Indeed, thanks to new concepts such as Network Function Virtualization (NFV), the splitting of the data and control planes with Software Defined Network (SDN), and Network Slicing (NS). This new type of network might be able to support high-speed connectivity and a lot of different applications. In SA, things are going to change entirely in the core as a Next-Generation Core Network (NGCN) replacing the EPC: 5G SA architectures (Source: 3GPP) But in the end, the final user will still find some speed limitations due to the use of the 4G network shared with 4G antennas. Indeed, there is no signnificant changes apart from the radio side where 5G-NR use up to 1024-Quadrature Amplitude Modulation (QAM), supports channels up to 400 MHz, and also with a more significant number of subcarriers compared to 4G. Technically, the same Evolved Packet Core (EPC) is used between 4G and 5G. If we make some reminding, the commercial 5G network deployment utilizes the NSA mode and shares the same Core network as LTE, known as NSA LTE assisted NR: 5G NSA architectures (Source: 3GPP) If everything goes right, we expect the SA network to be deployed only in mid-2022.
Two kinds of architectures are known for the 5G networks:Īt the time of this article, only NSA is largely deployed, and it is rare to see a SA in production available to the public. Mobile network 5G NSA and SA (remindings) This article will also introduce one of the tools we made to attack this new type of network. In this article, we will briefly remind the two types of 5G networks, then focus on different scenarios starting from the outside and looking inside the core network, discussing classic vulnerabilities we can encounter during a security engagement. However, after this challenge, we continued experimenting with a testbed 5G Core Network to develop our tools. Our team applied to the PwC & Aalto challenge, which looked complete for us on paper, as it was not only looking for vulnerability in a commercial product but a vast network architecture.Īfter 24h, we can play with many assets and discover future attack vectors that will appear as soon as 5G-NR SA is in production. This year, we had again the opportunity to play freely with some 5G network products and build a new team called "The Deeper Cuts" composed of Alexandre De Oliveira, Dominik Maier, Marius Muench, Shinjo Park, and myself. Details of our intrusion have been documented more generically and were published in Medium.
This edition was the opportunity to perform intrusion tests in a 5G Non-Standalone Access (NSA) network, which is currently in use everywhere, from a 5G-NR interface using a provided ISIM card. In 2019, a part of our team had the chance to participate and win the "Future 5G Hospital intrusion" challenge of the 5G Cyber Security Hack 2019 edition.
0 kommentar(er)
