1 Introduction

Mobility management in wireless networks comprises of location management and handover management. The handover mechanism is critical for sustaining mobile node IP sessions as the user equipment (UE) shifts between points of access (APs). Although Mobile Internet Protocol (MIP) is the most widely adopted scheme for IP services, it is incapable of handling high speeds and frequent changes of UE’s movements. Authors in [1] further explain that MIP handover leads to high latency and high packet drop rate that degrade network performance. To enhance network quality and performance in mobile networks, handover management is very significant. This is especially for the fifth generation (5G) which offers higher data rates, spectrum efficiency, energy consumption, quality of experience, massive connectivity and lower latencies compared with fourth generation (4G) networks [2]. As explained in [3], the deployment of heterogeneous networks (HetNets) consisting of ultra-dense macro and micro cells render handover management extremely challenging. As such, seamless handovers still remain a mirage in the face of numerous handover protocols that have been developed so far.

Authors in [4] attribute this to the handover module of the entire handover mechanism. The handover algorithm comprises of three phases which include handover trigger, registration and data forwarding. Whereas handover trigger involves events that may initiate the handover, the registration phase deals with the selection of the best target AP to handover the UE to. On the other hand, data forwarding is the redirection of active sessions towards the new target AP. Here, triggering handovers too early or too late result in handover failures and hence accurate prediction of handover trigger timing is vital in the enhancement of the handover performance, ensuring seamless transitions between APs. As noted in [5], although numerous schemes have been developed for optimal selection of APs via pattern matching, probability analysis and prediction models, very few of them have been dedicated to handover trigger time in 5G networks such as vehicular networks. When deployed in 5G scenarios, the conventional MIP is unable to handle both UE’s high speeds and directional changes which results in service disruptions and performance degradation [6]. This is an issue that requires urgent solution to boots both quality of service (QoS) and quality experience.

1.1 Intelligent Handover Prediction and Decisions

Accurate handover initiation events predictions are important during the trigger phase if ping–pong handovers and failures are to be controlled [7]. Since the conventional handover trigger relies on fixed network quality thresholds such as received signal strength (RSS) and signal to noise ratio (SNR), the entire handover is rendered inefficient in real-time applications such as vehicular networks with dynamic mobility. As pointed out in [1], high vehicular mobility coupled with dynamic network topology in 5G networks degrades the performance of conventional mobility management protocols. Consequently, seamless wireless communications over these networks is still quite challenging. The incorporation of many radio access technologies in cellular networks imply that the UEs must flexibly select the radio technology to connect to based on location and availability. This calls for intelligence and autonomy of the UEs so as to select only the best technology for the communication process.

To prevent service disruptions occasioned by long handover latencies, numerous intelligent-based models have been developed for the estimation and prediction of the handover ahead of time [8]. This facilitates early resource allocation, and artificial neural networks (ANN) have been heavily deployed in these predictions [9]. However, most of these intelligent-based models are executed offline and have high computational complexity. In addition, authors in [3] discuss that although handover is one of the most cumbersome key performance indicators in cellular networks, majority of past research work has focused on predicting handovers for individual UEs. These individual predictions are complex to implement in real networks with massive cells and users. As explained in [10], handovers across networks require upholding of QoS, lower costs and consolidated billing to be put into consideration. In addition, pro-active preparations must be carried out to address ideal target discovery issues during 5G handovers. Authors in [11] point out that massive random deployment of small cells in 5G networks render network management and handover parameters optimization very cumbersome.

1.2 Challenges in Conventional 5G Handovers

Most of the current 5G handover schemes are reactive and hence incurs long latencies which reduce QoS and Quality of Experience (QoE) [12]. The handover completion time ranges from several hundred milliseconds [13] to 4 s [14]. In these handover protocols, performance degradation is required to trigger the handover and hence lacks advance dynamic resource allocations. In addition, many of them rely on only one metric such as Received Signal Strength Indicator (RSSI) and require changes to the underlying cellular network or UE. The reliance on only RSSI implies lack of comprehensive network, UE or user metrics such as traffic load or UE stability and hence perceived QoE of the user after the handover is ignored [15]. Despite this discrepancy, little efforts have been directed towards the deployment of multi-criteria encompassing parameters.

Long latencies during handover result in service disruptions and to address this, authors in [16] call for the development of an efficient mobility management protocol. In addition, an efficient scheme for the determination of the most ideal wireless network among the available ones has been advocated in [17]. Considering 5G vehicle ad hoc networks (VANETs), the rapid vehicle mobility between APs introduces some challenges towards seamless connectivity with access routers. Authors in [16] identify accurate mobility management scheme capable of predicting vehicle mobility and network quality as a viable solution. Apart from performance issues, security and privacy are other issues that require to be addressed in highly dynamic 5G networks. However, requirements for ultra-low latency communications and high connection densities render the design of secure and efficient handover authentication protocols quite tricky. In some instances, the massive UE devices with concurrent active connections may initiate access requests or handovers, which call for the execution of secure and efficient access authentications before call admission. The 3rd Generation Partnership Project (3GPP) has defined 5G’s improved Authentication and Key Agreement (5G-AKA’) for handover authentication [18]. However, this protocol is susceptible to de-synchronization, replay attacks, jamming attacks and lacks perfect forward secrecy.

For access authentication, full Evolved Packet System Authentication and Key Agreement (EPS-AKA) must be executed between each UE and the network. Unfortunately, the EPS-AKA has inherent security, privacy and efficiency issues. The requirement by EPS-AKA that each device execute full access authentication process results in heavy signaling between UEs and 5G core network key nodes that potentially causes long authentication latencies. As pointed out in [19], attacks and privacy issues in EPS-AKA include packet redirections, MitM, denial of services (DoS) and privacy leaks. Consequently, the development of secure and efficient authentication protocols for these networks is key. Authors in [20] explain that cellular network handovers must be robust against attacks, which requires proper user authentication.

Although many handover authentication techniques have been proposed, they have either high handover latencies or high computation overheads. As such, there is need for the development of efficient handover authentication protocols to address these issues. Enhancement of QoS during vertical handovers has been identified in [21] as being extremely challenging. To prevent interruptions to the ongoing calls and reduce data losses, efficient handover protocols need to be developed so as to facilitate seamless connections between source and target cells. As explained in [22], seamless connectivity can be assured by the incorporation of user preferences and network conditions during handover decisions. However, mobility management in the face of service continuity maintenance is a very complicated task. In 5G roaming scenarios, handover security and efficiency must be upheld [23]. However, the current handover authentication techniques have anonymity, traceability and universality issues. In addition, authors in [24] identify long handover latencies and the focus on either only security or QoS as some of the issues with conventional handover techniques. Consequently, the usage of these inefficient schemes in 5G handovers increases latencies and degrades performance.

Based on the foregoing discussion, it is clear that most of the current handover techniques fail to comprehensively incorporate critical environmental factors that influence the dynamics of wireless networks. Consequently, majority of these schemes are not applicable in 5G and beyond networks [25]. On the other hand, mobility management and resource utilization have been identified in [26] as the most crucial research interest in wireless mobile multimedia networks. In addition, authors in [27] stress on the significance of an efficient handover scheme for underwater nodes seamless communication. In terms of security and privacy, most of the current schemes concentrate on performance and ignore these two aspects of the handover mechanism.

