Security Authentication Selection Mechanism for Resource-constrained NB-IoT Nodes

Abstract

Abstract: Some narrowband IoT devices cannot use group authentication to access the core network due to resource constraints. Under the framework of 5G network access authentication， a large number of devices accessing the core network at the same time will cause the devices to wait in a queue and cause network congestion. Based on the RFC7228 standard on resource-constrained devices issued by the IETF working group， this paper proposes a group authentication scheme for 3 device types. Firstly， the security and congestion problems of 5G access authentication for narrowband IoT devices are pointed out; then， a solution group authentication scheme is proposed; finally， the access authentication methods are determined for three resource-constrained devices. Experimental results and performance and security analysis show that the proposed scheme meets the resource capabilities required for device group authentication. Compared with the 5G access authentication scheme， the proposed scheme can reduce the number of network signaling by more than 60%， and it decreases with the increase of devices in the group. In terms of security， it has the ability to resist replay attacks， man-in-the-middle attacks and Dos attacks.

Key words: NB-IoT； resource constrained devices； group authentication； 5G network authentication protocol, network congestion； IETF working group；

LI Wei-qun, CHANG Chao-wen, LI Peng-jing. Security Authentication Selection Mechanism for Resource-constrained NB-IoT Nodes[J]. Computer and Modernization, 2023, 0(02): 104-109.

References

［1］ ROTHWELL R. Towards the fifth-generation innovation process［J］. International Marketing Review， 1994，11（1):7-31.
［2］ ASGHARI P， RAHMANI A M， JAVADI H H S. Internet of Things applications: A systematic review［J］. Computer Networks， 2018，148. DOI:10.1016/j.comnet.2018.12.008.
［3］ MIGABO E M， DJOUANI K D， KURIEN A M. The narrowband Internet of Things （NB-IoT) resources management performance state of art， challenges， and opportunities［J］. IEEE Access， 2020，8:97658 - 97675.
［4］ EBRAHIMI S， BAYAT-SARMADI S， MOSANAEI-BOORANI H. Post-quantum cryptoprocessors optimized for edge and resource-constrained devices in IoT［J］. IEEE Internet of Things Journal， 2019，6（3):5500-5507.
［5］ KOUTSOS A. The 5G-AKA Authentication Protocol Privacy［C］// 2019 IEEE European Symposium on Security and Privacy （EuroS&P). 2019:464-479.
［6］ CHEN Y W， WANG J T， CHI K H， et al. Group-based authentication and key agreement［J］. Wireless Personal Communications: An International Journal， 2012，62（4):965-979.
［7］ LAI C Z， LI H， LI X Q， et al. A novel group access authentication and key agreement protocol for machine-type communication［J］. Transactions on Emerging Telecommunications Technologies， 2015，26（3):414-431.
［8］ LAI C Z， LI H， LU R X， et al. SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks［J］. Computer Networks， 2013，57（17):3492-3510.
［9］ HARN L， HSU C. A novel design of membership authentication and group key establishment protocol［J］. Security and Communication Networks， 2017，2017:1-7.
［10］ CAO J， YU P， MA M D， et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network［J］. IEEE Internet of Things Journal， 2019，6（2):1561-1575.
［11］ YU P， CAO J， MA M D， et al. Quantum-resistance authentication and data transmission scheme for NB-IoT in 3GPP 5G networks［C］// 2019 IEEE Wireless Communications and Networking Conference （WCNC). 2019:1-7.
［12］ ZHANG Y H， REN F Y， WU A X， et al. Certificateless multi-party authenticated encryption for NB-IoT terminals in 5G Networks［J］. IEEE Access， 2019，7:114721-114730.
［13］ BORMANN C E M K A. RFC 7228: Terminology for Constrained Node Networks［EB/OL］. （2014-05-01)［2022-02-03］. https://datatracker.ietf.org/doc/html/rfc7228.
［14］ THAKOR V A， RAZZAQUE M A， KHANDAKER M R A. Lightweight cryptography algorithms for resource-Constrained IoT devices: A review， comparison and research opportunities［J］. IEEE Access，2021，9:28177-28193.
［15］ HATZIVASILIS G， FYSARAKIS K， PAPAEFSTATHIOU I， et al. A review of lightweight block ciphers［J］. Journal of Cryptographic Engineering， 2018，8（2):141-184.
［16］ MCKAY K A， BASSHAM L， TURAN M S， et al. Report on Lightweight Cryptography［R］. U.S. Department of Commerce， 2017.
［17］ NAIK N. Choice of effective messaging protocols for IoT systems: MQTT， CoAP， AMQP and HTTP［C］// 2017 IEEE International Systems Engineering Symposium （ISSE). 2017:1-7.
［18］ 3GPP TS 33.102， 3G Security［S/OL］. ［2022-03-02］.https://www.3gpp.org/DynaReport/33102.htm.
［19］ 3GPP TS 33.401， 3GPP System Architecture Evolution （SAE)［S/OL］. ［2022-03-02］. https://www.3gpp.org/DynaReport/33401.htm.
［20］ XIAO Y L， WU Y. 5G-IPAKA: An improved primary authentication and key agreement protocol for 5G Networks［J］. Information （Switzerland)， 2022，13（3). DOI:10.3390/info13030125.
［21］ LIU T， WU F， LI X， et al. A new authentication and key agreement protocol for 5G wireless networks［J］. Telecommunications Systems， 2021，78（3):317-329.
［22］ MOGHADAM M F， NIKOOGHADAM M， JABBAN M A B A， et al. An efficient authentication and key agreement scheme based on ECDH for wireless sensor network［J］. IEEE Access， 2020，8:73182-73192.
［23］ ALI S， ASHRAF H， KHAN I， et al. An efficient cryptographic technique using modified Diffie-Hellman in wireless sensor network［J］. International Journal of Distributed Sensor Networks， 2020，16（6):1-24.
［24］ STRANGIO M A. Efficient Diffie-Hellmann two-party key agreement protocols based on elliptic curves［C］// Proceedings of the 2005 ACM symposium on Applied computing. 2005:324-331.
［25］ MAXWELL G， POELSTRA A， SEURIN Y， et al. Simple Schnorr multi-signatures with applications to Bitcoin［J］. Designs， Codes and Cryptography，2019，87（9):2139-2164.
［26］ KOVATSCH M， DUQUENNOY S， DUNKELS A. A low-power CoAP for Contiki［C］// 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems. 2011:855-860.
［27］ DUNKELS A， GRONVALL B， VOIGT T. Contiki - a lightweight and flexible operating system for tiny networked sensors［C］// 29th Annual IEEE International Conference on Local Computer Networks. 2004:455-462.
［28］ BHATTACHARJYA A， ZHONG X， WANG J， et al. CoAP—Application layer connection-less lightweight protocol for the Internet of Things （IoT) and CoAP-IPSEC Security with DTLS Supporting CoAP［M］// Digital Twin Technologies and Smart Cities. Cham: Springer International Publishing， 2019:151-175.
［29］常相茂，占俊，王志伟. 低开销的NB-IoT节点群组身份安全认证协议［J］. 通信学报， 2021，42（12):152-162.
［30］马国峻，白磊，裴庆祺，等. 一种物联网端到端安全方案［J］. 信息网络安全， 2017（10):13-21.