Blockchain-Based Secure Authentication and Authorization Framework for Robust 5G Network Slicing
Authors: 
Shalitha Wijethilaka, Awaneesh Kumar Yadav, An Braeken, Madhusanka LiyanageAuthors Info & Claims
Pages 3988 - 4005
Abstract
The rapid evolution of heterogeneous applications signifies the requirement for network slicing to cater to diverse network requirements. Network Functions (NFs), which are the essential elements of network slices, are required to communicate with each other securely to facilitate network services. Certificates are the established method to authenticate each other. However, dynamic certificate management while allowing NFs to communicate in a multi-operator environment is arduous. Also, sharing NFs between network slices originates authorization-related security challenges such as unauthorized service utilization, deceptive Denial of Service attacks, and data leakages from network slices. In this paper, we develop a novel framework to address the security challenges related to authentication and authorization in 5G network slicing systems. A blockchain-based multi-party distributed certificate management framework with secure communication protocols is developed using elliptic curve cryptography to facilitate certificate services for multi-operator environments. Also, we propose a blockchain-based NF authorization framework to mitigate the security vulnerabilities in NF sharing between network slices. We implement the proposed framework using Hyperledger Fabric blockchain with Java chain codes and perform comprehensive experiments to show the significance of our framework.The Ability to mitigate the single point of failure with respect to state-of-the-art, including traditional certificate authorities and blockchain-based certificate authorities, time analysis for certificate generation, and the potential to eliminate the mentioned authorization attacks are some of the experiments conducted.Also, we have shown that our framework is secure using informal and formal (using Real-Or-Random (ROR) logic and Scyther Validation tool) security verification mechanisms.
References
[1]
A. A. Abd El-Latif, B. Abd-El-Atty, W. Mazurczyk, C. Fung, and S. E. Venegas-Andraca, “Secure data encryption based on quantum walks for 5G Internet of Things scenario,” IEEE Trans. Netw. Service Manag., vol. 17, no. 1, pp. 118–131, Mar. 2020.
[2]
H. Lian, Y. Yang, and Y. Zhao, “Efficient and strong symmetric password authenticated key exchange with identity privacy for IoT,” IEEE Internet Things J., vol. 10, no. 6, pp. 4725–4734, Mar. 2023.
[3]
Q.-T. Luu, S. Kerboeuf, and M. Kieffer, “Uncertainty-aware resource provisioning for network slicing,” IEEE Trans. Netw. Service Manag., vol. 18, no. 1, pp. 79–93, Mar. 2021.
[4]
S. Wijethilaka and M. Liyanage, “Survey on network slicing for Internet of Things realization in 5G networks,” IEEE Commun. Surveys Tuts., vol. 23, no. 2, pp. 957–994, 2nd Quart., 2021.
[5]
“Network slicing market, by component type (solution, services).” 2021. [Online]. Available: https://www.researchdive.com/5670/network-slicing-market
[6]
R. F. Olimid and G. Nencioni, “5G network slicing: A security overview,” IEEE Access, vol. 8, pp. 99999–100009, 2020.
[7]
R. Chai, D. Xie, L. Luo, and Q. Chen, “Multi-objective optimization-based virtual network embedding algorithm for software-defined networking,” IEEE Trans. Netw. Service Manag., vol. 17, no. 1, pp. 532–546, Mar. 2020.
[8]
“Security architecture and procedures for 5G system; (Release 17),” 3GPP, Sophia Antipolis, France, Rep. TS 33.501 V17.6.0, Jun. 2022.
[9]
C. Jost and B. Smeets (Ericsson, Stockholm, Sweden). Security for 5G Service-Based Architecture. (Aug. 2020). [Online]. Available: https://www.ericsson.com/en/blog/2020/8/security-for-5g-service-based-architecture
[10]
A Slice in Time: Slicing Security in 5G Core Network, AdaptiveMobile Secur., Dublin, Ireland, 2021.
[11]
M. Li, L. Zhu, Z. Zhang, C. Lal, M. Conti, and M. Alazab, “Anonymous and verifiable reputation system for E-commerce platforms based on blockchain,” IEEE Trans. Netw. Service Manag., vol. 18, no. 4, pp. 4434–4449, Dec. 2021.
[12]
J. Li, H. Yan, and Y. Zhang, “Certificateless public integrity checking of group shared data on cloud storage,” IEEE Trans. Services Comput., vol. 14, no. 1, pp. 71–81, Jan./Feb. 2018.
