CPPHA: Capability-Based Privacy-Protection Handover Authentication Mechanism for SDN-Based 5G HetNets

Ultra-dense Heterogeneous network (HetNet) technique can significantly improve wireless link quality, spectrum efficiency and system capacity, and satisfy different requirements for coverage in hotspots, which has been viewed as one of the key technologies in fifth Generation (5G) network. Due to the existence of many different types of base stations (BSs) and the complexity of the network topology in the 5G HetNets, there are a lot of new challenges in security and mobility management aspects for this multi-tier 5G architecture including insecure access points and potential frequent handovers among several different types of base stations. In this paper, we integrate user capability and Software Defined Network (SDN) technique, and propose a capability-based privacy protection handover authentication mechanism in SDN-based 5G HetNets. Our proposed scheme can achieve the mutual authentication and key agreement between User Equipments (UEs) and BSs in 5G HetNets at the same time largely reduce the authentication handover cost. We demonstrate that our proposed scheme indeed can provide robust security protection by employing several security analysis methods including the BAN logic and the formal verification tool Scyther. In addition, the performance evaluation results show that our scheme outperforms other existing schemes.