Skip to main content
SpringerLink
Log in

A Framework for TLS Implementation Vulnerability Testing in 5G

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13907))

Included in the following conference series:

  • 405 Accesses

Abstract

A 5G TLS implementation vulnerability testing framework is proposed. By constructing a TLS vulnerability database using the public TLS security vulnerabilities, the framework can estimate vulnerabilities for the TLS implementation deployed in 5G core network and entity devices, based on the TLS version and TLS implementation library information obtained during the scanning. Multi-dimensional features of the interactive information of the TLS implementation and online machine-learning methods are used to build a model, thus being used to obtain the TLS implementation library information. The vulnerabilities are also tested by simulating the handshake process and sending customized interactive information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barakabitze, A.A., Ahmad, A., Mijumbi, R., Hines, A.: 5G network slicing using SDN and NFV: a survey of taxonomy, architectures and future challenges. Comput. Netw. 167, 106984 (2020)

    Article  Google Scholar 

  2. 3GPP TS 23.501. System Architecture for the 5G System [EB/OL]. https://www.3gpp.org/ftp/Specs/archive/23_series/23.501/. Accessed 19 July 2019

  3. Del Piccolo, V., Amamou, A., Haddadou, K., Pujolle, G.: A survey of network isolation solutions for multi-tenant data centers. IEEE Commun. Surv. Tutor. 18(4), 2787–2821 (2016)

    Article  Google Scholar 

  4. Hu, X., Liu, C., Liu, S., You, W., Zhao, Y.: Signalling security analysis: is HTTP/2 secure in 5G core network? In: Proceedings on IEEE 10th International Conference on Wireless Communications and Signal Processing, Hangzhou, China, pp. 1–6. IEEE (2018)

    Google Scholar 

  5. Sathi, V.N., Srinivasan, M., Thiruvasagam, P.K., Chebiyyam, S.R.M.: A novel protocol for securing network slice component association and slice isolation in 5G networks. In: Proceedings on the 21st ACM International Conference on Modeling. Analysis and Simulation of Wireless and Mobile Systems, Montreal, QC, Canada, pp. 249–253. ACM (2018)

    Google Scholar 

  6. AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: Proceedings on the 22nd USENIX Conference on Security, USA, pp. 305–320. USENIX Association (2013)

    Google Scholar 

  7. Yau, A.K.L., Paterson, K.G., Mitchell, C.J.: Padding oracle attacks on CBC-mode encryption with secret and random IVs. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 299–319. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_20

    Chapter  MATH  Google Scholar 

  8. Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 526–540. IEEE Computer Society (2013)

    Google Scholar 

  9. Moller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback (2014)

    Google Scholar 

  10. Alawatugoda, J., Stebila, D., Boyd, C.: Protecting encrypted cookies from compression side-channel attacks. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 86–106. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_6

    Chapter  Google Scholar 

  11. Kelsey, J.: Compression and information leakage of plaintext. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 263–276. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_21

    Chapter  Google Scholar 

  12. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055716

    Chapter  Google Scholar 

  13. Heartbleed, CVE-2014-0160 (2015). http://heartbleed.com/

  14. Garman, C., Paterson, K.G., Van der Merwe, T.: Attacks only get better: password recovery attacks against RC4 in TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 113–128. USENIX Association (2015)

    Google Scholar 

  15. Vanhoef, M., Piessens, F.: All your biases belong to us: breaking RC4 in WPA-TKIP and TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 97–112. USENIX Association (2015)

    Google Scholar 

  16. Alfardan, N., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 305–320. USENIX Association (2013)

    Google Scholar 

  17. Aviram, N., et al.: DROWN: breaking TLS using SSLv2. In: Proceedings on USENIX Security Symposium, Austin, TX, USA, pp. 689–706. USENIX Association (2016)

    Google Scholar 

  18. Karthikeyan, B., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. Br. J. Psychiatry J. Ment. Sci. 41(7), 8–13 (2016)

    Google Scholar 

  19. Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings on ACM Internet Measurement Conference, Vancouver, BC, Canada, pp. 475–488. ACM (2014)

    Google Scholar 

  20. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings on USENIX Security Symposium, Bellevue, WA, USA, pp. 205–220. USENIX Association (2012)

    Google Scholar 

  21. Bhargavan, K., Lavaud, A.D., Fournet, C., Pironti, A., Strub, P.Y.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: Proceedings on IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 98–113. IEEE Computer Society (2014)

    Google Scholar 

  22. Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: Proceedings on Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA (2016)

    Google Scholar 

  23. Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, pp. 5–17. ACM (2015)

    Google Scholar 

  24. Beurdouche, B., et al.: A messy state of the union: taming the composite state machines of TLS. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA. IEEE Computer Society (2015)

    Google Scholar 

  25. Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria, pp. 1492–1504. ACM (2016)

    Google Scholar 

  26. de Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 193–206. USENIX Association (2015)

