IPsec based on Quantum Key Distribution: Adapting non-3GPP access to 5G Networks to the Quantum Era
This addresses the need for quantum-safe security in heterogeneous 5G networks, particularly for integrating Wi-Fi access, though it is incremental as it adapts existing protocols to new key distribution methods.
The paper tackles the challenge of securing non-3GPP access in 5G networks against quantum computing threats by designing a Quantum Key Distribution (QKD)-based IPsec mechanism, achieving 4.62% faster authentication and security association establishment compared to traditional systems while ensuring information-theoretic security.
The advent of quantum computing will pose great challenges to the current communication systems, requiring essential changes in the establishment of security associations in traditional architectures. In this context, the multi-technological and heterogeneous nature of 5G networks makes it a challenging scenario for the introduction of quantum communications. Specifically, 5G networks support the unification of non-3GPP access technologies (i.e. Wi-Fi), which are secured through the IPsec protocol suite and the Non-3GPP Interworking Function (N3IWF) entity. These mechanisms leverage traditional public key cryptography and Diffie-Hellman key exchange mechanisms, which should be updated to quantum-safe standards. Therefore, in this paper we present the design and development of a Quantum Key Distribution (QKD) based non-3GPP access mechanism for 5G networks, integrating QKD keys with IPsec tunnel establishment. Besides, we also demonstrate the feasibility of the system by experimental validation in a testbed with commercial QKD equipment and an open-source 5G core implementation. Results show that the time required to complete the authentication and IPsec security association establishment is 4.62% faster than traditional cryptography PSK-based systems and 5.17% faster than the certificate-based system, while ensuring Information-Theoretic Security (ITS) of the QKD systems.