Future-Proofing Authentication Against Insecure Bootstrapping for 5G Networks: Feasibility, Resiliency, and Accountability
Saleh Darzi, Mirza Masfiqur Rahman, Imtiaz Karim, Rouzbeh Behnia, Attila A Yavuz, Elisa Bertino
TL;DR
This work addresses the insecure bootstrapping phase in 5G where base-station authentication is absent during initial UE attachment, enabling fake BSs and manipulated System Information Blocks. It first demonstrates the impracticality of direct NIST-PQC adoption for SIB_1 due to strict 5G packet-size and latency constraints, and then introduces BORG, a HITFS-based distributed authentication framework with fail-stop forgery detection and PQ-threshold audit logging. BORG delivers compact signatures, low UE overhead, and verifiable post-mortem accountability while maintaining compatibility with existing 5G architectures, outperforming PQ-based baselines in end-to-end latency and signaling overhead. The open-source evaluation on a real 5G testbed confirms practical deployability and demonstrates significant efficiency gains, making BORG a viable path for future-proof bootstrapping without fragmenting critical bootstrapping messages. The work also outlines roaming, mobility, and relay-attack considerations and points toward extending the approach to future 6G networks.
Abstract
The 5G protocol lacks a robust base station (BS) authentication mechanism during the initial bootstrapping phase, leaving it susceptible to threats such as fake BSs, spoofed broadcasts, and large-scale manipulation of System Information Blocks (SIBs). Despite real-world 5G deployments increasingly relying on multi-BS communication and user multi-connectivity, existing solutions incur high communication overheads, rely on centralized trust, and lack accountability and long-term breach resiliency. Given the inevitability of BS compromise and the severe impact of forged SIBs as the root of trust (e.g., fake alerts, tracking, false roaming), distributed trust, verifiable forgery detection, and audit logging are essential, yet remain largely unexplored in 5G authentication. These challenges are further amplified by the emergence of quantum-capable adversaries. While integration of NIST PQC standards is widely viewed as a path toward long-term security and future-proofing 5G authentication, their feasibility under strict packet size, latency, and broadcast constraints has not been systematically studied. This work presents, to our knowledge, the first comprehensive network-level performance characterization of integrating NIST-PQC standards and conventional digital signatures into 5G BS authentication, showing that direct PQC adoption is impractical due to protocol constraints, delays, and large signature sizes. To address these challenges, we propose BORG, a future-proof authentication framework based on a hierarchical identity-based threshold signature with fail-stop properties. BORG distributes trust across multiple BSs, enables post-mortem forgery detection, and provides tamper-evident, post-quantum secure audit logging, while maintaining compact signatures, avoiding fragmentation, and incurring minimal UE overhead, as shown in our 5G testbed implementation.