ProHoster > Blog > Utongi > Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Zviripachena, kutora kugadzirwa kwemwero mutsva wekutaurirana pasina kufunga nezve nzira dzekuchengetedza ibasa rinopokana uye risina maturo.

5G Security Architecture - seti yenzira dzekuchengetedza uye maitiro anoitwa mukati 5th chizvarwa network uye kuvhara ese mambure etiweki, kubva pakati kusvika kune redhiyo.

5th chizvarwa network, muchokwadi, shanduko 4th chizvarwa LTE network. Tekinoroji dzekuwana redhiyo dzakachinja zvakanyanya. Kune 5th chizvarwa network, itsva makonzo (Radio Access Technology) - 5G New Radio. Kana iri musimboti wetiweki, haina kuita shanduko dzakakosha zvakadaro. Panyaya iyi, chivakwa chekuchengetedza che5G network chakagadziridzwa nechisimbiso chekushandisa zvakare matekinoroji akakodzera anogamuchirwa muyero ye4G LTE.

Nekudaro, zvakakosha kucherechedza kuti kufunga zvakare kutyisidzira kunozivikanwa sekurwiswa kwemhepo inopindirana uye iyo yekusaina layer (chiratidzo ndege), kurwiswa kweDDOS, Man-In-The-Middle kurwisa, nezvimwewo, zvakakurudzira vafambisi venhare kuti vagadzire zviyero zvitsva uye kubatanidza nzira nyowani dzekuchengetedza mumambure echizvarwa chechishanu.

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Shure

Muna 2015, International Telecommunication Union yakagadzira yekutanga yerudzi rwayo chirongwa chepasirese chekusimudzira chizvarwa chechishanu, ndosaka nyaya yekugadzira nzira dzekuchengetedza uye maitiro mu5G network yanyanya kuoma.

Iyo tekinoroji nyowani yakapa zvinokatyamadza zvekumhanyisa data (kupfuura 1 Gbps), latency isingasviki 1 ms uye kugona kubatanidza panguva imwe chete michina inosvika miriyoni mukati meradius ye1 km1. Izvo zvakanyanya zvinodikanwa zve2th chizvarwa network zvinoratidzwawo mumisimboti yesangano ravo.

Iyo huru yaive decentralization, iyo yaireva kuiswa kweakawanda enzvimbo dhatabhesi nenzvimbo dzadzo dzekugadzirisa panharaunda yetiweki. Izvi zvakaita kuti zvikwanise kuderedza kunonoka kana M2M-kutaurirana uye kudzoreredza network yepakati nekuda kwesevhisi nhamba yakakura yeIoT zvishandiso. Nekudaro, kumucheto kwechizvarwa chinotevera network yakawedzera nzira yese kusvika kune zviteshi zvepasi, zvichibvumira kusikwa kwenzvimbo dzekutaurirana dzenzvimbo uye kupihwa kwemasevhisi emakore pasina njodzi yekunonoka kwakanyanya kana kuramba basa. Nomuzvarirwo, iyo nzira yakachinjika yetiweki uye sevhisi yevatengi yaive yekufarira kune vanorwisa, nekuti yakavhura mikana mitsva yekuti varwise zvese zvakavanzika zvemushandisi ruzivo uye netiweki zvikamu ivo pachavo kuti vakonzerese kuramba sevhisi kana kutora zviwanikwa zvemushandisi zvekombuta.

Kunyanya kusakanganiswa kwe5th generation network

Nzvimbo huru yekurwisa

MorePakuvaka nharembozha dzechizvarwa chechitatu nechina, vafambisi venhare vaiwanzo gumira pakushanda nemumwe kana akati wandei vatengesi vaikurumidza kupa seti yehardware uye software. Ndiko kuti, zvinhu zvose zvinogona kushanda, sezvavanotaura, "kunze kwebhokisi" - zvakanga zvakakwana kungoisa nekugadzirisa midziyo yakatengwa kubva kune mutengesi; pakanga pasina chikonzero chekutsiva kana kuwedzera proprietary software. Maitiro emazuva ano anopikisana neiyi "classical" maitiro uye akanangana nekuona ma network, nzira yevakawanda-vatengesi yekuvaka kwavo uye kusiyanisa kwesoftware. Tekinoroji dzakadai SDN (Chirungu Software Defined Network) uye NFV (Chirungu Network Functions Virtualization), iyo inotungamira mukubatanidzwa kwehuwandu hukuru hwesoftware yakavakirwa pahwaro hweakavhurika sosi macode mumatanho uye mabasa ekutonga ma network ekutaurirana. Izvi zvinopa vanorwisa mukana wekudzidza zvirinani network yemushandisi uye kuona huwandu hukuru hwekusagadzikana, izvo, zvakare, zvinowedzera kurwiswa kwenzvimbo yechizvarwa chitsva network kana ichienzaniswa neazvino.

