Mwachiwonekere, kutenga njira yatsopano yolankhulirana popanda kuganizira za chitetezo ndi ntchito yokayikitsa komanso yopanda phindu.

5G Security Architecture - ndondomeko ya chitetezo ndi ndondomeko zomwe zakhazikitsidwa 5th generation network ndikuphimba magawo onse a netiweki, kuyambira pachimake mpaka pamawayilesi.

Ma network a 5th generation ali, makamaka, kusintha Ma network a 4th a LTE. Ukadaulo wofikira pa wailesi wasintha kwambiri. Kwa ma network a 5th, a new Khoswe (Radio Access Technology) - 5G Wailesi Yatsopano. Ponena za pachimake cha intaneti, sichinasinthe kwambiri. Pachifukwa ichi, chitetezo cha ma network a 5G chapangidwa ndikugogomezera kugwiritsa ntchitonso matekinoloje oyenerera omwe amatengedwa muyeso wa 4G LTE.

Komabe, ndikofunikira kudziwa kuti kuganiziranso zowopseza zodziwika bwino monga kuwukira kwa ma air interfaces ndi kusanja kwa siginecha (kusonyeza ndege), kuwukira kwa DDOS, kuukira kwa Man-In-The-Middle, ndi zina zambiri, zidapangitsa ogwiritsa ntchito ma telecom kuti apange miyezo yatsopano ndikuphatikiza njira zatsopano zotetezera mumanetiweki a 5th.

Zofunikira

Mu 2015, International Telecommunication Union idapanga pulani yoyamba yapadziko lonse lapansi yopanga ma network a m'badwo wachisanu, ndichifukwa chake nkhani yopanga njira zachitetezo ndi njira zama network a 5G yakhala yovuta kwambiri.

Tekinoloje yatsopanoyi idapereka liwiro lodabwitsa losamutsa deta (kuposa 1 Gbps), latency yochepera 1 ms ndikutha kulumikiza nthawi imodzi zida za 1 miliyoni mkati mwa 1 km2. Zofunikira zazikuluzikulu zama network a 5th zimawonekeranso mu mfundo za bungwe lawo.

Chachikulu chinali kugawikana kwa mayiko, komwe kumatanthauza kuyika kwa nkhokwe zambiri zam'deralo ndi malo awo ogwirira ntchito m'mphepete mwa netiweki. Izi zinapangitsa kuti athe kuchepetsa kuchedwa pamene M2M-Kulumikizana ndikuchepetsa ma network chifukwa chogwiritsa ntchito zida zambiri za IoT. Choncho, m'mphepete mwa maukonde a m'badwo wotsatira adakula mpaka ku malo oyambira, kulola kuti pakhale malo olankhulana am'deralo ndi kupereka mautumiki amtambo popanda chiopsezo cha kuchedwa kwakukulu kapena kukana ntchito. Mwachibadwa, njira yosinthidwa yogwiritsira ntchito maukonde ndi ntchito yamakasitomala inali yosangalatsa kwa owukira, chifukwa idatsegula mwayi watsopano kwa iwo kuti awukire zinsinsi zachinsinsi za ogwiritsa ntchito komanso zida zapaintaneti okha kuti apangitse kukana ntchito kapena kulanda zida zamakompyuta za wogwiritsa ntchito.

Zowopsa zazikulu zama network a 5th generation

Kuukira kwakukulu pamwamba

MorePomanga ma telecommunication network a 3rd ndi 4th mibadwo, ogwiritsira ntchito telecom nthawi zambiri ankangogwira ntchito ndi ogulitsa m'modzi kapena angapo omwe nthawi yomweyo amapereka seti ya hardware ndi mapulogalamu. Ndiko kuti, chirichonse chikhoza kugwira ntchito, monga akunena, "kunja kwa bokosi" - kunali kokwanira kungoyika ndi kukonza zida zogulidwa kwa wogulitsa; panalibe chifukwa chosinthira kapena kuwonjezera mapulogalamu a eni. Zochitika zamakono zimatsutsana ndi njira iyi ya "classical" ndipo imayang'ana pa virtualization ya maukonde, njira ya ogulitsa ambiri pakupanga kwawo ndi kusiyanasiyana kwa mapulogalamu. Tekinoloje monga SDN (English Software Defined Network) ndi Masewera (English Network Functions Virtualization), yomwe imatsogolera pakuphatikizidwa kwa mapulogalamu ambiri omangidwa pamaziko a ma code otseguka pamachitidwe ndi ntchito zowongolera maukonde olumikizirana. Izi zimapatsa owukira mwayi wowerengera bwino maukonde a wogwiritsa ntchitoyo ndikuzindikira kuchuluka kwa zofooka, zomwe, zimawonjezera kuukira kwa maukonde amibadwo yatsopano poyerekeza ndi omwe alipo.

