Browse > Article
http://dx.doi.org/10.9708/jksci.2021.26.10.093

Analysis of Incarceration Attacks with RRCReject and RRCRelease in 5G Standalone Non-Public Network  

Kim, Keewon (Dept. of Computer Engineering, Mokpo National Maritime University)
Park, Jong-Geun (Information Security Research Division, ETRI)
Park, Tae-Keun (Dept. of Computer Engineering, Dankook University)
Publication Information
Journal of the Korea Society of Computer and Information / v.26, no.10, 2021 , pp. 93-100 More about this Journal
Abstract
In this paper, the possibility of a UE (User Equipment) incarceration attack using RRCRejecet and RRCRelease in 5G SNPN (Standalone Non-Public Network) is analyzed based on the 3GPP standard document. First, the cell selection and reselection procedures of the UE are analyzed, and then the processing process of the false base station and the UE before and after transmission of RRCReject and RRCRelease is analyzed. As a result of the analysis, it is possible that the false base station that transmits a strong signal causes the victim UE to establish an RRC connection to the false base station itself. In addition, if the false base station transmits an RRCReject message without integrity protection in response to the victim UE's attempt to establish an RRC connection, it is determined that the victim UE can continue to stay in the RRC connection attempt process. On the other hand, it is determined that it is impossible to incarcerate the victim UE by inducing an attempt to establish an RRC connection to another false base station using RRCRelease.
Keywords
5G; Standalone Non-Public Network; RRC; 3GPP Standard; Incarceration Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Agiwal, A. Roy, and N. Saxena: "Next Generation 5G Wireless Networks: A Comprehensive Survey," IEEE Communications Surveys & Tutorials, Vol. 18, No. 3, pp. 1617-1655, 3rd Quart., 2016, DOI: 10.1109/COMST.2016.2532458   DOI
2 I. Ahmad, S. Shahabuddin, T. Kumar, J. Okwuibe, A. Gurtovand, M. Ylianttila, "Security for 5G and Beyond", IEEE Communications Surveys & Tutorials, Vol. 21, No. 4, pp. 3682-3722, May 2019. DOI: 10.1109/COMST.2019.2916180   DOI
3 C. Cremers and M. Dehnel-Wild, "Component-based formal analysis of 5G-AKA: channel assumptions and session confusion," in Proc. 26th Annual Network and Distributed System Security Symposium, NDSS, pp. 24-27, Feb. 2019. DOI: 10.14722/ndss.2019.23394   DOI
4 K. Kim, K. Park, T.K. Park: "Analysis of Deregistration Attacks in 5G Standalone Non-Public Network," Journal of the Korea Society of Computer and Information, Vol. 26, No. 9, pp. 81-88, Sep. 2021. DOI: 10.9708/jksci.2021.26.09.081   DOI
5 3GPP TS 38.304 v16.4.0: "NR; User Equipment (UE) procedures in Idle mode and RRC Inactive state," Mar. 2021.
6 3GPP TS 38.300 v16.5.0, "NR; NR and NG-RAN Overall Description; Stage 2," Mar. 2021.
7 H. Kim, J. Lee, E. Lee, Y. Kim: "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane," in Proc. IEEE Symposium on Security and Privacy (SP), pp. 1153-1168, May 2019. DOI: 10.1109/SP.2019.00038   DOI
8 D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler, "A Formal Analysis of 5G Authentication," In Proc. the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18), pp. 1383-1396, Oct. 2018. DOI: 10.1145/3243734.3243846   DOI
9 3GPP TS 38.331 v16.3.1: "Radio Resource Control (RRC) protocol specification," Jan. 2021.
10 R. Khan, P. Kumar, D. N. K. Jayakody, and M. Liyanage: "A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements and Future Directions," IEEE Communications Surveys & Tutorials, Vol. 22, No. 1, pp. 196-248, 1st Quart., 2020. DOI: 10.1109/COMST.2019.2933899   DOI
11 3GPP TS 38.133 v.16.7.0, "NR; Requirements for support of radio resource management," Mar. 2021.
12 S.R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, E. Bertino: "5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol," in Proc. 2019 ACM SIGSAC Conference on Computer and Communications Security, pp.669-684, Nov. 2019. DOI: 10.1145/3319535.3354263   DOI
13 5G-ACIA White Paper: "5G Non-Public Networks for Industrial Scenarios," July 2019.
14 T.K. Park, J.G. Park, K. Kim: "Security Threats and Potential Security Requirements in 5G Non-Public Networks for Industrial Applications," Journal of the Korea Society of Computer and Information, Vol. 25, No. 11, pp. 105-114, Nov. 2020. DOI: 10.9708/jksci.2020.25.11.105.   DOI
15 M. Wollschlaeger, T. Sauter and J. Jasperneite, "The Future of Industrial Communication: Automation Networks in the Era of the Internet of Things and Industry 4.0," IEEE Industrial Electronics Magazine, Vol. 11, No. 1, pp. 17-27, Mar. 2017, DOI: 10.1109/MIE.2017.2649104.   DOI