Base station gateway to secure user channel access at the first hop edge

Abstract

In mobile networking, the base station is the first hop from the user and serves as the bridge gateway between wireless and wired networking, while the security control and implementations are offloaded to the core network farther in the network. However, implementing the security control at the network edge can provide significant advantages in limiting the attacker’s networking traffic and impacts, such as against DDoS. We design and build the base station gateway (BSG) to implement a security gateway on the base station, the first hop from the user, by constructing token-based secure channel access. We take a systems approach for our research to distinguish from other generic security control in edge computing. BSG is designed for efficiency (practical for mobile users) and compatibility with the existing standardized mobile networking protocol (which has traditionally challenged the mobile/cellular technology’s adoption of the security research). BSG thus uses an existing protocol data field in the 4G/5G (the temporary ID of TMSI) to encode and deliver the BSG channel token and builds on the existing 5G networking protocol to incur no additional real-time communication overheads. BSG is also asymmetric between user/core network (generating the tokens) and base station (can only verify). We analyze BSG’s requirement compatibility with 5G and the token security. We implement BSG between a phone and a computer to validate its design and efficiency, e.g., BSG incurs less than 0.1 microseconds overhead for the online computing on phone. We also experiment with real-world 5G networking systems to measure and estimate the defense gains of implementing BSG on the first-hop base station as opposed to on the core network.