Nhamba huru yeIoT zvishandiso

MorePakazosvika 2021, inenge 57% yemidziyo yakabatana ne5G network ichave michina yeIoT. Izvi zvinoreva kuti vazhinji vanogamuchira vanozove neashoma cryptographic kugona (ona poindi 2) uye, zvinoenderana, vachave panjodzi yekurwiswa. Huwandu hukuru hwezvishandiso zvakadaro huchawedzera njodzi yekuwanda kwebhotnet uye kuita kuti zvikwanise kuita zvakatonyanya kusimba uye kugovera DDoS kurwisa.

Yakaganhurirwa cryptographic kugona kweIoT zvishandiso

MoreSezvatotaurwa, 5th chizvarwa network zvinoshingairira kushandisa peripheral zvishandiso, izvo zvinoita kuti zvibvire kubvisa chikamu chemutoro kubva kunetiweki core uye nekudaro kuderedza latency. Izvi zvinodikanwa kune masevhisi akakosha sekutonga kwemotokari dzisina munhu, hurongwa hwekunyevera nezve emergency IMS uye vamwe, avo kuona kunonoka kushoma kwakakosha, nekuti hupenyu hwevanhu hunotsamira pazviri. Nekuda kwekubatana kwenhamba huru yemidziyo yeIoT, iyo, nekuda kwehukuru hwayo uye kushomeka kwesimba rekushandisa, ine mashoma mashoma ekushandisa komputa, 5G network inova panjodzi yekurwiswa kwakanangana nekubvuta kutonga uye kunotevera kunyengera kwemidziyo yakadaro. Semuyenzaniso, panogona kuve nemamiriro ezvinhu apo maIoT maturusi ari chikamu chesystem anotapukirwa "Imba yakangwara", mhando dzemarware dzakadai Ransomware uye ransomware. Mamiriro ezvinhu ekubvuta kutonga kwemotokari dzisina munhu dzinogamuchira mirairo uye ruzivo rwekufambisa kuburikidza negore zvinogoneka zvakare. Pakare, kusadzivirirwa uku kunokonzerwa nekuendeswa kwemasimba kune chizvarwa chitsva, asi ndima inotevera inotsanangura dambudziko rekuisa matunhu zvakajeka.

Decentralization uye kuwedzera kwemiganhu network

MoreZvishandiso zvepaperipheral, zvichitamba chinzvimbo chenzvimbo yetiweki cores, fambisa nzira yevashandisi traffic, kugadzirisa zvikumbiro, pamwe ne caching yemuno uye kuchengetedza data remushandisi. Nekudaro, miganhu ye5th chizvarwa network iri kuwedzera, kuwedzera kune yakakosha, kune periphery, kusanganisira yemunharaunda dhatabhesi uye 5G-NR (5G New Radio) radio interfaces. Izvi zvinogadzira mukana wekurwisa zviwanikwa zvekombuta zvemidziyo yemuno, iyo iri priori isina kusimba yakadzivirirwa kupfuura iyo yepakati node yetiweki core, nechinangwa chekukonzera kuramba basa. Izvi zvinogona kukonzera kubviswa kweInternet kuwana nzvimbo dzese, kusashanda zvisirizvo kweIoT zvishandiso (somuenzaniso, mune smart home system), pamwe nekusavapo kweIMS emergency alert service.

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Nekudaro, ETSI uye 3GPP ikozvino yakaburitsa zvinopfuura 10 zviyero zvinofukidza zvakasiyana-siyana zve5G network kuchengetedza. Iyo yakawanda yemaitiro anotsanangurwa ipapo ane chinangwa chekudzivirira kubva panjodzi (kusanganisira idzo dzatsanangurwa pamusoro). Chimwe chezvikuru ndiyo chiyero TS 23.501 shanduro 15.6.0, inotsanangura kuchengetedzwa kwezvivakwa zve5th generation network.

5G zvivakwa

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa
Chekutanga, ngatitendeukirei kumisimboti yakakosha ye5G network architecture, iyo ichawedzera kuburitsa zvizere zvinoreva uye nzvimbo dzemutoro wega wega software module uye yega yega 5G kuchengetedza basa.

