Abstract
5G network technology is being rapidly adopted in various critical infrastructures, mainly due to its unique benefits (e.g., higher throughput, lower latency, and better scalability). This wide-spread and fast adoption necessitates securing those critical services deployed over 5G technology. However, evaluating the security posture of a 5G network is challenging due to the heterogeneous and large-scale nature of 5G networks coupled with new security threats. Moreover, existing 5G security approaches fall short as their results are typically binary and difficult to be translated into the overall security posture of a 5G network. In this paper, we propose a novel solution for evaluating the security posture of 5G networks by combining the results of existing security solutions for state auditing and event monitoring. To that end, our main idea is to first build a novel event-state model that captures both events and states in a 5G network, and then extend this model to evaluate the overall security posture and how such security posture may evolve over time due to persistent threats. We integrate this approach with free5GC (a popular 5G open-source project) and evaluate its effectiveness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
GSMA. The Mobile Economy 2022 (2022). https://www.gsma.com/mobileeconomy/wp-content/uploads/2022/02/280222-The-Mobile-Economy-2022.pdf. Accessed 24 May 2023
Zhao, L., Oshman, M.S., Zhang, M., Moghaddam, F.F., Chander, S., Pourzandi, M.: Towards 5G-ready security metrics. In: ICC 2021-IEEE International Conference on Communications, pp. 1–6. IEEE (2021)
Yocam, E., Gawanmeh, A., Alomari, A., Mansoor, W.: 5G mobile networks: reviewing security control correctness for mischievous activity. SN Appl. Sci. 4(11), 1–17 (2022)
Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM workshop on Quality of protection, pp. 23–30 (2008)
Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 98–112. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_9
Zhang, M., Wang, L., Jajodia, S., Singhal, A., Albanese, M.: Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks. IEEE Trans. Inf. Forensics Secur. 11(5), 1071–1086 (2016)
Github: Kubescape (2022). https://github.com/kubescape/kubescape
Falco. Falco (2022). https://github.com/falcosecurity/falco
LightBasin: a roaming threat to telecommunications companies (2022). https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
NIST. SP 800–53 Rev. 5, Security and Privacy Controls for Information Systems and Organizations (2022). https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final. Accessed 14 May 2023
CSA. CSA Cloud Controls Matrix (CCM). https://cloudsecurityalliance.org/research/cloud-controls-matrix/. Accessed 14 May 2023
5G Security Controls Matrix-ENISA. https://www.enisa.europa.eu/publications/5g-security-controls-matrix/
free5GC. https://www.free5gc.org/. Accessed 14 May 2023
K8s. Kubernetes. https://kubernetes.io/. Accessed 14 May 2023
Towards5GS-helm (2022). https://github.com/Orange-OpenSource/towards5gs-helm. Accessed 16 May 2023
Ericsson. 5G Core (5GC) network: Get to the core of 5G (2022). https://www.ericsson.com/en/core-network/5g-core. Accessed 24 May 2023
3GPP. TR 33.894 Study on zero-trust security principles in mobile networks (2022)
Yang, M., et al.: Cross-layer software-defined 5G network. Mob. Netw. Appl. 20, 400–409 (2015)
Taxonomy of attacker capabilities (2023). https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks. Accessed 16 May 2023
Nadir, I., et al.: a1-an auditing framework for vulnerability analysis of IoT system. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 39–47. IEEE (2019)
Mitre. MITRE FiGHT. https://fight.mitre.org/. Accessed 24 June 2023
Mitre. MITRE ATT &CK (2022). https://attack.mitre.org/
Tamura, N.: Sugar: a SAT-based constraint solver (2022). https://cspsat.gitlab.io/sugar/. Accessed 14 May 2023
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection-Information security controls (2022). https://www.iso.org/standard/75652.html. Accessed 14 May 2023
pgmpy. pgmpy 0.1.19 documentation (2022). https://pgmpy.org/
NetworkX (2023). https://networkx.org/. Accessed 16 May 2023
graphviz. Graphviz (2023). https://graphviz.org/
Devlin, J., Chang, M.-W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding (2019)
BERT-base-NER (2023). https://huggingface.co/dslim/bert-base-NER
PyDotPlus Homepage (2023). https://pydotplus.readthedocs.io/
Open Source Cloud Computing Infrastructure - OpenStack (2023). https://www.openstack.org/. Accessed 16 May 2023
3GPPspace. Inside TS 23.501: AMF Load Balancing (2021)
Ou, X., Govindavajhala, S., Appel, A.W., et al.: Mulval: a logic-based network security analyzer. In: USENIX security symposium, Baltimore, MD, vol. 8, pp. 113–128 (2005)
Shafayat Oshman, M.: Assessing security in the multi-stakeholder premise of 5G: a survey and an adapted security metrics approach. Ph.D. thesis, Carleton University (2022)
Nie, S., Zhang, Y., Wan, T., Duan, H., Li, S.: Measuring the deployment of 5G security enhancement. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2022)
Bartoletti, S., et al.: Uncertainty quantification of 5G positioning as a location data analytics function. In: 2022 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), pp. 255–260. IEEE (2022)
Ericsson. 5G security for public and hybrid cloud deployments (2022). https://www.ericsson.com/en/reports-and-papers/further-insights/5g-security-for-hybrid-cloud
Spirent. Keeping Pace with the Requirements of 5G Security (2022). https://www.spirent.com/assets/white-paper-keeping-pace-with-the-requirements-of-5g-security
