CN113518346A - System for protecting safety of 5G electric power slicing channel - Google Patents
System for protecting safety of 5G electric power slicing channel Download PDFInfo
- Publication number
- CN113518346A CN113518346A CN202110478137.8A CN202110478137A CN113518346A CN 113518346 A CN113518346 A CN 113518346A CN 202110478137 A CN202110478137 A CN 202110478137A CN 113518346 A CN113518346 A CN 113518346A
- Authority
- CN
- China
- Prior art keywords
- slice
- safety
- power
- security
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a system for protecting the safety of a 5G power slice channel, which comprises: the system comprises a power slice safety isolation system, an STU slice access authentication system, a slice interface safety management system, a power slice differentiation safety management system and a power slice intelligent safety management system. Based on the current 5G slicing technology, the invention has higher protection level and more flexibility compared with the traditional mobile communication network security mechanisms, such as terminal access authentication, user plane and signaling plane message encryption and protection, network domain security (IPSec), boundary firewall and other measures.
Description
Technical Field
The invention relates to the field of power systems and safety protection thereof, in particular to a system for protecting the safety of a 5G power slice channel.
Background
The 5G technology provides a network platform for transmitting video image multimedia information with high bandwidth and low time delay and accessing a high-capacity sensing terminal for communication operation and maintenance. At present, a great number of different communication protocols exist in power communication, and how to protect the investment of the past communication terminals in the 5G era is a very important topic for accessing the traditional power-related communication terminal equipment to the 5G communication service. However, the security problem based on network connection is increasingly highlighted while the transmission processing and circulation capability of the 5G communication service are improved. The traditional mobile communication network security mechanism includes terminal access authentication, encryption completion of user plane and signaling plane messages, network domain security (IPSec), boundary firewall and the like, and 5G slicing causes a great change in the traditional mobile communication network architecture and also causes a change in security requirements, as shown in fig. 1.
The existing slice channel safety protection can not meet the requirements of safety protection of users in multi-level Internet of things and vertical industries, and comprises UE user data plane data safety transmitted on 5G and the like. In addition, in the filed patent applications, among various network slice patent schemes such as that proposed by CN201910908850.4 (network slice resource adjustment method and system facing 5G environment), CN202010800606.9 (wireless communication network quality assessment method and apparatus based on network quality slice), only the implementation method of network slice is proposed, but the security protection method required by network slice is not mentioned.
Disclosure of Invention
Aiming at the current 5G slicing technology, the system has higher protection level and is more flexible compared with the traditional mobile communication network security mechanisms such as terminal access authentication, encryption completion of user plane and signaling plane messages, network domain security (IPSec), boundary firewall and other measures.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a system for protecting the safety of a 5G power slice channel is characterized by comprising: the system comprises a power slice safety isolation system, an STU slice access authentication system, a slice interface safety management system, a power slice differentiation safety management system and a power slice intelligent safety management system;
the power slice safety isolation system realizes the resource isolation of the 5G network element, and resources between different slices are shared independently and cannot be accessed to each other;
the STU slice access authentication system is used for judging that a user accessed to the 5G network is a legal user and judging that the STU accessed to the slice is a legally authorized slice user;
the slice interface safety management system carries out authentication of slice management user identity, data encryption, auditing/authorization of user data and online encryption of files;
the power slice differentiation safety management system provides customizable safety capacity according to different 5G user objects;
the intelligent security management system for the power slice can collect, analyze and identify network data, dynamically monitor network behaviors in real time, discover and capture various sensitive information and illegal behaviors, give an alarm in real time, and realize intelligent correlation analysis and evaluation of network information and accurate whole-course tracking and positioning of security events.
The power slice safety isolation system comprises:
the system comprises an interface circuit connected to a computer, a network card chip connected with the interface circuit, a switching control circuit for carrying out physical switching between an internal network and an external network, an EEPROM for storing starting configuration parameters of the network security isolator, and an independent slice control surface key for power slices through the derivation capability of a 5G core network control surface key, so as to realize slice signaling isolation on resource isolation.
The STU slice access authentication system is provided with an online holding module for holding the STU terminal online.
