Abstract
A 5G TLS implementation vulnerability testing framework is proposed. By constructing a TLS vulnerability database using the public TLS security vulnerabilities, the framework can estimate vulnerabilities for the TLS implementation deployed in 5G core network and entity devices, based on the TLS version and TLS implementation library information obtained during the scanning. Multi-dimensional features of the interactive information of the TLS implementation and online machine-learning methods are used to build a model, thus being used to obtain the TLS implementation library information. The vulnerabilities are also tested by simulating the handshake process and sending customized interactive information.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barakabitze, A.A., Ahmad, A., Mijumbi, R., Hines, A.: 5G network slicing using SDN and NFV: a survey of taxonomy, architectures and future challenges. Comput. Netw. 167, 106984 (2020)
3GPP TS 23.501. System Architecture for the 5G System [EB/OL]. https://www.3gpp.org/ftp/Specs/archive/23_series/23.501/. Accessed 19 July 2019
Del Piccolo, V., Amamou, A., Haddadou, K., Pujolle, G.: A survey of network isolation solutions for multi-tenant data centers. IEEE Commun. Surv. Tutor. 18(4), 2787–2821 (2016)
Hu, X., Liu, C., Liu, S., You, W., Zhao, Y.: Signalling security analysis: is HTTP/2 secure in 5G core network? In: Proceedings on IEEE 10th International Conference on Wireless Communications and Signal Processing, Hangzhou, China, pp. 1–6. IEEE (2018)
Sathi, V.N., Srinivasan, M., Thiruvasagam, P.K., Chebiyyam, S.R.M.: A novel protocol for securing network slice component association and slice isolation in 5G networks. In: Proceedings on the 21st ACM International Conference on Modeling. Analysis and Simulation of Wireless and Mobile Systems, Montreal, QC, Canada, pp. 249–253. ACM (2018)
AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: Proceedings on the 22nd USENIX Conference on Security, USA, pp. 305–320. USENIX Association (2013)
Yau, A.K.L., Paterson, K.G., Mitchell, C.J.: Padding oracle attacks on CBC-mode encryption with secret and random IVs. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 299–319. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_20
Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 526–540. IEEE Computer Society (2013)
Moller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback (2014)
Alawatugoda, J., Stebila, D., Boyd, C.: Protecting encrypted cookies from compression side-channel attacks. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 86–106. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_6
Kelsey, J.: Compression and information leakage of plaintext. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 263–276. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_21
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055716
Heartbleed, CVE-2014-0160 (2015). http://heartbleed.com/
Garman, C., Paterson, K.G., Van der Merwe, T.: Attacks only get better: password recovery attacks against RC4 in TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 113–128. USENIX Association (2015)
Vanhoef, M., Piessens, F.: All your biases belong to us: breaking RC4 in WPA-TKIP and TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 97–112. USENIX Association (2015)
Alfardan, N., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 305–320. USENIX Association (2013)
Aviram, N., et al.: DROWN: breaking TLS using SSLv2. In: Proceedings on USENIX Security Symposium, Austin, TX, USA, pp. 689–706. USENIX Association (2016)
Karthikeyan, B., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. Br. J. Psychiatry J. Ment. Sci. 41(7), 8–13 (2016)
Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings on ACM Internet Measurement Conference, Vancouver, BC, Canada, pp. 475–488. ACM (2014)
Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings on USENIX Security Symposium, Bellevue, WA, USA, pp. 205–220. USENIX Association (2012)
Bhargavan, K., Lavaud, A.D., Fournet, C., Pironti, A., Strub, P.Y.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: Proceedings on IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, pp. 98–113. IEEE Computer Society (2014)
Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: Proceedings on Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA (2016)
Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, pp. 5–17. ACM (2015)
Beurdouche, B., et al.: A messy state of the union: taming the composite state machines of TLS. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA. IEEE Computer Society (2015)
Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria, pp. 1492–1504. ACM (2016)
de Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: Proceedings on USENIX Security Symposium, Washington, D.C., USA, pp. 193–206. USENIX Association (2015)
Dowling, B., Fischlin, M., Gunther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings on ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, pp. 1197–1210. ACM (2015)
Bock, H., Somorovsky, J., Young, C.: Return of Bleichenbacher’s Oracle Threat (ROBOT). In: Proceedings on USENIX Security Symposium, Baltimore, MD, USA, pp. 817–849. USENIX Association (2018)
Valenta, L., Sullivan, N., Sanso, A., Heninger, N.: Search of CurveSwap: measuring elliptic curve implementations in the wild. In: Proceedings on IEEE European Symposium on Security and Privacy, San Francisco, CA, USA, pp. 384–398. IEEE Computer Society (2018)
Nemec, M., Klinec, D., Svenda, P., Sekan, P., Matyas, V.: Measuring popularity of cryptographic libraries in internet-wide scans. In: Proceedings on Annual Computer Security Applications Conference, Dallas, Texas, USA, pp. 162–175. ACM (2017)
Kotzias, P., Razaghpanah, A., Amann, J.: Coming of age: a longitudinal study of TLS deployment. In: Proceedings on ACM Internet Measurement Conference, Boston, MA, USA, pp. 415–428. ACM (2018)
Chen, C., Diao, W., Zeng, Y., Guo, S., Hu, C.: DRLgencert: deep learning-based automated testing of certificate verification in SSL/TLS implementations. In: Proceedings on IEEE International Conference on Software Maintenance and Evolution, Madrid, Spain, pp. 48–58. IEEE (2018)
Samarasinghe, N., Mannan, M.: Short paper: TLS ecosystems in networked devices vs. web servers. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 533–541. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_30
Censys. https://censys.io/
Calzavara, S., Focardi, R., Nemec, M., et al.: Postcards from the post-HTTP world: amplification of HTTPS vulnerabilities in the web ecosystem. In: Proceedings on IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp. 281–298. IEEE Computer Society (2019)
Shodan. https://www.shodan.io/
Rizzi, M., Manfredi, S., Sciarretta, G., Ranise, S.: A modular and extensible framework for securing TLS. In: Proceedings on ACM Conference on Data and Application Security and Privacy, Washington, D.C., USA, pp. 119–124. ACM (2022)
Izhikevich, L., Teixeira, R., Durumeric, Z.: LZR: identifying unexpected internet services. In: Proceedings on USENIX Security Symposium, pp. 3111–3128. USENIX Association (2021)
TestSSL (2022). https://testssl.sh
TLS-attacker 3.8.1 (2022). https://github.com/RUB-NDS/TLS-Attacker
Wong, D.: How to backdoor Diffie-Hellman. Cryptology ePrint Archive, Paper 2016/644 (2016)
Acknowledgment
This research is sponsored by the project of State Grid Shandong Electric Power Company Science and Technology Program, Project Name: Research on Key Technologies of Smart Grid 5G Secure Access and Trusted Data Sharing - Topic 1: Research on Key Technologies of Smart Grid 5G Terminals and Network Security Detection and Risk Assessment, ERP Number: 520626220016.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Y. et al. (2023). A Framework for TLS Implementation Vulnerability Testing in 5G. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-41181-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-41180-9
Online ISBN: 978-3-031-41181-6
eBook Packages: Computer ScienceComputer Science (R0)