Chiwerengero chachikulu cha zida za IoT

MorePofika 2021, pafupifupi 57% ya zida zolumikizidwa ndi netiweki ya 5G zidzakhala zida za IoT. Izi zikutanthauza kuti makamu ambiri adzakhala ndi luso lochepa la cryptographic (onani mfundo 2) ndipo, motero, adzakhala pachiopsezo chozunzidwa. Kuchuluka kwa zida zotere kumawonjezera chiwopsezo cha kuchuluka kwa botnet ndikupangitsa kuti zitheke kuchita zamphamvu kwambiri komanso zogawidwa za DDoS.

Mphamvu zochepa za cryptographic za zida za IoT

MoreMonga tanenera kale, ma network a 5th m'badwo amagwiritsa ntchito zida zotumphukira, zomwe zimapangitsa kuti zitheke kuchotsa gawo la katundu pamanetiweki pachimake ndikuchepetsa kuchedwa. Izi ndi zofunika pa ntchito zofunika monga kulamulira magalimoto opanda anthu, dongosolo chenjezo mwadzidzidzi IMS ndi ena, omwe kuonetsetsa kuti akuchedwa pang'ono ndikofunikira, chifukwa miyoyo ya anthu imadalira izi. Chifukwa cha kulumikizidwa kwa zida zambiri za IoT, zomwe, chifukwa chakuchepa kwawo komanso kugwiritsa ntchito mphamvu zochepa, zimakhala ndi zida zochepa zamakompyuta, ma network a 5G amakhala pachiwopsezo cha kuukira komwe kumafuna kuletsa kuwongolera ndikusintha zida zotere. Mwachitsanzo, pakhoza kukhala zochitika zomwe zida za IoT zomwe zili m'gululi zimakhudzidwa "Nyumba Yanzeru", mitundu ya pulogalamu yaumbanda monga Ransomware ndi ransomware. Zochitika zoletsa kuwongolera magalimoto osayendetsedwa omwe amalandira malamulo ndi zidziwitso zakuyenda pamtambo ndizothekanso. Poyambirira, kusatetezeka kumeneku kumachitika chifukwa cha kugawikana kwa maukonde a mibadwo yatsopano, koma ndime yotsatirayi ifotokoza bwino za vuto la kugawikana kwa mayiko.

Decentralization ndi kukulitsa malire a maukonde

MoreZipangizo zotumphukira, zomwe zimagwira ntchito ngati ma cores amderali, zimatsata njira zamagalimoto ogwiritsira ntchito, zopempha pokonza, komanso kusungitsa komweko ndikusunga deta ya ogwiritsa ntchito. Chifukwa chake, malire a ma network a 5th akukula, kuphatikiza pachimake, mpaka kumalire, kuphatikiza ma database am'deralo ndi ma wayilesi a 5G-NR (5G New Radio). Izi zimapanga mwayi wotsutsa zipangizo zamakompyuta za zipangizo zam'deralo, zomwe zimakhala zotetezeka kwambiri kuposa malo apakati apakati pa intaneti, ndi cholinga choyambitsa kukana ntchito. Izi zitha kupangitsa kuti kulumikizidwa kwa intaneti kumadera onse kuthe, kugwira ntchito molakwika kwa zida za IoT (mwachitsanzo, panyumba yanzeru), komanso kusapezeka kwa chithandizo chadzidzidzi cha IMS.

Komabe, ETSI ndi 3GPP tsopano asindikiza miyezo yoposa 10 yokhudzana ndi mbali zosiyanasiyana za chitetezo cha 5G network. Njira zambiri zomwe zafotokozedwa pamenepo ndi cholinga choteteza ku zofooka (kuphatikiza zomwe tafotokozazi). Chimodzi mwazinthu zazikulu ndi muyezo TS 23.501 mtundu 15.6.0, pofotokoza zachitetezo cha ma network a 5th generation.

5G zomangamanga

Choyamba, tiyeni titembenukire ku mfundo zazikulu za zomangamanga za 5G, zomwe zidzawulula bwino tanthauzo ndi madera omwe ali ndi udindo wa gawo lililonse la mapulogalamu ndi ntchito iliyonse ya chitetezo cha 5G.

• Kugawikana kwa ma node a netiweki kukhala zinthu zomwe zimatsimikizira kugwira ntchito kwa ma protocol ndege yokhazikika (kuchokera ku English UP - User Plane) ndi zinthu zomwe zimatsimikizira kugwira ntchito kwa ma protocol ndege yowongolera (kuchokera ku English CP - Control Plane), zomwe zimawonjezera kusinthasintha potsata makulitsidwe ndi kutumizidwa kwa maukonde, mwachitsanzo, kuyika kwapakati kapena kokhazikika kwa magawo amtundu wamunthu payekha ndikotheka.
• Thandizo la ndondomeko kusintha kwa network, kutengera ntchito zomwe zimaperekedwa kwa magulu apadera a ogwiritsa ntchito.
• Kukhazikitsa zinthu zama network mu mawonekedwe ntchito za netiweki.
• Thandizo lofikira nthawi imodzi kuzinthu zapakati ndi zakomweko, mwachitsanzo, kukhazikitsa malingaliro amtambo (kuchokera ku Chingerezi. fog computing) ndi malire (kuchokera ku Chingerezi. makompyuta) zowerengera.
• Реализация convergent zomangamanga kuphatikiza mitundu yosiyanasiyana ya maukonde - 3GPP 5G Wailesi Yatsopano ndi osati 3GPP (Wi-Fi, etc.) - yokhala ndi ma network amodzi.
• Thandizo la ma aligorivimu yunifolomu ndi njira zotsimikizira, mosasamala mtundu wa netiweki yofikira.
• Thandizo la ntchito zopanda malire zamtaneti, momwe gwero la makompyuta limasiyanitsidwa ndi sitolo yosungiramo zinthu.
• Thandizo loyendayenda ndi njira zamagalimoto zonse kudzera pa netiweki yakunyumba (kuchokera kumayendedwe apanyumba achingerezi) komanso "kutera" komweko (kuchokera pagulu lachingerezi) mu netiweki ya alendo.
• Kulumikizana pakati pa ntchito za netiweki kumayimiridwa m'njira ziwiri: zokonda kutumikira и mawonekedwe.

