Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol

Yilu Dong, Rouzbeh Behnia, Attila A. Yavuz, Syed Rafiul Hussain

TL;DR

This work addresses the critical gap in 5G bootstrapping insecurity by introducing E2IBS, a two-layer identity-based signature scheme that authenticates initial base-station broadcast messages. Built atop a core-PKG and per-base-station keys, E2IBS reduces verification effort, enables fine-grained lawful interception, and minimizes over-the-air data, achieving a practical balance between security and performance. The authors provide a rigorous design, security considerations, and an end-to-end implementation integrated with an open-source 5G stack, demonstrating favorable end-to-end delays and small transaction sizes compared to state-of-the-art schemes. The open-source release and demonstrated efficiency suggest strong potential for real-world deployment and standardization in secure 5G bootstrapping.

Abstract

The lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to deploy fake base stations and send malicious messages to the devices. These attacks have been a long-existing problem in cellular networks, enabling adversaries to launch denial-of-service (DoS), information leakage, and location-tracking attacks. While some defense mechanisms are introduced in 5G, (e.g., encrypting user identifiers to mitigate IMSI catchers), the initial communication between devices and base stations remains unauthenticated, leaving a critical security gap. To address this, we propose E2IBS, a novel and efficient two-layer identity-based signature scheme designed for seamless integration with existing cellular protocols. We implement E2IBS on an open-source 5G stack and conduct a comprehensive performance evaluation against alternative solutions. Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification, making it a practical solution for securing 5G base station authentication.

Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol

TL;DR

This work addresses the critical gap in 5G bootstrapping insecurity by introducing E2IBS, a two-layer identity-based signature scheme that authenticates initial base-station broadcast messages. Built atop a core-PKG and per-base-station keys, E2IBS reduces verification effort, enables fine-grained lawful interception, and minimizes over-the-air data, achieving a practical balance between security and performance. The authors provide a rigorous design, security considerations, and an end-to-end implementation integrated with an open-source 5G stack, demonstrating favorable end-to-end delays and small transaction sizes compared to state-of-the-art schemes. The open-source release and demonstrated efficiency suggest strong potential for real-world deployment and standardization in secure 5G bootstrapping.

Abstract

The lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to deploy fake base stations and send malicious messages to the devices. These attacks have been a long-existing problem in cellular networks, enabling adversaries to launch denial-of-service (DoS), information leakage, and location-tracking attacks. While some defense mechanisms are introduced in 5G, (e.g., encrypting user identifiers to mitigate IMSI catchers), the initial communication between devices and base stations remains unauthenticated, leaving a critical security gap. To address this, we propose E2IBS, a novel and efficient two-layer identity-based signature scheme designed for seamless integration with existing cellular protocols. We implement E2IBS on an open-source 5G stack and conduct a comprehensive performance evaluation against alternative solutions. Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification, making it a practical solution for securing 5G base station authentication.

Paper Structure

This paper contains 25 sections, 2 theorems, 4 equations, 4 figures, 3 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. 5G Cellular Network Architecture
  4. Identity-Based Signatures
  5. Characterization of Attacks Enabled by Fake Base Station
  6. Overview of Our Solution
  7. New Efficient 2-Layer Identity-Based Signature Scheme (E2IBS)
  8. Robust Security and fine-grained lawful interception
  9. Security Analysis
  10. Instantiation of E2IBS for 5G Networks
  11. Limitations of Schnorr-HIBS
  12. Design Decisions of E2IBS
  13. Protocol Description
  14. Initialization phase for the core-PKG
  15. Key extraction for the base station
  16. ...and 10 more sections

Key Result

Theorem 1

In the random oracle model, if an adversary $\mathcal{A}$ can break the scheme proposed in Algorithm alg:IBS, in the sense of Definition def:eucma, then one can construct another algorithm $\mathcal{C}$ that runs the adversary and $\mathcal{A}$ as a subroutine and can solve an instance of the ECDL p

Figures (4)

  • Figure 1: Cellular Network Architecture.
  • Figure 2: Common FBS configurations for carrying out attacks.
  • Figure 3: Instantiation of Schnorr-HIBS.
  • Figure 4: Our protocol for authenticating 5G cellular base stations.

Theorems & Definitions (7)

  • Definition 1
  • Definition 2
  • Definition 3
  • Theorem 1
  • proof
  • Corollary 1
  • proof