ASTRA-5G: Automated Over-the-Air Security Testing and Research Architecture for 5G SA Devices
Authors: 
Syed Khandker, Michele Guerra, Evangelos Bitsikas, Roger Piqueras Jover, Aanjhan Ranganathan, Christina PöpperAuthors Info & Claims
Pages 89 - 100
Abstract
Despite the widespread deployment of 5G technologies, there exists a critical gap in security testing for 5G Standalone (SA) devices. Existing methods, largely manual and labor-intensive, are ill-equipped to fully uncover the state of security in the implementations of 5G SA protocols and standards on devices, severely limiting the ability to conduct comprehensive evaluations. To address this issue, in this work, we introduce a novel, open-source framework that automates the security testing process for 5G SA devices. By leveraging enhanced functionalities of 5G SA core and Radio Access Network (RAN) software, our framework offers a streamlined approach to generating, executing, and evaluating test cases, specifically focusing on the Non-Access Stratum layer. Our application of this framework across multiple 5G SA devices provides in-depth security insights, significantly improving testing efficiency and breadth.
References
[1]
3GPP. 2023. 5G; Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3. 3rd Generation Partnership Project (3GPP). Version 17.9.0
[2]
3GPP. 2023. 5G; Security architecture and procedures for 5G System. 3rd Generation Partnership Project (3GPP). Version 17.8.0.
[3]
5G America. 2020. Security considrations for the 5G era. https://www.5gamericas.org/wp-content/uploads/2020/07/Security-Considerations-for-the-5G-Era-2020-WP-Lossless.pdf.
[4]
Android. 2023. Android carrier list. https://android.googlesource.com/platform/packages/providers/TelephonyProvider//refs/heads/main/assets/sdk33_carrier_id/carrier_list.textpb.
[5]
Lina Bariah, Hang Zou, Qiyang Zhao, Belkacem Mouhouche, Faouzi Bader, and Merouane Debbah. 2023. Understanding Telecom Language Through Large Language Models. arXiv:2306.07933
[6]
Evangelos Bitsikas, Syed Khandker, Ahmad Salous, Aanjhan Ranganathan, Roger Piqueras Jover, and Christina Pöpper. 2023. UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework. In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'23). ACM, New York, NY, USA, 121--132. https://doi.org/10.1145/3558482.3590194
[7]
Open Cell. 2023. Commercial UEs tests. https://open-cells.com/index.php/2022/07/26/ues.
[8]
Yi Chen, Di Tang, Yepeng Yao, Mingming Zha, Xiaofeng Wang, Xiaozhong Liu, Haixu Tang, and Dongfang Zhao. 2022. Seeing the Forest for the Trees: Understanding Security Hazards in the 3GPP Ecosystem through Intelligent Analysis on Change Requests. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 17--34.
[9]
Yi Chen, Yepeng Yao, XiaoFeng Wang, Dandan Xu, Chang Yue, Xiaozhong Liu, Kai Chen, Haixu Tang, and Baoxu Liu. 2021. Bookworm Game: Automatic Discovery of LTE Vulnerabilities Through Documentation Analysis. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA. IEEE, 1197--1214. https://doi.org/10.1109/SP40001.2021.00104
[10]
Merlin Chlosta, David Rupprecht, Thorsten Holz, and Christina Pöpper. 2019. LTE security disabled: misconfiguration in commercial networks. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'19). ACM, New York, NY, USA, 261--266. https://doi.org/10.1145/3317549.3324927
[11]
Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv:1810.04805
[12]
Kaiming Fang and Guanhua Yan. 2018. Emulation-Instrumented Fuzz Testing of 4G/LTE Android Mobile Devices Guided by Reinforcement Learning. In Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, Vol. 11099. Springer, Berlin, Heidelberg, 20--40. https://doi.org/10.1007/978--3--319--98989--1_2
[13]
Matheus E. Garbelini, Zewen Shang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan. 2022. Towards Automated Fuzzing of 4G/5G Protocol Implementations Over the Air. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. IEEE, 86--92. https://doi.org/10.1109/GLOBECOM48099.2022.10001673
[14]
Genymobile. 2023. Scrcpy. https://github.com/Genymobile/scrcpy.
