Beyond Certificates: 6G-ready Access Control for the Service-Based Architecture with Decentralized Identifiers and Verifiable Credentials

TL;DR

This paper proposes a decentralized identity and access control framework for 6G networks using Decentralized Identifiers and Verifiable Credentials, enhancing trust and security across multi-stakeholder service architectures.

Contribution

It introduces a novel 6G-ready access control approach leveraging decentralized identifiers and credentials, replacing traditional certificates and tokens.

Findings

Prototype implementation demonstrating feasibility

Reduced reliance on centralized PKI infrastructure

Enhanced security and trust in multi-domain networks

Abstract

Next generation mobile networks are poised to transition from monolithic structures owned and operated by single mobile network operators into multi-stakeholder networks where various parties contribute with infrastructure, resources, and services. However, a federation of networks and services brings along a crucial challenge: Guaranteeing secure and trustworthy access control among network entities of different administrative domains. This paper introduces a novel technical concept and a prototype, outlining and implementing a 5G Service-Based Architecture that utilizes Decentralized Identifiers and Verifiable Credentials instead of traditional X.509 certificates and OAuth2.0 access tokens to authenticate and authorize network functions among each other across administrative domains. This decentralized approach to identity and permission management for network functions reduces the risk of single points of failure associated with centralized public key infrastructures. It unifies access control mechanisms and lays the groundwork for lesser complex and more trustful cross-domain key management for highly collaborative network functions in a multi-party Service-Based Architecture of 6G.