    Google Scholar 

  27. Dowling, B., Fischlin, M., Gunther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, pp. 1197–1210. ACM (2015)

    Google Scholar 

  28. Bock, H., Somorovsky, J., Young, C.: Return of Bleichenbacher’s Oracle Threat (ROBOT). In: Proceedings on USENIX Security Symposium, Baltimore, MD, USA, pp. 817–849. USENIX Association (2018)

    Google Scholar 

  29. Valenta, L., Sullivan, N., Sanso, A., Heninger, N.: Search of CurveSwap: measuring elliptic curve implementations in the wild. In: Proceedings on IEEE European Symposium on Security and Privacy, San Francisco, CA, USA, pp. 384–398. IEEE Computer Society (2018)

    Google Scholar 

  30. Nemec, M., Klinec, D., Svenda, P., Sekan, P., Matyas, V.: Measuring popularity of cryptographic libraries in internet-wide scans. In: Proceedings on Annual Computer Security Applications Conference, Dallas, Texas, USA, pp. 162–175. ACM (2017)

    Google Scholar 

  31. Kotzias, P., Razaghpanah, A., Amann, J.: Coming of age: a longitudinal study of TLS deployment. In: Proceedings on ACM Internet Measurement Conference, Boston, MA, USA, pp. 415–428. ACM (2018)

    Google Scholar 

  32. Chen, C., Diao, W., Zeng, Y., Guo, S., Hu, C.: DRLgencert: deep learning-based automated testing of certificate verification in SSL/TLS implementations. In: Proceedings on IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain, pp. 48–58. IEEE (2018)

    Google Scholar 

  33. Samarasinghe, N., Mannan, M.: Short paper: TLS ecosystems in networked devices vs. web servers. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 533–541. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_30

    Chapter  Google Scholar 

  34. Censys. https://censys.io/

  35. Calzavara, S., Focardi, R., Nemec, M., et al.: Postcards from the post-HTTP world: amplification of HTTPS vulnerabilities in the web ecosystem. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 281–298. IEEE Computer Society (2019)

    Google Scholar 

  36. Shodan. https://www.shodan.io/

  37. Rizzi, M., Manfredi, S., Sciarretta, G., Ranise, S.: A modular and extensible framework for securing TLS. In: Proceedings on ACM Conference on Data and Application Security and Privacy, Washington, D.C., USA, pp. 119–124. ACM (2022)

    Google Scholar 

  38. Izhikevich, L., Teixeira, R., Durumeric, Z.: LZR: identifying unexpected internet services. In: Proceedings on USENIX Security Symposium, pp. 3111–3128. USENIX Association (2021)

    Google Scholar 

  39. TestSSL (2022). https://testssl.sh

  40. TLS-attacker 3.8.1 (2022). https://github.com/RUB-NDS/TLS-Attacker

  41. Wong, D.: How to backdoor Diffie-Hellman. Cryptology ePrint Archive, Paper 2016/644 (2016)

    Google Scholar 

Download references

Acknowledgment

This research is sponsored by the project of State Grid Shandong Electric Power Company Science and Technology Program, Project Name: Research on Key Technologies of Smart Grid 5G Secure Access and Trusted Data Sharing - Topic 1: Research on Key Technologies of Smart Grid 5G Terminals and Network Security Detection and Risk Assessment, ERP Number: 520626220016.

Author information

Authors and Affiliations

  1. State Grid Shandong Electric Power Company, Jinan, China

    Yong Wang & Zhenghao Li

  2. State Grid Shandong Electric Power Research Institute, Jinan, China

    Rui Wang, Xin Liu, Donglan Liu, Hao Zhang, Lei Ma, Fangzhe Zhang & Lili Sun

  3. Shandong Smart Grid Technology Innovation Center, Jinan, China

    Rui Wang

Authors
  1. Yong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rui Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Donglan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lei Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Fangzhe Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Lili Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Zhenghao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Wang .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  3. Shandong University of Science and Technology, Qingdao, China

    Zengpeng Li

  4. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  5. University of Padua, Padua, Italy

    Eleonora Losiouk

  6. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  7. Illinois at Singapore Pte Ltd., Singapore, Singapore

    Daisuke Mashima

  8. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  9. Radboud University Nijmegen, Nijmegen, The Netherlands

    Stjepan Picek

  10. Florida International University, Miami, FL, USA

    Mohammad Ashiqur Rahman

  11. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  12. SECOM Co., Ltd., University of Tsukuba, Tokyo / Ibaraki, Japan

    Masaki Shimaoka

  13. Royal Holloway University of London, Egham, UK

    Ezekiel Soremekun

  14. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  15. Universiti Sains Malaysia, Gelugor, Malaysia

    Je Sen Teh

  16. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Aleksei Udovenko

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  18. Griffith University, Southport, QLD, Australia

    Leo Zhang

  19. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Y. et al. (2023). A Framework for TLS Implementation Vulnerability Testing in 5G. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-41181-6_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-41180-9

  • Online ISBN: 978-3-031-41181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation