A Business Process-Based Security Enhancement Scheme for the Network Function Service Access Procedure in the 5G Core Network

Abstract

As the signaling processing center of 5G, the security and stability of the 5G Core Network (5GC) are of great importance for 5G. The current 5GC consists of multiple mutually independent Network Functions (NFs). However, the NF service access procedure does not match NF service requests and business processes. NFs can request authorized services for access at any time, which poses a security threat to NFs and user data. This paper proposes a security enhancement scheme for NF service access procedures based on the business process, which realizes the management of the NF business process. The NRF adds a token identifier field bound to the business process in the access token and establishes an access token repository to store the token identifier. NF Service Producer introduces an access token re-signature mechanism and a shared repository of responded access tokens. The security of the proposed scheme is verified by theoretical analysis and formal analysis, and the performance of the proposed scheme is evaluated in terms of response rate and resource consumption. The experimental results show that the proposed scheme can meet the security requirement with little efficiency degradation under the condition of increasing certain resource loss.