The slice interface safety management system comprises a safety access gateway system, an identity authentication system, a data encryption and decryption system and a centralized monitoring management system;
the data encryption and decryption system is used for segmenting original data into fixed block sizes to be encrypted and decrypted one by one; the centralized monitoring management system is used for the decentralized management of a system administrator, a security administrator and an audit administrator, the administrator adopts digital certificate authentication and manages and configures the gateway through an encryption channel, and the administrator can only log in the gateway through an authorized terminal to perform corresponding configuration operation.
The electric power section differentiation safety management system comprises: an acquisition module configured to collect information about the slices by big data mining; a classification module configured to obtain corresponding security requirements from the collected slice-related information; and the recommending module is configured to convert the slice safety requirements into safety control instructions and recommend corresponding differential management schemes for the safety functions and the strategies of the power slices.
The intelligent safety management system for the power slice comprises: the system comprises an artificial intelligence analysis module and an alarm module, wherein the artificial intelligence analysis module collects data related to safety in slices, processes the data related to safety, and discovers and captures various sensitive information and illegal behaviors; the alarm module is used for giving an alarm according to various sensitive information and illegal behaviors.
Compared with the prior art, the invention has the following advantages:
aiming at the current 5G slicing technology, compared with the traditional mobile communication network security mechanisms such as terminal access authentication, encryption and protection of user plane and signaling plane messages, network domain security (IPSec), boundary firewall and other measures, the protection level is higher and more flexible.
Drawings
FIG. 1 is a network slice security diagram;
FIG. 2 is a schematic structural diagram of a system for protecting the safety of a 5G power slice channel according to the present invention;
FIG. 3 is a schematic diagram of a power slice security isolation system network connection;
fig. 4 is a schematic diagram of a power slice differentiation security management system.
Detailed Description
The present invention will now be further described by way of the following detailed description of a preferred embodiment thereof, taken in conjunction with the accompanying drawings.
The system for protecting the security of the 5G power slice channel provided by the invention is shown in fig. 2, and the core idea is that the 5G slice ensures the security of the 5G power slice in an environment where the traditional mobile communication network architecture is changed greatly, and specifically comprises the following steps: the system comprises a power slice safety isolation system, an STU slice access authentication system, a slice interface safety management system, a power slice differentiation safety management system and a power slice intelligent safety management system.
The electric power slicing safety isolation system comprises: specifically, the resource isolation of the 5G network element is realized on a unified computing platform by means of technologies such as NFV, SDN and the like, and resources between different slices are shared independently and cannot be accessed to each other. If the security requirement of the power slice is high, the network elements in the power slice are deployed on independent physical resources through resource arrangement, and isolation is achieved on the physical resources. The system specifically comprises an interface circuit connected to a computer, a network card chip connected with the interface circuit, a network interface providing a 5G slice security isolator, a switching control circuit for physically switching between an internal network and an external network, and an EEPROM for storing starting configuration parameters of the network security isolator, wherein as shown in FIG. 3, an independent slice control surface key can be generated for a power slice through the derivation capability of a 5G core network control surface key, so that slice signaling isolation on resource isolation is realized, and slice security is further enhanced.
The STU slice access authentication system ensures that a user accessed to the 5G network is a legal user through STU network access authentication, can ensure that an STU terminal is permanently online and ensures that RRC connection is not released, and simultaneously ensures that the STUs accessed to the slice are legally authorized slice users through STU network access authentication. The specific slice access authentication is completed by the STU, the operator and the power slice tenant together, and the controllability of the power slice tenant on the use of slice resources is ensured. The STU is accessed to different base stations through an air interface dual-link or multi-card multi-standby technology to realize a reliable backup mechanism of the air interface link;
the slice interface safety management system calls authentication of a user of the slice management service, centralized discovery and authorization of the slice management service, and a service message transmission layer encryption integrity protection safety mechanism, and can ensure authenticity, confidentiality, integrity, anti-replay and the like of message transmission on the interface. The slice interface safety management system can carry out authentication of slice management user identity, data encryption, auditing/authorization of user data and online encryption of files, is provided with a VPN gateway access service layer and comprises a safety access gateway system functional component, an identity authentication system functional component, a data encryption and decryption functional component and a centralized monitoring management user logic functional component, and the functional components are communicated through a high-speed message bus to realize various safety services.
The slice interface security management system comprises: the system comprises a security access gateway system, an identity authentication system, a data encryption and decryption system and a centralized monitoring management system.
