在5G核心網路控制平面上的阻斷服務攻擊之可行性及基於P4的緩解措施

洪晨翔; Chen-Hsiang Hung

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88969

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林宗男	zh_TW
dc.contributor.advisor	Tsung-Nan Lin	en
dc.contributor.author	洪晨翔	zh_TW
dc.contributor.author	Chen-Hsiang Hung	en
dc.date.accessioned	2023-08-16T16:34:53Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-08-16	-
dc.date.issued	2023	-
dc.date.submitted	2023-07-27	-
dc.identifier.citation	[1] 3GPP, “Security architecture and procedures for 5G System ,” 3rd Generation Partnership Project (3GPP), Technical Specification 33.501, 2023. [Online]. Available: https://www.3gpp.org/ftp/Specs/archive/33_series/33.501/33501-i10.zip [2] ENISA, “Enisa threat landscape for 5g networks,” Tech. Rep., 2020. [Online]. Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-for-5g-networks [3] 3GPP, “Study on evolution of Cellular Internet of Things (CIoT) security for the 5G System,” 3rd Generation Partnership Project (3GPP), Technical Specification 33.861, 2020. [Online]. Available: https://www.3gpp.org/ftp/Specs/archive/33_series/33.861/33861-g10.zip [4] Sigma Telecom, “How DDoS Affects Telecommunication Security,” https://www.sigmatelecom.com/post/ ddos-telecommunication-security, Accessed: 2023-05-11. [5] R. S. Silva, C. C. Meixner, R. S. Guimarães, T. Diallo, B. O. Garcia, L. F. de Moraes, and M. Martinello, “Repel: a strategic approach for defending 5g control plane from ddos signalling attacks,” IEEE Transactions on Network and Service Management, vol. 18, no. 3, pp.3231–3243, 2020. [6] A. Chilukuri, S. Vittal, and A. A. Franklin, “Sentinel: Self protecting 5g core control plane from ddos attacks for high availability service,” in 2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE, 2023, pp. 554–562. [7] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger,D. Talayco, A. Vahdat, G. Varghese, and D. Walker, “P4: Programming protocol-independent packet processors,” SIGCOMM Comput. Commun. Rev., vol. 44, no. 3,p. 87–95, jul 2014. [Online]. Available: https://doi.org/10.1145/2656877.2656890 [8] 3GPP, “System architecture for the 5G System (5GS) ,” 3rd Generation Partnership Project (3GPP), Technical Specification 23.501, 2023. [Online]. Available: https://www.3gpp.org/ftp/Specs/archive/23_series/23.501/23501-i10.zip [9] D. Yu and W. Wen, “Non-access-stratum request attack in e-utran,” in 2012 Computing, Communications and Applications Conference. IEEE, 2012, pp. 48–53. [10] G. Escudero-Andreu, K. Kyriakopoulos, J. A. Flint, and S. Lambotharan, “Detecting signalling dos attacks on lte networks,” in Industrial Networks and Intelligent Systems: 5th EAI International Conference, INISCOM 2019, Ho Chi Minh City, Vietnam, August 19, 2019, Proceedings. Springer, 2019, pp. 283–301. [11] R. P. Jover, “Security attacks against the availability of lte mobility networks: Overview and research directions,” in 2013 16th international symposium on wireless personal multimedia communications (WPMC). IEEE, 2013, pp. 1–9. [12] S. Park, B. Cho, D. Kim, and I. You, “Machine learning based signaling ddos detection system for 5g stand alone core network,” Applied Sciences, vol. 12, no. 23, p. 12456, 2022. [Online]. Available: https://dx.doi.org/10.3390/app122312456 [13] K. Gökarslan and T. Tugcu, “Velox: Next-generation industrial cellular networks with programmable data planes,” in 2022 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom), 2022, pp. 220–225. [14] R. Bassil, I. H. Elhajj, A. Chehab, and A. Kayssi, “Effects of signaling attacks on lte networks,” in 2013 27th International Conference on Advanced Information Networking and Applications Workshops. IEEE, 2013, pp. 499–504. [15] H. Kim, J. Lee, E. Lee, and Y. Kim, “Touching the untouchables: Dynamic security analysis of the lte control plane,” in 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019, pp. 1153–1168. [16] X. Hu, C. Liu, S. Liu, W. You, Y. Li, and Y. Zhao, “A systematic analysis method for 5g non-access stratum signalling security,” IEEE Access, vol. 7, pp. 125 424–125 441, 2019. [Online]. Available: https://dx.doi.org/10.1109/access.2019.2937997 [17] M. Chlosta, D. Rupprecht, C. Pöpper, and T. Holz, “5g suci-catchers: Still catching them all?” in Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, pp. 359–364. [18] P. C. Cámara and M. G. Vara, “A telco odyssey 5g suci-cracker and sctp-hijacker.” [19] p4language, “p4lang/behavioral-model: The reference p4 software switch,” accessed: 2023-05-01. [Online]. Available: https://github.com/p4lang/behavioral-model [20] 3GPP, “Procedures for the 5G System (5GS) ,” 3rd Generation Partnership Project (3GPP), Technical Specification 23.502, 2023. [Online]. Available: https://www.3gpp.org/ftp/Specs/archive/23_series/23.502/23502-i11.zip [21] W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, “A survey on software-defined networking,” IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 27–51, 2015. [22] D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-defined networking: A comprehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76, 2015. [23] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “Openflow: Enabling innovation in campus networks,” SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, p. 69–74, mar 2008. [Online]. Available: https://doi.org/10.1145/1355734.1355746 [24] p4lang, “p4lang/p4runtime-shell: An interactive python shell for p4runtime,” accessed: 2023-05-01. [Online]. Available: https://github.com/p4lang/p4runtime-shell	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88969	-
