To address the vulnerability of cellular networks to fake base station (femtocell) attacks stemming from the absence of base station identity authentication, this paper proposes a three-factor collaborative authentication mechanism integrating X.509 certificates (embedding base station public keys and GPS coordinates), blockchain-based offline certificate distribution, and RRC-layer SIB1 signature verification. It innovatively models geographic location, blockchain ledger entries, and RRC-layer cryptographic signatures as heterogeneous trusted anchors. The work introduces, for the first time, an Ethereum smart contract–enabled offline certificate distribution architecture supporting ≥256-bit ECDSA keys—ensuring both backward compatibility and protocol lightweighting. Experimental evaluation demonstrates that the mechanism effectively mitigates typical fake base station attacks, reduces terminal computational overhead and energy consumption by over 3×, and significantly enhances authenticity and integrity assurance for control channels.

Current cellular networking remains vulnerable to malicious fake base stations due to the lack of base station authentication mechanism or even a key to enable authentication. We design and build a base station certificate (certifying the base station's public key and location) and a multi-factor authentication (making use of the certificate and the information transmitted in the online radio control communications) to secure the authenticity and message integrity of the base station control communications. We advance beyond the state-of-the-art research by introducing greater authentication factors (and analyzing their individual security properties and benefits), and by using blockchain to deliver the base station digital certificate offline (enabling greater key length or security strength and computational or networking efficiency). We design the certificate construction, delivery, and the multi-factor authentication use on the user equipment. The user verification involves multiple factors verified through the ledger database, the location sensing (GPS in our implementation), and the cryptographic signature verification of the cellular control communication (SIB1 broadcasting). We analyze our scheme's security, performance, and the fit to the existing standardized networking protocols. Our work involves the implementation of building on X.509 certificate (adapted), smart contract-based blockchain, 5G-standardized RRC control communications, and software-defined radios. Our analyses show that our scheme effectively defends against more security threats and can enable stronger security, i.e., ECDSA with greater key lengths. Furthermore, our scheme enables computing and energy to be more than three times efficient than the previous research on the mobile user equipment.