dAuth: A Resilient Authentication Architecture for Federated Private Cellular Networks
Title : dAuth: A Resilient Authentication Architecture for Federated Private Cellular Networks
Authors : Matthew Johnson, Sudheesh Singanamalla, Nick Durand, Esther Jang, Spencer Sevilla, Kurtis Heimerl (Paul G. Allen School, University of Washington)
Scribe: Rulan Yang (Xiamen University)
Introduction
(It’s an online presentation)
The paper focuses on device authentication in private cellular networks that redistributes authentication responsibilities, enabling multiple small private networks to federate for enhanced reliability and resilience. This is particularly important as it ensures continuous service even when individual networks are unavailable, a crucial feature for maintaining connectivity in diverse and potentially unstable environments. Existing systems fall short because they typically rely on centralized authentication, which can become a single point of failure and may not scale efficiently across multiple networks.
Key idea and contribution
dAuth envisions local institutions as anchors for their users, hosting systems in both local and cloud servers, allowing for more graceful tolerance of component unavailability. First, aAuth introduces a community-based federated trust model for organic wide-area network scaling with minimal overhead and incremental trust between partners. Second, its authentication and authorization scheme grants access to serving networks even when the home network is offline, and remains compatible with off-the-shelf devices. Such that eliminates the need for explicit partnerships, facilitating easier scalability
Evaluation
The experiments demonstrate that dAuth successfully operates with existing systems in a federated community network. In a simulated 5G RAN, dAuth performs comparably to a standalone cloud-based 5G core under low load conditions and outperforms a centralized core at high load due to its inherent load-sharing capabilities.
Q1 : Can the authentication process be tested in a real-world scenario rather than just in simulations?
A1: Some initial testing has been done on a private network, but fully integrating research code into active networks with users is challenging. The plan is to eventually implement this in real-world networks to build a functioning federation system.
Q2: Can the system handle policy control and caching policies such as credit remaining for users when the network is offline?
A2: The focus has been on authentication. Policy control functions are complex and not addressed yet, as the current network is free and does not require such controls. These issues are acknowledged as areas needing future work.
Personal thoughts
dAuth enables the real-world deployment of small cellular networks using standards-compliant Commercial Off-The-Shelf (COTS) UEs. It leverages the AKA authentication scheme to allow networks to proactively share authentication materials, providing redundancy in case of local failures. dAuth might inspire some follow-up works such as exploring the performance of handover between small networks in the envisioned federation and reducing the dependency on centralized spectrum access systems (SAS) to manage radio resource usage.