Base Station Certificate and Multi-Factor Authentication for Cellular Radio Control Communication Security

TL;DR

This work tackles the lack of base station authentication in 5G by introducing a base station digital certificate that binds the station's public key to both its cell ID and physical location, with offline delivery via a blockchain ledger and online multi-factor authentication (MFA) during RRC signaling. The offline phase constructs X.509-based certificates that include an explicit location field $L$ and are distributed through a permissioned blockchain, while the online phase verifies the base station through a sequential MFA using the offline ledger, a fresh SIB1 signature with timestamp $t$ and nonce $n$, and spatial/temporal checks. The approach reduces the number of cryptographic verifications at the user equipment, enables longer $ECDSA$ keys, and provides wormhole and spoofing defenses by incorporating $ID$, $L$, and $t$ alongside cryptographic signatures. Empirical results from SDR-based experiments and srsRAN implementation demonstrate improved security coverage, lower online computation and energy costs, and scalable offline certificate delivery, suggesting this co-design could inform robust control-plane security for 6G and beyond.

Abstract

Current cellular networking remains vulnerable to malicious fake base stations due to the lack of base station authentication mechanism or even a key to enable authentication. We design and build a base station certificate (certifying the base station's public key and location) and a multi-factor authentication (making use of the certificate and the information transmitted in the online radio control communications) to secure the authenticity and message integrity of the base station control communications. We advance beyond the state-of-the-art research by introducing greater authentication factors (and analyzing their individual security properties and benefits), and by using blockchain to deliver the base station digital certificate offline (enabling greater key length or security strength and computational or networking efficiency). We design the certificate construction, delivery, and the multi-factor authentication use on the user equipment. The user verification involves multiple factors verified through the ledger database, the location sensing (GPS in our implementation), and the cryptographic signature verification of the cellular control communication (SIB1 broadcasting). We analyze our scheme's security, performance, and the fit to the existing standardized networking protocols. Our work involves the implementation of building on X.509 certificate (adapted), smart contract-based blockchain, 5G-standardized RRC control communications, and software-defined radios. Our analyses show that our scheme effectively defends against more security threats and can enable stronger security, i.e., ECDSA with greater key lengths. Furthermore, our scheme enables computing and energy to be more than three times efficient than the previous research on the mobile user equipment.

Figures (16)

• Figure 1: Our contributions spanning across the certificate processes in online vs. offline.
• Figure 2: Cellular networking overview.
• Figure 3: Our threat scenario consists of spoofing attack, man-in-the-middle (MITM) attack, and wormhole attack.
• Figure 4: Information delivered during offline (dashed-dotted) vs. online (solid) for our scheme. The certificate database $\mathcal{C}$, including the base station public key, $k$, and its static location $L$ is shared offline, while online involves $ID,n,t$ communication.
• Figure 5: Our base station certificate information fields with the new additions are highlighted in blue. This corresponds to the individual record of a registered base station in the base station certificate database $\mathcal{C}$.