Lingaliro la chitetezo cham'badwo wa 5 limaphatikizapo:

• Kutsimikizika kwa ogwiritsa ntchito pa netiweki.
• Kutsimikizika kwa netiweki ndi wogwiritsa ntchito.
• Kukambirana kwa makiyi a cryptographic pakati pa netiweki ndi zida za ogwiritsa ntchito.
• Kubisa ndi kuwongolera kukhulupirika kwa magalimoto osayina.
• Kubisa ndi kuwongolera kukhulupirika kwa kuchuluka kwa ogwiritsa ntchito.
• Chitetezo cha ID ya ogwiritsa.
• Kuteteza zolumikizirana pakati pa zinthu zosiyanasiyana za netiweki molingana ndi lingaliro lachitetezo cha netiweki.
• Kudzipatula kwa zigawo zosiyanasiyana za makina kusintha kwa network ndi kutanthauzira magawo achitetezo amtundu uliwonse.
• Kutsimikizika kwa ogwiritsa ntchito komanso kuteteza magalimoto pamlingo wantchito zomaliza (IMS, IoT ndi ena).

Ma module ofunikira apulogalamu ndi mawonekedwe achitetezo a 5G network

AMF (kuchokera ku English Access & Mobility Management Function - kupeza ndi kayendetsedwe ka kayendetsedwe ka ntchito) - imapereka:

• Bungwe loyang'anira zolumikizira ndege.
• Bungwe la signing traffic exchange RRC, kubisa ndi kuteteza kukhulupirika kwa deta yake.
• Bungwe la signing traffic exchange Sitefana, kubisa ndi kuteteza kukhulupirika kwa deta yake.
• Kuyang'anira kalembera wa zida za ogwiritsa ntchito pa netiweki ndikuyang'anira mayiko omwe angalembetse.
• Kuwongolera kulumikizana kwa zida za ogwiritsa ntchito pa netiweki ndikuyang'anira mayiko omwe angathe.
• Lamulirani kupezeka kwa zida za ogwiritsa ntchito pa netiweki m'boma la CM-IDLE.
• Kuwongolera kuyenda kwa zida zogwiritsa ntchito pa netiweki m'boma la CM-CONNECTED.
• Kutumiza kwa mauthenga achidule pakati pa zida za ogwiritsa ntchito ndi SMF.
• Kasamalidwe ka ntchito zamalo.
• Kugawidwa kwa ulusi EPS kuti agwirizane ndi EPS.

SMF (Chingerezi: Session Management Function - session management function) - imapereka:

• Kuwongolera magawo olankhulana, mwachitsanzo, kupanga, kusintha ndi kutulutsa magawo, kuphatikiza kusunga njira pakati pa netiweki yofikira ndi UPF.
• Kugawa ndi kuyang'anira ma adilesi a IP a zida za ogwiritsa ntchito.
• Kusankha njira ya UPF yoti mugwiritse ntchito.
• Bungwe lolumikizana ndi PCF.
• Kasamalidwe ka malamulo QoS.
• Kusintha kwamphamvu kwa zida zogwiritsa ntchito ma protocol a DHCPv4 ndi DHCPv6.
• Kuyang'anira kusonkhanitsidwa kwa data yamitengo ndikukonzekera kuyanjana ndi njira yolipirira.
• Kupereka ntchito mosasunthika (kuchokera ku Chingerezi. SSC - Gawo ndi Kupitiliza Ntchito).
• Kuyanjana ndi maukonde ochezera alendo akuyendayenda.

UPF (English User Plane Function - user plane function) - imapereka:

• Kulumikizana ndi ma data akunja, kuphatikiza intaneti yapadziko lonse lapansi.
• Kuwongolera mapaketi a ogwiritsa ntchito.
• Kulemba mapaketi molingana ndi mfundo za QoS.
• Kuwunika kwa phukusi la ogwiritsa ntchito (mwachitsanzo, kuzindikira kotengera siginecha).
• Kupereka malipoti ogwiritsira ntchito magalimoto.
• UPF ndiyenso maziko othandizira kuyenda mkati ndi pakati pa matekinoloje osiyanasiyana amawayilesi.

