UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework

Evangelos Bitsikas, Syed Khandker, Ahmad Salous, Aanjhan Ranganathan, Roger Piqueras Jover, Christina Pöpper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security flaws and vulnerabilities in cellular networks lead to severe security threats given the data-plane services that are involved, from calls to messaging and Internet access. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of User Equipment (UE) has only been conducted and reported publicly for 4G/LTE and earlier network generations. In this paper, we develop and present the first open-source based security testing framework for 5G SA User Equipment. To that end, we modify the functionality of open-source suites (Open5GS and srsRAN) and develop a broad set of test cases for the 5G NAS and RRC layers. We apply our testing framework in a proof-of-concept manner to 5G SA mobile phones and provide detailed insights from our experiments. While being a framework in development, the results of our experiments presented in this paper can assist other researchers in the field and have the potential to improve 5G SA security.

Original languageEnglish (US)
Title of host publicationWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages121-132
Number of pages12
ISBN (Electronic)9781450398596
DOIs
StatePublished - May 29 2023
Event16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023 - Guildford, United Kingdom
Duration: May 29 2023Jun 1 2023

Publication series

NameWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023
Country/TerritoryUnited Kingdom
CityGuildford
Period5/29/236/1/23

Keywords

  • 5g
  • open5gs
  • security testing
  • srsran
  • user equipment

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software
  • Safety Research
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework'. Together they form a unique fingerprint.

Cite this