An official website of the United States government
This demonstration explores the security concerns in 5G and beyond networks within open radio access network (O-RAN) deployments, focusing on active attacks disrupting cellular communications. An xApp developed on the open artificial intelligence cellular (OAIC) platform enables on-the-fly creation and management of network slices to mitigate such attacks. The xApp is hosted in the near-real time RAN intelligent controller (RIC) and establishes secure slices for the software radio network it controls. This solution presents a practical approach for resilient and secure network management in dynamic environments.
more »
« less
Examining Cryptography and Randomness Failures in Open-Source Cellular Cores
Industry is increasingly adopting private 5G networks to securely manage their wireless devices in retail, manufacturing, natural resources, and healthcare. As with most technology sectors, open- source software is well poised to form the foundation of deployments, whether it is deployed directly or as part of well-maintained proprietary offerings. This paper seeks to examine the use of cryptography and secure randomness in open-source cellular cores. We design a set of 13 CodeQL static program analysis rules for cores written in both C/C++ and Go and apply them to 7 open-source cellular cores implementing 4G and 5G functionality. We identify two significant security vulnerabilities, including predictable generation of TMSIs and improper verification of TLS certificates, with each vulnerability affecting multiple cores. In identifying these flaws, we hope to correct implementations to fix downstream deployments and derivative proprietary projects.
more »
« less
- PAR ID:
- 10546217
- Publisher / Repository:
- ACM
- Date Published:
- ISBN:
- 9798400704215
- Page Range / eLocation ID:
- 43 to 54
- Subject(s) / Keyword(s):
- cellular core security, cryptography misuse, static analysis
- Format(s):
- Medium: X
- Location:
- Porto Portugal
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Understanding the cell biology of protein trafficking and homeostasis requires reproducible methods for identifying and quantifying proteins within cells or cellular structures. Imaging protocols for measuring punctate protein accumulation in linear structures, for example the neurites of C. elegans, have relied on proprietary software for a full range of analysis capabilities. Here we describe a set of macros written for the NIH-supported imaging software ImageJ or Fiji (Fiji is Just ImageJ) that reliably identify protein puncta so that they can be analyzed with respect to intensity, density, and width at half-maximum intensity (Full-Width, Half-Maximum, FWHM). We provide an explanation of the workflow, data outputs, and limitations of the Fiji macro. As part of this integration, we also provide two independent data sets with side-by-side analyses using the proprietary IgorPro software and the Fiji macro (Hulsey-Vincent, et al. A, B., 2023 submitted). The Fiji macro is an important new tool because it provides robust, reproducible data analysis in a free, open-source format.more » « less
-
MPI.jl is a Julia package for using the Message Passing Interface (MPI), a standardized and widely-supported communication interface for distributed computing, with multiple open source and proprietary implementations. It roughly follows the C MPI interface, with some additional conveniences afforded by the Julia language such as automatic handling of buffer lengths and datatypes.more » « less
-
The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures. To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application.more » « less
-
Recently we have worked with a dozen industrial collaborators to pinpoint and quantify architecture debts, from multi-national corporations to startup companies. Our technology leverages a wide range of project data, from source file dependencies to issue records, and we interacted with projects of various sizes and characteristics. Crossing the border between research and practice, we have observed significant gaps in terms of data availability and quality among projects of different kinds. Compared with successful open source projects, data from proprietary projects are rarely complete or well-organized. Consequently, not all projects can benefit from all the features and analyses we provide. This, in turn, made them realize they needed to improve their development processes. In this talk, we categorize the commonly observed differences between open source and proprietary project data, analyze the reasons for such differences, and propose suggestions to minimize the gaps, to facilitate advances to both software research and practice.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3626232.3653259
