The fifth-generation (5G) mobile communication technology has already deployed commercially and become a global research focus. The new features of 5G include unlimited information exchange, a large variety of connections with independent energy, and diversified high transmission rate services. Collective synergy of services is expected to change the way of life and future generations and introduce new converged services to the ICT industry. Different application services have to meet differentiated security demands. From the perspective of security, in order to support the multiservice of 5G services, it is necessary to consider the new security mechanism driven by the service. Based on 5G massive data stream, the 5G system can provide customized real-world services for potential users and reduce the user experience gap in different scenarios. However, 3GPP Extensible Authentication Protocol (EAP), which is the present entity authentication mechanism for the 5G service layer, is only an individual authentication architecture and unable to fulfill the flexible security objectives of differentiated services. In this paper, we present a new hierarchical identity management framework as well as an adaptable and composable three-factor authentication and session key agreement protocol for different applications in 5G multiservice systems. Finally, we propose an authorization process by combining with the proposed three-factor authentication mechanism and Service-Based Architecture (SBA) proposed by the 3GPP committee. The proposed mechanism can concurrently provide diverse identity authentication schemes corresponding to four different security levels by easily splitting or assembling three-factor authentication protocol blocks. The proposed scheme can be simultaneously applied to a variety of applications to improve the efficiency and quality of service and reduce the complexity of the whole 5G multiservice system, instead of designing or adopting several different authentication protocols. The performance evaluation results indicate that the proposed scheme can guarantee the multiple security of the system with ideal efficiency.

1. Introduction

At present, the global 5th generation mobile communication technology (5G) commercial development has begun to take shape and been recognized as main supporting technologies of mobile networks. It has become the focus of global mobile communication research and technology competition. Compared with the existing 4G network, 5G network aims to provide high quality and reliable services such as higher data rate, ultralower latency, massive connectivity, high energy efficiency, and accurate quality of experience (QoE) [1]. The 5G network can realize more kinds of dynamic customization and scalable network services by adopting software-defined network (SDN) and network function virtualization (NFV) technologies. Due to its powerful bandwidth and service capability, a significant number of new applications are introduced into the 5G network platform, such as augmented reality, multimedia video business, mobile industrial internet, autonomous driving, and mobile electronic health services.

There are new security requirements and challenges in 5G, so it is not enough to provide the traditional security mechanism. 5G network will support massive smart devices and various forms of terminals; thus, 5G network is driven to introduce new identity management methods. The generation, distribution, and other lifecycle management of users’ identification involved in the identity management method will change [2].

The growing demand for diversified applications has brought about widely different services, as well as security issues such as service authentication. Moreover, due to the openness of services, a variety of different mobile terminals need to be connected to the 5G network, which also raises corresponding security trust issues and attacks [3, 4]. In diverse application scenarios, different kinds of terminals have different security demands. For example, large-scale machine-type communication (MTC) devices need lightweight security mechanisms to adapt to low energy storage; meanwhile, high-speed mobile services need more efficient and secure authentication schemes, and video services need to meet the security requirements of low latency and high reliability. If the same security scheme is used for differentiated applications, it may seriously affect the user’s service experience. The 5G intelligent computing technology, which is user centric, reconfigures the appropriate security scheme after collecting user and scene data, so as to provide better services. It is significant to provide hierarchical security protection for different services in order to better provide security services for the vertical industry. In the traditional networks, multiservice system adopts different authentication schemes for different kinds of terminals, which increases the complexity of the system and reduces the quality of user experience. According to the current 3GPP standard [5], 5G employs Extensible Authentication Protocol (EAP) to realize the entity identity authentication for third-party services and applications, yet EAP is an identity authentication architecture that can merely adopt unitary authentication schemes such as symmetric key cryptography or digital certificate system alone. Diverse services and applications in EAP adopt a variety of independent authentication mechanisms, which cannot support differentiated and adventurous 5G services. Consequently, a flexible and secure composable authentication and service authorization framework is urgently needed to provide comprehensive and fine-grained entity trusted security support for the vertical industry in the 5G network.

