random thoughts on 5g security
play

Random Thoughts on 5G Security Prof. Jeffrey H. Reed Bradley Dept. - PowerPoint PPT Presentation

Oct 26, 2022 •337 likes •525 views

Random Thoughts on 5G Security Prof. Jeffrey H. Reed Bradley Dept. of ECE, Virginia Tech Interim Director, Commonwealth Cyber Initiative Founding Director, Wireless@Virginia Tech reedjh@vt.edu (540) 231-2972 Portions of this presentation

  1. Random Thoughts on 5G Security Prof. Jeffrey H. Reed Bradley Dept. of ECE, Virginia Tech Interim Director, Commonwealth Cyber Initiative Founding Director, Wireless@Virginia Tech reedjh@vt.edu (540) 231-2972 Portions of this presentation extracted from the eBook, 5G Cellular Communications- Journey & Destination , , By Nishith Tripathi and Jeffrey Reed, avalable at http: p://www.thewirelessuni university.com

  2. Introduction and Motivation and Key Points Attacks on 4G and 5G can occur at any layer. Obtaining IMSI by Software-Defined • Radio (RTL-SDR) -- $32 IMSI catcher Systems are extremely complex to analyze for • vulnerabilities. While jamming is always possible, we do not want • extremely efficient protocol-aware jamming attacks to exist. There is a large community focused on higher • layer attacks (Go to Blackhat!). 3GPP has demonstrated a new level of security • consciousness. Authentication and security customization in 5G. • Pictures from: Potential new ways to address security. Roman V. Bulychev, Dmitry E. Goncharov, Irina F. • Babalova Institute Cyber Intelligent Systems Difficulty in doing this research. • National Research Nuclear University Russian Federation LTE Jammer 2

  3. Security Contributions for Rel.-15 • User plane (UP) integrity protection mechanisms. • Enhance International Mobile Subscriber Identity Privacy • Authentication and authorization (including identity management) • RAN security • Security in the UE (storage security, processing of credentials, eSIM) • Network slicing security • Increased home network control (i.e., EPC authentication and key management proof of UE presence in visiting Not all security objectives of Rel. 15 were network) met and hence much security work remains for Rel. 16

  4. Security Issues Addressed in Rel.-16 • Security mechanism for prevent access to other network slices • Trusted non-3GPP access • Authentication of the user • Security for small data mode • User plane DoS attacks When you are 16 years old you can get your driver’s license in the • Relay security USA! You might say the teenager is • Broadcast/Multicast Security Released at 16 4

  5. Potential Security Features of Rel. 16 • Customized security control of what slices a UE may use simultaneously or slice specific authentication. • Features enabling private networks for factory automation, ultra reliable and ultra low latency (URLLC), and more. • Security mechanism differentiation for network slices • Trusted non-3GPP access • Authentication of the user • Security for small data mode for CIoT applications • User plane DoS attacks • Relay security • Broadcast/Multicast Security 5

  6. Security Studies On-Going in Rel. 16 Study on Security Aspects of the 5G Service Based Architecture • Study of KDF negotiation for 5G System Security • Study on Long Term Key Update Procedures Study on Supporting 256-bit • • Study on Security aspects of Enhancement of Network Slicing Algorithms for 5G • Study on Security of the enhancement to the 5GC location services Security aspects of single radio voice continuity from 5G to UTRAN • Study on authentication and key management for applications based on • Study on security for 5G URLLC • 3GPP credential in 5G IoT • Study on SECAM and SCAS for 3GPP virtualized network products Study on evolution of Cellular IoT security for the 5G System • • Study on Security for 5GS Enhanced support of Vertical and LAN Services Study on the security of the Wireless and Wireline Convergence for the 5G • system architecture • Study on LTKUP Detailed solutions Study on Security Aspects of PARLOS Study on 5G security enhancement • • Study on User Plane Integrity Protection against false base stations • Study on Security Impacts of Virtualisation • Study on authentication enhancements in 5GS 3GPP is taking security to a whole new level of rigor. 6

