Future-Proofing Authentication Against Insecure Bootstrapping for 5G Networks: Feasibility, Resiliency, and Accountability

arXiv:2510.23457v3 Announce Type: replace Abstract: The 5G protocol lacks a robust base station (BS) authentication mechanism during the initial bootstrapping phase, leaving it susceptible to fake BSs, spoofed broadcasts, and large-scale manipulation of System Information Blocks (SIBs). Existing solutions incur high communication overhead, rely on centralized trust, and lack accountability and long-term breach resiliency. Given the inevitability of BS compromise and the severe impact of forged SIBs as the root of trust (e.g., fake alerts, tracking, false roaming), distributed trust, verifiable forgery detection, and audit logging are essential yet remain largely unexplored. These challenges are further amplified by the emergence of quantum-capable adversaries. While NIST Post-Quantum Cryptography (PQC) standards are widely viewed as a path toward long-term security, their feasibility under 5G's strict packet-size, latency, and broadcast constraints has not been systematically studied. This work presents, to our knowledge, the first comprehensive network-level performance characterization of integrating NIST-PQC standards and conventional digital signatures into 5G BS authentication, showing that direct PQC adoption is impractical due to excessive signature sizes, fragmentation, and protocol-level delays. To address these challenges, we propose BORG, a future-proof authentication framework based on a Hierarchical Identity-Based Threshold Signature with Fail-Stop (HITFS) properties. BORG distributes trust across multiple BSs via threshold signing, enables post-mortem verifiable forgery detection, and provides tamper-evident, PQ-secure audit logging, while maintaining compact signatures that fit within a single SIB1 packet without fragmentation and incurring minimal UE overhead, as validated through our real over-the-air 5G testbed implementation.