In this paper, we design a new flexible and composable multifactor authentication and session key agreement protocol under a diversified identity management architecture in 5G multiservice systems and finally give an authorization process based on the 5G unified authentication and service authorization framework. In our scheme, a new diversified identity, which includes the security levels of services and applications, is assigned by the 5G Network Repository Function (NRF) and deployed to 5G user equipment (UE) in the initial stages. Subsequently, the biometrics and password are employed in conjunction with the smart card to construct the multifactor service authentication and session key agreement protocol, which can be separated or combined according to 4 different security levels or requirements. Finally, the improved service authorization process based on the 5G service architecture is executed to provide required services for users. Without the separate implementation of different identity authentication protocols, this scheme can greatly improve the quality of service of users and reduce the complexity of the whole 5G multiservice system.

The main contributions of the paper are threefold. (1) A hierarchical identification data structure for the 5G application layer is designed. (2) A composable and potent multifactor service authentication and session key agreement protocol is proposed, which provides 4 grades of security levels of authentication. Furthermore, the proposed protocol is not the simple combination of three authentication factors but flexibly integrates them to ensure the security and the feasibility of the 5G service system. (3) We give an authorization process based on the proposed authentication mechanism and SBA architecture. (4) The BAN logic and the formal verification tool, Scyther tool, have been employed to prove that the proposed scheme can achieve multiple security functions and resist attacks.

Compared with the conference version [6], which barely proposed a conceptual classified mutual authentication scheme without high efficiency, formal security analysis, or detailed performance evaluation in the 5G multiservice system, we optimize the multifactor authentication scheme and provide key agreement and service authorization protocol in new design. Moreover, the formal analysis including BAN logic and CK model security analysis are employed to verify the scheme security. Then, we evaluate the computational cost, communication cost, and storage cost of our proposed scheme by comparing it with the typical EAP protocol based on the NIST standard and show the protocol performance under unknown attacks.

The rest of the paper is organized as follows. In Section 2, we investigate the related work. Section 3 introduces the biometric authentication fuzzy extractor function. Section 4 presents the security and network model. Section 5 details the processes of the proposed scheme. The security and performance analysis are revealed in Section 6 and Section 7, respectively. Finally, Section 8 summarizes the paper.

The research works on the network entity authentication and process for services and applications in 4G/5G networks [7, 8] were very lacking. Shin and Kwon [9] proposed an anonymous three-factor authentication and access control scheme for real-time applications in WSNs. However, the scheme is liable to user collusion and desynchronization attacks. Ni et al. [8] designed a service-oriented anonymous authentication mechanism for enabling 5G IoT. In the scheme, an anonymous authenticated key agreement mechanism is proposed to ensure the secure connection and authentication for IoT devices and will not disclose user privacy. However, both of the schemes in [7, 8] employ the complex public key cryptosystem to design the related protocol and only achieve the single authentication method, which is not fit for 5G multiservice systems. Due to the introduction of the IoT service, users can also interactively control other devices in the 5G network, such as controlling the startup of the home appliance in the smart home scenario, so stricter authentication methods, such as biometric authentication, are required to ensure that the identity is true. Besides, there are a large number of authentication schemes based on the same authentication factors proposed in [1014]. These schemes can achieve efficient and high-strength entity authentication, but cannot complete dynamic multifactor authentication which can adjust the security strength in the 5G multiservice network. Furthermore, some authentication mechanisms for the multiserver environment have been proposed in [15, 16]. Huang et al. [15] proposed a robust multifactor authentication protocol for fragile communications which can be separated to finish dynamical authentication. However, this scheme can only discuss two stand-alone schemes but cannot be composable or achieve the mutual authentication. Liao and Wang [16] proposed a dynamic ID-based remote user authentication scheme based on the smart card and password for the multiserver architecture. This scheme can achieve the mutual authentication and key agreement between the user and server by the use of hash function. However, Li et al. [17] pointed out that the scheme [16] is vulnerable to masquerade attacks.

3. Preliminary

Biometrics with certain probability distribution characteristics such as facial recognition are not completely random and limited. In order to protect the user’s biometric data and privacy, biometrics cannot be stored on the remote server and must be fuzzed. Fuzzy extractor can compact a pseudo-random eigenvalue string from a low-entropy string and is generally used to extract and recover secret features from biometrics. Based on the definition in [18], a fuzzy extractor can be described as a quintuple of including the following functions.

