In the rapidly evolving landscape of 5G technology, the adoption of cloud-based infrastructure for the deployment of 5G services has become increasingly common. Using a service-based architecture, critical 5G components, such as the Access and Mobility Management Function (AMF), Session Management Function (SMF), and User Plane Function (UPF), now run as containerized pods on Kubernetes clusters. Although this approach improves scalability, flexibility, and resilience, it also introduces new security challenges, particularly to ensure the integrity and trustworthiness of these components. Current 5G security specifications (for example, 3GPP TS 33.501) focus on communication security and assume that network functions remain trustworthy after authentication, consequently lacking mechanisms to continuously validate the integrity of NVFs at runtime. To close this gap, and to align with Zero Trust principles of 'never trust, always verify', we present a TPM 2.0-based continuous remote attestation solution for core 5G components deployed on Kubernetes. Our approach uses the Linux Integrity Measurement Architecture (IMA) and a Trusted Platform Module (TPM) to provide hardware-based runtime validation. We integrate the open-source Keylime framework with a custom IMA template that isolates pod-level measurements, allowing per-pod integrity verification. A prototype on a k3s cluster (consisting of 1 master, 2 worker nodes) was implemented to attest to core functions, including AMF, SMF and UPF. The experimental results show that the system detects unauthorized modifications in real time, labels each pod's trust state, and generates detailed audit logs. This work provides hardware-based continuous attestation for cloud native and edge deployments, strengthening the resilience of 5G as critical infrastructure in multi-vendor and mission-critical scenarios of 5G.

翻译：在快速演进的5G技术环境中，采用云基础设施部署5G服务已日益普遍。基于服务化架构，关键5G组件——如接入与移动性管理功能（AMF）、会话管理功能（SMF）和用户面功能（UPF）——现以容器化Pod形式运行于Kubernetes集群。尽管这种方法提升了可扩展性、灵活性与弹性，但也引入了新的安全挑战，特别是如何确保这些组件的完整性与可信性。现行5G安全规范（如3GPP TS 33.501）主要关注通信安全，并假设网络功能在认证后保持可信，因而缺乏在运行时持续验证网络功能虚拟化（NFV）完整性的机制。为弥补这一缺陷，并遵循“永不信任、持续验证”的零信任原则，我们提出一种基于TPM 2.0的持续远程证明方案，适用于部署在Kubernetes上的核心5G组件。该方法利用Linux完整性度量架构（IMA）与可信平台模块（TPM）提供基于硬件的运行时验证。我们将开源Keylime框架与定制的IMA模板集成，该模板可隔离Pod级度量数据，从而实现按Pod完整性验证。我们在k3s集群（包含1个主节点、2个工作节点）上实现了原型系统，用于对AMF、SMF及UPF等核心功能进行证明。实验结果表明，该系统能实时检测未授权修改、标记各Pod可信状态并生成详细审计日志。本工作为云原生及边缘部署提供了基于硬件的持续证明机制，增强了5G作为关键基础设施在多供应商与任务关键场景下的弹性。