UDM (English Unified Data Management - united database) - imapereka:

• Kuyang'anira mbiri ya ogwiritsa ntchito, kuphatikiza kusunga ndikusintha mndandanda wazinthu zomwe zingapezeke kwa ogwiritsa ntchito ndi magawo awo ofanana.
• Malamulo SUPI
• Pangani zidziwitso zotsimikizika za 3GPP AKA.
• Chilolezo chofikira potengera mbiri yanu (mwachitsanzo, zoletsa zongoyendayenda).
• Kasamalidwe ka kulembetsa kwa ogwiritsa ntchito, mwachitsanzo, kusungirako kutumikira AMF.
• Thandizo la mautumiki osasunthika ndi magawo olankhulirana, mwachitsanzo, kusunga SMF yoperekedwa ku gawo lamakono loyankhulana.
• Kuwongolera kutumiza kwa SMS.
• Ma UDM angapo osiyanasiyana amatha kugwiritsa ntchito wogwiritsa ntchito m'modzi pazochitika zosiyanasiyana.

UDR (Chingerezi Unified Data Repository - kusungirako deta yogwirizana) - imapereka kusungidwa kwa deta yosiyana siyana ya ogwiritsa ntchito ndipo, kwenikweni, ndi database ya onse olembetsa maukonde.

UDSF (Chingerezi Unstructured Data Storage Function - ntchito yosasinthika yosungirako deta) - imatsimikizira kuti ma modules a AMF amasunga zochitika zamakono za ogwiritsa ntchito olembetsa. Kawirikawiri, chidziwitsochi chikhoza kuperekedwa ngati deta ya dongosolo losatha. Zolemba za ogwiritsa ntchito zitha kugwiritsidwa ntchito kuti zitsimikizire magawo olembetsa osasinthika komanso osasokoneza, panthawi yonse yokonzekera kuchotsedwa kwa imodzi mwa ma AMF pautumiki, komanso pakagwa mwadzidzidzi. Muzochitika zonsezi, AMF yosunga zobwezeretsera "idzatenga" ntchitoyo pogwiritsa ntchito zomwe zasungidwa mu USDF.

Kuphatikizira UDR ndi UDSF pa nsanja yofananira ndikukhazikitsa kokhazikika kwa maukonde awa.

CPF (Chingerezi: Policy Control Function - policy control function) - imapanga ndikupereka ndondomeko zina za utumiki kwa ogwiritsa ntchito, kuphatikizapo magawo a QoS ndi malamulo olipira. Mwachitsanzo, kufalitsa mtundu umodzi kapena wina wamagalimoto, mayendedwe enieni okhala ndi mawonekedwe osiyanasiyana amatha kupangidwa mwamphamvu. Panthawi imodzimodziyo, zofunikira za utumiki wofunsidwa ndi wolembetsa, mlingo wa kusokonezeka kwa maukonde, kuchuluka kwa magalimoto ogwiritsidwa ntchito, etc. akhoza kuganiziridwa.

NEF (English Network Exposure Function - network exposure function) - imapereka:

• Kukonzekera kuyanjana kotetezeka kwa nsanja zakunja ndi ntchito ndi core network.
• Sinthani magawo a QoS ndi malamulo olipira kwa ogwiritsa ntchito ena.

SEAF (Chingerezi Security Anchor Function - anchor security function) - pamodzi ndi AUSF, imapereka chitsimikiziro cha ogwiritsa ntchito pamene akulembetsa pa intaneti ndi teknoloji iliyonse yofikira.

AUSF (English Authentication Server Function - authentication server function) - imagwira ntchito ya seva yotsimikizira yomwe imalandira ndikukonza zopempha kuchokera ku SEAF ndikuzitumiza ku ARPF.

ARPF (Chingerezi: Authentication Credential Repository and Processing Function - ntchito yosungira ndi kukonza zidziwitso zotsimikizika) - imapereka kusungirako makiyi achinsinsi (KI) ndi magawo a cryptographic algorithms, komanso kupanga ma vector otsimikizika malinga ndi 5G-AKA kapena EAP-AKA. Ili pakatikati pa data ya wothandizira telecom kunyumba, yotetezedwa ku zochitika zakunja zakuthupi, ndipo, monga lamulo, ikuphatikizidwa ndi UDM.

Mtengo wa SCMF (Chingerezi Security Context Management Function - management function nkhani yachitetezo) - Amapereka kasamalidwe ka moyo wachitetezo cha 5G.

Mtengo SPCF (Chingerezi Security Policy Control Function - chitetezo policy management function) - imawonetsetsa kulumikizana ndikugwiritsa ntchito mfundo zachitetezo pokhudzana ndi ogwiritsa ntchito ena. Izi zimatengera kuthekera kwa netiweki, kuthekera kwa zida zogwiritsa ntchito komanso zofunikira pazantchito inayake (mwachitsanzo, milingo yachitetezo yoperekedwa ndi ntchito yolumikizirana yofunikira komanso ntchito yolumikizira intaneti yopanda zingwe yama waya imatha kusiyana). Kugwiritsa ntchito mfundo zachitetezo kumaphatikizapo: kusankha kwa AUSF, kusankha kwa ma aligorivimu otsimikizira, kusankha kubisa kwa data ndi ma aligorivimu owongolera kukhulupirika, kutsimikiza kwa kutalika ndi moyo wa makiyi.

