Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Systematic Meets Unintended: Prior Knowledge Adaptive 5G Vulnerability Detection via Multi-Fuzzing (2305.08039v2)

Published 14 May 2023 in cs.CR

Abstract: The virtualization and softwarization of 5G and NextG are critical enablers of the shift to flexibility, but they also present a potential attack surface for threats. However, current security research in communication systems focuses on specific aspects of security challenges and lacks a holistic perspective. To address this challenge, a novel systematic fuzzing approach is proposed to reveal, detect, and predict vulnerabilities with and without prior knowledge assumptions from attackers. It also serves as a digital twin platform for system testing and defense simulation pipeline. Three fuzzing strategies are proposed: Listen-and-Learn (LAL), Synchronize-and-Learn (SyAL), and Source-and-Learn (SoAL). The LAL strategy is a black-box fuzzing strategy used to discover vulnerabilities without prior protocol knowledge, while the SyAL strategy, also a black-box fuzzing method, targets vulnerabilities more accurately with attacker-accessible user information and a novel probability-based fuzzing approach. The white-box fuzzing strategy, SoAL, is then employed to identify and explain vulnerabilities through fuzzing of significant bits. Using the srsRAN 5G platform, the LAL strategy identifies 129 RRC connection vulnerabilities with an average detection duration of 0.072s. Leveraging the probability-based fuzzing algorithm, the SyAL strategy outperforms existing models in precision and recall, using significantly fewer fuzzing cases. SoAL detects three man-in-the-middle vulnerabilities stemming from 5G protocol vulnerabilities. The proposed solution is scalable to other open-source and commercial 5G platforms and protocols beyond RRC. Extensive experimental results demonstrate that the proposed solution is an effective and efficient approach to validate 5G security; meanwhile, it serves as real-time vulnerability detection and proactive defense.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (46)
  1. Y. Wang, A. Gorski, and L. A. DaSilva, “AI-Powered Real-Time Channel Awareness and 5G NR Radio Access Network Scheduling Optimization,” 2021.
  2. O-RAN Alliance, “O-RAN: Towards an Open and Smart RAN,” O-RAN Alliance, no. October, 2018.
  3. Y. Wang, A. Gorski, and A. da Silva, “Development of a Data-Driven Mobile 5G Testbed: Platform for Experimental Research,” in IEEE International Mediterranean Conference on Communications and Networking, 2021.
  4. J. Breen, A. Buffmire, J. Duerig, K. Dutt, E. Eide, A. Ghosh, M. Hibler, D. Johnson, S. K. Kasera, E. Lewis, D. Maas, C. Martin, A. Orange, N. Patwari, D. Reading, R. Ricci, D. Schurig, L. B. Stoller, A. Todd, J. Van der Merwe, N. Viswanathan, K. Webb, and G. Wong, “POWDER: Platform for Open Wireless Data-driven Experimental Research,” Computer Networks, vol. 197, 2021.
  5. Y. Wang, P. Tran, and J. Wojtusiak, “From Wearable Device to OpenEMR: 5G Edge Centered Telemedicine and Decision Support System,” in the 15th International on Health Informatics, 2022.
  6. I. Gomez-Miguelez, A. Garcia-Saavedra, P. D. Sutton, P. Serrano, C. Cano, and D. J. Leith, “srsLTE: An Open-Source Platform for LTE Evolution and Experimentation,” 2 2016. [Online]. Available: http://arxiv.org/abs/1602.04629
  7. D. Holmes, M. Papathanasaki, L. Maglaras, M. A. Ferrag, S. Nepal, and H. Janicke, “Digital twins and cyber security–solution or challenge?” in 2021 6th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM).   IEEE, 2021, pp. 1–8.
  8. B. Teisserenc and S. Sepasgozar, “Adoption of blockchain technology through digital twins in the construction industry 4.0: A pestels approach,” Buildings, vol. 11, no. 12, p. 670, 2021.
  9. F. Böhm, M. Dietz, T. Preindl, and G. Pernul, “Augmented reality and the digital twin: State-of-the-art and perspectives for cybersecurity,” Journal of Cybersecurity and Privacy, vol. 1, no. 3, pp. 519–538, 2021.
  10. H. X. Nguyen, R. Trestian, D. To, and M. Tatipamula, “Digital twin for 5g and beyond,” IEEE Communications Magazine, vol. 59, no. 2, pp. 10–15, 2021.