The security access gateway system simultaneously supports a national secret algorithm and a commercial secret algorithm, provides technologies of preventing man-in-the-middle attacks and the like, and effectively protects the security of the link tunnel.
The identity authentication system not only comprises traditional short message authentication, fingerprint authentication and AD domain authentication, but also innovatively provides an authentication mode of a mobile token, and can add a soft token authentication or scanning authentication mode on the basis of the password authentication of the original business application account of a client to form multi-factor authentication and improve identity security.
The data encryption and decryption system can encrypt the original data by dividing the original data into fixed block sizes one by one
The centralized monitoring management system realizes the authority-sharing management of a system administrator, a safety administrator and an auditing administrator; the administrator adopts the digital certificate to authenticate and manages and configures the SSL VPN gateway through the encryption channel, and the administrator can only log in the SSL VPN gateway through an authorized terminal to perform corresponding configuration operation.
The power slice differentiation security management system provides customizable security capability according to different objects, including security configuration, encryption integrity algorithm and key length of devices in the slice, and a programmable security resource pool, such as DDoS (distributed denial of service) resistance capability, IDS (IDS) and the like. The power management system sends a safety requirement to the slice manager, and the safety manager converts the safety requirement into a safety control instruction and configures a safety function and a strategy for the power slice. As shown in fig. 4, the power slice differentiation security management system includes an acquisition module: configured to collect relevant information of the slices by big data mining; a classification module configured to obtain corresponding security requirements from the collected slice-related information; and the recommending module is configured to convert the slice safety requirements into safety control instructions and recommend corresponding differential management schemes for the safety functions and the strategies of the power slices.
The intelligent power slice safety management system introduces the safety threat of intelligent safety management power slices, and the specific flow is that a safety manager collects data related to safety in the slices, then analyzes the data by means of an artificial intelligence algorithm, finds an attack mode, sends out a threat alarm, and can automatically generate a safety control strategy to prevent attacks. The intelligent security management system for the power slice can collect, analyze and identify network data, dynamically monitor network behaviors in real time, discover and capture various sensitive information and illegal behaviors, give an alarm in real time, realize intelligent correlation analysis and evaluation of network information and accurate whole-course tracking and positioning of security events, and provide authoritative and reliable support for formulating the whole network security policy.
In summary, the system for protecting the security of the 5G power slice channel of the present invention is directed to the current 5G slice technology, and has a higher protection level and more flexibility compared to the conventional mobile communication network security mechanisms, such as terminal access authentication, encryption completion of user plane and signaling plane messages, network domain security (IPSec), and border firewall.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.
Claims (6)
1. A system for protecting the safety of a 5G power slice channel comprises: the system comprises a power slice safety isolation system, an STU slice access authentication system, a slice interface safety management system, a power slice differentiation safety management system and a power slice intelligent safety management system;
the power slice safety isolation system realizes the resource isolation of the 5G network element, and resources between different slices are shared independently and cannot be accessed to each other;
the STU slice access authentication system is used for judging that a user accessed to the 5G network is a legal user and judging that the STU accessed to the slice is a legally authorized slice user;
the slice interface safety management system carries out authentication of slice management user identity, data encryption, auditing/authorization of user data and online encryption of files;
the power slice differentiation safety management system provides customizable safety capacity according to different 5G user objects;
the intelligent security management system for the power slice can collect, analyze and identify network data, dynamically monitor network behaviors in real time, discover and capture various sensitive information and illegal behaviors, give an alarm in real time, and realize intelligent correlation analysis and evaluation of network information and accurate whole-course tracking and positioning of security events.
2. The system for protecting 5G power slice channel security of claim 1, wherein the power slice security isolation system comprises:
the system comprises an interface circuit connected to a computer, a network card chip connected with the interface circuit, a switching control circuit for carrying out physical switching between an internal network and an external network, an EEPROM for storing starting configuration parameters of the network security isolator, and an independent slice control surface key for power slices through the derivation capability of a 5G core network control surface key, so as to realize slice signaling isolation on resource isolation.
3. The system for protecting 5G power slice channel security of claim 1, wherein the STU slice access authentication system is provided with an online holding module for holding the STU terminal online.