3.1. Metric Space

It is a set with a distance function : . The function is a measure of the difference between two variables, for example, Hamming distance.

3.2. Min Entropy

is the minimum-case entropy of a random variable A.

3.3. Statistic Distance

The statistical distance between two probability distributions and is defined as .

3.4. Fuzzy Extractor

A fuzzy extractor is represented as a quintuple of including a pair of procedures, “generate” (Gen) and “reproduce” (Rep).(1)The probabilistic generation procedure isAny input is a low-entropy string. In the output pair, is called as a characteristic string, and is an auxiliary string. For any distribution on of min-entropy , the string is nearly random even for those who observe : if ; then, we have SD , where represents the uniform distribution on bit binary strings.(2)The deterministic reproduction procedure isFor all , if and , the fuzzy extractor can recover the pseudo-random string from by computing .

Thus, fuzzy extractors are capable of extracting pseudo-random string from a low-entropy string such as biometrics and then reproduce from any string extremely similar to with the unclassified auxiliary string .

4. System and Security Model

4.1. Network Model

5G network needs to establish different trust models according to the characteristics of different services and provide flexible management modes according to the demands of industry users. Operators already have relatively complete security capabilities, such as authentication, ID management, and key management. In order to reduce operating and maintenance costs, vertical industries can entrust service authentication to operators. Operators can perform network and service authentication in a unified manner to achieve direct network access to multiple services. The authentication capability of the operator not only greatly facilitates the user but also provides a vertical industry as a value-added service to help it rapidly deploy the service.

Based on the principle of the service center, the 3GPP committee has designed a new 5G service secure architecture which describes the authentication and authorization of 5G services and applications: Service-Based Architecture (SBA) [19], as shown in Figure 1. There are 3 roles of the 5G SBA authentication and authorization framework including user equipment (UE), network repository function (NRF), and network function (NF) service producer. PLMN and gNB in Figure 1 are the public land mobile network and 5G base station, respectively.

The NF service producers are various 5G vertical service providers. The entity user that owns a UE obtains NF service producers’ 5G services through NRF. Users can subscribe to a variety of services provided by service providers according to users’ needs. NRF is located in the 5G core network, which is responsible for the discovery and selection of network functions, and provides appropriate peer-to-peer services for UE. As a 5G service configuration management server, NRF is able to support the mutual authentication and service authorization between UEs and NF service producers. EAP [5] is the identity authentication architecture proposed by the 3GPP committee to realize the user application layer authentication, which is compatible with a series of authentication protocols such as EAP-AKA [20] and EAP-TLS [21] in diverse application scenarios.

4.2. Security Model

The authentication architecture of the proposed protocol includes 3 participants: the 5G entity user , the 5G UE owned by a 5G entity , and the service configuration management server NRF who supports authentication. In a basic CK-adversary model [22], the air interface channel between a UE and the NRF is public and unsecure, where a probabilistic polynomial-time (PPT) attacker can monitor, tamper, and forge any wireless transmission of messages between 5G UEs and the NRF. Other than the basic adversary capabilities, may collect the secret information stored in the UE’s memory and NRF’s database via explicit attacks. The security attacks are divided into three categories according to the type of information mastered by the adversary. We assume that the secure connection between the NRF and service producers has been established and is not within the scope of our scheme. The authentication framework and system secure model is as shown in Figure 2.

The design objective of this scheme is to achieve the composable and secure multifactor authentication for differentiated services and applications in the 5G network. The goal includes the following secure functions and capabilities:(i)Multifactor authentication: to meet different security demands of various services, the mechanism should be able to easily combine multiple authentication factors to increase the security strength of the authentication protocol. Considering the convenience of 5G users, this scheme is mainly made up of password, smart card, and biometric authentication technology to accomplish multifactor authentication.(ii)Composable authentication: considering the complexity of the system, the scheme should be an authentication protocol which can be divided into several blocks and flexibly combined to achieve different security strengths and goals. Without multiple authentication protocols, only a common authentication architecture does not affect the integrity of the protocol.(iii)Efficient differentiated-service authentication: aimed at the differences in services over the 5G network, the proposed scheme can accommodate to multiservice authentication by splitting and assembling the authentication procedures. The flexible and composable authentication mechanism can largely improve the efficiency and quality of service. Aiming at the difference of applications in the 5G network, the scheme can adapt to multi-service authentication by separating and composing the authentication process. The flexible and fine-grained authentication mechanism could greatly increase the efficiency and quality of 5G service.(iv)Session key agreement: to ensure the security of the subsequent communication process, the proposed scheme should negotiate a secret session key between the UE and the NRF to encrypt and protect the integrity of the communication information.(v)Service authorization: after the successful authentication between the UE and NRF, users access resources and obtain services by means of legitimate NRF authorization. Depending on the authorized credential, the service providers deal with the service request and supply services to UE securely.(vi)Withstanding existing protocol attacks: the proposed scheme should withstand the existing protocol attacks such as replay attack, MitM attack, and forgery attack.