  • Kupatsanurwa kwetiweki node kuita zvinhu zvinovimbisa kushanda kweprotocol custom ndege (kubva kuChirungu UP - Mushandisi Ndege) uye zvinhu zvinovimbisa kushanda kweprotocol kudzora ndege (kubva kuChirungu CP - Kudzora Ndege), iyo inowedzera kuchinjika maererano nekuyera uye kutumirwa kwetiweki, i.e. centralized kana decentralized kuiswa kwega yega chikamu network node zvinogoneka.
  • Kutsigira kweMechanism network slicing, zvichibva pamasevhisi anopihwa kumapoka chaiwo evashandisi vekupedzisira.
  • Kuitwa kwezvinhu zve network mune fomu virtual network mabasa.
  • Tsigiro yekuwana panguva imwe chete kune epakati uye emunharaunda masevhisi, i.e. kuitiswa kwemafu concepts (kubva kuChirungu. fog computing) uye muganhu (kubva kuChirungu. edge computing) masvomhu.
  • Kutevedzera convergent zvivakwa zvinosanganisa marudzi akasiyana ekuwana network - 3GPP 5G New Radio uye isiri-3GPP (Wi-Fi, nezvimwewo) - ine imwechete network core.
  • Tsigiro yemayunifomu algorithms uye echokwadi maitiro, zvisinei nerudzi rwekuwana network.
  • Tsigiro yezvisina state network mabasa, umo iyo computed sosi inoparadzaniswa kubva kune resource store.
  • Tsigiro yekufamba netraffic routing zvese kuburikidza netiweki yekumba (kubva kuRungu-yekudzungaira kumba) uye ne "kumhara" kwenzvimbo (kubva kuChirungu kubhuroka kwenzvimbo) mune network yevaenzi.
  • Kudyidzana pakati pe network mabasa anomiririrwa nenzira mbiri: service-oriented ΠΈ interface.

Iyo 5th chizvarwa network kuchengetedza pfungwa inosanganisira:

  • Kuvimbiswa kwemushandisi kubva kunetiweki.
  • Netiweki yechokwadi nemushandisi.
  • Kukurukurirana kwekriptographic kiyi pakati petiweki nemidziyo yemushandisi.
  • Encryption uye kutendeseka kudzora kwekusaina traffic.
  • Encryption uye kutonga kwekuvimbika kwemushandisi traffic.
  • Kudzivirirwa ID yemushandisi.
  • Kuchengetedza kupindirana pakati pezvinhu zvakasiyana zvetiweki zvinoenderana nepfungwa yetiweki yekuchengetedza domain.
  • Kuparadzaniswa kwezvikamu zvakasiyana zvemashini network slicing uye kutsanangura imwe neimwe layer's own security levels.
  • Kuvimbika kwemushandisi uye kuchengetedza traffic padanho rekupedzisira masevhisi (IMS, IoT nevamwe).

Key software modules uye 5G network kuchengetedza maficha

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa AMF (kubva kuChirungu Kuwana & Mobility Management Basa - kuwana uye kufamba manejimendi basa) - inopa:

  • Sangano rekutonga ndege inopindirana.
  • Sangano rekuisa chiratidzo chekuchinjana kwemotokari CRR, encryption uye kudzivirira kwekuvimbika kwe data rayo.
  • Sangano rekuisa chiratidzo chekuchinjana kwemotokari Psalms, encryption uye kudzivirira kwekuvimbika kwe data rayo.
  • Kugadzirisa kunyoreswa kwemidziyo yemushandisi pane network uye nekutarisa zvinokwanisika kunyoresa nyika.
  • Kugadzirisa kubatana kwemidziyo yemushandisi kunetiweki uye yekutarisa inogoneka nyika.
  • Dzora kuwanikwa kwemidziyo yemushandisi pane network muCM-IDLE state.
  • Kufambisa manejimendi emidziyo yemushandisi mune network muCM-CONNECTED state.
  • Kuendesa mameseji mapfupi pakati pemidziyo yemushandisi uye SMF.
  • Kutungamira masevhisi enzvimbo.
  • Thread ID allocation EPS kusangana neEPS.

SMF (Chirungu: Session Management Function - session management function) - inopa:

  • Kukurukurirana kwesesheni manejimendi, kureva kugadzira, kugadzirisa uye kuburitsa zvikamu, kusanganisira kuchengetedza mugero pakati peiyo network yekuwana neUPF.
  • Kugovera uye manejimendi eIP kero yemidziyo yemushandisi.
  • Kusarudza UPF gedhi rekushandisa.
  • Sangano rekudyidzana nePCF.
  • Policy enforcement management QoS.
  • Kugadziriswa kweDynamic yemidziyo yemushandisi uchishandisa iyo DHCPv4 uye DHCPv6 protocol.
  • Kuongorora kuunganidzwa kwedata remutero uye kuronga kudyidzana nehurongwa hwekubhadharisa.
  • Seamless kupihwa kwesevhisi (kubva kuChirungu. SSC - Session uye Service Kuenderera mberi).
  • Kudyidzana nevaenzi network mukati roaming.

