Improving User Equipment Privacy using Non-Redundant Traffic Authentication Scheme in 5G Networks

End-to-end authentication is a critical necessity in 5G networks due to increasing device demands and autonomously transmitted user data. A difficult problem in obtaining shared information is the lack of data-related characteristics and the communicating network. Furthermore, due to the network's lack of traceability and handoff, managing protection for the created data is impractical. The non-redundant traffic authentication scheme (NRTAS) is proposed with the aim of authenticating data sources and contact traffic through active user equipment. This scheme provides more efficient non-replicated authentication by classifying traffic based on its errors. Using a differential private key, the classified traffic is authenticated in a linear or discrete way. The suggested scheme's mechanism is tailored to all of the available contact slots, increasing the likelihood of success. Non-redundant authentication eliminates information sharing overhead while simultaneously achieving the shortest access time and response delay.

of data/ resource exchanged and shared needs to be provided with defined security measures to ensure application reliability and concealed communication. Providing security for the generated traffic is less feasible due to the limitations in communication architecture and computation capability of the communicating terminals [4,5]. Therefore, traffic classification becomes a necessary process for ensuring service compliance in an end-to-end manner. Based on the different applications, the class of traffic and the resource utilization varies. Identifying the appropriate traffic without errors helps to provide reliable authentication and ensuring data integrity [10,11]. The contributions of the article are listed as follows: i. Design and validation of non-redundant traffic authentication scheme for strengthening the privacy of the users, by improving the communication success rate.
ii. Presenting a traffic classification method based on resource utilization and allocation probability ensuring reliable authentication is provided.
iii. Providing end-to-end authentication by classifying linear and discrete communication in the established session without additional overhead and response delay.
iv. Performing a comparative analysis of the proposed NRTAS with the existing techniques and assessing its performance using different metrics.
The organization of the article is as follows: Section 2 discusses various contributions that are proposed in the past. In Section 3, the proposed NRTAS is discussed with the traffic classification and end-to-end authentication methods. The performance assessment of the proposed scheme is detailed in Section 4 with a comparative study, followed by the conclusion in Section 5.

Related Works
Celik et al. [12] proposed a 5G device-to-device communication to increases the throughput and coverage and decreases the power consumption of the cellular environment. The author addresses the issues such as eavesdropping, jamming, primary user emulation attack and injecting attack because the multi path routing emerges some of the security issues and simulation reveals more effective eavesdropping. 5G Narrow Band Internet of Things (NB-IoT) System in massive device is introduced by Cao et al. [13] to resolve the mutual authentication by the traditional access. The NB-IoT addresses the access authentication and data transmission of a group of NB-IoT devices based on the latticebased homomorphism encryption technology. It reduces the network burden and private security and anti-quantum attack.
Block chain and content centric in 5G network was observed by Fan et al. [14]. In the upcoming 5G era the information should be protected in the network. The author proposed the scheme on block chain to solve the privacy issues in content-centric mobile networks for 5G. The mutual trust is implemented in between the content provider and the user.
Garrocho et al. [15] proposed Device-to-Device (D2D) pervasive communication system reduces the mobile traffic load, reduce energy consumption and effectively use the available electrical radio spectrum. The author presented a middleware based on Wi-Fi infrastructure mode that establishes connections and performs data exchange without human interaction.
A Dynamic Chameleon Authentication Tree (DCAT) is introduced by Xu et al. [16] for verifiable data streaming in 5G networks. The DCAT is divided into four phases: setup, append, query, verification. At the time of data querying phase the average authentication path length is been reduced that leads to the space requirement and better form of verification.
Service Oriented authentication for 5G enabled IoT is proposed by Ni et al. [17]. An efficient and secure service oriented authentication (ES3A) framework supporting network slicing and fog computing for 5G-enabled IoT services is proposed. It is developed to setup the connection with the 5G core network and anonymously access IoT service. The privacy slice selection mechanism is used to make a secure access of data.
An efficient quantum-based security protocol is observed by El-Latif et al. [18]. A new efficient cryptographic protocols and mechanisms are needed in order to design and achieve information sharing and data protection protocols in 5G networks. QWHF-1 and QWHF-2 is the two efficient hash function mechanism for 5G network is been developed. 3GPP 5G Network for massive NB-IoT is proposed by Cao et al. [19] for popularization and application of mobile Internet standards. NB-IoT employs the traditional authentication process of User Equipment (UE). The method ensures robust security protection including user anonymity and non-repudiation.
Software-defined services-based Network Security is introduced by Guan et al. [20] for 5G security. Software Defined Security (SDS) is a security paradigm that is more flexible and centralized security protection. The author proposed a scheme that adopts Group Routing Betweenenss Centrality (GRBC) as a metric and introduces a successive algorithm to compute the GRBC.
Ying and Nayak [21] proposed a lightweight and remote user-untraceable authentication protocol (LRUAP) for multi-server-based 5G networks. It is introduce to reduce the computational complexity, self-certified public key cryptography is based on the elliptical curve to authenticate the validate user and server. Xie and Hwang [23] proposed a two factor security in smart city by security enhanced roaming authentication. While providing convenience, mobile networks face a series of challenges in security and privacy protection due to the ability of the terminal. To fix this issue the two factor security is been introduced.
Massive MIMO systems for 5G communications is introduced by Yang et al. [24] for awareness theory of 5g-oriented MIMO system security. It is based on the MIMO system of 5G secure network and it is under the situation of awareness technology, security situation awareness system of 5g-oriented large-scale MIMO system is modeled.
Celdrán et al. [25] proposed a autonomous provision of self-protection in 5G network. Selfprotection is a critical capability of Self-Organizing Networks (SON) focused on protecting the network resources in a flexible and autonomic way. Software Defined Networking and Network Functions Virtualization technologies are used to optimize the usage of network resources for monitoring services.
The methods presented in the above survey are restricted in performance due to varying UE and traffic conditions. Administering unanimous security throughout the communication process, and retaining the response success rate is less feasible. The reasons are centrality [20], virtualization [as in 25], privacy selection [as in 17], etc. This article focuses on the privacy method without compromise in authentication retaining the response success rate under controlled time for varying UE density.

