Francesco Mancini
ABSTRACT
To ensure 5G infrastructure security, standardized Security Assurance Specification (SCAS) tests are being developed by 3GPP. However, executing these tests on complex 5G infrastructures with multiple closed-source network functions (NFs) poses a challenge. This paper presents ScasDK, a development framework that enables third-party test labs to design, deploy, and control SCAS tests on virtualized 5G core infrastructures. ScasDK addresses the multi-NF hurdle by inserting proxies (including custom ones) between NFs and using a central controller to program their responses. Preliminary assessments using seven SCAS tests on three open-source 5G core networks revealed significant test failures, emphasizing the need for enhanced security focus in open-source 5G development.
- 3GPP. 2013. Study on security assurance methodology for 3GPP network products. Technical Report (TR) 33.805. 3rd Generation Partnership Project (3GPP). First version for Release 12.Google Scholar
- Gianni Antichi and Gábor Rétvári. 2020. Full-Stack SDN: The Next Big Challenge?. In Proceedings of the Symposium on SDN Research (San Jose, CA, USA) (SOSR ’20). Association for Computing Machinery, New York, NY, USA, 48–54. https://doi.org/10.1145/3373360.3380834Google ScholarDigital Library
- Giovanni Apruzzese, Rodion Vladimirov, Aliya Tastemirova, and Pavel Laskov. 2022. Wild Networks: Exposure of 5G Network Infrastructures to Adversarial Examples. IEEE Trans. on Network and Service Management 19, 4 (2022), 5312–5332.Google ScholarCross Ref
- Vaggelis Atlidakis, Roxana Geambasu, Patrice Godefroid, Marina Polishchuk, and Baishakhi Ray. 2020. Pythia: Grammar-Based Fuzzing of REST APIs with Coverage-guided Feedback and Learning-based Mutations. arxiv:2005.11498 [cs.SE]Google Scholar
- Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2019. RESTler: Stateful REST API Fuzzing. In 2019 IEEE/ACM 41st Int. Conf. on Software Engineering (ICSE).Google Scholar
- Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2020. Checking Security Properties of Cloud Service REST APIs. In 2020 IEEE 13th Int. Conf. on Software Testing, Validation and Verification (ICST).Google Scholar
- Scott E Donaldson, Stanley G Siegel, Chris K Williams, Abdul Aslam, Scott E Donaldson, Stanley G Siegel, Chris K Williams, and Abdul Aslam. 2015. Enterprise cybersecurity and the cloud. Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (2015), 105–117.Google ScholarCross Ref
- Envoy Proxy [n. d.]. Envoy: Cloud-native high-performance edge/middle/service proxy. https://www.envoyproxy.io/Google Scholar
- free5GC [n. d.]. free5GC: open-source project for 5th generation (5G) mobile core networks. https://www.free5gc.org/Google Scholar
- Patrice Godefroid, Daniel Lehmann, and Marina Polishchuk. 2020. Differential Regression Testing for REST APIs. In Proceedings of the 29th ACM SIGSOFT Int. Symposium on Software Testing and Analysis (Virtual Event, USA) (ISSTA 2020). Association for Computing Machinery, New York, NY, USA, 312–323. https://doi.org/10.1145/3395363.3397374Google ScholarDigital Library
- NIS Cooperation Group. 2020. Cybersecurity of 5G networks EU Toolbox of risk mitigating measures. Technical Report. ENISA. Online on the NIS CG page:https://digital-strategy.ec.europa.eu/en/policies/nis-cooperation-group.Google Scholar
- Noamen Ben Henda. 2020. Overview on the Security in 5G Phase 2. Journal of ICT Standardization (2020), 1–14.Google Scholar
- Esmeralda Kadena and Zoltan Rajnai. 2023. Beyond the potential of 5G. In IEEE 21st World Symp. on Applied Machine Intelligence and Informatics (SAMI).Google ScholarCross Ref
