第五代核心网络功能开源实施的漏洞评估

IF 2.8 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Future Internet Pub Date : 2023-12-19 DOI:10.3390/fi16010001

Filippo Dolente, R. Garroppo, Michele Pagano

{"title":"第五代核心网络功能开源实施的漏洞评估","authors":"Filippo Dolente, R. Garroppo, Michele Pagano","doi":"10.3390/fi16010001","DOIUrl":null,"url":null,"abstract":"The paper presents an experimental security assessment within two widely used open-source 5G projects, namely Open5GS and OAI (Open-Air Interface). The examination concentrates on two network functions (NFs) that are externally exposed within the core network architecture, i.e., the Access and Mobility Management Function (AMF) and the Network Repository Function/Network Exposure Function (NRF/NEF) of the Service-Based Architecture (SBA). Focusing on the Service-Based Interface (SBI) of these exposed NFs, the analysis not only identifies potential security gaps but also underscores the crucial role of Mobile Network Operators (MNOs) in implementing robust security measures. Furthermore, given the shift towards Network Function Virtualization (NFV), this paper emphasizes the importance of secure development practices to enhance the integrity of 5G network functions. In essence, this paper underscores the significance of scrutinizing security vulnerabilities in open-source 5G projects, particularly within the core network’s SBI and externally exposed NFs. The research outcomes provide valuable insights for MNOs, enabling them to establish effective security measures and promote secure development practices to safeguard the integrity of 5G network functions. Additionally, the empirical investigation aids in identifying potential vulnerabilities in open-source 5G projects, paving the way for future enhancements and standard releases.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":" 34","pages":""},"PeriodicalIF":2.8000,"publicationDate":"2023-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Vulnerability Assessment of Open-Source Implementations of Fifth-Generation Core Network Functions\",\"authors\":\"Filippo Dolente, R. Garroppo, Michele Pagano\",\"doi\":\"10.3390/fi16010001\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper presents an experimental security assessment within two widely used open-source 5G projects, namely Open5GS and OAI (Open-Air Interface). The examination concentrates on two network functions (NFs) that are externally exposed within the core network architecture, i.e., the Access and Mobility Management Function (AMF) and the Network Repository Function/Network Exposure Function (NRF/NEF) of the Service-Based Architecture (SBA). Focusing on the Service-Based Interface (SBI) of these exposed NFs, the analysis not only identifies potential security gaps but also underscores the crucial role of Mobile Network Operators (MNOs) in implementing robust security measures. Furthermore, given the shift towards Network Function Virtualization (NFV), this paper emphasizes the importance of secure development practices to enhance the integrity of 5G network functions. In essence, this paper underscores the significance of scrutinizing security vulnerabilities in open-source 5G projects, particularly within the core network’s SBI and externally exposed NFs. The research outcomes provide valuable insights for MNOs, enabling them to establish effective security measures and promote secure development practices to safeguard the integrity of 5G network functions. Additionally, the empirical investigation aids in identifying potential vulnerabilities in open-source 5G projects, paving the way for future enhancements and standard releases.\",\"PeriodicalId\":37982,\"journal\":{\"name\":\"Future Internet\",\"volume\":\" 34\",\"pages\":\"\"},\"PeriodicalIF\":2.8000,\"publicationDate\":\"2023-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3390/fi16010001\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi16010001","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

本文介绍了在两个广泛使用的开源 5G 项目（即 Open5GS 和 OAI（Open-Air Interface））中进行的实验性安全评估。评估集中于核心网络架构中对外暴露的两个网络功能（NF），即接入和移动性管理功能（AMF）以及基于服务架构（SBA）的网络存储功能/网络暴露功能（NRF/NEF）。该分析以这些暴露的网络功能的基于服务的接口（SBI）为重点，不仅确定了潜在的安全漏洞，还强调了移动网络运营商（MNO）在实施强大的安全措施方面的关键作用。此外，鉴于向网络功能虚拟化（NFV）的转变，本文强调了安全开发实践对增强 5G 网络功能完整性的重要性。从本质上讲，本文强调了在开源 5G 项目中仔细检查安全漏洞的重要性，尤其是在核心网络的 SBI 和外部暴露的 NF 中。研究成果为移动网络运营商提供了有价值的见解，使他们能够建立有效的安全措施，促进安全开发实践，以保障 5G 网络功能的完整性。此外，实证调查有助于识别开源 5G 项目中的潜在漏洞，为未来的增强和标准发布铺平道路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Vulnerability Assessment of Open-Source Implementations of Fifth-Generation Core Network Functions

The paper presents an experimental security assessment within two widely used open-source 5G projects, namely Open5GS and OAI (Open-Air Interface). The examination concentrates on two network functions (NFs) that are externally exposed within the core network architecture, i.e., the Access and Mobility Management Function (AMF) and the Network Repository Function/Network Exposure Function (NRF/NEF) of the Service-Based Architecture (SBA). Focusing on the Service-Based Interface (SBI) of these exposed NFs, the analysis not only identifies potential security gaps but also underscores the crucial role of Mobile Network Operators (MNOs) in implementing robust security measures. Furthermore, given the shift towards Network Function Virtualization (NFV), this paper emphasizes the importance of secure development practices to enhance the integrity of 5G network functions. In essence, this paper underscores the significance of scrutinizing security vulnerabilities in open-source 5G projects, particularly within the core network’s SBI and externally exposed NFs. The research outcomes provide valuable insights for MNOs, enabling them to establish effective security measures and promote secure development practices to safeguard the integrity of 5G network functions. Additionally, the empirical investigation aids in identifying potential vulnerabilities in open-source 5G projects, paving the way for future enhancements and standard releases.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Future Internet Computer Science-Computer Networks and Communications

CiteScore

7.10

自引率

5.90%

发文量

303

审稿时长

11 weeks

期刊介绍： Future Internet is a scholarly open access journal which provides an advanced forum for science and research concerned with evolution of Internet technologies and related smart systems for “Net-Living” development. The general reference subject is therefore the evolution towards the future internet ecosystem, which is feeding a continuous, intensive, artificial transformation of the lived environment, for a widespread and significant improvement of well-being in all spheres of human life (private, public, professional). Included topics are: • advanced communications network infrastructures • evolution of internet basic services • internet of things • netted peripheral sensors • industrial internet • centralized and distributed data centers • embedded computing • cloud computing • software defined network functions and network virtualization • cloud-let and fog-computing • big data, open data and analytical tools • cyber-physical systems • network and distributed operating systems • web services • semantic structures and related software tools • artificial and augmented intelligence • augmented reality • system interoperability and flexible service composition • smart mission-critical system architectures • smart terminals and applications • pro-sumer tools for application design and development • cyber security compliance • privacy compliance • reliability compliance • dependability compliance • accountability compliance • trust compliance • technical quality of basic services.