A. *Component Deployment of Network Security Architecture*

According to the 5G business scenario requirements and the trend of technology development, the communication security of the 5G network system should be ensured, and the flexible deployment of 5G network function, the network scalability and programming, and low cost and low energy consumption should be achieved before a new 5G network security structure is designed [25]. A 5G network security structure based on SDN is put forward. As shown in Figure 1, there are three layers in the structure, which are application layer, control layer, and data transmission layer. A new SecE (Security Entity) is added to the control layer as the control entity to control SecE and other security functions, protect the hash table and seed of all devices, and offer encryption authentication during data transmission [26]. This structure not only reduces the operation and maintenance cost of the 5G network, but also prevents the data leakage caused by network attacks when the equipment and users communicate in different scenarios [27].

The application layer is composed of end-user business applications and other control entities. The control layer includes logically centralized controllers, which perform unified control functions. A distributed security gateway is an intermediate device between the control layer and the data transmission layer. The lowest data transmission layer contains a wireless access network and a core transmission network [28].

B. *Authentication strategy of data encryption*

The authentication mechanism of data encryption has 2 endpoints. The left end is SDN device, which is equivalent to a switch controlled by SDN. The key storage in each device is composed of three parts. The key is randomly generated. Whenever the device requests to establish a communication channel, it will regenerate a new key [29]. After the device authentication is completed, the back end will generate a new key and reload it into the device. The degree difference of authentication adaptive node is *Di*, the residual node energy is *ηi*, and the node motion similarity is Mi. The equation of the weight of the model is as follows:

$${w_i}=\frac{{{q_i}}}{{\sum\nolimits_{{k=1,m}} {{q_i}} }}$$

1

*i* can be taken as 1,2,…m. *w* is the weight of the parameter, *q* is the reference factor, and

$${W_i}={w_1}{D_i}+{w_{\text{2}}}{\eta _i}{\text{+}}{w_{\text{3}}}{M_i}$$

2

When \({w_1}+{w_2}+{w_3}=1\), the outage probability *p* is determined by the equation in the core network:

$$p=\frac{S}{{\pi N{r^2}}}$$

3

Radius is a function of the total energy E, which is consumed by the network in data collection:

$$\left\{ {\begin{array}{*{20}{c}} {\hbox{min} :E} \\ {s.t.0cript>$$

4

If there are n nodes, the average node degree is as follows:

$$\bar {D}=\frac{{\sum\limits_{{i=0}}^{n} {{D_i}} }}{n}$$

5

The degree difference of adaptive nodes is obtained by subtracting the degree of each sub-node from the degree of the average node:

$${\varepsilon _i}=|{D_i} - \bar {D}|$$

6

In the core network, the smaller degree difference of the node is, the worse the degree of the adaptive node is:

$${D_i}{\text{=}}{e^{ - {\varepsilon _i}}}$$

7

To calculate the residual energy of nodes, the initial energy of the network is set as E and the residual energy is Es. When the node has a non-cluster head, the energy consumption per unit time is e1. When the node has a cluster head, the energy consumption per unit time is e2. Therefore, the equation of the residual energy of the node is as follows (14):

$${E_s}{\text{=E-}}\sum\limits_{1}^{i} {{e_1}{D_{ni}}{t_i}} - \sum\limits_{1}^{j} {{e_2}{D_{nj}}{t_j}}$$

8

In the equation, *i* is the number of the nodes having non-cluster head, \({D_{ni}}\) is the degree of the node acting as non-cluster head for the *i*-th times, and \({t_i}\) is the time of the nodes acting as non-cluster head; *j* is the times of the nodes acting as the cluster head, \({D_{nj}}\) is the degree of the nodes acting as the cluster head, and \({t_j}\) is the time of the nodes acting as the cluster head for the *i*-th times. Thus, in each round of cluster head election, the efficiency equation is as follows:

$$\eta {\text{=}}\frac{{{E_s}}}{E}$$

9

The average velocity difference equation is as follows:

$${\bar {v}_{Ax}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {({v_A}\cos \alpha - {v_i}\cos {\theta _i})} }}{n}$$

10

$${\bar {v}_{Ay}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {({v_A}\sin \alpha - {v_i}\sin {\theta _i})} }}{n}$$

11

Therefore, the difference of the average speed is:

$${\bar {v}_A}{\text{=}}\sqrt {{{\bar {v}}_{Ax}}^{2}+{{\bar {v}}_{Ay}}^{2}}$$

12

Then the variance of velocity difference between adjacent nodes on the x-axis and y-axis is:

$${\sigma _{Ax}}^{{\text{2}}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {{{({{\bar {v}}_{Ax}} - {v_{Aix}})}^2}} }}{n}$$

13

$${\sigma _{Ay}}^{{\text{2}}}{\text{=}}\frac{{\sum\limits_{{i=1}}^{n} {{{({{\bar {v}}_{Ay}} - {v_{Aiy}})}^2}} }}{n}$$

