Measuring the Deployment of 5G Security Enhancement

Measuring the Deployment of 5G Security Enhancement

연구 분야: Infrastructure

학회: WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks

The fifth-generation(5G) cellular network is entering an era of rapid development. Not only is 5G supposed to be fast, it also offers enhanced security based on 5G security specifications developed by the 3rd Generation Partnership Project (3GPP). However, little is known about 5G security in real world deployment. This paper analyzes 5G security features and measures their implementation in commercial 5G networks. By collecting and analyzing signaling messages between a cell phone and several commercial 5G networks, we measured multiple aspects of 5G security in real world deployment including, crypto algorithms used in the control plane, user plane (UP) security activation, subscriber identifier protection, and initial None-Access Stratum(NAS) message protection. We evaluated the compliance of commercial 5G networks with 5G security specifications. The results show that major discrepancy exists between 5G security standards and real world deployment, especially in the areas of UP protection and subscriber identifier protection. Therefore, well-known security risks, such as user data leakage, location exposure and Denial-of-Service(DoS) attacks, still apply to 5G commercial networks.