5. The Proposed Authentication Scheme

This section introduces a new 5G hierarchical identity management mechanism, a flexible and composable three-factor authentication and session key agreement protocol, and a service authorization scheme for differentiated services in the 5G application system.

5.1. Security Assumptions

Without loss of generality, the following security assumptions are proposed for the authentication model:(1)In this scheme, some measures will be taken by the authentication server to prevent the dictionary attack and guessing the password of a valid user.(2)When the 5G user uses a UE, all security-related operations are implemented in the trusted execution environment [23]. Thus, the communication between the smart card function calculation such as the fuzzy extractor is secure and cannot be monitored.(3)In the registration phase, the UE can distinguish the right NRF, and the secret information is transmitted through a trusted channel.

5.2. 5G Diversified Identity Management Mechanism

In order to adapt to differentiated applications in the 5G network, a new 5G diversified identity management framework is proposed. As shown in Figure 3, the 5G identity model includes three data blocks: physical identification, functional identification, and security level.(i)Physical identification: the physical identification generated by the equipment manufacturer or operators satisfies the characteristic of global or network uniqueness. It represents the unique identification of a device, such as the UE’s international device identification (IMEI) or the user’s ID number.(ii)Function identification: function identification is generated by telecom operators and application service providers, which points to specific services or applications that users can access. Since a device can have multiple different service resources, a physical ID can be related with several functional IDs. Function codes indicate the service authority of a user and can be changed and adjusted quickly and flexibly.(iii)Security level: each function identification can be nominated with only one security level which shows the security requirements of functional services. According to the security requirements of service providers, we divide services or applications into four security levels: followed by low to high, which will lead to single-factor, two-factor, and three-factor authentication protocol, respectively. Among them, 1 and 2 represent the same security strength because both of them can trigger two-factor authentication, but the authentication factors are different. For different security levels, the differentiated authentication subprotocol between UE and application server will be adopted. Ordinarily, browsing public web pages belongs to security level 0, while high-risk e-health services belong to security level 3. Service providers should demarcate security levels for services according to their defined security rules or authentication requirements.

5.3. Flexible and Composable Three-Factor Authentication Mechanism for Different Applications

This section proposes an entity authentication mechanism in the 5G multiservice system. In this scheme, the service authentication protocol can be implemented in the form of a subprotocol according to several security levels. The proposed scheme consists of the following five phases: initialization, registration, authentication, session key agreement, and biometrics and password updating, which are described in detail as follows. The notations used in our proposed scheme are shown in Table 1.

5.3.1. Initialization

Based on a system security parameter , the authentication server generates a symmetric key for authentication and a public-private key pair for authorization. And the generates an elliptic curve shared between the and the user ’s smart card for session key agreement.(1) implements public key generation algorithm to obtain a pair (2) runs symmetric key generation algorithm to obtain (3) calculates the base point on the elliptic curve , and is the order of

The parameter is public, and the secret parameter is kept secret by the .

5.3.2. Registration

The registration process consists of the following steps:(1)Biometrics registration:(i) generates with the security level designed in Section 5.2 and notifies it to user .(ii)User collects the biometric data in his device UE, and a pair is generated by ’s biometric template . Algorithm is defined as the fuzzy extractor generation as shown in Section 3. .(iii) extracts key and sends to .(iv)After receiving , chooses a random number and encrypts with by using the symmetric key encryption algorithm ., where is used for integrity detection. And .(v) sets and , where is the reproduction algorithm in the fuzzy extractor.(2)Password registration:(i) chooses two new random numbers and calculates and as follows:(ii) sets .(3)Smart card registration:(i)A smart card is sent to user containing , , elliptic curve , and its base point securely. Here, according to the 3GPP 5G standard [19], the smart card such as USIM has been deployed in a trust execution environment on each 5G device. Thus, the 5G device only requires to keep and in secret in the smart card which are sent by .(ii)User encrypts with and stores it in .(iii)Upon receiving, user inputs his random password . Then, the device generates a random number and computes to replace the local old .