1.3 Attack Models

In this paper, it is assumed that the communication among the various network entities is insecure. It is also assumed that an attacker can brute force low entropy ephemerals in polynomial time. With these assumptions, the following attacks are possible.

  • Forgery attacks: The goal of this attack is to eaves-drop the communicating channel so as to obtain user equipment (UE) secrets. Using the obtained secrets, an adversary makes an attempt of fooling other network entities about its identity. In addition, an attacker may try to forge the session key shared among the communicating entities.

  • Packet replay attacks: To carry out this attack, an adversary captures current session security parameters, modifies them and then re-transmits them in subsequent authentication phase. The captured parameters may include the identities of communicating parties or security tokens incorporated with authentication requests. The aim is then to fool the recipient that these security parameters are emanating from the impersonated entity.

  • Masquerade attacks: the ultimate objective of this attack is to impersonate a particular gNB. Afterwards, unsuspecting UEs send authentication requests to this fake gNB. In the process, UE’s secret parameters are learnt that are then used to as vector to launch further attacks such as packet replays and redirections.

  • MitM attacks: In this attack, an adversary attempts to derive new session key based on the security parameters captured over the transmission channels. Any successful attack may enable an adversary to interrupt the current communication session. In addition, integrity of the transmitted data may be compromised should an attacker modify the captured security parameters before forwarding them to unsuspecting recipient.

  • DoS attacks: The aim of this attack is to transmit massive captured and pre-stored authentication messages to the communication entities. This can effectively overwhelm the core network recipients or UEs to an extent that they cannot attend to other received authentication requests. In worst case scenario, the targeted communicating entity can crush, hence denying legitimate entities the requested services.

To address these security attacks, the proposed protocol incorporated salient security features such as random nonces, temporary keys, dynamic ephemerals and session keys. This is illustrated in Sect. 1.5 that follows.

1.4 Our Contributions

The contributions of this paper are two-folds: a protocol that uses machine learning to adaptively learn the prevailing network conditions and predicting the handover instant is developed. Simulation results show that this serves to minimize handover rates, ping pongs, average packet drop rates, and hence lead to a higher number of successfully received packets compared to the 5G AKA’ protocol. In terms of security during the handover process, the proposed protocol offers strong mutual authentication among the communicating entities before deriving the shared session key among them. This is shown to prevent numerous attacks discussed in Sect. 1.4 above. The specific contributions of this paper include the following:

  • We develop an intelligent handover protocol capable of predicting the handover instant and target cell so as to minimize service disruptions and ping-pong handovers.

  • We deploy multi-criteria handover decision encompassing user, network, service and UE requirements so as to enhance both QoS and QoE after handover.

  • Ephemerals and nonces are utilized to randomize session keys and authentication messages to protect against security attacks and privacy violations.

  • Through the widely adopted Burrows–Abadi–Needham (BAN) logic and informal security analysis, we show that the proposed protocol is resilient against most of the conventional cellular network attacks.

The rest of this paper is structured as follows: Sect. 2 discusses related work while part 3 outlines the system model. Section 4 presents and discusses the simulation results while part 5 concludes the paper and gives future work.

2 Related Work

The usage of intelligent based schemes for performance improvements during handovers has attracted great attention from both the industry and academia. However, very little of these protocols address both performance and security issues during the handovers. For instance, authors in [28] have developed an RSSI based 5G HetNet handover trigger scheme while a two-tier machine learning-based scheme has been introduced in [1] for vehicular networks handover management. Similarly, a machine learning (ML) protocol has been presented in [3] while a user preference self-selection decision tree based scheme has been developed in [29] for handover latency reduction. On the other hand, an ANN based handover approach has been introduced in [20] while a fuzzy logic (FL) speed adaptive vertical handoff decision protocol has been developed in [30]. However, the scheme in [30] depends on centralized selection approach and hence cannot scale well with increased communication load. Authors in [31] have introduced a feed forward ANN based handover management technique to enhance QoE while an FL multi-terminal based protocol has been presented in [32]. Although the scheme in [32] fulfilled user preferences and application requirements, it is inapplicable in 5G networks.

A hybrid artificial intelligent handover decision has been introduced in [4] to boost QoS while authors in [33] have proposed an ANN based handover using RSS for handover decision. A multi-layer feed forward ANN handover decision scheme has been presented in [22] for HetNets while authors in [34] have developed a FL based handover technique coupled with Kalman filter for handover initiation reduction. Similarly, a FL based handover decision scheme has been presented in [35]. On the other hand, historical handover data and K-nearest neighbor (KNN) ML technique have been utilized in [10] for handover decision predictions while an ML handover decision approach has been developed in [36] to enhance handovers between micro and 5G mmWave bands. However, handovers between 5G base stations were never considered in [36]. Authors in [37] have introduced a neural fuzzy multi parameter-based handover decision scheme while a multi-criteria FL based technique has been presented in [38]. However, the algorithm in [38] never considered SINR. Similarly, a fuzzy logic handover algorithm has been developed in [39] while a HetNet ANN scheme is presented in [40]. However, the approach in [39] failed to incorporate more comprehensive network factors. Similarly, an ANN handover decision technique has been developed in [41] for reductions of both latencies and frequency of handovers while an ANN handover scheme for QoS enhancement, handoff rate and call blocking reductions has been introduced in [42].

To ensure seamless connectivity, authors in [21] present an ANN based handover technique while a smart handover protocol based on fuzzy neural network is introduced in [43]. To offload tasks between fog nodes and facilitate seamless transitions between APs, authors in [44] present a learning-based handover optimization technique. In [45], an ANN based handover prediction model is introduced, although this scheme can only handle one-step ahead prediction. In addition, this approach has not been utilized for RSS prediction during handover decision making procedures. Authors in [46,47,48,49] have deployed neural network approaches for handover decisions. Although these schemes boost efficiency, these algorithms are very complicated. Using available bandwidth, current RSSI and future RSSI, authors in [50] present a FL based handover technique while a self adaptive FL based handover scheme is introduced in [51] that was shown to have reduced ping-pong handovers and latencies. Similarly, a self-selection decision tree using user preferences is developed in [52] to reduce handover latencies.

A fuzzy logic based handover protocol is presented in [53] that was shown to yield better performance than RSSI based scheme. On the other hand, predictive RSS and dwell time have been utilized for ANN based handover decision scheme in [54]. However, features that had the greatest effects on the handover decision have not been elaborated nor has the evaluations been done under vehicular mobility. To accurately predict handover trigger time, authors in [16] introduce a neural network based technique. On the other hand, authors in [55] have presented a handover scheme to maximize network utilization for seamless connectivity. However, the protocol in [55] never considered critical network features such as transmission rates. An ANN based technique is presented in [26] that facilitated accurate prediction of UE future position based on user mobility history.