UPF (Chirungu Mushandisi Ndege Basa - mushandisi ndege basa) - inopa:

  • Kudyidzana nekunze data network, kusanganisira iyo Internet yepasirese.
  • Kuendesa mapaketi evashandisi.
  • Kumaka emapaketi zvinoenderana neQoS marongero.
  • Mushandisi pasuru diagnostics (semuenzaniso, siginecha-yakavakirwa application yekuona).
  • Kupa mishumo pamusoro pekushandiswa kwetraffic.
  • UPF zvakare ndiyo nzvimbo yekusimbisa yekutsigira kufamba mukati uye pakati peakasiyana eredhiyo kuwana matekinoroji.

UDM (Chirungu Unified Data Management - database yakabatana) - inopa:

  • Kugadzirisa data remushandisi, kusanganisira kuchengetedza uye kugadzirisa runyorwa rwemasevhisi anowanikwa kune vashandisi uye anoenderana ma paramita.
  • Hurumende SUPI
  • Gadzira 3GPP yechokwadi zvitupa AKA.
  • Svika mvumo yakavakirwa paprofile data (semuenzaniso, zvirambidzo zvekutenderera).
  • Kunyoreswa kwemushandisi manejimendi, kureva kuchengetedza kwekushandira AMF.
  • Tsigiro yeasina musono sevhisi uye masesheni ekutaurirana, kureva kuchengetedza iyo SMF yakapihwa kune yazvino yekutaurirana chikamu.
  • SMS kutumira manejimendi.
  • MaUDM akati wandei anogona kushandira mushandisi mumwechete pane akasiyana kutengeserana.

UDR (ChiRungu Unified Data Repository - kuchengetwa kwedata rakabatana) - inopa kuchengetwa kweakasiyana-siyana data data uye iri, chokwadi, dhatabhesi yevose vanonyorera network.

UDSF (Chirungu Unstructured Data Storage Function - isina kurongeka data yekuchengetedza basa) - inovimbisa kuti AMF modules inochengetedza mamiriro ezvinhu ezvino evashandisi vakanyoresa. Kazhinji, ruzivo urwu runogona kuratidzwa se data yechimiro chisingagumi. Mamiriro emushandisi anogona kushandiswa kuve nechokwadi chekusagadzikana uye kusingakanganiswe kunyoresa masesheni, zvese panguva yakarongwa yekubviswa kweimwe yeAMFs kubva kubasa, uye kana paine emergency. Muzviitiko zvese izvi, iyo backup AMF "ichatora" sevhisi ichishandisa mamiriro akachengetwa muUSDF.

Kubatanidza UDR neUDSF papuratifomu imwechete yemuviri ndeyekuitwa kweaya mabasa etiweki.

CPF (ChiRungu: Policy Control Function - policy control function) - inogadzira uye inopa mamwe marongero ebasa kune vashandisi, kusanganisira QoS paramita uye yekuchaja mitemo. Semuyenzaniso, kuendesa imwe kana imwe mhando yetraffic, chaiwo machani ane akasiyana maitiro anogona kugadzirwa zvine simba. Panguva imwecheteyo, zvinodiwa zvebasa rakakumbirwa nemunyoreri, chiyero chekusangana kwetiweki, huwandu hwemotokari inopedzwa, nezvimwe zvinogona kuverengerwa.

NEF (Chirungu Network Exposure Function - network exposure function) - inopa:

  • Sangano rekubatana kwakachengeteka kwemapuratifomu ekunze uye maapplication ane network core.
  • Tonga QoS paramita uye kubhadharisa mitemo kune chaivo vashandisi.

SEAF (ChiRungu Chengetedzo Anchor Basa - anchor chengetedzo basa) - pamwe neAUSF, inopa huchokwadi hwevashandisi pavanonyoresa pane network nechero tekinoroji yekuwana.

AUSF (ChiRungu Authentication Server Function - authentication server function) - inotamba sevha yekusimbisa iyo inogamuchira uye inogadzirisa zvikumbiro kubva kuSEAF uye yozvidzosera kuARPF.

ARPF (Chirungu: Authentication Credential Repository and Processing Function - basa rekuchengetedza uye kugadzirisa magwaro echokwadi) - inopa kuchengetedza kwemunhu zvakavanzika makiyi (KI) uye parameters ye cryptographic algorithms, pamwe nekugadzirwa kwevectors echokwadi maererano ne5G-AKA kana UYE AP-AKA. Inowanikwa munzvimbo yedata yeimba telecom operator, yakachengetedzwa kubva kune ekunze maitiro emuviri, uye, sekutonga, inosanganiswa neUDM.

SCMF (Chirungu Chekuchengetedza Context Management Basa - manejimendi basa kuchengetedza mamiriro) - Inopa hupenyu hwekutenderera kweiyo 5G kuchengetedza mamiriro.