4. The system for protecting 5G power slice channel security of claim 1, wherein the slice interface security management system comprises a security access gateway system, an identity authentication system, a data encryption and decryption system and a centralized monitoring management system;
the data encryption and decryption system is used for segmenting original data into fixed block sizes to be encrypted and decrypted one by one; the centralized monitoring management system is used for the decentralized management of a system administrator, a security administrator and an audit administrator, the administrator adopts digital certificate authentication and manages and configures the gateway through an encryption channel, and the administrator can only log in the gateway through an authorized terminal to perform corresponding configuration operation.
5. The system for protecting 5G power slice channel security of claim 1, wherein the power slice differentiation security management system comprises: an acquisition module configured to collect information about the slices by big data mining; a classification module configured to obtain corresponding security requirements from the collected slice-related information; and the recommending module is configured to convert the slice safety requirements into safety control instructions and recommend corresponding differential management schemes for the safety functions and the strategies of the power slices.
6. The system for protecting 5G power slice channel security of claim 1, wherein the power slice intelligent security management system comprises: the system comprises an artificial intelligence analysis module and an alarm module, wherein the artificial intelligence analysis module collects data related to safety in slices, processes the data related to safety, and discovers and captures various sensitive information and illegal behaviors; the alarm module is used for giving an alarm according to various sensitive information and illegal behaviors.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110478137.8A CN113518346A (en) | 2021-04-29 | 2021-04-29 | System for protecting safety of 5G electric power slicing channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110478137.8A CN113518346A (en) | 2021-04-29 | 2021-04-29 | System for protecting safety of 5G electric power slicing channel |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113518346A true CN113518346A (en) | 2021-10-19 |
Family
ID=78063637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110478137.8A Pending CN113518346A (en) | 2021-04-29 | 2021-04-29 | System for protecting safety of 5G electric power slicing channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113518346A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180084427A1 (en) * | 2016-09-16 | 2018-03-22 | Zte Corporation | Security features in next generation networks |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN111131258A (en) * | 2019-12-26 | 2020-05-08 | 中移(成都)信息通信科技有限公司 | Safe private network architecture system based on 5G network slice |
-
2021
- 2021-04-29 CN CN202110478137.8A patent/CN113518346A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180084427A1 (en) * | 2016-09-16 | 2018-03-22 | Zte Corporation | Security features in next generation networks |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN111131258A (en) * | 2019-12-26 | 2020-05-08 | 中移(成都)信息通信科技有限公司 | Safe private network architecture system based on 5G network slice |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liu et al. | A survey: Typical security issues of software-defined networking | |
| CN114302402B (en) | 5G-based power regulation and control service safety communication method | |
| Gupta et al. | Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks | |
| CN112491788B (en) | Security cloud proxy service platform, implementation method and Internet of things system | |
| CN115150208B (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN108712364B (en) | Security defense system and method for SDN (software defined network) | |
| CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
| Lei et al. | SecWIR: Securing smart home IoT communications via wi-fi routers with embedded intelligence | |
| Park et al. | Session management for security systems in 5g standalone network | |
| Kamel et al. | A proposed model of IoT security management system based on a study of internet of things (IoT) security | |
| Kolisnyk et al. | Investigation of the smart business center for IoT systems availability considering attacks on the router | |
| Lovinger et al. | Detection of wireless fake access points | |
| Gorrepati et al. | Privacy protection in LTE and 5G networks | |
| CN117061556B (en) | Remote operation and maintenance safety protection device for power monitoring system | |
| Ugwuanyi et al. | Security analysis of IoT networks and platforms | |
| KR20130085473A (en) | Encryption system for intrusion detection system of cloud computing service | |
| US20070232316A1 (en) | System and method for secure network browsing | |
| CN116684875A (en) | Communication security authentication method for electric power 5G network slice | |
| CN113518346A (en) | System for protecting safety of 5G electric power slicing channel | |
| Metwally et al. | Detecting semantic social engineering attack in the context of information security | |
| Chitre et al. | Analysis and evaluation of security and privacy threats in high speed communication network | |
| CN116074028A (en) | Access control method, device and system for encrypted traffic | |
| AlAali et al. | Cybersecurity Threats and Solutions of IoT Network Layer | |
| Wells | Better practices for IoT smart home security | |
| Islam et al. | Security enhancement of d2d communication based on handshaking mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |