Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure

• URL: http://arxiv.org/abs/2602.04238v1
• Date: Wed, 04 Feb 2026 05:55:41 GMT
• Title: Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure
• Authors: Vipin Kumar Rathi, Lakshya Chopra, Nikhil Kumar Rajput,
• Abstract summary: We present a certificate-free authentication framework for private distributed systems based on post-quantum Identity-Based Encryption (IBE)<n>Our design replaces certificate and signature based authentication with identity-derived keys and identity-based key encapsulation, enabling mutually authenticated TLS connections without certificate transmission or validation.<n>We apply this framework to cloud-native application deployments and latency-sensitive 5G Core networks.
• Score: 0.5735035463793009
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure (PKI) and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance overhead, which is further amplified in the post-quantum setting due to large certificates and expensive signature verification. In this paper, we present a certificate-free authentication framework for private distributed systems based on post-quantum Identity-Based Encryption(IBE). Our design replaces certificate and signature based authentication with identity-derived keys and identity-based key encapsulation, enabling mutually authenticated TLS connections without certificate transmission or validation. We describe an IBE-based replacement for private PKI, including identity lifecycle management, and show how it can be instantiated using a threshold Private Key Generator (T-PKG). We apply this framework to cloud-native application deployments and latency-sensitive 5G Core networks. In particular, we demonstrate how identity-based TLS integrates with the 5G Service-Based Architecture while preserving security semantics and 3GPP requirements, and we show how the same architecture can replace private PKI in Kubernetes, including its control plane, without disrupting existing trust domains or deployment models.

Related papers

• Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
  BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
  arXiv  Detail & Related papers  (2025-12-19T13:01:54Z)
• TPM-Based Continuous Remote Attestation and Integrity Verification for 5G VNFs on Kubernetes [0.8427427828815586]
  We present a TPM 2.0-based continuous remote attestation solution for core 5G components deployed on runtime.<n>We integrate the open-source Keylime framework with a custom IMA template that isolates pod-level measurements, allowing per-pod integrity verification.<n>The experimental results show that the system detects unauthorized modifications in real time, labels each pod's trust state, and generates detailed audit logs.
  arXiv  Detail & Related papers  (2025-10-03T17:54:15Z)
• Cross-Service Token: Finding Attacks in 5G Core Networks [58.86003502940164]
  We present FivGeeFuzz, a grammar-based fuzzing framework designed to uncover security flaws in 5G core SBIs.<n>Using FivGeeFuzz, we discovered 8 previously unknown vulnerabilities in free5GC, leading to runtime crashes, improper error handling, and unauthorized access to resources.
  arXiv  Detail & Related papers  (2025-09-10T20:40:33Z)
• Zero-Trust Foundation Models: A New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things [61.43014629640404]
  Zero-Trust Foundation Models (ZTFMs) embed zero-trust security principles into the lifecycle of foundation models (FMs) for Internet of Things (IoT) systems.<n>ZTFMs can enable secure, privacy-preserving AI across distributed, heterogeneous, and potentially adversarial IoT environments.
  arXiv  Detail & Related papers  (2025-05-26T06:44:31Z)
• Establishing Workload Identity for Zero Trust CI/CD: From Secrets to SPIFFE-Based Authentication [0.0]
  CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems.<n>This paper describes the shift from static credentials to OpenID Connect (OIDC) federation, and introduces SPIFFE as a platform-neutral identity model for non-human actors.
  arXiv  Detail & Related papers  (2025-04-20T23:06:03Z)
• Base Station Certificate and Multi-Factor Authentication for Cellular Radio Control Communication Security [1.3142127084199051]
  Current cellular networking remains vulnerable to malicious fake base stations.<n>We design a base station certificate (certifying the base station's public key and location) and a multi-factor authentication to secure the authenticity and message integrity of the base station control communications.
  arXiv  Detail & Related papers  (2025-04-02T21:12:29Z)
• An Enhanced Online Certificate Status Protocol for Public Key Infrastructure with Smart Grid and Energy Storage System [0.6757476692230008]
  We introduce the OCSP Stapling approach to optimize OCSP query costs in our smart grid environment.<n>Our experimental results show that OCSP stapling increases both efficiency and security, creating a more robust architecture for the smart grid.
  arXiv  Detail & Related papers  (2024-09-17T06:57:17Z)
• Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
  We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
  arXiv  Detail & Related papers  (2024-06-27T09:50:10Z)
• DID Link: Authentication in TLS with Decentralized Identifiers and Verifiable Credentials [0.0]
  This article presents DID Link, a novel authentication scheme for TLS 1.3.<n>It empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs.<n>A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger.
  arXiv  Detail & Related papers  (2024-05-13T08:03:32Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
  Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
  arXiv  Detail & Related papers  (2023-05-10T12:10:02Z)
• Public Key Encryption with Secure Key Leasing [24.410596031297242]
  We introduce the notion of public key encryption with secure key leasing (PKE-SKL) Our notion is similar in spirit to the notion of secure software leasing (SSL) introduced by Ananth and La Placa (Eurocrypt 2021) In more detail, our adversary is not restricted to use an honest evaluation algorithm to run pirated software.
  arXiv  Detail & Related papers  (2023-02-22T21:37:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.