Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 165 tok/s
Gemini 2.5 Pro 47 tok/s Pro
GPT-5 Medium 25 tok/s Pro
GPT-5 High 26 tok/s Pro
GPT-4o 81 tok/s Pro
Kimi K2 189 tok/s Pro
GPT OSS 120B 445 tok/s Pro
Claude Sonnet 4.5 35 tok/s Pro
2000 character limit reached

Penetration Testing of 5G Core Network Web Technologies (2403.01871v1)

Published 4 Mar 2024 in cs.CR

Abstract: Thanks to technologies such as virtual network function the Fifth Generation (5G) of mobile networks dynamically allocate resources to different types of users in an on-demand fashion. Virtualization extends up to the 5G core, where software-defined networks and network slicing implement a customizable environment. These technologies can be controlled via application programming interfaces and web technologies, inheriting hence their security risks and settings. An attacker exploiting vulnerable implementations of the 5G core may gain privileged control of the network assets and disrupt its availability. However, there is currently no security assessment of the web security of the 5G core network. In this paper, we present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Thanks to a suite of security testing tools, we cover all of these threats and test the security of the 5G core. In particular, we test the three most relevant open-source 5G core implementations, i.e., Open5GS, Free5Gc, and OpenAirInterface. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors, demanding increased security measures in the development of future 5G core networks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (22)
  1. “5G; System architecture for the 5G System (5GS) ,” ETSI, TS 123 501 v17.7.0, Jan. 2023.
  2. A. Padmanabhan, “5G ue data rate,” https://devopedia.org/5g-ue-data-rate, October 2023.
  3. H. Williams, “A timeline of 5G development: From 1979 to now,” https://www.techadvisor.com/article/724833/a-timeline-of-5g-development-from-1979-to-now.html, April 2020.
  4. Q. Tang, O. Ermis, C. D. Nguyen, A. De Oliveira, and A. Hirtzig, “A systematic analysis of 5g networks with a focus on 5g core security,” IEEE Access, vol. 10, pp. 18 298–18 319, 2022.
  5. S. Sullivan, A. Brighente, S. A. P. Kumar, and M. Conti, “5G security challenges and solutions: A review by osi layers,” IEEE Access, 2021.
  6. A. Lotto, V. Singh, B. Ramasubramanian, A. Brighente, M. Conti, and R. Poovendran, “Baron: Base-station authentication through core network for mobility management in 5G networks,” in Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2023, pp. 133–144.
  7. M. Chlosta, D. Rupprecht, C. Pöpper, and T. Holz, “5G suci-catchers: Still catching them all?” in Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 359–364.
  8. G. Holtrup, W. Lacube, D. P. David, A. Mermoud, G. Bovet, and V. Lenders, “5G system security analysis,” Cyber Defence Campus, August 2021.
  9. R. Pell, S. Moschoyiannis, E. Panaousis, and R. Heartfield, “Towards dynamic threat modelling in 5G core networks based on mitre att&ck,” October 2021.
  10. B. I. M. Altariqi, “5G core and (nfvi) network functions virtualization infrastructure penetration testing,” 2020.
  11. A. Shostack, “Experiences threat modeling at microsoft.” MODSEC@ MoDELS, vol. 2008, p. 35, 2008.
  12. G. Brown, “Service-based architecture for 5g core networks,” Huawei White Paper, vol. 1, 2017.
  13. G. Mayer, “Restful apis for the 5g service based architecture,” Journal of ICT Standardization, pp. 101–116, 2018.
  14. OWASP, “Top 10 web application security risks,” https://owasp.org/www-project-top-ten/, 2021.
  15. F. J. de Souza Neto, E. Amatucci, N. A. Nassif, and P. A. M. Farias, “Analysis for comparison of framework for 5G core implementation,” 2021.
  16. Y. Liu, Q. Li, Q. Cao, Z. Huang, Y. Li, and Y. Fan, “Evaluation of free5gc forwarding performance on private and public clouds,” in 2022 IEEE Cloud Summit.   IEEE, 2022, pp. 9–16.
  17. T. Kim, J. Kim, H. Ko, S. Seo, Y. Jcon, H. Jeong, S. Lee, and S. Pack, “An implementation study of network data analytic function in 5g,” in 2022 IEEE International Conference on Consumer Electronics (ICCE).   IEEE, 2022, pp. 1–3.
  18. L. Mamushiane, A. Lysko, H. Kobo, and J. Mwangama, “Deploying a stable 5g sa testbed using srsran and open5gs: Ue integration and troubleshooting towards network slicing,” in 2023 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD).   IEEE, 2023, pp. 1–10.
  19. O.-M. Dumitru-Guzu and C. Vlădeanu, “Analysis of potential threats in nextgen 5g core,” in 2022 International Symposium on Electronics and Telecommunications (ISETC).   IEEE, 2022, pp. 1–4.
  20. N. Nikaein, M. K. Marina, S. Manickam, A. Dawson, R. Knopp, and C. Bonnet, “Openairinterface: A flexible platform for 5g research,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 5, pp. 33–38, 2014.
  21. CloudFlare, “What is the principle of least privilege?” https://www.cloudflare.com/learning/access-management/principle-of-least-privilege/, 2017.
  22. PortSwigger, “What is directory traversal and hot to prevent it,” https://portswigger.net/web-security/file-path-traversal, 2018.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

This paper has been mentioned in 1 tweet and received 1 like.

Upgrade to Pro to view all of the tweets about this paper:

Start a free 7-day Pro trial