1. Field of the Invention
The present invention relates generally to authentication in a communication system, and more particularly, to authentication and key agreement for a terminal to access a network.
2. Description of the Related Art
To meet the demand for wireless data traffic having increased since deployment of 4G communication systems, efforts have been made to develop an improved 5G or pre-5G communication system. Therefore, the 5G or pre-5G communication system is also called a “Beyond 4G Network” or a “Post LTE System.” The 5G communication system is considered to be implemented in higher frequency (mmWave) bands, e.g., 60 GHz bands, so as to accomplish higher data rates. To decrease propagation loss of the radio waves and increase the transmission distance, the beamforming, massive Multiple-Input Multiple-Output (MIMO), Full Dimensional MIMO (FD-MIMO), array antenna, an analog beam forming, large scale antenna techniques are discussed in 5G communication systems. In addition, in 5G communication systems, development for system network improvement is under way based on advanced small cells, cloud Radio Access Networks (RANs), ultra-dense networks, Device-to-Device (D2D) communication, wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), reception-end interference cancellation and the like. In the 5G system, hybrid FSK and QAM Modulation (FQAM) and Sliding Window Superposition Coding (SWSC) as an Advanced Coding Modulation (ACM), and Filter Bank Multi Carrier (FBMC), Non-Orthogonal Multiple Access (NOMA), and Sparse Code Multiple Access (SCMA) as an advanced access technology have been developed.
The Internet, which is a human centered connectivity network where humans generate and consume information, is now evolving to the Internet of Things (IoT) where distributed entities, such as things, exchange and process information without human intervention. The Internet of Everything (IoE), which is a combination of the IoT technology and the Big Data processing technology through connection with a cloud server, has emerged. As technology elements, such as “sensing technology,” “wired/wireless communication and network infrastructure,” “service interface technology,” and “Security technology” have been demanded for IoT implementation, a sensor network, a Machine-to-Machine (M2M) communication, Machine Type Communication (MTC), and so forth have been recently researched. Such an IoT environment may provide intelligent Internet technology services that create a new value to human life by collecting and analyzing data generated among connected things. IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected cars, smart grid, health care, smart appliances and advanced medical services through convergence and combination between existing Information Technology (IT) and various industrial applications.
In line with this, various attempts have been made to apply 5G communication systems to IoT networks. For example, technologies such as a sensor network, Machine Type Communication (MTC), and Machine-to-Machine (M2M) communication may be implemented by beamforming, MIMO, and array antennas. Application of a cloud Radio Access Network (RAN) as the above-described Big Data processing technology may also be considered to be as an example of convergence between the 5G technology and the IoT technology.
The communication system suggests an Authentication and Key Agreement (AKA) protocol, which is a mutual authentication protocol between a Mobile Station (MS) and a network when the MS accesses the network.
Mutual authentication procedures according to the AKA protocol are described in brief below. An MS transmits its identifier information to a network for accessing the network. Then, an Authentication Center (AuC) server in the network retrieves an AKA key value mapped to the identifier information of the MS from an AuC database, and generates an authentication token based on the retrieved AKA key value. Then, the authentication token generated in the AuC is transmitted to the MS. The MS generates an authentication token based on its own AKA key value and then compares the generated authentication token and the authentication token received from the network. When the generated authentication token matches the authentication token received from the network, the MS transmits a signal indicating the authentication success to the network and thus accesses the network.
As described above, based on the AKA protocol, the MS and the AuC server share the authentication key in advance and verify whether they share the same authentication key when the MS intends to access the network. When the verification is successful, the key is agreed between the MS and the AuC server and thus a session key to be used for communication traffic security can be generated. In contrast, when the verification fails, the AKA authentication fails and the corresponding MS cannot access the network.
Thus, when the AuC server or the AuC database has an error, every MS supporting the corresponding network suffers the AKA authentication failure and thus fails in the network access.