An early binding update registration method is introduced in [56] for vehicular networks that was shown to yield improved handoff latencies and packet loses. However, this approach exhibits high signaling and communication overheads. On the other hand, handover techniques in [35, 37, 57] fail to consider network selection complexity and have high computation costs. To enhance QoE in cognitive 5G networks, authors in [58] presented a handover technique that was shown to have reduced handover latency. A multi-criteria ANN handover method is presented in [25] while a user pattern based neural network prediction technique is introduced in [59]. The scheme proposed in [50] reduces number of executed handovers and enhances QoS while the method in [60] takes into consideration UE mobility. However, the protocol in [60] takes only the QoS into consideration during handover prediction. To offer seamless internet connectivity and reduced packet losses, authors in [61] introduce a handover scheme that also guaranteed session stability.

In summary, most of the intelligent-based handover schemes result into high computation costs and are executed in an offline manner. As majority of these handover techniques are based on RSSI, they are incapable of choosing the most ideal target cell for handover since perceived QoE of the user after the handover is not taken into consideration. In terms of handover security and privacy, majority of the protocols discussed above only consider performance and ignore these two fundamental issues during handovers. Owing to 5G’s ultra-densification, group access authentication has been suggested for this high number of devices so as to reduce signaling congestions that crop up if each device was to authenticate individually [62, 63]. Although group authentication minimizes traffic loads in cellular networks, security problems between machine type communication (MTC) devices and MTC servers are rarely taken into consideration. Identity based direct handover authentication techniques can solve this issue [64] but are inefficient due to bilinear pairing operations that render them computationally expensive. Although block chain based schemes can achieve robust authentication [65], they are quite inefficient due to high computation and storage costs.

3 System Model

It has been noted that majority of the intelligent handover schemes are based on either network parameters or are limited to a few handover decision criteria. To address this issue, the proposed protocol expanded handover decision parameters to incorporate network requirements, user satisfaction, UE characteristics and service level requirements. In this case, the received carrier power represented network requirements; power density, path loss and velocity represented UE requirements; traffic intensity and blocking probability represented service requirements; while security represented user requirements.

In this section, the architecture of the proposed protocol is outline and discussed. The proposed system model is divided into sub-sections that discuss mathematical preliminaries, blocking probability and traffic intensity derivations, power metrics determination, artificial neural network, back propagation, handover decision, and handover authentication.

3.1 Mathematical Preliminaries

During back propagation, the following six mathematical definitions hold:

Definition 1

Taking m, k and n as the input layer, hidden layer and output layer neurons respectively, then the back propagation neural network (BPNN) model is constructed using the Log-sigmoid transfer function as shown in (1).

$$f\left( x \right) = \frac{1}{{1 + e^{ - x} }}$$
(1)

Definition 2

Taking Ēi as the expected values of the network FOMs results and Ōi as the corresponding output values computed by the ANN respectively, the error function is computed as shown in (2)

$$E = \frac{{\mathop \sum \nolimits_{i} \left( {\overline{E}_{i} - \overline{O}_{i} } \right)^{2} }}{2}$$
(2)

Definition 3

Using the error back propagation algorithm and this error function, the weights value of the ANN are continuously controlled by the error feedback. Taking y as the neural network output, Nt as the neuron threshold, Af as the activation function, Xj as the jth input layer node, Yj as the jth hidden layer node, Oj as the jth output layer node, E as the error function and setting neurons input vector as X = (x1, x2, x3,……,xm), weights value corresponding to this vector in the input neuron is W = (w1,w2,w3,……,wm). Then setting network weights to (Wij,Tij), the following BP formulations apply:

$${A}_{f}(x)=\left\{\begin{array}{c}1, x\ge 0\\ -1, x<0\end{array}\right.$$
(3)
$$y={A}_{f} \left(\sum_{i=1}^{m}{w}_{i{x}_{i}}-{N}_{t}\right)$$
(4)

Definition 4

Using parameters initialized in Definition 3, the outputs of the hidden layer node (\({y}_{i}\)), output of the output layer node (\({O}_{l}\)) and the error of the output layer node (\(E)\) are given by (5), (6) and (7) respectively:

$${y}_{i}={A}_{f}\left(\sum_{j}{w}_{i{jx}_{j}}-{N}_{ti}\right)={A}_{f}( {cell}_{i})$$
(5)
$${O}_{l}={A}_{f}\left(\sum_{j}{T}_{i{jx}_{j}}-{N}_{tl}\right)={A}_{f}( {cell}_{l})$$
(6)
$$E=\frac{1}{2}\sum_{l}({t}_{l}-{O}_{l})$$
(7)

Definition 5

The aim of BPNN during training and learning is to minimize error E. Consequently, weight adjustment of the BPNN and the negative gradient of E are in proportional relationship as in (8). On the other hand, the gradient of the error function of the hidden layer node is computed as in (9) while the gradient of the node error function of the output layer is given in (10):

$$\frac{\partial E}{\partial {T}_{li}}=\sum_{k=1}^{m}\frac{\partial E}{{\partial o}_{k}}\frac{{\partial o}_{k}}{\partial {T}_{li}}=\frac{\partial E}{{\partial o}_{l}}\frac{{\partial o}_{l}}{\partial {T}_{li}}$$
(8)
$$\frac{\partial E}{\partial {w}_{li}}\sum_{l}\sum_{i}\frac{\partial E}{\partial {o}_{l}}\frac{\partial {o}_{l}}{\partial {y}_{i}}\frac{\partial {y}_{i}}{\partial {w}_{ij}}$$
(9)
$$\frac{\partial E}{\partial {N}_{tl}}=\sum_{k=1}^{m}\frac{\partial E}{{\partial o}_{k}}\frac{{\partial o}_{k}}{\partial {N}_{tl}}=\frac{\partial E}{{\partial o}_{l}}\frac{{\partial o}_{l}}{\partial {N}_{tl}}$$
(10)

Definition 6

In the proposed protocol, three statistical estimators were utilized to evaluate its performance. These mesures were the mean square error (MSE), the coefficient of determination (R2) and the root mean square error (RMSE). Here, RMSE value of zero signifies perfect performance while the closer to 1 the R2 of the linear regression line between predicted values of the ANN model and the required output is, the better the ANN model fits to the actual data. Taking N as the total number of points to be predicted, Þ as the predicted value, ƙ as the observed value and Ǭ as the average of the observed values, then:

(11)
(12)
(13)

3.2 Blocking Probability and Traffic Intensity

The Erlang C formula was adopted due to its ability of implementing call queuing instead of dropping them when all resources are in use. Here, calls are put in a waiting queue until network resources are available or queue timer expires. Its modeling required the number of channels available and traffic offered to group as shown in Fig. 1.

Fig. 1
figure 1

Blocking probability and traffic intensity computations

Full size image

On the other hand, traffic intensity is linked to the product of average call duration and the average number of call requests, and is measured in Erlangs. The inputs to the modeling process include average call holding time, fixed retry probability, and the average number of call requests as shown in Fig. 1.

