Abstract
With the rapid development and wide application of 5G networks, the security of 5G networks has become a widely concerned issue. Protocol security is the foundation of 5G network security. To protect 5G protocol security, we propose an efficient vulnerability detection method for 5G NAS protocol. In this work, we use a combinatorial testing algorithm to generate testing cases, which can detect the vulnerability caused by multi-parameter interaction. Furthermore, we define compliance constraints and semantic constraints to restrict the scale of input space and maximize the effectiveness of the testing cases. Finally, we implement a prototype system based on this method and then conduct practical vulnerability detection on 5G UE simulation environments UERANSIM and srsUE. Through experiments, we find five security vulnerabilities having both security and privacy implications and prove that our method has better performance in terms of protocol state coverage and the scale of testing cases.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
3GPP. System architecture for the 5G System (5GS). TS 23.501 (2021). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificatio- nId=3144
3GPP. Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage3. TS 24.501 (2021). https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx? specificationId=3370
Hussain, S., Chowdhury, O., Mehnaz, S., et al. LTEInspector: a systematic approach for adversarial testing of 4G LTE. Network and Distributed Systems Security (NDSS) Symposium (2018)
Hussain, S.R., Echeverria, M., Karim, I., et al.: 5G reasoner: a property-directed security and privacy analysis framework for 5G cellular network protocol. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 669-684 (2019)
Karim, I., Hussain, S.R., Bertino, E.: ProChecker: an automated security and privacy analysis framework for 4G LTE protocol implementations. In: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS), pp. 773-785. IEEE (2021)
Liu, X., Cui, B., Fu, J., et al.: HFuzz: towards automatic fuzzing testing of NB-IoT core network protocols implementations. Futur. Gener. Comput. Syst. 108, 390–400 (2020)
Kim, H., Lee, J., Lee, E., et al.: Touching the untouchables: dynamic security analysis of the LTE control plane. 2019 IEEE Symposium on Security and Privacy (SP), pp. 1153–1168. IEEE (2019)
Park, C., Bae, S., Oh, B., et al.: DoLTEst: in-depth downlink negative testing framework for LTE devices. In: USENIX Security Symposium (2022)
Lei, Y., Kacker, R., Kuhn, D.R., et al.: POG: a general strategy for t-way software testing. In: Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS 2007), pp. 549–556. IEEE (2007)
UERANSIM. https://github.com/aligungr/UERANSIM
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, S., Cui, Z., Xu, J., Cui, B. (2024). An Efficient Vulnerability Detection Method for 5G NAS Protocol Based on Combinatorial Testing. In: Barolli, L. (eds) Advances in Internet, Data & Web Technologies. EIDWT 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 193. Springer, Cham. https://doi.org/10.1007/978-3-031-53555-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-53555-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53554-3
Online ISBN: 978-3-031-53555-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)