A Composable Multifactor Identity Authentication and Authorization Scheme for 5G Services

The fifth-generation (5G) mobile communication technology has already deployed commercially and become a global research focus. The new features of 5G include unlimited information exchange, a large variety of connections with independent energy, and diversified high transmission rate services. Collective synergy of services is expected to change the way of life and future generations and introduce new converged services to the ICT industry. Different application services have to meet differentiated security demands. From the perspective of security, in order to support the multiservice of 5G services, it is necessary to consider the new security mechanism driven by the service. Based on 5G massive data stream, the 5G system can provide customized real-world services for potential users and reduce the user experience gap in different scenarios. However, 3GPP Extensible Authentication Protocol (EAP), which is the present entity authentication mechanism for the 5G service layer, is only an individual authentication architecture and unable to fulfill the flexible security objectives of differentiated services. In this paper, we present a new hierarchical identity management framework as well as an adaptable and composable three-factor authentication and session key agreement protocol for different applications in 5G multiservice systems. Finally, we propose an authorization process by combining with the proposed three-factor authentication mechanism and Service-Based Architecture (SBA) proposed by the 3GPP committee. The proposed mechanism can concurrently provide diverse identity authentication schemes corresponding to four different security levels by easily splitting or assembling three-factor authentication protocol blocks. The proposed scheme can be simultaneously applied to a variety of applications to improve the efficiency and quality of service and reduce the complexity of the whole 5G multiservice system, instead of designing or adopting several different authentication protocols. The performance evaluation results indicate that the proposed scheme can guarantee the multiple security of the system with ideal efficiency.