XAuth: Secure and Privacy-Preserving Cross-Domain Handover Authentication for 5G HetNets

Fifth generation (5G) networks are highly heterogeneous, with ultradense base stations (BSs), due to the low penetration of millimeter waves and the availability of different access technologies. However, the continuous heterogeneity and densification of 5G networks pose great challenges to network security, especially for user mobility support. In the process of user handover between BSs or between different network domains, user access authentication and security session establishment are far riskier compared to 4G networks. On the one hand, the overhead of handover authentication increases significantly as handovers become more frequent in an ultradense network. On the other hand, the differentiation of security schemes in heterogeneous networks (HetNets) poses a big challenge to handover authentication. Successfully designing a secure, privacy preserving, and efficient handover authentication protocol for heterogeneous and ultradense 5G networks would substantially expand the prospects of future 5G network applications. Although numerous solutions (e.g., challenge-response-based, public key cryptography-based, physical-layer information-based, and blockchain-based solutions) have been proposed to solve the cross-domain handover authentication problem, most of them surfer from security and privacy vulnerabilities and unreasonable performance overhead. In this article, we propose XAuth, a secure and privacy-preserving authentication protocol for both intradomain and interdomain handover in 5G HetNets based on blockchain. The proposed protocol can achieve mutual authentication, key agreement between user equipment (UE) and target network, and is characterized by forward secrecy, backward secrecy, user anonymity, and conditional privacy preservation. Formal security analysis and comprehensive performance evaluation demonstrate the security and effectiveness of the proposed protocol.