skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G Basebands
We develop 5GBaseChecker— an efficient, scalable, and dynamic security analysis framework based on differential testing for analyzing 5G basebands' control plane protocol interactions. 5GBaseChecker first captures basebands' protocol behaviors as a finite state machine (FSM) through black-box automata learning. To facilitate efficient learning and improve scalability, 5GBaseChecker introduces novel hybrid and collaborative learning techniques. 5GBaseChecker then identifies input sequences for which the extracted FSMs provide deviating outputs. Finally, 5GBaseChecker leverages these deviations to efficiently identify the security properties from specifications and use those to triage if the deviations found in 5G basebands violate any properties. We evaluated 5GBaseChecker with 17 commercial 5G basebands and 2 open-source UE implementations and uncovered 22 implementation-level issues, including 13 exploitable vulnerabilities and 2 interoperability issues.  more » « less
Award ID(s):
2326898
PAR ID:
10535455
Author(s) / Creator(s):
; ; ; ; ; ;
Publisher / Repository:
USENIX Association
Date Published:
ISBN:
978-1-939133-44-1
Format(s):
Medium: X
Location:
Philadelphia, PA, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, 2020 IEEE Globecom Workshops (GC Wkshps))
    null (Ed.)
    As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones. 
    more » « less
  2. ; ; ; ; (, ACM)
    Federated learning (FL) is well-suited to 5G networks, where many mobile devices generate sensitive edge data. Secure aggregation protocols enhance privacy in FL by ensuring that individual user updates reveal no information about the underlying client data. However, the dynamic and large-scale nature of 5G-marked by high mobility and frequent dropouts-poses significant challenges to the effective adoption of these protocols. Existing protocols often require multi-round communication or rely on fixed infrastructure, limiting their practicality. We propose a lightweight, single-round secure aggregation protocol designed for 5G environments. By leveraging base stations for assisted computation and incorporating precomputation, key-homomorphic pseudorandom functions, and t-out-of-k secret sharing, our protocol ensures efficiency, robustness, and privacy. Experiments show strong security guarantees and significant gains in communication and computation efficiency, making the approach well-suited for real-world 5G FL deployments. 
    more » « less
  3. ; ; ; (, IEEE Global Communications Conference)
    5G and open radio access networks (Open RANs) will result in vendor-neutral hardware deployment that will require additional diligence towards managing security risks. This new paradigm will allow the same network infrastructure to support virtual network slices for transmit different waveforms, such as 5G New Radio, LTE, WiFi, at different times. In this multi- vendor, multi-protocol/waveform setting, we propose an additional physical layer authentication method that detects a specific emitter through a technique called as RF fingerprinting. Our deep learning approach uses convolutional neural networks augmented with triplet loss, where examples of similar/dissimilar signal samples are shown to the classifier over the training duration. We demonstrate the feasibility of RF fingerprinting base stations over the large-scale over-the-air experimental POWDER platform in Salt Lake City, Utah, USA. Using real world datasets, we show how our approach overcomes the challenges posed by changing channel conditions and protocol choices with 99.86% detection accuracy for different training and testing days. 
    more » « less
  4. ; ; (, International Journal of Wireless & Mobile Networks)
    With the proliferation of 5G networks, evaluating security vulnerabilities is crucial. This paper presents an implemented 5G standalone testbed operating in the mmWave frequency range for research and analysis. Over-the-air testing validates expected throughputs up to 5Gbps downlink and 1Gbps uplink, low latency, and robust connectivity. Detailed examination of captured network traffic provides insights into protocol distribution and signalling flows. The comparative evaluation shows only 0.45% packet loss on the testbed versus 2.7% in prior simulations, proving improved reliability. The results highlight the efficacy of the testbed for security assessments, performance benchmarking, and progression towards 6G systems. This paper demonstrates a robust platform to facilitate innovation in 5G and beyond through practical experimentation.For access to the code, data, and experimental results, visit our GitHub repository(https://github.com/Didilish/5G-SA-Testbed-Analysis) 
    more » « less
  5. ; (, Academy & Industry Research Collaboration Center)
    With the proliferation of 5G networks, evaluating security vulnerabilities is crucial. This paper presents an implemented 5G standalone testbed operating in the mmWave frequency range for research and analysis. Over-the-air testing validates expected throughputs up to 5Gbps downlink and 1Gbps uplink, low latency, and robust connectivity. Detailed examination of captured network traffic provides insights into protocol distribution and signalling flows. The comparative evaluation shows only 0.45% packet loss on the testbed versus 2.7% in prior simulations, proving improved reliability. Thetestbed achieved a throughput of up to 5Gbps downlink and 1Gbps uplink with minimal latency, meeting expected 5G network benchmarks. The results highlight the efficacy of the testbed for security assessments, performance benchmarking, and progression towards 6G systems. This paper demonstrates a robust platform to facilitate innovation in 5G and beyond through practical experimentation. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email