To meet the demand for wireless data traffic having increased since deployment of 4G communication systems, efforts have been made to develop an improved 5G or pre-5G communication system. Therefore, the 5G or pre-5G communication system is also called a ‘Beyond 4G Network’ or a ‘Post LTE System’. The 5G communication system is considered to be implemented in higher frequency (mmWave) bands, e.g., 60 GHz bands, so as to accomplish higher data rates. To decrease propagation loss of the radio waves and increase the transmission distance, the beamforming, massive multiple-input multiple-output (MIMO), Full Dimensional MIMO (FD-MIMO), array antenna, an analog beam forming, large scale antenna techniques are discussed in 5G communication systems. In addition, in 5G communication systems, development for system network improvement is under way based on advanced small cells, cloud Radio Access Networks (RANs), ultra-dense networks, device-to-device (D2D) communication, wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), reception-end interference cancellation and the like. In the 5G system, Hybrid FSK and QAM Modulation (FQAM) and sliding window superposition coding (SWSC) as an advanced coding modulation (ACM), and filter bank multi carrier (FBMC), non-orthogonal multiple access (NOMA), and sparse code multiple access (SCMA) as an advanced access technology have been developed.
The Internet, which is a human centered connectivity network where humans generate and consume information, is now evolving to the Internet of Things (IoT) where distributed entities, such as things, exchange and process information without human intervention. The Internet of Everything (IoE), which is a combination of the IoT technology and the Big Data processing technology through connection with a cloud server, has emerged. As technology elements, such as “sensing technology”, “wired/wireless communication and network infrastructure”, “service interface technology”, and “Security technology” have been demanded for IoT implementation, a sensor network, a Machine-to-Machine (M2M) communication, Machine Type Communication (MTC), and so forth have been recently researched. Such an IoT environment may provide intelligent Internet technology services that create a new value to human life by collecting and analyzing data generated among connected things. IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected cars, smart grid, health care, smart appliances and advanced medical services through convergence and combination between existing Information Technology (IT) and various industrial applications.
In line with this, various attempts have been made to apply 5G communication systems to IoT networks. For example, technologies such as a sensor network, Machine Type Communication (MTC), and Machine-to-Machine (M2M) communication may be implemented by beamforming, MIMO, and array antennas. Application of a cloud Radio Access Network (RAN) as the above-described Big Data processing technology may also be considered to be as an example of convergence between the 5G technology and the IoT technology.
The 3rd Generation Partnership Project (3GPP) initiated the work on “Next Generation Systems” which includes architecture and security for Next Generation System (FS_NextGen) and a 5G New Radio (NR) Access Technology (FS_NR_newRAT). A main objective of the work item is to design a system architecture for a next generation mobile network. The new architecture shall support at least the new radio access technologies (RAT(s)), the evolved LTE, non 3GPP access types and minimize access dependencies as per the standard, work item described in the 3GPP document SP-160227. The main requirements from security perspective for new Next Generation architecture are: “The 3GPP system shall support industrial factory deployment where a network access security is provided and managed by a factory owner with its ID management, authentication, confidentiality and integrity”, and “The 3GPP system shall support an authentication process that can handle alternative authentication methods with different types of credentials to allow for different deployment scenarios such as industrial factory automation as per the standard study report of 3GPP TR 22.862. Further, in order to address the requirements from 3GPP SA WG1, the following principles are adopted by the architecture working group [TR 23.799]:
a. Support authentication of a user Equipment (UE) connecting to a 5G NextGenCore Network (CN) via different access network, including 3GPP technologies, non-3GPP wireless technologies, fixed broadband access, secure and unsecure Non-3GPP accesses.
b. The UE is assumed to possess credential. The procedure for providing credential to UE is out of scope of this solution.
c. Support a unified authentication framework enabling UEs connecting via different access network technologies to access the 5G NextGen CN.
Considering the above objective, requirements and the architectures under consideration [SP-160464], the current 3GPP system authentication mechanism does not provide lower-layer agnostic and is different from the non-3GPP systems (for example WLAN, like so).