3.3 Power Metrics Determination

Transmitted power, antenna gain of transmitter, antenna gain of receiver, signal wavelength, transmitter antenna height, subscriber height, reference distance, path losses at reference point, distance between the UE and neighboring eNB are the inputs to the power metrics modeling process as illustrated in Fig. 2. The measurements that are taken include transmitted power, transmitter height, transmitter and receiver gains, wavelength of the transmitted signal, path losses at reference points, transmitter and receiver antenna gains, and the distance between the UE and neighboring eNB. The computations performed are that for effective radiated power, received carrier power, area of the carrier beam, power density, path loss, and the effective isotropically radiated power. In accordance with the Friis Model, the received carrier power is computed in step (9) of Fig. 2. On the other hand, power density is derived in phase (12) while the modified SUI path Loss derivation is illustrated in step (15). Taking into consideration the eNB output power, and eNB transmitter gain in decibels, the effective isotropically radiated power (EIRP) was modeled in phase (21).

Fig. 2
figure 2

Power metrics computations

Full size image

3.4 Artificial Neural Network

In the proposed protocol, the artificial neural network was deployed to facilitate handover decision and selection of the most ideal target cell. This was enabled by the measurement of received carrier power (Pr), power density (PD), path loss (PL), UE velocity (VUE), traffic intensity (Ac) and blocking probability (Pb). The choice of ANN was informed by the fact that it generates accurate results for inputs that were never seen during training. In addition, ANN offers a straightforward representation for a physical implementation. To facilitate proactive handovers, the tracking area was partitioned into three regions: no handover region (NHR) which was very close to the base station, low probability handover region (LPHR) which lay immediately beyond the NHR and high probability handover region (HPHR) which was the fat field of the base station antenna. At the NHR, signal strength from the serving base station is very strong and hence handover was not possible here. However, signal strength at the LPHR is fairly weak and the measuring of FOMs is initiated here. Whenever the UE enters the HPHR, the trained ANN model is employed to determine the instant for the handover as well as the target cell to handover the UE to. The computations of handover parameters are grouped into two as follows: blocking probability and traffic intensity derivations; and power metrics determination as already discussed above.

As depicted in Fig. 3, architecture of proposed handover protocol utilizing ANN, which consists of three layers. Here, the first layer is composed of six input neurons including Pr, PD, PL, VUE, Ac and Pb. On the other hand, the hidden layer comprised of numerous nodes using hyperbolic tangent sigmoid transfer functions, while the output layer was the handover decision.

Fig. 3
figure 3

Network training Model diagram

Full size image

In the proposed multilayer layered feed-forward ANN, artificial neurons are organized in layers and their input signals are sent forward and then the errors are propagated backwards. Each layer consists of neurons connected to its adjacent layer neurons with different weights. The ANN was trained through supervised technique in which both the inputs and output were utilized for handover prediction. Here, the inputs included Pr, PD, PL, VUE, Ac and Pb while the output was either one (triggers handover) or zero (no handover initiated). Basically, this involved the comparison of the obtained output with the target output of the input pattern such that if there is any difference between the computed output and target output, then the error is back propagated to input layer as shown in Fig. 3. this constituted the mean square error (MSE) of the network. The back propagation network (BPN) is deployed to reduce this error in the hidden layers.

3.5 Back Propagation Algorithm

During back propagation (BP), the network architecture and connection weights are updated to improve performance. This is accomplished via three steps: forward the input signals, calculate and propagate error backwards, and update the weights. In this protocol, the neuron weights of each layer are determined based on theoretical values of the maximum transmission power, minimum path loss, power density, traffic intensity, UE’s velocity, and blocking probability. Whenever the UE enters LPHR, the actual values of these parameters are computed based on their mathematical models. These computed values are then input to the pre-trained ANN architecture. The predicted values of Pr, PD, PL, VUE, Ac and Pb at the hysteresis regions of each of the neighbouring cells are obtained and finally the cell with the highest cell candidacy value (CCV) is chosen as the target cell for the UE.

Figure 4 shows the BP algorithm using parameters defined above. In BPNN, MSE and gradient descent algorithm are employed to update the connection weights of the network and this continuous modification of weight values ad offset values render the real network output closer to the expected one. The construction of the ANN model required the input layer and handover parameters, the design of the hidden layer, and the design of the output layer. At the input layer, Pr, PD, PL, VUE, Ac and Pb are used for the setting of BPNN input layer neurons and the training and learning process parameters of subsequent neural network data. To ensure that the proposed protocol made effective handover strategy using multiple attributes, predictions were made on the values of the input parameters at the hysteresis region.

Fig. 4
figure 4

Back propagation algorithm

Full size image

Then using these predicted FOM values at the hysteresis regions, the current and neighbouring cells are evaluated whenever the UE is in the HPHR such that the optimum cell is selected for the handover mechanism. As such, six neuron nodes are set at the input layer of the respective BPNN models of the current as well as neighboring cells. The six input layer neuron nodes represent Pr, PD, PL, VUE, Ac and Pb corresponding to each potential target cell. During hidden layer design, the number of neural nodes in the input layer n, the number of neural nodes in the output layer m, and a number between 1 and 10 were employed to compute the number of hidden layer neuron nodes in accordance with (14):

$$l=\sqrt{n+m+a}$$
(14)

Although high number of hidden layer neurons execute unlimited numerical approximation on a nonlinear function with arbitrarily small error precision, a very high number for \(l\) increases both computational complexity and costs in addition to susceptibility to over-fitting. On the other hand, a small value of \(l\) increases errors that affect the performance of ANN. As such, an appropriate value of \(l\) is crucial for lowering computational complexity and enhancement of training convergence speed. After numerous experimentations during training, six neurons in the hidden layer were found to yield minimal value of the mean square error (MSE) function. Finally, the output layer design involved the FOMs from the current as well as neighboring cells collected by the UE which were then input to their respective models.

Essentially, the output layer gave the handover decision value which was a binary signal that lay between 0 and1. Here, 1 denoted urgently required handover while 0 represented no handover is needed. The linear function is selected as transfer function for output layer. Afterwards, network training was executed to yield numerical approximations and predictions, outputting their respective predictions of the value of handover factor. The computed handover factors computed in the current cell as well as neighboring cells are then compared and the best of them all is chosen as the target cell for the UE. As such, for each ANN model corresponding to the current as well as neighboring cells, the number of neurons in output layer is set to one. Therefore, the ‘6,6,1’ model was adopted in this paper, implying six neurons for both input and hidden layers, and one neuron for the output layer.

3.6 Handover Decision

In the proposed protocol, the first step is the measurement of the handover figures of merit (FOMs) for current cell as well as neighbor cells FOMs as shown in Fig. 5. In the second step, these FOMs are buffered in the handover decision matrix (HDM). To train the BPNN, Levenberg Marquardt (LM) back propagation algorithm was selected since it is the fastest and repetitive neural network algorithm. During BPNN training using Pr, PD, PL, VUE, Ac and Pb of the current and neighboring cells, appropriate sample data were taken and partitioned into seven groups (corresponding to current cell and its six neighbors) as a reference sample of the BPNN ‘6,6,1’ model for learning. Next, the seven BPNN models were trained and after all of them attained the corresponding MSE standard, real data about Pr, PD, PL, VUE, Ac and Pb were collected in the cellular network.

