Because the 5G network needs to support multiple access technologies (such as WLAN, LTE, fixed network, 5G new wireless access technology), and support a variety of terminal devices, for example, some devices have strong capabilities and support (U)SIM card security mechanisms; some The device has weak capabilities and only supports lightweight security functions. Therefore, there are various security credentials, such as symmetric security credentials and asymmetric security credentials. Therefore, 5G network security needs to support the management of multiple security credentials, including symmetric security credential management and asymmetric security credential management. fibconet.com Fiber optic Y cable splitter Fiber optic Y cable splitter
- Symmetric Security Credential Management
The symmetric security credential management mechanism facilitates the centralized management of users by operators. For example, digital identity management based on (U)SIM card is a typical symmetric security credential management, and its authentication mechanism has been widely trusted by service providers and users. fibconet.com Fiber optic Y cable splitter - Asymmetric Security Credential Management
The use of asymmetric security credential management can realize identity management and access authentication in IoT scenarios, shorten the authentication chain, achieve fast and secure access, and reduce authentication overhead; at the same time, it can relieve the pressure on the core network, avoid signaling storms and the high concentration of authentication nodes. the risk of bottlenecks.
Facing hundreds of billions of connections in the Internet of Things, the single-user authentication scheme based on (U)SIM card is expensive. In order to reduce the cost of authentication and identity management of IoT devices, asymmetric security credential management mechanism can be adopted. fibconet.com Fiber optic Y cable splitter - Asymmetric security credential management mainly includes the following two branches:
Certificate mechanism and identity-based security IBC (identity-based cryptography) mechanism. Among them, the certificate mechanism is a relatively mature asymmetric security credential management mechanism, which has been widely used in finance and CA (certificate center) and other businesses, but the certificate complexity is high; and based on IBC identity management, the device ID can be used as its public key. , it does not need to send a certificate during authentication, which has the advantage of high transmission efficiency. Identity management corresponding to IBC is easy to associate with network/application ID, and identity management policies can be flexibly formulated or modified. fibconet.com Fiber optic Y cable splitter Fiber optic Y cable splitter - The asymmetric key system has the characteristics of natural decentralization, there is no need to save the keys of all terminal devices on the network side, and there is no need to deploy a permanent online centralized identity management node. The network authentication node can be deployed in a decentralized manner, such as moving to the edge of the network as follows. The authentication of the terminal and the network does not need to access the user identity database in the network center. fibconet.com Fiber optic Y cable splitter Fiber optic Y cable splitter