Finally, user keeps and password securely. also stores in its database and erases and .

5.3.3. Authentication

Firstly, user inserts the smart card and tries to request service. User sends the service request message including the predefined identity with the service security level. Upon the receipt of the message, the authentication server verifies if the identity is valid and checks the security level of to ensure user’s access rights. Here, and are represented as the collected password and biometrics during each authentication process, respectively. According to different security levels, different mutual authentication processes are executed in detail as shown in Algorithm 1.

Require: the user identity ; the password ; the biometric data ; the smart card.
Ensure: authentication result: 0 for failure; 1 for success.
(1): 5G user sends a service request message including and security level of the access service read from the smart card.
(2): checks the highest security level in the service request message. If, then
Output 1 and Terminate the authentication process.
Else if, then go to Step 3.
Else if, then go to Step 8.
Else if, then go to Step 3.
sends an attach response to notify .
(3)5G user chooses a new random number and sends to .
(4)Upon the receipt of the message, works as follows.
(i)If the timestamp is invalid, Output 0. Else, go ahead.
(ii) Search by in the database and decrypt with to obtain .
(iii) Generate a new random number and compute and .
(iv) Send to user .
(5)Upon the receipt of the message, works as follows.
(i)If the timestamp is invalid, Output 0. Else, go ahead.
(ii) Compute and .
(iii) Decrypt with to obtain .
(iv) Compute . If the equation is established, then go ahead. Else, Output 0.
(v) Compute and send to .
(6)Upon the receipt of the message, works as follows.
(i)If the timestamp is invalid, Output 0. Else, go ahead.
(ii) Verify . If it is, then go ahead. Else, Output 0.
(7)If, then output 1. Else, if, go ahead.
(8) computes and sends to .
(9)Upon the receipt of the message, works as follows.
(i)If the timestamp is invalid, Output 0. Else, go ahead.
(ii) Compute .
(iii) Verify . If the equation is established, go ahead. Else, Output 0.
(iv) Generate new numbers and calculate and .
(v) Calculate and .
(vi) Send to .
(10)Upon the receipt of the message, works as follows.
(i)If the timestamp is invalid, Output 0. Else, go ahead.
(ii) Calculate and
(iii). If the two equations are established, then go ahead. Else, Output 0.
 Generate and .
(iv) Replace with . Output 1.

According to the implementation method of the authentication protocol, the authentication protocol is able to divide into four protocol blocks: no authentication (attach request phase), biometrics and smart card-based authentication (biometrics authentication phase), password and smart card-based authentication (password authentication phase), and password and biometrics and smart card-based authentication which is the entire protocol as shown in Figure 4. When the service security level , for example, the user wants to skim some public information without any privacy or sensitive data; he only needs to read his identity from the smart card and runs in two steps without any authentication. From a user experience perspective, the biometric authentication is more convenient than the password authentication for 5G users. Thus, the biometrics authentication phase and the password authentication phase are designed for the service security level and , respectively. The user must implement all of the protocol blocks for the highest security level . The proposed authentication protocol can be adopted dynamically by composing some protocol blocks and steps to balance the efficiency and security.

5.3.4. Session Key Agreement

In the subsequent authorization of NF service access processes, user and need to negotiate a session key to securely communicate with each other. The session key agreement process is executed after a successful authentication and based on the elliptic curve Diffie–Hellman (ECDH) protocol. The session key agreement is described in Algorithm 2.