Fig. 5
figure 5

Proposed handover decision protocol

Full size image

Thereafter, these real data items were input to the BPNN models corresponding to the seven cells that have been trained so that each of them can obtain their respective cell candidacy value (CCV) through prediction. This was followed by the comparison of the seven CCV prediction values which facilitated the selection of the cell corresponding to the highest value as the target cell to handover the UE to. As shown in step 14, the largest CCV is compared with the handover factor such that if this value is more than the current cell’s CCV and handover factor, then the handover protocol is initiated. In real life scenarios where the seven cells are integrated, whenever the UE shifts to a different location within the tracking area, the six FOMs will change depending on the prevailing network and traffic conditions. As such, data need to be collected continuously to attain seamless handovers. Consequently, the steps in the protocol of Fig. 5 need to be repeated to facilitate multiple decisions so as to adapt to the dynamic cellular network environment.

3.7 Handover Authentication

The network entities involved during the handover authentication process included the UEs, gNB, Access and Mobility Management Function (AMF) and the Authentication Server Function (AUSF) and the deployed notations are shown in Table 1. It is assumed that the air interface is insecure and hence the data and signaling exchanged between UEs and the gNB are susceptible to numerous security and privacy attacks.

Table 1 Notations and their descriptions
Full size table

The proposed handover authentication protocol consists of two major phases: the initialization phase and the mutual authentication phases as shown in Fig. 6. The procedures required to actualize these two phases are discussed in great details in the following sub-sections.

Fig. 6
figure 6

Proposed handover authentication protocol

Full size image

Initialization phase: during initialization phase, each UE has a pre-shared private identity ƥ and secret key ɧ. These two parameters are only known by each UE and AMF. Each UE has a private gNB identity ɠ and gNB secret key Ȥ, kept secret between gNB and AMF. The session duration threshold ∆ƭ is introduced to prevent against message replays and DoS attacks. Here, ∆ƭ is only known by gNB and AMF and can only be changed by AMF. In addition, each gNB has a unique base station key identifier Ʀ for Ȥ and a unique key identifier for ɧ. These two identifiers are updated only after every successful key agreement and authentication process. Moreover, each UE is assigned two one way key derivation functions, KDF1 and KDF2, known only by UEs and AMF. The proposed protocol also makes use of an encryption function ƺ chosen between each UE and AMF. As shown in Fig., the first step is the initialization of ∆ƭ and ƺ followed by the assignment of KDF1 and KDF2 to the UEs in step 2. Thereafter, ƥ, ɧ, Ȥ, ɠ are computed and pre-shared in step 3 and this marks the end of phase one.

Mutual authentication: during handover mutual authentication, the UEs, gNBs, AMF and AUSF and AMF validate each other's identity. The process begins by having the SgNB broadcast an identity request message ϻ to the UE and start its timer ƭ (step 4). Each UE then generate nonce η followed by the computation of encryption key ς (step 5). Using ς, ɠ, ƥ and η are encrypted before sending this message together with ƴ to the gNB (step 6):

UE →gNB: AcReq: {ς (ɠ, ƥ, η)||ƴ}

Upon receiving these parameters, the gNB generate nonce ß and proceeds to compute its encryption key Ƃ (step 7) before using this key to encrypt the message received from the UE, AUSF identity ǥ and nonce ß (step 8).

Afterwards, the encrypted message and Ʀ are sent to the AMF:

gNB →AMF: AgReq: {Ƃ({ς(ɠ, ƥ, η)||ƴ},ǥ, ß)||Ʀ}

To prevent DoS attacks and message replays, the waiting time for receiving access request message ƭ is checked against the set threshold ∆ƭ (step 9) such that if it is more, then the gNB executes subsequent operations, otherwise the AMF sends gNB authentication data request AuthReq to the AUSF (step 10) together with its identity ǥ*:

AMF →AUSF: AuthReq:{Ƃ({ς(ɠ, ƥ, η)||ƴ},ǥ, ß||Ʀ||ǥ*}

On receiving these parameters, the AUSF computes Ƃ* using the received Ʀ value (step 11) before decrypting the received message to obtain ǥ (step 12). In step 13, the extracted AUSF identity is validated such that if it is invalid, the authentication is aborted, otherwise UE encryption key ς* is re-computed and deployed to decrypt {ς(ɠ, ƥ, η)} in step 15. Next, the AUSF generates nonce Ƚ and derives Ʀ* (step 16). In step 17, ƴ* is re-computed which is then followed by the computation of gNB temporary key ʛ, IK and CK (step 18). In step 19, the session key \({K}_{AMF}^{UE}\) is derived followed by the generation of the key list Ϙ for all gNB controlled UEs (step 20). Next, the AUSF message authentication code ϼ, AUSF authentication token ѱ, and AUSF authentication response ҜAUSF are computed (step 21). This is followed by the generation of gNB authentication vector ʋ (step 22) before sending {ʋ, Ϙ} together with gNB authentication data response AuthRes to the AMF in step 23:

AUSF →AMF: AuthRes: {ʋ, Ϙ}

After receiving these security parameters, the AMF generates nonce ʆ before computing its message authentication code Ħ and authentication request ʧ (step 24). In step 25, ʧ is sent to the gNB which then broadcasts it to all UEs attached to it (step 26):

AMF →gNB: {ʧ}

gNB →All UEs:{ʧ)

Upon receipt of ʧ, each UE re-generate Ƃ* and ϼ* (step 27) before decrypting ʧ to extract Ƚ, ʆ and ß (step 28). This is followed by the verification of the received ϼ such that if it is invalid, the request is flagged as malicious and aborted (step 29). Next, each UE re-computes ʛ* and Ħ* (step 31) before validating the received Ħ such that it is invalid, the request is flagged as malicious and aborted (step 32). In step 34, the UEs re-compute session key \({K}_{AMF}^{* SN}\), Ʀ* and ƴ* before computing UE authentication response ȵ (step 35). In step 36, the UE sends ȵ to the gNB:

UE →gNB: {ȵ}

Immediately after receiving this parameter, the gNB computes its authentication response ƍ (step 37) before sending it to the AMF (step 38):

gNB →AMF: {ƍ}

Upon receiving ƍ, the AMF validates it against ҜUEn such that if it is invalid, authentication failure message AuthFail is sent to the gNB (step 39). However, if it is valid, the AMF sends authentication success message AuthSucc to the AUSF and gNB (step 40). After successful mutual handover authentication, each UE and the AMF share a session key \({K}_{AMF}^{UE}\) (step 41) for subsequent data exchanges.

$$\mathrm{UE}\stackrel{{K}_{AMF}^{*UE}}{\leftrightarrow }\mathrm{AMF}$$

Moreover, upon receiving authentication acknowledgement message, both AUSF and each UE update the gNB key identifier for Ȥ as well as key identifier for ɧ (step 42).

