skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: VET5G: A Virtual End-to-End Testbed for 5G Network Security Experimentation
As 5G networks are gradually rolled out worldwide, it is important to ensure that their network infrastructures are resilient against malicious attacks. This work presents VET5G, a new virtual end-to-end testbed for 5G network security research experiments or training activities such as Capture-The-Flag competitions. The distinguishing features of VET5G include a home-grown 5G core network emulator written in Rust to ensure memory and thread safety, integration of OpenAirInterface’s Radio Access Network emulator and the official Android emulator to achieve full end-to-end 5G network emulation, inclusion of a reference P4 software switch to assist with prototyping of defense mechanisms for 5G data planes, implementation of Python APIs for easy 5G network experimentation, and adoption of JupyterHub to support multi-user experimentation. In our experiments we demonstrate how to use VET5G for two attack scenarios in 5G networks as well as its performance when it is used in a 5G hacking project for a Mobile Systems Security course.  more » « less
Award ID(s):
1943079
PAR ID:
10427792
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
The 15th Workshop on Cyber Security Experimentation and Test
Page Range / eLocation ID:
19 to 29
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, IEEE Communications Standards Magazine)
    O-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface. 
    more » « less
  2. ; ; ; ; (, Proceedings of the ACM on Measurement and Analysis of Computing Systems)
    With the advent of 5G, supporting high-quality game streaming applications on edge devices has become a reality. This is evidenced by a recent surge in cloud gaming applications on mobile devices. In contrast to video streaming applications, interactive games require much more compute power for supporting improved rendering (such as 4K streaming) with the stipulated frames-per second (FPS) constraints. This in turn consumes more battery power in a power-constrained mobile device. Thus, the state-of-the-art gaming applications suffer from lower video quality (QoS) and/or energy efficiency. While there has been a plethora of recent works on optimizing game streaming applications, to our knowledge, there is no study that systematically investigates the design pairs on the end-to-end game streaming pipeline across the cloud, network, and edge devices to understand the individual contributions of the different stages of the pipeline for improving the overall QoS and energy efficiency. In this context, this paper presents a comprehensive performance and power analysis of the entire game streaming pipeline consisting of the server/cloud side, network, and edge. Through extensive measurements with a high-end workstation mimicking the cloud end, an open-source platform (Moonlight-GameStreaming) emulating the edge device/mobile platform, and two network settings (WiFi and 5G) we conduct a detailed measurement-based study with seven representative games with different characteristics. We characterize the performance in terms of frame latency, QoS, bitrate, and energy consumption for different stages of the gaming pipeline. Our study shows that the rendering stage and the encoding stage at the cloud end are the bottlenecks to support 4K streaming. While 5G is certainly more suitable for supporting enhanced video quality with 4K streaming, it is more expensive in terms of power consumption compared to WiFi. Further, fluctuations in 5G network quality can lead to huge frame drops thus affecting QoS, which needs to be addressed by a coordinated design between the edge device and the server. Finally, the network interface and the decoder units in a mobile platform need more energy-efficient design to support high quality games at a lower cost. These observations should help in designing more cost-effective future cloud gaming platforms. 
    more » « less
  3. ; ; ; ; ; (, Practice and Experience in Advanced Research Computing)
    We introduce a new end-to-end software environment that enables experimentation with using SciTokens for capability-based authorization in scientific computing. This set of interconnected Docker containers enables science projects to gain experience with the SciTokens model prior to adoption. It is a product of our SciAuth project, which supports the adoption of the SciTokens model through community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development. 
    more » « less
  4. ; ; ; ; (, 2020 IEEE Globecom Workshops (GC Wkshps))
    null (Ed.)
    As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones. 
    more » « less
  5. ; ; (, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud))
    IoT (Internet of Things) devices such as sensors have been actively used in 'fogs' to provide critical data during e.g., disaster response scenarios or in-home healthcare. Since IoT devices typically operate in resource-constrained computing environments at the network-edge, data transfer performance to the cloud as well as end-to-end security have to be robust and customizable. In this paper, we present the design and implementation of a middleware featuring "intermittent" and "flexible" end-to-end security for cloud-fog communications. Intermittent security copes with unreliable network connections, and flexibility is achieved through security configurations that are tailored to application needs. Our experiment results show how our middleware that leverages static pre-shared keys forms a promising solution for delivering light-weight, fast and resource-aware security for a variety of IoT-based applications. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email