With the advent of 5G commercialization, the larger network behind it needs to be noted: security. At the "Fourth Internet Security Leadership Summit (CSS2018)" held last week, Wu Hequan, academician of the Chinese Academy of Engineering and chairman of the Internet Society of China, mentioned when talking about security topics: 5G terminal access identity authentication, 5G terminal security, Network slicing, Internet of Things, Internet of Vehicles and other aspects of security issues are different from the previous 3G/4G requirements, so the challenges will be more complicated. Therefore, it is necessary to plan ahead for 5G security issues before the arrival of 5G. In terms of identity authentication for access, when a mobile user attaches to the network for the first time, the long-term identity (IMSI) of the 3G/4G terminal will be directly transmitted in the channel in plain text, and the user's identity will be disclosed. However, 5G adds a public key set by the operator to the USIM card. The public key directly encrypts the user's SUPI (ie IMSI) into SUCI, and the network uses the private key to decrypt it, thereby protecting the user's identity from eavesdropping attacks. It is reported that 3GPP has given the recommended SUCI encryption scheme in TR33.899. After the mobile management entity obtains the IMSI, it will allocate temporary identity information GUTI/TMSI to the USIM for subsequent communication. In terms of authentication protocols, the types of devices facing 5G are no longer single, and it is also difficult to issue consistent identity credentials for different devices. Vertical industries will have some dedicated authentication mechanisms. Therefore, 5G also needs to realize the transition from a single identity management method that is not available with USIM cards to flexible and diverse identity management methods, as well as the management of the entire life cycle of the generation, issuance, and cancellation of the involved identity credentials. Then, 5G will use EAP-AKA to achieve mutual authentication under a unified framework, support non-3GPP access, and use 5G-AKA to enhance home network control. In addition to the original authentication, authentication services can also be provided with the aid of third-party secondary authentication. At the same time, group authentication is required for massive IOT connections, and V2V fast authentication is required for Internet of Vehicles. The key distribution process is issued to each authentication node at the edge of the network, effectively preventing the signaling impact on the centralized authentication center deployed in the middle of the network. In addition, because 5G access networks include LTE access networks, attackers may induce users to LTE access methods, leading to dimensionality reduction attacks against privacy leakage. 5G privacy protection also needs to consider such security threats. According to Wu Hequan: General 5G terminal security requirements include the confidentiality protection of user signaling data, the secure storage and processing of contract credentials, and user privacy protection. The special security requirements for 5G terminals include: uRLLC terminals need to support high-security and high-reliability security mechanisms; for mMTC terminals, light-weight security algorithms and protocols need to be supported; for some special industries, special security chips are required and customized Operating system and specific application store. At the same time, in terms of network-based and UE assistance, UE terminal equipment is responsible for collecting information and reporting information such as the CI and signal strength of neighboring base stations to the network through measurement reports. The network combines network topology, configuration information and other related data to perform all data Comprehensive analysis, confirm whether there is a pseudo base station in a certain area, at the same time, through GPS and triangulation and other positioning technology to lock the location of the pseudo base station, so as to completely combat the pseudo base station. The isolation of different slices is the basic requirement of the slice network. Each slice needs to be pre-configured with a slice ID. The terminal (UE) needs to provide the slice ID when attaching to the network, and the home server (HSS) requests it according to the terminal. It is necessary to take security measures and algorithms corresponding to the slice ID from the slice security server (SSS), and create an authentication vector bound to the slice ID for the UE. Therefore, in the operation support system room that supports network slicing, security situation management and monitoring and early warning are required. Use various security probes and adopt standardized security equipment unified management and control interfaces to report security incidents, and use deep learning methods to sniff and detect attacks. At the same time, it can intelligently claim related security policy adjustments based on security threats, and distribute these policy adjustments to each security device, thereby building a secure protection system. In addition, in terms of orchestrator, orchestration determines the topology of the network/specific service, and also determines where to deploy security mechanisms and security strategies; the most basic security requirement of the management and orchestration process is to ensure that resources are shared between services Relevance and consistency; 5G systems need to provide adequate security