Pendleton, M., Garcia-Lebron, R., Cho, J.-H., Xu, S.: A survey on systems security metrics. ACM Comput. Surv. (CSUR) 49, 1–35 (2016)
Xie, M., May, R.A.: Network security framework based scoring metric generation and sharing. US Patent 10,791,146 (2020)
Majumdar, S., et al.: ProSAS: proactive security auditing system for clouds. IEEE Trans. Dependable Secure Comput. 19, 2517–2534 (2021)
Huang, K., et al.: EVA: efficient versatile auditing scheme for IoT-based datamarket in jointcloud. IEEE Internet Things J. 7(2), 882–892 (2019)
Apruzzese, G., Vladimirov, R., Tastemirova, A., Laskov, P.: Wild networks: exposure of 5G network infrastructures to adversarial examples. IEEE Trans. Netw. Serv. Manage. 19, 5312–5332 (2022)
Boeira, F., Asplund, M., Barcellos, M.: Provable non-frameability for 5G lawful interception. In: ACM WiSec (2023)
Orsós, M., Kecskés, M., Kail, E., Bánáti, A.: Log collection and SIEM for 5G SOC. In: 2022 IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics (SAMI), pp. 000147–000152. IEEE (2022)
Brighente, A., Mohammadi, J., Baracca, P., Mandelli, S., Tomasin, S.: Interference prediction for low-complexity link adaptation in beyond 5G ultra-reliable low-latency communications. IEEE Trans. Wireless Commun. 21(10), 8403–8415 (2022)
Mitchell, C.J.: The impact of quantum computing on real-world security: a 5G case study. Comput. Secur. 93, 101825 (2020)
ETSI. Network Functions Virtualisation (NFV) Release 4 Security; Security Management Specification (2021)
3GPP. TS 23.288 architecture enhancements for 5G System (5GS) to support network data analytics services v17.4.0 (2022-03) (2022)
Prasad, A.R., Arumugam, S., Sheeba, B., Zugenmaier, A.: 3GPP 5G security. J. ICT Stand. 6(1–2), 137–158 (2018)
Hamlet, J.R., Lamb, C.C.: Dependency graph analysis and moving target defense selection. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense, pp. 105–116 (2016)
Acknowledgments
The authors thank the anonymous reviewers for their valuable comments. This work is mainly supported by Ericsson Canada and the first author was partially supported by the Natural Sciences and Engineering Research Council of Canada under the Discovery Grants RGPIN-2021-04106.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
A Definition of Event-State Model
To evaluate security postures in 5G, we build a model, namely, event-state model (a combination of the event model and state model). The state model captures the results of auditing system states, and the event model captures the results of monitoring system events. We define these models more formally as follows.
Event Model (EM). Given a list of event types event-types and the log of historical events hist, the event model is defined as a Bayesian network \(EM = (G_{e}, E_{e})\), where \(G_{e}\) is a directed acyclic graph (DAG) in which each node represents an event type in event-types, and each directed edge between two nodes indicates the first node would immediately precede the other in some event sequences in hist whose probability is part of the list of parameters \(E_{e}\).
State Model (SM). Given a list of breaches of different security control from different security standards, B and the pre-, and post-conditions of individual breach, P, and the auditing logs of the system over time auHist, the state model is defined as a dependency graph [51] \(SM = (G_{s}, E_{s})\), where \(G_{s}\) is a set of DAGs in which each node corresponds to the breach of security control and their pre-or post-condition from B and P, and each directed edge between two nodes indicates the transition probability derived from auHist and it is part of the list of parameters \(E_{s}\).
Event-State Model (ESM). Event-State Model is a Bayesian network \(ESM = (G_{c}, E_{c})\), where \(G_{c} = \{G_{e} \cup G_{s}\}\) (i.e., all the nodes in both the event and state models) and \(E_{c} = \{E_{e} \cup E_{s} \cup E_{p}\}\), where \(E_p\) is the set of edges that connects the privilege escalation vertices (responsible for lateral movement caused by a breach) to the resulted vertices (either from EM or SM) and the edge values are coming from hist and auHist as a probability which is part of the list of parameters \(E_{c}\).
B Algorithm for Building Event-State Model
Algorithm 1 is used to construct an event-state model from the event model, and the state model. We define two distinct functions: vertical_fusing (Lines 3 to 16), and horizontal_fusing (Lines 17 to 28) to combine the model vertically and horizontally. For vertical fusing, in Line 6, we first list all the privilege escalation nodes manually by taking help from an expert. Then, for each privilege escalation node, we attach the breach node and the event node to the privilege escalation node in Lines 9–13. In Lines 29–36, we define one utility function named findCommonNode to list all the common nodes between two models for horizontal fusing. Line 18 of the horizontal_fusing function utilizes this utility function. Line 23 and 24 adds the parent and child subgraphs from both the event model and the state model to the common node.
Building event-state Model
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hoq, M.N. et al. (2024). Evaluating the Security Posture of 5G Networks by Combining State Auditing and Event Monitoring. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14345. Springer, Cham. https://doi.org/10.1007/978-3-031-51476-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-51476-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51475-3
Online ISBN: 978-3-031-51476-0
eBook Packages: Computer ScienceComputer Science (R0)