Decentralized Certificate Management for Network Function Virtualization (NFV) Implementation in 5G Networks

The certificate cost and certificate management complexity increase when PKI is leveraged into Network Function Virtualization (NFV), a significant enabling technology for 5G networks. The expected security of PKI cannot be met because the certificate revocation inquiry is unavailable during the intranet implementation in the operator’s core network. This paper analyses the issues and challenges during the NFV implementation, and proposes a blockchain based decentralized NFV certificate management mechanism. During instantiation, the Virtual Network Functions (VNF) instance generates certificates according to the certificate profile provided in the VNF package. The certificates submitted to the decentralized certificate management system by the instance will be validated by corresponding participants. The certificates will be recorded into the ledger after validation and consensus, and then it will be trusted by the participants. The performance analysis shows the transaction efficiency is non-critical, and the transaction delay of seconds is acceptable in this decentralized system. The delay of the certificate inquiry is critical, and it can be fulfilled by the decentralized deployment of inquiry nodes.