SIDF (English Subscription Identifier De-concealing Function - user identifier extraction) - imatsimikizira kuchotsedwa kwa chizindikiritso chokhazikika cha wolembetsa (Chingerezi SUPI) kuchokera ku chizindikiritso chobisika (Chingerezi SUCI), idalandiridwa ngati gawo la pempho lovomerezeka la "Auth Info Req".

Zofunikira zachitetezo pamanetiweki olumikizirana a 5G

MoreKutsimikizika kwa ogwiritsa ntchito: Netiweki yotumizira ya 5G iyenera kutsimikizira SUPI ya wogwiritsa ntchito munjira ya 5G AKA pakati pa ogwiritsa ntchito ndi netiweki.

Kutumikira Network Authentication: Wogwiritsa ntchitoyo ayenera kutsimikizira ID ya netiweki ya 5G, ndi kutsimikizika komwe kumapezeka pogwiritsa ntchito makiyi omwe apezeka kudzera munjira ya 5G AKA.

Chilolezo cha ogwiritsa: Netiweki yotumizira iyenera kuvomereza wogwiritsa ntchito mbiri ya ogwiritsa ntchito yomwe yalandilidwa kuchokera pa netiweki ya opareshoni yapanyumba.

Chilolezo cha netiweki yotumikira ndi netiweki ya opareta apanyumba: Wogwiritsa ntchito akuyenera kutsimikiziridwa kuti alumikizidwa ndi netiweki yantchito yomwe imaloledwa ndi netiweki ya oyendetsa nyumba kuti apereke ntchito. Chilolezo chimakhala chowonekera m'lingaliro loti chimatsimikiziridwa ndikukwaniritsidwa bwino kwa njira ya 5G AKA.

Kuloledwa kwa netiweki yofikira ndi netiweki ya opareta apanyumba: Wogwiritsa ntchito akuyenera kutsimikiziridwa kuti walumikizidwa ndi netiweki yofikira yomwe imaloledwa ndi netiweki ya oyendetsa nyumba kuti apereke chithandizo. Chilolezo chimakhala chomveka chifukwa chimakakamizika ndikukhazikitsa bwino chitetezo cha netiweki yofikira. Chilolezo chamtunduwu chiyenera kugwiritsidwa ntchito pamtundu uliwonse wa intaneti.

Zosavomerezeka zadzidzidzi: Kuti mukwaniritse zofunikira zamalamulo m'madera ena, maukonde a 5G ayenera kupereka mwayi wosavomerezeka wa chithandizo chadzidzidzi.

Network core ndi radio access network: The 5G network core ndi 5G radio network network iyenera kuthandizira kugwiritsa ntchito 128-bit encryption ndi umphumphu algorithms kuonetsetsa chitetezo AS и Sitefana. Zolumikizana ndi netiweki ziyenera kuthandizira makiyi a 256-bit encryption.

Zofunikira zodzitetezera pazida zogwiritsa ntchito

More

• Zida zogwiritsira ntchito ziyenera kuthandizira kubisa, kuteteza kukhulupirika, ndi chitetezo ku ziwonetsero zobwerezabwereza za deta ya ogwiritsa ntchito yomwe imafalitsidwa pakati pake ndi netiweki yofikira pawailesi.
• Zida zogwiritsira ntchito ziyenera kuyambitsa njira zotetezera ndi kusunga deta monga momwe mawailesi amayendera.
• Zida zogwiritsira ntchito zimayenera kuthandizira kubisa, kuteteza kukhulupirika, ndi chitetezo ku ziwonetsero za RRC ndi NAS zosayina traffic.
• Zida zogwiritsa ntchito ziyenera kuthandizira ma aligorivimu otsatirawa: NEA0, NIA0, 128-NEA1, 128-NIA1, 128-NEA2, 128-NIA2
• Zida zogwiritsa ntchito zitha kuthandizira ma aligorivimu otsatirawa: 128-NEA3, 128-NIA3.
• Zida zogwiritsa ntchito ziyenera kuthandizira ma aligorivimu otsatirawa: 128-EEA1, 128-EEA2, 128-EIA1, 128-EIA2 ngati imathandizira kulumikizana ndi netiweki yawayilesi ya E-UTRA.
• Kuteteza chinsinsi cha data ya ogwiritsa ntchito pakati pa zida zogwiritsa ntchito ndi netiweki yawayilesi ndikofunikira, koma kuyenera kuperekedwa nthawi iliyonse yomwe ingaloledwe ndi malamulo.
• Kutetezedwa kwachinsinsi kwa RRC ndi NAS kusaina traffic ndizosankha.
• Kiyi yokhazikika ya wogwiritsa ntchito iyenera kutetezedwa ndikusungidwa m'zigawo zotetezedwa bwino za zida zogwiritsa ntchito.
• Chizindikiritso chokhazikika cha wolembetsa sichiyenera kuperekedwa momveka bwino pa netiweki yawayilesi kupatula chidziwitso chofunikira panjira yoyenera (mwachitsanzo. MCC и MNC).
• Kiyi ya netiweki ya wogwiritsa ntchito panyumba, chizindikiritso cha makiyi, chizindikiritso cha dongosolo lachitetezo, ndi chozindikiritsira mayendedwe ziyenera kusungidwa mkati. USIM.

