网络与信息安全学报 (Feb 2024)
Automated vulnerability discovery method for 5G core network protocol
Abstract
With the widespread development of fifth-generation (5G) mobile communication technology, concerns regarding 5G network security have also increased.Blackbox fuzzing is a commonly used method for automated vulnerability discovery in software security.However, applying dynamic approaches like fuzzing to discover vulnerabilities in the complex design of 5G core network protocols poses challenges such as low efficiency, poor versatility, and lack of scalability.Therefore, a novel static method to examine the open-source solution of the 5G core network was proposed.Through this method, a series of memory leak security issues caused by improper variable life cycle management were identified, which can lead to denial-of-service attacks on the 5G core network.To summarize these weaknesses, a general vulnerability model and an automated vulnerability discovery method called HoI were presented, which utilized hybrid analysis based on control and data flow.By successfully discovering five zero-day bugs in Open5GS, an open-source solution for the 5G core network, vulnerabilities that cover practical application scenarios of multiple interface protocols in the 5G core network were identified.These vulnerabilities have wide-ranging impact, are highly detrimental, and can be easily exploited.They have been reported to the vendor and assigned four Common Vulnerabilities and Exposures (CVE) numbers, demonstrating the effectiveness of this automated vulnerability discovery method.
Keywords
