A Public Key Infrastructure for 5G Service-Based Architecture

TL;DR

This paper proposes 5G-SBA-PKI, a comprehensive public key infrastructure tailored for 5G service-based architecture, enhancing secure communication between network functions with formal security analysis and performance evaluation.

Contribution

It introduces a multi-CA PKI model for 5G SBA, including formal security verification and performance assessment with quantum-safe cryptography.

Findings

Formal security properties are verified using TAMARIN.

Performance benchmarks show viability of quantum-safe algorithms.

Multi-CA architecture improves security and scalability.

Abstract

The 3GPP 5G Service-based Architecture (SBA) security specifications leave several details on how to setup an appropriate Public Key Infrastructure (PKI) for 5G SBA, unspecified. In this work, we propose 5G-SBA-PKI, a public key infrastructure for secure inter-NF communication in 5G SBA core networks, where NF refers to Network Functions. 5G-SBA-PKI is designed to include multiple certificate authorities (with different scopes of operation and capabilities) at different PLMN levels for certification operations and key exchange between communicating NFs, where PLMN refers to a Public Land Mobile Network. We conduct a formal analysis of 5G-SBA-PKI with respect to the desired security properties using TAMARIN prover. Finally, we evaluate 5G-SBA-PKI's performance with "pre-quantum" as well as quantum-safe cryptographic algorithms.