Towards 5G Security Analysis against Null Security Algorithms Used in Normal Communication

Abstract

mailto: 5G network makes our lives delicate and more pleasant, and its security will impact the operation of the entire society. Compared with the LTE network, 5G brings up many new security features and possesses more sophisticated and robust security mechanisms, while there are still many potential security issues with the 5G network. Therefore, the security analysis of the 5G network is highly crucial. Null security algorithm (i.e., NEA0 and NIA0) is used in normal communication, a security vulnerability that exists and has not been fully addressed in the LTE network, but in the 5G network, no studies have been performed to demonstrate whether this security vulnerability still exists so far. Therefore, in this paper, we apply a systematic approach based on the principle of model checking to verify. We conduct an in-depth analysis of the signaling interaction and security mechanism for the attach procedure in the 5G network. And then, we model UE and AMF into two synchronous communication finite-state machines, extract the desired properties from 3GPP relevant specifications, and construct an adversary model to test the system’s security. By observing the operation of state machines and analyzing relevant protocol behavior, we discover that faulty security algorithm selection could result in the acceptance of the null security algorithm (i.e., NEA0 and NIA0) on the side of the core network, and attackers can exploit this to trigger IP spoofing attacks and SUPI catching attacks on the victim UE. We analyze the root cause of these network attacks and propose an anomaly detection method to avoid these network attacks from being launched effectively.