Decentralized Certificate Management for Network Function Virtualisation (NFV) Implementation in Telecommunication Networks

The certificate management complexity and cost increase when PKI technology is leveraged into Network Function Virtualisation (NFV), a significant enabling technology for 5G networks. The expected security of PKI cannot be met due to the unavailability of the certificate revocation inquiry in the telecommunication operator’s core network. This paper analyses the issues and challenges during the NFV implementation and proposes a blockchain-based decentralized NFV certificate management mechanism. During instantiation, the Virtual Network Functions (VNF) instance generates certificates according to the certificate profile provided in the VNF package. The certificate management unit is responsible for the certificate enrolment, renewal, and revocation. The certificates submitted to the decentralized certificate management system by the instance will be recorded into the ledger after validation and consensus. The experiment and analysis show the transaction throughput, and the transaction delay is noncritical in practice, which could be fulfilled by the proposed mechanism. The certificate inquiry performance is critical, which can be facilitated by the decentralized deployment of inquiry nodes.