[13]
V. A. Cunha et al., “Network slicing security: Challenges and directions,” Internet Technol. Lett., vol. 2, no. 5, p. e125, 2019.
[14]
C. A. Lara-Nino, A. Diaz-Perez, and M. Morales-Sandoval, “Elliptic curve lightweight cryptography: A survey,” IEEE Access, vol. 6, pp. 72514–72550, 2018.
[15]
Website Builder Expert Staff. “How much does an SSL certificate cost in 2022?.” Website Builder Expert. Aug. 2021. [Online]. Available: https://www.websitebuilderexpert.com/building-websites/ssl-certificate-cost/
[16]
M. Campagna. “SEC 4: Elliptic curve Qu-Vanstone implicit certificate scheme (ECQV).” Standards Efficient Cryptography. 2013. [Online]. Available: https://www.secg.org/sec4-1.0.pdf
[17]
G. O. Boateng, D. Ayepah-Mensah, D. M. Doe, A. Mohammed, G. Sun, and G. Liu, “Blockchain-enabled resource trading and deep reinforcement learning-based autonomous RAN slicing in 5G,” IEEE Trans. Netw. Service Manag., vol. 19, no. 1, pp. 216–227, Mar. 2022.
[18]
A. M. Seid, A. Erbad, H. N. Abishu, A. Albaseer, M. Abdallah, and M. Guizani, “Blockchain-empowered resource allocation in multi-UAV-enabled 5G-RAN: A multi-agent deep reinforcement learning approach,” IEEE Trans. Cogn. Commun. Netw., vol. 9, no. 4, pp. 991–1011, Aug. 2023.
[19]
J. Arkko (Ericsson, Stockholm, Sweden). Service-Based Architecture in 5G. (2017). [Online]. Available: https://www.ericsson.com/en/blog/2017/9/service-based-architecture-in-5g
[20]
D. Boneh et al., “Multiparty non-interactive key exchange and more from isogenies on elliptic curves,” J. Math. Cryptol., vol. 14, no. 1, pp. 5–14, 2020.
[21]
M. M. Payeras-Capellà, M. Mut-Puigserver, M. À. Cabot-Nadal, and L. Huguet-Rotger, “Blockchain-based confidential multiparty contract signing protocol without TTP using elliptic curve cryptography,” Comput. J., vol. 65, no. 10, pp. 2755–2768, 2022.
[22]
C. Dai and Z. Xu, “A secure three-factor authentication scheme for multi-gateway wireless sensor networks based on elliptic curve cryptography,” Ad Hoc Netw., vol. 127, Mar. 2022, Art. no.
[23]
M. Y. Kubilay, M. S. Kiraz, and H. A. Mantar, “CertLedger: A new PKI model with certificate transparency based on blockchain,” Comput. Secur., vol. 85, pp. 333–352, Aug. 2019.
[24]
T. Hewa, A. Bracken, M. Ylianttila, and M. Liyanage, “Blockchain-based automated certificate revocation for 5G IoT,” in Proc. IEEE Int. Conf. Commun. (ICC), 2020, pp. 1–7.
[25]
T. Saleem et al., “ProofChain: An X.509-compatible blockchain-based PKI framework with decentralized trust,” Comput. Netw., vol. 213, Aug. 2022, Art. no.
[26]
A. Yakubov, W. Shbair, A. Wallbom, D. Sanda, and R. State, “A blockchain-based PKI management framework,” in Proc. 1st IEEE/IFIP Int. Workshop Manag. Manag. Blockchain (Man2Block) Colocat. IEEE/IFIP NOMS, 2018, pp. 1–6.
[27]
B. Khieu and M. Moh, “CBPKI: Cloud blockchain-based public key infrastructure,” in Proc. ACM Southeast Conf., 2019, pp. 58–63.
[28]
Y. C. E. Adja, B. Hammi, A. Serhrouchni, and S. Zeadally, “A blockchain-based certificate revocation management and status verification system,” Comput. Secur., vol. 104, May 2021, Art. no.
[29]
X. Luo, Z. Xu, K. Xue, Q. Jiang, R. Li, and D. Wei, “ScalaCert: Scalability-oriented PKI with redactable consortium blockchain enabled “on-cert” certificate revocation,” in Proc. IEEE 42nd Int. Conf. Distrib. Comput. Syst. (ICDCS), 2022, pp. 1236–1246.