  11. J. Jagannath, K. Ramezanpour, and A. Jagannath, “Digital twin virtualization with machine learning for iot and beyond 5g networks: Research directions for security and optimal control,” in Proceedings of the 2022 ACM Workshop on Wireless Security and Machine Learning, 2022, pp. 81–86.
  12. P. Almasan, M. Ferriol-Galmés, J. Paillisse, J. Suárez-Varela, D. Perino, D. López, A. A. P. Perales, P. Harvey, L. Ciavaglia, L. Wong et al., “Network digital twin: Context, enabling technologies and opportunities,” arXiv preprint arXiv:2205.14206, 2022.
  13. S. Vakaruk, A. Mozo, A. Pastor, and D. R. López, “A digital twin network for security training in 5g industrial environments,” in 2021 IEEE 1st International Conference on Digital Twins and Parallel Intelligence (DTPI).   IEEE, 2021, pp. 395–398.
  14. H. X. Nguyen, R. Trestian, D. To, and M. Tatipamula, “Digital Twin for 5G and beyond,” IEEE Communications Magazine, vol. 59, no. 2, pp. 10–15, 2 2021.
  15. R. P. Jover and V. Marojevic, “Security and protocol exploit analysis of the 5G specifications,” IEEE Access, vol. 7, pp. 24 956–24 963, 2019.
  16. M. Lichtman, R. Rao, V. Marojevic, J. Reed, and R. P. Jover, “5g nr jamming, spoofing, and sniffing: Threat assessment and mitigation,” in 2018 IEEE International Conference on Communications Workshops (ICC Workshops), 2018, pp. 1–6.
  17. S. R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, and E. Bertino, “5Greasoner: A property-directed security and privacy analysis framework for 5G cellular network protocol,” in Proceedings of the ACM Conference on Computer and Communications Security.   Association for Computing Machinery, 11 2019, pp. 669–684.
  18. H. Al Salem and J. Song, “Grammar-based fuzzing tool using markov chain model to generate new fuzzing inputs,” in 2021 International Conference on Computational Science and Computational Intelligence (CSCI).   IEEE, 2021, pp. 1924–1930.
  19. J. Yang, Y. Wang, T. X. Tran, and Y. Pan, “5g rrc protocol and stack vulnerabilities detection via listen-and-learn,” in 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC).   IEEE, 2023, pp. 236–241.
  20. H. Wang, B. Cui, W. Yang, J. Cui, L. Su, and L. Sun, “An automated vulnerability detection method for the 5g rrc protocol based on fuzzing,” in 2022 4th International Conference on Advances in Computer Technology, Information Science and Communications (CTISC).   IEEE, 2022, pp. 1–7.
  21. F. He, W. Yang, B. Cui, and J. Cui, “Intelligent fuzzing algorithm for 5g nas protocol based on predefined rules,” in 2022 International Conference on Computer Communications and Networks (ICCCN).   IEEE, 2022, pp. 1–7.
  22. C. Chen, R. Kande, N. Nyugen, F. Andersen, A. Tyagi, A.-R. Sadeghi, and J. Rajendran, “Hypfuzz: Formal-assisted processor fuzzing,” arXiv preprint arXiv:2304.02485, 2023.
  23. L. Rullo, “Rainfuzz: reinforcement-learning driven heat-maps for boosting coverage-guided fuzzing,” 2021.
  24. K. Singh, S. S. Grover, and R. K. Kumar, “Cyber security vulnerability detection using natural language processing,” in 2022 IEEE World AI IoT Congress (AIIoT).   IEEE, 2022, pp. 174–178.
  25. L. J. Moukahal, M. Zulkernine, and M. Soukup, “Vulnerability-oriented fuzz testing for connected autonomous vehicle systems,” IEEE Transactions on Reliability, vol. 70, no. 4, pp. 1422–1437, 2021.
  26. Z. Salazar, F. Zaidi, W. Mallouli, A. R. Cavalli, H. N. Nguyen, and E. M. de Oca, “A formal approach for complex attacks generation based on mutation of 5g network traffic,” in International Conference on Software and Data Technologies, vol. 1, 2022, pp. P–234.
  27. S. Potnuru and P. K. Nakarmi, “Berserker: ASN.1-based Fuzzing of Radio Resource Control Protocol for 4G and 5G,” in International Conference on Wireless and Mobile Computing, Networking and Communications, vol. 2021-October.   IEEE Computer Society, 2021, pp. 295–300.