Algorithm iliyonse ya encryption imalumikizidwa ndi nambala ya binary:

• "0000": NEA0 - Null ciphering algorithm
• "0001": 128-NEA1 - 128-bit chipale 3G based algorithm
• "0010" 128-NEA2 - 128-bit AES malinga ndi algorithm
• "0011" 128-NEA3 - 128-bit ZUC malinga ndi algorithm

Kubisa kwa data pogwiritsa ntchito 128-NEA1 ndi 128-NEA2

PS Dera labwereka kuchokera TS 133.501

Kupanga zoyika zoyeserera ndi ma algorithms 128-NIA1 ndi 128-NIA2 kuti muwonetsetse kukhulupirika.

PS Dera labwereka kuchokera TS 133.501

Zofunikira zachitetezo pazantchito za 5G network

More

• AMF iyenera kuthandizira kutsimikizika koyambirira pogwiritsa ntchito SUCI.
• SEAF iyenera kuthandizira kutsimikizika koyambirira pogwiritsa ntchito SUCI.
• UDM ndi ARPF ziyenera kusunga kiyi yokhazikika ya wogwiritsa ntchito ndikuwonetsetsa kuti ikutetezedwa ku kuba.
• AUSF idzangopereka SUPI ku netiweki yotumikira kwanuko ikatsimikiziridwa bwino pogwiritsa ntchito SUCI.
• NEF siyenera kutumiza zidziwitso zobisika zamanetiweki kunja kwa dera lachitetezo cha wogwiritsa ntchito.

Njira Zachitetezo Zoyambira

Trust Domains

Mumanetiweki amtundu wa 5th, kudalira zinthu pamanetiweki kumachepera pomwe zinthu zimachoka pakatikati pamaneti. Lingaliro ili limakhudza zisankho zomwe zakhazikitsidwa muchitetezo cha 5G. Choncho, tikhoza kulankhula za chitsanzo chodalirika cha maukonde a 5G omwe amatsimikizira khalidwe la njira zotetezera maukonde.

Kumbali ya ogwiritsa ntchito, domain trust imapangidwa ndi UICC ndi USIM.

Pa mbali ya maukonde, domain trust ili ndi zovuta kwambiri.

Netiweki yawayilesi yagawidwa m'zigawo ziwiri - DU (kuchokera ku English Distributed Units - magawo ochezera a pa Intaneti) ndi CU (kuchokera ku English Central Units - mayunitsi apakati pamaneti). Onse pamodzi amapanga gNB - mawonekedwe a wailesi ya 5G network base station. Ma DU alibe mwayi wofikira kwa ogwiritsa ntchito chifukwa amatha kutumizidwa pazigawo zosatetezedwa. Ma CU akuyenera kuyikidwa m'magawo otetezedwa a netiweki, chifukwa ali ndi udindo wothetsa magalimoto kuchokera ku njira zachitetezo za AS. Pakatikati pa maukonde pali AMF, zomwe zimathetsa magalimoto kuchokera ku njira zotetezera za NAS. Mafotokozedwe apano a 3GPP 5G Phase 1 akufotokozera kuphatikiza AMF ndi ntchito chitetezo SEAF, yomwe ili ndi fungulo la mizu (yomwe imadziwikanso kuti "kiyi ya nangula") ya netiweki yochezera (yotumikira). AUSF ali ndi udindo wosunga makiyi omwe amapezeka pambuyo potsimikizira bwino. Ndikofunikira kuti mugwiritsenso ntchito ngati wogwiritsa ntchito amalumikizidwa nthawi imodzi ndi maukonde angapo a wailesi. ARPF imasunga zidziwitso za ogwiritsa ntchito ndipo ndi analogue ya USIM kwa olembetsa. UDR и UDM sungani zidziwitso za ogwiritsa ntchito, zomwe zimagwiritsidwa ntchito kudziwa malingaliro opangira zidziwitso, ma ID a ogwiritsa ntchito, kuwonetsetsa kuti gawo likupitilira, ndi zina.

Utsogoleri wa makiyi ndi machitidwe awo ogawa

M'magulu amtundu wa 5th, mosiyana ndi maukonde a 4G-LTE, ndondomeko yovomerezeka ili ndi zigawo ziwiri: kutsimikizira koyambirira ndi kwachiwiri. Kutsimikizira koyambirira kumafunikira pazida zonse zolumikizidwa ndi netiweki. Kutsimikizika kwachiwiri kutha kuchitidwa pa pempho kuchokera ku maukonde akunja, ngati wolembetsa alumikizana nawo.

Pambuyo pomaliza kutsimikizira koyambirira komanso kukhazikitsidwa kwa kiyi yogawana pakati pa wogwiritsa ntchito ndi netiweki, KSEAF imachotsedwa ku kiyi K - kiyi yapadera ya nangula (muzu) wa netiweki yotumizira. Pambuyo pake, makiyi amapangidwa kuchokera ku kiyiyi kuti atsimikizire chinsinsi ndi kukhulupirika kwa RRC ndi NAS yowonetsera deta ya magalimoto.

Chithunzi chofotokozera
Mfundo:
CK Cipher Key
IK (Chingerezi: Integrity Key) - fungulo lomwe limagwiritsidwa ntchito m'makina otetezedwa ndi data.
CK' (eng. Cipher Key) - kiyi ina yachinsinsi yopangidwa kuchokera ku CK ya makina a EAP-AKA.
IK' (English Integrity Key) - fungulo lina lomwe limagwiritsidwa ntchito munjira zoteteza kukhulupirika kwa data za EAP-AKA.
KAUSF - zopangidwa ndi ntchito ya ARPF ndi zida za ogwiritsa ntchito kuchokera CK и IK pa 5G AKA ndi EAP-AKA.
KSEAF - kiyi ya nangula yopezedwa ndi ntchito ya AUSF kuchokera pa kiyi KAMFAUSF.
KAMF - kiyi yopezedwa ndi ntchito ya SEAF kuchokera pa kiyi KSEAF.
KNASint, KNASenc - makiyi opezedwa ndi ntchito ya AMF kuchokera pa kiyi KAMF kuti muteteze magalimoto osayina a NAS.
Mtengo wa KRRCint, Mtengo wa KRRC - makiyi opezedwa ndi ntchito ya AMF kuchokera pa kiyi KAMF kuteteza magalimoto osayina a RRC.
KUPint, KUPenc - makiyi opezedwa ndi ntchito ya AMF kuchokera pa kiyi KAMF kuteteza magalimoto a AS.
NH - kiyi yapakatikati yopezedwa ndi ntchito ya AMF kuchokera pa kiyi KAMF kuonetsetsa chitetezo cha data panthawi yopereka.
KgNB - kiyi yopezedwa ndi ntchito ya AMF kuchokera pa kiyi KAMF kuonetsetsa chitetezo cha njira zoyendayenda.

Mapulani opangira SUCI kuchokera ku SUPI ndi mosemphanitsa

Njira zopezera SUPI ndi SUCI

Kupanga kwa SUCI kuchokera ku SUPI ndi SUPI kuchokera ku SUCI:

Kutsimikizika

Chitsimikizo choyambirira

Mumanetiweki a 5G, EAP-AKA ndi 5G AKA ndi njira zoyambira zotsimikizira. Tiyeni tigawanitse njira yotsimikizika yoyambira mu magawo awiri: yoyamba ili ndi udindo woyambitsa kutsimikizika ndikusankha njira yotsimikizira, yachiwiri ili ndi udindo wotsimikizirana pakati pa wogwiritsa ntchito ndi intaneti.

Chiyambi

Wogwiritsa amatumiza pempho lolembetsa ku SEAF, lomwe lili ndi ID yobisika ya wosuta SUCI.

SEAF imatumiza ku AUSF uthenga wotsimikizira (Nausf_UEAuthentication_Authenticate Request) wokhala ndi SNN (Serving Network Name) ndi SUPI kapena SUCI.

AUSF imayang'ana ngati wopempha chitsimikiziro cha SEAF amaloledwa kugwiritsa ntchito SNN yopatsidwa. Ngati netiweki yotumizirayo sinaloledwe kugwiritsa ntchito SNN iyi, ndiye kuti AUSF imayankha ndi uthenga wolakwika wololeza "Kutumikira netiweki sikuloledwa" (Nausf_UEAuthentication_Authenticate Response).

Zotsimikizira zikufunsidwa ndi AUSF ku UDM, ARPF kapena SIDF kudzera pa SUPI kapena SUCI ndi SNN.

Kutengera SUPI kapena SUCI komanso zambiri za ogwiritsa ntchito, UDM/ARPF imasankha njira yotsimikizira kuti igwiritse ntchito kenako ndikutulutsa zidziwitso za wogwiritsa ntchito.

Mutual Authentication

Mukamagwiritsa ntchito njira iliyonse yotsimikizira, ntchito za netiweki za UDM/ARPF ziyenera kupanga vekitala yotsimikizika (AV).

EAP-AKA: UDM/ARPF imayamba kupanga vekitala yotsimikizira ndikulekanitsa pang'ono AMF = 1, kenako imapanga CK' и IK' kuchokera CK, IK ndi SNN ndikupanga vekitala yatsopano ya AV (RAND, AUTN, XRES*, CK', IK'), yomwe imatumizidwa ku AUSF ndi malangizo oti mugwiritse ntchito EAP-AKA yokha.

5G AKA: UDM/ARPF imapeza kiyi KAUSF kuchokera CK, IK ndi SNN, pambuyo pake imapanga 5G HE AV. 5G Home Environment Authentication Vector). 5G HE AV kutsimikizika vekitala (RAND, AUTN, XRES, KAUSF) imatumizidwa ku AUSF ndi malangizo oti mugwiritse ntchito kwa 5G kokha AKA.

Pambuyo pa AUSF kiyi ya nangula imapezedwa KSEAF kuchokera ku kiyi KAUSF ndikutumiza pempho ku SEAF "Challenge" mu uthenga "Nausf_UEAuthentication_Authenticate Response", yomwe ilinso ndi RAND, AUTN ndi RES*. Kenaka, RAND ndi AUTN zimatumizidwa ku zipangizo zogwiritsira ntchito pogwiritsa ntchito uthenga wotetezedwa wa NAS. USIM ya wosuta imawerengera RES* kuchokera ku RAND ndi AUTN yolandiridwa ndikuitumiza ku SEAF. SEAF imatumiza mtengo uwu ku AUSF kuti utsimikizire.

AUSF ikuyerekeza XRES* yosungidwa mmenemo ndi RES* yolandiridwa kuchokera kwa wogwiritsa ntchito. Ngati pali machesi, AUSF ndi UDM mu netiweki ya kunyumba ya wogwiritsa ntchitoyo amadziwitsidwa za kutsimikizika kopambana, ndipo wogwiritsa ntchito ndi SEAF amapanga kiyi pawokha. KAMF kuchokera KSEAF ndi SUPI kuti mupitirize kulankhulana.

Kutsimikizika kwachiwiri

Muyezo wa 5G umathandizira kutsimikizika kwachiwiri kwachiwiri kutengera EAP-AKA pakati pa zida za ogwiritsa ntchito ndi netiweki yakunja ya data. Pankhaniyi, SMF imagwira ntchito ya EAP yotsimikizika ndipo imadalira ntchitoyo AAA-seva yakunja yapaintaneti yomwe imatsimikizira ndikuloleza wogwiritsa ntchito.

• Kutsimikizika koyenera koyambirira kwa ogwiritsa ntchito pa intaneti yakunyumba kumachitika ndipo mawonekedwe wamba achitetezo a NAS amapangidwa ndi AMF.
• Wogwiritsa ntchito amatumiza pempho ku AMF kuti akhazikitse gawo.
• AMF imatumiza pempho lokhazikitsa gawo ku SMF kuwonetsa SUPI ya wogwiritsa ntchito.
• SMF imatsimikizira zovomerezeka za wogwiritsa ntchito ku UDM pogwiritsa ntchito SUPI yoperekedwa.
• SMF imatumiza yankho ku pempho kuchokera ku AMF.
• SMF imayambitsa ndondomeko yovomerezeka ya EAP kuti mupeze chilolezo chokhazikitsa gawo kuchokera ku seva ya AAA pa intaneti yakunja. Kuti muchite izi, SMF ndi mauthenga osinthana ndi ogwiritsa ntchito kuti ayambitse njirayi.
• Wogwiritsa ntchito ndi seva yakunja ya AAA ndiye amasinthanitsa mauthenga kuti atsimikizire ndi kuvomereza wogwiritsa ntchito. Pankhaniyi, wogwiritsa ntchito amatumiza mauthenga ku SMF, yomwe imasinthana mauthenga ndi intaneti yakunja kudzera pa UPF.

Pomaliza

Ngakhale mamangidwe achitetezo a 5G amachokera kukugwiritsanso ntchito matekinoloje omwe alipo, amabweretsa zovuta zatsopano. Kuchuluka kwa zida za IoT, kukulitsa malire a maukonde ndi zomanga zokhazikitsidwa ndi ena mwa mfundo zazikuluzikulu za mulingo wa 5G womwe umapereka mwayi waufulu ku malingaliro a ophwanya malamulo apakompyuta.

Muyezo waukulu wa zomangamanga za 5G ndi TS 23.501 mtundu 15.6.0 - ili ndi mfundo zazikuluzikulu za kayendetsedwe ka chitetezo ndi ndondomeko. Makamaka, ikufotokoza ntchito ya VNF iliyonse poonetsetsa chitetezo cha deta ya ogwiritsa ntchito ndi ma node a intaneti, pakupanga makiyi a crypto ndikugwiritsanso ntchito ndondomeko yovomerezeka. Koma ngakhale mulingo uwu sumapereka mayankho pazovuta zachitetezo zomwe zimakumana ndi ogwiritsa ntchito ma telecom nthawi zambiri ma netiweki am'badwo watsopano amapangidwa ndikuyamba kugwira ntchito.

Pachifukwa ichi, ndikufuna kukhulupirira kuti zovuta zogwiritsira ntchito ndi kuteteza maukonde amtundu wa 5 sizingakhudze ogwiritsa ntchito wamba, omwe amalonjezedwa kuti akuthamanga mofulumira ndi mayankho monga mwana wa bwenzi la amayi ndipo ali ofunitsitsa kuyesa zonse. mphamvu zolengezedwa za maukonde a m'badwo watsopano.

maulalo othandiza

3GPP Specification mndandanda
5G chitetezo zomangamanga
5G dongosolo zomangamanga
5G Wiki
Zolemba za 5G zomangamanga
Chiwonetsero chachitetezo cha 5G

Source: www.habr.com