Study of 5G Roaming Security

Master thesis (2023)

Authors

S. Kulshrestha Electrical Engineering, Mathematics and Computer Science

Contributors

R.A.C.J. Noldus Network Architectures and Services - (mentor)

E. Smeitink Network Architectures and Services - (graduation committee member)

Q. Wang Embedded Systems - (graduation committee member)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

To reference this document use:

http://resolver.tudelft.nl/uuid:4e9a648d-8d87-49ad-a73c-0be344a6b879

More Info

expand_more

Published Date

01-12-2023

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

This thesis titled ´Study of 5G Roaming Security´ investigates the potential network vulnerabilities of 5G roaming reference points. The 5G Non-Standalone (NSA) is already being deployed in different countries across the world. With 3G becoming obsolete, mobile communication will primarily depend on 4G and 5G-NSA. In the later stages of the 5G rollout, 5G Standalone (SA) deployment will also take place gradually. Since 5G will support various use cases such as connected vehicles, smart farming, and smart healthcare, the number of connected devices will eventually increase. This would mean more data traffic generation compared to the LTE. In such a scenario, the privacy protection of the User Plane becomes highly significant. This thesis work provides a randomization-based security solution that would make the Standalone 5G reference points more robust to interception attacks.

The goal is to implement a negotiation-based randomization solution over N9, N3, and N32 as these reference points cross the HPLMN boundary. This solution will be a part of the GTP-U header and can be easily implemented by modifying the existing signaling procedures. Random bytes will be added to the GTP-U header before the start of the payload. The idea of adding randomization bytes has been extended to include TCP-based randomization and IMS-based randomization. The TCP-based randomization also includes two different algorithms for the addition of random bytes. After analyzing the User Plane security, the vulnerability analysis of SEPP was undertaken, to understand the vulnerabilities that can be a threat to the network infrastructure. A vulnerability assessment matrix was made and high-risk vulnerabilities were highlighted along with a few precautionary steps. The implementation details and architectural changes for the implementation of GTP and TCP-based randomization are provided. The randomization is useful in masking the signature distribution of an application's packet length and can be a powerful protection mechanism against data traffic analysis attacks.

Files

Thesis_1Dec..pdf

(.pdf | 3.4 Mb)