Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol

• URL: http://arxiv.org/abs/2502.04915v1
• Date: Fri, 07 Feb 2025 13:32:48 GMT
• Title: Securing 5G Bootstrapping: A Two-Layer IBS Authentication Protocol
• Authors: Yilu Dong, Rouzbeh Behnia, Attila A. Yavuz, Syed Rafiul Hussain,
• Abstract summary: Lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to send malicious messages to the devices. We propose E2IBS, a novel and efficient two-layer identity-based signature scheme for seamless integration with existing cellular protocols. Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification.
• Score: 4.087348638056961
• License:
• Abstract: The lack of authentication during the initial bootstrapping phase between cellular devices and base stations allows attackers to deploy fake base stations and send malicious messages to the devices. These attacks have been a long-existing problem in cellular networks, enabling adversaries to launch denial-of-service (DoS), information leakage, and location-tracking attacks. While some defense mechanisms are introduced in 5G, (e.g., encrypting user identifiers to mitigate IMSI catchers), the initial communication between devices and base stations remains unauthenticated, leaving a critical security gap. To address this, we propose E2IBS, a novel and efficient two-layer identity-based signature scheme designed for seamless integration with existing cellular protocols. We implement E2IBS on an open-source 5G stack and conduct a comprehensive performance evaluation against alternative solutions. Compared to the state-of-the-art Schnorr-HIBS, E2IBS reduces attack surfaces, enables fine-grained lawful interception, and achieves 2x speed in verification, making it a practical solution for securing 5G base station authentication.

Related papers

• Securing Wi-Fi 6 Connection Establishment Against Relay and Spoofing Threats [8.770626974296949]
  Current Wi-Fi security protocols fail to fully mitigate attacks like man-in-the-middle, preamble spoofing, and relaying. We design a backward-compatible scheme using a digital signature interwoven into the preambles at the physical (PHY) layer with time constraints. We show that our relay attack detection achieves 96-100% true positive rates.
  arXiv  Detail & Related papers  (2025-01-02T19:49:24Z)
• TIMESAFE: Timing Interruption Monitoring and Security Assessment for Fronthaul Environments [25.43682473591802]
  We show how a spoofing attack is able to cause a production-ready O-RAN and 5G-compliant private cellular base station to catastrophically fail within 2 seconds of the attack. To counter this, we design a Machine Learning-based monitoring solution capable of detecting various malicious attacks with over 97.5% accuracy.
  arXiv  Detail & Related papers  (2024-12-17T16:13:37Z)
• VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
  vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks. VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices. Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
  arXiv  Detail & Related papers  (2024-12-05T17:08:20Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• The impact of mobility, beam sweeping and smart jammers on security vulnerabilities of 5G cells [13.784352398504343]
  The vulnerability of 5G networks to jamming attacks has emerged as a significant concern. This paper investigates the effect of a multi-jammer on 5G cell metrics, specifically throughput and goodput.
  arXiv  Detail & Related papers  (2024-11-07T19:45:15Z)
• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• Unprotected 4G/5G Control Procedures at Low Layers Considered Dangerous [4.235733335401408]
  We study the complexity of the cellular standards and the high degree of cross-layer operations. We find that current cellular systems are susceptible to several new passive attacks due to information leakage. We identify active attacks that reduce the users' throughput by disabling RF front ends at the UE.
  arXiv  Detail & Related papers  (2024-03-11T13:42:05Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• Towards Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism [1.33134751838052]
  This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution. We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions. We augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD)
  arXiv  Detail & Related papers  (2023-12-27T02:54:55Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.