guarantees during the re-arrangement process. As 5G will provide interfaces for functions such as mobility, session, QoS, and billing, it is convenient for third-party applications to independently complete basic network functions. ANO (Management and Orchestration) will also be opened, allowing third-party service providers to independently implement network deployment, update and expansion. However, compared with the existing relatively closed mobile communication system, if a 5G network has a trust problem during the open authorization process, a malicious third party will launch an attack on the network through the acquired network control capabilities, such as APT attacks, DDOS, and Worm. Malware attacks are larger and more frequent. Therefore, with the increase in the types of users (devices) and the introduction of network virtualization technology, the issue of trust among users, mobile network operators, and infrastructure providers is more complicated than in previous networks. At the same time, authentication and authorization are also required in terms of network external service interfaces, detection of conflict strategies, related authority control and security audits. In terms of key management, 5G has diversified key types due to its rich application scenarios: confidentiality/integrity protection keys for the control plane; confidentiality/integrity protection keys for the user user plane (here It is not available in the 4G system. The air interface and/or user plane encryption and integrity protection between the UE and the core network are provided on demand; the user protects the wireless communication terminal signaling and message transmission keys (provides air interface and NAS layer information). Encryption and integrity protection of commands); users support non-3GPP access keys; keys used to ensure the security of network slice communication; keys used to support backward compatibility with the LTE system, and so on. The new key supports hierarchical key derivation mechanisms, changes in authentication mechanisms, slice introduction, user plane integrity, etc. In terms of service-based network system (SBA), the network function is a combination of network elements in 4G, while in 5G it is a combination of business functions interacting through APIs. Services are defined as self-contained, reusable and independent management. Business decoupling facilitates rapid deployment and maintenance of the network, and modularization provides flexibility for network slicing; it is easier to call network services using the HTTP API interface. In fact, SBA has two network elements that directly serve network security: AUSF (Authentication Service Function) handles access authentication service requests; SEPP (Security Edge Protection Agent) provides applications for all service layer information interactions between operators’ networks Layer security protection. In order to meet the delay requirements of video services, VR/AR and the Internet of Vehicles, and to save network bandwidth, storage and content distribution need to be submerged to the access network. It is understood that the MEC server can be deployed after the network convergence node or in the base station, and the traffic will be able to complete the transmission between the client and the server in a shorter number of routes, thereby mitigating threats such as fraud and man-in-the-middle attacks. At the same time, MEC identifies services and users through deep packet analysis (DPI) of data packets, and performs differentiated wireless resource allocation and data packet delay guarantees. Therefore, the safety of MEC itself is particularly important. In addition, it is worth noting that the security mechanisms of SDN and NFV relying on physical boundary protection are difficult to apply under virtualization. It is necessary to consider the security isolation and management between the SDN control network element and the forwarding node in the 5G environment, as well as the secure deployment and correct execution of the SDN flow table. The Internet of Vehicles requires air interface delays as low as 1ms, while traditional authentication and encryption procedures and other protocols do not consider ultra-high reliability and low-latency communication scenarios. "To this end, it is necessary to simplify and optimize the management process of the original security context (including key and data bearing information), and support the protection of MEC and private data. Direct V2V requires rapid mutual authentication." Wu Hequan said. Generally, IoT terminals have limited resources, complex network environments, massive connections, and susceptibility to attacks. Security issues need to be paid attention to: if each message of each device needs to be authenticated separately, if the terminal signaling request exceeds the network processing capacity, it will be triggered Signaling storm, 5G requires a group authentication mechanism for mMTC; a lightweight security mechanism is required to ensure that mMTC does not increase excessive energy consumption in terms of security; an anti-DDOS attack mechanism is required to win more NO-IoT terminal attackers Hijack and use. Feature: mwh,ess container, bess, commercial battery, battery container,mega,megawatt Shenzhen Enershare Technology Co.,Ltd , https://www.enersharepower.com
1.Superior uniformity and EV grade safefty LFP battery ;
2.Customized modular and large-scale ESS solution;
3.Reliable safety design and remote real-time monitoring;
4.High cost effective and short delivery duration.