The 5G protocol lacks a robust base station authentication mechanism during the initial bootstrapping phase, leaving it susceptible to threats such as fake base station attacks. Conventional solutions, including digital signatures based on Public Key Infrastructures (PKIs) and identity-based signatures, are inadequate against quantum-capable adversaries. While integrating NIST's Post-Quantum Cryptography (PQC) standards is a leading approach for quantum resistance, their suitability for 5G base station authentication remains unexplored. Moreover, current solutions are predominantly centralized and lack security features such as distributed authentication. This work presents, to our knowledge, the first comprehensive network-level performance characterization of integrating NIST-PQC standards and conventional digital signatures (including threshold and identity-based schemes) into 5G base station authentication. Our findings reveal significant feasibility concerns, with direct PQC adoption hindered by protocol constraints and large signature sizes. We also highlight the performance limitations of conventional methods due to the overhead of certificate chains. To mitigate these challenges, we propose BORG, a transitional authentication solution based on a Hierarchical Identity-Based Threshold Signature scheme with a Fail-Stop property. BORG offers post-mortem post-quantum forgery detection and distributed trust via threshold and compact signatures, well-suited for 5G's stringent requirements. Our performance analysis underscores an important warning on the infeasibility of direct PQC integration and positions BORG as an effective transitional solution toward future quantum-resilient 5G authentication.

翻译：5G协议在初始引导阶段缺乏稳健的基站认证机制，使其易受伪基站攻击等威胁。基于公钥基础设施的数字签名和基于身份的签名等传统解决方案，在面对具备量子计算能力的攻击者时存在不足。尽管采用美国国家标准与技术研究院的后量子密码标准是实现抗量子攻击的主流途径，但其在5G基站认证中的适用性尚未得到充分研究。此外，现有方案大多采用集中式架构，缺乏分布式认证等安全特性。本研究首次全面评估了在网络层面将NIST后量子密码标准及传统数字签名方案（包括门限签名和基于身份的签名）集成至5G基站认证的性能表现。研究发现直接采用后量子密码存在显著的可行性问题，主要受限于协议约束和大尺寸签名。同时，传统方法因证书链开销也存在性能局限。为应对这些挑战，我们提出了BORG——一种基于具有故障停止特性的分层式基于身份门限签名方案的过渡性认证解决方案。BORG通过门限签名和紧凑签名实现了事后量子伪造检测与分布式信任机制，能很好地满足5G网络的严苛要求。我们的性能分析揭示了直接集成后量子密码的不可行性，并论证了BORG作为面向未来抗量子5G认证的有效过渡方案。