Down to Earth, Up to Space: A Security Architecture Analysis of 5G Terrestrial and Non-Terrestrial Networks

Abstract

5G non-terrestrial networks (NTN) are getting increasing attention as a complementary solution to the currently deployed 5G terrestrial networks (TN) to provide global connectivity and ensure service continuity, service ubiquity, and service scalability. However, little research has been done into the security architecture of 5G NTN. This thesis aims to close this gap by summarizing the security architecture of 5G terrestrial networks and extending it to 5G non-terrestrial networks. In our security analysis, we are the first to perform a head-to-head comparison of four different NTN architectures (Transparent payload, Full gNB on board, Split CU-DU, and UE-Satellite-UE communication) with the first of its kind head-to-head comparison of the security architecture of 5G terrestrial and non-terrestrial networks.

In the practical part of the thesis, we implement a flooding attack against a 5G base station using OpenAirInterface (OAI), one of the largest open-source 5G network implementations, and evaluate the attack in a terrestrial and a non-terrestrial setup. In the performed experiments using real SDR devices (TN) and simulated LEO and GEO satellites with a transparent payload (NTN), we managed to make the base station permanently allocate more contexts than the defined threshold on the active connections, allowing an attacker to completely exhaust the available memory resources in the long run. Furthermore, we were able to reach the maximum number of allowed connections in the base station in all experiments except those with a GEO satellite, leading to a DoS of a legitimate subscriber.