[30]
W.-Y. Chiu, W. Meng, and C. D. Jensen, “ChainPKI—Towards Ethash-based decentralized PKI with privacy enhancement,” in Proc. IEEE Conf. Dependable Secure Comput. (DSC), 2021, pp. 1–8.
[31]
J. Yan, X. Hang, B. Yang, L. Su, and S. He, “Blockchain based PKI and certificates management in mobile networks,” in Proc. IEEE 19th Int. Conf. Trust, Security Privacy Comput. Commun. (TrustCom), 2020, pp. 1764–1770.
[32]
J. Yan, B. Yang, L. Su, S. He, and N. Dong, “Decentralized certificate management for network function virtualization (NFV) implementation in 5G networks,” in Proc. Int. Conf. Mobile Multimedia Commun., 2021, pp. 81–93.
[33]
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Trans. Inf. theory, vol. 29, no. 2, pp. 198–208, Mar. 1983.
[34]
A. K. Yadav, M. Misra, P. K. Pandey, A. Braeken, and M. Liyange, “An improved and provably secure symmetric-key based 5G-AKA protocol,” Comput. Netw., vol. 218, Dec. 2022, Art. no.
[35]
T. Liu, F. Wu, X. Li, and C. Chen, “A new authentication and key agreement protocol for 5G wireless networks,” Telecommun. Syst., vol. 78, pp. 1–13, Jul. 2021.
[36]
J. Aas et al., “Let’s encrypt: An automated certificate authority to encrypt the entire web,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2019, pp. 2473–2487.
[37]
D. A. Ha, K. T. Nguyen, and J. K. Zao, “Efficient authentication of resource-constrained IoT devices based on ECQV implicit certificates and datagram transport layer security protocol,” in Proc. 7th Symp. Inf. Commun. Technol., 2016, pp. 173–179.
[38]
M. Abdalla, P.-A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” in Proc. Int. Workshop Public Key Cryptography, 2005, pp. 65–84.
[39]
C. J. F. Cremers, “Scyther: Semantics and verification of security protocols,” Ph.D. dissertation, Dept. Math. Comput. Sci., Eindhoven Univ. Technol., Eindhoven, The Netherlands, 2006.
[40]
M. Wazid, A. K. Das, N. Kumar, and M. Alazab, “Designing authenticated key management scheme in 6G-enabled network in a box deployed for industrial applications,” IEEE Trans. Ind. Informat., vol. 17, no. 10, pp. 7174–7184, Oct. 2021.
[41]
S. Son, J. Lee, Y. Park, Y. Park, and A. K. Das, “Design of blockchain-based lightweight V2I handover authentication protocol for VANET,” IEEE Trans. Netw. Sci. Eng., vol. 9, no. 3, pp. 1346–1358, May/Jun. 2022.
[42]
A. K. Yadav, M. Misra, P. K. Pandey, and M. Liyanage, “An EAP-based mutual authentication protocol for WLAN-connected IoT devices,” IEEE Trans. Ind. Informat., vol. 19, no. 2, pp. 1343–1355, Feb. 2023.
[43]
S. Shunmuganathan, “A reliable lightweight two factor mutual authenticated session key agreement protocol for multi-server environment,” Wireless Pers. Commun., vol. 121, no. 4, pp. 2789–2822, 2021.
Index Terms
- Blockchain-Based Secure Authentication and Authorization Framework for Robust 5G Network Slicing
Index terms have been assigned to the content through auto-classification.
Recommendations
An extensible network slicing framework for satellite integration into 5G
SummaryWith the imminent deployment of the 5th generation (5G) mobile network in the nonstand‐alone version, some researches focus on network slicing to fully exploit the 5G infrastructure and achieve a highest level of flexibility in the network. This ...
In this paper, we confront the challenges related to the network slicing paradigm with the satellite network and define precisely what a satellite slice is. We take a top‐down approach to design an extensible network slicing framework in order to ...
Network slicing: a next generation 5G perspective
AbstractFifth-generation (5G) wireless networks are projected to bring a major transformation to the current fourth-generation network to support the billions of devices that will be connected to the Internet. 5G networks will enable new and powerful ...
Authentication and authorization infrastructures (AAIs): a comparative survey
In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© 2024 The Authors. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
Publisher
IEEE Press
Publication History
Published: 19 June 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024