4 Results and Analysis

This section presents the simulation results as well as the evaluation results based on security, privacy and performance. The sub-Sect. 4.1 presents and discusses security evaluation of the proposed protocol while sub-Sect.4.2 presents and discusses the performance analysis of the proposed protocol. As discussed in sub-Sect. 4.1, formal verification involved formulation of six security goals that served to show that the proposed protocol offers strong mutual authentication among communicating entities before generating shared session key. On the other hand, informal security analysis involved formulation of nine theorems whose proofs demonstrated that the proposed protocol was robust against attack models discussed in Sect. 1.4 above.

4.1 Security Evaluation

To demonstrate the security features of the proposed protocol, the most widely adopted Burrows–Abadi–Needham (BAN) logic is employed. In addition, informal security analysis of the proposed protocol is carried out to show the resilience of the proposed protocol against conventional cellular network attacks.

4.1.1 Formal Security Analysis

This evaluation involved some BAN logic rule which included the fresh-promotion rule (FPR), message-meaning rule (MMR), message-meaning rule with shared secret (MMR-SS), nonce verification rule (NVR), jurisdiction rule (JR), decomposition rule (DR) and composition rule (CR) as shown in Table 2 below.

Table 2 BAN logic rules
Full size table

The main goal of the security component of the proposed protocol is to execute key agreement and mutual authentication among the UE, SgNB, TgNB, AMF and AUSF. These security goals are mathematically represented as shown in Table 3 that follows.

Table 3 Proposed protocol security goals
Full size table

Here, Goal-1 and Goal-2 denote identity to the AMF, Goal-3 and Goal-4 indicate that the session key \({K}_{AMF}^{UE}\) is established between AUSF and the UE, Goal-5 and Goal-6 denote mutual authentication between AUSF and UE, where Ƚ is deployed to compose session key \({K}_{AMF}^{UE}\). Since AcReq, AgReq, and AuthRes do not offer logical properties of the BAN logic, they are excluded. The next task is to idealization of the proposed protocol.

Msg 1: gNB authentication data request message.

AUSF \(\triangleleft\) {{{ɠ, ƥ, η}ɧ, ƴ, ǥ, ß}Ȥ, Ʀ, ǥ*} from AMF.

Msg 2: gNB authentication request message.

UE \(\triangleleft\){{Ω, ϼ, ʆ, Ƚ}ʛ,{Ф, Ƚ, ћ}Ȥ,{Ƚ, ʆ, ß}ʛ from AMF.

Msg 3: gNB authentication response message.

AUSF/AMF \(\triangleleft\){ɠ, ƥ, Ƚ}ɧ from UE.

In the proposed protocol, the following assumptions are made:

It is further assumed that the security channel between AMF and AUSF has been established such that beacon exchange between these two 5G elements is secured. Thereafter, BAN logic rules and assumptions are applied to the idealized protocol as follows:

Based on Msg 1 and S3, MMR is deployed to derive.

  • Stage 1: AUSF|\(\equiv\) UE|~ {ɠ, ƥ, η}ɧ, ƴ, ǥ, ß

    According to stage 1 and S8, the NVR is applied to yield.

  • Stage 2: AUSF|\(\equiv\) UE|\(\equiv\) ǥ, therefore Goal-1 is attained.

    Based on Msg 2, DR is applied to obtain.

  • Stage 3: UE \(\triangleleft\){Ω, ϼ, ʆ, Ƚ}ʛ

  • Stage 4: UE \(\triangleleft\){Ф, Ƚ, ß, ћ}Ȥ

  • Stage 5: UE \(\triangleleft\){Ƚ, ʆ, ß}ʛ.

    Based on Stage 5 and S9, MMR is applied to yield.

  • Stage 6: UE|\(\equiv\) AMF|~ Ƚ, ʆ, ß

    According to stage 6 and S7, the NVR is utilized to obtain.

  • Stage 7: UE|\(\equiv\) AMF|\(\equiv\) ʆ, and hence Goal-2 is achieved

    Based on stage 4 and S1 the MMR is deployed to yield.

  • Stage 8: UE|\(\equiv\) AUSF|~ Ф, Ƚ,ß, ћ

    According to stage 8 and S7, the NVR is applied to get

  • Stage 9: UE|\(\equiv\) AUSF|\(\equiv\) Ƚ, thus Goal-3 is attained

    Based on stage 9 and S6, the JR is used to derive.

  • Stage 10: UE|\(\equiv\) Ƚ, hence Goal-4 is attained

    According to Msg 6 and S4, the MMR is employed to yield.

  • Stage 11: AUSF|\(\equiv\) UE|~ ɠ, ƥ, Ƚ

    Based on stage 11 and S5, the NVR is deployed to obtain.

  • Stage 12: AUSF|\(\equiv\) UE|\(\equiv\) Ƚ, therefore Goal-5 is attained.

Based on S5, Goal-6 is attained, and hence all the six security goals of the proposed protocol have been achieved. Consequently, the proposed protocol ensures strong and secure mutual authentication of the communicating entities before the onset of payload exchanges.

4.1.2 Informal Security Analysis

In this section, we show that the proposed protocol is robust against conventional cellular networks attacks Dos, packet replays, MitM, eavesdropping, forgery and masquerade. In addition, we show that this protocol offers mutual authentication, user anonymity and perfect forward secrecy as discussed below.

Theorem 1

The proposed protocol is resilient against forgery attacks

Proof

—To thwart these attacks, UE private identity ƥ is encrypted using secret key ɧ before being sent to the gNB and hence the gNB is unable to establish the real identities of the UEs. In addition, each UE is able to derive session key \({K}_{AMF}^{UE}\) by itself in conjunction with AMF and AUSF. The involvement of network elements AMF and AUSF implies that an UE is unable to fool these network entities using other UE's identity since these identities are validated. Each UE has secret key ɧ that is used to generate the session key shared with the AUSF and AMF. Consequently, no UE cannot derive valid session key for another UE and assume its identity to intercept exchanged packets between this UE and the AMF.

Theorem 2

The proposed protocol is robust against packet replay attacks.

Proof

Proof—in the proposed protocol, random nonces were deployed to thwart any packet replays. During the generation of AgReq, nonce η and ƴ are utilized in which η is independently generated while ƴ is refreshed by each UE after every successful authentication. Additionally, nonce ß and Ʀ are utilized to derive AgReq where ß is generated by gNB and Ʀ is dynamically refreshed by each UE after every successful authentication. Moreover, nonces ʆ and Ƚ independently generated by the AMF and AUSF respectively are deployed in the derivation of the rest of the authentication messages. As such, replay attacks against AUSF and UE is infeasible.

Theorem 3

Eavesdropping attacks are adequately thwarted in the proposed protocol.

Proof

The proposed protocol deployed random nonces and secret keys which are encrypted using secret ɧ, Private gNB identity Ȥ and gNB temporary key ʛ before being transmitted over communication channels. Since all encryption keys for private and sensitive data are never sent over air interface, an adversary is unable to gain access to these keys through wiretapping over the channels.

Theorem 4

The proposed scheme is resilient against masquerade attacks.

