The 5G protocol lacks a robust base station (BS) authentication mechanism during the initial bootstrapping phase, leaving it susceptible to fake BSs, spoofed broadcasts, and large-scale manipulation of System Information Blocks (SIBs). Existing solutions incur high communication overhead, rely on centralized trust, and lack accountability and long-term breach resiliency. Given the inevitability of BS compromise and the severe impact of forged SIBs as the root of trust (e.g., fake alerts, tracking, false roaming), distributed trust, verifiable forgery detection, and audit logging are essential yet remain largely unexplored. These challenges are further amplified by the emergence of quantum-capable adversaries. While NIST Post-Quantum Cryptography (PQC) standards are widely viewed as a path toward long-term security, their feasibility under 5G's strict packet-size, latency, and broadcast constraints has not been systematically studied. This work presents, to our knowledge, the first comprehensive network-level performance characterization of integrating NIST-PQC standards and conventional digital signatures into 5G BS authentication, showing that direct PQC adoption is impractical due to excessive signature sizes, fragmentation, and protocol-level delays. To address these challenges, we propose BORG, a future-proof authentication framework based on a Hierarchical Identity-Based Threshold Signature with Fail-Stop (HITFS) properties. BORG distributes trust across multiple BSs via threshold signing, enables post-mortem verifiable forgery detection, and provides tamper-evident, PQ-secure audit logging, while maintaining compact signatures that fit within a single SIB1 packet without fragmentation and incurring minimal UE overhead, as validated through our real over-the-air 5G testbed implementation.

翻译：5G协议在初始引导阶段缺乏稳健的基站（BS）认证机制，使其易受虚假基站、伪造广播以及大规模系统信息块（SIB）操纵的攻击。现有解决方案存在通信开销高、依赖集中式信任、缺乏可问责性和长期漏洞弹性等问题。鉴于基站被攻破的必然性以及作为信任根的伪造SIB（例如虚假警报、跟踪、虚假漫游）的严重影响，分布式信任、可验证伪造检测和审计日志记录至关重要，但尚未得到充分探索。量子计算对手的出现进一步放大了这些挑战。虽然NIST后量子密码学（PQC）标准被广泛视为实现长期安全的路径，但其在5G严格的包大小、延迟和广播约束下的可行性尚未得到系统研究。据我们所知，本工作首次对将NIST-PQC标准与传统数字签名集成到5G基站认证中的网络级性能进行了全面表征，结果表明，由于签名过大、分片和协议级延迟，直接采用PQC不可行。为解决这些挑战，我们提出BORG，一种基于具有故障停止属性的分层身份基门限签名（HITFS）的未来防护认证框架。BORG通过门限签名将信任分布在多个基站之间，支持事后可验证的伪造检测，并提供防篡改、PQ安全的审计日志，同时保持紧凑签名（可嵌入单个SIB1数据包而无须分片），并实现极小的用户设备（UE）开销——这一点已通过我们的真实空中5G测试床实现得到了验证。