Non-Redundant Traffic Authentication Scheme (NRTAS)
The design goal of NRTAS is to improve the communication security of the users by verifying the instantaneous traffic flow. This scheme facilitates concealed data exchange and communication between the heterogeneous users by mitigating the impacts of adversary authentication and it also prevents suspicious traffic incusing in the concealed link. The false authentication based complex and redundant security measures are mitigated by this scheme. In the following section, the communication architecture along with the interface model is presented.

Communication Architecture
The design of 5G communication architecture is differentiated into three layers namely user equipment (UE), access and resource. An illustration of the layers is presented in Fig. 1. to-end authentication. The following session discusses the traffic classification and authentication process in detail.

Traffic Classification
The type of traffic generated by the UE and the resource granted varies with the user requirement and application type. For example, the service request of a user relaying on transportation system is different from that of user demanding multimedia service. The type of traffic is classified is sensed from the interface allocated and the attributes associated with it.
The attributes refers to the allocated bandwidth transmit power signal strength, etc. as preferred by the service provider. Let be the traffic request time that prolongs for a maximum time of . Therefore, the interval of is [ , + ]. Let ( ) denote the set of attributes associated with the traffic as observed in the above time interval. The attributes are discovered, classified and address using vectors such that The representation in equation (1)  In equation (2), the next set of traffic that is to be disseminated is estimated. There are two cases in classifying and namely < + and = + . Therefore, the response is shared allocating the available resource in a sequential manner. Thus, the chances of [. ] is less in this case. On the other side, this is not a final validation as the resource allocation and response varies abruptly due to multiple accesses.
The classification here is and [. ] and the order is represented as In this case, the authentication is required in a sequential manner without considering the error case. Therefore, the decision of administering security for ∈ [ , + ] is made by the service provider. This decision is pursued for all in different in a unanimous manner until error is encountered. This sequence of traffic is not accounted by confining the slots allocated for . Post the interface replacement and slot variation, the is classified again using the above instances. The traffic generated in this instance [as denoted in equation (3)] is provided with authentication. This authentication process for linear and discrete traffic is discussed in the following section.

End-to-End Authentication
End-to-End traffic authentication relies on the classified as discussed above. This ensures the linear or discrete traffic is alone provided with authentication. Administering end-toend concealed authentication varies with the identified traffic for its linearity and discreteness.
Both the process of authentication employs tree based measures for expelling replications.

