Intelligent Fuzzing Algorithm for 5G NAS Protocol Based on Predefined Rules

The fifth-generation mobile communication network (5G) is a significant infrastructure with the support of enhanced mobile broadband, ultra-reliable and low latency communication, and massive machine type communication. Due to the large-scale application of 5G in industrial control field, the security of 5G network has become an important issue. In order to efficiently perform security detection on 5G radio access network protocols, we propose an intelligent fuzzing algorithm for 5G NAS protocol based on predefined rules. Through the analysis of the 3GPP NAS protocol technical specification and captured packets, a message structure table is extracted based on the NAS message format and field properties. Different mutation strategies are then dynamically assigned to different key fields to realize the intelligence of the message mutation process. Furthermore, in order to evaluate the performance of the algorithm, we implement a fuzzing prototype system based on this intelligent mutation algorithm, and then conduct practical security detection on 5G NAS protocol in OAI, an open-source software radio simulation environment. Experimental results show that our proposed intelligent mutation algorithm has better performance in terms of protocol state coverage and the scale of test cases. In addition, five types of security vulnerabilities in OAI are also exposed in this paper, namely buffer overflow, use-after-free, infinite loop, memory access for uninitialized address, and memory access for NULL pointers. These vulnerabilities could result in denial of registration services to users.