Inferring Autoscale Information from NFV MANO for Launching Attacks - An Experimental Study with Cloudified 5G

Network function virtualization, software-defined networking, and cloud computing are the key technologies that enable dynamic, resource-efficient service provisioning in 5G networks. Auto-scaling mechanisms are an essential factor for efficient resource utilization and improved quality of experience in such networks. Autoscaling is also a defence against attacks such as Distributed Denial of Service (DDoS) but with a price. Service providers can use different European Telecommunications Standards Institute (ETSI) stack-based Network functions virtualization (NFV) management and orchestration platforms for autoscaling and dynamic resource provisioning. However, such platforms pose a risk of side channel information leak between the orchestrator and cloud. Tapping this side channel information, an adversary can infer the auto-scaling policy, scale-up/down, and cloud platform in order to launch an attack. We emulate a scalable 5G network OpenAirInterface5G bundle using Juju as a service. Using this open-source realistic 5G emulator testbed, we carry out experiments with various cloud platforms such as Openstack, Amazon Web Services (AWS), and Microsoft Azure clouds. We use MIT tale of many cities spatio-temporal load patterns that traces mobile traffic as dataset for our experiments. We show how an adversary could infer the resource scalability and type of cloud platform by analyzing as simple information as packet flow between the orchestration platform and the cloud. We use the opensource tool Zeek for intrusion detection and showed its effectiveness in detecting volume based DDoS attack in 5G. In order to evade the intrusion detection mechanism, we propose an algorithm and demonstrate a way to intelligently craft the DDoS attack with User Equipment (UE) bots.