TY - GEN
T1 - UE Security Reloaded
T2 - 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023
AU - Bitsikas, Evangelos
AU - Khandker, Syed
AU - Salous, Ahmad
AU - Ranganathan, Aanjhan
AU - Piqueras Jover, Roger
AU - Pöpper, Christina
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/5/29
Y1 - 2023/5/29
N2 - Security flaws and vulnerabilities in cellular networks lead to severe security threats given the data-plane services that are involved, from calls to messaging and Internet access. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of User Equipment (UE) has only been conducted and reported publicly for 4G/LTE and earlier network generations. In this paper, we develop and present the first open-source based security testing framework for 5G SA User Equipment. To that end, we modify the functionality of open-source suites (Open5GS and srsRAN) and develop a broad set of test cases for the 5G NAS and RRC layers. We apply our testing framework in a proof-of-concept manner to 5G SA mobile phones and provide detailed insights from our experiments. While being a framework in development, the results of our experiments presented in this paper can assist other researchers in the field and have the potential to improve 5G SA security.
AB - Security flaws and vulnerabilities in cellular networks lead to severe security threats given the data-plane services that are involved, from calls to messaging and Internet access. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of User Equipment (UE) has only been conducted and reported publicly for 4G/LTE and earlier network generations. In this paper, we develop and present the first open-source based security testing framework for 5G SA User Equipment. To that end, we modify the functionality of open-source suites (Open5GS and srsRAN) and develop a broad set of test cases for the 5G NAS and RRC layers. We apply our testing framework in a proof-of-concept manner to 5G SA mobile phones and provide detailed insights from our experiments. While being a framework in development, the results of our experiments presented in this paper can assist other researchers in the field and have the potential to improve 5G SA security.
KW - 5g
KW - open5gs
KW - security testing
KW - srsran
KW - user equipment
UR - http://www.scopus.com/inward/record.url?scp=85166211032&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85166211032&partnerID=8YFLogxK
U2 - 10.1145/3558482.3590194
DO - 10.1145/3558482.3590194
M3 - Conference contribution
AN - SCOPUS:85166211032
T3 - WiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 121
EP - 132
BT - WiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
Y2 - 29 May 2023 through 1 June 2023
ER -