Integrity Under Siege: A Rogue gNodeB's Manipulation of 5G Network Slice Allocation
- URL: http://arxiv.org/abs/2511.03312v1
- Date: Wed, 05 Nov 2025 09:26:39 GMT
- Title: Integrity Under Siege: A Rogue gNodeB's Manipulation of 5G Network Slice Allocation
- Authors: Jiali Xu, Valeria Loscri, Romain Rouvoy,
- Abstract summary: 5G networks, with network slicing as a cornerstone technology, promises customized, high-performance services, but also introduces novel attack surfaces beyond traditional threats.<n>This article investigates a critical and underexplored integrity vulnerability: the manipulation of network slice allocation to compromise Quality of Service (QoS) and resource integrity.<n>We show how a rogue gNodeB acting as a Man-in-the-Middle can exploit protocol weaknesses to forge slice requests and hijack a User Equipment's connection.
- Score: 2.90110037823427
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The advent of 5G networks, with network slicing as a cornerstone technology, promises customized, high-performance services, but also introduces novel attack surfaces beyond traditional threats. This article investigates a critical and underexplored integrity vulnerability: the manipulation of network slice allocation to compromise Quality of Service (QoS) and resource integrity. We introduce a threat model, grounded in a risk analysis of permissible yet insecure configurations like null-ciphering (5G-EA0), demonstrating how a rogue gNodeB acting as a Man-in-the-Middle can exploit protocol weaknesses to forge slice requests and hijack a User Equipment's (UE) connection. Through a comprehensive experimental evaluation on a 5G testbed, we demonstrate the attack's versatile and severe impacts. Our findings show this integrity breach can manifest as obvious QoS degradation, such as a 95% bandwidth reduction and 150% latency increase when forcing UE to a suboptimal slice, or as stealthy slice manipulation that is indistinguishable from benign network operation and generates no core network errors. Furthermore, we validate a systemic resource contamination attack where redirecting a crowd of UE orchestrates a Denial-of-Service, causing packet loss to exceed 60% and inducing measurable CPU saturation (~80%) on core network User Plane Functions (UPFs). Based on these results, we discuss the profound implications for Service Level Agreements (SLAs) and critical infrastructure. We propose concrete, cross-layer mitigation strategies for network operators as future work, underscoring the urgent need to secure the integrity of dynamic resource management in 5G networks.
Related papers
- SAGE-5GC: Security-Aware Guidelines for Evaluating Anomaly Detection in the 5G Core Network [10.75690780447407]
We study the problem of detecting 5G attacks textitin the wild, focusing on realistic deployment settings.<n>We propose a set of Security-Aware Guidelines for evaluating anomaly detectors in 5G Core Network (SAGE-5GC)<n>Using a realistic 5G Core dataset, we first train several anomaly detectors and assess their baseline performance against standard 5GC control-plane cyberattacks.<n>We then extend the evaluation to adversarial settings, where an attacker tries to manipulate the observable features of the network traffic to evade detection.
arXiv Detail & Related papers (2026-02-03T14:50:19Z) - Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
arXiv Detail & Related papers (2026-01-06T10:30:41Z) - How Feasible are Passive Network Attacks on 5G Networks and Beyond? A Survey [0.8538830579425144]
This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks.<n>It focuses on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation.<n>Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms.
arXiv Detail & Related papers (2025-11-21T13:17:54Z) - Bit-Flipping Attack Exploration and Countermeasure in 5G Network [3.0524801814543]
We investigate the vulnerability of 5G systems to bit-flipping attacks, which is an integrity attack where an adversary intercepts 5G network traffic and modifies specific fields of an encrypted message without decryption, thus mutating the message while remaining valid to the receiver.<n>We propose a keystream-based shuffling defense mechanism to mitigate the effect of such attacks by raising the difficulty of manipulating specific encrypted fields, while introducing no additional communication overhead compared to the NAS Integrity Algorithm (NIA) in 5G.
