English

5G-WAVE: A Core Network Framework with Decentralized Authorization for Network Slices

Networking and Internet Architecture 2024-09-18 v1

Abstract

5G mobile networks leverage Network Function Virtualization (NFV) to offer services in the form of network slices. Each network slice is a logically isolated fragment constructed by service chaining a set of Virtual Network Functions (VNFs). The Network Repository Function (NRF) acts as a central OpenAuthorization (OAuth) 2.0 server to secure inter-VNF communications resulting in a single point of failure. Thus, we propose 5G-WAVE, a decentralized authorization framework for the 5G core by leveraging the WAVE framework and integrating it into the OpenAirInterface (OAI) 5G core. Our design relies on Side-Car Proxies (SCPs) deployed alongside individual VNFs, allowing point-to-point authorization. Each SCP acts as a WAVE engine to create entities and attestations and verify incoming service requests. We measure the authorization latency overhead for VNF registration, 5G Authentication and Key Agreement (AKA), and data session setup and observe that WAVE verification introduces 155ms overhead to HTTP transactions for decentralizing authorization. Additionally, we evaluate the scalability of 5G-WAVE by instantiating more network slices to observe 1.4x increase in latency with 10x growth in network size. We also discuss how 5G-WAVE can significantly reduce the 5G attack surface without using OAuth 2.0 while addressing several key issues of 5G standardization.

Keywords

Cite

@article{arxiv.2404.13242,
  title  = {5G-WAVE: A Core Network Framework with Decentralized Authorization for Network Slices},
  author = {Pragya Sharma and Tolga Atalay and Hans-Andrew Gibbs and Dragoslav Stojadinovic and Angelos Stavrou and Haining Wang},
  journal= {arXiv preprint arXiv:2404.13242},
  year   = {2024}
}
R2 v1 2026-06-28T16:00:29.824Z