5G network equipment security assessment escort "new infrastructure"

Unlike 4G mobile communication technology, which mainly realizes communication between people, 5G, with its high bandwidth, low latency and ultra-high density connection capabilities, comprehensively expands the objects of communication services to people and things, things and things, and opens a new era of the Internet of Everything. As an important part of the "new infrastructure", 5G plays an extremely important role in the construction process of the new era in my country. While the commercial use of 5G has brought profound changes to various social fields such as science and technology and economy, it has also brought challenges to national public security, network security and data security. Basic network equipment is the foundation for the stable operation of the network. If there are security problems with the equipment, it will bring security risks to the entire network system and users using the network. Therefore, it is very necessary to formulate a comprehensive and effective security capability assessment plan for 5G network equipment (including wireless and core networks).

5G Network Equipment Security Risk Analysis

5G inherits the security architecture of 4G networks and provides stronger security capabilities than 4G, including enhanced user privacy protection and enhanced integrity protection, but it also inherits some of the vulnerabilities of 4G networks. In addition, 5G networks introduce new technologies and bring new security risks.

5G base station equipment mainly has security risks such as air interface user data eavesdropping and tampering, air interface DDoS attacks, malicious interference of fake base stations or other attack sources to the air interface, and unencrypted base station data transmission, which may cause the leakage of terminal user privacy data or key data of industry applications, and the eavesdropping and tampering of communication data traffic. 5G core network equipment is mainly used to store a lot of private information such as user identity, location information, service information, capability information, and communication data, manage user access and sessions, and forward user traffic data. If 5G core network equipment is not effectively protected, it may cause user privacy information leakage, tampering, and illegal abuse.

The 5G core network has introduced new technologies such as network function virtualization, network slicing, edge computing, service-oriented architecture, and network capability exposure. The network architecture has undergone major changes, bringing new security challenges. Network infrastructure virtualization has made the 5G core network equipment form no longer limited to dedicated hardware, blurring the traditional network boundaries. Insufficient boundary isolation and protection will cause external intrusions to damage the core network, which in turn affects the stable operation of 5G core network equipment. The openness of network capabilities has expanded the core network data from a closed platform to an open platform, increasing the risk of user personal information leakage. Service-oriented architecture network elements use service-oriented architecture technology to improve the flexibility and openness of the core network, but also increase the number of interfaces that may be attacked by the device. Edge computing causes UPF devices to be exposed to unsafe environments, increasing the possibility of physical attacks, which may affect the safe operation of the entire edge computing network.

5G network equipment security evaluation system

In order to ensure the trust of all parties in the industry chain in the mobile communication network and maintain healthy competition among equipment suppliers, the Global Mobile Communications Association (GSMA) and the Third Generation Partnership Project (3GPP) have jointly launched the Network Security Assurance Scheme (NESAS). The European Union has determined that NESAS will be used as the baseline reference for 5G security certification in the unified network security certification framework. The United States, Spain, Sweden and relevant security laboratories in my country are all promoting the NESAS system. NESAS mainly includes two parts: audit evaluation and test evaluation. NESAS is responsible for the preparation of relevant specifications for security audits and evaluation mechanisms, and the test evaluation standards refer to the SCAS (Security Assurance Specification) series of specifications formulated by 3GPP. During the test and evaluation stage, the security test laboratory tests the security capabilities of network equipment according to the SCAS series of standards defined by 3GPP and generates a test report.

5G network equipment security evaluation content

According to the SCAS series of specifications developed by 3GPP, the security evaluation content of 5G network equipment can be divided into three parts: general security requirements, base station-specific security requirements, and core network-specific security requirements. General security requirements mainly refer to the security capability requirements applicable to both base station equipment and core network equipment, mainly including data and information protection, availability and integrity protection, operating system and Web service security, vulnerability, robustness/ambiguity, software package security, etc. The specific security requirements of base station equipment include air interface signaling encryption protection, air interface data transmission protection, network switching security, isolation security, etc. The specific security requirements of core network equipment include service-oriented architecture security, signaling encryption protection, switching security, user plane data protection, user identity security, roaming security, slice isolation security, etc.

5G Network Equipment Security Assessment Method

According to the security assessment content of 5G network equipment, 5G network wireless equipment and core network equipment are assessed from the user plane, signaling plane, and management plane, and a comprehensive assessment system for equipment, interfaces, and protocols is constructed. The main assessment methods include scanning test, simulated attack test, fuzz test, protocol analysis test, air interface test, signaling traffic simulation test, etc.

Scan Test

The scanning test mainly uses port scanning, vulnerability scanning, source code scanning, etc. to check whether 5G base stations and 5G core network equipment have unsafe services/ports, security defects, unfixed known vulnerabilities and potential security risks, and verify the security of the equipment from the code, system and service levels.

Simulated attack test

The simulated attack test mainly constructs attack messages and sends them to the device under test to detect whether the device has protection capabilities. It can use pre-authentication messages to launch DoS attacks, use empty encryption/empty integrity algorithm messages to launch attacks, and build abnormal processes/abnormal fields to attack. The simulated attack test is mainly used to detect basic security requirements such as operating system security, Web service security, and network device protection security, as well as the security configuration of operating systems and Web services, isolation properties of network devices, and other reinforced security requirements.

Fuzz Testing

Fuzz testing mainly reveals hidden errors missed by other testing methods by sending, sniffing, dissecting and forging network data packets, automatically generating, mutation modeling and intelligently generating test cases. It is mainly used to detect the robustness of devices, such as by traversing various values ​​of protocol cells, constructing and sending a large amount of malicious/random data to the device under test, in order to explore unknown security issues that may exist in the device.

Protocol analysis test

The protocol analysis test mainly captures and analyzes the messages of the device interface to check whether the processing flow of the device meets expectations. It is mainly used to detect the consistency of the protocol functions of the device under test.

Air interface test

The air interface test mainly modifies the terminal's security parameter configuration and security capability settings, constructs abnormal protocol messages and sends them to the base station under test to check whether the base station's processing meets expectations. It is mainly used to trigger abnormal scenarios in the base station protocol function consistency test, such as signaling integrity verification failure, signaling empty integrity verification prohibited access, signaling anti-replay, data integrity verification failure, data anti-replay, etc.

Signaling traffic simulation test

The signaling traffic simulation test mainly constructs an end-to-end simulation test environment for the core network element under test by simulating the 5G interface protocol and constructing 5G traffic, or constructs abnormal protocol messages or traffic and sends them to the core network equipment under test to check whether the processing of the core network element under test meets expectations. It is mainly used for the construction and analysis of abnormal signaling such as encryption and integrity protection, authentication processes, such as UE security capability negotiation consistency test.

The SCAS specification defines the unknown security threats and vulnerabilities that may exist in 5G network equipment. The basic security capabilities that 5G equipment must possess require the construction of a comprehensive and objective detection tool set. On the one hand, it can comprehensively and objectively verify whether 5G network equipment meets the security capabilities required by the specification. On the other hand, it can assist in the discovery of security issues in 5G network equipment and the development of testing and verification technologies.

summary

The security of 5G network equipment is a key factor related to the security of cyberspace. During the development opportunity period of "new infrastructure" in my country, we should comprehensively and in-depth analyze the security risks and threats faced by 5G equipment, continue to track the NESAS and SCAS evaluation requirements and methods, increase investment in the research and development of 5G security technology and testing and verification technology, use objective evaluation methods to discover security issues in 5G network equipment, and improve the security level of equipment.