Linear Authentication
In a linear authentication, the sequence of traffic as in equation (3) is considered with an assumption that no-retransmission of the request is generated in . This means, the re- The sequence is modeled for a message of length and the available slots for the ∪ .
In a linear tree representation, the generated for and must be different to prevent unnecessary key computation. The sequence is then constructed as In equation 4(a), if = , then the sequence is generated for either of the occurrence.
Therefore, if the above condition occurs, the required is − ∀ = . The linear tree constructed and modified for the cases in equation (4) and (4a) is illustrated in Fig. 2(a) and 3(b). Fig. 2(a). Normal Sequence of is the public key of the UE. In this authentication process, let , and denote the public key of the service provider, and private key of the UE and service provider respectively. The is generated with this combination as In equation (8), the discrete sequence is represented for the with respect to and respectively. Instead, in equation (8), either of sequence is alone true as the existence of both is denied. Therefore, if the sequence is known and the adversary mitigate the session, then ( ) with modified or new and generation process reduces the impact of ( + ). Leaving out the errors, the change in is considered to secure the communication session, without halting the exchange interval. Therefore, the additional delay due to new interval assigning and request re-transmission is confined in this process. In order to address the discrete representation of equation (8), the normalization of this process is mandatory. In this process, the boundary of the switch over between and is defined as The authentication sequence is now classified on the basis of ℙ from which the process is instigated. In Figure 3(a), 3(b), the modified sequence for ∈ "( ) is represented.

Performance Assessment
In this section, the performance assessment of NRTAS is presented with the appropriate validation environment and its associated metrics. In this validation process, a network with 300m*300m region with 150UEs is considered. The communication is modeled using wireless interface of 2Mbps bandwidth and the maximum accessible resource is 500Mb for each device.

(b) UE=100 (a) UE=50
The performance environment is modeled as shown in Fig. 1, for which the experimental environment is used as in Table 1. The application modeled is voice, data and web access used as a constant bit rate calibration for multiple devices. Based on the request flow per unit time, the traffic flow varies. The experimental results are verified using the metrics access time, response delay, traffic load, success ratio, and overhead. For an effective comparative analysis the existing methods GRBC [20], ES3A [17], and LRUAP [21] are considered in this article. For the metrics access time, traffic load, and success ratio, the density of the UE is varied as 50, 100 and 150 to analyze the performance of the proposed NRTAS.

Fig. 4. Access Time Comparisons
The proposed NRTAS achieves less access time to the generated requests from the varying ′ . This is achieved due to two prime reasons, the range of [. ] is pre-estimated and traffic is classified using . By estimating [. ], the chances of is computed that helps to retain In particular, the based classification aims at reducing by identifying traffic (as in equation (3) (1) is achieved by this traffic classification, reducing the rate of traffic.

Fig. 7. Success Ratio Analysis
NRTAS achieves better reliability data and message sharing by providing specific authentication for the classified traffic. The authentication is modeled on the basis of and for a differential and depending on the sequence of . In a linear authentication, the hash is generated by mitigating = instances, preventing redundancy. On the other hand in a discrete authentication, and are categorized for a new sequence of " to ensure differential and generation, for the change in and to reduce unnecessary authentication failure, therefore, irrespective of the change in UE and hashes, authentication is seamless for the intervals for all [ + ]. Due to these factors, the end-to-end security is administered in a optimal manner, improving the success ratio of data sharing (Refer to Fig. 7).

Fig. 8. Overhead Analysis
The overhead in the proposed NRTAS is less by reducing unnecessary authentication for all the generated traffic. The generated traffic is classified for [. ] to provide either a linear/discrete authentication. On the other hand, the change in to or vice-verse is determined on the basis of ℙ, that helps to reduce the additional control message exchange. As mentioned earlier, the success ratio is high; the control message for differential authentication is less reducing the overhead in NRTAS. In Table 2 and 3, the comparative analysis results for the above metrics are presented.

Conclusion
This article discusses non-redundant traffic authentication scheme for securing 5G communication and information sharing in a heterogeneous platform. This scheme is modeled into two phases for traffic classification and authentication. The traffic is classified for its error in dissemination and resource sharing so as to provide authentication. The error less classified traffic is analyzed using linear and discrete models for providing replication-free authentication.
The authentication is secured using a message and request time based range for improving the reliability of the secret key generation. Using differential secret key and hash, the communication session for the allocated slot is secured. By adapting this authentication model in an agreed manner, end-to-end session authentication for the classified traffic is provided with less overhead and better success ratio.
Funding Statement: