5G-DAuth: Decentralized Privacy-Preserving Service Authorization for 5G Network Functions

The 5G network adopts a cloud-native, service-based architecture (SBA) that enables support for diverse services via virtualized Network Functions (NFs). A key advantage of this architecture is its decoupling of the control plane and user plane, which enhances network flexibility and scalability. However, the reliance on virtualized implementations and cloud processing also expands the network’s attack surface. For example, the centralized Network Repository Function (NRF) inherently faces the risk of single points of failure. Additionally, the processes for authorizing and accessing services across network functions (NFs) remain susceptible to a variety of security threats. Addressing these gaps requires a resilient security architecture that builds on the existing 5G security framework; yet, current research on security and privacy management for network function services remains relatively limited. To fill this research gap, this paper proposes 5G-DAuth: a decentralized security management scheme for NF services in 5G networks. 5G-DAuth is built on a consortium blockchain and integrates a trusted off-chain Trusted Execution Environment (TEE) pool. The consortium blockchain forms the foundation of a decentralized cross-domain security management platform for NF services, enabling automated registration, authentication, authorization, and access control for NFs. This design directly resolves the single-point failure risk associated with the centralized NRF. To ensure the confidentiality and integrity of service data, the off-chain TEE pool is specifically designed to support smart contract execution and secure service data storage. Additionally, we enhance access tokens using digital signature to achieve fine-grained access control for service authorization while protecting against man-in-the-middle (MITM) attacks and replay attacks during service access. We validate the security of 5G-DAuth through two complementary approaches: informal security analysis and formal verification via a dedicated verification tool. Experimental results further demonstrate that 5G-DAuth delivers high performance across different service management operations, with strong performance in terms of latency and throughput.