AEAD) cipher to protect the subsequent symmetric key based communication.
- 3)
We conduct a formal security analysis using Scyther Tool and Burrows-Abadi-Needham (BAN) logic to show that LT-AKA is secure and resistant to several network attacks, including replay attacks, man-in-the-middle (MITM) attacks, and free-riding attacks.
- 4)
We provide a comprehensive performance analysis to show that LT-AKA is the most cost-effective solution compared with other existing schemes.
The rest of the paper is organized as follows: Section II reviews the existing works related to D2D authentication. Section III introduces the system and security model of our proposed scheme. Section IV gives the motivation and the detailed description of our scheme. Section V and VI presents the security and performance evaluation. Finally, a conclusion is drawn in Section VII.
Section snippets
Related work
Recently, several 5G D2D authentication schemes have been proposed in [4]–[12]. We firstly introduce some major research work in the 5G D2D security. Then, we further discuss two important characteristics provided by the existing work: the lightweight authentication and traceability support. In the recent major research work, Kwon et. al. [4] have proposed a D2D authentication scheme based on Ciphertext Policy Attribute-based Encryption (CP-ABE) and out-of-band shared identification code.
System model
Our system model is based on the 3GPP 5G architecture listed in TS 23.501 [15]. As shown in Figure 1, 5G Core Network (5GC) is the 3GPP 5G cellular network consisting of various elements. For instance, the Next Generation Node B (gNB) is the signal tower which provides data transmission between UEs and the core network. Access and Mobility Function (AMF) / Security Anchor Function (SEAF) is the server located in either the home or visiting network, which forwards authentication requests to the
Motivation
In the 5G network, there will be a tremendous number of connected sensors, Internet of things (IoT) devices, and resource-constrained mobile devices. To enable all these devices to enjoy the benefits of D2D communication, it is essential to have a secure and computationally lightweight D2D authentication and key agreement scheme. Besides, since the D2D network could suffer from free-riding attacks that some users behave selfishly by connecting to others frequently but refusing any incoming
Logical proof with BAN logic
Burrows-Abadi-Needham (BAN) logic is a set of rules that verify the logical correctness of a protocol systematically [17]. To use BAN logic to verify our protocol, we need to formalize the protocol into the idealized form. After that, we can use a set of rules including message meaning rule, nonce verification rule, jurisdiction rule, belief rule, see rule and freshness rule to validate if our LT-AKA protocol can achieve the intended security goals.
Performance evaluation
In order to analyze the performance of our proposed protocol, three different D2D schemes, namely 5G-IoT D2D [10], LIKE [12] and UAKA-D2D [8] are included for comparison. The performances of those 3 schemes have been evaluated in terms of computational overhead, transmission overhead, storage usage for UE during protocol execution, average delays incurred by unknown attacks and energy consumption to show that our proposed scheme improves the overall security with the lowest performance
Conclusion
We have proposed the LT-AKA scheme for 3GPP 5G D2D network. LT-AKA not only provides device anonymity to all D2D users, but also enables device traceability for network operators using D2D connection events. The security evaluation shows that our protocol is resistant to many attacks including replay attacks, MITM attacks, and free-riding attacks. The performance evaluation proves that the LT-AKA scheme can achieve the lowest average execution time, transmission overhead, and energy consumption
Author statement
Author Roles Man Chun CHOW Conceptualization
Data Curation
Formal Analysis
Investigation
Methodology
Software
Visualization
Writing - Original DraftMaode MA Conceptualization
Funding Acquisition
Project Administration
Resources
Supervision
Validation
Writing - Review & Editing
Declaration of Competing Interest
The authors declare no conflict of interest.
Acknowledgement
This work is supported by the MOE AcRF Tier 1 funding for the project of RG 26/18 by the Ministry of Education, Singapore.
Mr. Man Chun Chow received his B. Eng. degree from Hong Kong University of Science and Technology in 2017. He is currently pursuing the M. Eng. degree in the School of Electrical and Electronic Engineering at Nanyang Technological University in Singapore. His research interests include 5G network security and Device-to-Device Communication.
References (25)
- et al.
An automated lightweight encryption scheme for secure and energy-efficient communication in wireless sensor networks
Ad Hoc Networks
(2021) Blockchain-based Lamport Merkle Digital Signature: Authentication tool in IoT healthcare
Comput Commun
(2021)5G D2D Networks: Techniques, Challenges, and Future Prospects
IEEE Syst J
(2018)Technical Specification Group Services and System Aspects; Feasibility study for Proximity Services (ProSe) (Release 12); TS22.803
(2013)Universal Mobile Telecommunications System (UMTS); LTE; Proximity-based Services (ProSe); Security aspects (3GPP TS 33.303 version 15.0.0 Release 15)
(2018)- et al.
Secure authentication using ciphertext policy attribute-based encryption in mobile multi-hop networks
Multimed Tools Appl
(Oct. 2017) - et al.
Privacy-preserving authentication and key agreement protocols for D2D group communications
IEEE Trans Ind Informat
(Aug. 2018) - et al.
Privacy-Preserving Device Discovery and Authentication Scheme for D2D Communication in 3GPP 5G HetNet
- et al.
AAKA-D2D : Anonymous Authentication and Key Agreement Protocol in D2D Communications
- et al.
UAKA-D2D: Universal Authentication and Key Agreement Protocol in D2D Communications
Mob Netw Appl
(Jun. 2017)
SDR Implementation of a D2D security cryptographic mechanism
IEEE Access
Secure D2D communication for 5G IoT network based on lightweight cryptography
Appl Sci
Cited by (11)
Robust and lightweight symmetric key exchange algorithm for next-generation IoE
2023, Internet of Things (Netherlands)A lightweight D2D authentication protocol for relay coverage scenario in 5G mobile network
2023, Computer NetworksDeep-MAD: Deep learning based multiple attack detection for secure device- to-device communication in FOG environment
2024, Journal of Intelligent and Fuzzy SystemsSecuring D2D Therapeutic Hiking Group in 5G Networks for Partial Coverage Scenario
2023, 2023 31st International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2023
Mr. Man Chun Chow received his B. Eng. degree from Hong Kong University of Science and Technology in 2017. He is currently pursuing the M. Eng. degree in the School of Electrical and Electronic Engineering at Nanyang Technological University in Singapore. His research interests include 5G network security and Device-to-Device Communication.
Dr. Maode Ma, Fellow of IET, received his Ph.D. degree in Computer Science from Hong Kong University of Science and Technology in 1999. Currently, he is a tenured Associate Professor in the School of Electrical and Electronic Engineering at Nanyang Technological University in Singapore. He has extensive research interests including wireless networking, wireless network security and optical networking etc.
- ☆
This paper was recommended for publication by Associate Editor: Dr. M. Malek
This paper was originally submitted for regular issues, but it is for special section VSI-5g6g. Reviews processed and recommended for publication by Associate Editor Dr. Rohit Sharma.