SANS: Self-sovereign Authentication for Network Slices

TL;DR

This paper introduces SANS, a privacy-preserving authentication protocol for 5G network slices using Self-Sovereign Identity and Zero-Knowledge Proofs, ensuring user privacy and scalability.

Contribution

It proposes a novel SSI-based authentication scheme for 5G slices that prevents user tracking and enhances privacy, with practical implementation and performance benchmarks.

Findings

SANS provides non-linkable user authentication in 5G slices.

The protocol is scalable and adaptable to other wireless networks.

Benchmarks show the approach is efficient in speed and memory usage.

Abstract

5G communications proposed significant improvements over 4G in terms of efficiency and security. Among these novelties, the 5G Network Slicing seems to have a prominent role: deploy multiple virtual network slices, each providing a different service with different needs and features. Like this, a Slice Operator (SO) ruling a specific slice may want to offer a service for users meeting some requirements. It is of paramount importance to provide a robust authentication protocol, able to ensure that users meet the requirements, but providing at the same time a privacy-by-design architecture. This makes even more sense having a growing density of Internet of Things (IoT) devices exchanging private information over the network. In this paper, we improve the 5G network slicing authentication using a Self-Sovereign Identity (SSI) scheme: granting users full control over their data. We introduce an approach to allow a user to prove his right to access a specific service without leaking any information about him. Such an approach is SANS, a protocol that provides non-linkable protection for any issued information, preventing an SO or an eavesdropper from tracking users' activity and relating it with their real identities. Furthermore, our protocol is scalable and can be taken as a framework for improving related technologies in similar scenarios, like authentication in the 5G Radio Access Network (RAN) or other wireless networks and services. Such features can be achieved using cryptographic primitives called Zero-Knowledge Proofs (ZKP). Upon implementing our solution using a state-of-the-art ZKP library and performing several experiments, we provide benchmarks demonstrating that our approach is affordable in speed and memory consumption.