In the current 3GPP systems (for example, LTE, Universal Mobile Telecommunications Service (UMTS), like so) the authentication mechanism is tightly coupled with a Non-access stratum (NAS) layer and require an exclusive hardware (e.g., Universal Integrated Circuit Card (UICC)) to store and execute the authentication protocol (AKA or SIM) in the UE. Further, the 3GPP system is required to have an authentication framework for the NextGen System (NextGen Core and NR radio access technology) which supports:                Different credentials        AKA (USIM)        Certificate        Password        To support different scenarios        Isolated Operations        Initial credentials provisioning        Accessing the EPC/NextGen Core via the unlicensed spectrum networks (for example, WLAN, LTE-U)        Storage and execution of authentication protocols in different trusted platforms (for example, UICC/eUICC/SmartCards/Secure platform in the device (like KNOX))        Interwork with the non-3GPP access networks via NextGen Core        To use the same framework with different credentials and with different networks        Vendor network/Service Provider network/application service provider network        Devices supporting multiple RATs        
Further, in order to have unified authentication framework to address the requirements, specifically, “handle alternative authentication methods with different types of credentials”, a new authentication framework is required.
Considering the limitation in the existing 3GPP systems and the requirements on NextGen, it is motivate to use Extensible Authentication Protocol (EAP) based authentication framework for NextGenSystems. However, when adopting the EAP, the following challenges needs to be addressed:                EAP needs a way to encapsulate EAP messages within protocol's messages        no longer access agnostic        EAP authentication procedure may happen after IP address assignment.        Existing EAP encapsulation protocols: EAPoL, 802.16e, IKEv2, PANA, RADIUS, DIAMETER are access technology        EAPoL and 802.16e are particular MAC protocol specific        Existing EPS-AKA authentication does not foresee any need to support generic framework to carry any other authentication protocol        Need mechanisms to encapsulate EAP messages in the New Radio (NR) and NextGen Core        A mechanism needs to be provided to transmit the Key from the authentication server to the authenticator and also to the other network entities that needs it from authenticator.        Further design of architecture framework requires decision on the below two issues, if the EAP to be used as the authentication protocol:        Locations for EAP authenticator (usually Authenticator placed at the first hop)        In the NR node (Base Station)        In the core network (CN) Node (CP-AU)        EAP encapsulation protocols for Next Generation Networks        EAP over RRC/NG2        EAP over NAS        EAP over PANA        EAP over IKEv2        
Further, in Rel-13 (Release-13), as part for a Work Item (RP-151114) “LTE-WLAN Radio Level Integration and Inter-working Enhancement”, 3GPP finalized standardization of LTE WLAN Aggregation (LWA): LTE-WLAN Aggregation. In the LWA, the LTE Radio Access Network (RAN) aggregates a traffic over the LTE and WLAN radio interfaces, very similar as is performed in the Rel-12 Dual-Connectivity (DC): MeNB (Master eNB) is LTE RAT (Radio Access Technology), SeNB (Secondary eNB) is also LTE RAT and X2 interface between the MeNB and the SeNB. In the LWA: the eNB is LTE RAT, SeNB is called Wireless Termination (WT) and is handling WLAN RAT entities; interface between the eNB and the WT is called Xw. The 3GPP TS 36.300 provides more details DC and LWA, as shown in the FIG. 16, which is from the TS 36.300 specification.
The LWA in Rel-13 only supports Down Link (DL) data traffic over the WLAN. The LWAAP (3GPP TS 36.360) is a very small protocol only adding a packet header to a Packet Data Convergence Protocol-Protocol Data Unit (PDCP PDU) identifying a data radio bearer (DRB) the packet belongs to: Based on the received DRB-ID, the UE will know to which PDCP entity in the UE to deliver the packet to (UE has one PDCP entity per DRB). The PDCP PDU's going over WLAN are ciphered twice: Once on PDCP level by the eNB (normal LTE ciphering based on the key KeNB [TS 33.401]) and once on the WLAN level based on key S-KWT (used as PMK/PSK [IEEE 802.11]) which is derived from the KeNB. In order to limit the complexity (e.g. w.r.t. when/how to update S-KWT when handover occurs), the Rel-13 LWA specifies that any LWA configuration (i.e. WLAN part) is released at the LTE handover and if required it is added again after the handover (using WT addition procedure).
In Rel-14, a new WID “enhanced LWA” is approved to enhance the Rel-13 LWA solution (cf. RP-160600). Two main objectives of this WID are: support of UL data transport over the WLAN and support for an intra- and inter-eNB handover without WT change. The result of these two new objectives is that now have to consider what happens at intra/inter-eNB change, which results in KeNB change, with the data going over WLAN.