Network slicing technology is a core part of 5G network, which enables users to access the suitable network on demand and increases the flexibility of network resources through appropriate network configuration. However, the group users in dynamic 5G network slices face communication security threats (impersonation attack, network monitoring, identity leakage, etc.). Group key agreement (GKA) protocol can be used to ensure the security of communication for group users. However, most GKA protocols do not consider cross-domain environment, or use the same cryptographic system parameters between all communication nodes in cross-domain environment. This study presents a cross-domain certificateless authenticated GKA protocol for 5G network slicings supporting dynamic group users management. This new scheme only needs one-round communication and allows group users from different network domains with different cryptographic system parameters to agree on a group session key in common. The proposed scheme not only can provide authenticated key agreement security, mutual authentication, perfect forward secrecy, user anonymity and partial private key transmission security, but also is able to withstand the impersonation, replay and known temporary key attacks. As compared with existing three certificateless group key agreement protocols, our proposed scheme has less computation time, and the communication overhead of low-power group user in our proposed is reduced by at least 36%.

网络切片技术是5G网络的核心部分，它使用户能够按需访问合适的网络，并通过适当的网络配置来增加网络资源的灵活性。但是，动态5G网络切片中的组用户面临通信安全威胁（模拟攻击，网络监控，身份泄漏等）。组密钥协议（GKA）协议可用于确保组用户通信的安全性。但是，大多数GKA协议不考虑跨域环境，或在跨域环境中的所有通信节点之间使用相同的密码系统参数。这项研究提出了一种用于5G网络切片的跨域无证书认证GKA协议，支持动态组用户管理。这种新方案只需要单次通信，就可以使来自不同网络域的具有不同密码系统参数的组用户共同商定组会话密钥。所提出的方案不仅可以提供认证密钥协议的安全性，相互认证，完善的前向保密性，用户匿名性和部分私钥传输的安全性，而且还可以承受假冒，重播和已知的临时密钥攻击。与现有的三种无证书的组密钥协商协议相比，我们的方案具有更少的计算时间，并且所提出的低功耗组用户的通信开销至少减少了36％。所提出的方案不仅可以提供认证密钥协议的安全性，相互认证，完善的前向保密性，用户匿名性和部分私钥传输的安全性，而且还可以承受假冒，重播和已知的临时密钥攻击。与现有的三种无证书的组密钥协商协议相比，我们的方案具有更少的计算时间，并且所提出的低功耗组用户的通信开销至少减少了36％。所提出的方案不仅可以提供认证密钥协议的安全性，相互认证，完善的前向保密性，用户匿名性和部分私钥传输的安全性，而且还可以承受假冒，重播和已知的临时密钥攻击。与现有的三种无证书的组密钥协商协议相比，我们的方案具有更少的计算时间，并且所提出的低功耗组用户的通信开销至少减少了36％。