Identidades seguras para o núcleo 5G: uma abordagem não intrusiva

Abstract

The emergence of 5G networks has revolutionized mobile communications, offering increased bandwidth, massive machine-to-machine communication, Internet of Things applications, and highly reliable low-latency communication. Achieving these goals required a shift in the 5G architecture, new radio technologies, edge computing, and changes in the 5G core. The 5G core is responsible for managing device connections and mobility, controlling sessions, and providing services such as broadband, among other functions. In this new generation, the 5G core has been designed to support cloud-native technologies. A servicebased architecture was planned, where each core service is an independent microservice. Services communicate using a REST API, which serves as the service’s basic interface. This new design, based on cloud-native technologies, further exposes the 5G core services. Addressing the risks associated with the 5G core is crucial, and mitigating these risks is necessary to ensure a secure 5G ecosystem. According to 3GPP recommendations, one approach is to use mutual authentication in the communication between 5G core services. Authentication requires that identities be issued and delivered to the services composing the 5G core, posing some challenges. This work proposes a non-intrusive approach to issue and distribute identities to 5G core services using the SPIFFE framework. This approach aligns with the principles of the zerotrust paradigm. A case study is presented using Free5GC as the 5G core, SPIRE as an implementation of the SPIFFE framework, and the envoy proxy. These tools are configured in a way that avoids direct modifications to the 5G core, limited to configurations. Other 5G core implementations following 3GPP standards can benefit from this approach. To validate the case study, a series of tests was planned, and the results are compared with a standard execution of the 5G core that does not employ mTLS nor utilize the employed tools.