[15]
Google. 2023. Google Bard. https://bard.google.com.
[16]
Grant Hernandez, Marius Muench, Dominik Maier, Alyssa Milburn, Shinjo Park, Tobias Scharnowski, Tyler Tucker, Patrick Traynor, and Kevin R. B. Butler. 2022. FirmWire: Transparent Dynamic Analysis for Cellular Baseband Firmware. In Proceedings of the 29th Annual Network and Distributed System Security Symposium, (NDSS'22), San Diego, California, USA. The Internet Society. https://doi.org/10.14722/ndss.2022.23136
[17]
Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino. 2018. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE. In Proceedings of the 25th Annual Network and Distributed System Security Symposium, (NDSS'18), San Diego, California, USA. The Internet Society. https://doi.org/10.14722/ndss.2018.23313
[18]
Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino. 2019. 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). ACM, NY, USA, 669--684. https://doi.org/10.1145/3319535.3354263
[19]
Syed Rafiul Hussain, Imtiaz Karim, Abdullah Al Ishtiaq, Omar Chowdhury, and Elisa Bertino. 2021. Noncompliance as Deviant Behavior: An Automated Black Box Noncompliance Checker for 4G LTE Cellular Devices. In ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS '21). ACM, New York, NY, USA, 1082--1099. https://doi.org/10.1145/3460120.3485388
[20]
Abdullah Al Ishtiaq, Sarkar Snigdha Sarathi Das, Syed Md. Mukit Rashid, Ali Ranjbar, Kai Tu, Tianwei Wu, Zhezheng Song, Weixuan Wang, Mujtahid Akon, Rui Zhang, and Syed Rafiul Hussain. 2023. Hermes: Unlocking Security Analysis of Cellular Network Protocols by Synthesizing Finite State Machines from Natural Language Specifications. arXiv:2310.04381
[21]
Bedran Karakoc, Nils Fürste, David Rupprecht, and Katharina Kohls. 2023. Never Let Me Down Again: Bidding-Down Attacks and Mitigations in 5G and 4G. In Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '23). ACM, New York, NY, USA, 97--108. https://doi.org/10.1145/3558482.3581774
[22]
Imtiaz Karim, Syed Rafiul Hussain, and Elisa Bertino. 2021. ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations. In 41st IEEE International Conference on Distributed Computing Systems, ICDCS 2021, Washington DC, USA. IEEE, 773--785. https://doi.org/10.1109/ICDCS51616.2021.00079
[23]
Imtiaz Karim, Kazi Samin Mubasshir, Mirza Masfiqur Rahman, and Elisa Bertino. 2023. SPEC5G: A Dataset for 5G Cellular Network Protocol Analysis. arXiv:2301.09201
[24]
Eunsoo Kim, Min Woo Baek, CheolJun Park, Dongkwan Kim, Yongdae Kim, and Insu Yun. 2023. BASECOMP: A Comparative Analysis for Integrity Protection in Cellular Baseband Software. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 3547--3563.
[25]
Eunsoo Kim, Dongkwan Kim, CheolJun Park, Insu Yun, and Yongdae Kim. 2021. BaseSpec: Comparative Analysis of Baseband Software and Cellular Specifications for L3 Protocols. In Proceedings of the 28th Annual Network and Distributed System Security Symposium, (NDSS'21), San Diego, California, USA. https://doi.org/10.14722/ndss.2021.24365
[26]
Hongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim. 2019. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA. IEEE, 1153--1168. https://doi.org/10.1109/SP.2019.00038
[27]
Daniel Klischies, Moritz Schloegel, Tobias Scharnowski, Mikhail Bogodukhov, David Rupprecht, and Veelasha Moonsamy. 2023. Instructions Unclear: Undefined Behaviour in Cellular Network Specifications. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 3475--3492.
