[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.9708/jksci.2022.27.09.113

Analysis of the IP Spoofing Attack Exploiting Null Security Algorithms in 5G Networks

Park, Tae-Keun (Dept. of Computer Engineering, Dankook University)
Park, Jong-Geun (Information Security Research Division, ETRI)
Kim, Keewon (Dept. of Computer Engineering, Mokpo National Maritime University)

Publication Information

Journal of the Korea Society of Computer and Information / v.27, no.9, 2022 , pp. 113-120 More about this Journal

Abstract

In this paper, we analyze the feasibility of the IP spoofing attack exploiting null security algorithms in 5G networks based on 3GPP standard specifications. According to 3GPP standard specifications, the initial Registration Request message is not protected by encryption and integrity. The IP spoofing attack exploits the vulnerability that allows a malicious gNB (next generation Node B) to modify the contents of the initial Registration Request message of a victim UE (User Equipment) before forwarding it to AMF (Access and Mobility Management Function). If the attack succeeds, the victim UE is disconnected from the 5G network and a malicious UE gets Internet services, while the 5G operator will charge the victim UE. In this paper, we analyze the feasibility of the IP spoofing attack by analyzing whether each signaling message composing the attack conforms to the 3GPP Rel-17 standard specifications. As a result of the analysis, it is determined that the IP spoofing attack is not feasible in the 5G system implemented according to the 3GPP Rel-17 standard specifications.

Keywords

5G; Null Security Algorithm; 3GPP Standard; IP Spoofing Attack; Attack Analysis;

Citations & Related Records

Times Cited By KSCI : 3 (Citation Analysis)

Reference
Cited By KSCI

1	S.R. Hussain, O. Chowdhury, S. Mehnaz, and E. Bertino, "LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE," in Proc. 25th Annual Network and Distributed System Security Symposium, NDSS, pp. 18-21, Feb. 2018. DOI: 10.14722/NDSS.2018.23313. DOI
2	R. Zhang, W. Zhou, and H. Hu, "Towards 5G Security Analysis against Null Security Algorithms Used in Normal Communication," Hindawi Security and Communication Networks, Vol. 2021, Article ID 4498324, Oct. 2021. DOI: 10.1155/2021/4498324 DOI
3	K. Kim, K. Park, and T.K. Park, "Analysis of Deregistration Attacks in 5G Standalone Non-Public Network," Journal of the Korea Society of Computer and Information, Vol. 26, No. 9, pp. 81-88, Sep. 2021. DOI: 10.9708/jksci.2021.26.09.081. DOI
4	K. Kim, K. Park, and T.K. Park, "Analysis of DoS Attack against Users with Spoofed RRC Connections in 5G SNPN," Journal of KIIT, Vol. 19, No. 10, pp. 79-85, Oct. 31, 2021. DOI: 10.14801/jkiit.2021.19.10.79. DOI
5	K. Kim, J.G. Park, and T.K. Park, "Analysis of Incarceration Attacks with RRCReject and RRCRelease in 5G Standalone Non-Public Network," Journal of the Korea Society of Computer and Information, Vol. 26 No. 10, pp. 93-100, October 2021. DOI: 10.9708/jksci.2021.26.10.093. DOI
6	S.R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, E. Bertino: "5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol," in Proc. 2019 ACM SIGSAC Conference on Computer and Communications Security, pp.669-684, Nov. 2019. doi: 10.1145/3319535.3354263. DOI
7	J. Navarro-Ortiz, P. Romero-Dias, S. Sendra, P. Ameigeiras, J. J. Ramos-Munoz, and J. M. Lopez-Soler, "A Survey on 5G Usage Scenarios and Traffic Models," IEEE Communications Surveys & Tutorials, Vol. 22, Issue 2, pp.905-929, 2nd Quart., June 2020. DOI: 10.1109/COMST.2020.2971781 DOI
8	3GPP. TS 38.331 v17.0.0: "NR; Radio Resource Control (RRC) Protocol Sepcification (Rel-17)," March. 2022.
9	3GPP. TS 23.502 v17.4.0: "Procedures for the 5G System (5GS); Stage 2; (Rel-17)," March. 2022.
10	H. Kim, J. Lee, E. Lee, Y. Kim: "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane," in Proc. IEEE Symposium on Security and Privacy (SP), pp. 1153-1168, May 2019. DOI: 10.1109/SP.2019.00038. DOI
11	3GPP. TS 24.501 v17.6.1: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3; (Rel-17)," March. 2022.
12	3GPP. TS 33.501 v17.5.0: "Security architecture and procedures for 5G system (Rel-17)," March. 2022.
13	A. Gupta and R. K. Jha, "A Survey of 5G Network: Architecture and Emerging Technologies," IEEE Access, Vol. 3, pp.1206-1232, July 2015. DOI: 10.1109/ACCESS.2015.2461602 DOI
14	O. O. Erunkulu, A. M. Zungeru, C. K. Lebekwe, M. Mosalaosi, and J. M. Chuma, "5G Mobile Communication Applications: A Survey and Comparison of Use Cases," IEEE Access, Vol. 9, pp.97251-97295, July 2021. DOI: 10.1109/ACCESS.2021.3093213 DOI
15	R. Khan, P. Kumar, D. N. K. Jayakody, and M. Liyanage: "A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements and Future Directions," IEEE Communications Surveys & Tutorials, Vol. 22, No. 1, pp. 196-278, 1st Quart., March 2020. DOI: 10.1109/COMST.2019.2933899 DOI
16	S. Sullivan, A. Brighente, S. A. P. Kumar, and M. Conti, "5G Security Challenges and Solutions: A Review by OSI Layers," IEEE Access, Vol. 9, pp.116294-116314, Aug. 2021. DOI: 10.1109/ACCESS.2021.3105396 DOI