- Rupesh Raj Karn, Rammi Das, Dibakar Raj Pant, Jukka Heikkonen, and Rajeev Kanth. 2022. Automated Testing and Resilience of Microservice’s Network-link using Istio Service Mesh. In 31st Conf. of Open Innovations Association (FRUCT). IEEE, 79–88.Google Scholar
- Keysight. [n. d.]. LoadCore 5G Core Testing. Retrieved June 25, 2023 from https://www.keysight.com/us/en/assets/3120-1180/data-sheets/LoadCore-5G-Core-Testing.pdfGoogle Scholar
- Angelos Michalas, Constantinos Patsakis, Dimitrios D Vergados, and Dimitrios J Vergados. 2022. From NEA and NIA to NESAS and SCAS: Demystifying the 5G Security Ecosystem. arXiv preprint arXiv:2212.09149 (2022).Google Scholar
- Vaishnavi Mohan and Lotfi Ben Othmane. 2016. Secdevops: Is it a marketing buzzword?-mapping research on security in devops. In 2016 11th Int. conference on availability, reliability and security (ARES). IEEE, 542–547.Google ScholarCross Ref
- Open5GS [n. d.]. Open5GS: Open Source implementation for 5G Core and EPC. https://open5gs.org/Google Scholar
- OpenAirInterface [n. d.]. OAI 5G Core Network. https://openairinterface.org/oai-5g-core-network-project/Google Scholar
- Christoph Reile, Mohak Chadha, Valentin Hauner, Anshul Jindal, Benjamin Hofmann, and Michael Gerndt. 2022. Bunk8s: Enabling Easy Integration Testing of Microservices in Kubernetes. In IEEE Int. Conf. on Software Analysis, Evolution and Reengineering (SANER). IEEE, 459–463.Google ScholarCross Ref
- Zujany Salazar, Huu Nghia Nguyen, Wissam Mallouli, Ana R. Cavalli, and Edgardo Montes de Oca. 2021. 5Greplay: A 5G Network Traffic Fuzzer - Application to Attack Injection. In 16th ACM Int. Conf. on Availability, Reliability and Security (ARES 21).Google ScholarDigital Library
- David Soldani. 2019. 5G and the Future of Security in ICT. In 2019 29th Int. Telecommunication Networks and Applications Conference (ITNAC). IEEE, 1–8.Google ScholarCross Ref
- Peter Twamley, Marcel Müller, Patrick-Beniamin Bök, George K Xilouris, Christos Sakkas, Michail Alexandros Kourtis, Manuel Peuster, Stefan Schneider, Panagiotis Stavrianos, and Dimosthenis Kyriazis. 2018. 5GTANGO: An Approach for Testing NFV Deployments. In 2018 European Conf. on Networks and Communications (EuCNC).Google ScholarCross Ref
- UERANSIM [n. d.]. UERANSIM: open source state-of-the-art 5G UE and RAN (gNodeB) simulator. https://github.com/aligungr/UERANSIMGoogle Scholar
- Mengxuan Zhao, Franck Le Gall, Philippe Cousin, Ricard Vilalta, Raul Muñoz, Sonia Castro, Manuel Peuster, Stefan Schneider, Maria Siapera, Evgenia Kapassa, Dimosthenis Kyriazis, Peer Hasselmeyer, George Xilouris, Christos Tranoris, Spyros Denazis, and Josep Martrat. 2017. Verification and validation framework for 5G network services and apps. In 2017 IEEE Conf. on Network Function Virtualization and Software Defined Networks (NFV-SDN).Google ScholarCross Ref
Index Terms
- ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G
Recommendations
Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion ProceedingsSecurity assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Quality assurance for TTCN-3 test specifications
TAIC PART 2006 Special issue - Testing: Academic & Industrial Conference - Practice And Research TechniquesComprehensive testing of modern communication systems often requires large and complex test suites, which have to be maintained throughout the system life cycle. Industrial experience, with those written using the standardized Testing and Test Control ...
System security assurance: A systematic literature review
AbstractSystem security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. ...
Highlights- Systematic literature review of security assurance of the ICT and CPSs.
- Study ...
Comments