A new scalable authentication and access control mechanism for 5G-based IoT

The fifth generation of mobile networks, 5G, is expected to support a set of many requirements and use cases such as handling connectivity for a massive number of IoT (Internet of Things) devices. Authenticating IoT devices and controlling their access to the network plays a vital role in the security of these devices and of the whole cellular system. In current cellular networks, as well as in 3GPP specifications release 16 on 5G, the AAC (Authentication and Access Control) of IoT devices is done in the same manner as the AAC of MBB (Mobile Broadband) UE (User Equipment). Considering the expected growth of IoT devices, this will likely induce a very high load on the connectivity provider's CN (Core Network) and cause network failures. To manage the AAC of this massive number of devices, we propose an SSAAC (Slice Specific Authentication and Access Control) mechanism that makes use of the flexibility provided by virtualization technologies. This mechanism allows the authentication and access control of IoT devices to be delegated to the 3rd parties providing these devices, thereby decreasing the load of the connectivity provider's CN, while increasing the flexibility and modularity of the whole 5G network. We evaluate the feasibility of our proposal with the OAI (Open Air Interface) open-source platform. Next, we provide a security analysis of the proposal and highlight the security requirements to use with this proposal. We also evaluate the impact of this delegation approach on the network load considering the anticipated number of AAC signaling messages compared to the existing AAC mechanisms in cellular networks. According to these evaluations, our approach is feasible and it would provide cellular networks the opportunity to overcome the security shortcomings in their AAC mechanisms. It also considerably reduces the AAC signaling load on the connectivity provider's CN. (C) 2020 Elsevier B.V. All rights reserved.