LTE的安全标准:
空口安全
LTE安全机制
LTE安全攻击
大部分已知攻击只会影响LTE网络的可用性,不会影响机密性和完整性。
3GPP 5G R15小结
5G R15 架构
这里的架构是说的 SA 、 NSA 吗?
EPS based 5G(NSA option 3)
5GS based 5G(SA options 2 & 4)(NSA options 5 & 7)
安全架构比较安全架构比较:
3G
- Network access security (I): the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link;
- Network domain security (II): the set of security features that enable nodes in the provider domain to securely exchange signalling data, and protect against attacks on the wireline network;
- User domain security (III): the set of security features that secure access to mobile stations;
- Application domain security (IV): the set of security features that enable applications in the user and in the provider domain to securely exchange messages;
- Visibility and configurability of security (V): the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature.
4G和option3
使用5G NGC的option
- 摘自5G网络安全方案-华为
不同
- 3、4G相比,4G多了 ME 、SN 之间的网络接入安全
- 4、5G相比,5G多了 新的安全域“SBA安全域”。
- SBA安全域主要的增强是提供运营商间的端到端安全保护。(运营商端到端的保护不应该是SEPP实现吗)
PLMN间的端到端安全
Security Edge Protection Proxies (SEPP):
- 位于PLMN边界,保护PLMN间交互的控制信令,可消减SS7类攻击的风险。
SEPP通过如下两种方式在PLMN之间建立端到端的安全连接
- TLS (仅适用于SEPP间没有IPX实体的场景)
- 应用层安全机制JOSE
N32应用层安全保护机制
密码算法
要求5G需要具备量子安全的能力
对称加密
非对称加密
统一认证
第三方认证
- 这个第三方认证不大懂
- 在3GPP 5G Security R15中,提到过secondary authentication
SUPI的加密保护
4G时,未加密
5G后,加密
- IMSI和SUPI是什么关系?
5G LI
- 不懂是啥
来源:https://blog.csdn.net/qq_37160773/article/details/102732755