Penetration Testing of 5G Core Network Web Technologies
arxiv(2024)
摘要
Thanks to technologies such as virtual network function the Fifth Generation
(5G) of mobile networks dynamically allocate resources to different types of
users in an on-demand fashion. Virtualization extends up to the 5G core, where
software-defined networks and network slicing implement a customizable
environment. These technologies can be controlled via application programming
interfaces and web technologies, inheriting hence their security risks and
settings. An attacker exploiting vulnerable implementations of the 5G core may
gain privileged control of the network assets and disrupt its availability.
However, there is currently no security assessment of the web security of the
5G core network.
In this paper, we present the first security assessment of the 5G core from a
web security perspective. We use the STRIDE threat modeling approach to define
a complete list of possible threat vectors and associated attacks. Thanks to a
suite of security testing tools, we cover all of these threats and test the
security of the 5G core. In particular, we test the three most relevant
open-source 5G core implementations, i.e., Open5GS, Free5Gc, and
OpenAirInterface. Our analysis shows that all these cores are vulnerable to at
least two of our identified attack vectors, demanding increased security
measures in the development of future 5G core networks.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要