  7. Security Vulnerabilities and Implementation Challenges in 5G [1] • Null Encryption and Null Authentication still supported in valid configurations • Trust in the base station is still implied before pre-authentication • Lack of certainty that base station is enforcing a number of optional security features • Key management functions left outside the specifications. [1] R. P. Jover, V. Marojevic, “Security and Protocol Exploit Analysis of the 5G Specifications,” arXiv:1809.06925, Nov 2018. 7

  8. While the 3GPP Security Process for 5G has Improved There are Other Issues • Disruption to links. • Hardware and/or software security flaws from a manufacturer. • Continuous updates to software and infrastructure parameters. • …. 8

  9. AI May Help with Vulnerability Analysis Security Monitoring UE Core Network Base Station Smart Jammer AI Control AI Control AI Control This Photo by Unknown Author is licensed under CC BY-NC-ND This Photo by Unknown Author is licensed under CC BY-SA AI Control • Use of AI and adversarial learning to find weakness. • Use of Federated Learning for Scalability. • AI may have a role in monitoring and mitigation of threats 9

  10. Problems in Doing 5G Security Researh • Equipment is Expensive – > $1M for production quality core network. – Over the air protocol analyzer > $500k. • Hard to find the right people and they are expensive and rare! • Realistic testing situations. • Privacy issues and impacting real networks though active probing– can inadvertently become the bad guy. FCC might get mad • What’s n s need eded ed – Testbed F Facilities w with T Traine ned P Person onne nel. 10

  11. Commonwealth Cyber Initiative 5G SECURITY TEST BED 5G Core Network CCI Hub, network Experiment with security systems engineering of 5G slicing • Commercial and Tactical IoT. • Power, transportation, smart cities/bases/ports. • Other Emerging Capabilities. CCI Node: NoVA led by • Prototyping emerging standards. GMU Serve Focus: Smart cities • Educate and train the community. • Generate best practices in security. • Enhance 5G knowledge in the Workforce. CCI Node: Central, led by VCU/UVA Focus: Health Tech CCI Node: Southwest, led by VT CCI Node: Coastal let by Focus: Energy & Transportation ODU F Shi i /L i ti

  12. Summary • 3GPP Release 15 (5G NR) adds new security features through modifications of the security architecture of LTE. • 3GPP Release 16 is currently undertaking study items on 5G use cases such as IoT, URLLC, network slicing, mission critical communications etc. • Even though 5G NR mitigates some of the known vulnerabilities of LTE, attacks pertaining to user subscriber identity, location and traffic profile are still possible. • AI may have an important role in finding the vulnerabilities and mitigating these vulnerabilities • Research in this area is important, but expensive and difficult to do. 12

  13. Backup Slides 13

  14. Backup Slides 14

  15. Security Enhancements in 3GPP Rel. 15 Primary authentication with built-in home control. • Integrated secondary authentication. • Inter-operator security intrinsic to the standard • Subscriber identity privacy using home network • public key Service-based architecture (SBA) • Security for the Central Unit-Distributed Unit (CU- • DU) Interface. Possibility of integrity protection of user plane. • Mobility anchor can be separated from the • security anchor. Source: 3GPP 5G Security, URL: http://www.3gpp.org/images/ articleimages/5G_security_2018_08/ 15

  16. 5G Security Use Cases Mis Mission Crit itic ical l Security [2] Cellu lular ar IoT IoT Sec Security [1 [1] ] Cross-service issues: • Efficient frequent small data • DoS, user impersonation, manipulation, traffic analysis, edge • transmissions. protection etc. Integrity protection of small data • Common functional architecture issues: • Encryption of small data • Config and service access, group key management. • Signaling overload due to malicious • Push-to-talk (PTT) issues: • apps on UE Interception, key stream reuse, private call confidentiality etc. • gNB protection from CIoT DoS attack Data Communications issues: • • Key refreshing for protection of small Protection of short data services (SDS). • • Video communications issues: data • Similar issues as PTT. Key and mac size for protection of small • • Migration and Interconnect (MCSMI): • data Maintaining security during migration and interconnection,, inter- • Protection of Non-IP Data Delivery • domain authentication, protection against external systems. Systems Interworking with 3GPP Systems: • User plane data transmission with • Terminating mission-security mechanisms. • connectionless signaling. [1] 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on evolution of Cellular IoT security for the 5G System (Release 16),” 3GPP TS 33.861 v0.3.0, Nov 2018. [2] 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects Study on mission critical security enhancements (Release 15),” 3GPP TR 33.880 v15.1.0, March 2018. 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees

Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees

Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees -> liability -> insurance -> proof some potentially relevant Develop software ecosystem with few, composable, secure elements wrapping

578 views • 3 slides
Crisis Intervention Some Random Thoughts Concerning Crisis Some days you are the bug; some

Crisis Intervention Some Random Thoughts Concerning Crisis Some days you are the bug; some

Welcome! The beatings will continue until you stop calling me a B! Crisis Intervention Some Random Thoughts Concerning Crisis Some days you are the bug; some days you are the wind shield. Never test the depth of the water with

571 views • 25 slides
Some thoughts on security after ten years of qmail 1.0 D. J. Bernstein University of Illinois at

Some thoughts on security after ten years of qmail 1.0 D. J. Bernstein University of Illinois at

Some thoughts on security after ten years of qmail 1.0 D. J. Bernstein University of Illinois at Chicago The bug-of-the-month club Every few months CERT announces Yet Another Security Hole In Sendmailsomething that lets local or even

592 views • 31 slides
Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1 , Jean-Sbastien Coron 2 Emmanuel

1.04k views • 99 slides
CS70: Jean Walrand: Lecture 38. Random Thoughts Confusing Statistics: Simpsons Paradox The

CS70: Jean Walrand: Lecture 38. Random Thoughts Confusing Statistics: Simpsons Paradox The

CS70: Jean Walrand: Lecture 38. Random Thoughts Confusing Statistics: Simpsons Paradox The numbers are applications and admissions of males and females to the two colleges of a university. Overall, the admission rate of male students is 80 %

297 views • 12 slides
RANDOM THOUGHTS a commercial perspective The mobile phone Dale Green model Chief Scientist

RANDOM THOUGHTS a commercial perspective The mobile phone Dale Green model Chief Scientist

RANDOM THOUGHTS a commercial perspective The mobile phone Dale Green model Chief Scientist Teledyne Benthos +1 508 563 1604 dale.green@teledyne.com Autonomous (Efficient) modulation & power control Working with the US Navy Export issues

362 views • 5 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Thoughts on Client Systems Security Joanna Rutkowska Invisible Things Lab SSTIC 2011, Rennes,

Thoughts on Client Systems Security Joanna Rutkowska Invisible Things Lab SSTIC 2011, Rennes,

Thoughts on Client Systems Security Joanna Rutkowska Invisible Things Lab SSTIC 2011, Rennes, France, June 2011 Why client systems security is important? If your client device (laptop, tablet, phone) is compromised... ... all the security is

1.08k views • 96 slides
Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014

Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014

Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014 tm@azimuthsecurity.com @kernelpool About Me Senior Security Researcher at Azimuth Security Masters degree in Information Security

1.24k views • 76 slides
Some Thoughts on Privacy and Security for Educational Data Ryan S. Baker University of

Some Thoughts on Privacy and Security for Educational Data Ryan S. Baker University of

Some Thoughts on Privacy and Security for Educational Data Ryan S. Baker University of Pennsylvania Penn Center for Learning Analytics Conducting research on the data becoming available from online learning Selected Projects

601 views • 31 slides
ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no

ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no

RESTORATION OF ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no boundary. Your thoughts are not confined to a certain location. We would like to think that our private thoughts are in fact

1.33k views • 92 slides
Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares

Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares

Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares the LORD. 9. For as the heavens are higher than the earth, so are My ways higher than your ways and My thoughts than your thoughts. Trusting God

444 views • 18 slides
PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

Recall We studied security of function families (in particular, block ciphers) against key recovery. But we saw that security against key recovery is not su ffi cient to ensure that natural usages of a block cipher are secure. PSEUDO-RANDOM