dc.description.abstract	隨著5G行動網路技術不斷演進，對於網路進行的各種類型攻擊的保護變得越來越重要。在這篇論文中，我們探討了5G系統中註冊程序的漏洞，並利用這些漏洞，提出了兩種新型的阻斷服務（DoS）攻擊。我們在自行搭建的5G測試環境上實作並證明了我們提出的攻擊的有效性。此外，為了對抗這些DoS威脅，我們提出了一種使用P4可程式化交換機的新型防禦機制。這種緩解技術利用來自NGAP/NAS標頭的訊息來實現一種in-network的演算法，該演算法可以辨識封包是否為惡意的，並即時的阻擋和關閉與核網的連線。我們的實驗結果顯示，該方法在確保了正常用戶連接性的同時，能有效地保護核心網絡免受特定類型的DoS攻擊。	zh_TW
dc.description.abstract	As 5G network technology continues to evolve and spread across the globe, securing these networks against various types of attacks becomes increasingly important. In this study, we explore the vulnerabilities in the registration procedure of the 5G system and propose two novel Denial of Service (DoS) attacks, specifically designed to exploit these vulnerabilities. We demonstrate the effectiveness of our proposed attacks on a self-build 5G testbed. To counter these DoS threats, we propose a novel defense mechanism using P4 programmable switches. This mitigation technique leverages the information from the NGAP/NAS headers to implement an in-network algorithm that identifies whether a signal packet is malicious, and can immediately block and close the connection with the core network. Our experimental results show that the proposed approach ensures normal user connectivity and effectively protects the core network against specific types of DoS attacks.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-08-16T16:34:53Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-08-16T16:34:53Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	摘要 i Abstract iii Contents v List of Figures vii List of Tables ix Chapter 1 Introduction 1 Chapter 2 Preliminary 7 2.1 5G Mobile Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 5G Control Plane Protocol Stack . . . . . . . . . . . . . . . . . . . . 8 2.3 5G Core Network Function . . . . . . . . . . . . . . . . . . . . . . . 10 2.4 5G Registration Signaling Flow . . . . . . . . . . . . . . . . . . . . 11 2.5 5G Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Chapter 3 Related Works 15 3.1 Signaling DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 Parsing Signal Messages with P4 . . . . . . . . . . . . . . . . . . . 16 Chapter 4 Proposed DoS Attack Method 19 4.1 Vulnerability in NAS signaling message . . . . . . . . . . . . . . . 19 4.2 Type 1: Fake Registration Request . . . . . . . . . . . . . . . . . 20 4.3 Type 2: Fake Authentication Response . . . . . . . . . . . . . . . . 21 Chapter 5 Experiments and Results 25 5.1 Testbed Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 5.2 Type 1 Attack Realization: Fake Registration Request Flood Attack . . 27 5.3 Type 2 Attack Realization: Fake Authentication Response Flood Attack . 29 5.4 Comparative Analysis of Different Attack Methods . . . . . . . . . . . 31 Chapter 6 P4-based Mitigation Method 37 6.1 Software-Defined Networking . . . . . . . . . . . . . . . . . . . . . . 37 6.2 P4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6.3 Mitigation Method . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 6.3.1 Protection from Type 1 attack . . . . . . . . . . . . . . . . . . . . 42 6.3.2 Protection from Type 2 attack . . . . . . . . . . . . . . . . . . . . 42 6.3.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.4 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Chapter 7 Conclusion 49 7.1 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 7.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 References 51	-
dc.language.iso	en	-
dc.title	在5G核心網路控制平面上的阻斷服務攻擊之可行性及基於P4的緩解措施	zh_TW
dc.title	Denial of Service Attacks on the 5G Core Control Plane and Mitigation Strategy Based on P4-Switch	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	沈上翔;陳俊良;蔡子傑;鄧惟中	zh_TW
dc.contributor.oralexamcommittee	Shan-Hsiang Shen;Jiann-Liang Chen;Tzu-Chieh Tsai;Wei-Chung Teng	en
dc.subject.keyword	5G 行動網路,阻斷服務攻擊,軟體定義網路,P4 程式語言,	zh_TW
dc.subject.keyword	5G mobile network,denial of service (DoS),software-defined networking (SDN),P4,	en
dc.relation.page	54	-
dc.identifier.doi	10.6342/NTU202301611	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2023-07-31	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電信工程學研究所	-
顯示於系所單位：	電信工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.39 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。