Go to OpenReview Public Article ORCID homepageFrom Preparation to Execution: Security Protocol for Third-Party MES-Enabled 5 G Support Handover Authentication and Key Evolution
Abstract: Multi-access edge computing (MEC) platforms offered by third-party providers increasingly complement fifth-generation (5 G) mobile networks. This business model separates the Mobile Network Operator (MNO)-managed gNodeB (gNB), from the Mobile Edge Host (MEH) belonging to a different management domain. Such separation exposes existing schemes that ignore key evolutions in the MEC domain to User Equipment (UE) privacy leakage. This paper proposes a secure two-phase handover scheme. The preparation phase builds a dedicated MEH-to-MEH channel to conveys MNO-independent context and pre-authentication data that enables UE to verify the target pair before the handover decision. The execution phase performs dual-track authentication and key evolution between the target gNB-MEH pair belonging to different registration domains and UE, establishing two isolated sessions to protect UE privacy in both domains. The proposed scheme seamlessly integrates with existing standards while overcoming the security threats inherent in the access layer, such as fake base station attacks. We show that our scheme satisfies key forward/backward secrecy, anonymity, and unlinkability using various formal and informal analysis methods. The prototype implemented on NS-3 5 G mmWave has only an 8.344 ms latency increase over the Conventional-5 G protocol stack, and this latency increment is minimally reduced by 33.98% compared to the state-of-the-art schemes.
External IDs:doi:10.1109/tmc.2025.3599376
Loading