Proof

The aim of this attack is for an adversary to masquerade as a particular gNB so that unsuspecting UEs can establish connections with it, hence facilitating the capture of transmitted messages. Consequently, packet redirection and replays are possible. In addition, the captured UE credentials can be deployed for impersonation purposes. In the proposed protocol, AUSF identity ǥ* is encapsulated with other security parameters before being encrypted using Ƃ. This encryption key Ƃ is derived using secret identifier Ȥ and Ʀ, and is then encapsulated in AgReq before being sent from the gNB to the AMF. Afterwards, AMF appends its identity ǥ* to AgReq before forwarding it to AUSF. Thereafter, the AUSF decrypts the received message to obtain ǥ which is then compared with ǥ* received from AMF. Provided that ǥ and ǥ* are identical, the AUSF trusts that the access network that the gNB and UE want to connect to is the intended one. Since Ȥ is secret and only known to gNB and AUSF, any adversary is unable to forge or replay ǥ to deceive the gNB and obtain user information without secret key Ȥ. Moreover, an adversary cannot impersonate any UE to connect with legitimate gNB since the UE's private identity ƥ and gNB secret key ɠ are encrypted and encapsulated in AgReq where the AUSF can check if the connected UE is legitimate.

Theorem 5

The proposed protocol offers perfect key secrecy.

Proof

In the proposed protocol, session key \({K}_{AMF}^{UE}\) is negotiated between UEs and gNB and the AMF/AUSF. The computation of this session key requires ɧ among other parameters, but since ɧ is only known to the UEs and AUSF, no any other party is able to derive a valid \({K}_{AMF}^{UE}\) for subsequent authentication process.

Theorem 6

The proposed scheme provides strong mutual authentication among communicating entities.

Proof

In the proposed protocol, trust among gNB, AUSF and AMF is established through the verification of ϼ (step 29) and Ħ (step 32). On the other hand, the AMF authenticates the gNB through the validation of received ƍ (step 39). This is because ϼ, Ħ and ƍ are derived using parameters that are only known to the UE, AMF and AUSF. In addition, ʆ and Ƚ are encrypted using Ƃ which is secretly computed using secret identifier Ȥ that is infeasible for an attacker to obtain. Consequently, only legitimate UE, gNB and AMF can derive and validate Ħ and ƍ.

Theorem 7

MitM attacks are effectively prevented in the proposed protocol.

Proof

The derivation of new session key \({K}_{AMF}^{* UE}\) by the UE and AMF/AUSF was only possible after successful mutual authentication among these 5G network elements. This was the key deployed for the encryption of exchanged packets between the UE and other network elements. As such, the transmitted data were protected from eavesdropping attacks and hence attackers are unable to mount MitM attacks to interrupt the current communication session. It has also been shown above that integrity and authentication of critical messages is assured through mutual authentication accomplished among the UE, AMF and AUSF based on message authentication codes (MAC).

Theorem 8

User anonymity is upheld in the proposed scheme.

Proof

The privacy of the UE users was assured through encryption of the UE's identity during the authentication process. The UE's private identity ƥ and gNB secret key ɠ are encrypted using ς generated using secret key ɧ and key identifier ƴ. As such, without ɧ, an attacker is unable to decrypt the message to obtain ƥ and ɠ that may facilitate further attacks such as DoS and message replay attacks. To derive encryption keys ς and Ƃ, the UE must send ƴ and Ʀ to the AUSF. Upon receipt of these parameters, the AUSF extracts corresponding keys and identify the gNB controlling the UE. The dynamic refreshment of ƴ and Ʀ after every successful mutual authentication implies that an attacker is unable to associate the new values to any particular UE or gNB which would facilitate UE tracing.

Theorem 9

DoS attacks are effectively thwarted in the proposed protocol.

Proof

The goal of this attack is for an attacker to transmit massive pre-stored ƥ to overwhelm the core network elements. To protect against these attacks, the UE or AUSF sets session duration threshold ∆ƭ to facilitate authentication process execution by the gNB upon receiving AgReq without further waiting. As such, even if some network elements such as AUSF and AMF are under active attack, the UE authentication process will still go on. In the proposed protocol, the UE's identity ƥ and ɠ are encrypted using ς and hence even if an adversary captures ƥ, it cannot be enciphered to replay without ɧ. Moreover, since messages AgReq and AcReq construction incorporate random nonces and encryption keys ς and Ƃ, AUSF can check and block these replayed messages.

4.2 Performance Evaluation

In this section, simulation results of the proposed protocol are presented and discussed. In sub-Sect. 4.2.1, BPNN empirical training data, BPNN training error curves and model fit are presented and discussed. On the other hand, sub-Sect. 4.2.1 presents and discusses the proposed protocol’s packet delivery ratio, cell candidacy, ping pong rates and handover rates.

4.2.1 BPNN Training Results

The MATLAB R2016b simulation tool was employed as a platform to execute the proposed protocol using simulation parameters in Table 4. As shown in Table 4, a combined random direction (RD) and random waypoint (RWD) were deployed. As already discussed above, for the ANN-FL handover decision process, six parameters were employed which included received carrier power, blocking probability, UE velocity, power density, path loss and traffic intensity.

Table 4 Simulation parameters
Full size table
Table 5 BPNN empirical training data
Full size table

Table 5 shows the membership functions for the fuzzified input variables. As shown in Table 5, each of the membership functions of low, medium and high were each decomposed into lower bound (LB) and upper bound (UB) corresponding to the lower and upper concentric circles of the partitioned tracking area.

These empirical values from the seven cells were utilized as benchmark to make some range of fluctuations for supervised ANN learning. During simulations, the first step involves six reference FOMs values from the seven cells which are normalized as neural network sample training parameters before being input to the BPNN model. This is followed by excitation functions of the BPNN are set between input layer, hidden layer and output layer which was set as logsig node transfer function and purelin node transfer function for parameter transfer and network training. Thereafter, initialization parameters for the BPNN are set. These include neural network iteration number or epochs, and predicted values expected error threshold or goal. After a number of experimentations, epochs number of 5500, target MSE of the training network expected prediction value of 0.00062 and a learning rate of 0.05 were found to optimum. Upon setting these initial parameters, BPNN training and learning process was started before the model was deployed for handover decision.

BPNN training error: the BPNN training error curves consisting of train, validation and test curves of the proposed protocol are shown in Fig. 7. The train curve denote the performance of the MSE index of the training process for each iteration, while the validation curve represent the MSE index performance of the cross validation process in each iteration. On the other hand, the test curve denotes the MSE index of the testing process as expressed for each iteration (see Table 6).

Fig. 7
figure 7

BPNN training error curve

Full size image
Table 6 BAN logic initial assumptions
Full size table

In Fig. 7, the test line denotes the BPNN computation and final training results while the best dotted line represents the proposed protocol when the BPNN model is trained to the fourteenth generation. Essentially, Fig. 7, shows that the proposed protocol executes fourteen iterations to minimize the MSE to allowable range. In so doing, it ensures best training results of the BPNN model. It is clear from Fig. 7 that the best validation performance was 0.00210879 at epoch 14 while the error value obtains minimum value 6.26046 × 10–4 at epoch 14. It was also observed that the RMSE was 0.025 at epoch 14, which was very small and hence the predictive quality of the ANN model was sufficient.