SPCF (ChiRungu Chengetedzo Yekudzora Policy Basa - kuchengetedza mutemo manejimendi basa) - inovimbisa kurongeka uye kushandiswa kwemitemo yekuchengetedza zvine chekuita nevashandisi chaivo. Izvi zvinotarisa kugona kwetiweki, kugona kwemushandisi wemidziyo uye zvinodikanwa zveiyo chaiyo sevhisi (semuenzaniso, mazinga edziviriro anopihwa neakakosha ekutaurirana sevhisi uye isina waya Broadband Internet access service inogona kusiyana). Kushandiswa kwemitemo yekuchengetedza kunosanganisira: kusarudzwa kweAUSF, kusarudzwa kwekusimbisa algorithm, kusarudzwa kwedata encryption uye kutendeseka kutonga algorithms, kutsunga kwehurefu uye kutenderera kwehupenyu hwekiyi.

SIDF (ChiRungu Subscription Identifier De-cocealing Function - mushandisi identifier extraction function) - inova nechokwadi chekutorwa kwemunyoreri chiziviso chekusingaperi (Shona SUPI) kubva kune yakavanzika identifier (Shona SUCI), yakagamuchirwa sechikamu chekukumbira kwechokwadi maitiro "Auth Info Req".

Basic kuchengetedza zvinodiwa zve5G kutaurirana network

MoreKuvimbiswa kwemushandisi: Iyo inoshumira 5G network inofanirwa kutsigira SUPI yemushandisi mu5G AKA maitiro pakati pemushandisi netiweki.

Kushandira Network Authentication: Mushandisi anofanira kutendesa iyo 5G inoshumira network ID, ine chokwadi chinowanikwa kuburikidza nekubudirira kushandiswa kwemakiyi akawanikwa kuburikidza ne5G AKA maitiro.

Mvumo yemushandisi: Iyo inoshumirwa network inofanirwa kubvumidza mushandisi kushandisa iyo mushandisi profiles yakagamuchirwa kubva kumba telecom opareta network.

Mvumo yetiweki inoshumira nenetiweki yemusha+ Mvumo inobuda mupfungwa yekuti inovimbiswa nekupedzwa kwakabudirira kweiyo 5G AKA maitiro.

Mvumo yetiweki yekuwana nenetiweki yemusha+ Mvumo inobuda mupfungwa yekuti inosimbiswa nekubudirira kumisa chengetedzo yetiweki yekuwana. Rudzi urwu rwemvumo runofanira kushandiswa kune chero mhando yekuwana network.

Masevhisi echimbichimbi asina kutenderwa: Kuti isangane nezvinodiwa zvekutonga mune mamwe matunhu, 5G network inofanirwa kupa isina kutenderwa kuwana kune emergency masevhisi.

Network musimboti uye redhiyo yekuwana network: Iyo 5G network core uye 5G redhiyo yekuwana network inofanirwa kutsigira kushandiswa kwe128-bit encryption uye kutendeseka algorithms kuchengetedza kuchengetedzwa. AS ΠΈ Psalms. Network interfaces inofanirwa kutsigira 256-bit encryption kiyi.

Basic kuchengetedza zvinodiwa zvekushandisa mushandisi

More

  • Midziyo yemushandisi inofanirwa kutsigira encryption, kuchengetedzwa kwekuvimbika, uye dziviriro kubva kurwiswa replay kune data yemushandisi inofambiswa pakati payo neredhiyo yekuwana network.
  • Chishandiso chemushandisi chinofanirwa kumisikidza encryption uye data kutendeseka nzira dzekudzivirira sekurairwa neredhiyo yekuwana network.
  • Zvishandiso zvemushandisi zvinofanirwa kutsigira encryption, kuchengetedzwa kwekuvimbika, uye dziviriro kubva pakurwiswa kweRRC neNAS kusaina traffic.
  • Zvishandiso zvemushandisi zvinofanirwa kutsigira zvinotevera cryptographic algorithms: NEA0, NIA0, 128-NEA1, 128-NIA1, 128-NEA2, 128-NIA2
  • Zvishandiso zvemushandisi zvinogona kutsigira zvinotevera cryptographic algorithms: 128-NEA3, 128-NIA3.
  • Zvishandiso zvemushandisi zvinofanirwa kutsigira zvinotevera cryptographic algorithms: 128-EEA1, 128-EEA2, 128-EIA1, 128-EIA2 kana ichitsigira kubatana kune E-UTRA redhiyo yekuwana network.
  • Kudzivirirwa kwekuvanzika kwe data yemushandisi inofambiswa pakati pemudziyo wemushandisi neredhiyo yekupinda network ndeyekusarudza, asi inofanirwa kupihwa pese pazvinobvumidzwa nemutemo.
  • Kudzivirirwa kwekuvanzika kweRRC uye NAS kusaina traffic ndeye sarudzo.
  • Kiyi yechigarire yemushandisi inofanirwa kuchengetedzwa uye kuchengetwa muzvikamu zvakachengetedzwa zvakanaka zvemidziyo yemushandisi.
  • Chiziviso chekunyoresa chemunyoreri hachifanirwe kufambiswa nemavara akajeka pamusoro peredhiyo yekuwana network kunze kweruzivo rwunodiwa panzira chaiyo (semuenzaniso. MCC ΠΈ MNC).
  • kiyi yeruzhinji yevashandisi vemba, kiyi inozivisa, chiziviso chechirongwa chekuchengetedza, uye chiziviso chenzira zvinofanirwa kuchengetwa mukati. USIM.

Imwe neimwe encryption algorithm inosanganiswa nenhamba yebhinari:

  • "0000": NEA0 - Null ciphering algorithm
  • "0001": 128-NEA1 - 128-bit chando 3G yakavakirwa algorithm
  • "0010" 128-NEA2 - 128-bit AES based algorithm
  • "0011" 128-NEA3 - 128-bit ZUC based algorithm.

Data encryption uchishandisa 128-NEA1 uye 128-NEA2Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

PS Dunhu rakakweretwa kubva TS 133.501

Chizvarwa chekumisikidzwa kuisirwa nealgorithms 128-NIA1 uye 128-NIA2 kuve nechokwadi chekuvimbika.Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

PS Dunhu rakakweretwa kubva TS 133.501

Basic kuchengetedza zvinodiwa zve5G network mabasa

More

  • AMF inofanirwa kutsigira yekutanga kuvimbiswa uchishandisa SUCI.
  • SEAF inofanirwa kutsigira kusimbiswa kwekutanga uchishandisa SUCI.
  • UDM neARPF dzinofanirwa kuchengetedza kiyi yemushandisi zvachose uye kuona kuti yakadzivirirwa kubva pakubiwa.
  • Iyo AUSF inongopa SUPI kune yemuno sevhisi network pane yakabudirira yekutanga kusimbiswa uchishandisa SUCI.
  • NEF haifanire kutumira yakavanzika yepakati network ruzivo kunze kweiyo opareta yekuchengetedza domain.

Basic Safety Procedures

Trust Domains

Muchishanu chizvarwa network, kuvimba mune network zvinhu zvinodzikira sezvo zvinhu zvinofamba kubva kunetiweki musimboti. Iyi pfungwa inokanganisa sarudzo dzinoitwa mu5G kuchengetedza architecture. Nekudaro, isu tinokwanisa kutaura nezve yekuvimba modhi ye5G network inosarudza maitiro etiweki kuchengetedza nzira.

Padivi remushandisi, iyo trust domain inoumbwa neUICC uye USIM.

Padivi retiweki, iyo trust domain ine yakanyanya kuomarara chimiro.

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa Redhiyo yekupinda network yakakamurwa kuita zvikamu zviviri - DU (kubva kuChirungu Distributed Units - distributed network units) uye CU (kubva kuChirungu Central Units - zvikamu zvepakati zvetiweki). Pamwe chete vanoumba gNB - radio interface ye5G network base station. MaDU haana mukana wakananga kune data remushandisi sezvo achigona kuisirwa pane zvisina kudzivirirwa zvivakwa zvikamu. MaCU anofanirwa kuiswa muzvikamu zvakachengetedzwa network, sezvo ivo vane basa rekumisa traffic kubva kuAS nzira dzekuchengetedza. Pakati pemambure panowanikwa AMF, iyo inomisa traffic kubva kuNAS kuchengetedza nzira. Ikozvino 3GPP 5G Phase 1 tsanangudzo inotsanangura musanganiswa AMF nebasa rekuchengetedza SEAF, ine midzi kiyi (inozivikanwawo se "anchor kiyi") yeiyo yakashanyirwa (kushumira) network. AUSF ine basa rekuchengeta kiyi inowanikwa mushure mekubudirira kwechokwadi. Izvo zvinodikanwa kuti ishandiswezve mumamiriro ezvinhu apo mushandisi anobatanidzwa panguva imwe chete kune akati wandei nhepfenyuro yeredhiyo. ARPF inochengetedza zvitupa zvevashandisi uye inofananidzira USIM yevanyoreri. UDR ΠΈ UDM chengetedza ruzivo rwemushandisi, rwunoshandiswa kuona pfungwa yekugadzira zvitupa, maID ID, kuve nechokwadi chekuenderera kwechikamu, nezvimwe.

Hierarchy yemakiyi uye zvirongwa zvavo zvekugovera

Mune 5th chizvarwa network, kusiyana ne4G-LTE network, nzira yekusimbisa ine zvikamu zviviri: yekutanga uye yechipiri kusimbiswa. Yekutanga yechokwadi inodiwa kune ese evashandisi zvishandiso zvinobatana kune network. Chechipiri chechokwadi chinogona kuitwa pakukumbira kubva kune ekunze network, kana munyoreri akabatana navo.

Mushure mekubudirira kupedzwa kwekusimbisa kwekutanga uye kuvandudzwa kwekiyi yakagovaniswa K pakati pemushandisi netiweki, KSEAF inotorwa kubva kukiyi K - yakakosha anchor (mudzi) kiyi yetiweki yekushumira. Zvadaro, makiyi anogadzirwa kubva kukiyi iyi kuve nechokwadi chekuvanzika uye kutendeseka kweRRC neNAS inosaina traffic traffic.

Dhiyagiramu ine tsananguroNhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa
Mazita:
CK Cipher Key
IK (Chirungu: Integrity Key) - kiyi inoshandiswa mukuchengetedza data kuvimbika nzira.
CK' (eng. Cipher Key) - imwe cryptographic kiyi yakagadzirwa kubva kuCK yeEAP-AKA michina.
IK' (Chirungu Integrity Key) - imwe kiyi inoshandiswa mukuchengetedza data kuvimbika nzira dzeEAP-AKA.
KAUSF - inogadzirwa neiyo ARPF basa uye mushandisi zvishandiso kubva CK ΠΈ IK panguva ye5G AKA uye EAP-AKA.
KSEAF - anchor kiyi yakawanikwa neiyo AUSF basa kubva kiyi KAMFAUSF.
KAMF - kiyi yakawanikwa nebasa reSEAF kubva kukiyi KSEAF.
KNASint, KNASenc - makiyi akawanikwa neAMF basa kubva kukiyi KAMF kuchengetedza NAS inosaina traffic.
KRRCint, KRRCenc - makiyi akawanikwa neAMF basa kubva kukiyi KAMF kuchengetedza RRC kusaina traffic.
KUPint, KUPenc - makiyi akawanikwa neAMF basa kubva kukiyi KAMF kuchengetedza AS kusaina traffic.
NH - kiyi yepakati yakawanikwa neiyo AMF basa kubva kukiyi KAMF kuve nechokwadi chekuchengetedza data panguva yekupa.
KgNB - kiyi inowanikwa neAMF basa kubva kukiyi KAMF kuve nechokwadi chekuchengetedzwa kwemaitiro ekufambisa.

Zvirongwa zvekugadzira SUCI kubva kuSUPI uye zvinopesana

Zvirongwa zvekuwana SUPI uye SUCI

Kugadzirwa kweSUCI kubva kuSUPI uye SUPI kubva kuSUCI:
Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Kusimbiswa

Primary authentication

Mune 5G network, EAP-AKA uye 5G AKA ndiyo yakajairwa nzira dzekutanga dzekusimbisa. Ngatipatsanurei nzira yekutanga yekusimbisa kuita zvikamu zviviri: yekutanga ine basa rekutanga humbowo uye kusarudza nzira yechokwadi, chechipiri ine basa rekubatana pakati pemushandisi netiweki.

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

Kutanga

Mushandisi anoendesa chikumbiro chekunyoresa kuSEAF, iyo ine yakavanzika yemushandisi yekunyoreswa ID SUCI.

SEAF inotumira kuAUSF meseji yekukumbira yechokwadi (Nausf_UEAuthentication_Authenticate Chikumbiro) ine SNN (Serving Network Name) uye SUPI kana SUCI.

AUSF inotarisa kana iyo SEAF yechokwadi inokumbira inotenderwa kushandisa yakapihwa SNN. Kana network inoshumira isina mvumo yekushandisa iyi SNN, ipapo AUSF inopindura nemvumo yekukanganisa meseji "Kubatira network isina kubvumidzwa" (Nausf_UEAuthentication_Authenticate Response).

Mvumo yehuchokwadi inokumbirwa neAUSF kuUDM, ARPF kana SIDF kuburikidza neSUPI kana SUCI neSNN.

Zvichienderana neSUPI kana SUCI uye ruzivo rwemushandisi, UDM/ARPF inosarudza nzira yechokwadi yekushandisa inotevera uye inopa magwaro emushandisi.

Mutual Authentication

Paunenge uchishandisa chero nzira yechokwadi, iyo UDM/ARPF network mabasa anofanirwa kugadzira vector yekusimbisa (AV).

EAP-AKA: UDM/ARPF inotanga kuburitsa vheti yekusimbisa ine kupatsanura bit AMF = 1, yobva yagadzira. CK' ΠΈ IK' kubva CK, IK uye SNN uye inoumba itsva AV yekusimbisa vector (RAND, AUTN, XRES*, CK', IK'), iyo inotumirwa kuAUSF nemirairo yekuishandisa chete kuEAP-AKA.

