5G network exposes serious vulnerabilities: other user data can be stolen

The network slicing and virtualized network functions of the 5G architecture have security vulnerabilities. Malicious attackers may use this to cross different network slices on the mobile operator's 5G network to launch data access and denial of service attacks. Mobile security company AdaptiveMobile reported the latest research results to the GSM Association (GSMA) on February 4, and numbered the security vulnerability discovered this time as CVD-2021-0047.

There are loopholes in 5G network slicing. 5G is an evolved version of 4G LTE technology, using a service-based architecture (SBA) to provide a modular framework to deploy a set of interconnected network functions. Users can use this to obtain and authorize service access capabilities far beyond the previous ones. AdaptiveMobile said, “5G service-based architecture provides multiple security functions, including valuable experience learned from previous generations of network technologies. But on the other hand, 5G service-based architecture itself is still a new network concept that requires The opening of the network to new partners and services will inevitably bring new security challenges."

5G is an evolved version of 4G LTE technology
According to this mobile security company, the new security risks brought by the 5G architecture are not only related to the rigid requirements for supporting traditional functions, but also related to the "increased protocol complexity" brought about by the transition from 4G to 5G. Specifically, the design of the new architecture may leave opportunities for the following multiple attack methods: by forcing the use of slice specifiers to perform malicious access to specific slices. The slice discriminator is an optional value set by network operators to distinguish between slices of the same type. Once abused, unauthorized attackers will be able to access information in specific slices of the same type through other slices, such as access and mobile management. Function (AMF), location information of user equipment, etc. Use the compromised slice to perform a denial of service (DoS) attack against another network function.

The above attack is expected to work because the 5G service-based architecture lacks a check mechanism to ensure that the slice identity in the signaling layer request matches the slice identity actually used in the transport layer. In this way, an attacker can access the 5G operator's service-based architecture through network functions, thereby gaining control of the core network and network slicing. It should be noted that the signaling layer belongs to the application layer specific to the telecommunications network, and is used to exchange signaling messages between various network functions in different slices.

What is 5G network slicing? An important method for coordinating the service-based architecture in the core of the 5G network is the network slicing model mentioned above. As the name implies, the basic idea of ​​network slicing is to "slice" the original network architecture into multiple independent logical virtual networks, and ensure that each network can meet specific business goals through corresponding configurations. And this design puts forward strict requirements on the quality of service (QoS) of each slice. In addition, each fragment in the core network is composed of logical groupings of network functions (NF). We can assign these network functions to specific slices, or share specific functions among different slices. In other words, this network slicing model can help network operators build highly optimized customized solutions for specific industries by creating independent slices that prioritize certain characteristics (for example, larger bandwidth). For example, mobile broadband slicing can be used to promote entertainment and Internet-related services; IoT slicing can be well adapted to the operational needs of the retail and manufacturing industries; and low-latency independent slicing can fully serve safeguard industries such as healthcare and infrastructure .

In order to deal with this threat, in addition to deploying signaling layer protection solutions, AdaptiveMobile also recommends the use of signaling security filters between shared and non-shared network functions between different slices, core networks, and external partners. This method can divide the network into multiple different security areas, thereby resisting the hidden danger of data leakage caused by the lack of correlation between different layers.

Although the existing 5G architecture does not yet support this kind of protection node, AdaptiveMobile recommends in the research report to enhance the service communication agent (SCP) to verify the correctness of the message format, perform information matching between various layers and protocols, and cooperate with the load Related functions to prevent DoS attacks.

The researchers concluded, “This filtering and verification method can divide the network into multiple security zones to protect the 5G core network. These secure network functions can correlate attack information between each other and resist high-level attacks to the greatest extent. In addition to significantly improving the attack mitigation and detection speed, the number of security false positives is minimized."

Source: https://cstis.cn/post/e37f2b7c-863f-b425-9313-712c3558f58a

Post a Comment

Previous Post Next Post