Model fit: Regarding the model fit, Table 7 presents the obtained R2 values for the first 10 iterations. It is evident from Table 7 that R2 values in all the seven cells lay between 0.96 and 0.99, which was a good fit. This is because theoretically, the closer the R2 value is to 1, the better the model fits to the real data.

Table 7 R2 values
Full size table

As such, the R2 fit which is essentially the square of the correlation between the actual values and estimated response values was highly successful in describing the change in real data.

4.2.2 Proposed Protocol’s Handover Performance

In this sub-section, the proposed handover protocol is evaluated using metrics such as packet delivery ratio, cell candidacy, ping-pong and handover rates.

Packet delivery ratio—The proposed handover protocol was evaluated in terms of number of successfully received packets and dropped packets as shown in Fig. 8. This performance was then compared to that of the conventional 5G AKA’. It is evident from Fig. 8 that the proposed protocol had a higher number of successfully received packets compared to the 5G AKA’ protocol.

Fig. 8
figure 8

Received packets comparisons

Full size image

This better performance can be attributed to the training of the ANN that was carried out within the cellular network that facilitated the smooth transition of the UEs among different cells. However, in the conventional AKA’ protocol, a handover is likely to be triggered at the wrong instant due to inaccurate handover prediction and hence resulting in large handover latencies. This effectively causes fewer numbers of packets being received across the network. In addition, the proposed handover protocol was also evaluated in terms of average packet drop rate. As shown in Fig. 9 the proposed protocol resulted in reduced in reduced average packet drop rates compared with 5G AKA’ protocol.

Fig. 9
figure 9

Average packet drop rate comparisons

Full size image

It is evident from Fig. 9 that the average packet drop rates for both 5G AKA’ and the proposed protocol remained well above 0.1 and both had the same shape up to the 130 s instant when this rate started falling as 5G AKA’s rates kept increasing. As explained above, the output layer decision was either a 1 or 0 representing urgent handover and no handover required respectively.

Cell candidacy—to simulate the applicability of this output decision in network selection, the UE at the hysterisis region of seven cells is considered as shown in Fig. 10.

Fig. 10
figure 10

Cell candidacy values

Full size image

It is evident from Fig. 10 that different cells exhibited diverse values for CCV. Whereas cell-6 had the least CCV, cell-4 had the highest CCV value. As such, among all these cells, the handover was only possible to cell 4 since it had the best performance in terms of Pr, PD, PL, VUE, Ac and Pb. To minimize ping-pong handovers that may be occasioned by fluctuations in FOMs, hysteresis margins were introduced for all the FOMs whose cumulative value represented handover factor. The hysteresis margins for each of the six FOMs were dynamically adjusted by the ANN based on the dynamic range of the measured values and hence the aggregate handover factor was also dynamic.

Ping pong rates—in terms of ping pong handovers rate, the proposed protocol’s performance was also compared with 5G AKA’ protocol. To accomplish this, network load was varied between 1 and 10 as the ping pong rate was measured. As shown in Fig. 11, the proposed protocol had lower ping pong rate compared with 5G AKA’ protocol under the same network conditions.

Fig. 11
figure 11

Ping-pong handover comparisons

Full size image

In the conventional 5G AKA’ protocol, only RSSI is taken into consideration during handovers. As such, when the UE detectes a neighboring cell with better RSSI values than the current one, it executes handoff. A slight reduction of RSSI or signal blockage in the target cell will trigger another handover back to the source cell, leading to high ping pong rates. Consequently, the proposed protocol potentially saves on system overheads.

Handover rates—the proposed protocol handover initiation was also compared with related intelligent handover schemes developed in [22, 34] as well as with conventional 5G AKA’ RSSI based handover as shown in Fig. 12. To accomplish this, the handover rates of all these schemes over a fixed duration of 5 min was employed.

Fig. 12
figure 12

Handover rates comparison

Full size image

It is clear from Fig. 12 that 5G AKA had the highest handover rate of 36 followed by the schemes in [22, 34] and the proposed protocol with 14, 3 and 2 handover rates respectively. Using the 5G AKA’ as the basis, the proposed protocol reduced the handover rate by 94.4%. Since the conventional 5G AKA’ handover protocol uses only RSSI as the only handover criteria, any slight reduction of RSSI value or even signal blockage due to obstacles result in handovers. This high number of handovers come with increased signaling, communication and computational costs. In addition, longer handover latencies crop in due to increased processing time at the terminal. These elongated latencies can potentially result in increased call drops for ongoing calls.

Handovers are generally resource intensive due to the heavy signaling that is incolved. As such, it is required that the number of handovers be kept at a minimum. This can be achieved by ensuring that handovers take place when they are actually necessary. In terms of handover latencies, elongated handovers are caused by poor choice of handover parameters as well as improper target cell selection. This often leads to high packet losses and call drops during the handover process.

Owing to their extremely low latency, higher data rates and high bandwidths, 5G networks have been deployed in a number of domains such as internet of things (IoT). In most of the IoT deployments such as smart homes and smart grids, the sensors are resource constrained and the users normally access device’s data remotely over insecure wireless channels. In these application scenarios, any security and privacy lapses may easily escalate to the 5G core network and vice versa. The proposed protocol offers salient security features that are readily applicable in 5G enabled IoT domain to protect the exchanged messages. In addition, its low handover and ping pong rates, coupled with high packet delivery rates makes it applicable in resource constrained IoT devices. Its ability to efficiently select target cells during handovers greatly minimizes packet losses as observed in Fig. 10 above.

5 Conclusion and Future Work

Handover efficiency and security are key issues in cellular networks, more so in 5G networks which have stringent security and low latency requirements. To boost efficiency, the handover process needs to be executed very quickly. Unfortunately, most of the convention handover schemes have been shown to be based only on network parameters such as RSSI and SNR. In legacy cellular handover architectures, only RSSI is utilized during handover decision process. This often leads to high ping pong handovers as well as elongated handover latencies. As such, many schemes have been developed that incorporate additional parameters such as battery power and bandwidth requirements. However, these techniques concentrate on efficiency improvements at the expense of security. In this paper, a protocol that addresses both efficiency and security is presented. The handover decision is shown to incorporate comprehensive parameters based on network, user, UE and service requirements so as to uphold QoS and QoE after the handover. The formal security analysis using BAN logic has demonstrated the ability of the proposed protocol in executing secure and strong authentication among all the communicating entities. In addition, a number of attack models have been deployed to assess the security features of the proposed protocol. Based on the formulated theorems and their proofs, it is shown that the proposed protocol offers anonymity and perfect key secrecy. In addition, it is resilient against packet replays, eavesdropping, forgery, MitM and DoS attacks. In terms of performance, the simulation results have shown that the proposed protocol has lower packets drop rate and ping-pong rate coupled with higher ratio of packets received compared with 5G AKA’ protocol. Moreover, the proposed protocol’s handover rate was compared with that of related schemes, with results demonstrating that it had the least handover rates. Since 5G network is the core of internet of things deployments such as smart homes and vehicular networks, the obtained security and performance gains are of great significance in these domains. Future work in this research domain will involve security and performance evaluation of the proposed protocol using metrics that were not within the scope of this work.