14

Therefore, the variance between *A* and adjacent nodes can be expressed as:

$${\sigma _A}^{2}{\text{=}}\frac{{{\sigma _{Ax}}^{2}+{\sigma _{Ay}}^{2}}}{2}$$

15

Therefore, the motion similarity equation is as follows:

$${M_A}{\text{=}}{e^{ - \left( {{\sigma _A}^{2}+{{\bar {v}}_A}^{2}} \right)}}$$

16

C. *Authentication Mechanism Interaction of Data Encryption*

As shown in Figure 2, the switch first sends the authentication request M1 to SecGW. And M1 consists of two parts: the unique ID and the preloaded hash table Hi provided by the back end. Finally, SecGW forwards the authentication message to DPS (Damage per Second) [30]. If DPS passes the authentication, it will update its key and allow communication between control layer devices. If DPS fails, it will not perform any action or make another request. The specific equation of the weight of document *i* in service node k is as follows:

$$Weigh{t_j}=\frac{{{\raise0.7ex\hbox{${{t_i}}$} \!\mathord{\left/ {\vphantom {{{t_i}} T}}\right.\kern-0pt}\!\lower0.7ex\hbox{$T$}}}}{{{s_i}}} * \frac{1}{{{f_n}+1}}$$

17

*T* is the latest *T* accesses and it is a constant. \({t_i}\) is the number of times when the file *i* is accessed in the latest *T* accesses of users, \({s_i}\) is the size of the file, and \({f_n}\) is the number of nodes where the file *i* is adjacent to the cache file *i* of the fog node *j* during the access.

$${S_{OHHR}}=\frac{{\sum {{{\text{h}}_i}} }}{{\sum {{r_i}} }},i=1,2, \cdots ,m$$

18

$$S{}_{{SHR}}=\frac{{\sum {S{H_i}} }}{{\sum {{r_i}} }},i=1,2, \cdots ,m$$

19

\(S{H_i}\) is the hits of file *i* in the system and is the total number of accesses of file *i*. The response delay of the system is calculated as follows:

$$S{}_{{ARR}}=\frac{{\sum {{R_i} * {S_i}} }}{{\sum {{T_i}} }},i=1,2, \cdots ,m$$

20

\({R_i}\) is the total number of accesses of file *i*, \({S_i}\) is the size of file *i*, and \({T_i}\) is the total response time of file *i*. A reasonable bandwidth is used:

$$\begin{gathered} {S_{BC}}=\sum {\left( {{c_i} * {h_i}+\left( {{c_i}+{c_0}} \right) * s{h_i}+\left( {{c_i}+{c_0}} \right) * c{h_i}} \right) * {f_j}} \hfill \\ \begin{array}{*{20}{c}} {}&{}&{} \end{array}i=1,2, \cdots ,p;j=1,2, \cdots ,m \hfill \\ \end{gathered}$$

21

\({h_i}\) is the hits of the node *i*, \(s{h_i}\) is the hits of adjacent nodes, and \(c{h_i}\) is the times of the hits.

As shown in Figure 3, information interaction of control layer devices is established between DPS1 and DPS2. DPS1 first sends the request M1 to DPS2, which is composed of the device ID and relevant hash value. After the request from DPS1 is received, DPS2 sends the authentication request REQ to SecGW. SecGW sends the authentication message ACK (Acknowledge Character) associated with DPS1 AND DPS2 TO DPS2. If the request passes the authentication, DPS2 sends the authentication message M2 to DPS1. If one of the DPS fails, they will no longer perform any operations [31].

D. *Experimental Deployment and Performance Analysis*

To verify the feasibility and security of the proposed authentication mechanism of data encryption, the network simulator Mininet is used to simulate the 5G network experiment scenario. The scheme uses four laptops and two Ethernet hubs on the test bench. OpenVSwitch version 1.10.0 is installed on every laptop. As shown in Figure 4, the scheme uses a virtual machine to simulate the host. One of the laptops acts as the SDN controller, and the POX controller runs on this laptop. The other three laptops are connected through two D-LINKDSR-250N routers. According to the experimental scenario, the attacker is connected to each hub.

There are 5 hosts in the sparse networks, 50 hosts in the medium networks, and 500 hosts in the dense network. The connection outage rate is used to evaluate the performance of the scheme. The connection outage rate is the most important index when the network is attacked. The spatial modeling equation is as follows:

$$H(u(t+r))=A(d)(1+pow(u(t+r))){e^{i(w+\Delta w)(t+r)}}$$

22

\(A(d)\) is not just a constant, \(pow(u(t+r)\)\(^{{i(w+\Delta w)(t+r)}}\) is an amplitude nonlinear term, and \(H(u(t+r))\)is a phase nonlinear term. The received signal C can be expressed as:

$$C \approx \sum\limits_{{i=1}}^{n} {H(i) \cdot H(u(t+r))}$$

23

*t* is the time, *r* is the transmission path, and *u* is the transmission energy. The connection interruption rate of the experiment is expressed as follows:

*num* *dis* is the number of times the connection is interrupted in the simulation. The similarity is used for analysis, and the calculation is as follows:

$$w=1 - \sum\limits_{{i=1}}^{N} {{{({V_{pred}}-{V_{true}})}^2}/} \sum\limits_{{i=1}}^{N} {{{({V_{true}}-\overline {{{V_{true}}}} )}^2}}$$

25

\({V_{pred}}\) is the RF (Radio Frequency) signal output by the prediction device and \({V_{true}}\) is the RF signal output by the device. The most advanced TFSv1 and SDSecurity are compared to explore their performance. TFSV1 is commonly used in the commercial SDN, but it is usually subjected to the above three attacks due to the lack of authentication.