AI summaryⓘ
The authors address a security problem in 5G networks where important system information broadcasts can be faked or intercepted because there is no secure way to verify the base stations sending them. They show that existing solutions either take too long or require too many message fragments, making them impractical for 5G. Their new method, called EMULSION, uses a clever combination of fast, symmetric cryptography and a single post-quantum signature to securely authenticate these broadcasts in one packet without big delays. They tested EMULSION on real 5G hardware, proving it is much faster and lighter than previous methods, while protecting all system information messages. The authors also provide a formal security proof and open-source their work for others to use.
5GBase StationSystem Information Block (SIB)Authenticated BootstrappingPost-Quantum SecurityTESLA ProtocolHMACPublic Key Infrastructure (PKI)End-to-End DelayeSIM/USIM
Authors
Saleh Darzi, Mirza Masfiqur Rahman, Imtiaz Karim, Rouzbeh Behnia, Attila A Yavuz, Elisa Bertino
Abstract
The absence of authenticated bootstrapping between User Equipments (UEs) and Base Stations (BSs) in 5G leaves System Information Block (SIB) broadcasts unprotected, enabling fake BS attacks, man-in-the-middle interception, and spoofed emergency alerts. Prior efforts such as Public Key Infrastructure (PKI)-based certificate chains, token-based schemes, and identity-based signatures either impose overhead exceeding 5G's strict packet-size constraints or lack post-quantum (PQ) security. Direct NIST-PQC integration is infeasible: ML-DSA requires 34 fragmented SIB1 packets and up to 5,282,ms end-to-end delay, and FN-DSA still requires 13 fragments and up to 1,920,ms. We propose $\emulsion$, a symmetric chained publicly verifiable authentication framework for 5G/6G BS broadcast authentication. EMULSION is the first framework to exploit native 5G architectural features: fixed SIB transmission windows, millisecond-level time synchronization, and eSIM/USIM credential management to achieve genuine PQ security at symmetric-key efficiency. It uses a TESLA-style HMAC chain anchored by a compact PQ signature (MAYO) applied once per epoch, fitting authentication within a single packet with no fragmentation and eliminating certificate transmission entirely. Unlike all prior schemes, EMULSION protects the full SIB family (SIB1-SIB21). Evaluated on a real over-the-air 5G testbed, EMULSION achieves 33x lower end-to-end delay and 31x less communication overhead than ML-DSA, and 12x lower delay and 5.4x less overhead than FN-DSA. We formally prove the security of EMULSION and open-source its implementation for public testing and adaptation.