5G AKA: UDM/ARPF inowana kiyi KAUSF kubva CK, IK uye SNN, mushure mezvo inogadzira 5G HE AV. 5G Kumba Kwemamiriro Ekusimbisa Vector). 5G HE AV yekusimbisa vector (RAND, AUTN, XRES, KAUSF) inotumirwa kuAUSF nemirayiridzo yekuishandisa ku5G chete AKA.

Mushure meizvi AUSF kiyi yeanchor inowanikwa KSEAF kubva kiyi KAUSF uye inotumira chikumbiro kuSEAF "Challenge" mumeseji "Nausf_UEAuthentication_Authenticate Response", iyo ine zvakare RAND, AUTN uye RES*. Tevere, iyo RAND neAUTN inotumirwa kune mushandisi zvishandiso uchishandisa yakachengeteka NAS siginecha meseji. USIM yemushandisi inoverenga RES* kubva kune yakagamuchirwa RAND uye AUTN uye inotumira kuSEAF. SEAF inodzosera kukosha uku kuAUSF kuti ionekwe.

AUSF inofananidza iyo XRES * yakachengetwa mairi uye iyo RES * yakagamuchirwa kubva kumushandisi. Kana paine mutambo, iyo AUSF neUDM mumusha wemushandi network inoziviswa nezve yakabudirira yechokwadi, uye mushandisi neSEAF vanozvimiririra vanogadzira kiyi. KAMF kubva KSEAF uye SUPI yekumwe kutaurirana.

Secondary authentication

Iyo 5G yakajairwa inotsigira yekusarudzika yechipiri kusimbiswa kwakavakirwa paEAP-AKA pakati pemichina yemushandisi neyekunze data network. Muchiitiko ichi, SMF inobata basa reEAP authenticator uye inovimba nebasa AAA-an ekunze network server inotendesa uye inobvumidza mushandisi.

Nhanganyaya ye5G Chengetedzo Architecture: NFV, Keys uye 2 Kusimbisa

  • Inosungirwa kutanga mushandisi kutendeseka pane network yemba inoitika uye yakajairika NAS yekuchengetedza mamiriro inogadzirwa neAMF.
  • Mushandisi anotumira chikumbiro kuAMF kuti imise musangano.
  • AMF inotumira chikumbiro chekumisikidza chikamu kuSMF inoratidza SUPI yemushandisi.
  • SMF inosimbisa zvitupa zvemushandisi muUDM ichishandisa iyo yakapihwa SUPI.
  • Iyo SMF inotumira mhinduro kuchikumbiro kubva kuAMF.
  • SMF inotanga iyo EAP yekusimbisa maitiro kuti iwane mvumo yekumisikidza chikamu kubva kuAAA server pane yekunze network. Kuti uite izvi, iyo SMF uye mushandisi anotsinhana mameseji ekutanga maitiro.
  • Mushandisi uye wekunze network AAA server anobva achinjana mameseji kuratidza uye kubvumidza mushandisi. Muchiitiko ichi, mushandisi anotumira mameseji kuSMF, iyo inochinjana mameseji neyekunze network kuburikidza neUPF.

mhedziso

Kunyangwe iyo 5G yekuchengetedza dhizaini yakavakirwa pakushandisa zvakare matekinoroji aripo, inounza matambudziko matsva zvachose. Huwandu hukuru hwemidziyo yeIoT, yakawedzerwa miganhu yetiweki uye yakatemerwa zvivakwa zvezvivakwa zvinongori zvemamwe misimboti akakosha eiyo 5G chiyero chinopa mahara fungidziro yecybercriminals.

Iyo yakakosha chiyero che5G kuchengetedza architecture ndeye TS 23.501 shanduro 15.6.0 - ine mapoinzi akakosha ekushanda kwemaitiro ekuchengetedza uye maitiro. Kunyanya, inotsanangura basa reVNF yega yega mukuchengetedza kuchengetedzwa kwe data yevashandisi uye network node, mukugadzira makiyi e crypto uye mukushandisa nzira yekusimbisa. Asi kunyangwe chiyero ichi hachipe mhinduro kune kudzvanya chengetedzo nyaya dzinosangana nevanofambisa telecom kazhinji iyo yakanyanya kusimba chizvarwa network inogadzirwa uye kuiswa mukushanda.

Panyaya iyi, ndinoda kutenda kuti kuomerwa kwekushanda nekudzivirira 5th chizvarwa network hazvizokanganisa vashandisiwo zvavo, avo vanovimbiswa kukurumidza kufambisa uye mhinduro semwanakomana weshamwari yaamai uye vatove nechido chekuedza zvese. izvo zvakaziviswa kugona kwemanetiweki echizvarwa chitsva.

Useful links

3GPP Specification series
5G kuchengetedza zvivakwa
5G system architecture
5G Wiki
5G zvinyorwa zvekuvaka
5G chengetedzo yekutarisa

Source: www.habr.com

Voeg