Page 386 - 5G Basics - Core Network Aspects
P. 386
1 Core network aspects
10.3.2 Authentication
Authentication protects the identities of communicating entities (e.g., person, device, service or application),
and provides assurance that an entity is not attempting a masquerade or unauthorized access by replaying a
previous legal communication. Unauthorized access to the access networks or to the streaming service
breaks the authentication measurements previously taken. For example, unauthorized users may intercept
subscribers' registration information from the communication link to then gain access to the access
network(s).
In multiple access networks, each of them is required to fulfil the authentication of the terminals and their
users. The process is complicated and impacts the user experience, but decreases the risk of disclosure to
the subscribers' authentication information. Therefore, SSO or a unified registration mechanism can
optionally be introduced to simplify the authentication process, as well as to improve the subscribers'
experience and their security.
10.3.3 Non-repudiation
Non-repudiation prevents an individual or an entity from denying that she or he has performed a particular
action. For example, subscribers subscribe to a service, but afterwards denied that they subscribed to the
service.
In multiple access networks, subscribers' request information can be transmitted through different access
networks. Since different reliability exists in different networks, subscribers' request information may be lost
during its transmission and/or retransmission. Therefore, it is recommended that MC-Streaming record
users' operations and ensure that key requested operations (e.g., service subscription, programmes to
purchase, etc.) be neither lost, nor denied by the subscribers themselves.
10.3.4 Data security
Data security includes data confidentiality, data integrity and privacy, etc.
Data confidentiality means to protect data from unauthorized disclosure. It ensures that the data content
cannot be understood by unauthorized entities. Unauthorized access to sensitive data will break the
confidentiality.
Data integrity ensures the correctness or accuracy of data, and protects against unauthorized modification,
deletion, creation and duplication, etc. The unauthorized tampering with sensitive data will break the
integrity.
Privacy security provides the protection of information such as a user's geographic location, IP addresses, the
contents that a user has visited, and the DNS names of devices in a service provider network.
In multiple access networks, the authentication information from multiple access networks is sensitive and
confidential. Once they are stolen and then pretended, some security threats may occur. For example, a
subscriber may be charged maliciously. Therefore, MC-Streaming is recommended to employ some kinds of
mechanisms to ensure data confidentiality. DES, RSA and other encryption algorithms can optionally be
deployed.
In multiple access networks, streaming data transmitted in networks can be classified for signalling data and
media content. For media content, it has little effect on user experience even if some parts of the content
are lost. But for signalling data, it is necessary to ensure data integrity. Otherwise, the MC-Streaming service
cannot work normally. Therefore, it is proposed that the integrity of signalling data be verified. Hashing
algorithms such as MD5 and SHA1 are widely used for integrity checks, and are recommended to be
employed here.
In MC-Streaming, users' streaming service information includes program registration and login information,
program information, program settings and content, etc. Once the information is stolen and then forged or
modified, it will result in some security threats such as malicious charging and login. Therefore, MC-Streaming
is recommended to protect the privacy of the information. Encryption, watermarking, tracing and marking,
and other mechanisms can be deployed here.
376
