Analysis of Deregistration Attacks in 5G Standalone Non-Public Network

Abstract

In this paper, we analyze the possibility of deregistration attack in 5G SNPN (Standalone Non-Public Network) based on 3GPP standard document. In the deregistraion attack, the attacker pretends to be a UE that is normally registered with AMF (Access and Mobility Management Function) and attempts to establish a spoofed RRC (Radio Resource Control) connection, causing AMF to deregister the existing UE. The existing deregistration attack attempts a spoofed RRC connection to the AMF in which the UE is registered. In addition, this paper analyzes whether deregistration attack is possible even when an attacker attempts to establish a spoofed RRC connection to a new AMF that is different from the registered AMF. When the 5G mobile communication network system is implemented by faithfully complying with the 3GPP standard, it is determined that a deregistration attack of a UE is impossible.