Future-Proofing Authentication Against Insecure Bootstrapping for 5G Networks: Feasibility, Resiliency, and Accountability

TL;DR

This paper evaluates the feasibility of integrating post-quantum cryptography into 5G authentication, finds direct adoption impractical, and proposes BORG, a hierarchical trust framework with quantum resistance, forgery detection, and audit logging.

Contribution

It introduces BORG, a novel hierarchical identity-based threshold signature scheme for 5G, addressing protocol constraints and enhancing security against quantum adversaries.

Findings

Direct PQC adoption is impractical due to size and latency constraints.

BORG enables distributed trust and forgery detection in 5G networks.

BORG maintains low overhead and compact signatures in 5G testbed.

Abstract

The 5G protocol lacks a robust base station (BS) authentication mechanism during the initial bootstrapping phase, leaving it susceptible to threats such as fake BSs, spoofed broadcasts, and large-scale manipulation of System Information Blocks (SIBs). Despite real-world 5G deployments increasingly relying on multi-BS communication and user multi-connectivity, existing solutions incur high communication overheads, rely on centralized trust, and lack accountability and long-term breach resiliency. Given the inevitability of BS compromise and the severe impact of forged SIBs as the root of trust (e.g., fake alerts, tracking, false roaming), distributed trust, verifiable forgery detection, and audit logging are essential, yet remain largely unexplored in 5G authentication. These challenges are further amplified by the emergence of quantum-capable adversaries. While integration of NIST PQC standards is widely viewed as a path toward long-term security and future-proofing 5G authentication, their feasibility under strict packet size, latency, and broadcast constraints has not been systematically studied. This work presents, to our knowledge, the first comprehensive network-level performance characterization of integrating NIST-PQC standards and conventional digital signatures into 5G BS authentication, showing that direct PQC adoption is impractical due to protocol constraints, delays, and large signature sizes. To address these challenges, we propose BORG, a future-proof authentication framework based on a hierarchical identity-based threshold signature with fail-stop properties. BORG distributes trust across multiple BSs, enables post-mortem forgery detection, and provides tamper-evident, post-quantum secure audit logging, while maintaining compact signatures, avoiding fragmentation, and incurring minimal UE overhead, as shown in our 5G testbed implementation.