Study of 5G Roaming Security

More Info
expand_more

Abstract

This thesis titled ´Study of 5G Roaming Security´ investigates the potential network vulnerabilities of 5G roaming reference points. The 5G Non-Standalone (NSA) is already being deployed in different countries across the world. With 3G becoming obsolete, mobile communication will primarily depend on 4G and 5G-NSA. In the later stages of the 5G rollout, 5G Standalone (SA) deployment will also take place gradually. Since 5G will support various use cases such as connected vehicles, smart farming, and smart healthcare, the number of connected devices will eventually increase. This would mean more data traffic generation compared to the LTE. In such a scenario, the privacy protection of the User Plane becomes highly significant. This thesis work provides a randomization-based security solution that would make the Standalone 5G reference points more robust to interception attacks.

The goal is to implement a negotiation-based randomization solution over N9, N3, and N32 as these reference points cross the HPLMN boundary. This solution will be a part of the GTP-U header and can be easily implemented by modifying the existing signaling procedures. Random bytes will be added to the GTP-U header before the start of the payload. The idea of adding randomization bytes has been extended to include TCP-based randomization and IMS-based randomization. The TCP-based randomization also includes two different algorithms for the addition of random bytes. After analyzing the User Plane security, the vulnerability analysis of SEPP was undertaken, to understand the vulnerabilities that can be a threat to the network infrastructure. A vulnerability assessment matrix was made and high-risk vulnerabilities were highlighted along with a few precautionary steps. The implementation details and architectural changes for the implementation of GTP and TCP-based randomization are provided. The randomization is useful in masking the signature distribution of an application's packet length and can be a powerful protection mechanism against data traffic analysis attacks.

Files

Thesis_1Dec..pdf
(pdf | 3.4 Mb)
Unknown license