Network slicing is promising to provide the most cost-effective way of supporting 5G and beyond End-to-End (E2E) services in a multi-domain/multi-tenant environment. However, security issues are expected to worsen. Indeed, a 5G E2E service could be provided among participation of multiple stakeholders deploying each its security mechanism, which would reduce the flexibility and efficiency that are supposed to characterize 5G services. Also, fierce competition for market share may lead some stakeholders to cheat in the processing of individuals’ data and thus infringe on privacy, and undermine the trust between stakeholders. Public Key Cryptography is widely used where the main challenge is how to ensure the authenticity of cryptographic keys. Thus, a trusted third party is the most common way to assure binding a public–private key pair to the identity of the owner, where the word trusted differs from a public key scheme to another. In Public Key Infrastructure, the Certification Authority is trusted for not forging users’ certificates. In Identity-Based Public Key Cryptography, the Private Key Generator is trusted for not decrypting entities’ ciphertext, let alone forging their signatures. Similarly, in Certificateless Public Key Cryptography, the Key Generator Center (KGC) is trusted for not replacing entities’ public keys. In this paper, we propose an aggregation of several Certificateless Public Key systems in a 5G multi-domain/multi-tenant environment to merge them into a virtual cryptosystem without requiring any sort of trustiness in KGCs. The only assumption is that KGCs do not collude through sharing their secret keys. We have put this new cryptosystem into concrete encryption, signature, and authenticated key agreement schemes, and proved their security against a new adversarial model based on new underlying computational and bilinear hardness assumptions about Diffie–Hellman problem in the random oracle model. We believe that this new cryptosystem enables and ensures a secure management of multi-domain/multi-tenant 5G E2E services, even if at most (n-1) KGCs do collude.

网络切片有望提供在多域/多租户环境中支持 5G 和超越端到端 (E2E) 服务的最具成本效益的方式。然而，安全问题预计会恶化。实际上，可以在部署每个安全机制的多个利益相关者的参与中提供 5G E2E 服务，这将降低应该表征 5G 服务的灵活性和效率。此外，市场份额的激烈竞争可能会导致一些利益相关者在处理个人数据时作弊，从而侵犯隐私，破坏利益相关者之间的信任。公钥密码术被广泛使用，主要挑战是如何确保加密密钥的真实性。因此，值得信赖与另一个公钥方案不同。在公钥基础设施中，证书颁发机构因不会伪造用户证书而受到信任。在基于身份的公钥密码术中，私钥生成器被信任不会解密实体的密文，更不用说伪造他们的签名了。类似地，在无证书公钥密码术中，密钥生成器中心 (KGC) 因不替换实体的公钥而受到信任。在本文中，我们建议在 5G 多域/多租户环境中聚合多个无证书公钥系统，以将它们合并到一个虚拟密码系统中，而无需对 KGC 进行任何信任。唯一的假设是 KGC 不会通过共享他们的密钥来串通。我们已经把这个新的密码系统变成了具体的加密、签名、并验证了密钥协商方案，并证明了它们对基于随机预言模型中关于 Diffie-Hellman 问题的新底层计算和双线性硬度假设的新对抗模型的安全性。我们相信，即使最多 (n-1) 个 KGC 串通，这种新的密码系统也能实现并确保多域/多租户 5G E2E 服务的安全管理。