An official website of the United States government
The 5G user plane function (UPF) is a critical inter-connection point between the data network and cellular network infrastructure. It governs the packet processing performance of the 5G core network. UPFs also need to be flexible to support several key control plane operations. Existing UPFs typically run on general-purpose CPUs, but have limited performance because of the overheads of host-based forwarding. We design Synergy, a novel 5G UPF running on SmartNICs that provides high throughput and low latency. It also supports monitoring functionality to gather critical data on user sessions for the prediction and optimization of handovers during user mobility. The SmartNIC UPF efficiently buffers data packets during handover and paging events by using a two-level flow-state access mechanism. This enables maintaining flow-state for a very large number of flows, thus providing very low latency for control and data planes and high throughput packet forwarding. Mobility prediction can reduce the handover delay by pre-populating state in the UPF and other core NFs. Synergy performs handover predictions based on an existing recurrent neural network model. Synergy's mobility predictor helps us achieve 2.32× lower average handover latency. Buffering in the SmartNIC, rather than the host, during paging and handover events reduces packet loss rate by at least 2.04×. Compared to previous approaches to building programmable switch-based UPFs, Synergy speeds up control plane operations such as handovers because of the low P4-programming latency leveraging tight coupling between SmartNIC and host.
more »
« less
5GAC-Analyzer: Identifying Over-Privilege Between 5G Core Network Functions
5G technology transitions the cellular network core from specialized hardware into software-based cloud-native network functions (NFs). As part of this change, the 3GPP defines an access control policy to protect NFs from one another and third-party network applications. A manual review of this policy by the 3GPP identified an over-privilege flaw that exposes cryptographic keys to all NFs. Unfortunately, such a manual review is difficult due to ambiguous documentation. In this paper, we use static program analysis to extract NF functionality from four 5G core implementations and compare that functionality to what is permissible by the 3GPP policy. We discover two previously unknown instances of over-privilege that can lead denial-of-service and extract sensitive data. We have reported our findings to the GSMA, who has confirmed the significance of these policy flaws.
more »
« less
- PAR ID:
- 10560564
- Publisher / Repository:
- ACM
- Date Published:
- ISBN:
- 9798400705823
- Page Range / eLocation ID:
- 66 to 77
- Subject(s) / Keyword(s):
- 5G Core OAuth Access Control
- Format(s):
- Medium: X
- Location:
- Seoul Republic of Korea
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Networks today increasingly support in-network functionality via network function virtualization (NFV) or similar technologies. Such approaches enable a wide range of functionality to be deployed on behalf of end systems, such as offloading Tor services, enforcing network usage policies on encrypted traffic, or new functionality in 5G. An important open problem with such approaches is auditing. Namely, such services rely on third-party network providers to faithfully deploy and run their functionality as intended, but often have little to no insight as to whether providers do so. To address this problem, prior work provides point solutions such as verifiable routing with per-packet overhead, or audits of security practices; however, these approaches are not flexible---they are limited to auditing a small set of functionality and do not allow trade-offs between auditing coverage and overhead. In this paper, we propose NFAudit, which allows auditing of deployed NFs with a flexible approach where a wide range of important properties can be audited with configurable, low overhead. Our key insight is that the design of simple, composable, and flexible auditing primitives, combined with limited trust (in the form of secure enclaves) can permit a wide range of auditing functionality and configurable---and often low---cost.more » « less
-
End-to-End O-RAN Security Architecture, Threat Surface, Coverage, and the Case of the Open FronthaulO-RAN establishes an advanced radio access network (RAN) architecture that supports inter-operable, multi-vendor, and artificial intelligence (AI) controlled wireless access networks. The unique components, interfaces, and technologies of O-RAN differentiate it from the 3GPP RAN. Because O-RAN supports 3GPP protocols, currently 4G and 5G, while offering additional network interfaces and controllers, it has a larger attack surface. The O-RAN security requirements, vulnerabilities, threats, and countermeasures must be carefully assessed for it to become a platform for 5G Advanced and future 6G wireless. This article presents the ongoing standardization activities of the O-RAN Alliance for modeling the potential threats to the network and to the open fronthaul interface, in particular. We identify end-to-end security threats and discuss those on the open fronthaul in more detail. We then provide recommendations for countermeasures to tackle the identified security risks and encourage industry to establish standards and best practices for safe and secure implementations of the open fronthaul interface.more » « less
-
In December 2017, the Third Generation Partnership Project (3GPP) released the first set of specifications for 5G New Radio (NR), which is currently the most widely accepted 5G cellular standard. 5G NR is expected to replace LTE and previous generations of cellular technology over the next several years, providing higher throughput, lower latency, and a host of new features. Similar to LTE, the 5G NR physical layer consists of several physical channels and signals, most of which are vital to the operation of the network. Unfortunately, like for any wireless technology, disruption through radio jamming is possible. This paper investigates the extent to which 5G NR is vulnerable to jamming and spoofing, by analyzing the physical downlink and uplink control channels and signals. We identify the weakest links in the 5G NR frame, and propose mitigation strategies that should be taken into account during implementation of 5G NR chipsets and base stations.more » « less
-
The Third Generation Partnership Project (3GPP) introduced the fifth generation new radio (5G NR) specifications which offer much higher flexibility than legacy cellular communications standards to better handle the heterogeneous service and performance requirements of the emerging use cases. This flexibility, however, makes the resources management more complex. This paper therefore designs a data driven resource allocation method based on the deep Q-network (DQN). The objective of the proposed model is to maximize the 5G NR cell throughput while providing a fair resource allocation across all users. Numerical results using a 3GPP compliant 5G NR simulator demonstrate that the DQN scheduler better balances the cell throughput and user fairness than existing schedulers.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3643833.3656134