Require: the user identity ; the password ; the biometric data ; the smart card.
Ensure: agreement result: .
(1) executes the following commands.
(i) Check the highest security level in the authentication process. If, then Output 1, and Terminate the process. Else, go ahead.
(ii) Choose random number .
(iii) Compute the secret auxiliary message
If, then set
If, then set
If, then set
(iv) Calculate .
(v) Send to .
(2)Upon the receipt of the message, works as follows.
(i) Choose random number .
(ii) Compute the secret auxiliary message .
If, then sets
If, then sets
If, then sets
(iii) Calculate .
(iv) Calculate .
(v) Send to .
(3)Upon the receipt of the message, works as follows.
(i) Calculate .
(ii) Decrypt with . And if the decryption is , confirms success.
(iii) Send to .
(4) decrypts with . And if the decryption is , confirms success, and the process terminates.

In this phase, when , and user can derive and , respectively, since

5.3.5. Biometrics and Password Updating

To avoid the attacker who obtains only one of the valid features (biometrics or password) distorting the information maliciously, we suppose that the biometrics and password update phase are implemented after the successful and complete authentication (). Users select the following phases to update the biometrics and password.

(1) Biometrics Update Phase. The user who wants to update the biometrics needs to perform a complete authentication protocol and executes some steps similar to biometrics registration. The biometrics update phase is described in Algorithm 3.

Require: the user identity ; the password ; the biometric data ; the smart card.
Ensure: update the result: 0 for failure; 1 for success.
(1) and user execute the mutual authentication process. The security level is set to 3. If the authentication failed, Output 0. Otherwise, go ahead.
(2)User works as follows.
(i) Input new biometric data as same as those in the biometrics registration phase. The trusted device generates a new pair .
(ii) Calculate new .
(iii) Send , biometrics update request to .
(3)Upon the receipt of the message, works as follows.
(i) Choose a new number and encrypt with by using .
(ii) Calculate and .
(iii) Set and
(iv) Store in its database.
(v) Send to .
(4)After receiving the message, encrypts with and stores in the smart card. And Output 1.

(2) Password Update Phase. To improve system security, the users are advised to change the password on a frequent basis. Likewise, the password updating phase begins with an authentication process but is slightly different from the password registration. The password update phase is described in Algorithm 4.

Require: the user identity ; the password ; the biometric data ; the smart card.
Ensure: update the result: 0 for failure; 1 for success.
(1) and user execute the mutual authentication process. The security level is set to 3. If authentication failed, Output 0. Otherwise, go ahead.
(2)User works as follows.
(i) Choose a new password , and the smart card generates new to compute .
(ii) Send , password update request to .
(3)Upon the receipt of the message, works as follows.
(i) Derive from .
(ii) Choose as well as , and calculate .
(iii) Calculate .
(iv) Send to .
(4)Upon the receipt of the message, computes .
(5) and store , , and to replace the old information. And Output 1.
5.4. Authorization Scheme of NF Service Access

According to the 3GPP 5G service authentication and authorization architecture, Service-Based Architecture (SBA), we design a new authorization scheme for the 5G multiservice system, which is described in Algorithm 5.

Require: the user identity ; the session key ; the smart card .
Ensure: authorization result: 0 for failure; 1for success.
(1)If user holds a valid token for his desirable service, then go to Step 5. Otherwise, go ahead.
(2)User and execute the proposed authentication mechanism as mentioned above. If the authentication failed or key agreement failed, Output 0. Otherwise, go ahead.
(3)User sends the service authorization request .
(4)Upon the receipt of the message, works as follows.
(i) Confirm of the service authorization request is less than in the authentication process. If of the service authorization request is bigger than in the authentication process, then go to Step 2. Else, go ahead.
(ii) Generate .
(iii) Send to user (the message is not encrypted when ). Suppose that has told the session key between and securely after the NF discovery process described in [24] is executed.
(5)User sends to the service producer .
(6) verifies through . If the validation failed, Output 0. Otherwise, go ahead.
(7) informs the verification result to the service producer .
(8) sends a service response to and executes requested services if the token has been successfully verified. Output 1.

The authorization process is shown in Figure 5. The validity parameter in is associated with the service security level , which is set up by the service producer in advance.

6. Security Analysis

Our proposed scheme can provide the following security objectives.

6.1. Protocol Verification
6.1.1. Authentication of to

When service , verified the legal user by computing if the challenge response result is . The attacker cannot extract correct and decrypt in the smart card . Therefore, the attacker is not able to derive the correct without or . When the security level is 2, verifies if . As a result of ,