Certificateless Public Key Systems Aggregation: An enabling technique for 5G multi-domain security management and delegation

Abstract

Network slicing is promising to provide the most cost-effective way of supporting 5G and beyond End-to-End (E2E) services in a multi-domain/multi-tenant environment. However, security issues are expected to worsen. Indeed, a 5G E2E service could be provided among participation of multiple stakeholders deploying each its security mechanism, which would reduce the flexibility and efficiency that are supposed to characterize 5G services. Also, fierce competition for market share may lead some stakeholders to cheat in the processing of individuals’ data and thus infringe on privacy, and undermine the trust between stakeholders. Public Key Cryptography is widely used where the main challenge is how to ensure the authenticity of cryptographic keys. Thus, a trusted third party is the most common way to assure binding a public–private key pair to the identity of the owner, where the word trusted differs from a public key scheme to another. In Public Key Infrastructure, the Certification Authority is trusted for not forging users’ certificates. In Identity-Based Public Key Cryptography, the Private Key Generator is trusted for not decrypting entities’ ciphertext, let alone forging their signatures. Similarly, in Certificateless Public Key Cryptography, the Key Generator Center (KGC) is trusted for not replacing entities’ public keys. In this paper, we propose an aggregation of several Certificateless Public Key systems in a 5G multi-domain/multi-tenant environment to merge them into a virtual cryptosystem without requiring any sort of trustiness in KGCs. The only assumption is that KGCs do not collude through sharing their secret keys. We have put this new cryptosystem into concrete encryption, signature, and authenticated key agreement schemes, and proved their security against a new adversarial model based on new underlying computational and bilinear hardness assumptions about Diffie–Hellman problem in the random oracle model. We believe that this new cryptosystem enables and ensures a secure management of multi-domain/multi-tenant 5G E2E services, even if at most (n-1) KGCs do collude.