268 views • 13 slides
Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method Srimanta Bhattacharya and Mridul Nandi Indian Statistical Institute, Kolkata. Eurocrypt 2018 Tel Aviv, Israel 30th April, 2018 Outline 1

1.8k views • 162 slides
5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for

5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for

5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for todays IT pros Scott Lowe, VCDX 39 vExpert, Author, Blogger, Geek http://blog.scottlowe.org / Twitter: @scott_lowe Before we start Get

279 views • 15 slides
Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number is a number chosen as if by chance from some specified distribution such that selection of a large set of these numbers reproduces the underlying

720 views • 12 slides
Automated Conjecturing for Proof Discovery Craig Larson (joint work with Nico Van Cleemput)

Automated Conjecturing for Proof Discovery Craig Larson (joint work with Nico Van Cleemput)

Automated Conjecturing for Proof Discovery Craig Larson (joint work with Nico Van Cleemput) Virginia Commonwealth University Ghent University CombinaTexas Texas A&M University 8 May 2016 Kiran ChilakamarriOn Conjectures Goal To tell

1.43k views • 75 slides
STRUCTURAL CHALLENGES: THE LABOR MARKET AND BROADER ECONOMY Victor Chen, PhD Virginia

STRUCTURAL CHALLENGES: THE LABOR MARKET AND BROADER ECONOMY Victor Chen, PhD Virginia

STRUCTURAL CHALLENGES: THE LABOR MARKET AND BROADER ECONOMY Victor Chen, PhD Virginia Commonwealth University June 2017 Outline of the Talk Recent trends in todays labor market, and the specific situation of the deep poor

635 views • 32 slides
The complexity of club filters Philipp Moritz Lcke Joint work in progress with Sean Cox (VCU

The complexity of club filters Philipp Moritz Lcke Joint work in progress with Sean Cox (VCU

The complexity of club filters Philipp Moritz Lcke Joint work in progress with Sean Cox (VCU Richmond) Mathematisches Institut Rheinische Friedrich-Wilhelms-Universitt Bonn http://www.math.uni-bonn.de/people/pluecke/ Fifth Workshop on

456 views • 33 slides
Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work with Alexander Russell (University of Connecticut), Moti Yung (Google & Columbia University) Hong Sheng Zhou (Virginia Commonwealth University)

578 views • 34 slides
Harnessing the Power of Modeling Tasks through the Lens of a Math Progression Graham Fletcher

Harnessing the Power of Modeling Tasks through the Lens of a Math Progression Graham Fletcher

Harnessing the Power of Modeling Tasks through the Lens of a Math Progression Graham Fletcher gfletchy@gmail.com @gfletchy www.gfletchy.com/ Procedural Conceptual Fluency Understanding Application

1.37k views • 119 slides
Is Spring Here? WIFI Code: MVCUG Presenters Network/mvcug01!! 1 Please Silence Your Cell Phones

Is Spring Here? WIFI Code: MVCUG Presenters Network/mvcug01!! 1 Please Silence Your Cell Phones

Welcome! May 2019 Is Spring Here? WIFI Code: MVCUG Presenters Network/mvcug01!! 1 Please Silence Your Cell Phones iPhone X image courtesy of Apple, Inc. 2 General Meeting Intro of officers President, Treasurer, VP Windows, VP Mac

431 views • 15 slides
CS681: Advanced Topics in Computational Biology Can Alkan EA509 calkan@cs.bilkent.edu.tr

CS681: Advanced Topics in Computational Biology Can Alkan EA509 calkan@cs.bilkent.edu.tr

CS681: Advanced Topics in Computational Biology Can Alkan EA509 calkan@cs.bilkent.edu.tr http://www.cs.bilkent.edu.tr/~calkan/teaching/cs681/ Read Mapping When we have a reference genome & reads from DNA sequencing, which part of

906 views • 55 slides
using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi

using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi

Generating Handwritten Character Clones from an Incomplete Seed Character Set using Collaborative Filtering Kazuaki Nakamura, Eiji Miyazaki, Naoko Nitta, and Noboru Babaguchi Osaka University, Japan on 6th Aug. 2018, at ICFHR2018 Research

396 views • 17 slides

More recommend