Performance Evaluation of Transport Layer Security in the 5G Core Control Plane

As 5G is currently being rolled out, security considerations for this critical infrastructure are getting more into focus. Hereby, the security investigation of the 5G core as the central element plays a pivotal role. The structure of the core is based on a Service-Based Architecture (SBA) consisting of Network Functions (NFs). These NFs communicate via REST/HTTP2 interfaces, that can be secured using Transport Layer Security (TLS) for encryption. However, this enhanced security is not enforced by standardization, but up to the system operator to decide. Therefore, in this work we derive recommendations on when to use TLS. For that, we investigate the overhead of TLS in a simulation, based on the open-source frameworks Open5GS and UERANSIM. To measure a user-relevant overhead, we look into 5G's UE registration and Packet Data Unit (PDU) session establishment procedures. By testing 14 of the most relevant cipher suites, our results show, that TLS adds no more than 1% of time overhead in a running system. Further, we show cipher suites using ECDSA keys to be faster than the ones using RSA keys. Surprisingly, TLS 1.3 shows a larger performance overhead than its predecessor TLS 1.2. We demonstrate CPU and memory overhead of TLS to be insignificant in the context of the 5G core.     «

As 5G is currently being rolled out, security considerations for this critical infrastructure are getting more into focus. Hereby, the security investigation of the 5G core as the central element plays a pivotal role. The structure of the core is based on a Service-Based Architecture (SBA) consisting of Network Functions (NFs). These NFs communicate via REST/HTTP2 interfaces, that can be secured using Transport Layer Security (TLS) for encryption. However, this enhanced security is not enforced...     »