Automated vulnerability discovery method for 5G core network protocol
With the widespread development of fifth-generation (5G) mobile communication technology, concerns regarding 5G network security have also increased.Blackbox fuzzing is a commonly used method for automated vulnerability discovery in software security.However, applying dynamic approaches like fuzzing...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024006 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530295843553280 |
|---|---|
| author | Peixiang WU Zhilong ZHANG Libo CHEN Yijun WANG Zhi XUE |
| author_facet | Peixiang WU Zhilong ZHANG Libo CHEN Yijun WANG Zhi XUE |
| author_sort | Peixiang WU |
| collection | DOAJ |
| description | With the widespread development of fifth-generation (5G) mobile communication technology, concerns regarding 5G network security have also increased.Blackbox fuzzing is a commonly used method for automated vulnerability discovery in software security.However, applying dynamic approaches like fuzzing to discover vulnerabilities in the complex design of 5G core network protocols poses challenges such as low efficiency, poor versatility, and lack of scalability.Therefore, a novel static method to examine the open-source solution of the 5G core network was proposed.Through this method, a series of memory leak security issues caused by improper variable life cycle management were identified, which can lead to denial-of-service attacks on the 5G core network.To summarize these weaknesses, a general vulnerability model and an automated vulnerability discovery method called HoI were presented, which utilized hybrid analysis based on control and data flow.By successfully discovering five zero-day bugs in Open5GS, an open-source solution for the 5G core network, vulnerabilities that cover practical application scenarios of multiple interface protocols in the 5G core network were identified.These vulnerabilities have wide-ranging impact, are highly detrimental, and can be easily exploited.They have been reported to the vendor and assigned four Common Vulnerabilities and Exposures (CVE) numbers, demonstrating the effectiveness of this automated vulnerability discovery method. |
| format | Article |
| id | doaj-art-70a9378202814f92aea75dcf185b8b8d |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-70a9378202814f92aea75dcf185b8b8d2025-01-15T03:05:18ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-02-011015616859581947Automated vulnerability discovery method for 5G core network protocolPeixiang WUZhilong ZHANGLibo CHENYijun WANGZhi XUEWith the widespread development of fifth-generation (5G) mobile communication technology, concerns regarding 5G network security have also increased.Blackbox fuzzing is a commonly used method for automated vulnerability discovery in software security.However, applying dynamic approaches like fuzzing to discover vulnerabilities in the complex design of 5G core network protocols poses challenges such as low efficiency, poor versatility, and lack of scalability.Therefore, a novel static method to examine the open-source solution of the 5G core network was proposed.Through this method, a series of memory leak security issues caused by improper variable life cycle management were identified, which can lead to denial-of-service attacks on the 5G core network.To summarize these weaknesses, a general vulnerability model and an automated vulnerability discovery method called HoI were presented, which utilized hybrid analysis based on control and data flow.By successfully discovering five zero-day bugs in Open5GS, an open-source solution for the 5G core network, vulnerabilities that cover practical application scenarios of multiple interface protocols in the 5G core network were identified.These vulnerabilities have wide-ranging impact, are highly detrimental, and can be easily exploited.They have been reported to the vendor and assigned four Common Vulnerabilities and Exposures (CVE) numbers, demonstrating the effectiveness of this automated vulnerability discovery method.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.20240065G core networkopen-source solutionprotocol securitystatic analysisvulnerability discovery |
| spellingShingle | Peixiang WU Zhilong ZHANG Libo CHEN Yijun WANG Zhi XUE Automated vulnerability discovery method for 5G core network protocol 网络与信息安全学报 5G core network open-source solution protocol security static analysis vulnerability discovery |
| title | Automated vulnerability discovery method for 5G core network protocol |
| title_full | Automated vulnerability discovery method for 5G core network protocol |
| title_fullStr | Automated vulnerability discovery method for 5G core network protocol |
| title_full_unstemmed | Automated vulnerability discovery method for 5G core network protocol |
| title_short | Automated vulnerability discovery method for 5G core network protocol |
| title_sort | automated vulnerability discovery method for 5g core network protocol |
| topic | 5G core network open-source solution protocol security static analysis vulnerability discovery |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024006 |
| work_keys_str_mv | AT peixiangwu automatedvulnerabilitydiscoverymethodfor5gcorenetworkprotocol AT zhilongzhang automatedvulnerabilitydiscoverymethodfor5gcorenetworkprotocol AT libochen automatedvulnerabilitydiscoverymethodfor5gcorenetworkprotocol AT yijunwang automatedvulnerabilitydiscoverymethodfor5gcorenetworkprotocol AT zhixue automatedvulnerabilitydiscoverymethodfor5gcorenetworkprotocol |