[28]
Manikanta Kotaru. 2023. Adapting Foundation Models for Information Synthesis of Wireless Communication Specifications. arXiv:2308.04033
[29]
Dominik Maier, Lukas Seidel, and Shinjo Park. 2020. BaseSAFE: Baseband Sanitized Fuzzing through Emulation. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '20). ACM, New York, NY, USA, 122--132. https://doi.org/10.1145/3395351.3399360
[30]
Lusani Mamushiane, Albert Lysko, Hlabishi Kobo, and Joyce Mwangama. 2023. Deploying a Stable 5G SA Testbed Using srsRAN and Open5GS: UE Integration and Troubleshooting Towards Network Slicing. In 2023 International Conference on Artificial Intelligence, Big Data, Computing and Data Communication Systems (icABCD). IEEE, 1--10. https://doi.org/10.1109/icABCD59051.2023.10220512
[31]
Meta. 2023. LLAMA 2. https://llama.meta.com.
[32]
Open5gs. 2023. Open5gs. https://open5gs.org.
[33]
OpenAI. 2023. OpenAI. https://openai.com.
[34]
Osmocom. 2023. PySim. https://osmocom.org/projects/pysim/wiki.
[35]
CheolJun Park, Sangwook Bae, BeomSeok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, and Yongdae Kim. 2022. DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices. In 31th USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1325--1342.
[36]
MinWoo Park. 2023. Bard API. https://github.com/dsdanielpark/Bard-API.
[37]
Srinath Potnuru and Prajwol Kumar Nakarmi. 2021. Berserker: ASN.1-based Fuzzing of Radio Resource Control Protocol for 4G and 5G. In 17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE, 295--300. https://doi.org/10.1109/WiMob52687.2021.9606317
[38]
David Rupprecht, Kai Jansen, and Christina Pöpper. 2016. Putting LTE Security Functions to the Test: A Framework to Evaluate Implementation Correctness. In USENIX Workshop on Offensive Technologies (Austin, TX) (WOOT'16). USENIX Association, USA, 40--51.
[39]
srsRAN. 2023. srsRAN. https://www.srsran.com.
[40]
srsRAN. 2023. Tested COTS UEs. https://docs.srsran.com/projects/project/en/latest/knowledge_base/source/cots_ues/source/index.html.
[41]
Swind. 2020. Pure Python ADB. https://github.com/Swind/pure-python-adb.
[42]
Haohuang Wen, Phillip Porras, Vinod Yegneswaran, Ashish Gehani, and Zhiqiang Lin. 2024. 5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service. In Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS'24), San Diego, California, USA. The Internet Society.
[43]
Chuan Yu, Shuhui Chen, Ziling Wei, and Fei Wang. 2023. SecChecker: Inspecting the security implementation of 5G Commercial Off-The-Shelf (COTS) mobile devices. Comput. Secur. 132 (2023), 103361. https://doi.org/10.1016/j.cose.2023.103361
Index Terms
- ASTRA-5G: Automated Over-the-Air Security Testing and Research Architecture for 5G SA Devices
Recommendations
UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework
WiSec '23: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile NetworksSecurity flaws and vulnerabilities in cellular networks lead to severe security threats given the data-plane services that are involved, from calls to messaging and Internet access. While the 5G Standalone (SA) system is currently being deployed ...
Security Standards and Measures for Massive IoT in the 5G Era
AbstractWith the development of 5G technology, Internet of Things (IoT) is proliferating and deeply integrated with our daily lives and industry productions. IoT applications in the 5G era generate massive connections, and this would bring about many ...
The Study on an Intelligent General-Purpose Automated Software Testing Suite
ICICTA '10: Proceedings of the 2010 International Conference on Intelligent Computation Technology and Automation - Volume 03To make the labor intensive manual software testing automated, we present the design and implementation of an intelligent general-purpose automated software testing suite. With the two main tools in the suite: an automated software testing scheduler, ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2024
312 pages
ISBN:9798400705823
DOI:10.1145/3643833
- General Chairs:
- Yongdae Kim,
- Jong Kim,
- Program Chairs:
- Farinaz Koushanfar,
- Kasper Rasmussen
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- The National Science Foundation
- The Center for Cyber Security at New York University Abu Dhabi (NYUAD)
Conference
WiSec '24: 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
May 27 - 29, 2024
Seoul, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 98 of 338 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 376Total Downloads
- Downloads (Last 12 months)376
- Downloads (Last 6 weeks)112
Reflects downloads up to 26 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in