arXiv Detail & Related papers (2025-11-06T23:51:28Z) - Cross-Service Token: Finding Attacks in 5G Core Networks [58.86003502940164]
We present FivGeeFuzz, a grammar-based fuzzing framework designed to uncover security flaws in 5G core SBIs.<n>Using FivGeeFuzz, we discovered 8 previously unknown vulnerabilities in free5GC, leading to runtime crashes, improper error handling, and unauthorized access to resources.
arXiv Detail & Related papers (2025-09-10T20:40:33Z) - Privacy-preserving authentication for military 5G networks [0.0]
5G networks gain traction in defense applications, ensuring the privacy and integrity of the Authentication and Key Agreement protocol is critical.<n>This paper provides a unified analysis of the standardized 5G AKA flow, identifying several vulnerabilities and highlighting how each exploits protocol behavior to compromise user privacy.<n>We present five lightweight mitigation strategies.<n>Among the solutions studied, those introducing a UE-generated nonce emerge as the most promising, effectively neutralizing the identified tracking and correlation attacks with negligible additional overhead.
arXiv Detail & Related papers (2025-09-01T13:38:11Z) - FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks.
We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness.
Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
arXiv Detail & Related papers (2024-03-26T08:51:23Z) - A Zero Trust Framework for Realization and Defense Against Generative AI
Attacks in Power Grid [62.91192307098067]
This paper proposes a novel zero trust framework for a power grid supply chain (PGSC)
It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats.
Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
arXiv Detail & Related papers (2024-03-11T02:47:21Z) - Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective.
We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks.
Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z) - Towards Zero-Trust 6GC: A Software Defined Perimeter Approach with Dynamic Moving Target Defense Mechanism [1.33134751838052]
This paper introduces the concept of Software Defined Perimeter (SDP) as an innovative solution.
We capitalize on the SDP controller-based authentication and authorization mechanisms to secure the EPC network's control and data plane functions.
We augment the SDP zero-trust capabilities via the incorporation of a dynamic component, the Moving Target Defense (MTD)
arXiv Detail & Related papers (2023-12-27T02:54:55Z) - Artificial Intelligence Empowered Multiple Access for Ultra Reliable and
Low Latency THz Wireless Networks [76.89730672544216]
Terahertz (THz) wireless networks are expected to catalyze the beyond fifth generation (B5G) era.
To satisfy the ultra-reliability and low-latency demands of several B5G applications, novel mobility management approaches are required.
This article presents a holistic MAC layer approach that enables intelligent user association and resource allocation, as well as flexible and adaptive mobility management.
arXiv Detail & Related papers (2022-08-17T03:00:24Z) - Wild Networks: Exposure of 5G Network Infrastructures to Adversarial
Examples [1.491109220586182]
5G networks must support billions of heterogeneous devices while guaranteeing optimal Quality of Service (QoS)
5G context is exposed to another type of adversarial ML attacks that cannot be formalized with existing threat models.
We propose a novel adversarial ML threat model that is particularly suited to 5G scenarios.
Our attacks affect both the training and the inference stages, can degrade the performance of state-of-the-art ML systems, and have a lower entry barrier than previous attacks.
arXiv Detail & Related papers (2022-07-04T15:52:54Z) - Machine Learning Assisted Security Analysis of 5G-Network-Connected
Systems [5.918387680589584]
5G networks have transitioned to software-defined infrastructures.
New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition.
This article presents a comprehensive security analysis framework for the 5GCN.
arXiv Detail & Related papers (2021-08-07T20:07:08Z) - On Topology Optimization and Routing in Integrated Access and Backhaul
Networks: A Genetic Algorithm-based Approach [70.85399600288737]
We study the problem of topology optimization and routing in IAB networks.
We develop efficient genetic algorithm-based schemes for both IAB node placement and non-IAB backhaul link distribution.
We discuss the main challenges for enabling mesh-based IAB networks.
arXiv Detail & Related papers (2021-02-14T21:52:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.