Penetration Testing of 5G Core Network Web Technologies

• URL: http://arxiv.org/abs/2403.01871v1
• Date: Mon, 4 Mar 2024 09:27:11 GMT
• Title: Penetration Testing of 5G Core Network Web Technologies
• Authors: Filippo Giambartolomei, Marc Barceló, Alessandro Brighente, Aitor Urbieta, Mauro Conti,
• Abstract summary: We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
• Score: 53.89039878885825
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Thanks to technologies such as virtual network function the Fifth Generation (5G) of mobile networks dynamically allocate resources to different types of users in an on-demand fashion. Virtualization extends up to the 5G core, where software-defined networks and network slicing implement a customizable environment. These technologies can be controlled via application programming interfaces and web technologies, inheriting hence their security risks and settings. An attacker exploiting vulnerable implementations of the 5G core may gain privileged control of the network assets and disrupt its availability. However, there is currently no security assessment of the web security of the 5G core network. In this paper, we present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Thanks to a suite of security testing tools, we cover all of these threats and test the security of the 5G core. In particular, we test the three most relevant open-source 5G core implementations, i.e., Open5GS, Free5Gc, and OpenAirInterface. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors, demanding increased security measures in the development of future 5G core networks.

Related papers

• SoK: Evaluating 5G Protocols Against Legacy and Emerging Privacy and Security Attacks [2.5554069583567487]
  We study existing privacy and security attacks in pre-5G networks, analyzing the weaknesses that lead to these attacks. We study the security characteristics of 5G up to the new Release 19, and examine mitigation mechanisms of 5G to the identified pre-5G attacks.
  arXiv  Detail & Related papers  (2024-09-10T09:30:37Z)
• Advanced Penetration Testing for Enhancing 5G Security [0.0]
  This paper reviews penetration testing approaches for identifying security vulnerabilities in 5G networks. It examines ways adversaries exploit vulnerabilities in 5G networks, covering tactics and strategies targeted at 5G features. Our research indicates that 5G penetration testing should use a multithreaded approach for addressing current security challenges.
  arXiv  Detail & Related papers  (2024-07-24T13:35:35Z)
• Autonomous Adaptive Security Framework for 5G-Enabled IoT [0.8738214980779235]
  5G can provide more rapid connection speeds, lower latency, faster downloads, and capability to connect more devices. 5G-enabled IoT networks increase systems vulnerabilities to security threats due to these dynamics. This task specifies new adaptive strategies of security intelligence with associated scenarios to meet the challenges of 5G-IoT characteristics.
  arXiv  Detail & Related papers  (2024-06-04T13:17:04Z)
• A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid [62.91192307098067]
  This paper proposes a novel zero trust framework for a power grid supply chain (PGSC) It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats. Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
  arXiv  Detail & Related papers  (2024-03-11T02:47:21Z)
• Generative AI for Secure Physical Layer Communications: A Survey [80.0638227807621]
  Generative Artificial Intelligence (GAI) stands at the forefront of AI innovation, demonstrating rapid advancement and unparalleled proficiency in generating diverse content. In this paper, we offer an extensive survey on the various applications of GAI in enhancing security within the physical layer of communication networks. We delve into the roles of GAI in addressing challenges of physical layer security, focusing on communication confidentiality, authentication, availability, resilience, and integrity.
  arXiv  Detail & Related papers  (2024-02-21T06:22:41Z)
• 5G Network Security Practices: An Overview and Survey [0.10742675209112622]
  This document provides an overview of 5G network security, describing various components of the 5G core network architecture and what kind of security services are offered by these 5G components. It also explores the potential security risks and vulnerabilities presented by the security architecture in 5G.
  arXiv  Detail & Related papers  (2024-01-25T17:54:45Z)
• When Authentication Is Not Enough: On the Security of Behavioral-Based Driver Authentication Systems [53.2306792009435]
  We develop two lightweight driver authentication systems based on Random Forest and Recurrent Neural Network architectures. We are the first to propose attacks against these systems by developing two novel evasion attacks, SMARTCAN and GANCAN. Through our contributions, we aid practitioners in safely adopting these systems, help reduce car thefts, and enhance driver security.
  arXiv  Detail & Related papers  (2023-06-09T14:33:26Z)
• Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems [5.918387680589584]
  5G networks have transitioned to software-defined infrastructures. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This article presents a comprehensive security analysis framework for the 5GCN.
  arXiv  Detail & Related papers  (2021-08-07T20:07:08Z)
• Towards Self-learning Edge Intelligence in 6G [143.1821636135413]
  Edge intelligence, also called edge-native artificial intelligence (AI), is an emerging technological framework focusing on seamless integration of AI, communication networks, and mobile edge computing. In this article, we identify the key requirements and challenges of edge-native AI in 6G.
  arXiv  Detail & Related papers  (2020-10-01T02:16:40Z)
• Measurement-driven Security Analysis of Imperceptible Impersonation Attacks [54.727945432381716]
  We study the exploitability of Deep Neural Network-based Face Recognition systems. We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim. We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
  arXiv  Detail & Related papers  (2020-08-26T19:27:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.