  28. X. Han, Q. Wen, and Z. Zhang, “A mutation-based fuzz testing approach for network protocol vulnerability detection,” in Proceedings of 2012 2nd International conference on computer science and network technology.   IEEE, 2012, pp. 1018–1022.
  29. Z. Salazar, H. N. Nguyen, W. Mallouli, A. R. Cavalli, and E. M. Montes De Oca, “5Greplay: A 5G Network Traffic Fuzzer - Application to Attack Injection,” in ACM International Conference Proceeding Series.   Association for Computing Machinery, 8 2021.
  30. R. Ma, S. Ren, K. Ma, C. Hu, and J. Xue, “Semi-valid fuzz testing case generation for stateful network protocol,” Tsinghua Science and Technology, vol. 22, no. 5, pp. 458–468, 2017.
  31. S. Bratus, A. Hansen, and A. Shubina, “Lzfuzz: a fast compression-based fuzzer for poorly documented protocols,” 2008.
  32. D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on information theory, vol. 29, no. 2, pp. 198–208, 1983.
  33. P. Syverson, C. Meadows, and I. Cervesato, “Dolev-yao is no better than machiavelli,” in First Workshop on Issues in the Theory of Security—WITS’00, 2000, pp. 87–92.
  34. Jingda Yang, Ying Wang, Tuyen X. Tran, and Yanjun Pan, “5G RRC Protocol and Stack Vulnerabilities Detection via Listen-and-Learn,” in IEEE Consumer Communications & Networking Conference, 2023.
  35. D. Dauphinais, M. Zylka, H. Spahic, F. k. Shai, J. Yang, I. Cruz, J. Gibson, and Y. Wang, “Automated Vulnerability Testing and Detection Digital Twin Framework for 5G Systems,” in 9th IEEE International Conference on Network Softwarization, Madrid, 6 2023.
  36. TSGR, “TS 138 331 - V15.2.1 - 5G; NR; Radio Resource Control (RRC); Protocol specification (3GPP TS 38.331 version 15.2.1 Release 15),” Tech. Rep., 2018.
  37. P. Security, “Pycrate,” 2022. [Online]. Available: https://github.com/P1sec/pycrate#readme
  38. M. Polese, L. Bonati, S. D’Oro, S. Basagni, and T. Melodia, “Understanding o-ran: Architecture, interfaces, algorithms, security, and research challenges,” arXiv preprint arXiv:2202.01032, 2022.
  39. N. Ludant and G. Noubir, “Sigunder: a stealthy 5g low power attack and defenses,” in Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 250–260.
  40. E. Bitsikas and C. Pöpper, “Don’t hand it over: Vulnerabilities in the handover procedure of cellular telecommunications,” in Annual Computer Security Applications Conference, 2021, pp. 900–915.
  41. D. Maier, L. Seidel, and S. Park, “Basesafe: Baseband sanitized fuzzing through emulation,” in Proceedings of the 13th ACM conference on security and privacy in wireless and mobile networks, 2020, pp. 122–132.
  42. E. Kim, D. Kim, C. Park, I. Yun, and Y. Kim, “Basespec: Comparative analysis of baseband software and cellular specifications for l3 protocols.” in NDSS, 2021.
  43. G. Hernandez, M. Muench, D. Maier, A. Milburn, S. Park, T. Scharnowski, T. Tucker, P. Traynor, and K. Butler, “Firmwire: Transparent dynamic analysis for cellular baseband firmware,” in Network and Distributed Systems Security Symposium (NDSS) 2022, 2022.
  44. H. Kim, J. Lee, E. Lee, and Y. Kim, “Touching the untouchables: Dynamic security analysis of the lte control plane,” in 2019 IEEE Symposium on Security and Privacy (SP).   IEEE, 2019, pp. 1153–1168.
  45. S. Hussain, O. Chowdhury, S. Mehnaz, and E. Bertino, “Lteinspector: A systematic approach for adversarial testing of 4g lte,” in Network and Distributed Systems Security (NDSS) Symposium 2018, 2018.
  46. S. Canakci, L. Delshadtehrani, F. Eris, M. B. Taylor, M. Egele, and A. Joshi, “Directfuzz: Automated test generation for rtl designs using directed graybox fuzzing,” in 2021 58th ACM/IEEE Design Automation Conference (DAC).   IEEE, 2021, pp. 529–534.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Jingda Yang (6 papers)
  2. Ying Wang (366 papers)
  3. Yanjun Pan (9 papers)
  4. Tuyen X. Tran (11 papers)
Citations (10)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now